WARNING: ODEBUG bug in __queue_work
5 views
Skip to first unread message
syzbot
Apr 14, 2019, 4:51:29 AM4/14/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 54068d61 Merge 4.9.122 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=10642bee400000
kernel config: https://syzkaller.appspot.com/x/.config?x=c7451be69185755b
dashboard link: https://syzkaller.appspot.com/bug?extid=2770b6d25feaa802ab23
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1482bb9a400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1089fcfe400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2770b6...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 7089 at lib/debugobjects.c:263
debug_print_object+0x181/0x210 lib/debugobjects.c:260
ODEBUG: activate active (active state 0) object type: work_struct hint:
xfrm_hash_resize+0x0/0x1550 include/net/xfrm.h:699
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 7089 Comm: syz-executor205 Not tainted 4.9.122-g54068d6 #78
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801c02af120 ffffffff81eb8829 ffffffff83c48ac0 00000000ffffffff
0000000000000000 0000000000000000 0000000000000107 ffff8801c02af1e0
ffffffff81423f35 0000000041b58ab3 ffffffff843bb838 ffffffff81423d76
Call Trace:
[<ffffffff81eb8829>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81eb8829>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81423f35>] panic+0x1bf/0x3bc kernel/panic.c:179
[<ffffffff81424221>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff81138212>] warn_slowpath_fmt+0xc2/0x100 kernel/panic.c:565
[<ffffffff81f20d41>] debug_print_object+0x181/0x210 lib/debugobjects.c:260
[<ffffffff81f2304d>] debug_object_activate+0x37d/0x4e0
lib/debugobjects.c:419
[<ffffffff8118a3a8>] debug_work_activate kernel/workqueue.c:491 [inline]
[<ffffffff8118a3a8>] __queue_work+0x48/0xf10 kernel/workqueue.c:1380
[<ffffffff8118beb7>] queue_work_on+0x97/0xa0 kernel/workqueue.c:1486
[<ffffffff834fdd98>] queue_work include/linux/workqueue.h:477 [inline]
[<ffffffff834fdd98>] schedule_work include/linux/workqueue.h:535 [inline]
[<ffffffff834fdd98>] xfrm_policy_insert+0xa78/0xf20
net/xfrm/xfrm_policy.c:830
[<ffffffff8352eed8>] xfrm_add_policy+0x248/0x4f0 net/xfrm/xfrm_user.c:1565
[<ffffffff8352b647>] xfrm_user_rcv_msg+0x3c7/0x6b0
net/xfrm/xfrm_user.c:2531
[<ffffffff831d8615>] netlink_rcv_skb+0x145/0x370
net/netlink/af_netlink.c:2365
[<ffffffff835281ef>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2539
[<ffffffff831d71c8>] netlink_unicast_kernel net/netlink/af_netlink.c:1285
[inline]
[<ffffffff831d71c8>] netlink_unicast+0x4d8/0x6f0
net/netlink/af_netlink.c:1311
[<ffffffff831d7b75>] netlink_sendmsg+0x795/0xc30
net/netlink/af_netlink.c:1859
[<ffffffff8301cfcc>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<ffffffff8301cfcc>] sock_sendmsg+0xcc/0x110 net/socket.c:646
[<ffffffff8301ea6c>] ___sys_sendmsg+0x6fc/0x840 net/socket.c:1970
[<ffffffff83020ad9>] __sys_sendmsg+0xd9/0x190 net/socket.c:2004
[<ffffffff83020bbd>] SYSC_sendmsg net/socket.c:2015 [inline]
[<ffffffff83020bbd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2011
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff83a00cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 54068d61 Merge 4.9.122 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=10642bee400000
kernel config: https://syzkaller.appspot.com/x/.config?x=c7451be69185755b
dashboard link: https://syzkaller.appspot.com/bug?extid=2770b6d25feaa802ab23
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1482bb9a400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1089fcfe400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2770b6...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 7089 at lib/debugobjects.c:263
debug_print_object+0x181/0x210 lib/debugobjects.c:260
ODEBUG: activate active (active state 0) object type: work_struct hint:
xfrm_hash_resize+0x0/0x1550 include/net/xfrm.h:699
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 7089 Comm: syz-executor205 Not tainted 4.9.122-g54068d6 #78
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801c02af120 ffffffff81eb8829 ffffffff83c48ac0 00000000ffffffff
0000000000000000 0000000000000000 0000000000000107 ffff8801c02af1e0
ffffffff81423f35 0000000041b58ab3 ffffffff843bb838 ffffffff81423d76
Call Trace:
[<ffffffff81eb8829>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81eb8829>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81423f35>] panic+0x1bf/0x3bc kernel/panic.c:179
[<ffffffff81424221>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff81138212>] warn_slowpath_fmt+0xc2/0x100 kernel/panic.c:565
[<ffffffff81f20d41>] debug_print_object+0x181/0x210 lib/debugobjects.c:260
[<ffffffff81f2304d>] debug_object_activate+0x37d/0x4e0
lib/debugobjects.c:419
[<ffffffff8118a3a8>] debug_work_activate kernel/workqueue.c:491 [inline]
[<ffffffff8118a3a8>] __queue_work+0x48/0xf10 kernel/workqueue.c:1380
[<ffffffff8118beb7>] queue_work_on+0x97/0xa0 kernel/workqueue.c:1486
[<ffffffff834fdd98>] queue_work include/linux/workqueue.h:477 [inline]
[<ffffffff834fdd98>] schedule_work include/linux/workqueue.h:535 [inline]
[<ffffffff834fdd98>] xfrm_policy_insert+0xa78/0xf20
net/xfrm/xfrm_policy.c:830
[<ffffffff8352eed8>] xfrm_add_policy+0x248/0x4f0 net/xfrm/xfrm_user.c:1565
[<ffffffff8352b647>] xfrm_user_rcv_msg+0x3c7/0x6b0
net/xfrm/xfrm_user.c:2531
[<ffffffff831d8615>] netlink_rcv_skb+0x145/0x370
net/netlink/af_netlink.c:2365
[<ffffffff835281ef>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2539
[<ffffffff831d71c8>] netlink_unicast_kernel net/netlink/af_netlink.c:1285
[inline]
[<ffffffff831d71c8>] netlink_unicast+0x4d8/0x6f0
net/netlink/af_netlink.c:1311
[<ffffffff831d7b75>] netlink_sendmsg+0x795/0xc30
net/netlink/af_netlink.c:1859
[<ffffffff8301cfcc>] sock_sendmsg_nosec net/socket.c:636 [inline]
[<ffffffff8301cfcc>] sock_sendmsg+0xcc/0x110 net/socket.c:646
[<ffffffff8301ea6c>] ___sys_sendmsg+0x6fc/0x840 net/socket.c:1970
[<ffffffff83020ad9>] __sys_sendmsg+0xd9/0x190 net/socket.c:2004
[<ffffffff83020bbd>] SYSC_sendmsg net/socket.c:2015 [inline]
[<ffffffff83020bbd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2011
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff83a00cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages