Hello,
syzbot found the following crash on:
HEAD commit: 62872f95 Merge 4.4.174 into android-4.4
git tree: android-4.4
console output:
https://syzkaller.appspot.com/x/log.txt?x=141292db200000
kernel config:
https://syzkaller.appspot.com/x/.config?x=47bc4dd423780c4a
dashboard link:
https://syzkaller.appspot.com/bug?extid=a1653eceb09535f119df
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+a1653e...@syzkaller.appspotmail.com
hid-generic 0000:0009:0004.0011: unknown main item tag 0x0
hid-generic 0000:0009:0004.0011: unknown main item tag 0x0
hid-generic 0000:0009:0004.0011: unknown main item tag 0x0
hid-generic 0000:0009:0004.0011: unknown main item tag 0x0
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6 at lib/debugobjects.c:260
debug_print_object+0x181/0x210 lib/debugobjects.c:260()
ODEBUG: free active (active state 0) object type: work_struct hint:
flow_cache_gc_task+0x0/0x3a0 net/core/flow.c:145
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 6 Comm: kworker/u4:0 Not tainted 4.4.174+ #4
Workqueue: netns cleanup_net
0000000000000000 e27104b09333191c ffff8801da657748 ffffffff81aad1a1
ffff8801da657898 ffffffff82835ee0 ffffffff8292c440 0000000000000104
ffffffff81b0b3d1 ffff8801da657828 ffffffff813a48c2 0000000041b58ab3
Call Trace:
[<ffffffff81aad1a1>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81aad1a1>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff813a48c2>] panic+0x1b9/0x37b kernel/panic.c:112
[<ffffffff813a4ab9>] warn_slowpath_common kernel/panic.c:455 [inline]
[<ffffffff813a4ab9>] warn_slowpath_common.cold+0x20/0x20 kernel/panic.c:435
[<ffffffff810d394f>] warn_slowpath_fmt+0xbf/0x100 kernel/panic.c:471
[<ffffffff81b0b3d1>] debug_print_object+0x181/0x210 lib/debugobjects.c:260
[<ffffffff81b0d83e>] __debug_check_no_obj_freed lib/debugobjects.c:700
[inline]
[<ffffffff81b0d83e>] debug_check_no_obj_freed+0x3de/0x6e0
lib/debugobjects.c:729
[<ffffffff8148164f>] slab_free_hook mm/slub.c:1376 [inline]
[<ffffffff8148164f>] slab_free_freelist_hook mm/slub.c:1405 [inline]
[<ffffffff8148164f>] slab_free mm/slub.c:2859 [inline]
[<ffffffff8148164f>] kmem_cache_free+0x18f/0x350 mm/slub.c:2881
[<ffffffff8221a82d>] net_free net/core/net_namespace.c:362 [inline]
[<ffffffff8221a82d>] net_drop_ns+0x6d/0x80 net/core/net_namespace.c:369
[<ffffffff8221ae49>] cleanup_net+0x609/0x860 net/core/net_namespace.c:469
[<ffffffff81122c25>] process_one_work+0x825/0x1720 kernel/workqueue.c:2064
[<ffffffff81124004>] worker_thread+0x4e4/0xf50 kernel/workqueue.c:2196
[<ffffffff811342c3>] kthread+0x273/0x310 kernel/kthread.c:211
[<ffffffff82718fc5>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:537
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.