[syzbot] [net?] WARNING in nsim_udp_tunnel_set_port
4 views
Skip to first unread message
syzbot
Jan 15, 2025, 9:42:24 AM1/15/25
to andrew...@lunn.ch, da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 63676eefb7a0 Merge tag 'sched_ext-for-6.13-rc5-fixes' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
------------[ cut here ]------------
entry already in use
WARNING: CPU: 1 PID: 5869 at drivers/net/netdevsim/udp_tunnels.c:26 nsim_udp_tunnel_set_port+0x2d3/0x390 drivers/net/netdevsim/udp_tunnels.c:26
Modules linked in:
CPU: 1 UID: 0 PID: 5869 Comm: syz-executor227 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:nsim_udp_tunnel_set_port+0x2d3/0x390 drivers/net/netdevsim/udp_tunnels.c:26
Code: c3 cc cc cc cc e8 dd a0 ca fa 44 89 f7 e8 85 38 b8 fa e9 ee fd ff ff e8 cb a0 ca fa 90 48 c7 c7 e0 7f 0a 8c e8 fe 66 8b fa 90 <0f> 0b 90 90 4c 8d 73 04 41 bf f0 ff ff ff e9 fa fe ff ff e8 c5 10
RSP: 0018:ffffc90003fffab8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffc90003fffbb0 RCX: ffffffff815a1789
RDX: ffff8880301d5a00 RSI: ffffffff815a1796 RDI: 0000000000000001
RBP: ffff8880744cc000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000017c10002 R15: 0000000000000000
FS: 0000555579af3380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5ac84532b0 CR3: 000000001decc000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp_tunnel_nic_device_sync_one net/ipv4/udp_tunnel_nic.c:225 [inline]
udp_tunnel_nic_device_sync_by_port net/ipv4/udp_tunnel_nic.c:246 [inline]
__udp_tunnel_nic_device_sync.part.0+0x935/0xed0 net/ipv4/udp_tunnel_nic.c:289
__udp_tunnel_nic_device_sync net/ipv4/udp_tunnel_nic.c:283 [inline]
__udp_tunnel_nic_reset_ntf+0x3c1/0x520 net/ipv4/udp_tunnel_nic.c:581
udp_tunnel_nic_reset_ntf include/net/udp_tunnel.h:377 [inline]
nsim_udp_tunnels_info_reset_write+0xc2/0x110 drivers/net/netdevsim/udp_tunnels.c:117
full_proxy_write+0xfb/0x1b0 fs/debugfs/file.c:356
vfs_write+0x24c/0x1150 fs/read_write.c:677
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5ac83d0df9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc834f88c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5ac83d0df9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007f5ac841e1fa R09: 00007f5ac841e1fa
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5ac841e453
R13: 0000000000000001 R14: 00007ffc834f8900 R15: 0000000000000000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 63676eefb7a0 Merge tag 'sched_ext-for-6.13-rc5-fixes' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
------------[ cut here ]------------
entry already in use
WARNING: CPU: 1 PID: 5869 at drivers/net/netdevsim/udp_tunnels.c:26 nsim_udp_tunnel_set_port+0x2d3/0x390 drivers/net/netdevsim/udp_tunnels.c:26
Modules linked in:
CPU: 1 UID: 0 PID: 5869 Comm: syz-executor227 Not tainted 6.13.0-rc5-syzkaller-00161-g63676eefb7a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:nsim_udp_tunnel_set_port+0x2d3/0x390 drivers/net/netdevsim/udp_tunnels.c:26
Code: c3 cc cc cc cc e8 dd a0 ca fa 44 89 f7 e8 85 38 b8 fa e9 ee fd ff ff e8 cb a0 ca fa 90 48 c7 c7 e0 7f 0a 8c e8 fe 66 8b fa 90 <0f> 0b 90 90 4c 8d 73 04 41 bf f0 ff ff ff e9 fa fe ff ff e8 c5 10
RSP: 0018:ffffc90003fffab8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffc90003fffbb0 RCX: ffffffff815a1789
RDX: ffff8880301d5a00 RSI: ffffffff815a1796 RDI: 0000000000000001
RBP: ffff8880744cc000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000017c10002 R15: 0000000000000000
FS: 0000555579af3380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5ac84532b0 CR3: 000000001decc000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp_tunnel_nic_device_sync_one net/ipv4/udp_tunnel_nic.c:225 [inline]
udp_tunnel_nic_device_sync_by_port net/ipv4/udp_tunnel_nic.c:246 [inline]
__udp_tunnel_nic_device_sync.part.0+0x935/0xed0 net/ipv4/udp_tunnel_nic.c:289
__udp_tunnel_nic_device_sync net/ipv4/udp_tunnel_nic.c:283 [inline]
__udp_tunnel_nic_reset_ntf+0x3c1/0x520 net/ipv4/udp_tunnel_nic.c:581
udp_tunnel_nic_reset_ntf include/net/udp_tunnel.h:377 [inline]
nsim_udp_tunnels_info_reset_write+0xc2/0x110 drivers/net/netdevsim/udp_tunnels.c:117
full_proxy_write+0xfb/0x1b0 fs/debugfs/file.c:356
vfs_write+0x24c/0x1150 fs/read_write.c:677
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5ac83d0df9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc834f88c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5ac83d0df9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007f5ac841e1fa R09: 00007f5ac841e1fa
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5ac841e453
R13: 0000000000000001 R14: 00007ffc834f8900 R15: 0000000000000000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jan 22, 2025, 11:56:47 AM1/22/25
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [net?] WARNING in nsim_udp_tunnel_set_port
Author: ku...@kernel.org
On Wed, 15 Jan 2025 06:42:22 -0800 syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 63676eefb7a0 Merge tag 'sched_ext-for-6.13-rc5-fixes' of g..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [net?] WARNING in nsim_udp_tunnel_set_port
Author: ku...@kernel.org
On Wed, 15 Jan 2025 06:42:22 -0800 syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 63676eefb7a0 Merge tag 'sched_ext-for-6.13-rc5-fixes' of g..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
syzbot
Jan 22, 2025, 12:11:03 PM1/22/25
to ku...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in nsim_udp_tunnel_set_port
------------[ cut here ]------------
entry already in use
WARNING: CPU: 0 PID: 6740 at drivers/net/netdevsim/udp_tunnels.c:26 nsim_udp_tunnel_set_port+0x2d3/0x390 drivers/net/netdevsim/udp_tunnels.c:26
Modules linked in:
CPU: 0 UID: 0 PID: 6740 Comm: syz.2.25 Not tainted 6.13.0-rc7-syzkaller-gcf33d96f5090 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RSP: 0018:ffffc90003117ab8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffc90003117bb0 RCX: ffffffff815a17c9
RDX: ffff8880273a9e00 RSI: ffffffff815a17d6 RDI: 0000000000000001
RBP: ffff88802508c000 R08: 0000000000000001 R09: 0000000000000000
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd6e9104038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd6e8575fa0 RCX: 00007fd6e8385d29
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fd6e8575fa0 R15: 00007ffd899920e8
</TASK>
Tested on:
commit: cf33d96f Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=142f3618580000
kernel config: https://syzkaller.appspot.com/x/.config?x=3eff53fbe4c843d4
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in nsim_udp_tunnel_set_port
------------[ cut here ]------------
entry already in use
Modules linked in:
CPU: 0 UID: 0 PID: 6740 Comm: syz.2.25 Not tainted 6.13.0-rc7-syzkaller-gcf33d96f5090 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:nsim_udp_tunnel_set_port+0x2d3/0x390 drivers/net/netdevsim/udp_tunnels.c:26
Code: c3 cc cc cc cc e8 dd ed c9 fa 44 89 f7 e8 95 88 b7 fa e9 ee fd ff ff e8 cb ed c9 fa 90 48 c7 c7 80 96 2a 8c e8 ae b5 8a fa 90 <0f> 0b 90 90 4c 8d 73 04 41 bf f0 ff ff ff e9 fa fe ff ff e8 15 5e
RSP: 0018:ffffc90003117ab8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffc90003117bb0 RCX: ffffffff815a17c9
RDX: ffff8880273a9e00 RSI: ffffffff815a17d6 RDI: 0000000000000001
RBP: ffff88802508c000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000017c10002 R15: 0000000000000000
FS: 00007fd6e91046c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
R13: 0000000000000000 R14: 0000000017c10002 R15: 0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f70aa746d38 CR3: 000000003328e000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp_tunnel_nic_device_sync_one net/ipv4/udp_tunnel_nic.c:225 [inline]
udp_tunnel_nic_device_sync_by_port net/ipv4/udp_tunnel_nic.c:246 [inline]
__udp_tunnel_nic_device_sync.part.0+0x935/0xed0 net/ipv4/udp_tunnel_nic.c:289
__udp_tunnel_nic_device_sync net/ipv4/udp_tunnel_nic.c:283 [inline]
__udp_tunnel_nic_reset_ntf+0x3c1/0x520 net/ipv4/udp_tunnel_nic.c:581
udp_tunnel_nic_reset_ntf include/net/udp_tunnel.h:377 [inline]
nsim_udp_tunnels_info_reset_write+0xc2/0x110 drivers/net/netdevsim/udp_tunnels.c:117
full_proxy_write+0xfd/0x1b0 fs/debugfs/file.c:369
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp_tunnel_nic_device_sync_one net/ipv4/udp_tunnel_nic.c:225 [inline]
udp_tunnel_nic_device_sync_by_port net/ipv4/udp_tunnel_nic.c:246 [inline]
__udp_tunnel_nic_device_sync.part.0+0x935/0xed0 net/ipv4/udp_tunnel_nic.c:289
__udp_tunnel_nic_device_sync net/ipv4/udp_tunnel_nic.c:283 [inline]
__udp_tunnel_nic_reset_ntf+0x3c1/0x520 net/ipv4/udp_tunnel_nic.c:581
udp_tunnel_nic_reset_ntf include/net/udp_tunnel.h:377 [inline]
nsim_udp_tunnels_info_reset_write+0xc2/0x110 drivers/net/netdevsim/udp_tunnels.c:117
vfs_write+0x24c/0x1150 fs/read_write.c:677
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd6e8385d29
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd6e9104038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fd6e8575fa0 RCX: 00007fd6e8385d29
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fd6e8401b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fd6e8575fa0 R15: 00007ffd899920e8
</TASK>
Tested on:
commit: cf33d96f Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main
console output: https://syzkaller.appspot.com/x/log.txt?x=142f3618580000
kernel config: https://syzkaller.appspot.com/x/.config?x=3eff53fbe4c843d4
dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syzbot
Jan 22, 2025, 12:17:38 PM1/22/25
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [net?] WARNING in nsim_udp_tunnel_set_port
Author: ku...@kernel.org
On Wed, 15 Jan 2025 06:42:22 -0800 syzbot wrote:
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [net?] WARNING in nsim_udp_tunnel_set_port
Author: ku...@kernel.org
On Wed, 15 Jan 2025 06:42:22 -0800 syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 63676eefb7a0 Merge tag 'sched_ext-for-6.13-rc5-fixes' of g..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
#syz test
>
> syzbot found the following issue on:
>
> HEAD commit: 63676eefb7a0 Merge tag 'sched_ext-for-6.13-rc5-fixes' of g..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
diff --git a/drivers/net/netdevsim/udp_tunnels.c b/drivers/net/netdevsim/udp_tunnels.c
index 02dc3123eb6c..9c627433c34a 100644
--- a/drivers/net/netdevsim/udp_tunnels.c
+++ b/drivers/net/netdevsim/udp_tunnels.c
@@ -112,8 +112,8 @@ nsim_udp_tunnels_info_reset_write(struct file *file, const char __user *data,
struct net_device *dev = file->private_data;
struct netdevsim *ns = netdev_priv(dev);
- memset(ns->udp_ports.ports, 0, sizeof(ns->udp_ports.__ports));
rtnl_lock();
+ memset(ns->udp_ports.ports, 0, sizeof(ns->udp_ports.__ports));
udp_tunnel_nic_reset_ntf(dev);
rtnl_unlock();
syzbot
Jan 22, 2025, 12:56:05 PM1/22/25
to ku...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KASAN: slab-use-after-free Read in nsim_udp_tunnels_info_reset_write
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
==================================================================
BUG: KASAN: slab-use-after-free in nsim_udp_tunnels_info_reset_write+0xf8/0x110 drivers/net/netdevsim/udp_tunnels.c:116
Read of size 8 at addr ffff88805b9f94d8 by task syz.0.4728/17081
CPU: 0 UID: 0 PID: 17081 Comm: syz.0.4728 Not tainted 6.13.0-syzkaller-gc4b9570cfb63-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xc3/0x620 mm/kasan/report.c:489
kasan_report+0xd9/0x110 mm/kasan/report.c:602
nsim_udp_tunnels_info_reset_write+0xf8/0x110 drivers/net/netdevsim/udp_tunnels.c:116
full_proxy_write+0xfd/0x1b0 fs/debugfs/file.c:369
vfs_write+0x24c/0x1150 fs/read_write.c:677
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbc7e585d29
vfs_write+0x24c/0x1150 fs/read_write.c:677
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbc7f41d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fbc7e775fa0 RCX: 00007fbc7e585d29
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fbc7e601b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbc7e775fa0 R15: 00007fff9f7d4048
</TASK>
Allocated by task 11942:
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394
kasan_kmalloc include/linux/kasan.h:260 [inline]
__do_kmalloc_node mm/slub.c:4298 [inline]
__kmalloc_node_noprof+0x21f/0x520 mm/slub.c:4304
__kvmalloc_node_noprof+0x6f/0x1a0 mm/util.c:645
alloc_netdev_mqs+0xc9/0x1320 net/core/dev.c:11228
nsim_create+0x98/0xb20 drivers/net/netdevsim/netdev.c:777
__nsim_dev_port_add+0x3bf/0x700 drivers/net/netdevsim/dev.c:1393
nsim_dev_port_add_all drivers/net/netdevsim/dev.c:1449 [inline]
nsim_drv_probe+0xdbf/0x1490 drivers/net/netdevsim/dev.c:1607
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
bus_probe_device+0x17f/0x1c0 drivers/base/bus.c:534
device_add+0x114b/0x1a70 drivers/base/core.c:3665
nsim_bus_dev_new drivers/net/netdevsim/bus.c:442 [inline]
new_device_store+0x41d/0x730 drivers/net/netdevsim/bus.c:173
bus_attr_store+0x71/0xb0 drivers/base/bus.c:172
sysfs_kf_write+0x117/0x170 fs/sysfs/file.c:139
kernfs_fop_write_iter+0x33d/0x500 fs/kernfs/file.c:334
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0x5ae/0x1150 fs/read_write.c:679
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Freed by task 3526:
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
kasan_save_track+0x14/0x30 mm/kasan/common.c:68
kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:582
poison_slab_object mm/kasan/common.c:247 [inline]
__kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
kasan_slab_free include/linux/kasan.h:233 [inline]
slab_free_hook mm/slub.c:2353 [inline]
slab_free mm/slub.c:4613 [inline]
kfree+0x14f/0x4b0 mm/slub.c:4761
kvfree+0x47/0x50 mm/util.c:688
device_release+0xa1/0x240 drivers/base/core.c:2567
kobject_cleanup lib/kobject.c:689 [inline]
kobject_release lib/kobject.c:720 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1e4/0x5a0 lib/kobject.c:737
put_device+0x1f/0x30 drivers/base/core.c:3773
free_netdev+0x4f1/0x6c0 net/core/dev.c:11397
__nsim_dev_port_del+0x189/0x240 drivers/net/netdevsim/dev.c:1428
nsim_dev_port_del_all drivers/net/netdevsim/dev.c:1440 [inline]
nsim_dev_reload_destroy+0x108/0x4d0 drivers/net/netdevsim/dev.c:1661
nsim_dev_reload_down+0x6e/0xd0 drivers/net/netdevsim/dev.c:968
devlink_reload+0x17f/0x760 net/devlink/dev.c:461
devlink_pernet_pre_exit+0x1a1/0x2b0 net/devlink/core.c:509
ops_pre_exit_list net/core/net_namespace.c:162 [inline]
cleanup_net+0x488/0xbd0 net/core/net_namespace.c:628
process_one_work+0x958/0x1b30 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
The buggy address belongs to the object at ffff88805b9f8000
which belongs to the cache kmalloc-cg-8k of size 8192
The buggy address is located 5336 bytes inside of
freed 8192-byte region [ffff88805b9f8000, ffff88805b9fa000)
The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b9f8
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
memcg:ffff8880296446c1
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801b04f640 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000020002 00000001f5000000 ffff8880296446c1
head: 00fff00000000040 ffff88801b04f640 dead000000000122 0000000000000000
head: 0000000000000000 0000000000020002 00000001f5000000 ffff8880296446c1
head: 00fff00000000003 ffffea00016e7e01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11942, tgid 11942 (syz-executor), ts 192560619734, free_ts 192552404020
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1558
prep_new_page mm/page_alloc.c:1566 [inline]
get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3476
__alloc_pages_noprof+0x221/0x2470 mm/page_alloc.c:4753
alloc_pages_mpol_noprof+0x2c8/0x620 mm/mempolicy.c:2269
alloc_slab_page mm/slub.c:2423 [inline]
allocate_slab mm/slub.c:2589 [inline]
new_slab+0x2c9/0x410 mm/slub.c:2642
___slab_alloc+0xbcd/0x1590 mm/slub.c:3830
__slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3920
__slab_alloc_node mm/slub.c:3995 [inline]
slab_alloc_node mm/slub.c:4156 [inline]
__do_kmalloc_node mm/slub.c:4297 [inline]
__kmalloc_node_noprof+0x2f0/0x520 mm/slub.c:4304
__kvmalloc_node_noprof+0x6f/0x1a0 mm/util.c:645
alloc_netdev_mqs+0xc9/0x1320 net/core/dev.c:11228
nsim_create+0x98/0xb20 drivers/net/netdevsim/netdev.c:777
__nsim_dev_port_add+0x3bf/0x700 drivers/net/netdevsim/dev.c:1393
nsim_dev_port_add_all drivers/net/netdevsim/dev.c:1449 [inline]
nsim_drv_probe+0xdbf/0x1490 drivers/net/netdevsim/dev.c:1607
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
page last free pid 11942 tgid 11942 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1127 [inline]
free_unref_page+0x661/0x1080 mm/page_alloc.c:2659
__put_partials+0x14c/0x170 mm/slub.c:3157
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x195/0x1e0 mm/kasan/quarantine.c:286
__kasan_kmalloc+0x8a/0xb0 mm/kasan/common.c:385
kmalloc_noprof include/linux/slab.h:901 [inline]
kzalloc_noprof include/linux/slab.h:1037 [inline]
ref_tracker_alloc+0x17c/0x5b0 lib/ref_tracker.c:203
__netdev_tracker_alloc include/linux/netdevice.h:4136 [inline]
netdev_hold include/linux/netdevice.h:4165 [inline]
netdev_hold include/linux/netdevice.h:4160 [inline]
register_netdevice+0x164b/0x1e20 net/core/dev.c:10638
nsim_init_netdevsim drivers/net/netdevsim/netdev.c:733 [inline]
nsim_create+0x740/0xb20 drivers/net/netdevsim/netdev.c:793
__nsim_dev_port_add+0x3bf/0x700 drivers/net/netdevsim/dev.c:1393
nsim_dev_port_add_all drivers/net/netdevsim/dev.c:1449 [inline]
nsim_drv_probe+0xdbf/0x1490 drivers/net/netdevsim/dev.c:1607
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__device_attach_driver+0x1df/0x310 drivers/base/dd.c:958
bus_for_each_drv+0x157/0x1e0 drivers/base/bus.c:459
__device_attach+0x1e8/0x4b0 drivers/base/dd.c:1030
Memory state around the buggy address:
ffff88805b9f9380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88805b9f9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88805b9f9480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88805b9f9500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88805b9f9580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Tested on:
commit: c4b9570c Merge tag 'audit-pr-20250121' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1404cab0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=c857c6065c39b1e2
dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=13c71824580000
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syzbot
Jan 22, 2025, 4:24:33 PM1/22/25
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [net?] WARNING in nsim_udp_tunnel_set_port
Author: ku...@kernel.org
On Wed, 15 Jan 2025 06:42:22 -0800 syzbot wrote:
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [net?] WARNING in nsim_udp_tunnel_set_port
Author: ku...@kernel.org
On Wed, 15 Jan 2025 06:42:22 -0800 syzbot wrote:
> HEAD commit: 63676eefb7a0 Merge tag 'sched_ext-for-6.13-rc5-fixes' of g..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
#syz test
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1336e418580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=86dd15278dbfe19f
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
> compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17cfb1c4580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13ac4edf980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/ba5dd9f6cf65/disk-63676eef.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/290bc4e6d798/vmlinux-63676eef.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/561f22e07925/bzImage-63676eef.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+2e5de9...@syzkaller.appspotmail.com
diff --git a/drivers/net/netdevsim/netdevsim.h b/drivers/net/netdevsim/netdevsim.h
index dcf073bc4802..96d54c08043d 100644
--- a/drivers/net/netdevsim/netdevsim.h
+++ b/drivers/net/netdevsim/netdevsim.h
@@ -134,6 +134,7 @@ struct netdevsim {
u32 sleep;
u32 __ports[2][NSIM_UDP_TUNNEL_N_PORTS];
u32 (*ports)[NSIM_UDP_TUNNEL_N_PORTS];
+ struct dentry *ddir;
struct debugfs_u32_array dfs_ports[2];
} udp_ports;
diff --git a/drivers/net/netdevsim/udp_tunnels.c b/drivers/net/netdevsim/udp_tunnels.c
index 02dc3123eb6c..cc8cec23ca7e 100644
--- a/drivers/net/netdevsim/udp_tunnels.c
+++ b/drivers/net/netdevsim/udp_tunnels.c
@@ -112,9 +112,11 @@ nsim_udp_tunnels_info_reset_write(struct file *file, const char __user *data,
struct net_device *dev = file->private_data;
struct netdevsim *ns = netdev_priv(dev);
- memset(ns->udp_ports.ports, 0, sizeof(ns->udp_ports.__ports));
rtnl_lock();
- udp_tunnel_nic_reset_ntf(dev);
struct netdevsim *ns = netdev_priv(dev);
- memset(ns->udp_ports.ports, 0, sizeof(ns->udp_ports.__ports));
rtnl_lock();
+ if (dev->reg_state == NETREG_REGISTERED) {
+ memset(ns->udp_ports.ports, 0, sizeof(ns->udp_ports.__ports));
+ udp_tunnel_nic_reset_ntf(dev);
+ }
rtnl_unlock();
return count;
@@ -160,7 +162,8 @@ int nsim_udp_tunnels_info_create(struct nsim_dev *nsim_dev,
ns->nsim_dev_port->ddir,
&ns->udp_ports.dfs_ports[1]);
- debugfs_create_file("udp_ports_reset", 0200, ns->nsim_dev_port->ddir,
+ ns->udp_ports.ddir =
+ debugfs_create_file("udp_ports_reset", 0200, ns->nsim_dev_port->ddir,
dev, &nsim_udp_tunnels_info_reset_fops);
/* Note: it's not normal to allocate the info struct like this!
@@ -196,6 +199,9 @@ int nsim_udp_tunnels_info_create(struct nsim_dev *nsim_dev,
void nsim_udp_tunnels_info_destroy(struct net_device *dev)
{
+ struct netdevsim *ns = netdev_priv(dev);
+
+ debugfs_remove(ns->udp_ports.ddir);
kfree(dev->udp_tunnel_nic_info);
dev->udp_tunnel_nic_info = NULL;
}
syzbot
Jan 22, 2025, 4:41:07 PM1/22/25
to ku...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task hung in reg_process_self_managed_hints
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: task kworker/0:0:8 blocked for more than 143 seconds.
Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:0 state:D stack:23184 pid:8 tgid:8 ppid:2 flags:0x00004000
Workqueue: events reg_todo
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5373 [inline]
__schedule+0x1142/0x5b60 kernel/sched/core.c:6760
__schedule_loop kernel/sched/core.c:6837 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6852
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6909
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
class_wiphy_constructor include/net/cfg80211.h:6061 [inline]
reg_process_self_managed_hints+0x95/0x1f0 net/wireless/reg.c:3206
reg_todo+0x684/0x910 net/wireless/reg.c:3219
process_one_work+0x958/0x1b30 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INFO: task kworker/u8:1:12 blocked for more than 143 seconds.
Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:1 state:D stack:22400 pid:12 tgid:12 ppid:2 flags:0x00004000
Workqueue: netns cleanup_net
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5373 [inline]
__schedule+0x1142/0x5b60 kernel/sched/core.c:6760
__schedule_loop kernel/sched/core.c:6837 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6852
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6909
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
rtnl_acquire_if_cleanup_net net/core/dev.c:10272 [inline]
unregister_netdevice_many_notify+0x1a51/0x21a0 net/core/dev.c:11792
unregister_netdevice_many net/core/dev.c:11875 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11741
unregister_netdevice include/linux/netdevice.h:3329 [inline]
_cfg80211_unregister_wdev+0x64b/0x830 net/wireless/core.c:1251
ieee80211_remove_interfaces+0x34f/0x720 net/mac80211/iface.c:2305
ieee80211_unregister_hw+0x55/0x3a0 net/mac80211/main.c:1681
mac80211_hwsim_del_radio+0x268/0x370 drivers/net/wireless/virtual/mac80211_hwsim.c:5664
hwsim_exit_net+0x33f/0x6d0 drivers/net/wireless/virtual/mac80211_hwsim.c:6544
ops_exit_list+0xb0/0x180 net/core/net_namespace.c:172
cleanup_net+0x5c6/0xbf0 net/core/net_namespace.c:652
process_one_work+0x958/0x1b30 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INFO: task kworker/u8:3:52 blocked for more than 144 seconds.
Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:3 state:D stack:24448 pid:52 tgid:52 ppid:2 flags:0x00004000
Workqueue: events_unbound linkwatch_event
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5373 [inline]
__schedule+0x1142/0x5b60 kernel/sched/core.c:6760
__schedule_loop kernel/sched/core.c:6837 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6852
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6909
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
linkwatch_event+0x51/0xc0 net/core/link_watch.c:285
process_one_work+0x958/0x1b30 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INFO: task kworker/u8:7:4539 blocked for more than 144 seconds.
Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u8:7 state:D stack:22480 pid:4539 tgid:4539 ppid:2 flags:0x00004000
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5373 [inline]
__schedule+0x1142/0x5b60 kernel/sched/core.c:6760
__schedule_loop kernel/sched/core.c:6837 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6852
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6909
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
rtnl_net_lock include/linux/rtnetlink.h:129 [inline]
addrconf_dad_work+0x121/0x14e0 net/ipv6/addrconf.c:4190
process_one_work+0x958/0x1b30 kernel/workqueue.c:3236
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
process_scheduled_works kernel/workqueue.c:3317 [inline]
worker_thread+0x6c8/0xf00 kernel/workqueue.c:3398
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
INFO: task syz-executor:6486 blocked for more than 144 seconds.
Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:24416 pid:6486 tgid:6486 ppid:6483 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5373 [inline]
__schedule+0x1142/0x5b60 kernel/sched/core.c:6760
__schedule_loop kernel/sched/core.c:6837 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6852
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6909
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
rtnl_lock net/core/rtnetlink.c:79 [inline]
rtnl_nets_lock net/core/rtnetlink.c:335 [inline]
rtnl_newlink+0x5e4/0x1d70 net/core/rtnetlink.c:4020
rtnetlink_rcv_msg+0x95b/0xea0 net/core/rtnetlink.c:6911
netlink_rcv_skb+0x165/0x410 net/netlink/af_netlink.c:2543
netlink_unicast_kernel net/netlink/af_netlink.c:1322 [inline]
netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1348
netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1892
sock_sendmsg_nosec net/socket.c:713 [inline]
__sock_sendmsg net/socket.c:728 [inline]
__sys_sendto+0x488/0x4f0 net/socket.c:2182
__do_sys_sendto net/socket.c:2189 [inline]
__se_sys_sendto net/socket.c:2185 [inline]
__x64_sys_sendto+0xe0/0x1c0 net/socket.c:2185
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f11c0787b63
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RSP: 002b:00007fffb998ac68 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f11c14a4620 RCX: 00007f11c0787b63
RDX: 0000000000000068 RSI: 00007f11c14a4670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007fffb998ac84 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000000000000 R14: 00007f11c14a4670 R15: 0000000000000000
</TASK>
INFO: task syz-executor:6527 blocked for more than 144 seconds.
Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:26712 pid:6527 tgid:6527 ppid:6467 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5373 [inline]
__schedule+0x1142/0x5b60 kernel/sched/core.c:6760
__schedule_loop kernel/sched/core.c:6837 [inline]
schedule+0xe7/0x350 kernel/sched/core.c:6852
schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:6909
__mutex_lock_common kernel/locking/mutex.c:662 [inline]
__mutex_lock+0x6bd/0xb10 kernel/locking/mutex.c:730
register_nexthop_notifier+0x1b/0x70 net/ipv4/nexthop.c:3878
ops_init+0x1df/0x5f0 net/core/net_namespace.c:138
setup_net+0x21f/0x860 net/core/net_namespace.c:362
copy_net_ns+0x2b4/0x6c0 net/core/net_namespace.c:516
create_new_namespaces+0x3ea/0xad0 kernel/nsproxy.c:110
unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228
ksys_unshare+0x45d/0xa40 kernel/fork.c:3330
__do_sys_unshare kernel/fork.c:3401 [inline]
__se_sys_unshare kernel/fork.c:3399 [inline]
__x64_sys_unshare+0x31/0x40 kernel/fork.c:3399
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcd83987527
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RSP: 002b:00007ffd7d056878 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcd83987527
RDX: 00007fcd83985d29 RSI: 00007ffd7d056840 RDI: 0000000040000000
RBP: 0000000000000000 R08: 00007fcd83b3a9d0 R09: 00007fcd83b3a9d0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7d0568e0
R13: 00007ffd7d0568e8 R14: 0000000000000009 R15: 0000000000000000
</TASK>
INFO: lockdep is turned off.
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_cpu_backtrace+0x27b/0x390 lib/nmi_backtrace.c:113
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
nmi_trigger_cpumask_backtrace+0x29c/0x300 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:234 [inline]
watchdog+0xf14/0x1240 kernel/hung_task.c:397
kthread+0x3af/0x750 kernel/kthread.c:464
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 6467 Comm: syz-executor Not tainted 6.13.0-syzkaller-g7004a2e46d16-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:entry_SYSCALL_64_after_hwframe+0x58/0x7f
Code: ed 45 31 e4 45 31 ed 45 31 f6 45 31 ff 48 89 e7 48 63 f0 66 90 b9 48 00 00 00 65 48 8b 15 57 7a c2 74 89 d0 48 c1 ea 20 0f 30 <90> 0f 1f 44 00 00 eb 0d cc cc cc cc cc cc cc cc cc cc cc cc cc e8
RSP: 0018:ffffc90003637f58 EFLAGS: 00000046
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000048
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90003637f58
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 000055555b584500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d971876600 CR3: 0000000060c72000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Tested on:
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
commit: 7004a2e4 Merge tag 'linux_kselftest-nolibc-6.14-rc1' o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1711cab0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d506ed4ac7a7a13
dashboard link: https://syzkaller.appspot.com/bug?extid=2e5de9e3ab986b71d2bf
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=141dc9f8580000
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Reply all
Reply to author
Forward
0 new messages