[v5.15] WARNING: ODEBUG bug in netdev_freemem
6 views
Skip to first unread message
syzbot
Mar 31, 2023, 4:26:49 AM3/31/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10fd1ed1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=852dc3de44ba1f3f
dashboard link: https://syzkaller.appspot.com/bug?extid=422362b956c51e6810eb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f4d0c9c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91d0cf1fc5fb/disk-c957cbb8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/346dc1169521/vmlinux-c957cbb8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7005bdc0e20/Image-c957cbb8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+422362...@syzkaller.appspotmail.com
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: arch_local_irq_disable arch/arm64/include/asm/irqflags.h:59 [inline]
ODEBUG: free active (active state 0) object type: timer_list hint: arch_local_irq_save arch/arm64/include/asm/irqflags.h:112 [inline]
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1634
WARNING: CPU: 0 PID: 4437 at lib/debugobjects.c:515 debug_print_object lib/debugobjects.c:512 [inline]
WARNING: CPU: 0 PID: 4437 at lib/debugobjects.c:515 __debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
WARNING: CPU: 0 PID: 4437 at lib/debugobjects.c:515 debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
Modules linked in:
CPU: 0 PID: 4437 Comm: kworker/u4:9 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: netns cleanup_net
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_print_object lib/debugobjects.c:512 [inline]
pc : __debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
pc : debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
lr : debug_print_object lib/debugobjects.c:512 [inline]
lr : __debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
lr : debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
sp : ffff80001d5b7540
x29: ffff80001d5b7580 x28: ffff800011aa2b00 x27: dfff800000000000
x26: ffff0000d07294f8 x25: 0000000000000000 x24: ffff80001858b750
x23: ffff0000d11df3b8 x22: ffff800011f30d98 x21: ffff800011aa2b00
x20: ffff80001858b748 x19: ffff0000d0728000 x18: 0000000000000001
x17: ff808000083336c4 x16: ffff80001193f6fc x15: ffff8000083336c4
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832b16c x10: 0000000000000000 x9 : 94c63177a63ab200
x8 : 94c63177a63ab200 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001d5b6cb8 x4 : ffff80001499f940 x3 : ffff800008549b3c
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000061
Call trace:
debug_print_object lib/debugobjects.c:512 [inline]
__debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
slab_free_hook mm/slub.c:1680 [inline]
slab_free_freelist_hook+0x9c/0x1ec mm/slub.c:1731
slab_free mm/slub.c:3499 [inline]
kfree+0x178/0x410 mm/slub.c:4559
kvfree+0x40/0x50 mm/util.c:654
netdev_freemem+0x4c/0x64 net/core/dev.c:10769
netdev_release+0x88/0xb0 net/core/net-sysfs.c:1903
device_release+0x8c/0x1ac
kobject_cleanup lib/kobject.c:713 [inline]
kobject_release lib/kobject.c:744 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2c4/0x438 lib/kobject.c:761
netdev_run_todo+0x968/0xae0 net/core/dev.c:10633
rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:112
default_device_exit_batch+0x4c4/0x520 net/core/dev.c:11595
ops_exit_list net/core/net_namespace.c:174 [inline]
cleanup_net+0x5e0/0x9bc net/core/net_namespace.c:596
process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 2126408
hardirqs last enabled at (2126407): [<ffff800008329304>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (2126408): [<ffff80001193ad90>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (2126346): [<ffff80001179b0b4>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (2126346): [<ffff80001179b0b4>] batadv_tvlv_handler_unregister+0x160/0x27c net/batman-adv/tvlv.c:575
softirqs last disabled at (2126344): [<ffff80001179b020>] spin_lock_bh include/linux/spinlock.h:368 [inline]
softirqs last disabled at (2126344): [<ffff80001179b020>] batadv_tvlv_handler_unregister+0xcc/0x27c net/batman-adv/tvlv.c:573
---[ end trace 5025f8f7556e0743 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: c957cbb87315 Linux 5.15.105
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10fd1ed1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=852dc3de44ba1f3f
dashboard link: https://syzkaller.appspot.com/bug?extid=422362b956c51e6810eb
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f4d0c9c80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/91d0cf1fc5fb/disk-c957cbb8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/346dc1169521/vmlinux-c957cbb8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f7005bdc0e20/Image-c957cbb8.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+422362...@syzkaller.appspotmail.com
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: arch_local_irq_disable arch/arm64/include/asm/irqflags.h:59 [inline]
ODEBUG: free active (active state 0) object type: timer_list hint: arch_local_irq_save arch/arm64/include/asm/irqflags.h:112 [inline]
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:1634
WARNING: CPU: 0 PID: 4437 at lib/debugobjects.c:515 debug_print_object lib/debugobjects.c:512 [inline]
WARNING: CPU: 0 PID: 4437 at lib/debugobjects.c:515 __debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
WARNING: CPU: 0 PID: 4437 at lib/debugobjects.c:515 debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
Modules linked in:
CPU: 0 PID: 4437 Comm: kworker/u4:9 Not tainted 5.15.105-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: netns cleanup_net
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_print_object lib/debugobjects.c:512 [inline]
pc : __debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
pc : debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
lr : debug_print_object lib/debugobjects.c:512 [inline]
lr : __debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
lr : debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
sp : ffff80001d5b7540
x29: ffff80001d5b7580 x28: ffff800011aa2b00 x27: dfff800000000000
x26: ffff0000d07294f8 x25: 0000000000000000 x24: ffff80001858b750
x23: ffff0000d11df3b8 x22: ffff800011f30d98 x21: ffff800011aa2b00
x20: ffff80001858b748 x19: ffff0000d0728000 x18: 0000000000000001
x17: ff808000083336c4 x16: ffff80001193f6fc x15: ffff8000083336c4
x14: 00000000ffffffff x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000832b16c x10: 0000000000000000 x9 : 94c63177a63ab200
x8 : 94c63177a63ab200 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001d5b6cb8 x4 : ffff80001499f940 x3 : ffff800008549b3c
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000061
Call trace:
debug_print_object lib/debugobjects.c:512 [inline]
__debug_check_no_obj_freed lib/debugobjects.c:999 [inline]
debug_check_no_obj_freed+0x3f0/0x50c lib/debugobjects.c:1030
slab_free_hook mm/slub.c:1680 [inline]
slab_free_freelist_hook+0x9c/0x1ec mm/slub.c:1731
slab_free mm/slub.c:3499 [inline]
kfree+0x178/0x410 mm/slub.c:4559
kvfree+0x40/0x50 mm/util.c:654
netdev_freemem+0x4c/0x64 net/core/dev.c:10769
netdev_release+0x88/0xb0 net/core/net-sysfs.c:1903
device_release+0x8c/0x1ac
kobject_cleanup lib/kobject.c:713 [inline]
kobject_release lib/kobject.c:744 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x2c4/0x438 lib/kobject.c:761
netdev_run_todo+0x968/0xae0 net/core/dev.c:10633
rtnl_unlock+0x14/0x20 net/core/rtnetlink.c:112
default_device_exit_batch+0x4c4/0x520 net/core/dev.c:11595
ops_exit_list net/core/net_namespace.c:174 [inline]
cleanup_net+0x5e0/0x9bc net/core/net_namespace.c:596
process_one_work+0x790/0x11b8 kernel/workqueue.c:2306
worker_thread+0x910/0x1034 kernel/workqueue.c:2453
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 2126408
hardirqs last enabled at (2126407): [<ffff800008329304>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:257
hardirqs last disabled at (2126408): [<ffff80001193ad90>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:387
softirqs last enabled at (2126346): [<ffff80001179b0b4>] spin_unlock_bh include/linux/spinlock.h:408 [inline]
softirqs last enabled at (2126346): [<ffff80001179b0b4>] batadv_tvlv_handler_unregister+0x160/0x27c net/batman-adv/tvlv.c:575
softirqs last disabled at (2126344): [<ffff80001179b020>] spin_lock_bh include/linux/spinlock.h:368 [inline]
softirqs last disabled at (2126344): [<ffff80001179b020>] batadv_tvlv_handler_unregister+0xcc/0x27c net/batman-adv/tvlv.c:573
---[ end trace 5025f8f7556e0743 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Sep 10, 2023, 12:09:57 PM9/10/23
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages