WARNING: ODEBUG bug in netdev_run_todo
13 views
Skip to first unread message
syzbot
Jun 8, 2020, 11:34:17 AM6/8/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: c6db52a8 Linux 4.14.183
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1709442e100000
kernel config: https://syzkaller.appspot.com/x/.config?x=98bbe4d18401ff4
dashboard link: https://syzkaller.appspot.com/bug?extid=92c2535202f39bd02c8b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+92c253...@syzkaller.appspotmail.com
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4852
------------[ cut here ]------------
WARNING: CPU: 1 PID: 11510 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 11510 Comm: kworker/u4:7 Not tainted 4.14.183-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x2f/0x30 kernel/panic.c:547
report_bug+0x20a/0x248 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
RSP: 0018:ffff88805900f900 EFLAGS: 00010082
RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff868c0980 RDI: ffffed100b201f16
RBP: ffffffff868bbc40 R08: 0000000000000061 R09: 0000000000000000
R10: fffffbfff1467ef1 R11: ffff8880523d4400 R12: ffffffff813ae7b0
R13: 0000000000000000 R14: ffffffff8a4cd148 R15: ffff888090014620
__debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
debug_check_no_obj_freed+0x393/0x5fd lib/debugobjects.c:776
kfree+0xbb/0x260 mm/slab.c:3814
kvfree+0x45/0x50 mm/util.c:416
device_release+0x15f/0x1a0 drivers/base/core.c:833
kobject_cleanup lib/kobject.c:646 [inline]
kobject_release lib/kobject.c:675 [inline]
kref_put include/linux/kref.h:70 [inline]
kobject_put+0x13e/0x1f0 lib/kobject.c:692
netdev_run_todo+0x4a9/0x710 net/core/dev.c:7957
default_device_exit_batch+0x2e7/0x380 net/core/dev.c:8743
ops_exit_list.isra.0+0xef/0x140 net/core/net_namespace.c:145
cleanup_net+0x3bb/0x820 net/core/net_namespace.c:484
process_one_work+0x7c0/0x14c0 kernel/workqueue.c:2116
worker_thread+0x5d7/0x1080 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
======================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: c6db52a8 Linux 4.14.183
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1709442e100000
kernel config: https://syzkaller.appspot.com/x/.config?x=98bbe4d18401ff4
dashboard link: https://syzkaller.appspot.com/bug?extid=92c2535202f39bd02c8b
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+92c253...@syzkaller.appspotmail.com
bond0 (unregistering): Releasing backup interface bond_slave_1
bond0 (unregistering): Releasing backup interface bond_slave_0
bond0 (unregistering): Released all slaves
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4852
------------[ cut here ]------------
WARNING: CPU: 1 PID: 11510 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 11510 Comm: kworker/u4:7 Not tainted 4.14.183-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x2f/0x30 kernel/panic.c:547
report_bug+0x20a/0x248 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
RSP: 0018:ffff88805900f900 EFLAGS: 00010082
RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff868c0980 RDI: ffffed100b201f16
RBP: ffffffff868bbc40 R08: 0000000000000061 R09: 0000000000000000
R10: fffffbfff1467ef1 R11: ffff8880523d4400 R12: ffffffff813ae7b0
R13: 0000000000000000 R14: ffffffff8a4cd148 R15: ffff888090014620
__debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
debug_check_no_obj_freed+0x393/0x5fd lib/debugobjects.c:776
kfree+0xbb/0x260 mm/slab.c:3814
kvfree+0x45/0x50 mm/util.c:416
device_release+0x15f/0x1a0 drivers/base/core.c:833
kobject_cleanup lib/kobject.c:646 [inline]
kobject_release lib/kobject.c:675 [inline]
kref_put include/linux/kref.h:70 [inline]
kobject_put+0x13e/0x1f0 lib/kobject.c:692
netdev_run_todo+0x4a9/0x710 net/core/dev.c:7957
default_device_exit_batch+0x2e7/0x380 net/core/dev.c:8743
ops_exit_list.isra.0+0xef/0x140 net/core/net_namespace.c:145
cleanup_net+0x3bb/0x820 net/core/net_namespace.c:484
process_one_work+0x7c0/0x14c0 kernel/workqueue.c:2116
worker_thread+0x5d7/0x1080 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
======================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jun 16, 2020, 7:21:12 AM6/16/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 3fc89857 Linux 4.19.128
syzbot found the following crash on:
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=174678be100000
kernel config: https://syzkaller.appspot.com/x/.config?x=6c6e6bf14f2aabf
dashboard link: https://syzkaller.appspot.com/bug?extid=acc23687e7441023f3c9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+acc236...@syzkaller.appspotmail.com
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4943
WARNING: CPU: 1 PID: 9834 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 lib/debugobjects.c:325
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9834 Comm: kworker/u4:6 Not tainted 4.19.128-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
Workqueue: netns cleanup_net
Call Trace:
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x46 kernel/panic.c:541
report_bug+0x262/0x2a0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:debug_print_object+0x160/0x250 lib/debugobjects.c:325
Code: dd 60 f5 aa 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 60 f5 aa 87 48 c7 c7 e0 ea aa 87 e8 4b 25 e6 fd <0f> 0b 83 05 83 06 37 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89
RSP: 0018:ffff88805674f8e8 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81535121 RDI: ffffed100ace9f0f
RBP: 0000000000000001 R08: ffff888086592000 R09: ffffed1015ce3eef
R10: ffffed1015ce3eee R11: ffff8880ae71f777 R12: ffffffff88ba0460
R13: ffffffff815888c0 R14: ffffffff8b859b48 R15: ffff888097b36320
__debug_check_no_obj_freed lib/debugobjects.c:785 [inline]
debug_check_no_obj_freed+0x28e/0x3e1 lib/debugobjects.c:817
kfree+0xbb/0x220 mm/slab.c:3821
kvfree+0x59/0x60 mm/util.c:452
device_release+0x76/0x210 drivers/base/core.c:1061
kobject_cleanup lib/kobject.c:662 [inline]
kobject_release lib/kobject.c:691 [inline]
kref_put include/linux/kref.h:70 [inline]
kobject_put+0x17c/0x270 lib/kobject.c:708
netdev_run_todo+0x4f1/0x740 net/core/dev.c:8996
default_device_exit_batch+0x309/0x3c0 net/core/dev.c:9781
ops_exit_list.isra.0+0xef/0x140 net/core/net_namespace.c:156
cleanup_net+0x3bf/0x850 net/core/net_namespace.c:553
process_one_work+0x892/0x1580 kernel/workqueue.c:2155
worker_thread+0x96/0xe20 kernel/workqueue.c:2298
kthread+0x30b/0x410 kernel/kthread.c:246
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
syzbot
Jul 13, 2020, 11:29:15 PM7/13/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: dce0f886 Linux 4.19.132
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=110805af100000
kernel config: https://syzkaller.appspot.com/x/.config?x=ea24367973479f36
dashboard link: https://syzkaller.appspot.com/bug?extid=acc23687e7441023f3c9
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14995dfb100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+acc236...@syzkaller.appspotmail.com
report_bug+0x262/0x2b0 lib/bug.c:186
RSP: 0018:ffff8880844d78a8 EFLAGS: 00010086
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000005 R11: ffffffff8ad2401b R12: ffffffff88da08e0
R13: ffffffff815a2850 R14: ffff88805284b498 R15: dffffc0000000000
IPVS: ftp: loaded support on port[0] = 21
__debug_check_no_obj_freed lib/debugobjects.c:785 [inline]
debug_check_no_obj_freed+0x271/0x482 lib/debugobjects.c:817
kfree+0xb9/0x210 mm/slab.c:3821
netdev_run_todo+0x77f/0xab0 net/core/dev.c:8997
default_device_exit_batch+0x304/0x3c0 net/core/dev.c:9782
ops_exit_list+0xf9/0x150 net/core/net_namespace.c:156
cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
HEAD commit: dce0f886 Linux 4.19.132
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=110805af100000
kernel config: https://syzkaller.appspot.com/x/.config?x=ea24367973479f36
dashboard link: https://syzkaller.appspot.com/bug?extid=acc23687e7441023f3c9
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14995dfb100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+acc236...@syzkaller.appspotmail.com
bond0 (unregistering): Released all slaves
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4943
WARNING: CPU: 0 PID: 6989 at lib/debugobjects.c:325 debug_print_object+0x160/0x250 lib/debugobjects.c:325
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:4943
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 6989 Comm: kworker/u4:2 Not tainted 4.19.132-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
__warn.cold+0x20/0x61 kernel/panic.c:541
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
panic+0x26a/0x50e kernel/panic.c:186
report_bug+0x262/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:debug_print_object+0x160/0x250 lib/debugobjects.c:325
Code: dd 80 12 cb 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 bf 00 00 00 48 8b 14 dd 80 12 cb 87 48 c7 c7 00 08 cb 87 e8 cb 1e dd fd <0f> 0b 83 05 13 88 4d 06 01 48 83 c4 20 5b 5d 41 5c 41 5d c3 48 89
fixup_bug arch/x86/kernel/traps.c:173 [inline]
do_error_trap+0x1d7/0x310 arch/x86/kernel/traps.c:296
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:1038
RIP: 0010:debug_print_object+0x160/0x250 lib/debugobjects.c:325
RSP: 0018:ffff8880844d78a8 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8154cd91 RDI: ffffed101089af07
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000005 R11: ffffffff8ad2401b R12: ffffffff88da08e0
R13: ffffffff815a2850 R14: ffff88805284b498 R15: dffffc0000000000
IPVS: ftp: loaded support on port[0] = 21
__debug_check_no_obj_freed lib/debugobjects.c:785 [inline]
debug_check_no_obj_freed+0x271/0x482 lib/debugobjects.c:817
kfree+0xb9/0x210 mm/slab.c:3821
kvfree+0x59/0x60 mm/util.c:452
device_release+0x76/0x210 drivers/base/core.c:1061
kobject_cleanup lib/kobject.c:662 [inline]
kobject_release lib/kobject.c:691 [inline]
kref_put include/linux/kref.h:70 [inline]
kobject_put+0x22d/0x350 lib/kobject.c:708
device_release+0x76/0x210 drivers/base/core.c:1061
kobject_cleanup lib/kobject.c:662 [inline]
kobject_release lib/kobject.c:691 [inline]
kref_put include/linux/kref.h:70 [inline]
netdev_run_todo+0x77f/0xab0 net/core/dev.c:8997
default_device_exit_batch+0x304/0x3c0 net/core/dev.c:9782
ops_exit_list+0xf9/0x150 net/core/net_namespace.c:156
cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553
process_one_work+0x864/0x1570 kernel/workqueue.c:2155
worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
syzbot
Oct 10, 2020, 2:10:23 PM10/10/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: cbfa1702 Linux 4.14.198
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=147c1b00500000
kernel config: https://syzkaller.appspot.com/x/.config?x=3990958d85b55e59
dashboard link: https://syzkaller.appspot.com/bug?extid=92c2535202f39bd02c8b
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+92c253...@syzkaller.appspotmail.com
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:3144
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
report_bug+0x208/0x249 lib/bug.c:186
RBP: ffffffff86abc580 R08: 0000000000000061 R09: 0000000000000000
R10: 0000000000000000 R11: ffff8880a982c140 R12: ffffffff813b7b30
R13: 0000000000000000 R14: ffff888094924c40 R15: ffff88809ade79d8
__debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
debug_check_no_obj_freed+0x3b7/0x674 lib/debugobjects.c:776
kfree+0xb9/0x250 mm/slab.c:3814
netdev_run_todo+0x747/0xad0 net/core/dev.c:7961
default_device_exit_batch+0x2e2/0x380 net/core/dev.c:8747
ops_exit_list+0xf9/0x150 net/core/net_namespace.c:145
cleanup_net+0x3b3/0x840 net/core/net_namespace.c:484
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
HEAD commit: cbfa1702 Linux 4.14.198
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=147c1b00500000
kernel config: https://syzkaller.appspot.com/x/.config?x=3990958d85b55e59
dashboard link: https://syzkaller.appspot.com/bug?extid=92c2535202f39bd02c8b
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d500c8500000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+92c253...@syzkaller.appspotmail.com
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x90 kernel/workqueue.c:3144
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x20/0x4b kernel/panic.c:547
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
panic+0x1f9/0x42d kernel/panic.c:183
report_bug+0x208/0x249 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
RSP: 0018:ffff8880a983f900 EFLAGS: 00010082
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
RAX: 0000000000000061 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff86ac12c0 RDI: ffffed1015307f16
RBP: ffffffff86abc580 R08: 0000000000000061 R09: 0000000000000000
R10: 0000000000000000 R11: ffff8880a982c140 R12: ffffffff813b7b30
R13: 0000000000000000 R14: ffff888094924c40 R15: ffff88809ade79d8
__debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
debug_check_no_obj_freed+0x3b7/0x674 lib/debugobjects.c:776
kfree+0xb9/0x250 mm/slab.c:3814
kvfree+0x45/0x50 mm/util.c:416
device_release+0x15f/0x1a0 drivers/base/core.c:833
kobject_cleanup lib/kobject.c:646 [inline]
kobject_release lib/kobject.c:675 [inline]
kref_put include/linux/kref.h:70 [inline]
kobject_put+0x1f3/0x2d0 lib/kobject.c:692
device_release+0x15f/0x1a0 drivers/base/core.c:833
kobject_cleanup lib/kobject.c:646 [inline]
kobject_release lib/kobject.c:675 [inline]
kref_put include/linux/kref.h:70 [inline]
netdev_run_todo+0x747/0xad0 net/core/dev.c:7961
default_device_exit_batch+0x2e2/0x380 net/core/dev.c:8747
ops_exit_list+0xf9/0x150 net/core/net_namespace.c:145
cleanup_net+0x3b3/0x840 net/core/net_namespace.c:484
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
syzbot
May 11, 2022, 6:31:21 PM5/11/22
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: e3a56aaade89 Linux 4.14.277
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=144ff259f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=24efab1c7c06be56
dashboard link: https://syzkaller.appspot.com/bug?extid=92c2535202f39bd02c8b
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17860bfaf00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1556b13af00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+92c253...@syzkaller.appspotmail.com
sp0: Synchronizing with TNC
ODEBUG: free active (active state 0) object type: timer_list hint: resync_tnc+0x0/0x3c0 drivers/net/hamradio/6pack.c:839
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7970 at lib/debugobjects.c:287 debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 7970 Comm: syz-executor412 Not tainted 4.14.277-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x281 lib/dump_stack.c:58
__dump_stack lib/dump_stack.c:17 [inline]
panic+0x1f9/0x42d kernel/panic.c:183
__warn.cold+0x20/0x44 kernel/panic.c:547
report_bug+0x208/0x250 lib/bug.c:183
fixup_bug arch/x86/kernel/traps.c:177 [inline]
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
RSP: 0018:ffff8880b3a578d0 EFLAGS: 00010082
fixup_bug arch/x86/kernel/traps.c:172 [inline]
do_error_trap+0x195/0x2d0 arch/x86/kernel/traps.c:295
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964
RIP: 0010:debug_print_object.cold+0xa7/0xdb lib/debugobjects.c:287
RAX: 0000000000000057 RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff878bc600 RDI: ffffed101674af10
RBP: ffffffff878b78c0 R08: 0000000000000057 R09: 0000000000000000
R10: 0000000000000000 R11: ffff8880b527a0c0 R12: ffffffff83f92780
R13: 0000000000000000 R14: ffff8880b374cd40 R15: ffff8880b53ae5b0
__debug_check_no_obj_freed lib/debugobjects.c:747 [inline]
debug_check_no_obj_freed+0x3b7/0x680 lib/debugobjects.c:776
kfree+0xb9/0x250 mm/slab.c:3814
kvfree+0x45/0x50 mm/util.c:416
device_release+0x15f/0x1a0 drivers/base/core.c:848
kobject_cleanup lib/kobject.c:646 [inline]
kobject_release lib/kobject.c:675 [inline]
kref_put include/linux/kref.h:70 [inline]
kobject_put+0x251/0x550 lib/kobject.c:692
kobject_release lib/kobject.c:675 [inline]
kref_put include/linux/kref.h:70 [inline]
netdev_run_todo+0x747/0xad0 net/core/dev.c:7969
sixpack_close+0xd3/0x180 drivers/net/hamradio/6pack.c:688
tty_ldisc_close+0x8c/0xc0 drivers/tty/tty_ldisc.c:505
tty_ldisc_kill drivers/tty/tty_ldisc.c:651 [inline]
tty_ldisc_hangup+0x269/0x6c0 drivers/tty/tty_ldisc.c:769
__tty_hangup.part.0+0x31a/0x730 drivers/tty/tty_io.c:622
__tty_hangup drivers/tty/tty_io.c:572 [inline]
tty_vhangup+0x1d/0x30 drivers/tty/tty_io.c:695
pty_close+0x35f/0x4b0 drivers/tty/pty.c:79
tty_release+0x40b/0x10d0 drivers/tty/tty_io.c:1670
__fput+0x25f/0x7a0 fs/file_table.c:210
task_work_run+0x11f/0x190 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xa44/0x2850 kernel/exit.c:868
do_group_exit+0x100/0x2e0 kernel/exit.c:965
SYSC_exit_group kernel/exit.c:976 [inline]
SyS_exit_group+0x19/0x20 kernel/exit.c:974
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f61f41cb049
RSP: 002b:00007ffcbc66e108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f61f423f330 RCX: 00007f61f41cb049
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 000000000000000d
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f61f423f330
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
======================================================
Reply all
Reply to author
Forward
0 new messages