[v6.1] WARNING in kcov_remote_start
3 views
Skip to first unread message
syzbot
Jun 28, 2025, 11:34:30 AM6/28/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7e69c33e4858 Linux 6.1.142
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14d0088c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8ab0a96d60bbe8f
dashboard link: https://syzkaller.appspot.com/bug?extid=e64fc7c934fb30351dfe
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/45e07ce672f1/disk-7e69c33e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e00cc723dfa5/vmlinux-7e69c33e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4cbcf3fe062f/Image-7e69c33e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e64fc7...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
bond0: (slave wlan1): Releasing backup interface
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8664 at kernel/kcov.c:869 kcov_remote_start+0x42c/0x5b8 kernel/kcov.c:-1
Modules linked in:
CPU: 0 PID: 8664 Comm: syz.2.1416 Not tainted 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kcov_remote_start+0x42c/0x5b8 kernel/kcov.c:-1
lr : kcov_remote_start+0xe0/0x5b8 kernel/kcov.c:862
sp : ffff8000210460f0
x29: ffff8000210460f0 x28: ffff0000cbf9f358 x27: ffff700004208c40
x26: ffff0000cd448ea0 x25: 1fffe000197f3e6b x24: 0000000000ff0100
x23: ffff800015081140 x22: 0000000000000000 x21: ffff800014fd94b0
x20: 0000000000000000 x19: ffff0000dea10000 x18: ffff800011a8bce0
x17: ffff8000181b3000 x16: ffff800008042c60 x15: ffff800017c93fc0
x14: ffff0000dea10a98 x13: ffff0000dea10b10 x12: 0000000000080000
x11: 000000000007ffff x10: 0000000000000003 x9 : 0000000000000200
x8 : 0000000000000002 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018472640 x4 : 0000000000000008 x3 : ffff8000082d13d0
x2 : 0000000000000001 x1 : ffff800011a8e920 x0 : 0000000000000000
Call trace:
kcov_remote_start+0x42c/0x5b8 kernel/kcov.c:-1
kcov_remote_start_common include/linux/kcov.h:50 [inline]
ieee80211_rx_list+0x424/0x234c net/mac80211/rx.c:5268
ieee80211_rx_napi+0x164/0x338 net/mac80211/rx.c:5309
ieee80211_rx include/net/mac80211.h:4844 [inline]
ieee80211_handle_queued_frames+0xe8/0x188 net/mac80211/main.c:317
ieee80211_stop_device+0x24/0x88 net/mac80211/util.c:2211
ieee80211_do_stop+0x1284/0x1924 net/mac80211/iface.c:742
ieee80211_stop+0x3a8/0x410 net/mac80211/iface.c:801
__dev_close_many+0x2a4/0x394 net/core/dev.c:1572
dev_close_many+0x1e8/0x440 net/core/dev.c:1597
dev_close+0x148/0x1f8 net/core/dev.c:1623
__bond_release_one+0x9e0/0xea0 drivers/net/bonding/bond_main.c:2518
bond_release+0x30/0x40 drivers/net/bonding/bond_main.c:2545
do_set_master net/core/rtnetlink.c:2616 [inline]
do_setlink+0xbe0/0x32c4 net/core/rtnetlink.c:2840
rtnl_group_changelink net/core/rtnetlink.c:3361 [inline]
__rtnl_newlink net/core/rtnetlink.c:3618 [inline]
rtnl_newlink+0xce0/0x1a1c net/core/rtnetlink.c:3655
rtnetlink_rcv_msg+0x734/0xce4 net/core/rtnetlink.c:6153
netlink_rcv_skb+0x208/0x3c4 net/netlink/af_netlink.c:2493
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6171
netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
netlink_unicast+0x600/0x818 net/netlink/af_netlink.c:1337
netlink_sendmsg+0x6e8/0x9b0 net/netlink/af_netlink.c:1859
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5b8/0x918 net/socket.c:2519
___sys_sendmsg net/socket.c:2573 [inline]
__sys_sendmsg+0x25c/0x320 net/socket.c:2602
__do_sys_sendmsg net/socket.c:2611 [inline]
__se_sys_sendmsg net/socket.c:2609 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 7031
hardirqs last enabled at (7030): [<ffff800011a112b4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (7030): [<ffff800011a112b4>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (7031): [<ffff8000084a2578>] kcov_remote_start+0xbc/0x5b8 kernel/kcov.c:862
softirqs last enabled at (6960): [<ffff8000111a6024>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (6960): [<ffff8000111a6024>] netif_addr_unlock_bh include/linux/netdevice.h:4510 [inline]
softirqs last enabled at (6960): [<ffff8000111a6024>] ieee80211_do_stop+0x4ec/0x1924 net/mac80211/iface.c:543
softirqs last disabled at (7028): [<ffff80001124266c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7e69c33e4858 Linux 6.1.142
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14d0088c580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a8ab0a96d60bbe8f
dashboard link: https://syzkaller.appspot.com/bug?extid=e64fc7c934fb30351dfe
compiler: Debian clang version 20.1.6 (++20250514063057+1e4d39e07757-1~exp1~20250514183223.118), Debian LLD 20.1.6
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/45e07ce672f1/disk-7e69c33e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e00cc723dfa5/vmlinux-7e69c33e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4cbcf3fe062f/Image-7e69c33e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e64fc7...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
bond0: (slave wlan1): Releasing backup interface
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8664 at kernel/kcov.c:869 kcov_remote_start+0x42c/0x5b8 kernel/kcov.c:-1
Modules linked in:
CPU: 0 PID: 8664 Comm: syz.2.1416 Not tainted 6.1.142-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
pstate: 404000c5 (nZcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kcov_remote_start+0x42c/0x5b8 kernel/kcov.c:-1
lr : kcov_remote_start+0xe0/0x5b8 kernel/kcov.c:862
sp : ffff8000210460f0
x29: ffff8000210460f0 x28: ffff0000cbf9f358 x27: ffff700004208c40
x26: ffff0000cd448ea0 x25: 1fffe000197f3e6b x24: 0000000000ff0100
x23: ffff800015081140 x22: 0000000000000000 x21: ffff800014fd94b0
x20: 0000000000000000 x19: ffff0000dea10000 x18: ffff800011a8bce0
x17: ffff8000181b3000 x16: ffff800008042c60 x15: ffff800017c93fc0
x14: ffff0000dea10a98 x13: ffff0000dea10b10 x12: 0000000000080000
x11: 000000000007ffff x10: 0000000000000003 x9 : 0000000000000200
x8 : 0000000000000002 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018472640 x4 : 0000000000000008 x3 : ffff8000082d13d0
x2 : 0000000000000001 x1 : ffff800011a8e920 x0 : 0000000000000000
Call trace:
kcov_remote_start+0x42c/0x5b8 kernel/kcov.c:-1
kcov_remote_start_common include/linux/kcov.h:50 [inline]
ieee80211_rx_list+0x424/0x234c net/mac80211/rx.c:5268
ieee80211_rx_napi+0x164/0x338 net/mac80211/rx.c:5309
ieee80211_rx include/net/mac80211.h:4844 [inline]
ieee80211_handle_queued_frames+0xe8/0x188 net/mac80211/main.c:317
ieee80211_stop_device+0x24/0x88 net/mac80211/util.c:2211
ieee80211_do_stop+0x1284/0x1924 net/mac80211/iface.c:742
ieee80211_stop+0x3a8/0x410 net/mac80211/iface.c:801
__dev_close_many+0x2a4/0x394 net/core/dev.c:1572
dev_close_many+0x1e8/0x440 net/core/dev.c:1597
dev_close+0x148/0x1f8 net/core/dev.c:1623
__bond_release_one+0x9e0/0xea0 drivers/net/bonding/bond_main.c:2518
bond_release+0x30/0x40 drivers/net/bonding/bond_main.c:2545
do_set_master net/core/rtnetlink.c:2616 [inline]
do_setlink+0xbe0/0x32c4 net/core/rtnetlink.c:2840
rtnl_group_changelink net/core/rtnetlink.c:3361 [inline]
__rtnl_newlink net/core/rtnetlink.c:3618 [inline]
rtnl_newlink+0xce0/0x1a1c net/core/rtnetlink.c:3655
rtnetlink_rcv_msg+0x734/0xce4 net/core/rtnetlink.c:6153
netlink_rcv_skb+0x208/0x3c4 net/netlink/af_netlink.c:2493
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6171
netlink_unicast_kernel net/netlink/af_netlink.c:1311 [inline]
netlink_unicast+0x600/0x818 net/netlink/af_netlink.c:1337
netlink_sendmsg+0x6e8/0x9b0 net/netlink/af_netlink.c:1859
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5b8/0x918 net/socket.c:2519
___sys_sendmsg net/socket.c:2573 [inline]
__sys_sendmsg+0x25c/0x320 net/socket.c:2602
__do_sys_sendmsg net/socket.c:2611 [inline]
__se_sys_sendmsg net/socket.c:2609 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2609
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2bc arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x58/0x13c arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x138 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 7031
hardirqs last enabled at (7030): [<ffff800011a112b4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (7030): [<ffff800011a112b4>] _raw_spin_unlock_irqrestore+0x48/0xac kernel/locking/spinlock.c:194
hardirqs last disabled at (7031): [<ffff8000084a2578>] kcov_remote_start+0xbc/0x5b8 kernel/kcov.c:862
softirqs last enabled at (6960): [<ffff8000111a6024>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (6960): [<ffff8000111a6024>] netif_addr_unlock_bh include/linux/netdevice.h:4510 [inline]
softirqs last enabled at (6960): [<ffff8000111a6024>] ieee80211_do_stop+0x4ec/0x1924 net/mac80211/iface.c:543
softirqs last disabled at (7028): [<ffff80001124266c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages