Groups
Sign in
Groups
syzkaller-upstream-moderation
Conversations
About
Send feedback
Help
[moderation] [net?] [nfs?] WARNING: refcount bug in cache_clean
2 views
Skip to first unread message
syzbot
unread,
May 5, 2024, 1:53:24 AM
May 5
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c2e6a872bde9 netpoll: Fix race condition in netpoll_owner_..
git tree: net-next
console output:
https://syzkaller.appspot.com/x/log.txt?x=1415e1ef180000
kernel config:
https://syzkaller.appspot.com/x/.config?x=15dda165e1d20cf1
dashboard link:
https://syzkaller.appspot.com/bug?extid=c31346016beea569adba
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [
Dai...@oracle.com
an...@kernel.org
chuck...@oracle.com
da...@davemloft.net
edum...@google.com
jla...@kernel.org
ko...@netapp.com
ku...@kernel.org
linux-...@vger.kernel.org
linux-...@vger.kernel.org
linu...@vger.kernel.org
ne...@suse.de
net...@vger.kernel.org
pab...@redhat.com
t...@talpey.com
trond.m...@hammerspace.com
]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/256b2a473dd0/disk-c2e6a872.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/b98d2ea5cc29/vmlinux-c2e6a872.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/9c13648621f1/bzImage-c2e6a872.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+c31346...@syzkaller.appspotmail.com
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 1 PID: 5179 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28
Modules linked in:
CPU: 1 PID: 5179 Comm: kworker/1:6 Not tainted 6.9.0-rc5-syzkaller-01459-gc2e6a872bde9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: events_power_efficient do_cache_clean
RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 lib/refcount.c:28
Code: e0 4b 1f 8c e8 07 fe a8 fc 90 0f 0b 90 90 eb 99 e8 7b 81 e6 fc c6 05 3d 3e e4 0a 01 90 48 c7 c7 40 4c 1f 8c e8 e7 fd a8 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 58 81 e6 fc c6 05 17 3e e4 0a 01 90
RSP: 0018:ffffc900039afa68 EFLAGS: 00010246
RAX: 238e75778706bd00 RBX: ffff88807dd63958 RCX: ffff8880219e1e00
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000003 R08: ffffffff81589b62 R09: fffffbfff1c39b6c
R10: dffffc0000000000 R11: fffffbfff1c39b6c R12: 0000000000000000
R13: dffffc0000000000 R14: ffffffff8a967a40 R15: ffff88807dd63958
FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020011038 CR3: 00000000234c2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__refcount_sub_and_test include/linux/refcount.h:275 [inline]
__refcount_dec_and_test include/linux/refcount.h:307 [inline]
refcount_dec_and_test include/linux/refcount.h:325 [inline]
kref_put include/linux/kref.h:64 [inline]
cache_put include/linux/sunrpc/cache.h:213 [inline]
sunrpc_end_cache_remove_entry net/sunrpc/cache.c:96 [inline]
cache_clean+0x9de/0xa30 net/sunrpc/cache.c:491
do_cache_clean+0x22/0xb0 net/sunrpc/cache.c:508
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ
for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com
.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status
for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages