[net?] [usb?] WARNING: ODEBUG bug in print_tainted
4 views
Skip to first unread message
syzbot
May 18, 2023, 3:15:22 PM5/18/23
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 838a854820ee Merge tag 'parisc-for-6.4-2' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1528b0ba280000
kernel config: https://syzkaller.appspot.com/x/.config?x=cc86fee67199911d
dashboard link: https://syzkaller.appspot.com/bug?extid=c519bd14948389318a6c
compiler: arm-linux-gnueabi-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm
CC: [da...@davemloft.net edum...@google.com ku...@kernel.org linux-...@vger.kernel.org linu...@vger.kernel.org net...@vger.kernel.org one...@suse.com pab...@redhat.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/c35b5b2731d2/non_bootable_disk-838a8548.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b2e2498b3a36/vmlinux-838a8548.xz
kernel image: https://storage.googleapis.com/syzbot-assets/36f73830a191/zImage-838a8548.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c519bd...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 19660 at lib/debugobjects.c:505 debug_print_object+0xb8/0xcc lib/debugobjects.c:505
ODEBUG: free active (active state 0) object: 84ebcfcc object type: work_struct hint: usbnet_deferred_kevent+0x0/0x384 drivers/net/usb/usbnet.c:630
Modules linked in:
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 0 PID: 19660 Comm: kworker/0:1 Not tainted 6.4.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
Workqueue: usb_hub_wq hub_event
Backtrace:
[<817d8de4>] (dump_backtrace) from [<817d8ed8>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:256)
r7:00000000 r6:826229c4 r5:600f0093 r4:81f9d3a4
[<817d8ec0>] (show_stack) from [<817f59b0>] (__dump_stack lib/dump_stack.c:88 [inline])
[<817d8ec0>] (show_stack) from [<817f59b0>] (dump_stack_lvl+0x48/0x54 lib/dump_stack.c:106)
[<817f5968>] (dump_stack_lvl) from [<817f59d4>] (dump_stack+0x18/0x1c lib/dump_stack.c:113)
r5:00000000 r4:82850d14
[<817f59bc>] (dump_stack) from [<817d99d0>] (panic+0x120/0x370 kernel/panic.c:340)
[<817d98b0>] (panic) from [<80241fe8>] (print_tainted+0x0/0xa0 kernel/panic.c:236)
r3:8260c488 r2:00000001 r1:81f86498 r0:81f8dea8
r7:807d51f8
[<80241f64>] (check_panic_on_warn) from [<802421dc>] (__warn+0x7c/0x180 kernel/panic.c:673)
[<80242160>] (__warn) from [<80242424>] (warn_slowpath_fmt+0x144/0x1d8 kernel/panic.c:704)
r8:00000009 r7:000001f9 r6:81fe945c r5:8260c964 r4:824adf7c
[<802422e4>] (warn_slowpath_fmt) from [<807d51f8>] (debug_print_object+0xb8/0xcc lib/debugobjects.c:505)
r10:84ebd000 r9:00000005 r8:81a02cf0 r7:820113d8 r6:828d29d0 r5:837a9cd8
r4:8260cdc8
[<807d5140>] (debug_print_object) from [<807d688c>] (__debug_check_no_obj_freed lib/debugobjects.c:1012 [inline])
[<807d5140>] (debug_print_object) from [<807d688c>] (debug_check_no_obj_freed+0x1e8/0x230 lib/debugobjects.c:1043)
r8:81a02cf0 r7:00000122 r6:84ebc800 r5:84ebcfcc r4:837a9cd8
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (slab_free_hook mm/slub.c:1756 [inline])
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (slab_free_freelist_hook mm/slub.c:1807 [inline])
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (slab_free mm/slub.c:3786 [inline])
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (__kmem_cache_free+0x16c/0x340 mm/slub.c:3799)
r10:00000000 r9:85f5a240 r8:00000000 r7:80438630 r6:ddeaa1e0 r5:84ebc800
r4:830023c0
[<804a6494>] (__kmem_cache_free) from [<80445e64>] (kfree+0x6c/0x14c mm/slab_common.c:1015)
r10:00000001 r9:85f22480 r8:84ebc800 r7:00000000 r6:80438630 r5:ddeaa1e0
r4:84ebc800
[<80445df8>] (kfree) from [<80438630>] (kvfree+0x2c/0x30 mm/util.c:650)
r7:00000000 r6:85867140 r5:85d37900 r4:84ebc800
[<80438604>] (kvfree) from [<81341d90>] (netdev_freemem+0x1c/0x20 net/core/dev.c:10580)
r5:85d37900 r4:84ebc800
[<81341d74>] (netdev_freemem) from [<81379dc0>] (netdev_release+0x2c/0x34 net/core/net-sysfs.c:1938)
[<81379d94>] (netdev_release) from [<80a038a0>] (device_release+0x38/0xa8 drivers/base/core.c:2484)
r5:85d37900 r4:84ebcb68
[<80a03868>] (device_release) from [<817b5440>] (kobject_cleanup lib/kobject.c:683 [inline])
[<80a03868>] (device_release) from [<817b5440>] (kobject_release lib/kobject.c:714 [inline])
[<80a03868>] (device_release) from [<817b5440>] (kref_put include/linux/kref.h:65 [inline])
[<80a03868>] (device_release) from [<817b5440>] (kobject_put+0xc8/0x1f8 lib/kobject.c:731)
r5:81b44cf4 r4:84ebcb68
[<817b5378>] (kobject_put) from [<80a03ad4>] (put_device+0x18/0x1c drivers/base/core.c:3733)
r7:84ebc830 r6:84ebc800 r5:84ebc75c r4:00000000
[<80a03abc>] (put_device) from [<813331d0>] (free_netdev+0x120/0x1a0 net/core/dev.c:10775)
[<813330b0>] (free_netdev) from [<80cca234>] (usbnet_disconnect+0xb4/0xf8 drivers/net/usb/usbnet.c:1637)
r7:85f22c00 r6:84ebcf94 r5:84ebce80 r4:00000000
[<80cca180>] (usbnet_disconnect) from [<80d23a90>] (usb_unbind_interface+0x8c/0x288 drivers/usb/core/driver.c:458)
r8:00000044 r7:85f22c30 r6:82772d64 r5:00000000 r4:85f22c30
[<80d23a04>] (usb_unbind_interface) from [<80a0b3dc>] (device_remove drivers/base/dd.c:569 [inline])
[<80d23a04>] (usb_unbind_interface) from [<80a0b3dc>] (device_remove+0x64/0x6c drivers/base/dd.c:561)
r10:00000001 r9:82903224 r8:00000044 r7:85f22c74 r6:82772d64 r5:00000000
r4:85f22c30
[<80a0b378>] (device_remove) from [<80a0c994>] (__device_release_driver drivers/base/dd.c:1272 [inline])
[<80a0b378>] (device_remove) from [<80a0c994>] (device_release_driver_internal+0x188/0x1fc drivers/base/dd.c:1295)
r5:00000000 r4:85f22c30
[<80a0c80c>] (device_release_driver_internal) from [<80a0ca20>] (device_release_driver+0x18/0x1c drivers/base/dd.c:1318)
r9:82903224 r8:83354840 r7:83354838 r6:8335480c r5:85f22c30 r4:83354830
[<80a0ca08>] (device_release_driver) from [<80a0aa8c>] (bus_remove_device+0xcc/0x120 drivers/base/bus.c:574)
[<80a0a9c0>] (bus_remove_device) from [<80a04bf8>] (device_del+0x15c/0x3a0 drivers/base/core.c:3814)
r9:82903224 r8:85f22480 r7:835ede00 r6:00000000 r5:85f22c30 r4:85f22c74
[<80a04a9c>] (device_del) from [<80d214f8>] (usb_disable_device+0xe8/0x1f4 drivers/usb/core/message.c:1420)
r10:00000001 r9:85e34808 r8:00000000 r7:00000000 r6:85f22c00 r5:85f22400
r4:00000038
[<80d21410>] (usb_disable_device) from [<80d162b0>] (usb_disconnect+0xe4/0x26c drivers/usb/core/hub.c:2238)
r10:00000001 r9:85f224c4 r8:85f22480 r7:00000100 r6:862a4400 r5:85f22400
r4:83540400
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (hub_port_connect drivers/usb/core/hub.c:5246 [inline])
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (hub_port_connect_change drivers/usb/core/hub.c:5551 [inline])
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (port_event drivers/usb/core/hub.c:5711 [inline])
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (hub_event+0x1290/0x19a0 drivers/usb/core/hub.c:5793)
r10:00000001 r9:83304600 r8:83304700 r7:00000100 r6:00000001 r5:8352fc00
r4:83540604
[<80d18048>] (hub_event) from [<8026399c>] (process_one_work+0x20c/0x598 kernel/workqueue.c:2405)
r10:dddd9605 r9:835ede00 r8:00000000 r7:dddd9600 r6:dddd22c0 r5:85e70880
r4:83304700
[<80263790>] (process_one_work) from [<80264190>] (worker_thread+0x6c/0x4e0 kernel/workqueue.c:2552)
r10:dddd22c0 r9:00000008 r8:82604d40 r7:dddd22e0 r6:85e70898 r5:dddd22c0
r4:85e70880
[<80264124>] (worker_thread) from [<8026b19c>] (kthread+0x100/0x130 kernel/kthread.c:379)
r10:00000000 r9:ee351e9c r8:85867e40 r7:85e70880 r6:80264124 r5:835ede00
r4:86291100
[<8026b09c>] (kthread) from [<80200100>] (ret_from_fork+0x14/0x34 arch/arm/kernel/entry-common.S:133)
Exception stack(0xdf9a5fb0 to 0xdf9a5ff8)
5fa0: 00000000 00000000 00000000 00000000
5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026b09c r4:86291100
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 838a854820ee Merge tag 'parisc-for-6.4-2' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1528b0ba280000
kernel config: https://syzkaller.appspot.com/x/.config?x=cc86fee67199911d
dashboard link: https://syzkaller.appspot.com/bug?extid=c519bd14948389318a6c
compiler: arm-linux-gnueabi-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm
CC: [da...@davemloft.net edum...@google.com ku...@kernel.org linux-...@vger.kernel.org linu...@vger.kernel.org net...@vger.kernel.org one...@suse.com pab...@redhat.com]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/c35b5b2731d2/non_bootable_disk-838a8548.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b2e2498b3a36/vmlinux-838a8548.xz
kernel image: https://storage.googleapis.com/syzbot-assets/36f73830a191/zImage-838a8548.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c519bd...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 19660 at lib/debugobjects.c:505 debug_print_object+0xb8/0xcc lib/debugobjects.c:505
ODEBUG: free active (active state 0) object: 84ebcfcc object type: work_struct hint: usbnet_deferred_kevent+0x0/0x384 drivers/net/usb/usbnet.c:630
Modules linked in:
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 0 PID: 19660 Comm: kworker/0:1 Not tainted 6.4.0-rc1-syzkaller #0
Hardware name: ARM-Versatile Express
Workqueue: usb_hub_wq hub_event
Backtrace:
[<817d8de4>] (dump_backtrace) from [<817d8ed8>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:256)
r7:00000000 r6:826229c4 r5:600f0093 r4:81f9d3a4
[<817d8ec0>] (show_stack) from [<817f59b0>] (__dump_stack lib/dump_stack.c:88 [inline])
[<817d8ec0>] (show_stack) from [<817f59b0>] (dump_stack_lvl+0x48/0x54 lib/dump_stack.c:106)
[<817f5968>] (dump_stack_lvl) from [<817f59d4>] (dump_stack+0x18/0x1c lib/dump_stack.c:113)
r5:00000000 r4:82850d14
[<817f59bc>] (dump_stack) from [<817d99d0>] (panic+0x120/0x370 kernel/panic.c:340)
[<817d98b0>] (panic) from [<80241fe8>] (print_tainted+0x0/0xa0 kernel/panic.c:236)
r3:8260c488 r2:00000001 r1:81f86498 r0:81f8dea8
r7:807d51f8
[<80241f64>] (check_panic_on_warn) from [<802421dc>] (__warn+0x7c/0x180 kernel/panic.c:673)
[<80242160>] (__warn) from [<80242424>] (warn_slowpath_fmt+0x144/0x1d8 kernel/panic.c:704)
r8:00000009 r7:000001f9 r6:81fe945c r5:8260c964 r4:824adf7c
[<802422e4>] (warn_slowpath_fmt) from [<807d51f8>] (debug_print_object+0xb8/0xcc lib/debugobjects.c:505)
r10:84ebd000 r9:00000005 r8:81a02cf0 r7:820113d8 r6:828d29d0 r5:837a9cd8
r4:8260cdc8
[<807d5140>] (debug_print_object) from [<807d688c>] (__debug_check_no_obj_freed lib/debugobjects.c:1012 [inline])
[<807d5140>] (debug_print_object) from [<807d688c>] (debug_check_no_obj_freed+0x1e8/0x230 lib/debugobjects.c:1043)
r8:81a02cf0 r7:00000122 r6:84ebc800 r5:84ebcfcc r4:837a9cd8
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (slab_free_hook mm/slub.c:1756 [inline])
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (slab_free_freelist_hook mm/slub.c:1807 [inline])
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (slab_free mm/slub.c:3786 [inline])
[<807d66a4>] (debug_check_no_obj_freed) from [<804a6600>] (__kmem_cache_free+0x16c/0x340 mm/slub.c:3799)
r10:00000000 r9:85f5a240 r8:00000000 r7:80438630 r6:ddeaa1e0 r5:84ebc800
r4:830023c0
[<804a6494>] (__kmem_cache_free) from [<80445e64>] (kfree+0x6c/0x14c mm/slab_common.c:1015)
r10:00000001 r9:85f22480 r8:84ebc800 r7:00000000 r6:80438630 r5:ddeaa1e0
r4:84ebc800
[<80445df8>] (kfree) from [<80438630>] (kvfree+0x2c/0x30 mm/util.c:650)
r7:00000000 r6:85867140 r5:85d37900 r4:84ebc800
[<80438604>] (kvfree) from [<81341d90>] (netdev_freemem+0x1c/0x20 net/core/dev.c:10580)
r5:85d37900 r4:84ebc800
[<81341d74>] (netdev_freemem) from [<81379dc0>] (netdev_release+0x2c/0x34 net/core/net-sysfs.c:1938)
[<81379d94>] (netdev_release) from [<80a038a0>] (device_release+0x38/0xa8 drivers/base/core.c:2484)
r5:85d37900 r4:84ebcb68
[<80a03868>] (device_release) from [<817b5440>] (kobject_cleanup lib/kobject.c:683 [inline])
[<80a03868>] (device_release) from [<817b5440>] (kobject_release lib/kobject.c:714 [inline])
[<80a03868>] (device_release) from [<817b5440>] (kref_put include/linux/kref.h:65 [inline])
[<80a03868>] (device_release) from [<817b5440>] (kobject_put+0xc8/0x1f8 lib/kobject.c:731)
r5:81b44cf4 r4:84ebcb68
[<817b5378>] (kobject_put) from [<80a03ad4>] (put_device+0x18/0x1c drivers/base/core.c:3733)
r7:84ebc830 r6:84ebc800 r5:84ebc75c r4:00000000
[<80a03abc>] (put_device) from [<813331d0>] (free_netdev+0x120/0x1a0 net/core/dev.c:10775)
[<813330b0>] (free_netdev) from [<80cca234>] (usbnet_disconnect+0xb4/0xf8 drivers/net/usb/usbnet.c:1637)
r7:85f22c00 r6:84ebcf94 r5:84ebce80 r4:00000000
[<80cca180>] (usbnet_disconnect) from [<80d23a90>] (usb_unbind_interface+0x8c/0x288 drivers/usb/core/driver.c:458)
r8:00000044 r7:85f22c30 r6:82772d64 r5:00000000 r4:85f22c30
[<80d23a04>] (usb_unbind_interface) from [<80a0b3dc>] (device_remove drivers/base/dd.c:569 [inline])
[<80d23a04>] (usb_unbind_interface) from [<80a0b3dc>] (device_remove+0x64/0x6c drivers/base/dd.c:561)
r10:00000001 r9:82903224 r8:00000044 r7:85f22c74 r6:82772d64 r5:00000000
r4:85f22c30
[<80a0b378>] (device_remove) from [<80a0c994>] (__device_release_driver drivers/base/dd.c:1272 [inline])
[<80a0b378>] (device_remove) from [<80a0c994>] (device_release_driver_internal+0x188/0x1fc drivers/base/dd.c:1295)
r5:00000000 r4:85f22c30
[<80a0c80c>] (device_release_driver_internal) from [<80a0ca20>] (device_release_driver+0x18/0x1c drivers/base/dd.c:1318)
r9:82903224 r8:83354840 r7:83354838 r6:8335480c r5:85f22c30 r4:83354830
[<80a0ca08>] (device_release_driver) from [<80a0aa8c>] (bus_remove_device+0xcc/0x120 drivers/base/bus.c:574)
[<80a0a9c0>] (bus_remove_device) from [<80a04bf8>] (device_del+0x15c/0x3a0 drivers/base/core.c:3814)
r9:82903224 r8:85f22480 r7:835ede00 r6:00000000 r5:85f22c30 r4:85f22c74
[<80a04a9c>] (device_del) from [<80d214f8>] (usb_disable_device+0xe8/0x1f4 drivers/usb/core/message.c:1420)
r10:00000001 r9:85e34808 r8:00000000 r7:00000000 r6:85f22c00 r5:85f22400
r4:00000038
[<80d21410>] (usb_disable_device) from [<80d162b0>] (usb_disconnect+0xe4/0x26c drivers/usb/core/hub.c:2238)
r10:00000001 r9:85f224c4 r8:85f22480 r7:00000100 r6:862a4400 r5:85f22400
r4:83540400
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (hub_port_connect drivers/usb/core/hub.c:5246 [inline])
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (hub_port_connect_change drivers/usb/core/hub.c:5551 [inline])
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (port_event drivers/usb/core/hub.c:5711 [inline])
[<80d161cc>] (usb_disconnect) from [<80d192d8>] (hub_event+0x1290/0x19a0 drivers/usb/core/hub.c:5793)
r10:00000001 r9:83304600 r8:83304700 r7:00000100 r6:00000001 r5:8352fc00
r4:83540604
[<80d18048>] (hub_event) from [<8026399c>] (process_one_work+0x20c/0x598 kernel/workqueue.c:2405)
r10:dddd9605 r9:835ede00 r8:00000000 r7:dddd9600 r6:dddd22c0 r5:85e70880
r4:83304700
[<80263790>] (process_one_work) from [<80264190>] (worker_thread+0x6c/0x4e0 kernel/workqueue.c:2552)
r10:dddd22c0 r9:00000008 r8:82604d40 r7:dddd22e0 r6:85e70898 r5:dddd22c0
r4:85e70880
[<80264124>] (worker_thread) from [<8026b19c>] (kthread+0x100/0x130 kernel/kthread.c:379)
r10:00000000 r9:ee351e9c r8:85867e40 r7:85e70880 r6:80264124 r5:835ede00
r4:86291100
[<8026b09c>] (kthread) from [<80200100>] (ret_from_fork+0x14/0x34 arch/arm/kernel/entry-common.S:133)
Exception stack(0xdf9a5fb0 to 0xdf9a5ff8)
5fa0: 00000000 00000000 00000000 00000000
5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
5fe0: 00000000 00000000 00000000 00000000 00000013 00000000
r9:00000000 r8:00000000 r7:00000000 r6:00000000 r5:8026b09c r4:86291100
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 12, 2023, 3:10:41 PM8/12/23
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages