Re: [syzbot] [tipc?] [batman?] BUG: soft lockup in sys_sendmsg
syzbot has found a reproducer for the following issue on: HEAD commit:707081b61156 Merge branch 'for-next/core', remote-tracking.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=134d4fa518 kernel config: https://syzkaller.appspot.com/x/.config?x=caeac3f3565b057a dashboard link: https://syzkaller.appspot.com/bug?extid=a6a4b5bb3da165594cff compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=139a4c8118 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108b0ac918 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/6cad68bf7532/disk-707081b6.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1a27e5400778/vmlinux-707081b6.xz kernel image: https://storage.googleapis.com/syzbot-assets/67dfc53755d0/Image-707081b6.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [syz-executor227:7772] Modules linked in: irq event stamp: 5373 hardirqs last enabled at (5372): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline] hardirqs last enabled at (5372): [] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95 hardirqs last disabled at (5373): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (5373): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (542): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (542): [] release_sock+0x154/0x1b8 net/core/sock.c:3547 softirqs last disabled at (548): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (548): [] lock_sock_nested+0x74/0x11c net/core/sock.c:3526 CPU: 0 PID: 7772 Comm: syz-executor227 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 0045 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x15c/0xcf8 kernel/locking/qspinlock.c:383 lr : queued_spin_lock_slowpath+0x168/0xcf8 kernel/locking/qspinlock.c:383 sp : 800097ca76c0 x29: 800097ca7760 x28: 1fffe00018e1be6b x27: 100012f94ee4 x26: dfff8000 x25: 1fffe00018e1be6d x24: 800097ca76e0 x23: 800097ca7720 x22: 700012f94edc x21: 0001 x20: 0001 x19: c70df358 x18: x17: x16: 8000809fd934 x15: 0001 x14: 1fffe00018e1be6b x13: x12: x11: 600018e1be6c x10: 1fffe00018e1be6b x9 : x8 : 0001 x7 : 800088eaf8bc x6 : x5 : x4 : 0001 x3 : 80008ae5db50 x2 : x1 : 0001 x0 : 0001 Call trace: __cmpwait_case_8 arch/arm64/include/asm/cmpxchg.h:229 [inline] __cmpwait arch/arm64/include/asm/cmpxchg.h:257 [inline] queued_spin_lock_slowpath+0x15c/0xcf8 kernel/locking/qspinlock.c:383 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x320/0x348 kernel/locking/spinlock_debug.c:116 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline] _raw_spin_lock_bh+0x50/0x60 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] lock_sock_nested+0x74/0x11c net/core/sock.c:3526 lock_sock include/net/sock.h:1691 [inline] tipc_sendstream+0x50/0x84 net/tipc/socket.c:1550 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sys_sendmsg+0x56c/0x840 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x26c/0x33c net/socket.c:2667 __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
Re: [syzbot] [batman?] [bpf?] possible deadlock in lock_timer_base
syzbot has found a reproducer for the following issue on:
HEAD commit:35c3e2791756 Revert "net: Re-use and set mono_delivery_tim..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=1056918118
kernel config: https://syzkaller.appspot.com/x/.config?x=6fb1be60a193d440
dashboard link: https://syzkaller.appspot.com/bug?extid=8983d6d4f7df556be565
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13d9fa4e18
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137afac918
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/26b55a26fc12/disk-35c3e279.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/6f39fa55c828/vmlinux-35c3e279.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/e1e0501539e6/bzImage-35c3e279.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8983d6d4f7df556be...@syzkaller.appspotmail.com
=
WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
6.8.0-syzkaller-05228-g35c3e2791756 #0 Not tainted
-
rcu_preempt/16 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire:
888021c65020 (>buckets[i].lock){+...}-{2:2}, at: spin_lock_bh
include/linux/spinlock.h:356 [inline]
888021c65020 (>buckets[i].lock){+...}-{2:2}, at:
sock_hash_delete_elem+0xb0/0x300 net/core/sock_map.c:939
and this task is already holding:
8880b952a758
(>lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
kernel/time/timer.c:1051
which would create a new lock dependency:
(>lock){-.-.}-{2:2} -> (
>buckets[i].lock){+...}-{2:2}
but this new dependency connects a HARDIRQ-irq-safe lock:
(>lock){-.-.}-{2:2}
... which became HARDIRQ-irq-safe at:
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
lock_timer_base+0x112/0x240 kernel/time/timer.c:1051
add_timer_on+0x1e5/0x5c0 kernel/time/timer.c:1366
handle_irq_event_percpu kernel/irq/handle.c:195 [inline]
handle_irq_event+0xad/0x1f0 kernel/irq/handle.c:210
handle_level_irq+0x3c5/0x6e0 kernel/irq/chip.c:648
generic_handle_irq_desc include/linux/irqdesc.h:161 [inline]
handle_irq arch/x86/kernel/irq.c:238 [inline]
__common_interrupt+0x13a/0x230 arch/x86/kernel/irq.c:257
common_interrupt+0xa5/0xd0 arch/x86/kernel/irq.c:247
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
_raw_spin_unlock_irqrestore+0xd8/0x140 kernel/locking/spinlock.c:194
__setup_irq+0x1277/0x1cf0 kernel/irq/manage.c:1818
request_threaded_irq+0x2ab/0x380 kernel/irq/manage.c:2202
request_irq include/linux/interrupt.h:168 [inline]
setup_default_timer_irq+0x25/0x60 arch/x86/kernel/time.c:70
x86_late_time_init+0x66/0xc0 arch/x86/kernel/time.c:94
start_kernel+0x3f3/0x500 init/main.c:1039
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509
x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490
common_startup_64+0x13e/0x147
to a HARDIRQ-irq-unsafe lock:
(>buckets[i].lock){+...}-{2:2}
... which became HARDIRQ-irq-unsafe at:
...
lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
sock_hash_free+0x164/0x820 net/core/sock_map.c:1154
bpf_map_free_deferred+0xe6/0x110 kernel/bpf/syscall.c:734
process_one_work kernel/workqueue.c:3254 [inline]
process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335
worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
kthread+0x2f0/0x390 kernel/kthread.c:388
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
other info that might help us debug this:
Possible interrupt unsafe locking scenario:
CPU0CPU1
lock(>buckets[i].lock
);
local_irq_disable();
lock(>lock);
lock(>buckets[i].lock
);
lock(>lock);
*** DEADLOCK ***
2 locks held by rcu_preempt/16:
#0:
8880b952a758
(>lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
kernel/time/timer.c:1051
#1: 8e131920
(rcu_read_lock
){}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
){}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
){}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
){}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420
the dependencie
Re: [syzbot] [batman?] BUG: soft lockup in sys_sendmsg
> On Monday, 12 February 2024 11:26:24 CET syzbot wrote:
>> syzbot found the following issue on:
>>
>> HEAD commit:41bccc98fb79 Linux 6.8-rc2
>> git tree:
>> git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1420011818
>> kernel config: https://syzkaller.appspot.com/x/.config?x=451a1e62b11ea4a6
>> dashboard link: https://syzkaller.appspot.com/bug?extid=a6a4b5bb3da165594cff
>> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for
>> Debian) 2.40
>> userspace arch: arm64
>>
>> Unfortunately, I don't have any reproducer for this issue yet.
>>
>> Downloadable assets:
>> disk image:
>> https://storage.googleapis.com/syzbot-assets/0772069e29cf/disk-41bccc98.raw.xz
>> vmlinux:
>> https://storage.googleapis.com/syzbot-assets/659d3f0755b7/vmlinux-41bccc98.xz
>> kernel image:
>> https://storage.googleapis.com/syzbot-assets/7780a45c3e51/Image-41bccc98.gz.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com
>>
>
> #syz test
This crash does not have a reproducer. I cannot test it.
>
> From 5984ace8f8df7cf8d6f98ded0eebe7d962028992 Mon Sep 17 00:00:00 2001
> From: Sven Eckelmann
> Date: Mon, 12 Feb 2024 13:10:33 +0100
> Subject: [PATCH] batman-adv: Avoid infinite loop trying to resize local TT
>
> If the MTU of one of an attached interface becomes too small to transmit
> the local translation table then it must be resized to fit inside all
> fragments (when enabled) or a single packet.
>
> But if the MTU becomes too low to transmit even the header + the VLAN
> specific part then the resizing of the local TT will never succeed. This
> can for example happen when the usable space is 110 bytes and 11 VLANs are
> on top of batman-adv. In this case, at least 116 byte would be needed.
> There will just be an endless spam of
>
>batman_adv: batadv0: Forced to purge local tt entries to fit new maximum
> fragment MTU (110)
>
> in the log but the function will never finish. Problem here is that the
> timeout will be halved in each step and will then stagnate at 0 and
> therefore never be able to reduce the table even more.
>
> There are other scenarios possible with a similar result. The number of
> BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too
> high to fit inside a packet. Such a scenario can therefore happen also with
> only a single VLAN + 7 non-purgable addresses - requiring at least 120
> bytes.
>
> While this should be handled proactively when:
>
> * interface with too low MTU is added
> * VLAN is added
> * non-purgeable local mac is added
> * MTU of an attached interface is reduced
> * fragmentation setting gets disabled (which most likely requires dropping
> attached interfaces)
>
> not all of these scenarios can be prevented because batman-adv is only
> consuming events without the the possibility to prevent these actions
> (non-purgable MAC address added, MTU of an attached interface is reduced).
> It is therefore necessary to also make sure that the code is able to handle
> also the situations when there were already incompatible system
> configurations present.
>
> Cc: sta...@vger.kernel.org
> Fixes: a19d3d85e1b8 ("batman-adv: limit local translation table max size")
> Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com
> Signed-off-by: Sven Eckelmann
> ---
> net/batman-adv/translation-table.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/batman-adv/translation-table.c
> b/net/batman-adv/translation-table.c
> index b95c36765d04..2243cec18ecc 100644
> --- a/net/batman-adv/translation-table.c
> +++ b/net/batman-adv/translation-table.c
> @@ -3948,7 +3948,7 @@ void batadv_tt_local_resize_to_mtu(struct net_device
> *soft_iface)
>
> spin_lock_bh(_priv->tt.commit_lock);
>
> - while (true) {
> + while (timeout) {
> table_size = batadv_tt_local_table_transmit_size(bat_priv);
> if (packet_size_max >= table_size)
> break;
> --
> 2.39.2
>
[syzbot] [batman?] BUG: soft lockup in sys_sendmsg
Hello, syzbot found the following issue on: HEAD commit:41bccc98fb79 Linux 6.8-rc2 git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1420011818 kernel config: https://syzkaller.appspot.com/x/.config?x=451a1e62b11ea4a6 dashboard link: https://syzkaller.appspot.com/bug?extid=a6a4b5bb3da165594cff compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0772069e29cf/disk-41bccc98.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/659d3f0755b7/vmlinux-41bccc98.xz kernel image: https://storage.googleapis.com/syzbot-assets/7780a45c3e51/Image-41bccc98.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.0:28718] Modules linked in: irq event stamp: 45929391 hardirqs last enabled at (45929390): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (45929391): [] __el1_irq arch/arm64/kernel/entry-common.c:499 [inline] hardirqs last disabled at (45929391): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:517 softirqs last enabled at (2040): [] softirq_handle_end kernel/softirq.c:399 [inline] softirqs last enabled at (2040): [] __do_softirq+0xac8/0xce4 kernel/softirq.c:582 softirqs last disabled at (2052): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (2052): [] batadv_tt_local_resize_to_mtu+0x60/0x154 net/batman-adv/translation-table.c:3949 CPU: 1 PID: 28718 Comm: syz-executor.0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : 80009a0670b0 x29: 80009a0670c0 x28: 70001340ce60 x27: 80009a0673d0 x26: 00011e860290 x25: d08a9f08 x24: 0001 x23: 1fffe00023d4d3c1 x22: dfff8000 x21: 80008aacbf98 x20: 0202 x19: 00011ea69e08 x18: 80009a066800 x17: 77656e2074696620 x16: 80008031ffc8 x15: 0001 x14: 1fffe0001ba5a290 x13: x12: 0003 x11: 0004 x10: 0003 x9 : x8 : 02bcd3ae x7 : 80008aacbe30 x6 : x5 : x4 : 0001 x3 : x2 : 0002 x1 : 80008aecd7e0 x0 : 80012545c000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_tt_local_purge+0x264/0x2e8 net/batman-adv/translation-table.c:1356 batadv_tt_local_resize_to_mtu+0xa0/0x154 net/batman-adv/translation-table.c:3956 batadv_update_min_mtu+0x74/0xa4 net/batman-adv/hard-interface.c:651 batadv_netlink_set_mesh+0x50c/0x1078 net/batman-adv/netlink.c:500 genl_family_rcv_msg_doit net/netlink/genetlink.c:1113 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline] genl_rcv_msg+0x874/0xb6c net/netlink/genetlink.c:1208 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1217 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sys_sendmsg+0x56c/0x840 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x26c/0x33c net/socket.c:2667 __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name
Re: [syzbot] [btrfs?] memory leak in corrupted
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+ebe64cc5950868e77...@syzkaller.appspotmail.com Tested on: commit: a67d6793 batman-adv: mcast: fix memory leak on deletin.. git tree: git://git.open-mesh.org/linux-merge.git console output: https://syzkaller.appspot.com/x/log.txt?x=100a3dcde8 kernel config: https://syzkaller.appspot.com/x/.config?x=87c229fb8ad5e9a0 dashboard link: https://syzkaller.appspot.com/bug?extid=ebe64cc5950868e77358 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. Note: testing is done by a robot and is best-effort only.
[syzbot] [btrfs?] memory leak in corrupted
Hello, syzbot found the following issue on: HEAD commit:052d534373b7 Merge tag 'exfat-for-6.8-rc1' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14620debe8 kernel config: https://syzkaller.appspot.com/x/.config?x=a7031f9e71583b4a dashboard link: https://syzkaller.appspot.com/bug?extid=ebe64cc5950868e77358 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a344c1e8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/82a7201eef4c/disk-052d5343.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ca12b4c31826/vmlinux-052d5343.xz kernel image: https://storage.googleapis.com/syzbot-assets/3f07360ba5a8/bzImage-052d5343.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ebe64cc5950868e77...@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0x88811c71a980 (size 64): comm "syz-executor.7", pid 5063, jiffies 4294953937 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 8e 7e 1c 81 88 ff ff .~. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 9f8721dd): [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slub.c:3817 [inline] [] slab_alloc_node mm/slub.c:3860 [inline] [] kmalloc_trace+0x283/0x330 mm/slub.c:4007 [] kmalloc include/linux/slab.h:590 [inline] [] kzalloc include/linux/slab.h:711 [inline] [] batadv_tvlv_handler_register+0xf7/0x2a0 net/batman-adv/tvlv.c:560 [] batadv_mcast_init+0x4f/0xc0 net/batman-adv/multicast.c:1926 [] batadv_mesh_init+0x209/0x2f0 net/batman-adv/main.c:231 [] batadv_softif_init_late+0x1f8/0x280 net/batman-adv/soft-interface.c:812 [] register_netdevice+0x189/0xca0 net/core/dev.c:10188 [] batadv_softif_newlink+0x55/0x70 net/batman-adv/soft-interface.c:1088 [] rtnl_newlink_create net/core/rtnetlink.c:3515 [inline] [] __rtnl_newlink+0xb10/0xec0 net/core/rtnetlink.c:3735 [] rtnl_newlink+0x4c/0x70 net/core/rtnetlink.c:3748 [] rtnetlink_rcv_msg+0x22f/0x5b0 net/core/rtnetlink.c:6615 [] netlink_rcv_skb+0x91/0x1d0 net/netlink/af_netlink.c:2543 [] netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] [] netlink_unicast+0x2c2/0x440 net/netlink/af_netlink.c:1367 [] netlink_sendmsg+0x341/0x690 net/netlink/af_netlink.c:1908 [] sock_sendmsg_nosec net/socket.c:730 [inline] [] __sock_sendmsg+0x52/0xa0 net/socket.c:745 [] __sys_sendto+0x164/0x1e0 net/socket.c:2191 [] __do_sys_sendto net/socket.c:2203 [inline] [] __se_sys_sendto net/socket.c:2199 [inline] [] __x64_sys_sendto+0x28/0x30 net/socket.c:2199 BUG: memory leak unreferenced object 0x88811c8561c0 (size 64): comm "syz-executor.0", pid 5062, jiffies 4294953941 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 ce 7e 1c 81 88 ff ff .~. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 7256c890): [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slub.c:3817 [inline] [] slab_alloc_node mm/slub.c:3860 [inline] [] kmalloc_trace+0x283/0x330 mm/slub.c:4007 [] kmalloc include/linux/slab.h:590 [inline] [] kzalloc include/linux/slab.h:711 [inline] [] batadv_tvlv_handler_register+0xf7/0x2a0 net/batman-adv/tvlv.c:560 [] batadv_mcast_init+0x4f/0xc0 net/batman-adv/multicast.c:1926 [] batadv_mesh_init+0x209/0x2f0 net/batman-adv/main.c:231 [] batadv_softif_init_late+0x1f8/0x280 net/batman-adv/soft-interface.c:812 [] register_netdevice+0x189/0xca0 net/core/dev.c:10188 [] batadv_softif_newlink+0x55/0x70 net/batman-adv/soft-interface.c:1088 [] rtnl_newlink_create net/core/rtnetlink.c:3515 [inline] [] __rtnl_newlink+0xb10/0xec0 net/core/rtnetlink.c:3735 [] rtnl_newlink+0x4c/0x70 net/core/rtnetlink.c:3748 [] rtnetlink_rcv_msg+0x22f/0x5b0 net/core/rtnetlink.c:6615 [] netlink_rcv_skb+0x91/0x1d0 net/netlink/af_netlink.c:2543 [] netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] [] netlink_unicast+0x2c2/0x440 net/netlink/af_netlink.c:1367 [] netlink_sendmsg+0x341/0x690 net/netlink/af_netlink.c:1908 [] sock_sendmsg_nosec net/socket.c:730 [inline] [] __sock_sendmsg+0x52/0xa0 net/socket.c:745 [] __sys_sendto+0x164/0x1e0 net/socket.c:2191 [] __do_sys_sendto net/socket.c:2203 [inline] [] __se_sys_sendto net/socket.c:2199 [inline] [] __x64_sys_sendto+0x28/0x30 net/socket.c:2199 BUG: memory leak unreferenced object 0x88811cd88cc0 (size 64): comm "syz-executor.5", pid 5078, jiffies 4294953981 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 8e 05 1d 81 88 ff ff ... 00 00 00 00 00 00
[syzbot] [batman?] INFO: rcu detected stall in sys_recvmmsg (3)
Hello, syzbot found the following issue on: HEAD commit:2cf4f94d8e86 Merge tag 'scsi-fixes' of git://git.kernel.or.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12534501e8 kernel config: https://syzkaller.appspot.com/x/.config?x=671af399e2dac0e3 dashboard link: https://syzkaller.appspot.com/bug?extid=b079dc0aa6e992859e7c compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/08b534ec982d/disk-2cf4f94d.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8c44c6da6081/vmlinux-2cf4f94d.xz kernel image: https://storage.googleapis.com/syzbot-assets/7e291c0f9693/bzImage-2cf4f94d.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b079dc0aa6e992859...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu:0-...!: (1 GPs behind) idle=c844/1/0x4000 softirq=35391/35392 fqs=3 rcu:(detected by 1, t=10502 jiffies, g=60989, q=82 ncpus=2) Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 12878 Comm: syz-executor.1 Not tainted 6.7.0-rc6-syzkaller-00010-g2cf4f94d8e86 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 RIP: 0010:rcu_dynticks_curr_cpu_in_eqs include/linux/context_tracking.h:122 [inline] RIP: 0010:rcu_is_watching+0x3d/0xb0 kernel/rcu/tree.c:700 Code: c7 c3 e8 6d 03 00 83 f8 07 89 c5 77 7a 48 8d 3c ed 60 da a6 8c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <75> 54 48 03 1c ed 60 da a6 8c 48 b8 00 00 00 00 00 fc ff df 48 89 RSP: 0018:c9007c78 EFLAGS: 0046 RAX: dc00 RBX: 00036de8 RCX: 8166f367 RDX: 1194db4c RSI: 8b2ed360 RDI: 8ca6da60 RBP: R08: R09: fbfff1e30d1a R10: 8f1868d7 R11: 0002 R12: 0001 R13: R14: 88802be37300 R15: FS: 7feb948206c0() GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 20230030 CR3: 1f8f7000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x464/0x520 kernel/locking/lockdep.c:5725 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] advance_sched+0xd5/0xc60 net/sched/sch_taprio.c:935 __run_hrtimer kernel/time/hrtimer.c:1688 [inline] __hrtimer_run_queues+0x203/0xc20 kernel/time/hrtimer.c:1752 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1814 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1065 [inline] __sysvec_apic_timer_interrupt+0x105/0x400 arch/x86/kernel/apic/apic.c:1082 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1076 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x70 kernel/locking/spinlock.c:194 Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 86 37 e4 f6 48 89 df e8 ee ae e4 f6 f7 c5 00 02 00 00 75 1f 9c 58 f6 c4 02 75 2f 01 00 00 00 e8 25 68 d6 f6 65 8b 05 a6 10 81 75 85 c0 74 12 5b RSP: 0018:c90003b0f738 EFLAGS: 0246 RAX: 0006 RBX: 8880290ad9d0 RCX: 123ead8c RDX: RSI: 8acc9f40 RDI: 8b2ed3e0 RBP: 0246 R08: 0001 R09: fbfff23e1fe5 R10: 91f0ff2f R11: 0001 R12: 8880290ad9b8 R13: 8880177bda80 R14: 0246 R15: c90003b0f8d8 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] __skb_try_recv_datagram+0x16f/0x4f0 net/core/datagram.c:266 __unix_dgram_recvmsg+0x1d1/0xee0 net/unix/af_unix.c:2383 unix_dgram_recvmsg+0xc3/0xf0 net/unix/af_unix.c:2485 sock_recvmsg_nosec net/socket.c:1044 [inline] sys_recvmsg+0x4ab/0x5c0 net/socket.c:2801 ___sys_recvmsg+0x115/0x1a0 net/socket.c:2845 do_recvmmsg+0x2af/0x740 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __do_sys_recvmmsg net/socket.c:3041 [inline] __se_sys_recvmmsg net/socket.c:3034 [inline] __x64_sys_recvmmsg+0x235/0x290 net/socket.c:3034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7feb93a7cbe9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8
Re: [syzbot] [batman?] INFO: rcu detected stall in worker_thread (9)
syzbot has found a reproducer for the following issue on:
HEAD commit:9bacdd8996c7 Merge tag 'for-6.7-rc1-tag' of git://git.kern..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=13e932ff68
kernel config: https://syzkaller.appspot.com/x/.config?x=d05dd66e2eb2c872
dashboard link: https://syzkaller.appspot.com/bug?extid=225bfad78b079744fd5e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1041f91f68
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10cc7b98e8
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/8e9d5e2b6665/disk-9bacdd89.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/b8ee67db540d/vmlinux-9bacdd89.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/3477230ef7a9/bzImage-9bacdd89.xz
The issue was bisected to:
commit c2368b19807affd7621f7c4638cd2e17fec13021
Author: Jiri Pirko
Date: Fri Jul 29 07:10:35 2022 +
net: devlink: introduce "unregistering" mark and use it during devlinks
iteration
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1758e1e368
final oops: https://syzkaller.appspot.com/x/report.txt?x=14d8e1e368
console output: https://syzkaller.appspot.com/x/log.txt?x=10d8e1e368
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+225bfad78b079744f...@syzkaller.appspotmail.com
Fixes: c2368b19807a ("net: devlink: introduce "unregistering" mark and use it
during devlinks iteration")
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu:0-...!: (1 ticks this GP) idle=3b94/1/0x4000
softirq=6057/6057 fqs=9
rcu:(detected by 1, t=10502 jiffies, g=6949, q=188 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted
6.7.0-rc1-syzkaller-00012-g9bacdd8996c7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
11/10/2023
Workqueue: events_power_efficient gc_worker
RIP: 0010:pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:591 [inline]
RIP: 0010:queued_spin_unlock arch/x86/include/asm/qspinlock.h:57 [inline]
RIP: 0010:do_raw_spin_unlock+0x117/0x8b0 kernel/locking/spinlock_debug.c:141
Code: 49 c7 45 00 ff ff ff ff 0f b6 04 2b 84 c0 0f 85 c9 03 00 00 41 c7 06 ff
ff ff ff 48 c7 c0 60 b8 79 8d 48 c1 e8 03 80 3c 28 00 <74> 0c 48 c7 c7 60 b8 79
8d e8 9b d3 7b 00 48 83 3d 73 30 0b 0c 00
RSP: 0018:c9007c20 EFLAGS: 0046
RAX: 11af370c RBX: 1110042eac5e RCX:
RDX: RSI: 0004 RDI: 8880217562e8
RBP: dc00 R08: 8880217562eb R09: 1110042eac5d
R10: dc00 R11: ed10042eac5e R12: 1110042eac5f
R13: 8880217562f8 R14: 8880217562f0 R15: 8880217562e8
FS: () GS:8880b980() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 2600 CR3: 0d73 CR4: 003506f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
__raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_unlock+0x1e/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:391 [inline]
advance_sched+0x9bd/0xcb0 net/sched/sch_taprio.c:992
__run_hrtimer kernel/time/hrtimer.c:1688 [inline]
__hrtimer_run_queues+0x59f/0xd20 kernel/time/hrtimer.c:1752
hrtimer_interrupt+0x396/0x980 kernel/time/hrtimer.c:1814
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1065 [inline]
__sysvec_apic_timer_interrupt+0x104/0x3a0 arch/x86/kernel/apic/apic.c:1082
sysvec_apic_timer_interrupt+0x92/0xb0 arch/x86/kernel/apic/apic.c:1076
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:lock_acquire+0x25a/0x530 kernel/locking/lockdep.c:5757
Code: 2b 00 74 08 4c 89 f7 e8 04 33 7d 00 f6 44 24 61 02 0f 85 8a 01 00 00 41
f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00
00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
RSP: 0018:c90d7940 EFLAGS: 0206
RAX: 0001 RBX: 1921af34 RCX: 0001
RDX: dc00 RSI: 8b6ac0c0 RDI: 8bbdf300
RBP: c90d7a88 R08: 90dd4367 R09: 121ba86c
R10: dc00 R11: fbfff21ba86d R12: 1921af30
R13: dc00 R14: c90d79a0 R15: 0246
rcu_lock_acquire include/linux/rcupdate.h:301 [inline]
rcu_read_lock include/linux/rcupdate.h:747 [inline]
gc_worker+0x28c/0x15a0 net/netfilter/nf_conntrack_core.c:1488
process_one_work kernel/workqueue.c:2630 [inline]
process_scheduled_works+0x90f/0x1420 kernel/workqueue.c:2703
worker_thread+0xa5f/0x1000 kernel/workqueue.c:2784
kthread+0x2d3/0x370 ker
Re: [syzbot] [batman?] INFO: rcu detected stall in rtnl_newlink (3)
syzbot suspects this issue was fixed by commit: commit e739718444f7bf2fa3d70d101761ad83056ca628 Author: Kuniyuki Iwashima Date: Sat Jul 29 00:07:05 2023 + net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15b26a4d68 start commit: d528014517f2 Revert ".gitignore: ignore *.cover and *.mbx" git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d576750da57ebbb5 dashboard link: https://syzkaller.appspot.com/bug?extid=afb3084a933aa2bdacc6 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15849d08a8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13184990a8 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] [batman?] memory leak in skb_clone (2)
Hello, syzbot found the following issue on: HEAD commit:a5e505a99ca7 Merge tag 'platform-drivers-x86-v6.5-5' of gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15eea3e3a8 kernel config: https://syzkaller.appspot.com/x/.config?x=f3c65e06397a9d58 dashboard link: https://syzkaller.appspot.com/bug?extid=92f9b5fba2df252a3569 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13597f9068 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/c534ce48946f/disk-a5e505a9.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/724bbdaa3992/vmlinux-a5e505a9.xz kernel image: https://storage.googleapis.com/syzbot-assets/47fba0663891/bzImage-a5e505a9.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+92f9b5fba2df252a3...@syzkaller.appspotmail.com 2023/08/24 02:03:48 executed programs: 322 2023/08/24 02:03:54 executed programs: 337 BUG: memory leak unreferenced object 0x888120ea2600 (size 240): comm "kworker/u4:5", pid 5210, jiffies 4295058872 (age 8.300s) hex dump (first 32 bytes): 00 22 e3 20 81 88 ff ff 00 00 00 00 00 00 00 00 .". 00 80 ed 1c 81 88 ff ff 00 00 00 00 00 00 00 00 backtrace: [] skb_clone+0xaa/0x190 net/core/skbuff.c:1860 [] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:387 [inline] [] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] [] batadv_iv_send_outstanding_bat_ogm_packet+0x2ef/0x370 net/batman-adv/bat_iv_ogm.c:1700 [] process_one_work+0x2f1/0x640 kernel/workqueue.c:2600 [] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2751 [] kthread+0x12b/0x170 kernel/kthread.c:389 [] ret_from_fork+0x2c/0x40 arch/x86/kernel/process.c:145 [] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 BUG: memory leak unreferenced object 0x888120f36c00 (size 1024): comm "kworker/u4:5", pid 5210, jiffies 4295058872 (age 8.300s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [] __do_kmalloc_node mm/slab_common.c:984 [inline] [] __kmalloc_node_track_caller+0x49/0x140 mm/slab_common.c:1005 [] kmalloc_reserve+0x95/0x180 net/core/skbuff.c:575 [] pskb_expand_head+0xd8/0x5f0 net/core/skbuff.c:2042 [] __skb_cow include/linux/skbuff.h:3571 [inline] [] skb_cow_head include/linux/skbuff.h:3605 [inline] [] batadv_skb_head_push+0x8f/0x110 net/batman-adv/soft-interface.c:72 [] batadv_send_skb_packet+0x83/0x1c0 net/batman-adv/send.c:86 [] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] [] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] [] batadv_iv_send_outstanding_bat_ogm_packet+0x32a/0x370 net/batman-adv/bat_iv_ogm.c:1700 [] process_one_work+0x2f1/0x640 kernel/workqueue.c:2600 [] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2751 [] kthread+0x12b/0x170 kernel/kthread.c:389 [] ret_from_fork+0x2c/0x40 arch/x86/kernel/process.c:145 [] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 BUG: memory leak unreferenced object 0x888120ea2000 (size 240): comm "kworker/u4:5", pid 5210, jiffies 4295058872 (age 8.300s) hex dump (first 32 bytes): 00 28 ea 20 81 88 ff ff 00 00 00 00 00 00 00 00 .(. 00 80 ec 1c 81 88 ff ff 00 00 00 00 00 00 00 00 backtrace: [] skb_clone+0xaa/0x190 net/core/skbuff.c:1860 [] netem_enqueue+0xc62/0x1430 net/sched/sch_netem.c:479 [] dev_qdisc_enqueue+0x25/0xf0 net/core/dev.c:3732 [] __dev_xmit_skb net/core/dev.c:3821 [inline] [] __dev_queue_xmit+0xdc7/0x17d0 net/core/dev.c:4169 [] dev_queue_xmit include/linux/netdevice.h:3088 [inline] [] batadv_send_skb_packet+0x150/0x1c0 net/batman-adv/send.c:108 [] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] [] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] [] batadv_iv_send_outstanding_bat_ogm_packet+0x32a/0x370 net/batman-adv/bat_iv_ogm.c:1700 [] process_one_work+0x2f1/0x640 kernel/workqueue.c:2600 [] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2751 [] kthread+0x12b/0x170 kernel/kthread.c:389 [] ret_from_fork+0x2c/0x40 arch/x86/kernel/process.c:145 [] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run th
[syzbot] [batman?] WARNING in batadv_dat_free (2)
Hello, syzbot found the following issue on: HEAD commit:970308a7b544 selftests/bpf: Set the default value of consu.. git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=1788094b28 kernel config: https://syzkaller.appspot.com/x/.config?x=ba5f40cc4484255a dashboard link: https://syzkaller.appspot.com/bug?extid=6c881e6772625dc7feed compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/fc4c2bba1144/disk-970308a7.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1075dd8a55dc/vmlinux-970308a7.xz kernel image: https://storage.googleapis.com/syzbot-assets/59f3fdc83b37/bzImage-970308a7.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6c881e6772625dc7f...@syzkaller.appspotmail.com bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves [ cut here ] WARNING: CPU: 1 PID: 1005 at kernel/workqueue.c:642 set_work_data kernel/workqueue.c:642 [inline] WARNING: CPU: 1 PID: 1005 at kernel/workqueue.c:642 clear_work_data kernel/workqueue.c:705 [inline] WARNING: CPU: 1 PID: 1005 at kernel/workqueue.c:642 __cancel_work_timer+0x4d1/0x570 kernel/workqueue.c:3278 Modules linked in: CPU: 1 PID: 1005 Comm: kworker/u4:5 Not tainted 6.4.0-rc3-syzkaller-00722-g970308a7b544 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Workqueue: netns cleanup_net RIP: 0010:set_work_data kernel/workqueue.c:642 [inline] RIP: 0010:clear_work_data kernel/workqueue.c:705 [inline] RIP: 0010:__cancel_work_timer+0x4d1/0x570 kernel/workqueue.c:3278 Code: e8 34 08 0e 00 e9 e1 fb ff ff e8 2a 41 30 00 e8 55 f5 bb 08 e9 51 fd ff ff e8 1b 41 30 00 0f 0b e9 a6 fc ff ff e8 0f 41 30 00 <0f> 0b e9 c0 fd ff ff e8 b3 4e 83 00 e9 fd fe ff ff e8 f9 40 30 00 RSP: 0018:c90005237920 EFLAGS: 00010293 RAX: RBX: RCX: RDX: 88802076d940 RSI: 815401c1 RDI: 0001 RBP: R08: 0001 R09: R10: R11: R12: 888019b654b0 R13: 192000a46f25 R14: 0001 R15: 88802076d940 FS: () GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f31ad4beba8 CR3: 2a10a000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0600 Call Trace: batadv_dat_free+0x45/0xe0 net/batman-adv/distributed-arp-table.c:840 batadv_mesh_free+0x89/0x170 net/batman-adv/main.c:270 batadv_softif_free+0x15/0x20 net/batman-adv/soft-interface.c:984 netdev_run_todo+0x6bf/0x1100 net/core/dev.c:10395 default_device_exit_batch+0x456/0x5b0 net/core/dev.c:11395 ops_exit_list+0x125/0x170 net/core/net_namespace.c:175 cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:614 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552 kthread+0x344/0x440 kernel/kthread.c:379 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] Monthly batman report (Jun 2023)
Hello batman maintainers/developers, This is a 31-day syzbot report for the batman subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/batman During the period, 0 new issues were detected and 0 were fixed. In total, 9 issues are still open and 20 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 5426Yes WARNING: ODEBUG bug in netdev_run_todo https://syzkaller.appspot.com/bug?extid=f9484b345f41843fc9a9 <2> 1375Yes WARNING: ODEBUG bug in netdev_freemem (2) https://syzkaller.appspot.com/bug?extid=c4521ac872a4ccc3afec <3> 128 Yes INFO: rcu detected stall in batadv_nc_worker (3) https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] Monthly batman report
Hello batman maintainers/developers, This is a 30-day syzbot report for the batman subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/batman During the period, 2 new issues were detected and 0 were fixed. In total, 8 issues are still open and 19 have been fixed so far. Some of the still happening issues: Crashes Repro Title 5034Yes WARNING: ODEBUG bug in netdev_run_todo https://syzkaller.appspot.com/bug?extid=f9484b345f41843fc9a9 1367Yes WARNING: ODEBUG bug in netdev_freemem (2) https://syzkaller.appspot.com/bug?extid=c4521ac872a4ccc3afec 115 Yes INFO: rcu detected stall in batadv_nc_worker (3) https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com.
[syzbot] [batman?] WARNING: locking bug in batadv_nc_process_nc_paths
Hello,
syzbot found the following issue on:
HEAD commit:a6faf7ea9fcb Add linux-next specific files for 20230328
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=12e4a6d1c8
kernel config: https://syzkaller.appspot.com/x/.config?x=dd9eb5678a80e926
dashboard link: https://syzkaller.appspot.com/bug?extid=6c3ddeb774a88806d35a
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/b03351a37b6b/disk-a6faf7ea.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/663c2ddae5f7/vmlinux-a6faf7ea.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/a5e229b4773a/bzImage-a6faf7ea.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6c3ddeb774a88806d...@syzkaller.appspotmail.com
=
[ BUG: Invalid wait context ]
6.3.0-rc4-next-20230328-syzkaller #0 Not tainted
-
kworker/u4:11/7080 is trying to lock:
916756d0 (lock_keys_hash){}-{40:209}, at: spin_lock_bh
include/linux/spinlock.h:355 [inline]
916756d0 (lock_keys_hash){}-{40:209}, at:
batadv_nc_process_nc_paths.part.0+0x142/0x3f0
net/batman-adv/network-coding.c:690
other info that might help us debug this:
context-{4:4}
3 locks held by kworker/u4:11/7080:
#0: 888026eef938
((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic64_set
arch/x86/include/asm/atomic64_64.h:34 [inline]
((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic_long_set
include/linux/atomic/atomic-long.h:41 [inline]
((wq_completion)bat_events){+.+.}-{0:0}, at: atomic_long_set
include/linux/atomic/atomic-instrumented.h:1280 [inline]
((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_data
kernel/workqueue.c:643 [inline]
((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending
kernel/workqueue.c:670 [inline]
((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0
kernel/workqueue.c:2376
#1: c900033afdb0
((work_completion)(&(_priv->nc.work)->work)){+.+.}-{0:0}, at:
process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380
#2: 8c795e00 (rcu_read_lock){}-{1:2}, at:
batadv_nc_process_nc_paths.part.0+0xb1/0x3f0 net/batman-adv/network-coding.c:684
stack backtrace:
CPU: 1 PID: 7080 Comm: kworker/u4:11 Not tainted
6.3.0-rc4-next-20230328-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
03/17/2023
Workqueue: bat_events batadv_nc_worker
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_lock_invalid_wait_context kernel/locking/lockdep.c:4724 [inline]
check_wait_context kernel/locking/lockdep.c:4785 [inline]
__lock_acquire+0x159e/0x5df0 kernel/locking/lockdep.c:5024
lock_acquire.part.0+0x11c/0x370 kernel/locking/lockdep.c:5691
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:355 [inline]
batadv_nc_process_nc_paths.part.0+0x142/0x3f0
net/batman-adv/network-coding.c:690
batadv_nc_process_nc_paths net/batman-adv/network-coding.c:679 [inline]
batadv_nc_worker+0xc82/0xfe0 net/batman-adv/network-coding.c:728
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x33e/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
==
BUG: KASAN: slab-out-of-bounds in batadv_nc_fwd_flush+0x422/0x4d0
net/batman-adv/network-coding.c:650
Read of size 4 at addr 88807a916130 by task kworker/u4:11/7080
CPU: 1 PID: 7080 Comm: kworker/u4:11 Not tainted
6.3.0-rc4-next-20230328-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
03/17/2023
Workqueue: bat_events batadv_nc_worker
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351
print_report mm/kasan/report.c:462 [inline]
kasan_report+0x11c/0x130 mm/kasan/report.c:572
batadv_nc_fwd_flush+0x422/0x4d0 net/batman-adv/network-coding.c:650
batadv_nc_process_nc_paths.part.0+0x1b6/0x3f0
net/batman-adv/network-coding.c:693
batadv_nc_process_nc_paths net/batman-adv/network-coding.c:679 [inline]
batadv_nc_worker+0xc82/0xfe0 net/batman-adv/network-coding.c:728
process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405
worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552
kthread+0x33e/0x440 kernel/kthread.c:379
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
Allocated by task 12301:
kasan_save_stack+0x22/0x40 mm/kasan/common.c:45
kasan_set_track+0x25/0x30 mm/kasan/c
[syzbot] WARNING in batadv_nc_purge_paths
Hello, syzbot found the following issue on: HEAD commit:65762d97e6fa Merge branch 'for-next/perf' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1558f7fd88 kernel config: https://syzkaller.appspot.com/x/.config?x=56d0c7c3a2304e8f dashboard link: https://syzkaller.appspot.com/bug?extid=5b817d9e3b5fb5f051fc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/52f702197b30/disk-65762d97.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/72189c2789ce/vmlinux-65762d97.xz kernel image: https://storage.googleapis.com/syzbot-assets/ec0349196c98/Image-65762d97.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5b817d9e3b5fb5f05...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 1 PID: 3498 at kernel/softirq.c:376 __local_bh_enable_ip+0x180/0x1a4 kernel/softirq.c:376 Modules linked in: CPU: 1 PID: 3498 Comm: kworker/u4:11 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 Workqueue: bat_events batadv_nc_worker pstate: 2045 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __local_bh_enable_ip+0x180/0x1a4 kernel/softirq.c:376 lr : __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] lr : _raw_spin_unlock_bh+0x48/0x58 kernel/locking/spinlock.c:210 sp : 80001398bc60 x29: 80001398bc60 x28: 8d2fb000 x27: 8d2fb000 x26: 007e x25: 0004 x24: x23: f2dcdf80 x22: x21: 00011ed2b480 x20: 8bf44c08 x19: 0201 x18: 0163 x17: 8c0cd83c x16: 8dbe6158 x15: 00011ed2b480 x14: 00c8 x13: x12: 00011ed2b480 x11: ff80895cfff8 x10: x9 : 8d2d09a0 x8 : 0201 x7 : 8bf44a98 x6 : x5 : x4 : 0001 x3 : x2 : 0001 x1 : 0201 x0 : 8bf44c08 Call trace: __local_bh_enable_ip+0x180/0x1a4 kernel/softirq.c:376 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x48/0x58 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:395 [inline] batadv_nc_purge_paths+0x1d0/0x214 net/batman-adv/network-coding.c:471 batadv_nc_worker+0x3a8/0x484 net/batman-adv/network-coding.c:722 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 irq event stamp: 28503233 hardirqs last enabled at (28503231): [] __local_bh_enable_ip+0x13c/0x1a4 kernel/softirq.c:401 hardirqs last disabled at (28503233): [] __el1_irq arch/arm64/kernel/entry-common.c:468 [inline] hardirqs last disabled at (28503233): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:486 softirqs last enabled at (28503230): [] spin_unlock_bh include/linux/spinlock.h:395 [inline] softirqs last enabled at (28503230): [] batadv_nc_purge_paths+0x1d0/0x214 net/batman-adv/network-coding.c:471 softirqs last disabled at (28503232): [] spin_lock_bh include/linux/spinlock.h:355 [inline] softirqs last disabled at (28503232): [] batadv_nc_purge_paths+0x60/0x214 net/batman-adv/network-coding.c:442 ---[ end trace ]--- --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: [syzbot] BUG: MAX_LOCKDEP_ENTRIES too low! (3)
syzbot has found a reproducer for the following issue on: HEAD commit:9ab000d9ac54 Merge branch 'nfc-leaks' git tree: net console+strace: https://syzkaller.appspot.com/x/log.txt?x=178f3db588 kernel config: https://syzkaller.appspot.com/x/.config?x=6f4e5e9899396248 dashboard link: https://syzkaller.appspot.com/bug?extid=b04c9ffbbd2f303d00d9 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15051edd88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15b9d36588 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0db12aff8b37/disk-9ab000d9.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/62dc4dacf73e/vmlinux-9ab000d9.xz kernel image: https://storage.googleapis.com/syzbot-assets/0cc1ecdd9ab6/bzImage-9ab000d9.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b04c9ffbbd2f303d0...@syzkaller.appspotmail.com 8021q: adding VLAN 0 to HW filter on device batadv968 BUG: MAX_LOCKDEP_ENTRIES too low! turning off the locking correctness validator. CPU: 1 PID: 5813 Comm: syz-executor248 Not tainted 6.1.0-rc5-syzkaller-00128-g9ab000d9ac54 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 alloc_list_entry.cold+0x11/0x18 kernel/locking/lockdep.c:1402 add_lock_to_list kernel/locking/lockdep.c:1423 [inline] check_prev_add kernel/locking/lockdep.c:3167 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x3626/0x56d0 kernel/locking/lockdep.c:5055 lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:355 [inline] batadv_tt_local_event+0x1f6/0x7e0 net/batman-adv/translation-table.c:482 batadv_tt_local_add+0x638/0x1f50 net/batman-adv/translation-table.c:758 batadv_softif_create_vlan+0x2ed/0x530 net/batman-adv/soft-interface.c:586 batadv_interface_add_vid+0xd7/0x110 net/batman-adv/soft-interface.c:646 vlan_add_rx_filter_info+0x149/0x1d0 net/8021q/vlan_core.c:211 __vlan_vid_add net/8021q/vlan_core.c:306 [inline] vlan_vid_add+0x3f6/0x7f0 net/8021q/vlan_core.c:336 vlan_device_event.cold+0x28/0x2d net/8021q/vlan.c:385 notifier_call_chain+0xb5/0x200 kernel/notifier.c:87 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1945 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] dev_open net/core/dev.c:1473 [inline] dev_open+0x136/0x150 net/core/dev.c:1461 team_port_add drivers/net/team/team.c:1215 [inline] team_add_slave+0xa03/0x1b90 drivers/net/team/team.c:1984 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2578 rtnl_newlink_create net/core/rtnetlink.c:3381 [inline] __rtnl_newlink+0x13ac/0x17e0 net/core/rtnetlink.c:3581 rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43e/0xca0 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x157/0x430 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 sys_sendmsg+0x712/0x8c0 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2d5511cab9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffddb541428 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0003d335 RCX: 7f2d5511cab9 RDX: RSI: 2300 RDI: 0004 RBP: R08: 7ffddb5415c8 R09: 7ffddb5415c8 R10: 7ffddb5415c8 R11: 0246 R12: 7ffddb54143c R13: 431bde82d7b634db R14: R15: team968: Port device batadv968 added
Re: [syzbot] INFO: rcu detected stall in batadv_nc_worker (3)
syzbot has bisected this issue to:
commit f8a4018c826fde6137425bbdbe524d5973feb173
Author: Mark Brown
Date: Thu Jun 2 13:53:04 2022 +
ASoC: tas2770: Use modern ASoC DAI format terminology
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=164d497888
start commit: 55be6084c8e0 Merge tag 'timers-core-2022-10-05' of git://g..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=154d497888
console output: https://syzkaller.appspot.com/x/log.txt?x=114d497888
kernel config: https://syzkaller.appspot.com/x/.config?x=df75278aabf0681a
dashboard link: https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e2e47888
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149ca17c88
Reported-by: syzbot+69904c3b4a09e8fa2...@syzkaller.appspotmail.com
Fixes: f8a4018c826f ("ASoC: tas2770: Use modern ASoC DAI format terminology")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] INFO: rcu detected stall in batadv_nc_worker (3)
syzbot has found a reproducer for the following issue on: HEAD commit:55be6084c8e0 Merge tag 'timers-core-2022-10-05' of git://g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1623ec7288 kernel config: https://syzkaller.appspot.com/x/.config?x=df75278aabf0681a dashboard link: https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e2e47888 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149ca17c88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/9d967e5d91fa/disk-55be6084.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9a8cffcbc089/vmlinux-55be6084.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+69904c3b4a09e8fa2...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt self-detected stall on CPU rcu:0-...!: (1 GPs behind) idle=d61c/1/0x4000 softirq=5548/5551 fqs=5 (t=10501 jiffies g=4985 q=1169 ncpus=2) rcu: rcu_preempt kthread starved for 10488 jiffies! g4985 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu:Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:28728 pid:17ppid:2 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:5178 [inline] __schedule+0xadf/0x5270 kernel/sched/core.c:6490 schedule+0xda/0x1b0 kernel/sched/core.c:6566 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1935 rcu_gp_fqs_loop+0x190/0x910 kernel/rcu/tree.c:1658 rcu_gp_kthread+0x236/0x360 kernel/rcu/tree.c:1857 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 47 Comm: kworker/u4:3 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: bat_events batadv_nc_worker RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x7/0x60 kernel/kcov.c:200 Code: 4c 00 5d be 03 00 00 00 e9 d6 43 84 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 65 8b 05 f9 24 87 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 80 6f 02 00 a9 RSP: 0018:c91f0c48 EFLAGS: 0286 RAX: 0101 RBX: 88806b299c90 RCX: 878c4a1d RDX: 888017893b00 RSI: 0100 RDI: 0007 RBP: fff0a3da8872 R08: 0007 R09: R10: fff0a3da8872 R11: 0008c07d R12: fff0a3da8872 R13: 888018f5ab00 R14: R15: FS: () GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 26ef CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: pie_calculate_probability+0x32b/0x7c0 net/sched/sch_pie.c:387 fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:380 call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [inline] __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790 __run_timers kernel/time/timer.c:1768 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803 __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:rcu_preempt_read_exit kernel/rcu/tree_plugin.h:382 [inline] RIP: 0010:__rcu_read_unlock+0x2d/0x570 kernel/rcu/tree_plugin.h:421 Code: 55 41 54 55 65 48 8b 2c 25 80 6f 02 00 53 48 8d bd 3c 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 02 00 00 65 RSP: 0018:c9b87c58 EFLAGS: 0a07 RAX: dc00 RBX: 0001 RCX: RDX: RSI: 891cd30e RDI: 888017893f3c RBP: 888017893b00 R08: 0001 R09: R10: 0001 R11: 0001 R12: 0001 R13: R14: dc00 R15: 0345 rcu_read_unlock include/linux/rcupdate.h:770 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:412 [inline] batadv_nc_worker+0x853/0xfa0 net/batman-adv/network-coding.c:719 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080
[syzbot] WARNING: suspicious RCU usage in __dev_queue_xmit
Hello,
syzbot found the following issue on:
HEAD commit:4c375272fb0b Merge branch 'net-add-preliminary-netdev-refc..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=164749a9b0
kernel config: https://syzkaller.appspot.com/x/.config?x=2b8e24e3a80e3875
dashboard link: https://syzkaller.appspot.com/bug?extid=e163f2ff7c3f7efd8203
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11493641b0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ac6aceb0
The issue was bisected to:
commit 42df6e1d221dddc0f2acf2be37e68d553ad65f96
Author: Lukas Wunner
Date: Fri Oct 8 20:06:03 2021 +
netfilter: Introduce egress hook
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1236329db0
final oops: https://syzkaller.appspot.com/x/report.txt?x=1136329db0
console output: https://syzkaller.appspot.com/x/log.txt?x=1636329db0
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e163f2ff7c3f7efd8...@syzkaller.appspotmail.com
Fixes: 42df6e1d221d ("netfilter: Introduce egress hook")
=
WARNING: suspicious RCU usage
5.16.0-rc3-syzkaller #0 Not tainted
-
include/linux/netfilter_netdev.h:97 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
3 locks held by kworker/u4:2/49:
#0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at:
arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
#0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at:
atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline]
#0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at:
set_work_data kernel/workqueue.c:635 [inline]
#0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline]
#0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at:
process_one_work+0x896/0x1690 kernel/workqueue.c:2269
#1: c9000119fdb0
((work_completion)(&(_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at:
process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273
#2: 8bb83b00 (rcu_read_lock_bh){}-{1:2}, at:
__dev_queue_xmit+0x1e3/0x3640 net/core/dev.c:4036
stack backtrace:
CPU: 1 PID: 49 Comm: kworker/u4:2 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
nf_hook_egress include/linux/netfilter_netdev.h:97 [inline]
__dev_queue_xmit+0x2eac/0x3640 net/core/dev.c:4053
batadv_send_skb_packet+0x4a9/0x5f0 net/batman-adv/send.c:108
batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline]
batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline]
batadv_iv_send_outstanding_bat_ogm_packet+0x6d7/0x8e0
net/batman-adv/bat_iv_ogm.c:1701
process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
kthread+0x405/0x4f0 kernel/kthread.c:327
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Re: [syzbot] INFO: trying to register non-static key in l2cap_sock_teardown_cb
syzbot suspects this issue was fixed by commit: commit 1bff51ea59a9afb67d2dd78518ab0582a54a472c Author: Wang ShaoBo Date: Wed Sep 1 00:35:37 2021 + Bluetooth: fix use-after-free error in lock_sock_nested() bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=134c881eb0 start commit: 73b7a6047971 net: dsa: bcm_sf2: support BCM4908's integrat.. git tree: net-next kernel config: https://syzkaller.appspot.com/x/.config?x=9ce34124da4c882b dashboard link: https://syzkaller.appspot.com/bug?extid=a41dfef1d2e04910eb2e syz repro: https://syzkaller.appspot.com/x/repro.syz?x=166ee4cf50 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1337172f50 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: Bluetooth: fix use-after-free error in lock_sock_nested() For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] WARNING: ODEBUG bug in batadv_v_ogm_free
syzbot suspects this issue was fixed by commit: commit 6f68cd634856f8ca93bafd623ba5357e0f648c68 Author: Pavel Skripkin Date: Sun Oct 24 13:13:56 2021 + net: batman-adv: fix error handling bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=114e3c16b0 start commit: cf52ad5ff16c Merge tag 'driver-core-5.15-rc6' of git://git.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=9479508d7bb83ad9 dashboard link: https://syzkaller.appspot.com/bug?extid=0ef06384b5f39a16ebb9 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17af7344b0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15dc02fb30 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net: batman-adv: fix error handling For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] WARNING in batadv_nc_mesh_free
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+28b0702ada0bf7381...@syzkaller.appspotmail.com Tested on: commit: 9c0c4d24 Merge tag 'block-5.15-2021-10-22' of git://gi.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d95853dad8472c91 dashboard link: https://syzkaller.appspot.com/bug?extid=28b0702ada0bf7381f58 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=1553d4c4b0 Note: testing is done by a robot and is best-effort only.
Re: [syzbot] WARNING in batadv_nc_mesh_free
Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: general protection fault in batadv_nc_purge_paths RBP: 7fe7b40631d0 R08: R09: R10: R11: 0246 R12: 0002 R13: 7ffe7ffd3def R14: 7fe7b4063300 R15: 00022000 general protection fault, probably for non-canonical address 0xdc02: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0010-0x0017] CPU: 1 PID: 9061 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:batadv_nc_purge_paths+0x38/0x3f0 net/batman-adv/network-coding.c:437 Code: 48 89 d3 49 89 f6 48 89 7c 24 58 49 bd 00 00 00 00 00 fc ff df e8 38 48 ab f7 4d 8d 7e 10 4c 89 f8 48 c1 e8 03 48 89 44 24 48 <42> 8a 04 28 84 c0 0f 85 88 03 00 00 41 8b 2f 31 ff 89 ee e8 20 4c RSP: 0018:c9000d04eac0 EFLAGS: 00010202 RAX: 0002 RBX: RCX: 88807827 RDX: RSI: RDI: 88807ec2cc80 RBP: fff4 R08: 8154e5b4 R09: ed100fd85adc R10: ed100fd85adc R11: R12: 88807ec2cc80 R13: dc00 R14: R15: 0010 FS: 7fe7b4063700() GS:8880b9d0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f359172e000 CR3: 5e749000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_nc_mesh_free+0x7a/0xf0 net/batman-adv/network-coding.c:1869 batadv_mesh_free+0x6f/0x140 net/batman-adv/main.c:249 batadv_mesh_init+0x5b1/0x620 net/batman-adv/main.c:230 batadv_softif_init_late+0x8fe/0xd70 net/batman-adv/soft-interface.c:804 register_netdevice+0x826/0x1c30 net/core/dev.c:10229 __rtnl_newlink net/core/rtnetlink.c:3458 [inline] rtnl_newlink+0x14b3/0x1d10 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xa29/0xe50 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] sys_sendmsg+0x5b9/0x910 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmsg+0x36f/0x450 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe7b48eda39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fe7b4063188 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 7fe7b49f0f60 RCX: 7fe7b48eda39 RDX: RSI: 2140 RDI: 0003 RBP: 7fe7b40631d0 R08: R09: R10: R11: 0246 R12: 0002 R13: 7ffe7ffd3def R14: 7fe7b4063300 R15: 00022000 Modules linked in: ---[ end trace 67ff054734964acf ]--- RIP: 0010:batadv_nc_purge_paths+0x38/0x3f0 net/batman-adv/network-coding.c:437 Code: 48 89 d3 49 89 f6 48 89 7c 24 58 49 bd 00 00 00 00 00 fc ff df e8 38 48 ab f7 4d 8d 7e 10 4c 89 f8 48 c1 e8 03 48 89 44 24 48 <42> 8a 04 28 84 c0 0f 85 88 03 00 00 41 8b 2f 31 ff 89 ee e8 20 4c RSP: 0018:c9000d04eac0 EFLAGS: 00010202 RAX: 0002 RBX: RCX: 88807827 RDX: RSI: RDI: 88807ec2cc80 RBP: fff4 R08: 8154e5b4 R09: ed100fd85adc R10: ed100fd85adc R11: R12: 88807ec2cc80 R13: dc00 R14: R15: 0010 FS: 7fe7b4063700() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fc230f87020 CR3: 5e749000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 48 89 d3mov%rdx,%rbx 3: 49 89 f6mov%rsi,%r14 6: 48 89 7c 24 58 mov%rdi,0x58(%rsp) b: 49 bd 00 00 00 00 00movabs $0xdc00,%r13 12: fc ff df 15: e8 38 48 ab f7 callq 0xf7ab4852 1a: 4d 8d 7e 10 lea0x10(%r14),%r15 1e: 4c 89 f8mov%r15,%rax 21: 48 c1 e8 03 shr$0x3,%rax 25: 48 89 44 24 48 mov%rax,0x48(%rsp) * 2a: 42 8a 04
[syzbot] WARNING: ODEBUG bug in batadv_nc_mesh_free
Hello, syzbot found the following issue on: HEAD commit:e0bfcf9c77d9 Merge tag 'mlx5-fixes-2021-10-20' of git://gi.. git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=17900a0cb0 kernel config: https://syzkaller.appspot.com/x/.config?x=bab9d35f204746a7 dashboard link: https://syzkaller.appspot.com/bug?extid=1dca817d274a3fb19f2b compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144d76b4b0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14732b80b0 Bisection is inconclusive: the issue happens on the oldest tested release. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14093652b0 final oops: https://syzkaller.appspot.com/x/report.txt?x=16093652b0 console output: https://syzkaller.appspot.com/x/log.txt?x=12093652b0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+1dca817d274a3fb19...@syzkaller.appspotmail.com R13: R14: R15: [ cut here ] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0 WARNING: CPU: 0 PID: 6548 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Modules linked in: CPU: 0 PID: 6548 Comm: syz-executor286 Not tainted 5.15.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 80 3e e4 89 4c 89 ee 48 c7 c7 80 32 e4 89 e8 5e 1d 15 05 <0f> 0b 83 05 d5 39 90 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 RSP: 0018:c90002d7ecc0 EFLAGS: 00010086 RAX: RBX: 0005 RCX: RDX: 8880163c8000 RSI: 815e88a8 RDI: f520005afd8a RBP: 0001 R08: R09: R10: 815e264e R11: R12: 898de560 R13: 89e43900 R14: 81658550 R15: 1920005afda3 FS: 55c03300() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fef3003e098 CR3: 73ad CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: debug_object_assert_init lib/debugobjects.c:895 [inline] debug_object_assert_init+0x1f4/0x2e0 lib/debugobjects.c:866 debug_timer_assert_init kernel/time/timer.c:739 [inline] debug_assert_init kernel/time/timer.c:784 [inline] del_timer+0x6d/0x110 kernel/time/timer.c:1204 try_to_grab_pending+0x6d/0xd0 kernel/workqueue.c:1270 __cancel_work_timer+0xa6/0x570 kernel/workqueue.c:3129 batadv_nc_mesh_free+0x41/0x120 net/batman-adv/network-coding.c:1869 batadv_mesh_free+0x7d/0x170 net/batman-adv/main.c:245 batadv_mesh_init+0x62f/0x710 net/batman-adv/main.c:226 batadv_softif_init_late+0xad4/0xdd0 net/batman-adv/soft-interface.c:804 register_netdevice+0x51e/0x1500 net/core/dev.c:10229 batadv_softif_newlink+0x6e/0x90 net/batman-adv/soft-interface.c:1068 __rtnl_newlink+0x106d/0x1750 net/core/rtnetlink.c:3458 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f14439a87e9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffda1fa6268 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0002 RCX: 7f14439a87e9 RDX: RSI: 2140 RDI: 0003 RBP: 7ffda1fa6270 R08: 0002 R09: 7f1443003531 R10: R11: 0246 R12: 0004 R13: R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For
[syzbot] WARNING in batadv_nc_mesh_free
Hello, syzbot found the following issue on: HEAD commit:2f111a6fd5b5 Merge tag 'ceph-for-5.15-rc7' of git://github.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=115750acb0 kernel config: https://syzkaller.appspot.com/x/.config?x=d95853dad8472c91 dashboard link: https://syzkaller.appspot.com/bug?extid=28b0702ada0bf7381f58 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1026ef2cb0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c9c162b0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+28b0702ada0bf7381...@syzkaller.appspotmail.com RBP: 7ffef262e230 R08: 0002 R09: 7fddc8003531 R10: R11: 0246 R12: 0004 R13: R14: R15: [ cut here ] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0 WARNING: CPU: 0 PID: 6517 at lib/debugobjects.c:508 debug_print_object lib/debugobjects.c:505 [inline] WARNING: CPU: 0 PID: 6517 at lib/debugobjects.c:508 debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Modules linked in: CPU: 0 PID: 6517 Comm: syz-executor011 Not tainted 5.15.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object lib/debugobjects.c:505 [inline] RIP: 0010:debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Code: e8 4b 15 b8 fd 4c 8b 45 00 48 c7 c7 a0 31 b4 8a 48 c7 c6 00 2e b4 8a 48 c7 c2 e0 33 b4 8a 31 c9 49 89 d9 31 c0 e8 b6 c6 36 fd <0f> 0b ff 05 3a 5c c5 09 48 83 c5 38 48 89 e8 48 c1 e8 03 42 80 3c RSP: 0018:c90002c7e698 EFLAGS: 00010046 RAX: cffa606352c78700 RBX: RCX: 888076ce9c80 RDX: RSI: 8000 RDI: RBP: 8a512d00 R08: 81693402 R09: ed1017383f2c R10: ed1017383f2c R11: R12: dc00 R13: 88801bcd1720 R14: 0002 R15: 90ba5a20 FS: 57087300() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f5473f3c000 CR3: 70ca6000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: debug_timer_assert_init kernel/time/timer.c:739 [inline] debug_assert_init kernel/time/timer.c:784 [inline] del_timer+0xa5/0x3d0 kernel/time/timer.c:1204 try_to_grab_pending+0x151/0xbb0 kernel/workqueue.c:1270 __cancel_work_timer+0x14c/0x710 kernel/workqueue.c:3129 batadv_nc_mesh_free+0x4a/0xf0 net/batman-adv/network-coding.c:1869 batadv_mesh_free+0x6f/0x140 net/batman-adv/main.c:245 batadv_mesh_init+0x4e5/0x550 net/batman-adv/main.c:226 batadv_softif_init_late+0x8fe/0xd70 net/batman-adv/soft-interface.c:804 register_netdevice+0x826/0x1c30 net/core/dev.c:10229 __rtnl_newlink net/core/rtnetlink.c:3458 [inline] rtnl_newlink+0x14b3/0x1d10 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xa29/0xe50 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] sys_sendmsg+0x5b9/0x910 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmsg+0x36f/0x450 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fddc82bc7e9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffef262e228 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0002 RCX: 7fddc82bc7e9 RDX: RSI: 2140 RDI: 0003 RBP: 7ffef262e230 R08: 0002 R09: 7fddc8003531 R10: R11: 0246 R12: 0004 R13: R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[syzbot] WARNING in batadv_v_ogm_free
Hello, syzbot found the following issue on: HEAD commit:2f111a6fd5b5 Merge tag 'ceph-for-5.15-rc7' of git://github.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=121d909f30 kernel config: https://syzkaller.appspot.com/x/.config?x=d95853dad8472c91 dashboard link: https://syzkaller.appspot.com/bug?extid=b6a62d5cb9fe05a0e3a3 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b6a62d5cb9fe05a0e...@syzkaller.appspotmail.com [ cut here ] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0 WARNING: CPU: 0 PID: 9723 at lib/debugobjects.c:508 debug_print_object lib/debugobjects.c:505 [inline] WARNING: CPU: 0 PID: 9723 at lib/debugobjects.c:508 debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Modules linked in: CPU: 0 PID: 9723 Comm: syz-executor.5 Not tainted 5.15.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object lib/debugobjects.c:505 [inline] RIP: 0010:debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Code: e8 4b 15 b8 fd 4c 8b 45 00 48 c7 c7 a0 31 b4 8a 48 c7 c6 00 2e b4 8a 48 c7 c2 e0 33 b4 8a 31 c9 49 89 d9 31 c0 e8 b6 c6 36 fd <0f> 0b ff 05 3a 5c c5 09 48 83 c5 38 48 89 e8 48 c1 e8 03 42 80 3c RSP: 0018:c90015a06698 EFLAGS: 00010046 RAX: ccc2ef1263c32100 RBX: RCX: 0004 RDX: c90015ff3000 RSI: 0003 RDI: 0004 RBP: 8a512d00 R08: 81693402 R09: ed1017383f2c R10: ed1017383f2c R11: R12: dc00 R13: 8880a4325898 R14: R15: 90bebb30 FS: 7fb87671b700() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 5573fb61a270 CR3: 9b076000 CR4: 003506f0 Call Trace: debug_timer_assert_init kernel/time/timer.c:739 [inline] debug_assert_init kernel/time/timer.c:784 [inline] del_timer+0xa5/0x3d0 kernel/time/timer.c:1204 try_to_grab_pending+0x151/0xbb0 kernel/workqueue.c:1270 __cancel_work_timer+0x14c/0x710 kernel/workqueue.c:3129 batadv_v_ogm_free+0x2e/0xc0 net/batman-adv/bat_v_ogm.c:1076 batadv_mesh_free+0x67/0x140 net/batman-adv/main.c:244 batadv_mesh_init+0x4e5/0x550 net/batman-adv/main.c:226 batadv_softif_init_late+0x8fe/0xd70 net/batman-adv/soft-interface.c:804 register_netdevice+0x826/0x1c30 net/core/dev.c:10229 __rtnl_newlink net/core/rtnetlink.c:3458 [inline] rtnl_newlink+0x14b3/0x1d10 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xa29/0xe50 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] sys_sendmsg+0x5b9/0x910 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmsg+0x36f/0x450 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb8791a5a39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fb87671b188 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 7fb8792a8f60 RCX: 7fb8791a5a39 RDX: RSI: 2140 RDI: 0003 RBP: 7fb87671b1d0 R08: R09: R10: R11: 0246 R12: 0002 R13: 7fffd6c2d8ef R14: 7fb87671b300 R15: 00022000 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[syzbot] WARNING: ODEBUG bug in batadv_v_ogm_free
Hello,
syzbot found the following issue on:
HEAD commit:44cc24b04bed Merge tag 'wireless-drivers-next-2021-10-07' ..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=130661b8b0
kernel config: https://syzkaller.appspot.com/x/.config?x=97f67871098c6901
dashboard link: https://syzkaller.appspot.com/bug?extid=0ef06384b5f39a16ebb9
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1361e884b0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1472de98b0
The issue was bisected to:
commit 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0
Author: Justin Iurman
Date: Tue Jul 20 19:42:57 2021 +
ipv6: ioam: Data plane support for Pre-allocated Trace
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12c661b8b0
final oops: https://syzkaller.appspot.com/x/report.txt?x=11c661b8b0
console output: https://syzkaller.appspot.com/x/log.txt?x=16c661b8b0
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0ef06384b5f39a16e...@syzkaller.appspotmail.com
Fixes: 9ee11f0fff20 ("ipv6: ioam: Data plane support for Pre-allocated Trace")
R13: 7ffc310f3710 R14: 7ffc310f3760 R15: 0001
[ cut here ]
ODEBUG: assert_init not available (active state 0) object type: timer_list
hint: 0x0
WARNING: CPU: 1 PID: 6548 at lib/debugobjects.c:505
debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Modules linked in:
CPU: 1 PID: 6548 Comm: syz-executor580 Not tainted 5.15.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505
Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd c0
3e e4 89 4c 89 ee 48 c7 c7 c0 32 e4 89 e8 29 8d 16 05 <0f> 0b 83 05 55 18 91 09
01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:c90002bdee90 EFLAGS: 00010082
RAX: RBX: 0005 RCX:
RDX: 88801c395580 RSI: 815dbbc8 RDI: f5200057bdc4
RBP: 0001 R08: R09:
R10: 815d596e R11: R12: 898de200
R13: 89e43940 R14: 8164b870 R15: 19200057bddd
FS: 5617e300() GS:8880b9d0() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7f868a8856c0 CR3: 2466 CR4: 003506e0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
debug_object_assert_init lib/debugobjects.c:895 [inline]
debug_object_assert_init+0x1f4/0x2e0 lib/debugobjects.c:866
debug_timer_assert_init kernel/time/timer.c:739 [inline]
debug_assert_init kernel/time/timer.c:784 [inline]
del_timer+0x6d/0x110 kernel/time/timer.c:1204
try_to_grab_pending+0x6d/0xd0 kernel/workqueue.c:1270
__cancel_work_timer+0xa6/0x570 kernel/workqueue.c:3129
batadv_v_ogm_free+0x1f/0xd0 net/batman-adv/bat_v_ogm.c:1076
batadv_mesh_free+0x75/0x170 net/batman-adv/main.c:244
batadv_mesh_init+0x62f/0x710 net/batman-adv/main.c:226
batadv_softif_init_late+0xad4/0xdd0 net/batman-adv/soft-interface.c:804
register_netdevice+0x51e/0x1500 net/core/dev.c:10236
batadv_softif_newlink+0x6e/0x90 net/batman-adv/soft-interface.c:1068
__rtnl_newlink+0x106d/0x1750 net/core/rtnetlink.c:3458
rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3506
rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2485
netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1910
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
__sys_sendto+0x21c/0x320 net/socket.c:2036
__do_sys_sendto net/socket.c:2048 [inline]
__se_sys_sendto net/socket.c:2044 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:2044
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f4cb72c2829
Code: b2 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ffc310f36a8 EFLAGS: 0246 ORIG_RAX: 002c
RAX: ffda RBX: 0003 RCX: 7f4cb72c2829
RDX: ad2a RSI: 2000 RDI: 0004
RBP: 7ffc310f3710 R08: R09: 4b6ae4f95a5de394
R10: 7812 R11: 0246 R12: 0005
R13: 7ffc310f3710 R14: 7ffc310f3760 R15: 0001
---
This report is generated by a bot. It may con
[syzbot] INFO: task hung in __xfs_buf_submit (2)
Hello,
syzbot found the following issue on:
HEAD commit:6e764bcd1cf7 Merge tag 'for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1050488530
kernel config: https://syzkaller.appspot.com/x/.config?x=2fd902af77ff1e56
dashboard link: https://syzkaller.appspot.com/bug?extid=4bb1622c9a583bb6f9f2
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian)
2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1442760630
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149b3cce30
The issue was bisected to:
commit 887e975c4172d0d5670c39ead2f18ba1e4ec8133
Author: Mike Christie
Date: Tue Aug 13 16:39:51 2019 +
nbd: add missing config put
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11980ad530
final oops: https://syzkaller.appspot.com/x/report.txt?x=13980ad530
console output: https://syzkaller.appspot.com/x/log.txt?x=15980ad530
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4bb1622c9a583bb6f...@syzkaller.appspotmail.com
Fixes: 887e975c4172 ("nbd: add missing config put")
INFO: task syz-executor519:8442 blocked for more than 143 seconds.
Not tainted 5.14.0-rc7-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor519 state:D stack:22808 pid: 8442 ppid: 8441 flags:0x4004
Call Trace:
context_switch kernel/sched/core.c:4681 [inline]
__schedule+0xc07/0x11f0 kernel/sched/core.c:5938
schedule+0x14b/0x210 kernel/sched/core.c:6017
schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857
do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x48/0x60 kernel/sched/completion.c:138
xfs_buf_iowait fs/xfs/xfs_buf.c:1571 [inline]
__xfs_buf_submit+0x39d/0x6d0 fs/xfs/xfs_buf.c:1636
xfs_buf_submit fs/xfs/xfs_buf.c:58 [inline]
xfs_buf_read_uncached+0x1fa/0x390 fs/xfs/xfs_buf.c:884
xfs_readsb+0x1dc/0x670 fs/xfs/xfs_mount.c:178
xfs_fs_fill_super+0x483/0x1780 fs/xfs/xfs_super.c:1428
get_tree_bdev+0x406/0x630 fs/super.c:1293
vfs_get_tree+0x86/0x270 fs/super.c:1498
do_new_mount fs/namespace.c:2923 [inline]
path_mount+0x1981/0x2c10 fs/namespace.c:3253
do_mount fs/namespace.c:3266 [inline]
__do_sys_mount fs/namespace.c:3474 [inline]
__se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3451
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x444239
RSP: 002b:7ffd4feb56f8 EFLAGS: 0246 ORIG_RAX: 00a5
RAX: ffda RBX: 0030656c69662f2e RCX: 00444239
RDX: 2140 RSI: 2000 RDI: 20c0
RBP: R08: R09: 7ffd4feb5898
R10: 8002 R11: 0246 R12: 00403550
R13: 431bde82d7b634db R14: 004b2018 R15: 004004a0
Showing all locks held in the system:
1 lock held by khungtaskd/1644:
#0: 8c717ec0 (rcu_read_lock){}-{1:2}, at:
rcu_lock_acquire+0x0/0x30 arch/x86/pci/mmconfig_64.c:151
2 locks held by in:imklog/8141:
#0: 888023be8870 (>f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0
fs/file.c:974
#1: 8c717ec0 (rcu_read_lock){}-{1:2}, at:
rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:266
1 lock held by syz-executor519/8442:
#0: 888030e060e0 (>s_umount_key#49/1){+.+.}-{3:3}, at:
alloc_super+0x1c8/0x860 fs/super.c:229
=
NMI backtrace for cpu 1
CPU: 1 PID: 1644 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1d3/0x29f lib/dump_stack.c:105
nmi_cpu_backtrace+0x16c/0x190 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x191/0x2f0 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline]
watchdog+0xd06/0xd50 kernel/hung_task.c:295
kthread+0x453/0x480 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4862 Comm: systemd-journal Not tainted 5.14.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4688 [inline]
RIP: 0010:__lock_acquire+0x5fc/0x6100 kernel/locking/lockdep.c:4965
Code: 00 fc ff df 4c 8b 7c 24 58 4c 8b 64 24 50 48 81 c3 b8 00 00 00 48 89 d8
48 c1 e8 03 8a 04 10 84 c0 0f 85 c1 25 00 00 44 8a 33 <48> 8b 44 24 60 8a 04 10
84 c0 0f 85 d2 25 00 00 41 8b 1c 24 81 e3
RSP: 0018:ff
[syzbot] KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
Hello,
syzbot found the following issue on:
HEAD commit:614cb2751d31 Merge tag 'trace-v5.14-rc6' of git://git.kern..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=130112c530
kernel config: https://syzkaller.appspot.com/x/.config?x=f61012d0b1cd846f
dashboard link: https://syzkaller.appspot.com/bug?extid=13146364637c7363a7de
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian)
2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=104d7cc530
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1333ce0e30
The issue was bisected to:
commit a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c
Author: Arnd Bergmann
Date: Mon Mar 4 20:38:03 2019 +
net: ignore sysctl_devconf_inherit_init_net without SYSCTL
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13f970b630
final oops: https://syzkaller.appspot.com/x/report.txt?x=100570b630
console output: https://syzkaller.appspot.com/x/log.txt?x=17f970b630
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+13146364637c7363a...@syzkaller.appspotmail.com
Fixes: a154d5d83d21 ("net: ignore sysctl_devconf_inherit_init_net without
SYSCTL")
==
BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data fs/ext4/inline.c:245
[inline]
BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data_end+0x4d4/0x960
fs/ext4/inline.c:754
Write of size 70 at addr 8880195444ef by task syz-executor279/8426
CPU: 0 PID: 8426 Comm: syz-executor279 Not tainted 5.14.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:105
print_address_description+0x66/0x3b0 mm/kasan/report.c:233
__kasan_report mm/kasan/report.c:419 [inline]
kasan_report+0x163/0x210 mm/kasan/report.c:436
check_region_inline mm/kasan/generic.c:135 [inline]
kasan_check_range+0x2b5/0x2f0 mm/kasan/generic.c:189
memcpy+0x3c/0x60 mm/kasan/shadow.c:66
ext4_write_inline_data fs/ext4/inline.c:245 [inline]
ext4_write_inline_data_end+0x4d4/0x960 fs/ext4/inline.c:754
ext4_write_end+0x1ff/0xbd0 fs/ext4/inode.c:1290
generic_perform_write+0x361/0x580 mm/filemap.c:3667
ext4_buffered_write_iter+0x41c/0x590 fs/ext4/file.c:269
ext4_file_write_iter+0x8f7/0x1b90 fs/ext4/file.c:519
call_write_iter include/linux/fs.h:2114 [inline]
new_sync_write fs/read_write.c:518 [inline]
vfs_write+0xa39/0xc90 fs/read_write.c:605
ksys_write+0x171/0x2a0 fs/read_write.c:658
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x44ac89
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ff12e8852f8 EFLAGS: 0246 ORIG_RAX: 0001
RAX: ffda RBX: 004ce4d0 RCX: 0044ac89
RDX: 0082 RSI: 2180 RDI: 0006
RBP: 0049de98 R08: R09:
R10: R11: 0246 R12: 0030656c69662f2e
R13: 024645fc87234f45 R14: 26e1d8b70aefbc5b R15: 004ce4d8
Allocated by task 1:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
__kasan_slab_alloc+0x96/0xd0 mm/kasan/common.c:467
kasan_slab_alloc include/linux/kasan.h:254 [inline]
slab_post_alloc_hook mm/slab.h:519 [inline]
slab_alloc_node mm/slub.c:2959 [inline]
slab_alloc mm/slub.c:2967 [inline]
kmem_cache_alloc+0x1d1/0x340 mm/slub.c:2972
kmem_cache_zalloc include/linux/slab.h:711 [inline]
acpi_os_acquire_object include/acpi/platform/aclinuxex.h:67 [inline]
acpi_ut_allocate_object_desc_dbg+0xd8/0x165 drivers/acpi/acpica/utobject.c:359
acpi_ut_create_internal_object_dbg+0x21/0x195 drivers/acpi/acpica/utobject.c:69
acpi_ds_build_internal_object+0x15f/0x732 drivers/acpi/acpica/dsobject.c:94
acpi_ds_create_node+0xe9/0x1a8 drivers/acpi/acpica/dsobject.c:281
acpi_ds_load2_end_op+0x7d0/0xebc drivers/acpi/acpica/dswload2.c:618
acpi_ds_exec_end_op+0x6ce/0x11d4 drivers/acpi/acpica/dswexec.c:637
acpi_ps_parse_loop+0xd9f/0x1cf0 drivers/acpi/acpica/psloop.c:525
acpi_ps_parse_aml+0x1d5/0x955 drivers/acpi/acpica/psparse.c:475
acpi_ps_execute_table+0x317/0x3ef drivers/acpi/acpica/psxface.c:295
acpi_ns_execute_table+0x436/0x5bf drivers/acpi/acpica/nsparse.c:116
acpi_ns_load_table+0x5e/0x120 drivers/acpi/acpica/nsload.c:71
acpi_tb_load_namespace+0x456/0x6b9 drivers/acpi/acpica/tbxfload.c:186
acpi_load_tables+0x45/0xf5 drivers/acpi/acpica/tbxfload.c:59
acpi_bus_init+0x9a/0x993 drivers/acpi/bus.c:1213
acpi_init+0x8c/0x22c dr
[syzbot] WARNING in __v9fs_get_acl
Hello,
syzbot found the following issue on:
HEAD commit:761c6d7ec820 Merge tag 'arc-5.14-rc6' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d87ca130
kernel config: https://syzkaller.appspot.com/x/.config?x=730106bfb5bf8ace
dashboard link: https://syzkaller.appspot.com/bug?extid=56fdf7f6291d819b9b19
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian)
2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12ca602930
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13bf42a130
The issue was bisected to:
commit 0ac1077e3a549bf8d35971613e2be05bdbb41a00
Author: Xin Long
Date: Tue Oct 16 07:52:02 2018 +
sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16f311fa30
final oops: https://syzkaller.appspot.com/x/report.txt?x=15f311fa30
console output: https://syzkaller.appspot.com/x/log.txt?x=11f311fa30
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+56fdf7f6291d819b9...@syzkaller.appspotmail.com
Fixes: 0ac1077e3a54 ("sctp: get pr_assoc and pr_stream all status with
SCTP_PR_SCTP_ALL instead")
[ cut here ]
WARNING: CPU: 1 PID: 8426 at mm/page_alloc.c:5366 __alloc_pages+0x588/0x5f0
mm/page_alloc.c:5413
Modules linked in:
CPU: 1 PID: 8426 Comm: syz-executor477 Not tainted 5.14.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0010:__alloc_pages+0x588/0x5f0 mm/page_alloc.c:5413
Code: 00 48 ba 00 00 00 00 00 fc ff df e9 5e fd ff ff 89 f9 80 e1 07 80 c1 03
38 c1 0f 8c 6d fd ff ff e8 bd 62 0a 00 e9 63 fd ff ff <0f> 0b 45 31 e4 e9 7a fd
ff ff 48 8d 4c 24 50 80 e1 07 80 c1 03 38
RSP: 0018:c9fff9a0 EFLAGS: 00010246
RAX: dc00 RBX: 0014 RCX:
RDX: 0028 RSI: RDI: c9fffa28
RBP: c9fffaa8 R08: dc00 R09: c9fffa00
R10: f520001fff45 R11: R12: 00040d40
R13: c9fffa00 R14: 1920001fff3c R15: 1920001fff38
FS: 0148e300() GS:8880b9c0() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7fa1e9a97740 CR3: 3406e000 CR4: 001506f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
kmalloc_order+0x41/0x170 mm/slab_common.c:955
kmalloc_order_trace+0x15/0x70 mm/slab_common.c:971
kmalloc_large include/linux/slab.h:520 [inline]
__kmalloc+0x292/0x390 mm/slub.c:4101
kmalloc include/linux/slab.h:596 [inline]
kzalloc include/linux/slab.h:721 [inline]
__v9fs_get_acl+0x40/0x110 fs/9p/acl.c:36
v9fs_get_acl+0xa5/0x290 fs/9p/acl.c:71
v9fs_mount+0x6ea/0x870 fs/9p/vfs_super.c:182
legacy_get_tree+0xea/0x180 fs/fs_context.c:610
vfs_get_tree+0x86/0x270 fs/super.c:1498
do_new_mount fs/namespace.c:2919 [inline]
path_mount+0x196f/0x2be0 fs/namespace.c:3249
do_mount fs/namespace.c:3262 [inline]
__do_sys_mount fs/namespace.c:3470 [inline]
__se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3447
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43f2e9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ffcc30ccf58 EFLAGS: 0246 ORIG_RAX: 00a5
RAX: ffda RBX: 00400488 RCX: 0043f2e9
RDX: 2200 RSI: 2000 RDI:
RBP: 00403040 R08: 20004440 R09: 00400488
R10: R11: 0246 R12: 004030d0
R13: R14: 004ad018 R15: 00400488
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Re: [syzbot] WARNING in sta_info_alloc
syzbot suspects this issue was fixed by commit: commit 282ab3ff16120ec670fe3330e85f8ebf13092f21 Author: David Sterba Date: Mon Oct 14 12:38:33 2019 + btrfs: reduce compressed_bio members' types bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12d5f6f230 start commit: 7f75285ca572 Merge tag 'for-5.12/dm-fixes-3' of git://git... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=b5591c832f889fd9 dashboard link: https://syzkaller.appspot.com/bug?extid=45d7c243c006f39dc55a syz repro: https://syzkaller.appspot.com/x/repro.syz?x=164f385ad0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1427af9ad0 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: btrfs: reduce compressed_bio members' types For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] BUG: sleeping function called from invalid context in crypto_drop_spawn (2)
Hello,
syzbot found the following issue on:
HEAD commit:d6765985 Revert "be2net: disable bh with spin_lock in be_p..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=1555a0d830
kernel config: https://syzkaller.appspot.com/x/.config?x=7ca96a2d153c74b0
dashboard link: https://syzkaller.appspot.com/bug?extid=610ec0671f51e838436e
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+610ec0671f51e8384...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at
kernel/locking/rwsem.c:1405
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1180, name: kworker/u4:6
4 locks held by kworker/u4:6/1180:
#0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:856 [inline]
#0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at:
atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at:
set_work_data kernel/workqueue.c:617 [inline]
#0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline]
#0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at:
process_one_work+0x871/0x1600 kernel/workqueue.c:2247
#1: c90004ecfda8
((work_completion)(&(_priv->nc.work)->work)){+.+.}-{0:0}, at:
process_one_work+0x8a5/0x1600 kernel/workqueue.c:2251
#2: 8bf79620 (rcu_read_lock){}-{1:2}, at:
batadv_nc_process_nc_paths.part.0+0xb1/0x3b0 net/batman-adv/network-coding.c:680
#3: 8bf79500 (rcu_callback){}-{0:0}, at: rcu_do_batch
kernel/rcu/tree.c:2547 [inline]
#3: 8bf79500 (rcu_callback){}-{0:0}, at: rcu_core+0x737/0x13b0
kernel/rcu/tree.c:2793
Preemption disabled at:
[<>] 0x0
CPU: 1 PID: 1180 Comm: kworker/u4:6 Not tainted 5.13.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Workqueue: bat_events batadv_nc_worker
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x141/0x1d7 lib/dump_stack.c:120
___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:8337
down_write+0x6e/0x150 kernel/locking/rwsem.c:1405
crypto_drop_spawn crypto/algapi.c:709 [inline]
crypto_drop_spawn+0x4b/0x2b0 crypto/algapi.c:704
crypto_drop_aead include/crypto/internal/aead.h:90 [inline]
pcrypt_free+0x15/0x80 crypto/pcrypt.c:206
crypto_free_instance crypto/algapi.c:68 [inline]
crypto_destroy_instance+0x7a/0xc0 crypto/algapi.c:76
crypto_alg_put crypto/internal.h:108 [inline]
crypto_alg_put crypto/internal.h:105 [inline]
crypto_mod_put+0xd3/0x100 crypto/api.c:45
crypto_destroy_tfm crypto/api.c:573 [inline]
crypto_destroy_tfm+0xdb/0x240 crypto/api.c:561
crypto_free_aead include/crypto/aead.h:193 [inline]
tipc_aead_free+0x398/0x660 net/tipc/crypto.c:422
rcu_do_batch kernel/rcu/tree.c:2558 [inline]
rcu_core+0x7ab/0x13b0 kernel/rcu/tree.c:2793
__do_softirq+0x29b/0x9f6 kernel/softirq.c:559
invoke_softirq kernel/softirq.c:433 [inline]
__irq_exit_rcu+0x136/0x200 kernel/softirq.c:637
irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647
RIP: 0010:check_preemption_disabled+0x2a/0x150 lib/smp_processor_id.c:16
Code: 41 56 41 55 49 89 f5 41 54 55 48 89 fd 53 0f 1f 44 00 00 65 44 8b 25 1d
7a ea 76 65 8b 1d 6e d4 ea 76 81 e3 ff ff ff 7f 31 ff <89> de 0f 1f 44 00 00 85
db 74 11 0f 1f 44 00 00 44 89 e0 5b 5d 41
RSP: 0018:c90004ecfbd8 EFLAGS: 0246
RAX: RBX: 0001 RCX:
RDX: 888017ed3880 RSI: 89c2e880 RDI:
RBP: 89c2e8c0 R08: R09:
R10: 88b6951d R11: R12: 0001
R13: 89c2e880 R14: 88803029cc00 R15: 001f
rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:325 [inline]
rcu_is_watching+0xe/0xc0 kernel/rcu/tree.c:1168
rcu_read_unlock include/linux/rcupdate.h:707 [inline]
batadv_nc_process_nc_paths.part.0+0x304/0x3b0
net/batman-adv/network-coding.c:695
batadv_nc_process_nc_paths net/batman-adv/network-coding.c:675 [inline]
batadv_nc_worker+0xb90/0xe50 net/batman-adv/network-coding.c:731
process_one_work+0x98d/0x1600 kernel/workqueue.c:2276
worker_thread+0x64c/0x1120 kernel/workqueue.c:2422
kthread+0x3b1/0x4a0 kernel/kthread.c:313
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
=
[ BUG: Invalid wait context ]
5.13.0-rc6-syzkaller #0 Tainted: GW
-
kworker/u4:6/1180 is tryin
Re: [syzbot] INFO: task hung in register_netdevice_notifier (2)
syzbot has bisected this issue to:
commit 6bf071bf09d4b2ff3ee8783531e2ce814f0870cb
Author: Jesper Dangaard Brouer
Date: Tue Jun 18 13:05:27 2019 +
xdp: page_pool related fix to cpumap
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1397c4a7d0
start commit: 7ac3a1c1 Merge tag 'mtd/fixes-for-5.13-rc4' of git://git.k..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=1057c4a7d0
console output: https://syzkaller.appspot.com/x/log.txt?x=1797c4a7d0
kernel config: https://syzkaller.appspot.com/x/.config?x=266cda122a0b56c
dashboard link: https://syzkaller.appspot.com/bug?extid=355f8edb2ff45d5f95fa
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16cc630fd0
Reported-by: syzbot+355f8edb2ff45d5f9...@syzkaller.appspotmail.com
Fixes: 6bf071bf09d4 ("xdp: page_pool related fix to cpumap")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] WARNING in ieee802154_del_seclevel
syzbot has bisected this issue to:
commit 416dacb819f59180e4d86a5550052033ebb6d72c
Author: Alan Stern
Date: Wed Aug 21 17:27:12 2019 +
HID: hidraw: Fix invalid read in hidraw_ioctl
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd0
start commit: 6e5a03bc ethernet/netronome/nfp: Fix a use after free in n..
git tree: net
final oops: https://syzkaller.appspot.com/x/report.txt?x=117430fcd0
console output: https://syzkaller.appspot.com/x/log.txt?x=167430fcd0
kernel config: https://syzkaller.appspot.com/x/.config?x=daeff30c2474a60f
dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bfe45ed0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1188e31ad0
Reported-by: syzbot+fbf4fc11a819824e0...@syzkaller.appspotmail.com
Fixes: 416dacb819f5 ("HID: hidraw: Fix invalid read in hidraw_ioctl")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in init_timer_key
syzbot has bisected this issue to:
commit b9df4fd7e99cb8bfd80c4143f3045d63b1754ad0
Author: Heiner Kallweit
Date: Sun Oct 6 16:19:54 2019 +
net: core: change return type of pskb_may_pull to bool
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11b4545cd0
start commit: 1048ba83 Linux 5.11-rc6
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=13b4545cd0
console output: https://syzkaller.appspot.com/x/log.txt?x=15b4545cd0
kernel config: https://syzkaller.appspot.com/x/.config?x=3ae5569643a9955f
dashboard link: https://syzkaller.appspot.com/bug?extid=105896fac213f26056f9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16f0e564d0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=147075e8d0
Reported-by: syzbot+105896fac213f2605...@syzkaller.appspotmail.com
Fixes: b9df4fd7e99c ("net: core: change return type of pskb_may_pull to bool")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: INFO: trying to register non-static key in l2cap_sock_teardown_cb
syzbot has bisected this issue to:
commit 4680a7ee5db27772af40d83393fa0fb955b745b7
Author: Miklos Szeredi
Date: Sat Oct 1 05:32:33 2016 +
fuse: remove duplicate cs->offset assignment
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11fc80e750
start commit: 73b7a604 net: dsa: bcm_sf2: support BCM4908's integrated s..
git tree: net-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=13fc80e750
console output: https://syzkaller.appspot.com/x/log.txt?x=15fc80e750
kernel config: https://syzkaller.appspot.com/x/.config?x=9ce34124da4c882b
dashboard link: https://syzkaller.appspot.com/bug?extid=a41dfef1d2e04910eb2e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=166ee4cf50
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1337172f50
Reported-by: syzbot+a41dfef1d2e04910e...@syzkaller.appspotmail.com
Fixes: 4680a7ee5db2 ("fuse: remove duplicate cs->offset assignment")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
WARNING in rds_rdma_extra_size
Hello,
syzbot found the following issue on:
HEAD commit:6207214a Merge tag 'afs-fixes-04012021' of git://git.kerne..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=146967c0d0
kernel config: https://syzkaller.appspot.com/x/.config?x=8aa30b9da402d224
dashboard link: https://syzkaller.appspot.com/bug?extid=1bd2b07f93745fa38425
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1351c11f50
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1710cb50d0
The issue was bisected to:
commit fdadd04931c2d7cd294dc5b2b342863f94be53a3
Author: Daniel Borkmann
Date: Tue Dec 11 11:14:12 2018 +
bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10056f70d0
final oops: https://syzkaller.appspot.com/x/report.txt?x=12056f70d0
console output: https://syzkaller.appspot.com/x/log.txt?x=14056f70d0
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1bd2b07f93745fa38...@syzkaller.appspotmail.com
Fixes: fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K")
[ cut here ]
WARNING: CPU: 1 PID: 8462 at mm/page_alloc.c:4976
__alloc_pages_nodemask+0x5f8/0x730 mm/page_alloc.c:5011
Modules linked in:
CPU: 1 PID: 8462 Comm: syz-executor292 Not tainted 5.11.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0010:__alloc_pages_nodemask+0x5f8/0x730 mm/page_alloc.c:4976
Code: 00 00 0c 00 0f 85 a7 00 00 00 8b 3c 24 4c 89 f2 44 89 e6 c6 44 24 70 00
48 89 6c 24 58 e8 d0 d7 ff ff 49 89 c5 e9 ea fc ff ff <0f> 0b e9 b5 fd ff ff 89
74 24 14 4c 89 4c 24 08 4c 89 74 24 18 e8
RSP: 0018:c9000169f790 EFLAGS: 00010246
RAX: RBX: 1920002d3ef6 RCX:
RDX: RSI: dc00 RDI: 00040dc0
RBP: 00040dc0 R08: R09:
R10: 81b1f7f1 R11: R12: 0018
R13: 0018 R14: R15: 000ff1f0
FS: 00f3c880() GS:8880b9f0() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 7f6b332916c0 CR3: 133c3000 CR4: 00350ee0
Call Trace:
alloc_pages_current+0x18c/0x2a0 mm/mempolicy.c:2267
alloc_pages include/linux/gfp.h:547 [inline]
kmalloc_order+0x2e/0xb0 mm/slab_common.c:837
kmalloc_order_trace+0x14/0x120 mm/slab_common.c:853
kmalloc_array include/linux/slab.h:592 [inline]
kcalloc include/linux/slab.h:621 [inline]
rds_rdma_extra_size+0xb2/0x3b0 net/rds/rdma.c:568
rds_rm_size net/rds/send.c:928 [inline]
rds_sendmsg+0x20d7/0x3020 net/rds/send.c:1265
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:672
sys_sendmsg+0x6e8/0x810 net/socket.c:2345
___sys_sendmsg+0xf3/0x170 net/socket.c:2399
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2432
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440359
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83
7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:7ffe89376b68 EFLAGS: 0246 ORIG_RAX: 002e
RAX: ffda RBX: 004002c8 RCX: 00440359
RDX: RSI: 20001600 RDI: 0003
RBP: 006ca018 R08: 004002c8 R09: 004002c8
R10: R11: 0246 R12: 00401b60
R13: 00401bf0 R14: R15:
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
INFO: task hung in sync_inodes_sb (4)
Hello,
syzbot found the following issue on:
HEAD commit:03430750 Add linux-next specific files for 20201116
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17027fdc50
kernel config: https://syzkaller.appspot.com/x/.config?x=a1c4c3f27041fdb8
dashboard link: https://syzkaller.appspot.com/bug?extid=7d50f1e54a12ba3aeae2
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124a884150
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a4fce250
The issue was bisected to:
commit c68df2e7be0c1238ea3c281fd744a204ef3b15a0
Author: Emmanuel Grumbach
Date: Thu Sep 15 13:30:02 2016 +
mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1445e98150
final oops: https://syzkaller.appspot.com/x/report.txt?x=1645e98150
console output: https://syzkaller.appspot.com/x/log.txt?x=1245e98150
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7d50f1e54a12ba3ae...@syzkaller.appspotmail.com
Fixes: c68df2e7be0c ("mac80211: allow using AP_LINK_PS with mac80211-generated
TIM IE")
INFO: task syz-executor017:8513 blocked for more than 143 seconds.
Not tainted 5.10.0-rc3-next-20201116-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor017 state:D stack:27448 pid: 8513 ppid: 8507 flags:0x4000
Call Trace:
context_switch kernel/sched/core.c:4269 [inline]
__schedule+0x890/0x2030 kernel/sched/core.c:5019
schedule+0xcf/0x270 kernel/sched/core.c:5098
wb_wait_for_completion+0x17b/0x230 fs/fs-writeback.c:209
sync_inodes_sb+0x1a6/0x9d0 fs/fs-writeback.c:2559
__sync_filesystem fs/sync.c:34 [inline]
sync_filesystem fs/sync.c:67 [inline]
sync_filesystem+0x15c/0x260 fs/sync.c:48
generic_shutdown_super+0x70/0x370 fs/super.c:448
kill_block_super+0x97/0xf0 fs/super.c:1446
deactivate_locked_super+0x94/0x160 fs/super.c:335
deactivate_super+0xad/0xd0 fs/super.c:366
cleanup_mnt+0x3a3/0x530 fs/namespace.c:1123
task_work_run+0xdd/0x190 kernel/task_work.c:140
tracehook_notify_resume include/linux/tracehook.h:188 [inline]
exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
exit_to_user_mode_prepare+0x1f0/0x200 kernel/entry/common.c:199
syscall_exit_to_user_mode+0x38/0x260 kernel/entry/common.c:274
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x44e0e7
Code: Unable to access opcode bytes at RIP 0x44e0bd.
RSP: 002b:7fff42061288 EFLAGS: 0206 ORIG_RAX: 00a6
RAX: RBX: 000cee4c RCX: 0044e0e7
RDX: 00400be0 RSI: 0002 RDI: 7fff42061330
RBP: 2142 R08: R09: 0009
R10: 0005 R11: 0206 R12: 7fff420623e0
R13: 01f67880 R14: R15:
Showing all locks held in the system:
2 locks held by kworker/u4:5/225:
#0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at:
arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
#0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set
include/asm-generic/atomic-instrumented.h:856 [inline]
#0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at:
atomic_long_set include/asm-generic/atomic-long.h:41 [inline]
#0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data
kernel/workqueue.c:616 [inline]
#0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at:
set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline]
#0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at:
process_one_work+0x821/0x15a0 kernel/workqueue.c:2243
#1: c9000191fda8 ((work_completion)(&(>dwork)->work)){+.+.}-{0:0}, at:
process_one_work+0x854/0x15a0 kernel/workqueue.c:2247
1 lock held by khungtaskd/1655:
#0: 8b339ce0 (rcu_read_lock){}-{1:2}, at:
debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6252
1 lock held by in:imklog/8188:
#0: 888017c8f4f0 (>f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
fs/file.c:932
2 locks held by syz-executor017/8513:
#0: 88801a8500e0 (>s_umount_key#49){+.+.}-{3:3}, at:
deactivate_super+0xa5/0xd0 fs/super.c:365
#1: 888143f5e708 (>wb_switch_rwsem){+.+.}-{3:3}, at:
bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline]
#1: 888143f5e708 (>wb_switch_rwsem){+.+.}-{3:3}, at:
sync_inodes_sb+0x18c/0x9d0 fs/fs-writeback.c:2557
=
NMI backtrace for cpu 0
CPU: 0 PID: 1655 Comm: khungtaskd Not tainted
5.10.0-rc3-next-20201116-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x107/0x163 lib/dump_stack.c:120
nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtra
Re: INFO: rcu detected stall in exit_group
syzbot suspects this issue was fixed by commit: commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 12:21:14 2020 + afs: Fix cell removal bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14b65c3a50 start commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9 dashboard link: https://syzkaller.appspot.com/bug?extid=1a14a0f8ce1a06d4415f userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c6642d90 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=132d00fd90 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: afs: Fix cell removal For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: INFO: rcu detected stall in security_file_open (3)
syzbot suspects this issue was fixed by commit: commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 12:21:14 2020 + afs: Fix cell removal bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14bc220a50 start commit: fb0155a0 Merge tag 'nfs-for-5.9-3' of git://git.linux-nfs... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=41b736b7ce1b3ea4 dashboard link: https://syzkaller.appspot.com/bug?extid=d2b6e8cc299748fecf25 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1249c71790 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1048d9e390 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: afs: Fix cell removal For information about bisection process see: https://goo.gl/tpsmEJ#bisection
WARNING in sta_info_alloc
Hello,
syzbot found the following issue on:
HEAD commit:549738f1 Linux 5.9-rc8
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15b97ba390
kernel config: https://syzkaller.appspot.com/x/.config?x=c06bcf3cc963d91c
dashboard link: https://syzkaller.appspot.com/bug?extid=45d7c243c006f39dc55a
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12bae9c050
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1099b1c050
The issue was bisected to:
commit 643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb
Author: Zi Shen Lim
Date: Thu Jun 9 04:18:50 2016 +
arm64: bpf: optimize LD_ABS, LD_IND
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11d4447790
final oops: https://syzkaller.appspot.com/x/report.txt?x=13d4447790
console output: https://syzkaller.appspot.com/x/log.txt?x=15d4447790
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+45d7c243c006f39dc...@syzkaller.appspotmail.com
Fixes: 643c332d519b ("arm64: bpf: optimize LD_ABS, LD_IND")
[ cut here ]
WARNING: CPU: 0 PID: 6879 at net/mac80211/ieee80211_i.h:1447
ieee80211_get_sband net/mac80211/ieee80211_i.h:1447 [inline]
WARNING: CPU: 0 PID: 6879 at net/mac80211/ieee80211_i.h:1447
sta_info_alloc+0x1900/0x1f90 net/mac80211/sta_info.c:469
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 6879 Comm: syz-executor071 Not tainted 5.9.0-rc8-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
panic+0x382/0x7fb kernel/panic.c:231
__warn.cold+0x20/0x4b kernel/panic.c:600
report_bug+0x1bd/0x210 lib/bug.c:198
handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234
exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:ieee80211_get_sband net/mac80211/ieee80211_i.h:1447 [inline]
RIP: 0010:sta_info_alloc+0x1900/0x1f90 net/mac80211/sta_info.c:469
Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f0 04 00
00 49 8b 9f 60 01 00 00 e9 fc f6 ff ff e8 80 20 b6 f9 <0f> 0b e8 e9 62 66 00 31
ff 89 c3 89 c6 e8 ce 1c b6 f9 85 db 74 1d
RSP: 0018:c9000539f498 EFLAGS: 00010293
RAX: RBX: 0001 RCX: 87c01d61
RDX: 8880a91ec3c0 RSI: 87c01e10 RDI: 0005
RBP: 8880896e0c80 R08: 0001 R09: 8d0c29e7
R10: R11: R12:
R13: 8880896e31b0 R14: dc00 R15: 888092f06000
ieee80211_add_station+0x28c/0x660 net/mac80211/cfg.c:1586
rdev_add_station net/wireless/rdev-ops.h:190 [inline]
nl80211_new_station+0xde7/0x1440 net/wireless/nl80211.c:6294
genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:714 [inline]
genl_rcv_msg+0x61d/0x980 net/netlink/genetlink.c:731
netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470
genl_rcv+0x24/0x40 net/netlink/genetlink.c:742
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
sys_sendmsg+0x6e8/0x810 net/socket.c:2353
___sys_sendmsg+0xf3/0x170 net/socket.c:2407
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2440
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x441999
Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83
7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:7ffd9fa54bf8 EFLAGS: 0246 ORIG_RAX: 002e
RAX: ffda RBX: RCX: 00441999
RDX: RSI: 2040 RDI: 0005
RBP: 00306e616c77 R08: R09: 0020
R10: R11: 0246 R12: 0032
R13: R14: 000c R15: 0004
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Re: WARNING in drv_bss_info_changed
syzbot has bisected this issue to:
commit 489b30b53f0540b9f8e391cbb2839cea48b5d1c1
Author: Kirill Tkhai
Date: Thu Mar 15 09:10:57 2018 +
net: Convert l2tp_net_ops
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=175b598f90
start commit: fcadab74 Merge tag 'drm-fixes-2020-10-01-1' of git://anong..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=14db598f90
console output: https://syzkaller.appspot.com/x/log.txt?x=10db598f90
kernel config: https://syzkaller.appspot.com/x/.config?x=89ab6a0c48f30b49
dashboard link: https://syzkaller.appspot.com/bug?extid=4cf3e4e092f2f4120a52
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145eb66790
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15422c1f90
Reported-by: syzbot+4cf3e4e092f2f4120...@syzkaller.appspotmail.com
Fixes: 489b30b53f05 ("net: Convert l2tp_net_ops")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in cfg80211_connect
syzbot has bisected this issue to:
commit 16d4d43595b4780daac8fcea6d042689124cb094
Author: Christoph Hellwig
Date: Wed Jul 20 01:38:55 2016 +
xfs: split direct I/O and DAX path
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14f662b790
start commit: 87d5034d Merge tag 'mlx5-updates-2020-09-30' of git://git...
git tree: net-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=16f662b790
console output: https://syzkaller.appspot.com/x/log.txt?x=12f662b790
kernel config: https://syzkaller.appspot.com/x/.config?x=7b5cc8ec2218e99d
dashboard link: https://syzkaller.appspot.com/bug?extid=5f9392825de654244975
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1100d33390
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1414c99790
Reported-by: syzbot+5f9392825de654244...@syzkaller.appspotmail.com
Fixes: 16d4d43595b4 ("xfs: split direct I/O and DAX path")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in rt6_fill_node
syzbot suspects this issue was fixed by commit: commit eeaac3634ee0e3f35548be35275efeca888e9b23 Author: Nikolay Aleksandrov Date: Sat Aug 22 12:06:36 2020 + net: nexthop: don't allow empty NHA_GROUP bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12beed5b90 start commit: c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=a0437fdd630bee11 dashboard link: https://syzkaller.appspot.com/bug?extid=81af6e9b3c4b8bc874f8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13ff853990 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143f3a9690 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net: nexthop: don't allow empty NHA_GROUP For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in nexthop_is_blackhole
syzbot suspects this issue was fixed by commit: commit eeaac3634ee0e3f35548be35275efeca888e9b23 Author: Nikolay Aleksandrov Date: Sat Aug 22 12:06:36 2020 + net: nexthop: don't allow empty NHA_GROUP bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=116177a790 start commit: c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=bb68b9e8a8cc842f dashboard link: https://syzkaller.appspot.com/bug?extid=b2c08a2f5cfef635cc3a syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d75e3990 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12aea51990 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net: nexthop: don't allow empty NHA_GROUP For information about bisection process see: https://goo.gl/tpsmEJ#bisection
KMSAN: uninit-value in batadv_nc_worker
Hello, syzbot found the following issue on: HEAD commit:5edb1df2 kmsan: drop the _nosanitize string functions git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=10cc55a790 kernel config: https://syzkaller.appspot.com/x/.config?x=4991d22eb136035c dashboard link: https://syzkaller.appspot.com/bug?extid=da9194708de785081f11 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+da9194708de785081...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] BUG: KMSAN: uninit-value in batadv_nc_worker+0x1c0/0x1d70 net/batman-adv/network-coding.c:718 CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:122 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:201 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] batadv_nc_worker+0x1c0/0x1d70 net/batman-adv/network-coding.c:718 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:293 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:143 [inline] kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:126 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:80 slab_alloc_node mm/slub.c:2907 [inline] slab_alloc mm/slub.c:2916 [inline] __kmalloc+0x2bb/0x4b0 mm/slub.c:3982 kmalloc_array+0x90/0x140 include/linux/slab.h:594 batadv_hash_new+0x129/0x530 net/batman-adv/hash.c:52 batadv_originator_init+0x9b/0x370 net/batman-adv/originator.c:211 batadv_mesh_init+0x4dc/0x9d0 net/batman-adv/main.c:204 batadv_softif_init_late+0x6d8/0xa30 net/batman-adv/soft-interface.c:857 register_netdevice+0xbbc/0x37d0 net/core/dev.c:9760 __rtnl_newlink net/core/rtnetlink.c:3454 [inline] rtnl_newlink+0x2e77/0x3ed0 net/core/rtnetlink.c:3500 rtnetlink_rcv_msg+0x142b/0x18c0 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x6d7/0x7e0 net/netlink/af_netlink.c:2470 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5581 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x11c8/0x1490 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x173a/0x1840 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg net/socket.c:671 [inline] __sys_sendto+0x9dc/0xc80 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto+0x107/0x130 net/socket.c:2000 __x64_sys_sendto+0x6e/0x90 net/socket.c:2000 do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48 entry_SYSCALL_64_after_hwframe+0x44/0xa9 = --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
INFO: rcu detected stall in security_file_open (3)
Hello,
syzbot found the following issue on:
HEAD commit:fb0155a0 Merge tag 'nfs-for-5.9-3' of git://git.linux-nfs...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10b007cf90
kernel config: https://syzkaller.appspot.com/x/.config?x=41b736b7ce1b3ea4
dashboard link: https://syzkaller.appspot.com/bug?extid=d2b6e8cc299748fecf25
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1249c71790
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1048d9e390
The issue was bisected to:
commit c9d8f5f0692d5960ed50970ffe63756fb8f96cdb
Author: Kirill Tkhai
Date: Fri Nov 9 10:33:27 2018 +
fuse: Protect fi->nlookup with fi->lock
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11af769d90
final oops: https://syzkaller.appspot.com/x/report.txt?x=13af769d90
console output: https://syzkaller.appspot.com/x/log.txt?x=15af769d90
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d2b6e8cc299748fec...@syzkaller.appspotmail.com
Fixes: c9d8f5f0692d ("fuse: Protect fi->nlookup with fi->lock")
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu:Tasks blocked on level-0 rcu_node (CPUs 0-1):
[ cut here ]
WARNING: CPU: 0 PID: 3922 at kernel/sched/core.c:3013 rq_unlock
kernel/sched/sched.h:1326 [inline]
WARNING: CPU: 0 PID: 3922 at kernel/sched/core.c:3013
try_invoke_on_locked_down_task+0x21d/0x2f0 kernel/sched/core.c:3019
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 3922 Comm: systemd-udevd Not tainted 5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
panic+0x382/0x7fb kernel/panic.c:231
__warn.cold+0x20/0x4b kernel/panic.c:600
report_bug+0x1bd/0x210 lib/bug.c:198
handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234
exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:try_invoke_on_locked_down_task+0x21d/0x2f0 kernel/sched/core.c:3013
Code: 45 31 f6 49 39 c0 74 3a 8b 74 24 38 49 8d 78 18 4c 89 04 24 e8 a4 e7 08
00 4c 8b 04 24 4c 89 c7 e8 28 ab d6 06 e9 20 ff ff ff <0f> 0b e9 7d fe ff ff 4c
89 ee 48 89 ef 41 ff d4 41 89 c6 e9 08 ff
RSP: 0018:c9007be0 EFLAGS: 00010046
RAX: RBX: 19200f7e RCX: 0001
RDX: RSI: 8162da10 RDI: 8880a61a2440
RBP: 8880a61a2440 R08: 0033 R09: 8a05ae03
R10: 062e R11: 0001 R12: 8162da10
R13: c9007d08 R14: 8880a61a2440 R15:
rcu_print_task_stall kernel/rcu/tree_stall.h:267 [inline]
print_other_cpu_stall kernel/rcu/tree_stall.h:475 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:634 [inline]
rcu_pending kernel/rcu/tree.c:3639 [inline]
rcu_sched_clock_irq.cold+0x97e/0xdfd kernel/rcu/tree.c:2521
update_process_times+0x25/0xa0 kernel/time/timer.c:1710
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:176
tick_sched_timer+0x1d1/0x2a0 kernel/time/tick-sched.c:1328
__run_hrtimer kernel/time/hrtimer.c:1524 [inline]
__hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1588
hrtimer_interrupt+0x334/0x940 kernel/time/hrtimer.c:1650
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
__sysvec_apic_timer_interrupt+0x147/0x5f0 arch/x86/kernel/apic/apic.c:1097
asm_call_irq_on_stack+0xf/0x20
__run_sysvec_on_irqstack arch/x86/include/asm/irq_stack.h:37 [inline]
run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:89 [inline]
sysvec_apic_timer_interrupt+0xb2/0xf0 arch/x86/kernel/apic/apic.c:1091
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]
RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x9/0x60 kernel/kcov.c:197
Code: 5d be 03 00 00 00 e9 76 af 49 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00
e8 b4 ff ff ff 31 c0 c3 90 65 48 8b 14 25 c0 fe 01 00 <65> 8b 05 e0 bf 8b 7e a9
00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74
RSP: 0018:c9f075a8 EFLAGS: 0246
RAX: RBX: 0004 RCX: 838a0be7
RDX: 88809c62c4c0 RSI: 88809c62c4c0 RDI: 0005
RBP: 8880a601de80 R08: 0001 R09: 8d5f79c7
R10: R11: R12: 0001
R13: 0183 R14: dc00 R15:
tomoyo_domain_quota_is_ok+0x31a/0x550 security/tomoyo/util.c:1070
tomoyo_supervisor+0x2f2/0xef0 security/tomoyo/common.c:2089
tomoyo_audit_path_log security/tomoyo/file.c:168 [inline]
tomoyo_path_permission security/tomoyo/file.c:587 [inline]
tomoyo_path_permission+0x27
KASAN: vmalloc-out-of-bounds Read in bpf_trace_run5
Hello,
syzbot found the following issue on:
HEAD commit:b10b8ad8 Add linux-next specific files for 20200921
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1371eb1d90
kernel config: https://syzkaller.appspot.com/x/.config?x=3cf0782933432b43
dashboard link: https://syzkaller.appspot.com/bug?extid=856297c51366950e115e
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1510d3d990
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1328ecbb90
The issue was bisected to:
commit 1e6d690b9334b7e1b31d25fd8d93e980e449a5f9
Author: Song Liu
Date: Thu Nov 17 23:24:39 2016 +
md/r5cache: caching phase of r5cache
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=109283d990
final oops: https://syzkaller.appspot.com/x/report.txt?x=129283d990
console output: https://syzkaller.appspot.com/x/log.txt?x=149283d990
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+856297c51366950e1...@syzkaller.appspotmail.com
Fixes: 1e6d690b9334 ("md/r5cache: caching phase of r5cache")
==
BUG: KASAN: vmalloc-out-of-bounds in __bpf_trace_run
kernel/trace/bpf_trace.c:1937 [inline]
BUG: KASAN: vmalloc-out-of-bounds in bpf_trace_run5+0x401/0x410
kernel/trace/bpf_trace.c:1977
Read of size 8 at addr c9e80030 by task rs:main Q:Reg/6567
CPU: 1 PID: 6567 Comm: rs:main Q:Reg Not tainted
5.9.0-rc5-next-20200921-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fb lib/dump_stack.c:118
print_address_description.constprop.0.cold+0x5/0x497 mm/kasan/report.c:385
__kasan_report mm/kasan/report.c:545 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562
__bpf_trace_run kernel/trace/bpf_trace.c:1937 [inline]
bpf_trace_run5+0x401/0x410 kernel/trace/bpf_trace.c:1977
__bpf_trace_ext4_journal_start+0x142/0x180 include/trace/events/ext4.h:1788
__traceiter_ext4_journal_start+0x83/0xd0 include/trace/events/ext4.h:1788
trace_ext4_journal_start include/trace/events/ext4.h:1788 [inline]
__ext4_journal_start_sb+0x228/0x440 fs/ext4/ext4_jbd2.c:96
__ext4_journal_start fs/ext4/ext4_jbd2.h:328 [inline]
ext4_dirty_inode+0xbc/0x130 fs/ext4/inode.c:5850
__mark_inode_dirty+0x888/0x1190 fs/fs-writeback.c:2260
generic_update_time+0x21c/0x370 fs/inode.c:1764
update_time fs/inode.c:1777 [inline]
file_update_time+0x434/0x520 fs/inode.c:1992
file_modified fs/inode.c:2015 [inline]
file_modified+0x7d/0xa0 fs/inode.c:2000
ext4_write_checks fs/ext4/file.c:248 [inline]
ext4_buffered_write_iter+0xf9/0x4a0 fs/ext4/file.c:264
ext4_file_write_iter+0x1f3/0x13e0 fs/ext4/file.c:660
call_write_iter include/linux/fs.h:1895 [inline]
new_sync_write+0x426/0x650 fs/read_write.c:517
vfs_write+0x57d/0x700 fs/read_write.c:595
ksys_write+0x12d/0x250 fs/read_write.c:648
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fed08e3a1cd
Code: c2 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83
ec 08 e8 ae fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8
f7 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:7fed063f5590 EFLAGS: 0293 ORIG_RAX: 0001
RAX: ffda RBX: 7fecfc0238a0 RCX: 7fed08e3a1cd
RDX: 0dd6 RSI: 7fecfc0238a0 RDI: 0006
RBP: R08: R09:
R10: R11: 0293 R12: 7fecfc023620
R13: 7fed063f55b0 R14: 560a2b025360 R15: 0dd6
Memory state around the buggy address:
c9e7ff00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
c9e7ff80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
>c9e8: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
^
c9e80080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
c9e80100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
==
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
INFO: rcu detected stall in exit_group
Hello,
syzbot found the following issue on:
HEAD commit:34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=134173a590
kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
dashboard link: https://syzkaller.appspot.com/bug?extid=1a14a0f8ce1a06d4415f
compiler: gcc (GCC) 10.1.0-syz 20200507
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c6642d90
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=132d00fd90
The issue was bisected to:
commit 32021982a324dce93b4ae00c06213bf45fb319c8
Author: David Howells
Date: Thu Nov 1 23:07:26 2018 +
hugetlbfs: Convert to fs_context
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16cc40be90
final oops: https://syzkaller.appspot.com/x/report.txt?x=15cc40be90
console output: https://syzkaller.appspot.com/x/log.txt?x=11cc40be90
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+1a14a0f8ce1a06d44...@syzkaller.appspotmail.com
Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context")
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu:Tasks blocked on level-0 rcu_node (CPUs 0-1):
[ cut here ]
WARNING: CPU: 0 PID: 3551 at kernel/sched/core.c:3013 rq_unlock
kernel/sched/sched.h:1326 [inline]
WARNING: CPU: 0 PID: 3551 at kernel/sched/core.c:3013
try_invoke_on_locked_down_task+0x214/0x2c0 kernel/sched/core.c:3019
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 3551 Comm: syz-executor649 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x198/0x1fd lib/dump_stack.c:118
panic+0x347/0x7c0 kernel/panic.c:231
__warn.cold+0x20/0x46 kernel/panic.c:600
report_bug+0x1bd/0x210 lib/bug.c:198
handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234
exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254
asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536
RIP: 0010:try_invoke_on_locked_down_task+0x214/0x2c0 kernel/sched/core.c:3013
Code: 45 31 f6 49 39 c0 74 3a 8b 74 24 38 49 8d 78 18 4c 89 04 24 e8 ad 9a 08
00 4c 8b 04 24 4c 89 c7 e8 01 40 a6 06 e9 29 ff ff ff <0f> 0b e9 86 fe ff ff 4c
89 ee 48 89 ef 41 ff d4 41 89 c6 e9 11 ff
RSP: 0018:c9007bd8 EFLAGS: 00010046
RAX: RBX: 19200f7d RCX: 0001
RDX: RSI: 81612ed0 RDI: 888099502240
RBP: 888099502240 R08: 0033 R09: 89bcb4a3
R10: 05a2 R11: 0001 R12: 81612ed0
R13: c9007d00 R14: 8880995025c0 R15: 8880ae636c00
rcu_print_task_stall kernel/rcu/tree_stall.h:267 [inline]
print_other_cpu_stall kernel/rcu/tree_stall.h:475 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:634 [inline]
rcu_pending kernel/rcu/tree.c:3637 [inline]
rcu_sched_clock_irq.cold+0x92e/0xccd kernel/rcu/tree.c:2519
update_process_times+0x25/0xa0 kernel/time/timer.c:1710
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:176
tick_sched_timer+0x1d1/0x2a0 kernel/time/tick-sched.c:1328
__run_hrtimer kernel/time/hrtimer.c:1524 [inline]
__hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1588
hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1650
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
__sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
sysvec_apic_timer_interrupt+0xb2/0xf0 arch/x86/kernel/apic/apic.c:1091
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:770 [inline]
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x4d/0x90 kernel/locking/spinlock.c:191
Code: 48 c7 c0 48 3c b6 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10
00 75 3c 48 83 3d 62 07 bf 01 00 74 29 48 89 df 57 9d <0f> 1f 44 00 00 bf 01 00
00 00 e8 44 80 58 f9 65 8b 05 7d c9 0a 78
RSP: 0018:c9000c997a20 EFLAGS: 0282
RAX: 1136c789 RBX: 0282 RCX: 115645e9
RDX: dc00 RSI: 0001 RDI: 0282
RBP: 8cb5e0e0 R08: 0001 R09: 0001
R10: R11: R12: 0017
R13: 0017 R14: dead0100 R15: dc00
__debug_check_no_obj_freed lib/debugobjects.c:977 [inline]
debug_check_no_obj_freed+0x20c/0x41c lib/debugobjects.c:998
free_pages_prepare mm/page_alloc.c:1214 [inline]
__free_pages_ok+0x240/0xcd0 mm/page_alloc.c:147
general protection fault in batadv_iv_ogm_schedule (2)
Hello, syzbot found the following issue on: HEAD commit:34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13db7cdd90 kernel config: https://syzkaller.appspot.com/x/.config?x=8f5c353182ed6199 dashboard link: https://syzkaller.appspot.com/bug?extid=870c4745cc7a955e17e2 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+870c4745cc7a955e1...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc0e: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0070-0x0077] CPU: 1 PID: 6396 Comm: kworker/u4:8 Not tainted 5.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:843 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x925/0xf40 net/batman-adv/bat_iv_ogm.c:869 Code: 00 48 c1 e8 03 48 89 44 24 28 48 c7 c5 48 e7 3a 8c 0f 1f 40 00 49 8d 5f 70 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 7d e0 a9 f9 48 8b 1b 48 b8 00 00 00 RSP: 0018:c90019cd7b88 EFLAGS: 00010202 RAX: 000e RBX: 0070 RCX: dc00 RDX: RSI: 0007 RDI: RBP: 8c3ae748 R08: 880ae416 R09: ed10152b4c06 R10: ed10152b4c06 R11: R12: 0007 R13: 8880a95a6028 R14: 8880a7f17870 R15: FS: () GS:8880ae90() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 931c4000 CR4: 001526e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_send_outstanding_bat_ogm_packet+0x68c/0x7c0 net/batman-adv/bat_iv_ogm.c:1723 process_one_work+0x789/0xfc0 kernel/workqueue.c:2269 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2415 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Modules linked in: ---[ end trace 3bb6c6ec8627e29b ]--- RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:843 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x925/0xf40 net/batman-adv/bat_iv_ogm.c:869 Code: 00 48 c1 e8 03 48 89 44 24 28 48 c7 c5 48 e7 3a 8c 0f 1f 40 00 49 8d 5f 70 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 7d e0 a9 f9 48 8b 1b 48 b8 00 00 00 RSP: 0018:c90019cd7b88 EFLAGS: 00010202 RAX: 000e RBX: 0070 RCX: dc00 RDX: RSI: 0007 RDI: RBP: 8c3ae748 R08: 880ae416 R09: ed10152b4c06 R10: ed10152b4c06 R11: R12: 0007 R13: 8880a95a6028 R14: 8880a7f17870 R15: FS: () GS:8880ae90() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 931c4000 CR4: 001526e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: INFO: task hung in tls_sk_proto_close
syzbot has bisected this issue to:
commit 02d21b59d5cc4b4b395bbc2a29319b8a529ebeff
Author: Ido Schimmel
Date: Wed Jan 23 14:32:59 2019 +
mlxsw: spectrum_nve: Enable VXLAN on Spectrum-2
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14e89b0590
start commit: 5438dd45 net_sched: fix error path in red_init()
git tree: net
final oops: https://syzkaller.appspot.com/x/report.txt?x=16e89b0590
console output: https://syzkaller.appspot.com/x/log.txt?x=12e89b0590
kernel config: https://syzkaller.appspot.com/x/.config?x=a0437fdd630bee11
dashboard link: https://syzkaller.appspot.com/bug?extid=ca1345cca66556f3d79b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14acdfe590
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1792598e90
Reported-by: syzbot+ca1345cca66556f3d...@syzkaller.appspotmail.com
Fixes: 02d21b59d5cc ("mlxsw: spectrum_nve: Enable VXLAN on Spectrum-2")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
general protection fault in nexthop_is_blackhole
Hello,
syzbot found the following issue on:
HEAD commit:c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11c48c9690
kernel config: https://syzkaller.appspot.com/x/.config?x=bb68b9e8a8cc842f
dashboard link: https://syzkaller.appspot.com/bug?extid=b2c08a2f5cfef635cc3a
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/
c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d75e3990
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12aea51990
The issue was bisected to:
commit de47c5d8e11dda678e4354eeb4235e58e92f7cd2
Author: Hariprasad Kelam
Date: Sat Jun 8 09:00:50 2019 +
af_key: make use of BUG_ON macro
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1045097290
final oops: https://syzkaller.appspot.com/x/report.txt?x=1245097290
console output: https://syzkaller.appspot.com/x/log.txt?x=1445097290
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b2c08a2f5cfef635c...@syzkaller.appspotmail.com
Fixes: de47c5d8e11d ("af_key: make use of BUG_ON macro")
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
general protection fault, probably for non-canonical address
0xdc10: [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0080-0x0087]
CPU: 0 PID: 7050 Comm: syz-executor320 Not tainted 5.9.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0010:nexthop_is_blackhole+0x145/0x250 include/net/nexthop.h:240
Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8
39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48
89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02
RSP: 0018:c900061172b8 EFLAGS: 00010202
RAX: 0010 RBX: 0080 RCX: 888091444300
RDX: RSI: RDI: 0001
RBP: 0001 R08: 8727dfc7 R09: ed1012299e09
R10: ed1012299e09 R11: R12: dc00
R13: 8880919da280 R14: 8880a9576610 R15: dc00
FS: 01a89880() GS:8880ae80() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 2300 CR3: a7555000 CR4: 001506f0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
rt6_fill_node+0xfe9/0x1f90 net/ipv6/route.c:5584
inet6_rt_notify+0x2ab/0x500 net/ipv6/route.c:6017
fib6_add_rt2node net/ipv6/ip6_fib.c:1246 [inline]
fib6_add+0x203b/0x3bd0 net/ipv6/ip6_fib.c:1473
__ip6_ins_rt net/ipv6/route.c:1317 [inline]
ip6_route_add+0x84/0x120 net/ipv6/route.c:3744
inet6_rtm_newroute+0x22f/0x2150 net/ipv6/route.c:5360
rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5563
netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2470
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1330
netlink_sendmsg+0xa57/0xd70 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg net/socket.c:671 [inline]
sys_sendmsg+0x519/0x800 net/socket.c:2353
___sys_sendmsg net/socket.c:2407 [inline]
__sys_sendmsg+0x2b1/0x360 net/socket.c:2440
do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x443ef9
Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83
bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:7ffd64ccd428 EFLAGS: 0246 ORIG_RAX: 002e
RAX: ffda RBX: 0003 RCX: 00443ef9
RDX: RSI: 2300 RDI: 0003
RBP: 7ffd64ccd430 R08: R09:
R10: R11: 0246 R12: b6f1
R13: R14: R15:
Modules linked in:
---[ end trace e62dc7d3de715e59 ]---
RIP: 0010:nexthop_is_blackhole+0x145/0x250 include/net/nexthop.h:240
Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8
39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48
89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02
RSP: 0018:c900061172b8 EFLAGS: 00010202
RAX: 0010 RBX: 0080 RCX: 888091444300
RDX: RSI: RDI: 0001
RBP: 0001 R08: 8727dfc7 R09: ed1012299e09
R10: ed1012299e09 R11: R12: dc
general protection fault in rt6_fill_node
Hello,
syzbot found the following issue on:
HEAD commit:d7223aa5 Merge branch 'l2tp-replace-custom-logging-code-wi..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1399802e90
kernel config: https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652
dashboard link: https://syzkaller.appspot.com/bug?extid=81af6e9b3c4b8bc874f8
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12949b5a90
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17b60e4690
The issue was bisected to:
commit 867d03bc238f62fcd28f287b9da8af5e483baeab
Author: Robert Hancock
Date: Thu Jun 6 22:28:14 2019 +
net: axienet: Add DMA registers to ethtool register dump
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1523f26690
final oops: https://syzkaller.appspot.com/x/report.txt?x=1723f26690
console output: https://syzkaller.appspot.com/x/log.txt?x=1323f26690
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+81af6e9b3c4b8bc87...@syzkaller.appspotmail.com
Fixes: 867d03bc238f ("net: axienet: Add DMA registers to ethtool register dump")
IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
IPv6: NLM_F_CREATE should be set when creating new route
IPv6: NLM_F_CREATE should be set when creating new route
general protection fault, probably for non-canonical address
0xdc10: [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0080-0x0087]
CPU: 1 PID: 7050 Comm: syz-executor648 Not tainted 5.9.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0010:nexthop_is_blackhole include/net/nexthop.h:240 [inline]
RIP: 0010:rt6_fill_node+0x1396/0x2940 net/ipv6/route.c:5584
Code: 3c 02 00 0f 85 ef 14 00 00 4d 8b 6d 10 e8 f2 1c 87 fa 49 8d bd 80 00 00
00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 10 15
00 00 4d 8b ad 80 00 00 00 e8 34 4b 06 01
RSP: 0018:c900063672b0 EFLAGS: 00010202
RAX: dc00 RBX: 8880a88bd800 RCX: 86ed2456
RDX: 0010 RSI: 86ed248e RDI: 0080
RBP: c900063673e8 R08: 0001 R09: 8880a88bd847
R10: 0001 R11: R12: 8880a8ded940
R13: R14: 8880a899ea00 R15:
FS: 010e3880() GS:8880ae70() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 2300 CR3: a8efa000 CR4: 001506e0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
inet6_rt_notify+0x14c/0x2b0 net/ipv6/route.c:6017
fib6_add_rt2node net/ipv6/ip6_fib.c:1246 [inline]
fib6_add+0x2840/0x3ed0 net/ipv6/ip6_fib.c:1473
__ip6_ins_rt net/ipv6/route.c:1317 [inline]
ip6_route_add+0x8b/0x150 net/ipv6/route.c:3744
inet6_rtm_newroute+0x152/0x160 net/ipv6/route.c:5360
rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5563
netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470
netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:671
sys_sendmsg+0x6e8/0x810 net/socket.c:2353
___sys_sendmsg+0xf3/0x170 net/socket.c:2407
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2440
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x443ef9
Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83
bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:7fff25138308 EFLAGS: 0246 ORIG_RAX: 002e
RAX: ffda RBX: 0003 RCX: 00443ef9
RDX: RSI: 2300 RDI: 0003
RBP: 7fff25138310 R08: R09:
R10: R11: 0246 R12: e25f
R13: R14: R15:
Modules linked in:
---[ end trace 46e9e8854602a8a3 ]---
RIP: 0010:nexthop_is_blackhole include/net/nexthop.h:240 [inline]
RIP: 0010:rt6_fill_node+0x1396/0x2940 net/ipv6/route.c:5584
Code: 3c 02 00 0f 85 ef 14 00 00 4d 8b 6d 10 e8 f2 1c 87 fa 49 8d bd 80 00 00
00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 10 15
00 00 4d 8b ad 80 00 00 00 e8 34 4b 06 01
RSP: 0018:c900063672b0 EFLAGS: 00010202
RAX: dc00 RBX: 8880a88bd800 RCX: 86ed2456
RDX: 0010 RSI: 86ed248e RDI: 0080
RBP: c900063673e8 R08: 0001 R09: 8880a88bd847
R10: 00
inconsistent lock state in sco_sock_timeout
Hello,
syzbot found the following issue on:
HEAD commit:2cc3c4b3 Merge tag 'io_uring-5.9-2020-08-15' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10cf6aa690
kernel config: https://syzkaller.appspot.com/x/.config?x=19f02fc5c511a391
dashboard link: https://syzkaller.appspot.com/bug?extid=2f6d7c28bb4bf7e82060
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/
c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1307149190
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ec5be290
The issue was bisected to:
commit 331c56ac73846fa267c04ee6aa9a00bb5fed9440
Author: Heiner Kallweit
Date: Mon Aug 12 21:51:27 2019 +
net: phy: add phy_speed_down_core and phy_resolve_min_speed
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1623bea690
final oops: https://syzkaller.appspot.com/x/report.txt?x=1523bea690
console output: https://syzkaller.appspot.com/x/log.txt?x=1123bea690
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2f6d7c28bb4bf7e82...@syzkaller.appspotmail.com
Fixes: 331c56ac7384 ("net: phy: add phy_speed_down_core and
phy_resolve_min_speed")
WARNING: inconsistent lock state
5.8.0-syzkaller #0 Not tainted
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
888088b810a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: spin_lock
include/linux/spinlock.h:354 [inline]
888088b810a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at:
sco_sock_timeout+0x2b/0x280 net/bluetooth/sco.c:83
{SOFTIRQ-ON-W} state was registered at:
lock_acquire+0x160/0x730 kernel/locking/lockdep.c:5005
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sco_conn_del+0x100/0x710 net/bluetooth/sco.c:176
hci_disconn_cfm include/net/bluetooth/hci_core.h:1438 [inline]
hci_conn_hash_flush+0x127/0x200 net/bluetooth/hci_conn.c:1557
hci_dev_do_close+0xb7b/0x1040 net/bluetooth/hci_core.c:1770
hci_unregister_dev+0x185/0x1590 net/bluetooth/hci_core.c:3790
vhci_release+0x73/0xc0 drivers/bluetooth/hci_vhci.c:340
__fput+0x34f/0x7b0 fs/file_table.c:281
task_work_run+0x137/0x1c0 kernel/task_work.c:141
exit_task_work include/linux/task_work.h:25 [inline]
do_exit+0x5f3/0x1f20 kernel/exit.c:806
do_group_exit+0x161/0x2d0 kernel/exit.c:903
get_signal+0x13bb/0x1d50 kernel/signal.c:2757
arch_do_signal+0x33/0x610 arch/x86/kernel/signal.c:811
exit_to_user_mode_loop kernel/entry/common.c:135 [inline]
exit_to_user_mode_prepare+0x8d/0x1b0 kernel/entry/common.c:166
syscall_exit_to_user_mode+0x5e/0x1a0 kernel/entry/common.c:241
entry_SYSCALL_64_after_hwframe+0x44/0xa9
irq event stamp: 1760434
hardirqs last enabled at (1760434): [] __raw_spin_unlock_irq
include/linux/spinlock_api_smp.h:168 [inline]
hardirqs last enabled at (1760434): []
_raw_spin_unlock_irq+0x1f/0x80 kernel/locking/spinlock.c:199
hardirqs last disabled at (1760433): [] __raw_spin_lock_irq
include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (1760433): []
_raw_spin_lock_irq+0x41/0x80 kernel/locking/spinlock.c:167
softirqs last enabled at (1760422): []
sysvec_apic_timer_interrupt+0x14/0xf0 arch/x86/kernel/apic/apic.c:1091
softirqs last disabled at (1760423): []
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
lock(slock-AF_BLUETOOTH-BTPROTO_SCO);
*** DEADLOCK ***
1 lock held by swapper/1/0:
#0: c9da8dc0 ((>sk_timer)){+.-.}-{0:0}, at: lockdep_copy_map
include/linux/lockdep.h:45 [inline]
#0: c9da8dc0 ((>sk_timer)){+.-.}-{0:0}, at:
call_timer_fn+0x57/0x160 kernel/time/timer.c:1403
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.8.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1f0/0x31e lib/dump_stack.c:118
print_usage_bug+0x1117/0x11d0 kernel/locking/lockdep.c:3350
mark_lock_irq arch/x86/include/asm/paravirt.h:661 [inline]
mark_lock+0x10e2/0x1b00 kernel/locking/lockdep.c:4006
mark_usage kernel/locking/lockdep.c:3905 [inline]
__lock_acquire+0xa99/0x2ab0 kernel/locking/lockdep.c:4380
lock_acquire+0x160/0x730 kernel/locking/lockdep.c:5005
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
spin_lock include/linux/spinlock.h:354 [inline]
sco_sock_timeout+0x2b/0x280 net/bluetooth/sco.c:83
call_timer_fn+0x91/0x160 kernel/time/timer.c:1413
expire_timers kerne
Re: KMSAN: uninit-value in batadv_hard_if_event (2)
syzbot has found a reproducer for the following issue on: HEAD commit:ce8056d1 wip: changed copy_from_user where instrumented git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=1015b61690 kernel config: https://syzkaller.appspot.com/x/.config?x=3afe005fb99591f dashboard link: https://syzkaller.appspot.com/bug?extid=abbc768b560c84d92fd3 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17837fba90 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1218cc1690 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com usb 1-1: new high-speed USB device number 2 using dummy_hcd usb 1-1: New USB device found, idVendor=07b8, idProduct=401a, bcdDevice=3d.3d usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 1-1: config 0 descriptor?? = BUG: KMSAN: uninit-value in batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] BUG: KMSAN: uninit-value in batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] BUG: KMSAN: uninit-value in batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 CPU: 1 PID: 29 Comm: kworker/1:1 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 notifier_call_chain kernel/notifier.c:83 [inline] __raw_notifier_call_chain kernel/notifier.c:361 [inline] raw_notifier_call_chain+0x123/0x290 kernel/notifier.c:368 call_netdevice_notifiers_info net/core/dev.c:2027 [inline] call_netdevice_notifiers_extack net/core/dev.c:2039 [inline] call_netdevice_notifiers net/core/dev.c:2053 [inline] register_netdevice+0x3120/0x37d0 net/core/dev.c:9545 register_netdev+0xbe/0x100 net/core/dev.c:9645 rtl8150_probe+0x12d9/0x15b0 drivers/net/usb/rtl8150.c:916 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5208 [inline] hub_port_connect_change drivers/usb/core/hub.c:5348 [inline] port_event drivers/usb/core/hub.c:5494 [inline] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 set_ethernet_addr drivers/net/usb/rtl8150.c:282 [inline] rtl8150_probe+0x1236/0x15b0 drivers/net/usb/rtl8150.c:912 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers
KMSAN: uninit-value in batadv_hard_if_event (2)
Hello, syzbot found the following issue on: HEAD commit:ce8056d1 wip: changed copy_from_user where instrumented git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=106e4c3c90 kernel config: https://syzkaller.appspot.com/x/.config?x=3afe005fb99591f dashboard link: https://syzkaller.appspot.com/bug?extid=abbc768b560c84d92fd3 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com usb 1-1: config 0 descriptor?? = BUG: KMSAN: uninit-value in batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] BUG: KMSAN: uninit-value in batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] BUG: KMSAN: uninit-value in batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 CPU: 0 PID: 8697 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 notifier_call_chain kernel/notifier.c:83 [inline] __raw_notifier_call_chain kernel/notifier.c:361 [inline] raw_notifier_call_chain+0x123/0x290 kernel/notifier.c:368 call_netdevice_notifiers_info net/core/dev.c:2027 [inline] call_netdevice_notifiers_extack net/core/dev.c:2039 [inline] call_netdevice_notifiers net/core/dev.c:2053 [inline] register_netdevice+0x3120/0x37d0 net/core/dev.c:9545 register_netdev+0xbe/0x100 net/core/dev.c:9645 rtl8150_probe+0x12d9/0x15b0 drivers/net/usb/rtl8150.c:916 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5208 [inline] hub_port_connect_change drivers/usb/core/hub.c:5348 [inline] port_event drivers/usb/core/hub.c:5494 [inline] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 set_ethernet_addr drivers/net/usb/rtl8150.c:282 [inline] rtl8150_probe+0x1236/0x15b0 drivers/net/usb/rtl8150.c:912 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe
Re: general protection fault in hci_phy_link_complete_evt
syzbot has bisected this issue to:
commit b59abfbed638037f3b51eeb73266892cd2df177f
Author: Johannes Berg
Date: Thu Sep 15 13:30:03 2016 +
mac80211_hwsim: statically initialize hwsim_radios list
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15dd5f9890
start commit: c0842fbc random32: move the pseudo-random 32-bit definitio..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=17dd5f9890
console output: https://syzkaller.appspot.com/x/log.txt?x=13dd5f9890
kernel config: https://syzkaller.appspot.com/x/.config?x=cf567e8c7428377e
dashboard link: https://syzkaller.appspot.com/bug?extid=18e38290a2a263b31aa0
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e4e09490
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1143e7ca90
Reported-by: syzbot+18e38290a2a263b31...@syzkaller.appspotmail.com
Fixes: b59abfbed638 ("mac80211_hwsim: statically initialize hwsim_radios list")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in hci_event_packet
syzbot has bisected this issue to:
commit 941992d2944789641470626e9336d663236b1d28
Author: Javier Martinez Canillas
Date: Mon Sep 12 14:03:34 2016 +
ethernet: amd: use IS_ENABLED() instead of checking for built-in or module
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=155180c290
start commit: bcf87687 Linux 5.8
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=175180c290
console output: https://syzkaller.appspot.com/x/log.txt?x=135180c290
kernel config: https://syzkaller.appspot.com/x/.config?x=4b489d75d0c8859d
dashboard link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1043af0490
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ca1dea90
Reported-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com
Fixes: 941992d29447 ("ethernet: amd: use IS_ENABLED() instead of checking for
built-in or module")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in hci_send_acl
syzbot has bisected this issue to:
commit 4ffcd582301bd020b1f9d00c55473af305ec19b5
Author: Michael Chan
Date: Mon Sep 19 07:58:07 2016 +
bnxt_en: Pad TX packets below 52 bytes.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=167b0f0490
start commit: ac3a0c84 Merge git://git.kernel.org/pub/scm/linux/kernel/g..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=157b0f0490
console output: https://syzkaller.appspot.com/x/log.txt?x=117b0f0490
kernel config: https://syzkaller.appspot.com/x/.config?x=c0cfcf935bcc94d2
dashboard link: https://syzkaller.appspot.com/bug?extid=98228e7407314d2d4ba2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=152f190490
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1482dfca90
Reported-by: syzbot+98228e7407314d2d4...@syzkaller.appspotmail.com
Fixes: 4ffcd582301b ("bnxt_en: Pad TX packets below 52 bytes.")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: INFO: rcu detected stall in netlink_sendmsg (4)
syzbot has bisected this issue to:
commit 5a781ccbd19e4664babcbe4b4ead7aa2b9283d22
Author: Vinicius Costa Gomes
Date: Sat Sep 29 00:59:43 2018 +
tc: Add support for configuring the taprio scheduler
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16d46e1b10
start commit: 7cc2a8ea Merge tag 'block-5.8-2020-07-01' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11d46e1b10
kernel config: https://syzkaller.appspot.com/x/.config?x=7be693511b29b338
dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1023588f10
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1647a88f10
Reported-by: syzbot+0fb70e87d8e0ac278...@syzkaller.appspotmail.com
Fixes: 5a781ccbd19e ("tc: Add support for configuring the taprio scheduler")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
INFO: rcu detected stall in seq_read (2)
Hello,
syzbot found the following issue on:
HEAD commit:4fa640dc Merge tag 'vfio-v5.8-rc7' of git://github.com/awi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=145cac3090
kernel config: https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267
dashboard link: https://syzkaller.appspot.com/bug?extid=c28b5fee66fd3b7f766e
compiler: gcc (GCC) 10.1.0-syz 20200507
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e23ac890
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1198c44090
The issue was bisected to:
commit 53e233ea2fa9fa7e2405e95070981f327d90e519
Author: Vasundhara Volam
Date: Thu Oct 4 05:43:52 2018 +
devlink: Add Documentation/networking/devlink-params-bnxt.txt
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15e22b9490
final oops: https://syzkaller.appspot.com/x/report.txt?x=17e22b9490
console output: https://syzkaller.appspot.com/x/log.txt?x=13e22b9490
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c28b5fee66fd3b7f7...@syzkaller.appspotmail.com
Fixes: 53e233ea2fa9 ("devlink: Add
Documentation/networking/devlink-params-bnxt.txt")
hrtimer: interrupt took 6305559 ns
rcu: INFO: rcu_preempt self-detected stall on CPU
rcu:1-...!: (1 GPs behind) idle=91e/1/0x4000
softirq=10105/10107 fqs=1
(t=18319 jiffies g=8905 q=457)
NMI backtrace for cpu 1
CPU: 1 PID: 4008 Comm: systemd-journal Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101
nmi_trigger_cpumask_backtrace+0x1b3/0x223 lib/nmi_backtrace.c:62
trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline]
rcu_dump_cpu_stacks+0x194/0x1cf kernel/rcu/tree_stall.h:320
print_cpu_stall kernel/rcu/tree_stall.h:553 [inline]
check_cpu_stall kernel/rcu/tree_stall.h:627 [inline]
rcu_pending kernel/rcu/tree.c:3489 [inline]
rcu_sched_clock_irq.cold+0x5b3/0xccc kernel/rcu/tree.c:2504
update_process_times+0x25/0x60 kernel/time/timer.c:1737
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:176
tick_sched_timer+0x108/0x290 kernel/time/tick-sched.c:1320
__run_hrtimer kernel/time/hrtimer.c:1520 [inline]
__hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1584
hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1646
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline]
__sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097
asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711
__run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
sysvec_apic_timer_interrupt+0xe0/0x120 arch/x86/kernel/apic/apic.c:1091
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:585
RIP: 0010:format_decode+0x0/0xad0 lib/vsprintf.c:2329
Code: c7 c7 10 05 af 8a be 10 00 00 00 e8 5a c3 46 00 48 c7 c7 20 78 0d 8a e9
6e f2 e2 fd 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 <41> 57 41 56 41 55 41 54
55 48 89 f5 53 48 bb 00 00 00 00 00 fc ff
RSP: 0018:c90001077a10 EFLAGS: 0293
RAX: RBX: dc00 RCX: 83b0a497
RDX: 888093224040 RSI: c90001077a80 RDI: 884e6293
RBP: 884e6293 R08: 0001 R09: 8880952a63d1
R10: R11: R12: 8880952a63d2
R13: 884e6293 R14: 0025 R15: c90001077b30
vsnprintf+0x155/0x14f0 lib/vsprintf.c:2572
seq_vprintf fs/seq_file.c:379 [inline]
seq_printf+0x195/0x240 fs/seq_file.c:394
proc_pid_status+0x1c6d/0x24b0 fs/proc/array.c:424
proc_single_show+0x116/0x1e0 fs/proc/base.c:766
seq_read+0x432/0x1070 fs/seq_file.c:208
vfs_read+0x1df/0x520 fs/read_write.c:479
ksys_read+0x12d/0x250 fs/read_write.c:607
do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f0fc43d9910
Code: Bad RIP value.
RSP: 002b:7ffdcb193978 EFLAGS: 0246 ORIG_RAX:
RAX: ffda RBX: 55b1476b96f0 RCX: 7f0fc43d9910
RDX: 0800 RSI: 55b1476b8b00 RDI: 0013
RBP: 7f0fc4694440 R08: 7f0fc4697fc8 R09: 0410
R10: 55b1476b96f0 R11: 0246 R12: 0800
R13: 0d68 R14: 55b1476b8b00 R15: 7f0fc4693900
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for de
KMSAN: uninit-value in batadv_tt_hash_find
Hello, syzbot found the following crash on: HEAD commit:f0d5ec90 kmsan: apply __no_sanitize_memory to dotraplinkag.. git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=10c0883b10 kernel config: https://syzkaller.appspot.com/x/.config?x=86e4f8af239686c6 dashboard link: https://syzkaller.appspot.com/bug?extid=ab16e463b903f5a37036 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) userspace arch: i386 Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+ab16e463b903f5a37...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in __read_once_size include/linux/compiler.h:206 [inline] BUG: KMSAN: uninit-value in batadv_tt_hash_find+0x38a/0x810 net/batman-adv/translation-table.c:144 CPU: 0 PID: 23320 Comm: syz-executor.5 Not tainted 5.7.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 __read_once_size include/linux/compiler.h:206 [inline] batadv_tt_hash_find+0x38a/0x810 net/batman-adv/translation-table.c:144 batadv_tt_global_hash_find net/batman-adv/translation-table.c:203 [inline] batadv_transtable_search+0x292/0xa00 net/batman-adv/translation-table.c:2618 batadv_send_skb_via_tt_generic+0x181/0x290 net/batman-adv/send.c:423 batadv_send_skb_via_tt net/batman-adv/send.h:82 [inline] batadv_interface_tx+0x1b3d/0x2450 net/batman-adv/soft-interface.c:378 __netdev_start_xmit include/linux/netdevice.h:4533 [inline] netdev_start_xmit include/linux/netdevice.h:4547 [inline] xmit_one net/core/dev.c:3477 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3493 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4052 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4085 neigh_hh_output include/net/neighbour.h:499 [inline] neigh_output include/net/neighbour.h:508 [inline] ip_finish_output2+0x20fd/0x2610 net/ipv4/ip_output.c:228 ip_do_fragment+0x2c98/0x3570 net/ipv4/ip_output.c:849 ip_fragment+0x242/0x400 net/ipv4/ip_output.c:585 __ip_finish_output+0xd34/0xd80 net/ipv4/ip_output.c:304 ip_finish_output+0x166/0x410 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip_mc_output+0xfbf/0x1090 net/ipv4/ip_output.c:415 dst_output include/net/dst.h:435 [inline] ip_local_out net/ipv4/ip_output.c:125 [inline] ip_send_skb+0x179/0x360 net/ipv4/ip_output.c:1560 udp_send_skb+0x1046/0x18b0 net/ipv4/udp.c:891 udp_sendmsg+0x3bb5/0x4100 net/ipv4/udp.c:1178 inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg net/socket.c:672 [inline] sys_sendmsg+0x1056/0x1350 net/socket.c:2362 ___sys_sendmsg net/socket.c:2416 [inline] __sys_sendmmsg+0x863/0xd60 net/socket.c:2499 __compat_sys_sendmmsg net/compat.c:672 [inline] __do_compat_sys_sendmmsg net/compat.c:679 [inline] __se_compat_sys_sendmmsg+0xcd/0xf0 net/compat.c:676 __ia32_compat_sys_sendmmsg+0x56/0x70 net/compat.c:676 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline] do_fast_syscall_32+0x3bf/0x6d0 arch/x86/entry/common.c:398 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f3add9 Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:f5d140cc EFLAGS: 0296 ORIG_RAX: 0159 RAX: ffda RBX: 0003 RCX: 20007f80 RDX: 0001 RSI: RDI: RBP: R08: R09: R10: R11: R12: R13: R14: R15: Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165 ether_addr_copy include/linux/etherdevice.h:279 [inline] batadv_tt_hash_find+0x333/0x810 net/batman-adv/translation-table.c:137 batadv_tt_global_hash_find net/batman-adv/translation-table.c:203 [inline] batadv_transtable_search+0x292/0xa00 net/batman-adv/translation-table.c:2618 batadv_send_skb_via_tt_generic+0x181/0x290 net/batman-adv/send.c:423 batadv_send_skb_via_tt net/batman-adv/send.h:82 [inline] batadv_interface_tx+0x1b3d/0x2450 net/batman-adv/soft-interface.c:378 __netdev_start_xmit include/linux/netdevice.h:4533 [inline] netdev_start_xmit include/linux/netdevice.h:4547 [inline] xm
general protection fault in batadv_hardif_get_by_netdev
Hello, syzbot found the following crash on: HEAD commit:0aea6d5c Merge tag 'for-linus-5.8b-rc5-tag' of git://git.k.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1596004f10 kernel config: https://syzkaller.appspot.com/x/.config?x=66ad203c2bb6d8b dashboard link: https://syzkaller.appspot.com/bug?extid=4a2d01c2df834fe6e86d compiler: gcc (GCC) 10.1.0-syz 20200507 userspace arch: i386 Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+4a2d01c2df834fe6e...@syzkaller.appspotmail.com netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. general protection fault, probably for non-canonical address 0xdc03: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0018-0x001f] CPU: 1 PID: 11316 Comm: syz-executor.4 Not tainted 5.8.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:batadv_hardif_get_by_netdev+0x14c/0x400 net/batman-adv/hard-interface.c:72 Code: 18 00 0f 85 92 02 00 00 4d 8b 24 24 49 81 fc e0 29 4f 8d 0f 84 b4 01 00 00 e8 00 01 ab f9 49 8d 7c 24 18 48 89 f8 48 c1 e8 03 <80> 3c 18 00 0f 85 73 02 00 00 4d 39 6c 24 18 75 b7 e8 de 00 ab f9 RSP: 0018:c900171aeca8 EFLAGS: 00010206 RAX: 0003 RBX: dc00 RCX: c90011a8c000 RDX: 0004 RSI: 87c8b900 RDI: 0018 RBP: 88802afd4000 R08: R09: 8c593a27 R10: R11: R12: R13: 88802afd4000 R14: R15: 8aa441c0 FS: () GS:8880ae70(0063) knlGS:f5d6db40 CS: 0010 DS: 002b ES: 002b CR0: 80050033 CR2: 55feecf1dcd8 CR3: 27b29000 CR4: 001426e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_hard_if_event+0x62/0x12f0 net/batman-adv/hard-interface.c:1031 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline] call_netdevice_notifiers net/core/dev.c:2053 [inline] register_netdevice+0xa52/0x1540 net/core/dev.c:9509 veth_newlink+0x405/0xa00 drivers/net/veth.c:1366 __rtnl_newlink+0x1090/0x1730 net/core/rtnetlink.c:3339 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3397 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5460 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2469 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 sys_sendmsg+0x6e8/0x810 net/socket.c:2352 ___sys_sendmsg+0xf3/0x170 net/socket.c:2406 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 do_syscall_32_irqs_on+0x3f/0x60 arch/x86/entry/common.c:428 __do_fast_syscall_32 arch/x86/entry/common.c:475 [inline] do_fast_syscall_32+0x7f/0x120 arch/x86/entry/common.c:503 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f72569 Code: Bad RIP value. RSP: 002b:f5d6d0cc EFLAGS: 0296 ORIG_RAX: 0172 RAX: ffda RBX: 0007 RCX: 2040 RDX: RSI: RDI: RBP: R08: R09: R10: R11: R12: R13: R14: R15: Modules linked in: --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
general protection fault in batadv_iv_ogm_schedule_buff (2)
Hello, syzbot found the following crash on: HEAD commit:7cc2a8ea Merge tag 'block-5.8-2020-07-01' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=130b828f10 kernel config: https://syzkaller.appspot.com/x/.config?x=7be693511b29b338 dashboard link: https://syzkaller.appspot.com/bug?extid=2eeeb5ad0766b57394d8 compiler: gcc (GCC) 10.1.0-syz 20200507 Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+2eeeb5ad0766b5739...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc0e: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0070-0x0077] CPU: 1 PID: 9126 Comm: kworker/u4:9 Not tainted 5.8.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff+0xd1e/0x1410 net/batman-adv/bat_iv_ogm.c:843 Code: 80 3c 28 00 0f 85 ee 05 00 00 4d 8b 3f 49 81 ff e0 e9 4e 8d 0f 84 dd 02 00 00 e8 bd 80 ae f9 49 8d 7f 70 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 af 06 00 00 48 8b 44 24 08 49 8b 6f 70 80 38 RSP: 0018:c90004e97b98 EFLAGS: 00010202 RAX: 000e RBX: 8880a7471800 RCX: 87c5394d RDX: 88804cf02380 RSI: 87c536a3 RDI: 0070 RBP: 00077000 R08: 0001 R09: 8880a875a02b R10: R11: R12: 0007 R13: dc00 R14: 888051ad4c40 R15: FS: () GS:8880ae70() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 00400200 CR3: 61cac000 CR4: 001426e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:869 [inline] batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:862 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x5c8/0x800 net/batman-adv/bat_iv_ogm.c:1722 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:291 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Modules linked in: ---[ end trace f5c5eda032070cd1 ]--- RIP: 0010:batadv_iv_ogm_schedule_buff+0xd1e/0x1410 net/batman-adv/bat_iv_ogm.c:843 Code: 80 3c 28 00 0f 85 ee 05 00 00 4d 8b 3f 49 81 ff e0 e9 4e 8d 0f 84 dd 02 00 00 e8 bd 80 ae f9 49 8d 7f 70 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 af 06 00 00 48 8b 44 24 08 49 8b 6f 70 80 38 RSP: 0018:c90004e97b98 EFLAGS: 00010202 RAX: 000e RBX: 8880a7471800 RCX: 87c5394d RDX: 88804cf02380 RSI: 87c536a3 RDI: 0070 RBP: 00077000 R08: 0001 R09: 8880a875a02b R10: R11: R12: 0007 R13: dc00 R14: 888051ad4c40 R15: FS: () GS:8880ae70() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 00400200 CR3: 9480d000 CR4: 001426e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: INFO: rcu detected stall in netlink_sendmsg (4)
syzbot has found a reproducer for the following crash on: HEAD commit:9e50b94b Add linux-next specific files for 20200703 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=13e6ec3310 kernel config: https://syzkaller.appspot.com/x/.config?x=f99cc0faa1476ed6 dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=168ab5d510 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1771c5d510 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0fb70e87d8e0ac278...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu:0-...0: (3 ticks this GP) idle=ff2/1/0x4000 softirq=8592/8593 fqs=5250 (detected by 1, t=10502 jiffies, g=8273, q=66) Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 6802 Comm: syz-executor688 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__preempt_count_dec_and_test arch/x86/include/asm/preempt.h:94 [inline] RIP: 0010:rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1144 [inline] RIP: 0010:rcu_lockdep_current_cpu_online+0xc8/0x110 kernel/rcu/tree.c:1131 Code: 59 48 8d 7d 70 48 8b 5b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 41 48 8b 45 70 48 85 c3 0f 95 c0 <65> ff 0d d1 18 a1 7e 74 07 48 83 c4 08 5b 5d c3 e8 52 93 9f ff eb RSP: 0018:c9007db8 EFLAGS: 0002 RAX: 0001 RBX: 0001 RCX: 11303b28 RDX: 11378c1e RSI: 00010204 RDI: 89bc60f0 RBP: 89bc6080 R08: R09: 8aaf028f R10: R11: R12: 0001 R13: 8880ae627840 R14: 888094512340 R15: dc00 FS: 017fe880() GS:8880ae60() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2610 CR3: 9aba2000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: rcu_read_lock_held_common kernel/rcu/update.c:110 [inline] rcu_read_lock_held_common kernel/rcu/update.c:100 [inline] rcu_read_lock_sched_held+0x25/0xb0 kernel/rcu/update.c:121 trace_hrtimer_expire_exit include/trace/events/timer.h:279 [inline] __run_hrtimer kernel/time/hrtimer.c:1523 [inline] __hrtimer_run_queues+0xd13/0xfc0 kernel/time/hrtimer.c:1584 hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0xe0/0x120 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:596 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:765 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x8c/0xe0 kernel/locking/spinlock.c:191 Code: 48 c7 c0 00 ff b4 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 37 48 83 3d 9b 74 c8 01 00 74 22 48 89 df 57 9d <0f> 1f 44 00 00 bf 01 00 00 00 e8 95 fb 62 f9 65 8b 05 fe 73 15 78 RSP: 0018:c900010872c0 EFLAGS: 0282 RAX: 11369fe0 RBX: 0282 RCX: 0002 RDX: dc00 RSI: RDI: 0282 RBP: 8880945122e8 R08: R09: R10: 0001 R11: R12: 0282 R13: 161f14abb88be58f R14: 888094512000 R15: spin_unlock_irqrestore include/linux/spinlock.h:409 [inline] taprio_change+0x1fdc/0x2960 net/sched/sch_taprio.c:1556 taprio_init+0x52e/0x670 net/sched/sch_taprio.c:1669 qdisc_create+0x4b6/0x12e0 net/sched/sch_api.c:1245 tc_modify_qdisc+0x4c8/0x1990 net/sched/sch_api.c:1661 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5460 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2469 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 sys_sendmsg+0x6e8/0x810 net/socket.c:2352 ___sys_sendmsg+0xf3/0x170 net/socket.c:2406 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x443799 Code: Bad RIP value. RSP: 002b:7ffceab
Re: KASAN: null-ptr-deref Write in blk_mq_map_swqueue
This bug is marked as fixed by commit: blk-mq: Fix a recently introduced regression in But I can't find it in any tested tree for more than 90 days. Is it a correct commit? Please update it by replying: #syz fix: exact-commit-title Until then the bug is still considered open and new crashes with the same signature are ignored.
KASAN: use-after-free Write in fsnotify_detach_connector_from_object
Hello,
syzbot found the following crash on:
HEAD commit:7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=120b26c110
kernel config: https://syzkaller.appspot.com/x/.config?x=d195fe572fb15312
dashboard link: https://syzkaller.appspot.com/bug?extid=7d2debdcdb3cb93c1e5e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1724b24610
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ceb3de10
The bug was bisected to:
commit 76313c70c52f930af4afd21684509ca52297ea71
Author: Eric W. Biederman
Date: Wed Feb 19 16:37:15 2020 +
uml: Create a private mount of proc for mconsole
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=117c491210
final crash:https://syzkaller.appspot.com/x/report.txt?x=137c491210
console output: https://syzkaller.appspot.com/x/log.txt?x=157c491210
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7d2debdcdb3cb93c1...@syzkaller.appspotmail.com
Fixes: 76313c70c52f ("uml: Create a private mount of proc for mconsole")
==
BUG: KASAN: use-after-free in atomic64_inc
include/asm-generic/atomic-instrumented.h:1049 [inline]
BUG: KASAN: use-after-free in atomic_long_inc
include/asm-generic/atomic-long.h:160 [inline]
BUG: KASAN: use-after-free in fsnotify_detach_connector_from_object+0x25e/0x380
fs/notify/mark.c:185
Write of size 8 at addr 88809fd7e7c0 by task syz-executor972/8021
CPU: 1 PID: 8021 Comm: syz-executor972 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
print_address_description.constprop.0.cold+0xd3/0x413 mm/kasan/report.c:383
__kasan_report mm/kasan/report.c:513 [inline]
kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x141/0x190 mm/kasan/generic.c:192
atomic64_inc include/asm-generic/atomic-instrumented.h:1049 [inline]
atomic_long_inc include/asm-generic/atomic-long.h:160 [inline]
fsnotify_detach_connector_from_object+0x25e/0x380 fs/notify/mark.c:185
fsnotify_put_mark+0x367/0x580 fs/notify/mark.c:250
fsnotify_clear_marks_by_group+0x33f/0x490 fs/notify/mark.c:764
fsnotify_destroy_group+0xc9/0x300 fs/notify/group.c:61
inotify_release+0x33/0x40 fs/notify/inotify/inotify_user.c:271
__fput+0x33e/0x880 fs/file_table.c:281
task_work_run+0xf4/0x1b0 kernel/task_work.c:123
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xb3f/0x2de0 kernel/exit.c:806
do_group_exit+0x125/0x340 kernel/exit.c:904
__do_sys_exit_group kernel/exit.c:915 [inline]
__se_sys_exit_group kernel/exit.c:913 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:913
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x445448
Code: Bad RIP value.
RSP: 002b:7ffe48521018 EFLAGS: 0246 ORIG_RAX: 00e7
RAX: ffda RBX: RCX: 00445448
RDX: RSI: 003c RDI:
RBP: 004cca90 R08: 00e7 R09: ffd0
R10: 7ffe48521060 R11: 0246 R12: 0001
R13: 006e0340 R14: 0007 R15: 002d
Allocated by task 8026:
save_stack+0x1b/0x40 mm/kasan/common.c:48
set_track mm/kasan/common.c:56 [inline]
__kasan_kmalloc mm/kasan/common.c:494 [inline]
__kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:467
kmem_cache_alloc_trace+0x153/0x7d0 mm/slab.c:3551
kmalloc include/linux/slab.h:555 [inline]
kzalloc include/linux/slab.h:669 [inline]
alloc_super+0x52/0x9d0 fs/super.c:203
sget_fc+0x13f/0x790 fs/super.c:530
vfs_get_super+0x6d/0x2d0 fs/super.c:1186
vfs_get_tree+0x89/0x2f0 fs/super.c:1547
do_new_mount fs/namespace.c:2874 [inline]
do_mount+0x1306/0x1b40 fs/namespace.c:3199
__do_sys_mount fs/namespace.c:3409 [inline]
__se_sys_mount fs/namespace.c:3386 [inline]
__x64_sys_mount+0x18f/0x230 fs/namespace.c:3386
do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
entry_SYSCALL_64_after_hwframe+0x49/0xb3
Freed by task 23:
save_stack+0x1b/0x40 mm/kasan/common.c:48
set_track mm/kasan/common.c:56 [inline]
kasan_set_free_info mm/kasan/common.c:316 [inline]
__kasan_slab_free+0xf7/0x140 mm/kasan/common.c:455
__cache_free mm/slab.c:3426 [inline]
kfree+0x109/0x2b0 mm/slab.c:3757
process_one_work+0x965/0x16a0 kernel/workqueue.c:2268
worker_thread+0x96/0xe20 kernel/workqueue.c:2414
kthread+0x388/0x470 kernel/kthread.c:268
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351
The buggy address belongs to the object at 88809fd7e000
which belongs to the cache kmalloc-4k of size 4096
Re: BUG: Bad rss-counter state (4)
syzbot has bisected this bug to:
commit 0d8dd67be013727ae57645ecd3ea2c36365d7da8
Author: Song Liu
Date: Wed Dec 6 22:45:14 2017 +
perf/headers: Sync new perf_event.h with the tools/include/uapi version
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13240a0210
start commit: ac935d22 Add linux-next specific files for 20200415
git tree: linux-next
final crash:https://syzkaller.appspot.com/x/report.txt?x=10a40a0210
console output: https://syzkaller.appspot.com/x/log.txt?x=17240a0210
kernel config: https://syzkaller.appspot.com/x/.config?x=bc498783097e9019
dashboard link: https://syzkaller.appspot.com/bug?extid=347e2331d03d06ab0224
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d18e6e10
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104170d610
Reported-by: syzbot+347e2331d03d06ab0...@syzkaller.appspotmail.com
Fixes: 0d8dd67be013 ("perf/headers: Sync new perf_event.h with the
tools/include/uapi version")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in kernfs_create_dir_ns
syzbot suspects this bug was fixed by commit: commit 810507fe6fd5ff3de429121adff49523fabb643a Author: Waiman Long Date: Thu Feb 6 15:24:08 2020 + locking/lockdep: Reuse freed chain_hlocks entries bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1008138be0 start commit: 72825454 Merge branch 'x86-urgent-for-linus' of git://git... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=9a31528e58cc12e2 dashboard link: https://syzkaller.appspot.com/bug?extid=38f5d5cf7ae88c46b11a syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12a6c439a0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1353c323a0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: locking/lockdep: Reuse freed chain_hlocks entries For information about bisection process see: https://goo.gl/tpsmEJ#bisection
WARNING in ext4_da_update_reserve_space
Hello,
syzbot found the following crash on:
HEAD commit:1a147b74 Merge branch 'DSA-mtu'
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14237713e0
kernel config: https://syzkaller.appspot.com/x/.config?x=46ee14d4915944bc
dashboard link: https://syzkaller.appspot.com/bug?extid=67e4f16db666b1c8253c
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12237713e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ec7c97e0
The bug was bisected to:
commit 658b0f92bc7003bc734471f61bf7cd56339eb8c3
Author: Murilo Opsfelder Araujo
Date: Wed Aug 1 21:33:15 2018 +
powerpc/traps: Print unhandled signals in a separate function
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15979f5be0
final crash:https://syzkaller.appspot.com/x/report.txt?x=17979f5be0
console output: https://syzkaller.appspot.com/x/log.txt?x=13979f5be0
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+67e4f16db666b1c82...@syzkaller.appspotmail.com
Fixes: 658b0f92bc70 ("powerpc/traps: Print unhandled signals in a separate
function")
EXT4-fs warning (device sda1): ext4_da_update_reserve_space:344:
ext4_da_update_reserve_space: ino 15722, used 1 with only 0 reserved data blocks
[ cut here ]
WARNING: CPU: 1 PID: 359 at fs/ext4/inode.c:348
ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:344
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 359 Comm: kworker/u4:5 Not tainted 5.6.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Workqueue: writeback wb_workfn (flush-8:0)
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x188/0x20d lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x35 kernel/panic.c:582
report_bug+0x27b/0x2f0 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:174 [inline]
fixup_bug arch/x86/kernel/traps.c:169 [inline]
do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267
do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:348
Code: 02 00 0f 85 94 01 00 00 48 8b 7d 28 49 c7 c0 20 72 3c 88 41 56 48 c7 c1
80 60 3c 88 53 ba 58 01 00 00 4c 89 c6 e8 1e 6d 0d 00 <0f> 0b 48 b8 00 00 00 00
00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04
RSP: 0018:c90002197288 EFLAGS: 00010296
RAX: RBX: 0001 RCX:
RDX: RSI: 820bf066 RDI: f52000432e21
RBP: 888086b744c8 R08: 0091 R09: ed1015ce6659
R10: ed1015ce6658 R11: 8880ae7332c7 R12: 0001
R13: 888086b74990 R14: R15: 888086b74a40
ext4_ext_map_blocks+0x24aa/0x37d0 fs/ext4/extents.c:4500
ext4_map_blocks+0x4cb/0x1650 fs/ext4/inode.c:622
mpage_map_one_extent fs/ext4/inode.c:2365 [inline]
mpage_map_and_submit_extent fs/ext4/inode.c:2418 [inline]
ext4_writepages+0x19eb/0x3080 fs/ext4/inode.c:2772
do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344
__writeback_single_inode+0x12a/0x1410 fs/fs-writeback.c:1452
writeback_sb_inodes+0x515/0xdd0 fs/fs-writeback.c:1716
wb_writeback+0x2a5/0xd90 fs/fs-writeback.c:1892
wb_do_writeback fs/fs-writeback.c:2037 [inline]
wb_workfn+0x339/0x11c0 fs/fs-writeback.c:2078
process_one_work+0x94b/0x1690 kernel/workqueue.c:2266
worker_thread+0x96/0xe20 kernel/workqueue.c:2412
kthread+0x357/0x430 kernel/kthread.c:255
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
INFO: rcu detected stall in netlink_sendmsg (4)
Hello, syzbot found the following crash on: HEAD commit:ae661dec Merge branch 'ifla_xdp_expected_fd' git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=12245647e0 kernel config: https://syzkaller.appspot.com/x/.config?x=b5acf5ac38a50651 dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9 compiler: gcc (GCC) 9.0.0 20181231 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0fb70e87d8e0ac278...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt self-detected stall on CPU rcu:0-: (1 GPs behind) idle=5c2/1/0x4002 softirq=376075/376076 fqs=5176 (t=10500 jiffies g=506061 q=176208) NMI backtrace for cpu 0 CPU: 0 PID: 17281 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x169/0x1b3 kernel/rcu/tree_stall.h:254 print_cpu_stall kernel/rcu/tree_stall.h:475 [inline] check_cpu_stall kernel/rcu/tree_stall.h:549 [inline] rcu_pending kernel/rcu/tree.c:3030 [inline] rcu_sched_clock_irq.cold+0x518/0xc55 kernel/rcu/tree.c:2276 update_process_times+0x25/0x60 kernel/time/timer.c:1726 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:171 tick_sched_timer+0x4e/0x140 kernel/time/tick-sched.c:1314 __run_hrtimer kernel/time/hrtimer.c:1517 [inline] __hrtimer_run_queues+0x32c/0xdd0 kernel/time/hrtimer.c:1579 hrtimer_interrupt+0x312/0x770 kernel/time/hrtimer.c:1641 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline] smp_apic_timer_interrupt+0x15b/0x600 arch/x86/kernel/apic/apic.c:1144 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline] RIP: 0010:lock_release+0x45f/0x7c0 kernel/locking/lockdep.c:4505 Code: 94 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 d0 02 00 00 48 83 3d 6d 1d 1b 08 00 0f 84 71 01 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 RSP: 0018:c90003d9ec30 EFLAGS: 0282 ORIG_RAX: ff13 RAX: 112e7698 RBX: 1920007b3d89 RCX: 1110098769b9 RDX: dc00 RSI: 1110098769c5 RDI: 0282 RBP: 88804c3b4540 R08: 0004 R09: fbfff14cc269 R10: fbfff14cc268 R11: 8a661347 R12: bc95c6993a9665e0 R13: 87a36fb1 R14: 88804c3b4dd0 R15: 0003 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:174 [inline] _raw_spin_unlock_bh+0x12/0x30 kernel/locking/spinlock.c:207 spin_unlock_bh include/linux/spinlock.h:383 [inline] batadv_tt_local_purge_pending_clients+0x2a1/0x3b0 net/batman-adv/translation-table.c:3914 batadv_tt_local_resize_to_mtu+0x96/0x130 net/batman-adv/translation-table.c:4198 batadv_update_min_mtu net/batman-adv/hard-interface.c:626 [inline] batadv_hardif_activate_interface.part.0.cold+0xc6/0x294 net/batman-adv/hard-interface.c:653 batadv_hardif_activate_interface net/batman-adv/hard-interface.c:800 [inline] batadv_hardif_enable_interface+0x9f2/0xaa0 net/batman-adv/hard-interface.c:792 batadv_softif_slave_add+0x92/0x150 net/batman-adv/soft-interface.c:859 do_set_master net/core/rtnetlink.c:2470 [inline] do_set_master+0x1d7/0x230 net/core/rtnetlink.c:2443 do_setlink+0xaa2/0x3680 net/core/rtnetlink.c:2605 __rtnl_newlink+0xad5/0x1590 net/core/rtnetlink.c:3266 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3391 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5454 netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2478 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 sys_sendmsg+0x6b9/0x7d0 net/socket.c:2343 ___sys_sendmsg+0x100/0x170 net/socket.c:2397 __sys_sendmsg+0xec/0x1b0 net/socket.c:2430 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c849 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7f043b72fc78 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 7f043b7306d4 RCX: 0045c849 RDX: RSI: 21c0 RDI: 0003 RBP: 0076bf00 R08: R09: R10:
kernel panic: smack: Failed to initialize cipso DOI.
Hello,
syzbot found the following crash on:
HEAD commit:1b649e0b Merge git://git.kernel.org/pub/scm/linux/kernel/g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14957099e0
kernel config: https://syzkaller.appspot.com/x/.config?x=4ac76c43beddbd9
dashboard link: https://syzkaller.appspot.com/bug?extid=89731ccb6fec15ce1c22
compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/
c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1202c375e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1390bb03e0
The bug was bisected to:
commit a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357
Author: Ken Cox
Date: Tue Nov 15 19:00:37 2016 +
ixgbe: test for trust in macvlan adjustments for VF
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13cb06f3e0
final crash:https://syzkaller.appspot.com/x/report.txt?x=102b06f3e0
console output: https://syzkaller.appspot.com/x/log.txt?x=17cb06f3e0
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+89731ccb6fec15ce1...@syzkaller.appspotmail.com
Fixes: a9d2d53a788a ("ixgbe: test for trust in macvlan adjustments for VF")
RSP: 002b:7ffebd499a38 EFLAGS: 0246 ORIG_RAX: 0001
RAX: ffda RBX: 7ffebd499a40 RCX: 004404e9
RDX: 0014 RSI: 2040 RDI: 0003
RBP: 0004 R08: 0001 R09: 7ffebd490031
R10: R11: 0246 R12: 00401dd0
R13: 00401e60 R14: R15:
Kernel panic - not syncing: smack: Failed to initialize cipso DOI.
CPU: 1 PID: 7197 Comm: syz-executor480 Not tainted 5.6.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1e9/0x30e lib/dump_stack.c:118
panic+0x264/0x7a0 kernel/panic.c:221
smk_cipso_doi+0x4d8/0x4e0 security/smack/smackfs.c:698
smk_write_doi+0x123/0x190 security/smack/smackfs.c:1595
__vfs_write+0xa7/0x710 fs/read_write.c:494
vfs_write+0x271/0x570 fs/read_write.c:558
ksys_write+0x115/0x220 fs/read_write.c:611
do_syscall_64+0xf3/0x1b0 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4404e9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83
5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:7ffebd499a38 EFLAGS: 0246 ORIG_RAX: 0001
RAX: ffda RBX: 7ffebd499a40 RCX: 004404e9
RDX: 0014 RSI: 2040 RDI: 0003
RBP: 0004 R08: 0001 R09: 7ffebd490031
R10: R11: 0246 R12: 00401dd0
R13: 00401e60 R14: R15:
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Re: KASAN: null-ptr-deref Write in blk_mq_map_swqueue
syzbot has bisected this bug to:
commit 768134d4f48109b90f4248feecbeeb7d684e410c
Author: Jens Axboe
Date: Mon Nov 11 03:30:53 2019 +
io_uring: don't do flush cancel under inflight_lock
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14233ef5e0
start commit: 1b649e0b Merge git://git.kernel.org/pub/scm/linux/kernel/g..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=16233ef5e0
console output: https://syzkaller.appspot.com/x/log.txt?x=12233ef5e0
kernel config: https://syzkaller.appspot.com/x/.config?x=27392dd2975fd692
dashboard link: https://syzkaller.appspot.com/bug?extid=313d95e8a7a49263f88d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13850447e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=119a26f5e0
Reported-by: syzbot+313d95e8a7a49263f...@syzkaller.appspotmail.com
Fixes: 768134d4f481 ("io_uring: don't do flush cancel under inflight_lock")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Write in hci_sock_bind (2)
syzbot has bisected this bug to:
commit 7d13eca09ed5e477f6ecfd97a35058762228b5e4
Author: Florian Fainelli
Date: Sat Aug 27 22:34:20 2016 +
Documentation: networking: dsa: Remove platform device TODO
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1746f3f9e0
start commit: 770fbb32 Add linux-next specific files for 20200228
git tree: linux-next
final crash:https://syzkaller.appspot.com/x/report.txt?x=14c6f3f9e0
console output: https://syzkaller.appspot.com/x/log.txt?x=10c6f3f9e0
kernel config: https://syzkaller.appspot.com/x/.config?x=576314276bce4ad5
dashboard link: https://syzkaller.appspot.com/bug?extid=04e804c8c2224b6a9497
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11fc5e75e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10707013e0
Reported-by: syzbot+04e804c8c2224b6a9...@syzkaller.appspotmail.com
Fixes: 7d13eca09ed5 ("Documentation: networking: dsa: Remove platform device
TODO")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in sctp_ulpevent_nofity_peer_addr_change
syzbot has bisected this bug to:
commit da2648390ce3d409218b6bbbf2386d8ddeec2265
Author: Lubomir Rintel
Date: Thu Dec 20 18:13:09 2018 +
pxa168fb: trivial typo fix
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1361e139e0
start commit: 5076190d mm: slub: be more careful about the double cmpxch..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=10e1e139e0
console output: https://syzkaller.appspot.com/x/log.txt?x=1761e139e0
kernel config: https://syzkaller.appspot.com/x/.config?x=9f894bd92023de02
dashboard link: https://syzkaller.appspot.com/bug?extid=3950016bd95c2ca0377b
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1162bbe3e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c93b45e0
Reported-by: syzbot+3950016bd95c2ca03...@syzkaller.appspotmail.com
Fixes: da2648390ce3 ("pxa168fb: trivial typo fix")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1074c2a9e0 start commit: d96d875e Merge tag 'fixes_for_v5.5-rc8' of git://git.kerne.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba dashboard link: https://syzkaller.appspot.com/bug?extid=c1a1fb435465986efe35 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e36185e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104a7a11e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16b8e545e0 start commit: d96d875e Merge tag 'fixes_for_v5.5-rc8' of git://git.kerne.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba dashboard link: https://syzkaller.appspot.com/bug?extid=6491ea8f6dddbf04930e syz repro: https://syzkaller.appspot.com/x/repro.syz?x=126748d6e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1385f959e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=122e7c1de0 start commit: d5d359b0 Merge branch 'for-linus' of git://git.kernel.org/.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba dashboard link: https://syzkaller.appspot.com/bug?extid=7b6206fb525c1f5ec3f8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15909f21e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141a1611e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10aef753e0 start commit: 4703d911 Merge tag 'xarray-5.5' of git://git.infradead.org.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=83c00afca9cf5153 dashboard link: https://syzkaller.appspot.com/bug?extid=a85062dec5d65617cc1c syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1301ed85e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14b7b79ee0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in idr_destroy
syzbot has bisected this bug to:
commit 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a
Author: Thomas Zimmermann
Date: Wed May 8 08:26:19 2019 +
drm/ast: Convert AST driver to |struct drm_gem_vram_object|
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15a66fb5e0
start commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=17a66fb5e0
console output: https://syzkaller.appspot.com/x/log.txt?x=13a66fb5e0
kernel config: https://syzkaller.appspot.com/x/.config?x=5d2e033af114153f
dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e978e3e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1a819e0
Reported-by: syzbot+05835159fe322770f...@syzkaller.appspotmail.com
Fixes: 5b3709793d15 ("drm/ast: Convert AST driver to |struct
drm_gem_vram_object|")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in j1939_netdev_start
syzbot has bisected this bug to:
commit 8330f73fe9742f201f467639f8356cf58756fb9f
Author: Jiri Pirko
Date: Wed Sep 4 07:40:47 2019 +
rocker: add missing init_net check in FIB notifier
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=165cdcb1e0
start commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=155cdcb1e0
console output: https://syzkaller.appspot.com/x/log.txt?x=115cdcb1e0
kernel config: https://syzkaller.appspot.com/x/.config?x=9833e26bab355358
dashboard link: https://syzkaller.appspot.com/bug?extid=f03d384f3455d28833eb
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=162b8331e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10f10a2de0
Reported-by: syzbot+f03d384f3455d2883...@syzkaller.appspotmail.com
Fixes: 8330f73fe974 ("rocker: add missing init_net check in FIB notifier")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
KMSAN: uninit-value in batadv_get_vid
Hello, syzbot found the following crash on: HEAD commit:8bbbc5cf kmsan: don't compile memmove git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=15471109e0 kernel config: https://syzkaller.appspot.com/x/.config?x=cd0e9a6b0e555cc3 dashboard link: https://syzkaller.appspot.com/bug?extid=0adb190024de0a0e265b compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1247c109e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1349a779e0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0adb190024de0a0e2...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650 CPU: 0 PID: 12317 Comm: syz-executor026 Not tainted 5.6.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650 batadv_interface_tx+0x30a/0x2450 net/batman-adv/soft-interface.c:212 __netdev_start_xmit include/linux/netdevice.h:4524 [inline] netdev_start_xmit include/linux/netdevice.h:4538 [inline] xmit_one net/core/dev.c:3470 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3486 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4063 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4096 __bpf_tx_skb net/core/filter.c:2061 [inline] __bpf_redirect_common net/core/filter.c:2100 [inline] __bpf_redirect+0x11d5/0x1440 net/core/filter.c:2107 bpf_clone_redirect net/core/filter.c:2140 [inline] bpf_clone_redirect+0x466/0x620 net/core/filter.c:2112 bpf_prog_bb15b996d00816f9+0x7a4/0x1000 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline] bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline] __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline] do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fc8d99 Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:ff9adc0c EFLAGS: 0246 ORIG_RAX: 0165 RAX: ffda RBX: 000a RCX: 2280 RDX: 0040 RSI: RDI: 005b RBP: R08: R09: R10: R11: R12: R13: R14: R15: Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82 slab_alloc_node mm/slub.c:2793 [inline] __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4401 __kmalloc_reserve net/core/skbuff.c:142 [inline] pskb_expand_head+0x20b/0x1b00 net/core/skbuff.c:1629 skb_ensure_writable+0x3ea/0x490 net/core/skbuff.c:5453 __bpf_try_make_writable net/core/filter.c:1635 [inline] bpf_try_make_writable net/core/filter.c:1641 [inline] bpf_try_make_head_writable net/core/filter.c:1649 [inline] bpf_clone_redirect net/core/filter.c:2134 [inline] bpf_clone_redirect+0x251/0x620 net/core/filter.c:2112 bpf_prog_bb15b996d00816f9+0x7a4/0x1000 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline] bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline] __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline] do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139 = --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for d
kernel panic: audit: backlog limit exceeded
Hello,
syzbot found the following crash on:
HEAD commit:36a44bcd Merge branch 'bnxt_en-shutdown-and-kexec-kdump-re..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=148bfdd9e0
kernel config: https://syzkaller.appspot.com/x/.config?x=768cc3d3e277cc16
dashboard link: https://syzkaller.appspot.com/bug?extid=9a5e789e4725b9ef1316
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151b1109e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=128bfdd9e0
The bug was bisected to:
commit 0c1b9970ddd4cc41002321c3877e7f91aacb896d
Author: Dan Carpenter
Date: Fri Jul 28 14:42:27 2017 +
staging: lustre: lustre: Off by two in lmv_fid2path()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17e6c3e9e0
final crash:https://syzkaller.appspot.com/x/report.txt?x=1416c3e9e0
console output: https://syzkaller.appspot.com/x/log.txt?x=1016c3e9e0
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9a5e789e4725b9ef1...@syzkaller.appspotmail.com
Fixes: 0c1b9970ddd4 ("staging: lustre: lustre: Off by two in lmv_fid2path()")
audit: audit_backlog=13 > audit_backlog_limit=7
audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=7
Kernel panic - not syncing: audit: backlog limit exceeded
CPU: 1 PID: 9913 Comm: syz-executor024 Not tainted 5.6.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
audit_panic.cold+0x32/0x32 kernel/audit.c:307
audit_log_lost kernel/audit.c:377 [inline]
audit_log_lost+0x8b/0x180 kernel/audit.c:349
audit_log_start kernel/audit.c:1788 [inline]
audit_log_start+0x70e/0x7c0 kernel/audit.c:1745
audit_log+0x95/0x120 kernel/audit.c:2345
xt_replace_table+0x61d/0x830 net/netfilter/x_tables.c:1413
__do_replace+0x1da/0x950 net/ipv6/netfilter/ip6_tables.c:1084
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x33a/0x4c8 net/ipv6/netfilter/ip6_tables.c:1681
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115
ipv6_setsockopt net/ipv6/ipv6_sockglue.c:949 [inline]
ipv6_setsockopt+0x147/0x180 net/ipv6/ipv6_sockglue.c:933
tcp_setsockopt net/ipv4/tcp.c:3165 [inline]
tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159
sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149
__sys_setsockopt+0x261/0x4c0 net/socket.c:2130
__do_sys_setsockopt net/socket.c:2146 [inline]
__se_sys_setsockopt net/socket.c:2143 [inline]
__x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44720a
Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1a e0 fb ff c3 66
0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83
fa df fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:7ffd032dec78 EFLAGS: 0286 ORIG_RAX: 0036
RAX: ffda RBX: 0003 RCX: 0044720a
RDX: 0040 RSI: 0029 RDI: 0003
RBP: 7ffd032deda0 R08: 03b8 R09: 4000
R10: 006d7b40 R11: 0286 R12: 7ffd032deca0
R13: 006d9d60 R14: 0029 R15: 006d7ba0
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Re: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13435a7ee0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d9290aeb7e6cf1c4 dashboard link: https://syzkaller.appspot.com/bug?extid=33fc3ad6fa11675e1a7e userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15982cc9e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11be38d6e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17079245e0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d9290aeb7e6cf1c4 dashboard link: https://syzkaller.appspot.com/bug?extid=b554d01b6c7870b17da2 userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145948d6e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16202cc9e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_destroy
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17fc79b5e0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cfbb8fa33f49f9f3 dashboard link: https://syzkaller.appspot.com/bug?extid=8b5f151de2f35100bbc5 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12e22559e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16056faee0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
general protection fault in batadv_iv_ogm_schedule_buff
Hello, syzbot found the following crash on: HEAD commit:2019fc96 Merge git://git.kernel.org/pub/scm/linux/kernel/g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16ebaae6e0 kernel config: https://syzkaller.appspot.com/x/.config?x=735296e4dd620b10 dashboard link: https://syzkaller.appspot.com/bug?extid=a98f2016f40b9cd3818a compiler: gcc (GCC) 9.0.0 20181231 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+a98f2016f40b9cd38...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc02: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0010-0x0017] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.6.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff+0x3f4/0x12d0 net/batman-adv/bat_iv_ogm.c:814 Code: c1 ea 03 80 3c 02 00 0f 85 e5 0d 00 00 4d 8b a7 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 16 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b8 RSP: 0018:c9dd7bb8 EFLAGS: 00010203 RAX: dc00 RBX: RCX: 11101537d9c1 RDX: 0002 RSI: 87cc2c28 RDI: 0016 RBP: c9dd7ca8 R08: 0004 R09: 8880a9bece10 R10: fbfff154b460 R11: 8aa5a307 R12: R13: 0001 R14: c9dd7c40 R15: 8880a9aa0800 FS: () GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: ff600400 CR3: 8f5a3000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:865 [inline] batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:858 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x5da/0x7c0 net/batman-adv/bat_iv_ogm.c:1718 process_one_work+0xa05/0x17a0 kernel/workqueue.c:2264 worker_thread+0x98/0xe40 kernel/workqueue.c:2410 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 101b07e3062bfd0c ]--- RIP: 0010:batadv_iv_ogm_schedule_buff+0x3f4/0x12d0 net/batman-adv/bat_iv_ogm.c:814 Code: c1 ea 03 80 3c 02 00 0f 85 e5 0d 00 00 4d 8b a7 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 16 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b8 RSP: 0018:c9dd7bb8 EFLAGS: 00010203 RAX: dc00 RBX: RCX: 11101537d9c1 RDX: 0002 RSI: 87cc2c28 RDI: 0016 RBP: c9dd7ca8 R08: 0004 R09: 8880a9bece10 R10: fbfff154b460 R11: 8aa5a307 R12: R13: 0001 R14: c9dd7c40 R15: 8880a9aa0800 FS: () GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: ff600400 CR3: 9d9e7000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
general protection fault in batadv_iv_ogm_schedule
Hello, syzbot found the following crash on: HEAD commit:f7571657 Merge tag 'fuse-fixes-5.6-rc1' of git://git.kerne.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12dddbbee0 kernel config: https://syzkaller.appspot.com/x/.config?x=7f1d914a74bd6ddc dashboard link: https://syzkaller.appspot.com/bug?extid=ac36b6a33c28a491e929 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+ac36b6a33c28a491e...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc02: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0010-0x0017] CPU: 0 PID: 465 Comm: kworker/u4:5 Not tainted 5.5.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:814 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x220/0xf00 net/batman-adv/bat_iv_ogm.c:865 Code: e8 35 ef bf f9 4c 89 ad 60 ff ff ff 4d 8b 75 00 66 41 c1 c7 08 49 8d 5e 16 48 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df <42> 8a 04 28 84 c0 0f 85 e0 0b 00 00 66 44 89 3b 4c 89 a5 78 ff ff RSP: 0018:c90002887b78 EFLAGS: 00010203 RAX: 0002 RBX: 0016 RCX: 111012580611 RDX: RSI: 8880a80449b0 RDI: 0282 RBP: c90002887c38 R08: dc00 R09: fbfff12d3605 R10: fbfff12d3605 R11: R12: 888092c03000 R13: dc00 R14: R15: FS: () GS:8880aea0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0075bfd4 CR3: 90ab CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_send_outstanding_bat_ogm_packet+0x664/0x770 net/batman-adv/bat_iv_ogm.c:1718 process_one_work+0x7f5/0x10f0 kernel/workqueue.c:2264 worker_thread+0xbbc/0x1630 kernel/workqueue.c:2410 kthread+0x332/0x350 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace eddf69e5e4c9f596 ]--- RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:814 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x220/0xf00 net/batman-adv/bat_iv_ogm.c:865 Code: e8 35 ef bf f9 4c 89 ad 60 ff ff ff 4d 8b 75 00 66 41 c1 c7 08 49 8d 5e 16 48 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df <42> 8a 04 28 84 c0 0f 85 e0 0b 00 00 66 44 89 3b 4c 89 a5 78 ff ff RSP: 0018:c90002887b78 EFLAGS: 00010203 RAX: 0002 RBX: 0016 RCX: 111012580611 RDX: RSI: 8880a80449b0 RDI: 0282 RBP: c90002887c38 R08: dc00 R09: fbfff12d3605 R10: fbfff12d3605 R11: R12: 888092c03000 R13: dc00 R14: R15: FS: () GS:8880aea0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0075bfd4 CR3: 9c67b000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
possible deadlock in pty_write
Hello,
syzbot found the following crash on:
HEAD commit:ccaaaf6f Merge tag 'mpx-for-linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11bc585ee0
kernel config: https://syzkaller.appspot.com/x/.config?x=879390c6b09ccf66
dashboard link: https://syzkaller.appspot.com/bug?extid=3118a33395397bb6b0ca
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=165bda4ee0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1646a85ee0
The bug was bisected to:
commit 65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb
Author: Heiner Kallweit
Date: Mon Aug 12 21:52:19 2019 +
net: phy: let phy_speed_down/up support speeds >1Gbps
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1764f735e0
final crash:https://syzkaller.appspot.com/x/report.txt?x=14e4f735e0
console output: https://syzkaller.appspot.com/x/log.txt?x=10e4f735e0
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3118a33395397bb6b...@syzkaller.appspotmail.com
Fixes: 65b27995a4ab ("net: phy: let phy_speed_down/up support speeds >1Gbps")
==
WARNING: possible circular locking dependency detected
5.5.0-syzkaller #0 Not tainted
--
syz-executor465/10262 is trying to acquire lock:
89b9f960 (console_owner){-.-.}, at: console_trylock_spinning
kernel/printk/printk.c:1724 [inline]
89b9f960 (console_owner){-.-.}, at: vprintk_emit+0x3fd/0x700
kernel/printk/printk.c:1995
but task is already holding lock:
88808d6b7940 (&(>lock)->rlock){-.-.}, at: pty_write+0xff/0x200
drivers/tty/pty.c:120
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 (&(>lock)->rlock){-.-.}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:159
tty_port_tty_get+0x24/0x100 drivers/tty/tty_port.c:287
tty_port_default_wakeup+0x16/0x40 drivers/tty/tty_port.c:47
tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:387
uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:104
serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1760
serial8250_handle_irq.part.0+0x261/0x2b0
drivers/tty/serial/8250/8250_port.c:1833
serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1819 [inline]
serial8250_default_handle_irq+0xc0/0x150
drivers/tty/serial/8250/8250_port.c:1849
serial8250_interrupt+0xf1/0x1a0 drivers/tty/serial/8250/8250_core.c:126
__handle_irq_event_percpu+0x15d/0x970 kernel/irq/handle.c:149
handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189
handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206
handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:830
generic_handle_irq_desc include/linux/irqdesc.h:156 [inline]
do_IRQ+0xde/0x280 arch/x86/kernel/irq.c:250
ret_from_intr+0x0/0x36
arch_local_irq_restore arch/x86/include/asm/paravirt.h:752 [inline]
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160
[inline]
_raw_spin_unlock_irqrestore+0x90/0xe0 kernel/locking/spinlock.c:191
spin_unlock_irqrestore include/linux/spinlock.h:393 [inline]
uart_write+0x3b6/0x6f0 drivers/tty/serial/serial_core.c:613
process_output_block drivers/tty/n_tty.c:595 [inline]
n_tty_write+0x40e/0x1080 drivers/tty/n_tty.c:2333
do_tty_write drivers/tty/tty_io.c:962 [inline]
tty_write+0x496/0x7f0 drivers/tty/tty_io.c:1046
redirected_tty_write+0xb2/0xc0 drivers/tty/tty_io.c:1067
__vfs_write+0x8a/0x110 fs/read_write.c:494
vfs_write+0x268/0x5d0 fs/read_write.c:558
ksys_write+0x14f/0x290 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:620
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> #1 (_lock_key){-.-.}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:159
serial8250_console_write+0x253/0x9a0
drivers/tty/serial/8250/8250_port.c:3142
univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:587
call_console_drivers kernel/printk/printk.c:1791 [inline]
console_unlock+0xb7a/0xf00 kernel/printk/printk.c:2473
vprintk_emit+0x2a0/0x700 kernel/printk/printk.c:1996
vprintk_default+0x28/0x30 kernel/printk/printk.c:2023
vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:386
printk+0xba/0xed kernel/printk/printk.c:2056
register_conso
KMSAN: uninit-value in batadv_bla_tx
Hello, syzbot found the following crash on: HEAD commit:686a4f77 kmsan: don't compile memmove git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=10b1da4ee0 kernel config: https://syzkaller.appspot.com/x/.config?x=e10654781bc1f11c dashboard link: https://syzkaller.appspot.com/bug?extid=37bad4f9cb2033876f32 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=102be0a1e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123105a5e0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+37bad4f9cb2033876...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_bla_tx+0x2675/0x3730 net/batman-adv/bridge_loop_avoidance.c:1960 CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_bla_tx+0x2675/0x3730 net/batman-adv/bridge_loop_avoidance.c:1960 batadv_interface_tx+0x67c/0x2450 net/batman-adv/soft-interface.c:239 __netdev_start_xmit include/linux/netdevice.h:4447 [inline] netdev_start_xmit include/linux/netdevice.h:4461 [inline] xmit_one net/core/dev.c:3420 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3436 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4013 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4046 hsr_xmit net/hsr/hsr_forward.c:228 [inline] hsr_forward_do net/hsr/hsr_forward.c:285 [inline] hsr_forward_skb+0x2614/0x30d0 net/hsr/hsr_forward.c:361 hsr_handle_frame+0x385/0x4b0 net/hsr/hsr_slave.c:43 __netif_receive_skb_core+0x21de/0x5840 net/core/dev.c:5051 __netif_receive_skb_one_core net/core/dev.c:5148 [inline] __netif_receive_skb net/core/dev.c:5264 [inline] process_backlog+0x936/0x1410 net/core/dev.c:6095 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x786/0x1ab0 net/core/dev.c:6600 __do_softirq+0x311/0x83d kernel/softirq.c:293 run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 smpboot_thread_fn+0x493/0x980 kernel/smpboot.c:165 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 pskb_expand_head+0x38b/0x1b00 net/core/skbuff.c:1637 __skb_pad+0x47f/0x900 net/core/skbuff.c:1805 __skb_put_padto include/linux/skbuff.h:3193 [inline] skb_put_padto include/linux/skbuff.h:3212 [inline] send_hsr_supervision_frame+0x122d/0x1500 net/hsr/hsr_device.c:310 hsr_announce+0x1e2/0x370 net/hsr/hsr_device.c:341 call_timer_fn+0x218/0x510 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xcff/0x1210 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x311/0x83d kernel/softirq.c:293 Uninit was created at: kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:307 [inline] kmsan_alloc_page+0x12a/0x310 mm/kmsan/kmsan_shadow.c:336 __alloc_pages_nodemask+0x57f2/0x5f60 mm/page_alloc.c:4800 __alloc_pages include/linux/gfp.h:498 [inline] __alloc_pages_node include/linux/gfp.h:511 [inline] alloc_pages_node include/linux/gfp.h:525 [inline] __page_frag_cache_refill mm/page_alloc.c:4875 [inline] page_frag_alloc+0x3ae/0x910 mm/page_alloc.c:4905 __napi_alloc_skb+0x193/0xa60 net/core/skbuff.c:519 napi_alloc_skb include/linux/skbuff.h:2825 [inline] page_to_skb+0x19f/0x1100 drivers/net/virtio_net.c:384 receive_mergeable drivers/net/virtio_net.c:924 [inline] receive_buf+0xe57/0x8ac0 drivers/net/virtio_net.c:1033 virtnet_receive drivers/net/virtio_net.c:1323 [inline] virtnet_poll+0x64b/0x19f0 drivers/net/virtio_net.c:1428 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x786/0x1ab0 net/core/dev.c:6600 __do_softirq+0x311/0x83d kernel/softirq.c:293 = --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches
KMSAN: uninit-value in batadv_interface_tx (2)
Hello, syzbot found the following crash on: HEAD commit:686a4f77 kmsan: don't compile memmove git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=11aff3c9e0 kernel config: https://syzkaller.appspot.com/x/.config?x=e10654781bc1f11c dashboard link: https://syzkaller.appspot.com/bug?extid=24458cef7d37351dd0c3 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+24458cef7d37351dd...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_interface_tx+0x10cf/0x2450 net/batman-adv/soft-interface.c:264 CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_interface_tx+0x10cf/0x2450 net/batman-adv/soft-interface.c:264 __netdev_start_xmit include/linux/netdevice.h:4447 [inline] netdev_start_xmit include/linux/netdevice.h:4461 [inline] xmit_one net/core/dev.c:3420 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3436 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4013 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4046 hsr_xmit net/hsr/hsr_forward.c:228 [inline] hsr_forward_do net/hsr/hsr_forward.c:285 [inline] hsr_forward_skb+0x2614/0x30d0 net/hsr/hsr_forward.c:361 hsr_handle_frame+0x385/0x4b0 net/hsr/hsr_slave.c:43 __netif_receive_skb_core+0x21de/0x5840 net/core/dev.c:5051 __netif_receive_skb_one_core net/core/dev.c:5148 [inline] __netif_receive_skb net/core/dev.c:5264 [inline] process_backlog+0x936/0x1410 net/core/dev.c:6095 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x786/0x1ab0 net/core/dev.c:6600 __do_softirq+0x311/0x83d kernel/softirq.c:293 run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 smpboot_thread_fn+0x493/0x980 kernel/smpboot.c:165 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 pskb_expand_head+0x38b/0x1b00 net/core/skbuff.c:1637 __skb_pad+0x47f/0x900 net/core/skbuff.c:1805 __skb_put_padto include/linux/skbuff.h:3193 [inline] skb_put_padto include/linux/skbuff.h:3212 [inline] send_hsr_supervision_frame+0x122d/0x1500 net/hsr/hsr_device.c:310 hsr_announce+0x1e2/0x370 net/hsr/hsr_device.c:341 call_timer_fn+0x218/0x510 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xcff/0x1210 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x311/0x83d kernel/softirq.c:293 Uninit was created at: kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:307 [inline] kmsan_alloc_page+0x12a/0x310 mm/kmsan/kmsan_shadow.c:336 __alloc_pages_nodemask+0x57f2/0x5f60 mm/page_alloc.c:4800 __alloc_pages include/linux/gfp.h:498 [inline] __alloc_pages_node include/linux/gfp.h:511 [inline] alloc_pages_node include/linux/gfp.h:525 [inline] __page_frag_cache_refill mm/page_alloc.c:4875 [inline] page_frag_alloc+0x3ae/0x910 mm/page_alloc.c:4905 __netdev_alloc_skb+0x703/0xbb0 net/core/skbuff.c:455 __netdev_alloc_skb_ip_align include/linux/skbuff.h:2801 [inline] netdev_alloc_skb_ip_align include/linux/skbuff.h:2811 [inline] batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:558 [inline] batadv_iv_ogm_queue_add+0x10da/0x1900 net/batman-adv/bat_iv_ogm.c:670 batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:829 [inline] batadv_iv_ogm_schedule+0xcf1/0x13c0 net/batman-adv/bat_iv_ogm.c:865 batadv_iv_send_outstanding_bat_ogm_packet+0xbae/0xd50 net/batman-adv/bat_iv_ogm.c:1718 process_one_work+0x1552/0x1ef0 kernel/workqueue.c:2264 worker_thread+0xef6/0x2450 kernel/workqueue.c:2410 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 = --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy
syzbot has bisected this bug to:
commit b9a1e627405d68d475a3c1f35e685ccfb5bbe668
Author: Cong Wang
Date: Thu Jul 4 00:21:13 2019 +
hsr: implement dellink to clean up resources
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=123fce01e0
start commit: 4703d911 Merge tag 'xarray-5.5' of git://git.infradead.org..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=113fce01e0
console output: https://syzkaller.appspot.com/x/log.txt?x=163fce01e0
kernel config: https://syzkaller.appspot.com/x/.config?x=83c00afca9cf5153
dashboard link: https://syzkaller.appspot.com/bug?extid=a85062dec5d65617cc1c
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1301ed85e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14b7b79ee0
Reported-by: syzbot+a85062dec5d65617c...@syzkaller.appspotmail.com
Fixes: b9a1e627405d ("hsr: implement dellink to clean up resources")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in __proc_create (2)
syzbot has bisected this bug to:
commit f4b3526d83c40dd8bf5948b9d7a1b2c340f0dcc8
Author: David Howells
Date: Thu Nov 2 15:27:48 2017 +
afs: Connect up the CB.ProbeUuid
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1627a721e0
start commit: d96d875e Merge tag 'fixes_for_v5.5-rc8' of git://git.kerne..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=1527a721e0
console output: https://syzkaller.appspot.com/x/log.txt?x=1127a721e0
kernel config: https://syzkaller.appspot.com/x/.config?x=83c00afca9cf5153
dashboard link: https://syzkaller.appspot.com/bug?extid=b904ba7c947a37b4b291
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12c96185e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14f859c9e0
Reported-by: syzbot+b904ba7c947a37b4b...@syzkaller.appspotmail.com
Fixes: f4b3526d83c4 ("afs: Connect up the CB.ProbeUuid")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_destroy
syzbot has bisected this bug to:
commit 354d0fab649d47045517cf7cae03d653a4dcb3b8
Author: Peng Li
Date: Thu Jul 4 14:04:26 2019 +
net: hns3: add default value for tc_size and tc_offset
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15cc0685e0
start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=17cc0685e0
console output: https://syzkaller.appspot.com/x/log.txt?x=13cc0685e0
kernel config: https://syzkaller.appspot.com/x/.config?x=cfbb8fa33f49f9f3
dashboard link: https://syzkaller.appspot.com/bug?extid=8b5f151de2f35100bbc5
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12e22559e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16056faee0
Reported-by: syzbot+8b5f151de2f35100b...@syzkaller.appspotmail.com
Fixes: 354d0fab649d ("net: hns3: add default value for tc_size and tc_offset")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup
syzbot has bisected this bug to:
commit ff95bf28c23490584b9d75913a520bb7bb1f2ecb
Author: Po-Hsu Lin
Date: Mon Jul 1 04:40:31 2019 +
selftests/net: skip psock_tpacket test if KALLSYMS was not enabled
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17e2e966e0
start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke..
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=1412e966e0
console output: https://syzkaller.appspot.com/x/log.txt?x=1012e966e0
kernel config: https://syzkaller.appspot.com/x/.config?x=d9290aeb7e6cf1c4
dashboard link: https://syzkaller.appspot.com/bug?extid=33fc3ad6fa11675e1a7e
userspace arch: i386
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15982cc9e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11be38d6e0
Reported-by: syzbot+33fc3ad6fa11675e1...@syzkaller.appspotmail.com
Fixes: ff95bf28c234 ("selftests/net: skip psock_tpacket test if KALLSYMS was
not enabled")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
syzbot has bisected this bug to:
commit 0d581ba311a27762fe1a14e5db5f65d225b3d844
Author: Yonglong Liu
Date: Wed Jul 3 11:12:30 2019 +
net: hns: add support for vlan TSO
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16d5dfaee0
start commit: def9d278 Linux 5.5-rc7
git tree: upstream
final crash:https://syzkaller.appspot.com/x/report.txt?x=15d5dfaee0
console output: https://syzkaller.appspot.com/x/log.txt?x=11d5dfaee0
kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba
dashboard link: https://syzkaller.appspot.com/bug?extid=c1a1fb435465986efe35
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=153ac495e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=153471d1e0
Reported-by: syzbot+c1a1fb435465986ef...@syzkaller.appspotmail.com
Fixes: 0d581ba311a2 ("net: hns: add support for vlan TSO")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup
syzbot has bisected this bug to:
commit d68dbb0c9ac8b1ff52eb09aa58ce6358400fa939
Author: Christian Brauner
Date: Thu Jun 20 23:26:35 2019 +
arch: handle arches who do not yet define clone3
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1456fed1e0
start commit: 09d4f10a net: sched: act_ctinfo: fix memory leak
git tree: net
final crash:https://syzkaller.appspot.com/x/report.txt?x=1656fed1e0
console output: https://syzkaller.appspot.com/x/log.txt?x=1256fed1e0
kernel config: https://syzkaller.appspot.com/x/.config?x=7e89bd00623fe71e
dashboard link: https://syzkaller.appspot.com/bug?extid=6491ea8f6dddbf04930e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=141af959e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1067fa85e0
Reported-by: syzbot+6491ea8f6dddbf049...@syzkaller.appspotmail.com
Fixes: d68dbb0c9ac8 ("arch: handle arches who do not yet define clone3")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_ext_cleanup
syzbot has bisected this bug to:
commit 3d26eb8ad1e9b906433903ce05f775cf038e747f
Author: Nikolay Aleksandrov
Date: Tue Jul 2 12:00:20 2019 +
net: bridge: don't cache ether dest pointer on input
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17bb1cc9e0
start commit: 9aaa2949 Merge branch '1GbE' of git://git.kernel.org/pub/s..
git tree: net-next
final crash:https://syzkaller.appspot.com/x/report.txt?x=147b1cc9e0
console output: https://syzkaller.appspot.com/x/log.txt?x=107b1cc9e0
kernel config: https://syzkaller.appspot.com/x/.config?x=66d8660c57ff3c98
dashboard link: https://syzkaller.appspot.com/bug?extid=b554d01b6c7870b17da2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15db12a5e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15316faee0
Reported-by: syzbot+b554d01b6c7870b17...@syzkaller.appspotmail.com
Fixes: 3d26eb8ad1e9 ("net: bridge: don't cache ether dest pointer on input")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup
syzbot has bisected this bug to:
commit 2f9b0d93a9d3ec64558537ab5d7cff820886afa4
Author: Keerthy
Date: Mon Jun 24 05:16:19 2019 +
net: ethernet: ti: cpsw: Fix suspend/resume break
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17fcf959e0
start commit: e02d9c4c Merge branch 'bnxt_en-fixes'
git tree: net
final crash:https://syzkaller.appspot.com/x/report.txt?x=1402f959e0
console output: https://syzkaller.appspot.com/x/log.txt?x=1002f959e0
kernel config: https://syzkaller.appspot.com/x/.config?x=7e89bd00623fe71e
dashboard link: https://syzkaller.appspot.com/bug?extid=7b6206fb525c1f5ec3f8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16551cc9e0
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14a04966e0
Reported-by: syzbot+7b6206fb525c1f5ec...@syzkaller.appspotmail.com
Fixes: 2f9b0d93a9d3 ("net: ethernet: ti: cpsw: Fix suspend/resume break")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: Re: WARNING: bad unlock balance in __dev_queue_xmit
#syz dup: WARNING: bad unlock balance in sch_direct_xmit Your 'dup:' command is accepted, but please keep syzkaller-b...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
