Re: [syzbot] [tipc?] [batman?] BUG: soft lockup in sys_sendmsg
syzbot has found a reproducer for the following issue on: HEAD commit:707081b61156 Merge branch 'for-next/core', remote-tracking.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=134d4fa518 kernel config: https://syzkaller.appspot.com/x/.config?x=caeac3f3565b057a dashboard link: https://syzkaller.appspot.com/bug?extid=a6a4b5bb3da165594cff compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=139a4c8118 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108b0ac918 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/6cad68bf7532/disk-707081b6.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1a27e5400778/vmlinux-707081b6.xz kernel image: https://storage.googleapis.com/syzbot-assets/67dfc53755d0/Image-707081b6.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [syz-executor227:7772] Modules linked in: irq event stamp: 5373 hardirqs last enabled at (5372): [] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:85 [inline] hardirqs last enabled at (5372): [] exit_to_kernel_mode+0xdc/0x10c arch/arm64/kernel/entry-common.c:95 hardirqs last disabled at (5373): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (5373): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (542): [] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (542): [] release_sock+0x154/0x1b8 net/core/sock.c:3547 softirqs last disabled at (548): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (548): [] lock_sock_nested+0x74/0x11c net/core/sock.c:3526 CPU: 0 PID: 7772 Comm: syz-executor227 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 0045 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : queued_spin_lock_slowpath+0x15c/0xcf8 kernel/locking/qspinlock.c:383 lr : queued_spin_lock_slowpath+0x168/0xcf8 kernel/locking/qspinlock.c:383 sp : 800097ca76c0 x29: 800097ca7760 x28: 1fffe00018e1be6b x27: 100012f94ee4 x26: dfff8000 x25: 1fffe00018e1be6d x24: 800097ca76e0 x23: 800097ca7720 x22: 700012f94edc x21: 0001 x20: 0001 x19: c70df358 x18: x17: x16: 8000809fd934 x15: 0001 x14: 1fffe00018e1be6b x13: x12: x11: 600018e1be6c x10: 1fffe00018e1be6b x9 : x8 : 0001 x7 : 800088eaf8bc x6 : x5 : x4 : 0001 x3 : 80008ae5db50 x2 : x1 : 0001 x0 : 0001 Call trace: __cmpwait_case_8 arch/arm64/include/asm/cmpxchg.h:229 [inline] __cmpwait arch/arm64/include/asm/cmpxchg.h:257 [inline] queued_spin_lock_slowpath+0x15c/0xcf8 kernel/locking/qspinlock.c:383 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline] do_raw_spin_lock+0x320/0x348 kernel/locking/spinlock_debug.c:116 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline] _raw_spin_lock_bh+0x50/0x60 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] lock_sock_nested+0x74/0x11c net/core/sock.c:3526 lock_sock include/net/sock.h:1691 [inline] tipc_sendstream+0x50/0x84 net/tipc/socket.c:1550 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sys_sendmsg+0x56c/0x840 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x26c/0x33c net/socket.c:2667 __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
Re: [syzbot] [batman?] [bpf?] possible deadlock in lock_timer_base
syzbot has found a reproducer for the following issue on: HEAD commit:35c3e2791756 Revert "net: Re-use and set mono_delivery_tim.. git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=1056918118 kernel config: https://syzkaller.appspot.com/x/.config?x=6fb1be60a193d440 dashboard link: https://syzkaller.appspot.com/bug?extid=8983d6d4f7df556be565 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13d9fa4e18 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137afac918 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/26b55a26fc12/disk-35c3e279.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/6f39fa55c828/vmlinux-35c3e279.xz kernel image: https://storage.googleapis.com/syzbot-assets/e1e0501539e6/bzImage-35c3e279.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8983d6d4f7df556be...@syzkaller.appspotmail.com = WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected 6.8.0-syzkaller-05228-g35c3e2791756 #0 Not tainted - rcu_preempt/16 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: 888021c65020 (>buckets[i].lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] 888021c65020 (>buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xb0/0x300 net/core/sock_map.c:939 and this task is already holding: 8880b952a758 (>lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051 which would create a new lock dependency: (>lock){-.-.}-{2:2} -> ( >buckets[i].lock){+...}-{2:2} but this new dependency connects a HARDIRQ-irq-safe lock: (>lock){-.-.}-{2:2} ... which became HARDIRQ-irq-safe at: lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 lock_timer_base+0x112/0x240 kernel/time/timer.c:1051 add_timer_on+0x1e5/0x5c0 kernel/time/timer.c:1366 handle_irq_event_percpu kernel/irq/handle.c:195 [inline] handle_irq_event+0xad/0x1f0 kernel/irq/handle.c:210 handle_level_irq+0x3c5/0x6e0 kernel/irq/chip.c:648 generic_handle_irq_desc include/linux/irqdesc.h:161 [inline] handle_irq arch/x86/kernel/irq.c:238 [inline] __common_interrupt+0x13a/0x230 arch/x86/kernel/irq.c:257 common_interrupt+0xa5/0xd0 arch/x86/kernel/irq.c:247 asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] _raw_spin_unlock_irqrestore+0xd8/0x140 kernel/locking/spinlock.c:194 __setup_irq+0x1277/0x1cf0 kernel/irq/manage.c:1818 request_threaded_irq+0x2ab/0x380 kernel/irq/manage.c:2202 request_irq include/linux/interrupt.h:168 [inline] setup_default_timer_irq+0x25/0x60 arch/x86/kernel/time.c:70 x86_late_time_init+0x66/0xc0 arch/x86/kernel/time.c:94 start_kernel+0x3f3/0x500 init/main.c:1039 x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:509 x86_64_start_kernel+0x99/0xa0 arch/x86/kernel/head64.c:490 common_startup_64+0x13e/0x147 to a HARDIRQ-irq-unsafe lock: (>buckets[i].lock){+...}-{2:2} ... which became HARDIRQ-irq-unsafe at: ... lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] sock_hash_free+0x164/0x820 net/core/sock_map.c:1154 bpf_map_free_deferred+0xe6/0x110 kernel/bpf/syscall.c:734 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0CPU1 lock(>buckets[i].lock ); local_irq_disable(); lock(>lock); lock(>buckets[i].lock ); lock(>lock); *** DEADLOCK *** 2 locks held by rcu_preempt/16: #0: 8880b952a758 (>lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240 kernel/time/timer.c:1051 #1: 8e131920 (rcu_read_lock ){}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] ){}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] ){}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline] ){}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420 the dependencie
Re: [syzbot] [batman?] BUG: soft lockup in sys_sendmsg
> On Monday, 12 February 2024 11:26:24 CET syzbot wrote: >> syzbot found the following issue on: >> >> HEAD commit:41bccc98fb79 Linux 6.8-rc2 >> git tree: >> git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci >> console output: https://syzkaller.appspot.com/x/log.txt?x=1420011818 >> kernel config: https://syzkaller.appspot.com/x/.config?x=451a1e62b11ea4a6 >> dashboard link: https://syzkaller.appspot.com/bug?extid=a6a4b5bb3da165594cff >> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for >> Debian) 2.40 >> userspace arch: arm64 >> >> Unfortunately, I don't have any reproducer for this issue yet. >> >> Downloadable assets: >> disk image: >> https://storage.googleapis.com/syzbot-assets/0772069e29cf/disk-41bccc98.raw.xz >> vmlinux: >> https://storage.googleapis.com/syzbot-assets/659d3f0755b7/vmlinux-41bccc98.xz >> kernel image: >> https://storage.googleapis.com/syzbot-assets/7780a45c3e51/Image-41bccc98.gz.xz >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com >> > > #syz test This crash does not have a reproducer. I cannot test it. > > From 5984ace8f8df7cf8d6f98ded0eebe7d962028992 Mon Sep 17 00:00:00 2001 > From: Sven Eckelmann > Date: Mon, 12 Feb 2024 13:10:33 +0100 > Subject: [PATCH] batman-adv: Avoid infinite loop trying to resize local TT > > If the MTU of one of an attached interface becomes too small to transmit > the local translation table then it must be resized to fit inside all > fragments (when enabled) or a single packet. > > But if the MTU becomes too low to transmit even the header + the VLAN > specific part then the resizing of the local TT will never succeed. This > can for example happen when the usable space is 110 bytes and 11 VLANs are > on top of batman-adv. In this case, at least 116 byte would be needed. > There will just be an endless spam of > >batman_adv: batadv0: Forced to purge local tt entries to fit new maximum > fragment MTU (110) > > in the log but the function will never finish. Problem here is that the > timeout will be halved in each step and will then stagnate at 0 and > therefore never be able to reduce the table even more. > > There are other scenarios possible with a similar result. The number of > BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too > high to fit inside a packet. Such a scenario can therefore happen also with > only a single VLAN + 7 non-purgable addresses - requiring at least 120 > bytes. > > While this should be handled proactively when: > > * interface with too low MTU is added > * VLAN is added > * non-purgeable local mac is added > * MTU of an attached interface is reduced > * fragmentation setting gets disabled (which most likely requires dropping > attached interfaces) > > not all of these scenarios can be prevented because batman-adv is only > consuming events without the the possibility to prevent these actions > (non-purgable MAC address added, MTU of an attached interface is reduced). > It is therefore necessary to also make sure that the code is able to handle > also the situations when there were already incompatible system > configurations present. > > Cc: sta...@vger.kernel.org > Fixes: a19d3d85e1b8 ("batman-adv: limit local translation table max size") > Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com > Signed-off-by: Sven Eckelmann > --- > net/batman-adv/translation-table.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/batman-adv/translation-table.c > b/net/batman-adv/translation-table.c > index b95c36765d04..2243cec18ecc 100644 > --- a/net/batman-adv/translation-table.c > +++ b/net/batman-adv/translation-table.c > @@ -3948,7 +3948,7 @@ void batadv_tt_local_resize_to_mtu(struct net_device > *soft_iface) > > spin_lock_bh(_priv->tt.commit_lock); > > - while (true) { > + while (timeout) { > table_size = batadv_tt_local_table_transmit_size(bat_priv); > if (packet_size_max >= table_size) > break; > -- > 2.39.2 >
[syzbot] [batman?] BUG: soft lockup in sys_sendmsg
Hello, syzbot found the following issue on: HEAD commit:41bccc98fb79 Linux 6.8-rc2 git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1420011818 kernel config: https://syzkaller.appspot.com/x/.config?x=451a1e62b11ea4a6 dashboard link: https://syzkaller.appspot.com/bug?extid=a6a4b5bb3da165594cff compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0772069e29cf/disk-41bccc98.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/659d3f0755b7/vmlinux-41bccc98.xz kernel image: https://storage.googleapis.com/syzbot-assets/7780a45c3e51/Image-41bccc98.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a6a4b5bb3da165594...@syzkaller.appspotmail.com watchdog: BUG: soft lockup - CPU#1 stuck for 22s! [syz-executor.0:28718] Modules linked in: irq event stamp: 45929391 hardirqs last enabled at (45929390): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (45929391): [] __el1_irq arch/arm64/kernel/entry-common.c:499 [inline] hardirqs last disabled at (45929391): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:517 softirqs last enabled at (2040): [] softirq_handle_end kernel/softirq.c:399 [inline] softirqs last enabled at (2040): [] __do_softirq+0xac8/0xce4 kernel/softirq.c:582 softirqs last disabled at (2052): [] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (2052): [] batadv_tt_local_resize_to_mtu+0x60/0x154 net/batman-adv/translation-table.c:3949 CPU: 1 PID: 28718 Comm: syz-executor.0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : 80009a0670b0 x29: 80009a0670c0 x28: 70001340ce60 x27: 80009a0673d0 x26: 00011e860290 x25: d08a9f08 x24: 0001 x23: 1fffe00023d4d3c1 x22: dfff8000 x21: 80008aacbf98 x20: 0202 x19: 00011ea69e08 x18: 80009a066800 x17: 77656e2074696620 x16: 80008031ffc8 x15: 0001 x14: 1fffe0001ba5a290 x13: x12: 0003 x11: 0004 x10: 0003 x9 : x8 : 02bcd3ae x7 : 80008aacbe30 x6 : x5 : x4 : 0001 x3 : x2 : 0002 x1 : 80008aecd7e0 x0 : 80012545c000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_tt_local_purge+0x264/0x2e8 net/batman-adv/translation-table.c:1356 batadv_tt_local_resize_to_mtu+0xa0/0x154 net/batman-adv/translation-table.c:3956 batadv_update_min_mtu+0x74/0xa4 net/batman-adv/hard-interface.c:651 batadv_netlink_set_mesh+0x50c/0x1078 net/batman-adv/netlink.c:500 genl_family_rcv_msg_doit net/netlink/genetlink.c:1113 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1193 [inline] genl_rcv_msg+0x874/0xb6c net/netlink/genetlink.c:1208 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543 genl_rcv+0x38/0x50 net/netlink/genetlink.c:1217 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sys_sendmsg+0x56c/0x840 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x26c/0x33c net/socket.c:2667 __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0 Hardware name
Re: [syzbot] [btrfs?] memory leak in corrupted
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+ebe64cc5950868e77...@syzkaller.appspotmail.com Tested on: commit: a67d6793 batman-adv: mcast: fix memory leak on deletin.. git tree: git://git.open-mesh.org/linux-merge.git console output: https://syzkaller.appspot.com/x/log.txt?x=100a3dcde8 kernel config: https://syzkaller.appspot.com/x/.config?x=87c229fb8ad5e9a0 dashboard link: https://syzkaller.appspot.com/bug?extid=ebe64cc5950868e77358 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. Note: testing is done by a robot and is best-effort only.
[syzbot] [btrfs?] memory leak in corrupted
Hello, syzbot found the following issue on: HEAD commit:052d534373b7 Merge tag 'exfat-for-6.8-rc1' of git://git.ke.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14620debe8 kernel config: https://syzkaller.appspot.com/x/.config?x=a7031f9e71583b4a dashboard link: https://syzkaller.appspot.com/bug?extid=ebe64cc5950868e77358 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a344c1e8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/82a7201eef4c/disk-052d5343.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ca12b4c31826/vmlinux-052d5343.xz kernel image: https://storage.googleapis.com/syzbot-assets/3f07360ba5a8/bzImage-052d5343.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ebe64cc5950868e77...@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0x88811c71a980 (size 64): comm "syz-executor.7", pid 5063, jiffies 4294953937 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 8e 7e 1c 81 88 ff ff .~. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 9f8721dd): [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slub.c:3817 [inline] [] slab_alloc_node mm/slub.c:3860 [inline] [] kmalloc_trace+0x283/0x330 mm/slub.c:4007 [] kmalloc include/linux/slab.h:590 [inline] [] kzalloc include/linux/slab.h:711 [inline] [] batadv_tvlv_handler_register+0xf7/0x2a0 net/batman-adv/tvlv.c:560 [] batadv_mcast_init+0x4f/0xc0 net/batman-adv/multicast.c:1926 [] batadv_mesh_init+0x209/0x2f0 net/batman-adv/main.c:231 [] batadv_softif_init_late+0x1f8/0x280 net/batman-adv/soft-interface.c:812 [] register_netdevice+0x189/0xca0 net/core/dev.c:10188 [] batadv_softif_newlink+0x55/0x70 net/batman-adv/soft-interface.c:1088 [] rtnl_newlink_create net/core/rtnetlink.c:3515 [inline] [] __rtnl_newlink+0xb10/0xec0 net/core/rtnetlink.c:3735 [] rtnl_newlink+0x4c/0x70 net/core/rtnetlink.c:3748 [] rtnetlink_rcv_msg+0x22f/0x5b0 net/core/rtnetlink.c:6615 [] netlink_rcv_skb+0x91/0x1d0 net/netlink/af_netlink.c:2543 [] netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] [] netlink_unicast+0x2c2/0x440 net/netlink/af_netlink.c:1367 [] netlink_sendmsg+0x341/0x690 net/netlink/af_netlink.c:1908 [] sock_sendmsg_nosec net/socket.c:730 [inline] [] __sock_sendmsg+0x52/0xa0 net/socket.c:745 [] __sys_sendto+0x164/0x1e0 net/socket.c:2191 [] __do_sys_sendto net/socket.c:2203 [inline] [] __se_sys_sendto net/socket.c:2199 [inline] [] __x64_sys_sendto+0x28/0x30 net/socket.c:2199 BUG: memory leak unreferenced object 0x88811c8561c0 (size 64): comm "syz-executor.0", pid 5062, jiffies 4294953941 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 ce 7e 1c 81 88 ff ff .~. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace (crc 7256c890): [] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline] [] slab_post_alloc_hook mm/slub.c:3817 [inline] [] slab_alloc_node mm/slub.c:3860 [inline] [] kmalloc_trace+0x283/0x330 mm/slub.c:4007 [] kmalloc include/linux/slab.h:590 [inline] [] kzalloc include/linux/slab.h:711 [inline] [] batadv_tvlv_handler_register+0xf7/0x2a0 net/batman-adv/tvlv.c:560 [] batadv_mcast_init+0x4f/0xc0 net/batman-adv/multicast.c:1926 [] batadv_mesh_init+0x209/0x2f0 net/batman-adv/main.c:231 [] batadv_softif_init_late+0x1f8/0x280 net/batman-adv/soft-interface.c:812 [] register_netdevice+0x189/0xca0 net/core/dev.c:10188 [] batadv_softif_newlink+0x55/0x70 net/batman-adv/soft-interface.c:1088 [] rtnl_newlink_create net/core/rtnetlink.c:3515 [inline] [] __rtnl_newlink+0xb10/0xec0 net/core/rtnetlink.c:3735 [] rtnl_newlink+0x4c/0x70 net/core/rtnetlink.c:3748 [] rtnetlink_rcv_msg+0x22f/0x5b0 net/core/rtnetlink.c:6615 [] netlink_rcv_skb+0x91/0x1d0 net/netlink/af_netlink.c:2543 [] netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] [] netlink_unicast+0x2c2/0x440 net/netlink/af_netlink.c:1367 [] netlink_sendmsg+0x341/0x690 net/netlink/af_netlink.c:1908 [] sock_sendmsg_nosec net/socket.c:730 [inline] [] __sock_sendmsg+0x52/0xa0 net/socket.c:745 [] __sys_sendto+0x164/0x1e0 net/socket.c:2191 [] __do_sys_sendto net/socket.c:2203 [inline] [] __se_sys_sendto net/socket.c:2199 [inline] [] __x64_sys_sendto+0x28/0x30 net/socket.c:2199 BUG: memory leak unreferenced object 0x88811cd88cc0 (size 64): comm "syz-executor.5", pid 5078, jiffies 4294953981 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 20 8e 05 1d 81 88 ff ff ... 00 00 00 00 00 00
[syzbot] [batman?] INFO: rcu detected stall in sys_recvmmsg (3)
Hello, syzbot found the following issue on: HEAD commit:2cf4f94d8e86 Merge tag 'scsi-fixes' of git://git.kernel.or.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12534501e8 kernel config: https://syzkaller.appspot.com/x/.config?x=671af399e2dac0e3 dashboard link: https://syzkaller.appspot.com/bug?extid=b079dc0aa6e992859e7c compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/08b534ec982d/disk-2cf4f94d.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8c44c6da6081/vmlinux-2cf4f94d.xz kernel image: https://storage.googleapis.com/syzbot-assets/7e291c0f9693/bzImage-2cf4f94d.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b079dc0aa6e992859...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu:0-...!: (1 GPs behind) idle=c844/1/0x4000 softirq=35391/35392 fqs=3 rcu:(detected by 1, t=10502 jiffies, g=60989, q=82 ncpus=2) Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 12878 Comm: syz-executor.1 Not tainted 6.7.0-rc6-syzkaller-00010-g2cf4f94d8e86 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 RIP: 0010:rcu_dynticks_curr_cpu_in_eqs include/linux/context_tracking.h:122 [inline] RIP: 0010:rcu_is_watching+0x3d/0xb0 kernel/rcu/tree.c:700 Code: c7 c3 e8 6d 03 00 83 f8 07 89 c5 77 7a 48 8d 3c ed 60 da a6 8c 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <75> 54 48 03 1c ed 60 da a6 8c 48 b8 00 00 00 00 00 fc ff df 48 89 RSP: 0018:c9007c78 EFLAGS: 0046 RAX: dc00 RBX: 00036de8 RCX: 8166f367 RDX: 1194db4c RSI: 8b2ed360 RDI: 8ca6da60 RBP: R08: R09: fbfff1e30d1a R10: 8f1868d7 R11: 0002 R12: 0001 R13: R14: 88802be37300 R15: FS: 7feb948206c0() GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 20230030 CR3: 1f8f7000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: trace_lock_acquire include/trace/events/lock.h:24 [inline] lock_acquire+0x464/0x520 kernel/locking/lockdep.c:5725 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] advance_sched+0xd5/0xc60 net/sched/sch_taprio.c:935 __run_hrtimer kernel/time/hrtimer.c:1688 [inline] __hrtimer_run_queues+0x203/0xc20 kernel/time/hrtimer.c:1752 hrtimer_interrupt+0x31b/0x800 kernel/time/hrtimer.c:1814 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1065 [inline] __sysvec_apic_timer_interrupt+0x105/0x400 arch/x86/kernel/apic/apic.c:1082 sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1076 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x70 kernel/locking/spinlock.c:194 Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 86 37 e4 f6 48 89 df e8 ee ae e4 f6 f7 c5 00 02 00 00 75 1f 9c 58 f6 c4 02 75 2f 01 00 00 00 e8 25 68 d6 f6 65 8b 05 a6 10 81 75 85 c0 74 12 5b RSP: 0018:c90003b0f738 EFLAGS: 0246 RAX: 0006 RBX: 8880290ad9d0 RCX: 123ead8c RDX: RSI: 8acc9f40 RDI: 8b2ed3e0 RBP: 0246 R08: 0001 R09: fbfff23e1fe5 R10: 91f0ff2f R11: 0001 R12: 8880290ad9b8 R13: 8880177bda80 R14: 0246 R15: c90003b0f8d8 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] __skb_try_recv_datagram+0x16f/0x4f0 net/core/datagram.c:266 __unix_dgram_recvmsg+0x1d1/0xee0 net/unix/af_unix.c:2383 unix_dgram_recvmsg+0xc3/0xf0 net/unix/af_unix.c:2485 sock_recvmsg_nosec net/socket.c:1044 [inline] sys_recvmsg+0x4ab/0x5c0 net/socket.c:2801 ___sys_recvmsg+0x115/0x1a0 net/socket.c:2845 do_recvmmsg+0x2af/0x740 net/socket.c:2939 __sys_recvmmsg net/socket.c:3018 [inline] __do_sys_recvmmsg net/socket.c:3041 [inline] __se_sys_recvmmsg net/socket.c:3034 [inline] __x64_sys_recvmmsg+0x235/0x290 net/socket.c:3034 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7feb93a7cbe9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8
Re: [syzbot] [batman?] INFO: rcu detected stall in worker_thread (9)
syzbot has found a reproducer for the following issue on: HEAD commit:9bacdd8996c7 Merge tag 'for-6.7-rc1-tag' of git://git.kern.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=13e932ff68 kernel config: https://syzkaller.appspot.com/x/.config?x=d05dd66e2eb2c872 dashboard link: https://syzkaller.appspot.com/bug?extid=225bfad78b079744fd5e compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1041f91f68 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10cc7b98e8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/8e9d5e2b6665/disk-9bacdd89.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/b8ee67db540d/vmlinux-9bacdd89.xz kernel image: https://storage.googleapis.com/syzbot-assets/3477230ef7a9/bzImage-9bacdd89.xz The issue was bisected to: commit c2368b19807affd7621f7c4638cd2e17fec13021 Author: Jiri Pirko Date: Fri Jul 29 07:10:35 2022 + net: devlink: introduce "unregistering" mark and use it during devlinks iteration bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1758e1e368 final oops: https://syzkaller.appspot.com/x/report.txt?x=14d8e1e368 console output: https://syzkaller.appspot.com/x/log.txt?x=10d8e1e368 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+225bfad78b079744f...@syzkaller.appspotmail.com Fixes: c2368b19807a ("net: devlink: introduce "unregistering" mark and use it during devlinks iteration") rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu:0-...!: (1 ticks this GP) idle=3b94/1/0x4000 softirq=6057/6057 fqs=9 rcu:(detected by 1, t=10502 jiffies, g=6949, q=188 ncpus=2) Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.7.0-rc1-syzkaller-00012-g9bacdd8996c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Workqueue: events_power_efficient gc_worker RIP: 0010:pv_queued_spin_unlock arch/x86/include/asm/paravirt.h:591 [inline] RIP: 0010:queued_spin_unlock arch/x86/include/asm/qspinlock.h:57 [inline] RIP: 0010:do_raw_spin_unlock+0x117/0x8b0 kernel/locking/spinlock_debug.c:141 Code: 49 c7 45 00 ff ff ff ff 0f b6 04 2b 84 c0 0f 85 c9 03 00 00 41 c7 06 ff ff ff ff 48 c7 c0 60 b8 79 8d 48 c1 e8 03 80 3c 28 00 <74> 0c 48 c7 c7 60 b8 79 8d e8 9b d3 7b 00 48 83 3d 73 30 0b 0c 00 RSP: 0018:c9007c20 EFLAGS: 0046 RAX: 11af370c RBX: 1110042eac5e RCX: RDX: RSI: 0004 RDI: 8880217562e8 RBP: dc00 R08: 8880217562eb R09: 1110042eac5d R10: dc00 R11: ed10042eac5e R12: 1110042eac5f R13: 8880217562f8 R14: 8880217562f0 R15: 8880217562e8 FS: () GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2600 CR3: 0d73 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: __raw_spin_unlock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_unlock+0x1e/0x40 kernel/locking/spinlock.c:186 spin_unlock include/linux/spinlock.h:391 [inline] advance_sched+0x9bd/0xcb0 net/sched/sch_taprio.c:992 __run_hrtimer kernel/time/hrtimer.c:1688 [inline] __hrtimer_run_queues+0x59f/0xd20 kernel/time/hrtimer.c:1752 hrtimer_interrupt+0x396/0x980 kernel/time/hrtimer.c:1814 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1065 [inline] __sysvec_apic_timer_interrupt+0x104/0x3a0 arch/x86/kernel/apic/apic.c:1082 sysvec_apic_timer_interrupt+0x92/0xb0 arch/x86/kernel/apic/apic.c:1076 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645 RIP: 0010:lock_acquire+0x25a/0x530 kernel/locking/lockdep.c:5757 Code: 2b 00 74 08 4c 89 f7 e8 04 33 7d 00 f6 44 24 61 02 0f 85 8a 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25 RSP: 0018:c90d7940 EFLAGS: 0206 RAX: 0001 RBX: 1921af34 RCX: 0001 RDX: dc00 RSI: 8b6ac0c0 RDI: 8bbdf300 RBP: c90d7a88 R08: 90dd4367 R09: 121ba86c R10: dc00 R11: fbfff21ba86d R12: 1921af30 R13: dc00 R14: c90d79a0 R15: 0246 rcu_lock_acquire include/linux/rcupdate.h:301 [inline] rcu_read_lock include/linux/rcupdate.h:747 [inline] gc_worker+0x28c/0x15a0 net/netfilter/nf_conntrack_core.c:1488 process_one_work kernel/workqueue.c:2630 [inline] process_scheduled_works+0x90f/0x1420 kernel/workqueue.c:2703 worker_thread+0xa5f/0x1000 kernel/workqueue.c:2784 kthread+0x2d3/0x370 ker
Re: [syzbot] [batman?] INFO: rcu detected stall in rtnl_newlink (3)
syzbot suspects this issue was fixed by commit: commit e739718444f7bf2fa3d70d101761ad83056ca628 Author: Kuniyuki Iwashima Date: Sat Jul 29 00:07:05 2023 + net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15b26a4d68 start commit: d528014517f2 Revert ".gitignore: ignore *.cover and *.mbx" git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d576750da57ebbb5 dashboard link: https://syzkaller.appspot.com/bug?extid=afb3084a933aa2bdacc6 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15849d08a8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13184990a8 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX. For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] [batman?] memory leak in skb_clone (2)
Hello, syzbot found the following issue on: HEAD commit:a5e505a99ca7 Merge tag 'platform-drivers-x86-v6.5-5' of gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15eea3e3a8 kernel config: https://syzkaller.appspot.com/x/.config?x=f3c65e06397a9d58 dashboard link: https://syzkaller.appspot.com/bug?extid=92f9b5fba2df252a3569 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13597f9068 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/c534ce48946f/disk-a5e505a9.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/724bbdaa3992/vmlinux-a5e505a9.xz kernel image: https://storage.googleapis.com/syzbot-assets/47fba0663891/bzImage-a5e505a9.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+92f9b5fba2df252a3...@syzkaller.appspotmail.com 2023/08/24 02:03:48 executed programs: 322 2023/08/24 02:03:54 executed programs: 337 BUG: memory leak unreferenced object 0x888120ea2600 (size 240): comm "kworker/u4:5", pid 5210, jiffies 4295058872 (age 8.300s) hex dump (first 32 bytes): 00 22 e3 20 81 88 ff ff 00 00 00 00 00 00 00 00 .". 00 80 ed 1c 81 88 ff ff 00 00 00 00 00 00 00 00 backtrace: [] skb_clone+0xaa/0x190 net/core/skbuff.c:1860 [] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:387 [inline] [] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] [] batadv_iv_send_outstanding_bat_ogm_packet+0x2ef/0x370 net/batman-adv/bat_iv_ogm.c:1700 [] process_one_work+0x2f1/0x640 kernel/workqueue.c:2600 [] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2751 [] kthread+0x12b/0x170 kernel/kthread.c:389 [] ret_from_fork+0x2c/0x40 arch/x86/kernel/process.c:145 [] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 BUG: memory leak unreferenced object 0x888120f36c00 (size 1024): comm "kworker/u4:5", pid 5210, jiffies 4295058872 (age 8.300s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [] __do_kmalloc_node mm/slab_common.c:984 [inline] [] __kmalloc_node_track_caller+0x49/0x140 mm/slab_common.c:1005 [] kmalloc_reserve+0x95/0x180 net/core/skbuff.c:575 [] pskb_expand_head+0xd8/0x5f0 net/core/skbuff.c:2042 [] __skb_cow include/linux/skbuff.h:3571 [inline] [] skb_cow_head include/linux/skbuff.h:3605 [inline] [] batadv_skb_head_push+0x8f/0x110 net/batman-adv/soft-interface.c:72 [] batadv_send_skb_packet+0x83/0x1c0 net/batman-adv/send.c:86 [] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] [] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] [] batadv_iv_send_outstanding_bat_ogm_packet+0x32a/0x370 net/batman-adv/bat_iv_ogm.c:1700 [] process_one_work+0x2f1/0x640 kernel/workqueue.c:2600 [] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2751 [] kthread+0x12b/0x170 kernel/kthread.c:389 [] ret_from_fork+0x2c/0x40 arch/x86/kernel/process.c:145 [] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 BUG: memory leak unreferenced object 0x888120ea2000 (size 240): comm "kworker/u4:5", pid 5210, jiffies 4295058872 (age 8.300s) hex dump (first 32 bytes): 00 28 ea 20 81 88 ff ff 00 00 00 00 00 00 00 00 .(. 00 80 ec 1c 81 88 ff ff 00 00 00 00 00 00 00 00 backtrace: [] skb_clone+0xaa/0x190 net/core/skbuff.c:1860 [] netem_enqueue+0xc62/0x1430 net/sched/sch_netem.c:479 [] dev_qdisc_enqueue+0x25/0xf0 net/core/dev.c:3732 [] __dev_xmit_skb net/core/dev.c:3821 [inline] [] __dev_queue_xmit+0xdc7/0x17d0 net/core/dev.c:4169 [] dev_queue_xmit include/linux/netdevice.h:3088 [inline] [] batadv_send_skb_packet+0x150/0x1c0 net/batman-adv/send.c:108 [] batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline] [] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline] [] batadv_iv_send_outstanding_bat_ogm_packet+0x32a/0x370 net/batman-adv/bat_iv_ogm.c:1700 [] process_one_work+0x2f1/0x640 kernel/workqueue.c:2600 [] worker_thread+0x5c/0x5c0 kernel/workqueue.c:2751 [] kthread+0x12b/0x170 kernel/kthread.c:389 [] ret_from_fork+0x2c/0x40 arch/x86/kernel/process.c:145 [] ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run th
[syzbot] [batman?] WARNING in batadv_dat_free (2)
Hello, syzbot found the following issue on: HEAD commit:970308a7b544 selftests/bpf: Set the default value of consu.. git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=1788094b28 kernel config: https://syzkaller.appspot.com/x/.config?x=ba5f40cc4484255a dashboard link: https://syzkaller.appspot.com/bug?extid=6c881e6772625dc7feed compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/fc4c2bba1144/disk-970308a7.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/1075dd8a55dc/vmlinux-970308a7.xz kernel image: https://storage.googleapis.com/syzbot-assets/59f3fdc83b37/bzImage-970308a7.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6c881e6772625dc7f...@syzkaller.appspotmail.com bond0 (unregistering): (slave bond_slave_1): Releasing backup interface bond0 (unregistering): (slave bond_slave_0): Releasing backup interface bond0 (unregistering): Released all slaves [ cut here ] WARNING: CPU: 1 PID: 1005 at kernel/workqueue.c:642 set_work_data kernel/workqueue.c:642 [inline] WARNING: CPU: 1 PID: 1005 at kernel/workqueue.c:642 clear_work_data kernel/workqueue.c:705 [inline] WARNING: CPU: 1 PID: 1005 at kernel/workqueue.c:642 __cancel_work_timer+0x4d1/0x570 kernel/workqueue.c:3278 Modules linked in: CPU: 1 PID: 1005 Comm: kworker/u4:5 Not tainted 6.4.0-rc3-syzkaller-00722-g970308a7b544 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 Workqueue: netns cleanup_net RIP: 0010:set_work_data kernel/workqueue.c:642 [inline] RIP: 0010:clear_work_data kernel/workqueue.c:705 [inline] RIP: 0010:__cancel_work_timer+0x4d1/0x570 kernel/workqueue.c:3278 Code: e8 34 08 0e 00 e9 e1 fb ff ff e8 2a 41 30 00 e8 55 f5 bb 08 e9 51 fd ff ff e8 1b 41 30 00 0f 0b e9 a6 fc ff ff e8 0f 41 30 00 <0f> 0b e9 c0 fd ff ff e8 b3 4e 83 00 e9 fd fe ff ff e8 f9 40 30 00 RSP: 0018:c90005237920 EFLAGS: 00010293 RAX: RBX: RCX: RDX: 88802076d940 RSI: 815401c1 RDI: 0001 RBP: R08: 0001 R09: R10: R11: R12: 888019b654b0 R13: 192000a46f25 R14: 0001 R15: 88802076d940 FS: () GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f31ad4beba8 CR3: 2a10a000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0600 Call Trace: batadv_dat_free+0x45/0xe0 net/batman-adv/distributed-arp-table.c:840 batadv_mesh_free+0x89/0x170 net/batman-adv/main.c:270 batadv_softif_free+0x15/0x20 net/batman-adv/soft-interface.c:984 netdev_run_todo+0x6bf/0x1100 net/core/dev.c:10395 default_device_exit_batch+0x456/0x5b0 net/core/dev.c:11395 ops_exit_list+0x125/0x170 net/core/net_namespace.c:175 cleanup_net+0x4ee/0xb10 net/core/net_namespace.c:614 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552 kthread+0x344/0x440 kernel/kthread.c:379 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[syzbot] Monthly batman report (Jun 2023)
Hello batman maintainers/developers, This is a 31-day syzbot report for the batman subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/batman During the period, 0 new issues were detected and 0 were fixed. In total, 9 issues are still open and 20 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 5426Yes WARNING: ODEBUG bug in netdev_run_todo https://syzkaller.appspot.com/bug?extid=f9484b345f41843fc9a9 <2> 1375Yes WARNING: ODEBUG bug in netdev_freemem (2) https://syzkaller.appspot.com/bug?extid=c4521ac872a4ccc3afec <3> 128 Yes INFO: rcu detected stall in batadv_nc_worker (3) https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[syzbot] Monthly batman report
Hello batman maintainers/developers, This is a 30-day syzbot report for the batman subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/batman During the period, 2 new issues were detected and 0 were fixed. In total, 8 issues are still open and 19 have been fixed so far. Some of the still happening issues: Crashes Repro Title 5034Yes WARNING: ODEBUG bug in netdev_run_todo https://syzkaller.appspot.com/bug?extid=f9484b345f41843fc9a9 1367Yes WARNING: ODEBUG bug in netdev_freemem (2) https://syzkaller.appspot.com/bug?extid=c4521ac872a4ccc3afec 115 Yes INFO: rcu detected stall in batadv_nc_worker (3) https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com.
[syzbot] [batman?] WARNING: locking bug in batadv_nc_process_nc_paths
Hello, syzbot found the following issue on: HEAD commit:a6faf7ea9fcb Add linux-next specific files for 20230328 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=12e4a6d1c8 kernel config: https://syzkaller.appspot.com/x/.config?x=dd9eb5678a80e926 dashboard link: https://syzkaller.appspot.com/bug?extid=6c3ddeb774a88806d35a compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/b03351a37b6b/disk-a6faf7ea.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/663c2ddae5f7/vmlinux-a6faf7ea.xz kernel image: https://storage.googleapis.com/syzbot-assets/a5e229b4773a/bzImage-a6faf7ea.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6c3ddeb774a88806d...@syzkaller.appspotmail.com = [ BUG: Invalid wait context ] 6.3.0-rc4-next-20230328-syzkaller #0 Not tainted - kworker/u4:11/7080 is trying to lock: 916756d0 (lock_keys_hash){}-{40:209}, at: spin_lock_bh include/linux/spinlock.h:355 [inline] 916756d0 (lock_keys_hash){}-{40:209}, at: batadv_nc_process_nc_paths.part.0+0x142/0x3f0 net/batman-adv/network-coding.c:690 other info that might help us debug this: context-{4:4} 3 locks held by kworker/u4:11/7080: #0: 888026eef938 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline] ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:643 [inline] ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:670 [inline] ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0 kernel/workqueue.c:2376 #1: c900033afdb0 ((work_completion)(&(_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0 kernel/workqueue.c:2380 #2: 8c795e00 (rcu_read_lock){}-{1:2}, at: batadv_nc_process_nc_paths.part.0+0xb1/0x3f0 net/batman-adv/network-coding.c:684 stack backtrace: CPU: 1 PID: 7080 Comm: kworker/u4:11 Not tainted 6.3.0-rc4-next-20230328-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/17/2023 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_lock_invalid_wait_context kernel/locking/lockdep.c:4724 [inline] check_wait_context kernel/locking/lockdep.c:4785 [inline] __lock_acquire+0x159e/0x5df0 kernel/locking/lockdep.c:5024 lock_acquire.part.0+0x11c/0x370 kernel/locking/lockdep.c:5691 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:355 [inline] batadv_nc_process_nc_paths.part.0+0x142/0x3f0 net/batman-adv/network-coding.c:690 batadv_nc_process_nc_paths net/batman-adv/network-coding.c:679 [inline] batadv_nc_worker+0xc82/0xfe0 net/batman-adv/network-coding.c:728 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552 kthread+0x33e/0x440 kernel/kthread.c:379 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 == BUG: KASAN: slab-out-of-bounds in batadv_nc_fwd_flush+0x422/0x4d0 net/batman-adv/network-coding.c:650 Read of size 4 at addr 88807a916130 by task kworker/u4:11/7080 CPU: 1 PID: 7080 Comm: kworker/u4:11 Not tainted 6.3.0-rc4-next-20230328-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/17/2023 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description.constprop.0+0x2c/0x3c0 mm/kasan/report.c:351 print_report mm/kasan/report.c:462 [inline] kasan_report+0x11c/0x130 mm/kasan/report.c:572 batadv_nc_fwd_flush+0x422/0x4d0 net/batman-adv/network-coding.c:650 batadv_nc_process_nc_paths.part.0+0x1b6/0x3f0 net/batman-adv/network-coding.c:693 batadv_nc_process_nc_paths net/batman-adv/network-coding.c:679 [inline] batadv_nc_worker+0xc82/0xfe0 net/batman-adv/network-coding.c:728 process_one_work+0x99a/0x15e0 kernel/workqueue.c:2405 worker_thread+0x67d/0x10c0 kernel/workqueue.c:2552 kthread+0x33e/0x440 kernel/kthread.c:379 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 Allocated by task 12301: kasan_save_stack+0x22/0x40 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/c
[syzbot] WARNING in batadv_nc_purge_paths
Hello, syzbot found the following issue on: HEAD commit:65762d97e6fa Merge branch 'for-next/perf' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1558f7fd88 kernel config: https://syzkaller.appspot.com/x/.config?x=56d0c7c3a2304e8f dashboard link: https://syzkaller.appspot.com/bug?extid=5b817d9e3b5fb5f051fc compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/52f702197b30/disk-65762d97.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/72189c2789ce/vmlinux-65762d97.xz kernel image: https://storage.googleapis.com/syzbot-assets/ec0349196c98/Image-65762d97.gz.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5b817d9e3b5fb5f05...@syzkaller.appspotmail.com [ cut here ] WARNING: CPU: 1 PID: 3498 at kernel/softirq.c:376 __local_bh_enable_ip+0x180/0x1a4 kernel/softirq.c:376 Modules linked in: CPU: 1 PID: 3498 Comm: kworker/u4:11 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 Workqueue: bat_events batadv_nc_worker pstate: 2045 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __local_bh_enable_ip+0x180/0x1a4 kernel/softirq.c:376 lr : __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] lr : _raw_spin_unlock_bh+0x48/0x58 kernel/locking/spinlock.c:210 sp : 80001398bc60 x29: 80001398bc60 x28: 8d2fb000 x27: 8d2fb000 x26: 007e x25: 0004 x24: x23: f2dcdf80 x22: x21: 00011ed2b480 x20: 8bf44c08 x19: 0201 x18: 0163 x17: 8c0cd83c x16: 8dbe6158 x15: 00011ed2b480 x14: 00c8 x13: x12: 00011ed2b480 x11: ff80895cfff8 x10: x9 : 8d2d09a0 x8 : 0201 x7 : 8bf44a98 x6 : x5 : x4 : 0001 x3 : x2 : 0001 x1 : 0201 x0 : 8bf44c08 Call trace: __local_bh_enable_ip+0x180/0x1a4 kernel/softirq.c:376 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x48/0x58 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:395 [inline] batadv_nc_purge_paths+0x1d0/0x214 net/batman-adv/network-coding.c:471 batadv_nc_worker+0x3a8/0x484 net/batman-adv/network-coding.c:722 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863 irq event stamp: 28503233 hardirqs last enabled at (28503231): [] __local_bh_enable_ip+0x13c/0x1a4 kernel/softirq.c:401 hardirqs last disabled at (28503233): [] __el1_irq arch/arm64/kernel/entry-common.c:468 [inline] hardirqs last disabled at (28503233): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:486 softirqs last enabled at (28503230): [] spin_unlock_bh include/linux/spinlock.h:395 [inline] softirqs last enabled at (28503230): [] batadv_nc_purge_paths+0x1d0/0x214 net/batman-adv/network-coding.c:471 softirqs last disabled at (28503232): [] spin_lock_bh include/linux/spinlock.h:355 [inline] softirqs last disabled at (28503232): [] batadv_nc_purge_paths+0x60/0x214 net/batman-adv/network-coding.c:442 ---[ end trace ]--- --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: [syzbot] BUG: MAX_LOCKDEP_ENTRIES too low! (3)
syzbot has found a reproducer for the following issue on: HEAD commit:9ab000d9ac54 Merge branch 'nfc-leaks' git tree: net console+strace: https://syzkaller.appspot.com/x/log.txt?x=178f3db588 kernel config: https://syzkaller.appspot.com/x/.config?x=6f4e5e9899396248 dashboard link: https://syzkaller.appspot.com/bug?extid=b04c9ffbbd2f303d00d9 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15051edd88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15b9d36588 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0db12aff8b37/disk-9ab000d9.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/62dc4dacf73e/vmlinux-9ab000d9.xz kernel image: https://storage.googleapis.com/syzbot-assets/0cc1ecdd9ab6/bzImage-9ab000d9.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b04c9ffbbd2f303d0...@syzkaller.appspotmail.com 8021q: adding VLAN 0 to HW filter on device batadv968 BUG: MAX_LOCKDEP_ENTRIES too low! turning off the locking correctness validator. CPU: 1 PID: 5813 Comm: syz-executor248 Not tainted 6.1.0-rc5-syzkaller-00128-g9ab000d9ac54 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106 alloc_list_entry.cold+0x11/0x18 kernel/locking/lockdep.c:1402 add_lock_to_list kernel/locking/lockdep.c:1423 [inline] check_prev_add kernel/locking/lockdep.c:3167 [inline] check_prevs_add kernel/locking/lockdep.c:3216 [inline] validate_chain kernel/locking/lockdep.c:3831 [inline] __lock_acquire+0x3626/0x56d0 kernel/locking/lockdep.c:5055 lock_acquire kernel/locking/lockdep.c:5668 [inline] lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:355 [inline] batadv_tt_local_event+0x1f6/0x7e0 net/batman-adv/translation-table.c:482 batadv_tt_local_add+0x638/0x1f50 net/batman-adv/translation-table.c:758 batadv_softif_create_vlan+0x2ed/0x530 net/batman-adv/soft-interface.c:586 batadv_interface_add_vid+0xd7/0x110 net/batman-adv/soft-interface.c:646 vlan_add_rx_filter_info+0x149/0x1d0 net/8021q/vlan_core.c:211 __vlan_vid_add net/8021q/vlan_core.c:306 [inline] vlan_vid_add+0x3f6/0x7f0 net/8021q/vlan_core.c:336 vlan_device_event.cold+0x28/0x2d net/8021q/vlan.c:385 notifier_call_chain+0xb5/0x200 kernel/notifier.c:87 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1945 call_netdevice_notifiers_extack net/core/dev.c:1983 [inline] call_netdevice_notifiers net/core/dev.c:1997 [inline] dev_open net/core/dev.c:1473 [inline] dev_open+0x136/0x150 net/core/dev.c:1461 team_port_add drivers/net/team/team.c:1215 [inline] team_add_slave+0xa03/0x1b90 drivers/net/team/team.c:1984 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2578 rtnl_newlink_create net/core/rtnetlink.c:3381 [inline] __rtnl_newlink+0x13ac/0x17e0 net/core/rtnetlink.c:3581 rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43e/0xca0 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x157/0x430 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0xd3/0x120 net/socket.c:734 sys_sendmsg+0x712/0x8c0 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf7/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2d5511cab9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffddb541428 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0003d335 RCX: 7f2d5511cab9 RDX: RSI: 2300 RDI: 0004 RBP: R08: 7ffddb5415c8 R09: 7ffddb5415c8 R10: 7ffddb5415c8 R11: 0246 R12: 7ffddb54143c R13: 431bde82d7b634db R14: R15: team968: Port device batadv968 added
Re: [syzbot] INFO: rcu detected stall in batadv_nc_worker (3)
syzbot has bisected this issue to: commit f8a4018c826fde6137425bbdbe524d5973feb173 Author: Mark Brown Date: Thu Jun 2 13:53:04 2022 + ASoC: tas2770: Use modern ASoC DAI format terminology bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=164d497888 start commit: 55be6084c8e0 Merge tag 'timers-core-2022-10-05' of git://g.. git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=154d497888 console output: https://syzkaller.appspot.com/x/log.txt?x=114d497888 kernel config: https://syzkaller.appspot.com/x/.config?x=df75278aabf0681a dashboard link: https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e2e47888 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149ca17c88 Reported-by: syzbot+69904c3b4a09e8fa2...@syzkaller.appspotmail.com Fixes: f8a4018c826f ("ASoC: tas2770: Use modern ASoC DAI format terminology") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] INFO: rcu detected stall in batadv_nc_worker (3)
syzbot has found a reproducer for the following issue on: HEAD commit:55be6084c8e0 Merge tag 'timers-core-2022-10-05' of git://g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1623ec7288 kernel config: https://syzkaller.appspot.com/x/.config?x=df75278aabf0681a dashboard link: https://syzkaller.appspot.com/bug?extid=69904c3b4a09e8fa2e1b compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e2e47888 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149ca17c88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/9d967e5d91fa/disk-55be6084.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9a8cffcbc089/vmlinux-55be6084.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+69904c3b4a09e8fa2...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt self-detected stall on CPU rcu:0-...!: (1 GPs behind) idle=d61c/1/0x4000 softirq=5548/5551 fqs=5 (t=10501 jiffies g=4985 q=1169 ncpus=2) rcu: rcu_preempt kthread starved for 10488 jiffies! g4985 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 rcu:Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R running task stack:28728 pid:17ppid:2 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:5178 [inline] __schedule+0xadf/0x5270 kernel/sched/core.c:6490 schedule+0xda/0x1b0 kernel/sched/core.c:6566 schedule_timeout+0x14a/0x2a0 kernel/time/timer.c:1935 rcu_gp_fqs_loop+0x190/0x910 kernel/rcu/tree.c:1658 rcu_gp_kthread+0x236/0x360 kernel/rcu/tree.c:1857 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 47 Comm: kworker/u4:3 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Workqueue: bat_events batadv_nc_worker RIP: 0010:check_kcov_mode kernel/kcov.c:166 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x7/0x60 kernel/kcov.c:200 Code: 4c 00 5d be 03 00 00 00 e9 d6 43 84 02 66 0f 1f 44 00 00 48 8b be a8 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 65 8b 05 f9 24 87 7e <89> c1 48 8b 34 24 81 e1 00 01 00 00 65 48 8b 14 25 80 6f 02 00 a9 RSP: 0018:c91f0c48 EFLAGS: 0286 RAX: 0101 RBX: 88806b299c90 RCX: 878c4a1d RDX: 888017893b00 RSI: 0100 RDI: 0007 RBP: fff0a3da8872 R08: 0007 R09: R10: fff0a3da8872 R11: 0008c07d R12: fff0a3da8872 R13: 888018f5ab00 R14: R15: FS: () GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 26ef CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: pie_calculate_probability+0x32b/0x7c0 net/sched/sch_pie.c:387 fq_pie_timer+0x170/0x2a0 net/sched/sch_fq_pie.c:380 call_timer_fn+0x1a0/0x6b0 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [inline] __run_timers.part.0+0x674/0xa80 kernel/time/timer.c:1790 __run_timers kernel/time/timer.c:1768 [inline] run_timer_softirq+0xb3/0x1d0 kernel/time/timer.c:1803 __do_softirq+0x1d0/0x9c8 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1107 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649 RIP: 0010:rcu_preempt_read_exit kernel/rcu/tree_plugin.h:382 [inline] RIP: 0010:__rcu_read_unlock+0x2d/0x570 kernel/rcu/tree_plugin.h:421 Code: 55 41 54 55 65 48 8b 2c 25 80 6f 02 00 53 48 8d bd 3c 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 24 02 00 00 65 RSP: 0018:c9b87c58 EFLAGS: 0a07 RAX: dc00 RBX: 0001 RCX: RDX: RSI: 891cd30e RDI: 888017893f3c RBP: 888017893b00 R08: 0001 R09: R10: 0001 R11: 0001 R12: 0001 R13: R14: dc00 R15: 0345 rcu_read_unlock include/linux/rcupdate.h:770 [inline] batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:412 [inline] batadv_nc_worker+0x853/0xfa0 net/batman-adv/network-coding.c:719 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080
[syzbot] WARNING: suspicious RCU usage in __dev_queue_xmit
Hello, syzbot found the following issue on: HEAD commit:4c375272fb0b Merge branch 'net-add-preliminary-netdev-refc.. git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=164749a9b0 kernel config: https://syzkaller.appspot.com/x/.config?x=2b8e24e3a80e3875 dashboard link: https://syzkaller.appspot.com/bug?extid=e163f2ff7c3f7efd8203 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11493641b0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ac6aceb0 The issue was bisected to: commit 42df6e1d221dddc0f2acf2be37e68d553ad65f96 Author: Lukas Wunner Date: Fri Oct 8 20:06:03 2021 + netfilter: Introduce egress hook bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1236329db0 final oops: https://syzkaller.appspot.com/x/report.txt?x=1136329db0 console output: https://syzkaller.appspot.com/x/log.txt?x=1636329db0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+e163f2ff7c3f7efd8...@syzkaller.appspotmail.com Fixes: 42df6e1d221d ("netfilter: Introduce egress hook") = WARNING: suspicious RCU usage 5.16.0-rc3-syzkaller #0 Not tainted - include/linux/netfilter_netdev.h:97 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:2/49: #0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: 88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269 #1: c9000119fdb0 ((work_completion)(&(_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273 #2: 8bb83b00 (rcu_read_lock_bh){}-{1:2}, at: __dev_queue_xmit+0x1e3/0x3640 net/core/dev.c:4036 stack backtrace: CPU: 1 PID: 49 Comm: kworker/u4:2 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 nf_hook_egress include/linux/netfilter_netdev.h:97 [inline] __dev_queue_xmit+0x2eac/0x3640 net/core/dev.c:4053 batadv_send_skb_packet+0x4a9/0x5f0 net/batman-adv/send.c:108 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x6d7/0x8e0 net/batman-adv/bat_iv_ogm.c:1701 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: [syzbot] INFO: trying to register non-static key in l2cap_sock_teardown_cb
syzbot suspects this issue was fixed by commit: commit 1bff51ea59a9afb67d2dd78518ab0582a54a472c Author: Wang ShaoBo Date: Wed Sep 1 00:35:37 2021 + Bluetooth: fix use-after-free error in lock_sock_nested() bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=134c881eb0 start commit: 73b7a6047971 net: dsa: bcm_sf2: support BCM4908's integrat.. git tree: net-next kernel config: https://syzkaller.appspot.com/x/.config?x=9ce34124da4c882b dashboard link: https://syzkaller.appspot.com/bug?extid=a41dfef1d2e04910eb2e syz repro: https://syzkaller.appspot.com/x/repro.syz?x=166ee4cf50 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1337172f50 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: Bluetooth: fix use-after-free error in lock_sock_nested() For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] WARNING: ODEBUG bug in batadv_v_ogm_free
syzbot suspects this issue was fixed by commit: commit 6f68cd634856f8ca93bafd623ba5357e0f648c68 Author: Pavel Skripkin Date: Sun Oct 24 13:13:56 2021 + net: batman-adv: fix error handling bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=114e3c16b0 start commit: cf52ad5ff16c Merge tag 'driver-core-5.15-rc6' of git://git.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=9479508d7bb83ad9 dashboard link: https://syzkaller.appspot.com/bug?extid=0ef06384b5f39a16ebb9 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17af7344b0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15dc02fb30 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net: batman-adv: fix error handling For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] WARNING in batadv_nc_mesh_free
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+28b0702ada0bf7381...@syzkaller.appspotmail.com Tested on: commit: 9c0c4d24 Merge tag 'block-5.15-2021-10-22' of git://gi.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d95853dad8472c91 dashboard link: https://syzkaller.appspot.com/bug?extid=28b0702ada0bf7381f58 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2 patch: https://syzkaller.appspot.com/x/patch.diff?x=1553d4c4b0 Note: testing is done by a robot and is best-effort only.
Re: [syzbot] WARNING in batadv_nc_mesh_free
Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: general protection fault in batadv_nc_purge_paths RBP: 7fe7b40631d0 R08: R09: R10: R11: 0246 R12: 0002 R13: 7ffe7ffd3def R14: 7fe7b4063300 R15: 00022000 general protection fault, probably for non-canonical address 0xdc02: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0010-0x0017] CPU: 1 PID: 9061 Comm: syz-executor.0 Not tainted 5.15.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:batadv_nc_purge_paths+0x38/0x3f0 net/batman-adv/network-coding.c:437 Code: 48 89 d3 49 89 f6 48 89 7c 24 58 49 bd 00 00 00 00 00 fc ff df e8 38 48 ab f7 4d 8d 7e 10 4c 89 f8 48 c1 e8 03 48 89 44 24 48 <42> 8a 04 28 84 c0 0f 85 88 03 00 00 41 8b 2f 31 ff 89 ee e8 20 4c RSP: 0018:c9000d04eac0 EFLAGS: 00010202 RAX: 0002 RBX: RCX: 88807827 RDX: RSI: RDI: 88807ec2cc80 RBP: fff4 R08: 8154e5b4 R09: ed100fd85adc R10: ed100fd85adc R11: R12: 88807ec2cc80 R13: dc00 R14: R15: 0010 FS: 7fe7b4063700() GS:8880b9d0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f359172e000 CR3: 5e749000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_nc_mesh_free+0x7a/0xf0 net/batman-adv/network-coding.c:1869 batadv_mesh_free+0x6f/0x140 net/batman-adv/main.c:249 batadv_mesh_init+0x5b1/0x620 net/batman-adv/main.c:230 batadv_softif_init_late+0x8fe/0xd70 net/batman-adv/soft-interface.c:804 register_netdevice+0x826/0x1c30 net/core/dev.c:10229 __rtnl_newlink net/core/rtnetlink.c:3458 [inline] rtnl_newlink+0x14b3/0x1d10 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xa29/0xe50 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] sys_sendmsg+0x5b9/0x910 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmsg+0x36f/0x450 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe7b48eda39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fe7b4063188 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 7fe7b49f0f60 RCX: 7fe7b48eda39 RDX: RSI: 2140 RDI: 0003 RBP: 7fe7b40631d0 R08: R09: R10: R11: 0246 R12: 0002 R13: 7ffe7ffd3def R14: 7fe7b4063300 R15: 00022000 Modules linked in: ---[ end trace 67ff054734964acf ]--- RIP: 0010:batadv_nc_purge_paths+0x38/0x3f0 net/batman-adv/network-coding.c:437 Code: 48 89 d3 49 89 f6 48 89 7c 24 58 49 bd 00 00 00 00 00 fc ff df e8 38 48 ab f7 4d 8d 7e 10 4c 89 f8 48 c1 e8 03 48 89 44 24 48 <42> 8a 04 28 84 c0 0f 85 88 03 00 00 41 8b 2f 31 ff 89 ee e8 20 4c RSP: 0018:c9000d04eac0 EFLAGS: 00010202 RAX: 0002 RBX: RCX: 88807827 RDX: RSI: RDI: 88807ec2cc80 RBP: fff4 R08: 8154e5b4 R09: ed100fd85adc R10: ed100fd85adc R11: R12: 88807ec2cc80 R13: dc00 R14: R15: 0010 FS: 7fe7b4063700() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fc230f87020 CR3: 5e749000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 48 89 d3mov%rdx,%rbx 3: 49 89 f6mov%rsi,%r14 6: 48 89 7c 24 58 mov%rdi,0x58(%rsp) b: 49 bd 00 00 00 00 00movabs $0xdc00,%r13 12: fc ff df 15: e8 38 48 ab f7 callq 0xf7ab4852 1a: 4d 8d 7e 10 lea0x10(%r14),%r15 1e: 4c 89 f8mov%r15,%rax 21: 48 c1 e8 03 shr$0x3,%rax 25: 48 89 44 24 48 mov%rax,0x48(%rsp) * 2a: 42 8a 04
[syzbot] WARNING: ODEBUG bug in batadv_nc_mesh_free
Hello, syzbot found the following issue on: HEAD commit:e0bfcf9c77d9 Merge tag 'mlx5-fixes-2021-10-20' of git://gi.. git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=17900a0cb0 kernel config: https://syzkaller.appspot.com/x/.config?x=bab9d35f204746a7 dashboard link: https://syzkaller.appspot.com/bug?extid=1dca817d274a3fb19f2b compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=144d76b4b0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14732b80b0 Bisection is inconclusive: the issue happens on the oldest tested release. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14093652b0 final oops: https://syzkaller.appspot.com/x/report.txt?x=16093652b0 console output: https://syzkaller.appspot.com/x/log.txt?x=12093652b0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+1dca817d274a3fb19...@syzkaller.appspotmail.com R13: R14: R15: [ cut here ] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0 WARNING: CPU: 0 PID: 6548 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Modules linked in: CPU: 0 PID: 6548 Comm: syz-executor286 Not tainted 5.15.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd 80 3e e4 89 4c 89 ee 48 c7 c7 80 32 e4 89 e8 5e 1d 15 05 <0f> 0b 83 05 d5 39 90 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 RSP: 0018:c90002d7ecc0 EFLAGS: 00010086 RAX: RBX: 0005 RCX: RDX: 8880163c8000 RSI: 815e88a8 RDI: f520005afd8a RBP: 0001 R08: R09: R10: 815e264e R11: R12: 898de560 R13: 89e43900 R14: 81658550 R15: 1920005afda3 FS: 55c03300() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fef3003e098 CR3: 73ad CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: debug_object_assert_init lib/debugobjects.c:895 [inline] debug_object_assert_init+0x1f4/0x2e0 lib/debugobjects.c:866 debug_timer_assert_init kernel/time/timer.c:739 [inline] debug_assert_init kernel/time/timer.c:784 [inline] del_timer+0x6d/0x110 kernel/time/timer.c:1204 try_to_grab_pending+0x6d/0xd0 kernel/workqueue.c:1270 __cancel_work_timer+0xa6/0x570 kernel/workqueue.c:3129 batadv_nc_mesh_free+0x41/0x120 net/batman-adv/network-coding.c:1869 batadv_mesh_free+0x7d/0x170 net/batman-adv/main.c:245 batadv_mesh_init+0x62f/0x710 net/batman-adv/main.c:226 batadv_softif_init_late+0xad4/0xdd0 net/batman-adv/soft-interface.c:804 register_netdevice+0x51e/0x1500 net/core/dev.c:10229 batadv_softif_newlink+0x6e/0x90 net/batman-adv/soft-interface.c:1068 __rtnl_newlink+0x106d/0x1750 net/core/rtnetlink.c:3458 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f14439a87e9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffda1fa6268 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0002 RCX: 7f14439a87e9 RDX: RSI: 2140 RDI: 0003 RBP: 7ffda1fa6270 R08: 0002 R09: 7f1443003531 R10: R11: 0246 R12: 0004 R13: R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For
[syzbot] WARNING in batadv_nc_mesh_free
Hello, syzbot found the following issue on: HEAD commit:2f111a6fd5b5 Merge tag 'ceph-for-5.15-rc7' of git://github.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=115750acb0 kernel config: https://syzkaller.appspot.com/x/.config?x=d95853dad8472c91 dashboard link: https://syzkaller.appspot.com/bug?extid=28b0702ada0bf7381f58 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1026ef2cb0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c9c162b0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+28b0702ada0bf7381...@syzkaller.appspotmail.com RBP: 7ffef262e230 R08: 0002 R09: 7fddc8003531 R10: R11: 0246 R12: 0004 R13: R14: R15: [ cut here ] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0 WARNING: CPU: 0 PID: 6517 at lib/debugobjects.c:508 debug_print_object lib/debugobjects.c:505 [inline] WARNING: CPU: 0 PID: 6517 at lib/debugobjects.c:508 debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Modules linked in: CPU: 0 PID: 6517 Comm: syz-executor011 Not tainted 5.15.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object lib/debugobjects.c:505 [inline] RIP: 0010:debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Code: e8 4b 15 b8 fd 4c 8b 45 00 48 c7 c7 a0 31 b4 8a 48 c7 c6 00 2e b4 8a 48 c7 c2 e0 33 b4 8a 31 c9 49 89 d9 31 c0 e8 b6 c6 36 fd <0f> 0b ff 05 3a 5c c5 09 48 83 c5 38 48 89 e8 48 c1 e8 03 42 80 3c RSP: 0018:c90002c7e698 EFLAGS: 00010046 RAX: cffa606352c78700 RBX: RCX: 888076ce9c80 RDX: RSI: 8000 RDI: RBP: 8a512d00 R08: 81693402 R09: ed1017383f2c R10: ed1017383f2c R11: R12: dc00 R13: 88801bcd1720 R14: 0002 R15: 90ba5a20 FS: 57087300() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f5473f3c000 CR3: 70ca6000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: debug_timer_assert_init kernel/time/timer.c:739 [inline] debug_assert_init kernel/time/timer.c:784 [inline] del_timer+0xa5/0x3d0 kernel/time/timer.c:1204 try_to_grab_pending+0x151/0xbb0 kernel/workqueue.c:1270 __cancel_work_timer+0x14c/0x710 kernel/workqueue.c:3129 batadv_nc_mesh_free+0x4a/0xf0 net/batman-adv/network-coding.c:1869 batadv_mesh_free+0x6f/0x140 net/batman-adv/main.c:245 batadv_mesh_init+0x4e5/0x550 net/batman-adv/main.c:226 batadv_softif_init_late+0x8fe/0xd70 net/batman-adv/soft-interface.c:804 register_netdevice+0x826/0x1c30 net/core/dev.c:10229 __rtnl_newlink net/core/rtnetlink.c:3458 [inline] rtnl_newlink+0x14b3/0x1d10 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xa29/0xe50 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] sys_sendmsg+0x5b9/0x910 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmsg+0x36f/0x450 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fddc82bc7e9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffef262e228 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0002 RCX: 7fddc82bc7e9 RDX: RSI: 2140 RDI: 0003 RBP: 7ffef262e230 R08: 0002 R09: 7fddc8003531 R10: R11: 0246 R12: 0004 R13: R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[syzbot] WARNING in batadv_v_ogm_free
Hello, syzbot found the following issue on: HEAD commit:2f111a6fd5b5 Merge tag 'ceph-for-5.15-rc7' of git://github.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=121d909f30 kernel config: https://syzkaller.appspot.com/x/.config?x=d95853dad8472c91 dashboard link: https://syzkaller.appspot.com/bug?extid=b6a62d5cb9fe05a0e3a3 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b6a62d5cb9fe05a0e...@syzkaller.appspotmail.com [ cut here ] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0 WARNING: CPU: 0 PID: 9723 at lib/debugobjects.c:508 debug_print_object lib/debugobjects.c:505 [inline] WARNING: CPU: 0 PID: 9723 at lib/debugobjects.c:508 debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Modules linked in: CPU: 0 PID: 9723 Comm: syz-executor.5 Not tainted 5.15.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object lib/debugobjects.c:505 [inline] RIP: 0010:debug_object_assert_init+0x1fa/0x250 lib/debugobjects.c:895 Code: e8 4b 15 b8 fd 4c 8b 45 00 48 c7 c7 a0 31 b4 8a 48 c7 c6 00 2e b4 8a 48 c7 c2 e0 33 b4 8a 31 c9 49 89 d9 31 c0 e8 b6 c6 36 fd <0f> 0b ff 05 3a 5c c5 09 48 83 c5 38 48 89 e8 48 c1 e8 03 42 80 3c RSP: 0018:c90015a06698 EFLAGS: 00010046 RAX: ccc2ef1263c32100 RBX: RCX: 0004 RDX: c90015ff3000 RSI: 0003 RDI: 0004 RBP: 8a512d00 R08: 81693402 R09: ed1017383f2c R10: ed1017383f2c R11: R12: dc00 R13: 8880a4325898 R14: R15: 90bebb30 FS: 7fb87671b700() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 5573fb61a270 CR3: 9b076000 CR4: 003506f0 Call Trace: debug_timer_assert_init kernel/time/timer.c:739 [inline] debug_assert_init kernel/time/timer.c:784 [inline] del_timer+0xa5/0x3d0 kernel/time/timer.c:1204 try_to_grab_pending+0x151/0xbb0 kernel/workqueue.c:1270 __cancel_work_timer+0x14c/0x710 kernel/workqueue.c:3129 batadv_v_ogm_free+0x2e/0xc0 net/batman-adv/bat_v_ogm.c:1076 batadv_mesh_free+0x67/0x140 net/batman-adv/main.c:244 batadv_mesh_init+0x4e5/0x550 net/batman-adv/main.c:226 batadv_softif_init_late+0x8fe/0xd70 net/batman-adv/soft-interface.c:804 register_netdevice+0x826/0x1c30 net/core/dev.c:10229 __rtnl_newlink net/core/rtnetlink.c:3458 [inline] rtnl_newlink+0x14b3/0x1d10 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2510 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xa29/0xe50 net/netlink/af_netlink.c:1935 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] sys_sendmsg+0x5b9/0x910 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmsg+0x36f/0x450 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fb8791a5a39 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fb87671b188 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 7fb8792a8f60 RCX: 7fb8791a5a39 RDX: RSI: 2140 RDI: 0003 RBP: 7fb87671b1d0 R08: R09: R10: R11: 0246 R12: 0002 R13: 7fffd6c2d8ef R14: 7fb87671b300 R15: 00022000 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[syzbot] WARNING: ODEBUG bug in batadv_v_ogm_free
Hello, syzbot found the following issue on: HEAD commit:44cc24b04bed Merge tag 'wireless-drivers-next-2021-10-07' .. git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=130661b8b0 kernel config: https://syzkaller.appspot.com/x/.config?x=97f67871098c6901 dashboard link: https://syzkaller.appspot.com/bug?extid=0ef06384b5f39a16ebb9 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1361e884b0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1472de98b0 The issue was bisected to: commit 9ee11f0fff205b4b3df9750bff5e94f97c71b6a0 Author: Justin Iurman Date: Tue Jul 20 19:42:57 2021 + ipv6: ioam: Data plane support for Pre-allocated Trace bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12c661b8b0 final oops: https://syzkaller.appspot.com/x/report.txt?x=11c661b8b0 console output: https://syzkaller.appspot.com/x/log.txt?x=16c661b8b0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+0ef06384b5f39a16e...@syzkaller.appspotmail.com Fixes: 9ee11f0fff20 ("ipv6: ioam: Data plane support for Pre-allocated Trace") R13: 7ffc310f3710 R14: 7ffc310f3760 R15: 0001 [ cut here ] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0 WARNING: CPU: 1 PID: 6548 at lib/debugobjects.c:505 debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Modules linked in: CPU: 1 PID: 6548 Comm: syz-executor580 Not tainted 5.15.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:debug_print_object+0x16e/0x250 lib/debugobjects.c:505 Code: ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 af 00 00 00 48 8b 14 dd c0 3e e4 89 4c 89 ee 48 c7 c7 c0 32 e4 89 e8 29 8d 16 05 <0f> 0b 83 05 55 18 91 09 01 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e c3 RSP: 0018:c90002bdee90 EFLAGS: 00010082 RAX: RBX: 0005 RCX: RDX: 88801c395580 RSI: 815dbbc8 RDI: f5200057bdc4 RBP: 0001 R08: R09: R10: 815d596e R11: R12: 898de200 R13: 89e43940 R14: 8164b870 R15: 19200057bddd FS: 5617e300() GS:8880b9d0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f868a8856c0 CR3: 2466 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: debug_object_assert_init lib/debugobjects.c:895 [inline] debug_object_assert_init+0x1f4/0x2e0 lib/debugobjects.c:866 debug_timer_assert_init kernel/time/timer.c:739 [inline] debug_assert_init kernel/time/timer.c:784 [inline] del_timer+0x6d/0x110 kernel/time/timer.c:1204 try_to_grab_pending+0x6d/0xd0 kernel/workqueue.c:1270 __cancel_work_timer+0xa6/0x570 kernel/workqueue.c:3129 batadv_v_ogm_free+0x1f/0xd0 net/batman-adv/bat_v_ogm.c:1076 batadv_mesh_free+0x75/0x170 net/batman-adv/main.c:244 batadv_mesh_init+0x62f/0x710 net/batman-adv/main.c:226 batadv_softif_init_late+0xad4/0xdd0 net/batman-adv/soft-interface.c:804 register_netdevice+0x51e/0x1500 net/core/dev.c:10236 batadv_softif_newlink+0x6e/0x90 net/batman-adv/soft-interface.c:1068 __rtnl_newlink+0x106d/0x1750 net/core/rtnetlink.c:3458 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3506 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2485 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x86d/0xda0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 __sys_sendto+0x21c/0x320 net/socket.c:2036 __do_sys_sendto net/socket.c:2048 [inline] __se_sys_sendto net/socket.c:2044 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:2044 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f4cb72c2829 Code: b2 01 00 85 c0 b8 00 00 00 00 48 0f 44 c3 5b c3 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffc310f36a8 EFLAGS: 0246 ORIG_RAX: 002c RAX: ffda RBX: 0003 RCX: 7f4cb72c2829 RDX: ad2a RSI: 2000 RDI: 0004 RBP: 7ffc310f3710 R08: R09: 4b6ae4f95a5de394 R10: 7812 R11: 0246 R12: 0005 R13: 7ffc310f3710 R14: 7ffc310f3760 R15: 0001 --- This report is generated by a bot. It may con
[syzbot] INFO: task hung in __xfs_buf_submit (2)
Hello, syzbot found the following issue on: HEAD commit:6e764bcd1cf7 Merge tag 'for-linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1050488530 kernel config: https://syzkaller.appspot.com/x/.config?x=2fd902af77ff1e56 dashboard link: https://syzkaller.appspot.com/bug?extid=4bb1622c9a583bb6f9f2 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1442760630 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=149b3cce30 The issue was bisected to: commit 887e975c4172d0d5670c39ead2f18ba1e4ec8133 Author: Mike Christie Date: Tue Aug 13 16:39:51 2019 + nbd: add missing config put bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11980ad530 final oops: https://syzkaller.appspot.com/x/report.txt?x=13980ad530 console output: https://syzkaller.appspot.com/x/log.txt?x=15980ad530 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+4bb1622c9a583bb6f...@syzkaller.appspotmail.com Fixes: 887e975c4172 ("nbd: add missing config put") INFO: task syz-executor519:8442 blocked for more than 143 seconds. Not tainted 5.14.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor519 state:D stack:22808 pid: 8442 ppid: 8441 flags:0x4004 Call Trace: context_switch kernel/sched/core.c:4681 [inline] __schedule+0xc07/0x11f0 kernel/sched/core.c:5938 schedule+0x14b/0x210 kernel/sched/core.c:6017 schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion+0x48/0x60 kernel/sched/completion.c:138 xfs_buf_iowait fs/xfs/xfs_buf.c:1571 [inline] __xfs_buf_submit+0x39d/0x6d0 fs/xfs/xfs_buf.c:1636 xfs_buf_submit fs/xfs/xfs_buf.c:58 [inline] xfs_buf_read_uncached+0x1fa/0x390 fs/xfs/xfs_buf.c:884 xfs_readsb+0x1dc/0x670 fs/xfs/xfs_mount.c:178 xfs_fs_fill_super+0x483/0x1780 fs/xfs/xfs_super.c:1428 get_tree_bdev+0x406/0x630 fs/super.c:1293 vfs_get_tree+0x86/0x270 fs/super.c:1498 do_new_mount fs/namespace.c:2923 [inline] path_mount+0x1981/0x2c10 fs/namespace.c:3253 do_mount fs/namespace.c:3266 [inline] __do_sys_mount fs/namespace.c:3474 [inline] __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3451 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x444239 RSP: 002b:7ffd4feb56f8 EFLAGS: 0246 ORIG_RAX: 00a5 RAX: ffda RBX: 0030656c69662f2e RCX: 00444239 RDX: 2140 RSI: 2000 RDI: 20c0 RBP: R08: R09: 7ffd4feb5898 R10: 8002 R11: 0246 R12: 00403550 R13: 431bde82d7b634db R14: 004b2018 R15: 004004a0 Showing all locks held in the system: 1 lock held by khungtaskd/1644: #0: 8c717ec0 (rcu_read_lock){}-{1:2}, at: rcu_lock_acquire+0x0/0x30 arch/x86/pci/mmconfig_64.c:151 2 locks held by in:imklog/8141: #0: 888023be8870 (>f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x24e/0x2f0 fs/file.c:974 #1: 8c717ec0 (rcu_read_lock){}-{1:2}, at: rcu_lock_acquire+0x5/0x30 include/linux/rcupdate.h:266 1 lock held by syz-executor519/8442: #0: 888030e060e0 (>s_umount_key#49/1){+.+.}-{3:3}, at: alloc_super+0x1c8/0x860 fs/super.c:229 = NMI backtrace for cpu 1 CPU: 1 PID: 1644 Comm: khungtaskd Not tainted 5.14.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1d3/0x29f lib/dump_stack.c:105 nmi_cpu_backtrace+0x16c/0x190 lib/nmi_backtrace.c:105 nmi_trigger_cpumask_backtrace+0x191/0x2f0 lib/nmi_backtrace.c:62 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline] check_hung_uninterruptible_tasks kernel/hung_task.c:210 [inline] watchdog+0xd06/0xd50 kernel/hung_task.c:295 kthread+0x453/0x480 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 4862 Comm: systemd-journal Not tainted 5.14.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:check_wait_context kernel/locking/lockdep.c:4688 [inline] RIP: 0010:__lock_acquire+0x5fc/0x6100 kernel/locking/lockdep.c:4965 Code: 00 fc ff df 4c 8b 7c 24 58 4c 8b 64 24 50 48 81 c3 b8 00 00 00 48 89 d8 48 c1 e8 03 8a 04 10 84 c0 0f 85 c1 25 00 00 44 8a 33 <48> 8b 44 24 60 8a 04 10 84 c0 0f 85 d2 25 00 00 41 8b 1c 24 81 e3 RSP: 0018:ff
[syzbot] KASAN: slab-out-of-bounds Write in ext4_write_inline_data_end
Hello, syzbot found the following issue on: HEAD commit:614cb2751d31 Merge tag 'trace-v5.14-rc6' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=130112c530 kernel config: https://syzkaller.appspot.com/x/.config?x=f61012d0b1cd846f dashboard link: https://syzkaller.appspot.com/bug?extid=13146364637c7363a7de compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=104d7cc530 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1333ce0e30 The issue was bisected to: commit a154d5d83d21af6b9ee32adc5dbcea5ac1fb534c Author: Arnd Bergmann Date: Mon Mar 4 20:38:03 2019 + net: ignore sysctl_devconf_inherit_init_net without SYSCTL bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13f970b630 final oops: https://syzkaller.appspot.com/x/report.txt?x=100570b630 console output: https://syzkaller.appspot.com/x/log.txt?x=17f970b630 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+13146364637c7363a...@syzkaller.appspotmail.com Fixes: a154d5d83d21 ("net: ignore sysctl_devconf_inherit_init_net without SYSCTL") == BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data fs/ext4/inline.c:245 [inline] BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data_end+0x4d4/0x960 fs/ext4/inline.c:754 Write of size 70 at addr 8880195444ef by task syz-executor279/8426 CPU: 0 PID: 8426 Comm: syz-executor279 Not tainted 5.14.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:105 print_address_description+0x66/0x3b0 mm/kasan/report.c:233 __kasan_report mm/kasan/report.c:419 [inline] kasan_report+0x163/0x210 mm/kasan/report.c:436 check_region_inline mm/kasan/generic.c:135 [inline] kasan_check_range+0x2b5/0x2f0 mm/kasan/generic.c:189 memcpy+0x3c/0x60 mm/kasan/shadow.c:66 ext4_write_inline_data fs/ext4/inline.c:245 [inline] ext4_write_inline_data_end+0x4d4/0x960 fs/ext4/inline.c:754 ext4_write_end+0x1ff/0xbd0 fs/ext4/inode.c:1290 generic_perform_write+0x361/0x580 mm/filemap.c:3667 ext4_buffered_write_iter+0x41c/0x590 fs/ext4/file.c:269 ext4_file_write_iter+0x8f7/0x1b90 fs/ext4/file.c:519 call_write_iter include/linux/fs.h:2114 [inline] new_sync_write fs/read_write.c:518 [inline] vfs_write+0xa39/0xc90 fs/read_write.c:605 ksys_write+0x171/0x2a0 fs/read_write.c:658 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x44ac89 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ff12e8852f8 EFLAGS: 0246 ORIG_RAX: 0001 RAX: ffda RBX: 004ce4d0 RCX: 0044ac89 RDX: 0082 RSI: 2180 RDI: 0006 RBP: 0049de98 R08: R09: R10: R11: 0246 R12: 0030656c69662f2e R13: 024645fc87234f45 R14: 26e1d8b70aefbc5b R15: 004ce4d8 Allocated by task 1: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] __kasan_slab_alloc+0x96/0xd0 mm/kasan/common.c:467 kasan_slab_alloc include/linux/kasan.h:254 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:2959 [inline] slab_alloc mm/slub.c:2967 [inline] kmem_cache_alloc+0x1d1/0x340 mm/slub.c:2972 kmem_cache_zalloc include/linux/slab.h:711 [inline] acpi_os_acquire_object include/acpi/platform/aclinuxex.h:67 [inline] acpi_ut_allocate_object_desc_dbg+0xd8/0x165 drivers/acpi/acpica/utobject.c:359 acpi_ut_create_internal_object_dbg+0x21/0x195 drivers/acpi/acpica/utobject.c:69 acpi_ds_build_internal_object+0x15f/0x732 drivers/acpi/acpica/dsobject.c:94 acpi_ds_create_node+0xe9/0x1a8 drivers/acpi/acpica/dsobject.c:281 acpi_ds_load2_end_op+0x7d0/0xebc drivers/acpi/acpica/dswload2.c:618 acpi_ds_exec_end_op+0x6ce/0x11d4 drivers/acpi/acpica/dswexec.c:637 acpi_ps_parse_loop+0xd9f/0x1cf0 drivers/acpi/acpica/psloop.c:525 acpi_ps_parse_aml+0x1d5/0x955 drivers/acpi/acpica/psparse.c:475 acpi_ps_execute_table+0x317/0x3ef drivers/acpi/acpica/psxface.c:295 acpi_ns_execute_table+0x436/0x5bf drivers/acpi/acpica/nsparse.c:116 acpi_ns_load_table+0x5e/0x120 drivers/acpi/acpica/nsload.c:71 acpi_tb_load_namespace+0x456/0x6b9 drivers/acpi/acpica/tbxfload.c:186 acpi_load_tables+0x45/0xf5 drivers/acpi/acpica/tbxfload.c:59 acpi_bus_init+0x9a/0x993 drivers/acpi/bus.c:1213 acpi_init+0x8c/0x22c dr
[syzbot] WARNING in __v9fs_get_acl
Hello, syzbot found the following issue on: HEAD commit:761c6d7ec820 Merge tag 'arc-5.14-rc6' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11d87ca130 kernel config: https://syzkaller.appspot.com/x/.config?x=730106bfb5bf8ace dashboard link: https://syzkaller.appspot.com/bug?extid=56fdf7f6291d819b9b19 compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.1 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12ca602930 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13bf42a130 The issue was bisected to: commit 0ac1077e3a549bf8d35971613e2be05bdbb41a00 Author: Xin Long Date: Tue Oct 16 07:52:02 2018 + sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16f311fa30 final oops: https://syzkaller.appspot.com/x/report.txt?x=15f311fa30 console output: https://syzkaller.appspot.com/x/log.txt?x=11f311fa30 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+56fdf7f6291d819b9...@syzkaller.appspotmail.com Fixes: 0ac1077e3a54 ("sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead") [ cut here ] WARNING: CPU: 1 PID: 8426 at mm/page_alloc.c:5366 __alloc_pages+0x588/0x5f0 mm/page_alloc.c:5413 Modules linked in: CPU: 1 PID: 8426 Comm: syz-executor477 Not tainted 5.14.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__alloc_pages+0x588/0x5f0 mm/page_alloc.c:5413 Code: 00 48 ba 00 00 00 00 00 fc ff df e9 5e fd ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 6d fd ff ff e8 bd 62 0a 00 e9 63 fd ff ff <0f> 0b 45 31 e4 e9 7a fd ff ff 48 8d 4c 24 50 80 e1 07 80 c1 03 38 RSP: 0018:c9fff9a0 EFLAGS: 00010246 RAX: dc00 RBX: 0014 RCX: RDX: 0028 RSI: RDI: c9fffa28 RBP: c9fffaa8 R08: dc00 R09: c9fffa00 R10: f520001fff45 R11: R12: 00040d40 R13: c9fffa00 R14: 1920001fff3c R15: 1920001fff38 FS: 0148e300() GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fa1e9a97740 CR3: 3406e000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: kmalloc_order+0x41/0x170 mm/slab_common.c:955 kmalloc_order_trace+0x15/0x70 mm/slab_common.c:971 kmalloc_large include/linux/slab.h:520 [inline] __kmalloc+0x292/0x390 mm/slub.c:4101 kmalloc include/linux/slab.h:596 [inline] kzalloc include/linux/slab.h:721 [inline] __v9fs_get_acl+0x40/0x110 fs/9p/acl.c:36 v9fs_get_acl+0xa5/0x290 fs/9p/acl.c:71 v9fs_mount+0x6ea/0x870 fs/9p/vfs_super.c:182 legacy_get_tree+0xea/0x180 fs/fs_context.c:610 vfs_get_tree+0x86/0x270 fs/super.c:1498 do_new_mount fs/namespace.c:2919 [inline] path_mount+0x196f/0x2be0 fs/namespace.c:3249 do_mount fs/namespace.c:3262 [inline] __do_sys_mount fs/namespace.c:3470 [inline] __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3447 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x43f2e9 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffcc30ccf58 EFLAGS: 0246 ORIG_RAX: 00a5 RAX: ffda RBX: 00400488 RCX: 0043f2e9 RDX: 2200 RSI: 2000 RDI: RBP: 00403040 R08: 20004440 R09: 00400488 R10: R11: 0246 R12: 004030d0 R13: R14: 004ad018 R15: 00400488 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: [syzbot] WARNING in sta_info_alloc
syzbot suspects this issue was fixed by commit: commit 282ab3ff16120ec670fe3330e85f8ebf13092f21 Author: David Sterba Date: Mon Oct 14 12:38:33 2019 + btrfs: reduce compressed_bio members' types bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12d5f6f230 start commit: 7f75285ca572 Merge tag 'for-5.12/dm-fixes-3' of git://git... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=b5591c832f889fd9 dashboard link: https://syzkaller.appspot.com/bug?extid=45d7c243c006f39dc55a syz repro: https://syzkaller.appspot.com/x/repro.syz?x=164f385ad0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1427af9ad0 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: btrfs: reduce compressed_bio members' types For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[syzbot] BUG: sleeping function called from invalid context in crypto_drop_spawn (2)
Hello, syzbot found the following issue on: HEAD commit:d6765985 Revert "be2net: disable bh with spin_lock in be_p.. git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=1555a0d830 kernel config: https://syzkaller.appspot.com/x/.config?x=7ca96a2d153c74b0 dashboard link: https://syzkaller.appspot.com/bug?extid=610ec0671f51e838436e Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+610ec0671f51e8384...@syzkaller.appspotmail.com BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1405 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1180, name: kworker/u4:6 4 locks held by kworker/u4:6/1180: #0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:617 [inline] #0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:644 [inline] #0: 88802897e138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x871/0x1600 kernel/workqueue.c:2247 #1: c90004ecfda8 ((work_completion)(&(_priv->nc.work)->work)){+.+.}-{0:0}, at: process_one_work+0x8a5/0x1600 kernel/workqueue.c:2251 #2: 8bf79620 (rcu_read_lock){}-{1:2}, at: batadv_nc_process_nc_paths.part.0+0xb1/0x3b0 net/batman-adv/network-coding.c:680 #3: 8bf79500 (rcu_callback){}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2547 [inline] #3: 8bf79500 (rcu_callback){}-{0:0}, at: rcu_core+0x737/0x13b0 kernel/rcu/tree.c:2793 Preemption disabled at: [<>] 0x0 CPU: 1 PID: 1180 Comm: kworker/u4:6 Not tainted 5.13.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ___might_sleep.cold+0x1f1/0x237 kernel/sched/core.c:8337 down_write+0x6e/0x150 kernel/locking/rwsem.c:1405 crypto_drop_spawn crypto/algapi.c:709 [inline] crypto_drop_spawn+0x4b/0x2b0 crypto/algapi.c:704 crypto_drop_aead include/crypto/internal/aead.h:90 [inline] pcrypt_free+0x15/0x80 crypto/pcrypt.c:206 crypto_free_instance crypto/algapi.c:68 [inline] crypto_destroy_instance+0x7a/0xc0 crypto/algapi.c:76 crypto_alg_put crypto/internal.h:108 [inline] crypto_alg_put crypto/internal.h:105 [inline] crypto_mod_put+0xd3/0x100 crypto/api.c:45 crypto_destroy_tfm crypto/api.c:573 [inline] crypto_destroy_tfm+0xdb/0x240 crypto/api.c:561 crypto_free_aead include/crypto/aead.h:193 [inline] tipc_aead_free+0x398/0x660 net/tipc/crypto.c:422 rcu_do_batch kernel/rcu/tree.c:2558 [inline] rcu_core+0x7ab/0x13b0 kernel/rcu/tree.c:2793 __do_softirq+0x29b/0x9f6 kernel/softirq.c:559 invoke_softirq kernel/softirq.c:433 [inline] __irq_exit_rcu+0x136/0x200 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:647 RIP: 0010:check_preemption_disabled+0x2a/0x150 lib/smp_processor_id.c:16 Code: 41 56 41 55 49 89 f5 41 54 55 48 89 fd 53 0f 1f 44 00 00 65 44 8b 25 1d 7a ea 76 65 8b 1d 6e d4 ea 76 81 e3 ff ff ff 7f 31 ff <89> de 0f 1f 44 00 00 85 db 74 11 0f 1f 44 00 00 44 89 e0 5b 5d 41 RSP: 0018:c90004ecfbd8 EFLAGS: 0246 RAX: RBX: 0001 RCX: RDX: 888017ed3880 RSI: 89c2e880 RDI: RBP: 89c2e8c0 R08: R09: R10: 88b6951d R11: R12: 0001 R13: 89c2e880 R14: 88803029cc00 R15: 001f rcu_dynticks_curr_cpu_in_eqs kernel/rcu/tree.c:325 [inline] rcu_is_watching+0xe/0xc0 kernel/rcu/tree.c:1168 rcu_read_unlock include/linux/rcupdate.h:707 [inline] batadv_nc_process_nc_paths.part.0+0x304/0x3b0 net/batman-adv/network-coding.c:695 batadv_nc_process_nc_paths net/batman-adv/network-coding.c:675 [inline] batadv_nc_worker+0xb90/0xe50 net/batman-adv/network-coding.c:731 process_one_work+0x98d/0x1600 kernel/workqueue.c:2276 worker_thread+0x64c/0x1120 kernel/workqueue.c:2422 kthread+0x3b1/0x4a0 kernel/kthread.c:313 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 = [ BUG: Invalid wait context ] 5.13.0-rc6-syzkaller #0 Tainted: GW - kworker/u4:6/1180 is tryin
Re: [syzbot] INFO: task hung in register_netdevice_notifier (2)
syzbot has bisected this issue to: commit 6bf071bf09d4b2ff3ee8783531e2ce814f0870cb Author: Jesper Dangaard Brouer Date: Tue Jun 18 13:05:27 2019 + xdp: page_pool related fix to cpumap bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1397c4a7d0 start commit: 7ac3a1c1 Merge tag 'mtd/fixes-for-5.13-rc4' of git://git.k.. git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=1057c4a7d0 console output: https://syzkaller.appspot.com/x/log.txt?x=1797c4a7d0 kernel config: https://syzkaller.appspot.com/x/.config?x=266cda122a0b56c dashboard link: https://syzkaller.appspot.com/bug?extid=355f8edb2ff45d5f95fa syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16cc630fd0 Reported-by: syzbot+355f8edb2ff45d5f9...@syzkaller.appspotmail.com Fixes: 6bf071bf09d4 ("xdp: page_pool related fix to cpumap") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] WARNING in ieee802154_del_seclevel
syzbot has bisected this issue to: commit 416dacb819f59180e4d86a5550052033ebb6d72c Author: Alan Stern Date: Wed Aug 21 17:27:12 2019 + HID: hidraw: Fix invalid read in hidraw_ioctl bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd0 start commit: 6e5a03bc ethernet/netronome/nfp: Fix a use after free in n.. git tree: net final oops: https://syzkaller.appspot.com/x/report.txt?x=117430fcd0 console output: https://syzkaller.appspot.com/x/log.txt?x=167430fcd0 kernel config: https://syzkaller.appspot.com/x/.config?x=daeff30c2474a60f dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bfe45ed0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1188e31ad0 Reported-by: syzbot+fbf4fc11a819824e0...@syzkaller.appspotmail.com Fixes: 416dacb819f5 ("HID: hidraw: Fix invalid read in hidraw_ioctl") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in init_timer_key
syzbot has bisected this issue to: commit b9df4fd7e99cb8bfd80c4143f3045d63b1754ad0 Author: Heiner Kallweit Date: Sun Oct 6 16:19:54 2019 + net: core: change return type of pskb_may_pull to bool bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11b4545cd0 start commit: 1048ba83 Linux 5.11-rc6 git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=13b4545cd0 console output: https://syzkaller.appspot.com/x/log.txt?x=15b4545cd0 kernel config: https://syzkaller.appspot.com/x/.config?x=3ae5569643a9955f dashboard link: https://syzkaller.appspot.com/bug?extid=105896fac213f26056f9 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16f0e564d0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=147075e8d0 Reported-by: syzbot+105896fac213f2605...@syzkaller.appspotmail.com Fixes: b9df4fd7e99c ("net: core: change return type of pskb_may_pull to bool") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: INFO: trying to register non-static key in l2cap_sock_teardown_cb
syzbot has bisected this issue to: commit 4680a7ee5db27772af40d83393fa0fb955b745b7 Author: Miklos Szeredi Date: Sat Oct 1 05:32:33 2016 + fuse: remove duplicate cs->offset assignment bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11fc80e750 start commit: 73b7a604 net: dsa: bcm_sf2: support BCM4908's integrated s.. git tree: net-next final oops: https://syzkaller.appspot.com/x/report.txt?x=13fc80e750 console output: https://syzkaller.appspot.com/x/log.txt?x=15fc80e750 kernel config: https://syzkaller.appspot.com/x/.config?x=9ce34124da4c882b dashboard link: https://syzkaller.appspot.com/bug?extid=a41dfef1d2e04910eb2e syz repro: https://syzkaller.appspot.com/x/repro.syz?x=166ee4cf50 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1337172f50 Reported-by: syzbot+a41dfef1d2e04910e...@syzkaller.appspotmail.com Fixes: 4680a7ee5db2 ("fuse: remove duplicate cs->offset assignment") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
WARNING in rds_rdma_extra_size
Hello, syzbot found the following issue on: HEAD commit:6207214a Merge tag 'afs-fixes-04012021' of git://git.kerne.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=146967c0d0 kernel config: https://syzkaller.appspot.com/x/.config?x=8aa30b9da402d224 dashboard link: https://syzkaller.appspot.com/bug?extid=1bd2b07f93745fa38425 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1351c11f50 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1710cb50d0 The issue was bisected to: commit fdadd04931c2d7cd294dc5b2b342863f94be53a3 Author: Daniel Borkmann Date: Tue Dec 11 11:14:12 2018 + bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10056f70d0 final oops: https://syzkaller.appspot.com/x/report.txt?x=12056f70d0 console output: https://syzkaller.appspot.com/x/log.txt?x=14056f70d0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+1bd2b07f93745fa38...@syzkaller.appspotmail.com Fixes: fdadd04931c2 ("bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K") [ cut here ] WARNING: CPU: 1 PID: 8462 at mm/page_alloc.c:4976 __alloc_pages_nodemask+0x5f8/0x730 mm/page_alloc.c:5011 Modules linked in: CPU: 1 PID: 8462 Comm: syz-executor292 Not tainted 5.11.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__alloc_pages_nodemask+0x5f8/0x730 mm/page_alloc.c:4976 Code: 00 00 0c 00 0f 85 a7 00 00 00 8b 3c 24 4c 89 f2 44 89 e6 c6 44 24 70 00 48 89 6c 24 58 e8 d0 d7 ff ff 49 89 c5 e9 ea fc ff ff <0f> 0b e9 b5 fd ff ff 89 74 24 14 4c 89 4c 24 08 4c 89 74 24 18 e8 RSP: 0018:c9000169f790 EFLAGS: 00010246 RAX: RBX: 1920002d3ef6 RCX: RDX: RSI: dc00 RDI: 00040dc0 RBP: 00040dc0 R08: R09: R10: 81b1f7f1 R11: R12: 0018 R13: 0018 R14: R15: 000ff1f0 FS: 00f3c880() GS:8880b9f0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f6b332916c0 CR3: 133c3000 CR4: 00350ee0 Call Trace: alloc_pages_current+0x18c/0x2a0 mm/mempolicy.c:2267 alloc_pages include/linux/gfp.h:547 [inline] kmalloc_order+0x2e/0xb0 mm/slab_common.c:837 kmalloc_order_trace+0x14/0x120 mm/slab_common.c:853 kmalloc_array include/linux/slab.h:592 [inline] kcalloc include/linux/slab.h:621 [inline] rds_rdma_extra_size+0xb2/0x3b0 net/rds/rdma.c:568 rds_rm_size net/rds/send.c:928 [inline] rds_sendmsg+0x20d7/0x3020 net/rds/send.c:1265 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 sys_sendmsg+0x6e8/0x810 net/socket.c:2345 ___sys_sendmsg+0xf3/0x170 net/socket.c:2399 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2432 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x440359 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7ffe89376b68 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 004002c8 RCX: 00440359 RDX: RSI: 20001600 RDI: 0003 RBP: 006ca018 R08: 004002c8 R09: 004002c8 R10: R11: 0246 R12: 00401b60 R13: 00401bf0 R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
INFO: task hung in sync_inodes_sb (4)
Hello, syzbot found the following issue on: HEAD commit:03430750 Add linux-next specific files for 20201116 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=17027fdc50 kernel config: https://syzkaller.appspot.com/x/.config?x=a1c4c3f27041fdb8 dashboard link: https://syzkaller.appspot.com/bug?extid=7d50f1e54a12ba3aeae2 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=124a884150 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15a4fce250 The issue was bisected to: commit c68df2e7be0c1238ea3c281fd744a204ef3b15a0 Author: Emmanuel Grumbach Date: Thu Sep 15 13:30:02 2016 + mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1445e98150 final oops: https://syzkaller.appspot.com/x/report.txt?x=1645e98150 console output: https://syzkaller.appspot.com/x/log.txt?x=1245e98150 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+7d50f1e54a12ba3ae...@syzkaller.appspotmail.com Fixes: c68df2e7be0c ("mac80211: allow using AP_LINK_PS with mac80211-generated TIM IE") INFO: task syz-executor017:8513 blocked for more than 143 seconds. Not tainted 5.10.0-rc3-next-20201116-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor017 state:D stack:27448 pid: 8513 ppid: 8507 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:4269 [inline] __schedule+0x890/0x2030 kernel/sched/core.c:5019 schedule+0xcf/0x270 kernel/sched/core.c:5098 wb_wait_for_completion+0x17b/0x230 fs/fs-writeback.c:209 sync_inodes_sb+0x1a6/0x9d0 fs/fs-writeback.c:2559 __sync_filesystem fs/sync.c:34 [inline] sync_filesystem fs/sync.c:67 [inline] sync_filesystem+0x15c/0x260 fs/sync.c:48 generic_shutdown_super+0x70/0x370 fs/super.c:448 kill_block_super+0x97/0xf0 fs/super.c:1446 deactivate_locked_super+0x94/0x160 fs/super.c:335 deactivate_super+0xad/0xd0 fs/super.c:366 cleanup_mnt+0x3a3/0x530 fs/namespace.c:1123 task_work_run+0xdd/0x190 kernel/task_work.c:140 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x1f0/0x200 kernel/entry/common.c:199 syscall_exit_to_user_mode+0x38/0x260 kernel/entry/common.c:274 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x44e0e7 Code: Unable to access opcode bytes at RIP 0x44e0bd. RSP: 002b:7fff42061288 EFLAGS: 0206 ORIG_RAX: 00a6 RAX: RBX: 000cee4c RCX: 0044e0e7 RDX: 00400be0 RSI: 0002 RDI: 7fff42061330 RBP: 2142 R08: R09: 0009 R10: 0005 R11: 0206 R12: 7fff420623e0 R13: 01f67880 R14: R15: Showing all locks held in the system: 2 locks held by kworker/u4:5/225: #0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:856 [inline] #0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:41 [inline] #0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:616 [inline] #0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:643 [inline] #0: 8881413a4138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x821/0x15a0 kernel/workqueue.c:2243 #1: c9000191fda8 ((work_completion)(&(>dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x854/0x15a0 kernel/workqueue.c:2247 1 lock held by khungtaskd/1655: #0: 8b339ce0 (rcu_read_lock){}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6252 1 lock held by in:imklog/8188: #0: 888017c8f4f0 (>f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100 fs/file.c:932 2 locks held by syz-executor017/8513: #0: 88801a8500e0 (>s_umount_key#49){+.+.}-{3:3}, at: deactivate_super+0xa5/0xd0 fs/super.c:365 #1: 888143f5e708 (>wb_switch_rwsem){+.+.}-{3:3}, at: bdi_down_write_wb_switch_rwsem fs/fs-writeback.c:344 [inline] #1: 888143f5e708 (>wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x18c/0x9d0 fs/fs-writeback.c:2557 = NMI backtrace for cpu 0 CPU: 0 PID: 1655 Comm: khungtaskd Not tainted 5.10.0-rc3-next-20201116-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x107/0x163 lib/dump_stack.c:120 nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtra
Re: INFO: rcu detected stall in exit_group
syzbot suspects this issue was fixed by commit: commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 12:21:14 2020 + afs: Fix cell removal bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14b65c3a50 start commit: 34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9 dashboard link: https://syzkaller.appspot.com/bug?extid=1a14a0f8ce1a06d4415f userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c6642d90 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=132d00fd90 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: afs: Fix cell removal For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: INFO: rcu detected stall in security_file_open (3)
syzbot suspects this issue was fixed by commit: commit 1d0e850a49a5b56f8f3cb51e74a11e2fedb96be6 Author: David Howells Date: Fri Oct 16 12:21:14 2020 + afs: Fix cell removal bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14bc220a50 start commit: fb0155a0 Merge tag 'nfs-for-5.9-3' of git://git.linux-nfs... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=41b736b7ce1b3ea4 dashboard link: https://syzkaller.appspot.com/bug?extid=d2b6e8cc299748fecf25 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1249c71790 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1048d9e390 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: afs: Fix cell removal For information about bisection process see: https://goo.gl/tpsmEJ#bisection
WARNING in sta_info_alloc
Hello, syzbot found the following issue on: HEAD commit:549738f1 Linux 5.9-rc8 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15b97ba390 kernel config: https://syzkaller.appspot.com/x/.config?x=c06bcf3cc963d91c dashboard link: https://syzkaller.appspot.com/bug?extid=45d7c243c006f39dc55a compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12bae9c050 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1099b1c050 The issue was bisected to: commit 643c332d519bdfbf80d21f40d1c0aa0ccf3ec1cb Author: Zi Shen Lim Date: Thu Jun 9 04:18:50 2016 + arm64: bpf: optimize LD_ABS, LD_IND bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11d4447790 final oops: https://syzkaller.appspot.com/x/report.txt?x=13d4447790 console output: https://syzkaller.appspot.com/x/log.txt?x=15d4447790 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+45d7c243c006f39dc...@syzkaller.appspotmail.com Fixes: 643c332d519b ("arm64: bpf: optimize LD_ABS, LD_IND") [ cut here ] WARNING: CPU: 0 PID: 6879 at net/mac80211/ieee80211_i.h:1447 ieee80211_get_sband net/mac80211/ieee80211_i.h:1447 [inline] WARNING: CPU: 0 PID: 6879 at net/mac80211/ieee80211_i.h:1447 sta_info_alloc+0x1900/0x1f90 net/mac80211/sta_info.c:469 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 6879 Comm: syz-executor071 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 panic+0x382/0x7fb kernel/panic.c:231 __warn.cold+0x20/0x4b kernel/panic.c:600 report_bug+0x1bd/0x210 lib/bug.c:198 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:ieee80211_get_sband net/mac80211/ieee80211_i.h:1447 [inline] RIP: 0010:sta_info_alloc+0x1900/0x1f90 net/mac80211/sta_info.c:469 Code: 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 f0 04 00 00 49 8b 9f 60 01 00 00 e9 fc f6 ff ff e8 80 20 b6 f9 <0f> 0b e8 e9 62 66 00 31 ff 89 c3 89 c6 e8 ce 1c b6 f9 85 db 74 1d RSP: 0018:c9000539f498 EFLAGS: 00010293 RAX: RBX: 0001 RCX: 87c01d61 RDX: 8880a91ec3c0 RSI: 87c01e10 RDI: 0005 RBP: 8880896e0c80 R08: 0001 R09: 8d0c29e7 R10: R11: R12: R13: 8880896e31b0 R14: dc00 R15: 888092f06000 ieee80211_add_station+0x28c/0x660 net/mac80211/cfg.c:1586 rdev_add_station net/wireless/rdev-ops.h:190 [inline] nl80211_new_station+0xde7/0x1440 net/wireless/nl80211.c:6294 genl_family_rcv_msg_doit net/netlink/genetlink.c:669 [inline] genl_family_rcv_msg net/netlink/genetlink.c:714 [inline] genl_rcv_msg+0x61d/0x980 net/netlink/genetlink.c:731 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 genl_rcv+0x24/0x40 net/netlink/genetlink.c:742 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 sys_sendmsg+0x6e8/0x810 net/socket.c:2353 ___sys_sendmsg+0xf3/0x170 net/socket.c:2407 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x441999 Code: e8 dc 05 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 0d fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7ffd9fa54bf8 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: RCX: 00441999 RDX: RSI: 2040 RDI: 0005 RBP: 00306e616c77 R08: R09: 0020 R10: R11: 0246 R12: 0032 R13: R14: 000c R15: 0004 Kernel Offset: disabled Rebooting in 86400 seconds.. --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: WARNING in drv_bss_info_changed
syzbot has bisected this issue to: commit 489b30b53f0540b9f8e391cbb2839cea48b5d1c1 Author: Kirill Tkhai Date: Thu Mar 15 09:10:57 2018 + net: Convert l2tp_net_ops bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=175b598f90 start commit: fcadab74 Merge tag 'drm-fixes-2020-10-01-1' of git://anong.. git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=14db598f90 console output: https://syzkaller.appspot.com/x/log.txt?x=10db598f90 kernel config: https://syzkaller.appspot.com/x/.config?x=89ab6a0c48f30b49 dashboard link: https://syzkaller.appspot.com/bug?extid=4cf3e4e092f2f4120a52 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145eb66790 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15422c1f90 Reported-by: syzbot+4cf3e4e092f2f4120...@syzkaller.appspotmail.com Fixes: 489b30b53f05 ("net: Convert l2tp_net_ops") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in cfg80211_connect
syzbot has bisected this issue to: commit 16d4d43595b4780daac8fcea6d042689124cb094 Author: Christoph Hellwig Date: Wed Jul 20 01:38:55 2016 + xfs: split direct I/O and DAX path bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14f662b790 start commit: 87d5034d Merge tag 'mlx5-updates-2020-09-30' of git://git... git tree: net-next final oops: https://syzkaller.appspot.com/x/report.txt?x=16f662b790 console output: https://syzkaller.appspot.com/x/log.txt?x=12f662b790 kernel config: https://syzkaller.appspot.com/x/.config?x=7b5cc8ec2218e99d dashboard link: https://syzkaller.appspot.com/bug?extid=5f9392825de654244975 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1100d33390 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1414c99790 Reported-by: syzbot+5f9392825de654244...@syzkaller.appspotmail.com Fixes: 16d4d43595b4 ("xfs: split direct I/O and DAX path") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in rt6_fill_node
syzbot suspects this issue was fixed by commit: commit eeaac3634ee0e3f35548be35275efeca888e9b23 Author: Nikolay Aleksandrov Date: Sat Aug 22 12:06:36 2020 + net: nexthop: don't allow empty NHA_GROUP bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12beed5b90 start commit: c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=a0437fdd630bee11 dashboard link: https://syzkaller.appspot.com/bug?extid=81af6e9b3c4b8bc874f8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13ff853990 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143f3a9690 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net: nexthop: don't allow empty NHA_GROUP For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in nexthop_is_blackhole
syzbot suspects this issue was fixed by commit: commit eeaac3634ee0e3f35548be35275efeca888e9b23 Author: Nikolay Aleksandrov Date: Sat Aug 22 12:06:36 2020 + net: nexthop: don't allow empty NHA_GROUP bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=116177a790 start commit: c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=bb68b9e8a8cc842f dashboard link: https://syzkaller.appspot.com/bug?extid=b2c08a2f5cfef635cc3a syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d75e3990 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12aea51990 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: net: nexthop: don't allow empty NHA_GROUP For information about bisection process see: https://goo.gl/tpsmEJ#bisection
KMSAN: uninit-value in batadv_nc_worker
Hello, syzbot found the following issue on: HEAD commit:5edb1df2 kmsan: drop the _nosanitize string functions git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=10cc55a790 kernel config: https://syzkaller.appspot.com/x/.config?x=4991d22eb136035c dashboard link: https://syzkaller.appspot.com/bug?extid=da9194708de785081f11 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+da9194708de785081...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] BUG: KMSAN: uninit-value in batadv_nc_worker+0x1c0/0x1d70 net/batman-adv/network-coding.c:718 CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_nc_worker Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:122 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:201 batadv_nc_purge_orig_hash net/batman-adv/network-coding.c:408 [inline] batadv_nc_worker+0x1c0/0x1d70 net/batman-adv/network-coding.c:718 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:293 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:143 [inline] kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:126 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:80 slab_alloc_node mm/slub.c:2907 [inline] slab_alloc mm/slub.c:2916 [inline] __kmalloc+0x2bb/0x4b0 mm/slub.c:3982 kmalloc_array+0x90/0x140 include/linux/slab.h:594 batadv_hash_new+0x129/0x530 net/batman-adv/hash.c:52 batadv_originator_init+0x9b/0x370 net/batman-adv/originator.c:211 batadv_mesh_init+0x4dc/0x9d0 net/batman-adv/main.c:204 batadv_softif_init_late+0x6d8/0xa30 net/batman-adv/soft-interface.c:857 register_netdevice+0xbbc/0x37d0 net/core/dev.c:9760 __rtnl_newlink net/core/rtnetlink.c:3454 [inline] rtnl_newlink+0x2e77/0x3ed0 net/core/rtnetlink.c:3500 rtnetlink_rcv_msg+0x142b/0x18c0 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x6d7/0x7e0 net/netlink/af_netlink.c:2470 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:5581 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x11c8/0x1490 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x173a/0x1840 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg net/socket.c:671 [inline] __sys_sendto+0x9dc/0xc80 net/socket.c:1992 __do_sys_sendto net/socket.c:2004 [inline] __se_sys_sendto+0x107/0x130 net/socket.c:2000 __x64_sys_sendto+0x6e/0x90 net/socket.c:2000 do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48 entry_SYSCALL_64_after_hwframe+0x44/0xa9 = --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
INFO: rcu detected stall in security_file_open (3)
Hello, syzbot found the following issue on: HEAD commit:fb0155a0 Merge tag 'nfs-for-5.9-3' of git://git.linux-nfs... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10b007cf90 kernel config: https://syzkaller.appspot.com/x/.config?x=41b736b7ce1b3ea4 dashboard link: https://syzkaller.appspot.com/bug?extid=d2b6e8cc299748fecf25 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1249c71790 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1048d9e390 The issue was bisected to: commit c9d8f5f0692d5960ed50970ffe63756fb8f96cdb Author: Kirill Tkhai Date: Fri Nov 9 10:33:27 2018 + fuse: Protect fi->nlookup with fi->lock bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11af769d90 final oops: https://syzkaller.appspot.com/x/report.txt?x=13af769d90 console output: https://syzkaller.appspot.com/x/log.txt?x=15af769d90 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+d2b6e8cc299748fec...@syzkaller.appspotmail.com Fixes: c9d8f5f0692d ("fuse: Protect fi->nlookup with fi->lock") rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu:Tasks blocked on level-0 rcu_node (CPUs 0-1): [ cut here ] WARNING: CPU: 0 PID: 3922 at kernel/sched/core.c:3013 rq_unlock kernel/sched/sched.h:1326 [inline] WARNING: CPU: 0 PID: 3922 at kernel/sched/core.c:3013 try_invoke_on_locked_down_task+0x21d/0x2f0 kernel/sched/core.c:3019 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 3922 Comm: systemd-udevd Not tainted 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 panic+0x382/0x7fb kernel/panic.c:231 __warn.cold+0x20/0x4b kernel/panic.c:600 report_bug+0x1bd/0x210 lib/bug.c:198 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:try_invoke_on_locked_down_task+0x21d/0x2f0 kernel/sched/core.c:3013 Code: 45 31 f6 49 39 c0 74 3a 8b 74 24 38 49 8d 78 18 4c 89 04 24 e8 a4 e7 08 00 4c 8b 04 24 4c 89 c7 e8 28 ab d6 06 e9 20 ff ff ff <0f> 0b e9 7d fe ff ff 4c 89 ee 48 89 ef 41 ff d4 41 89 c6 e9 08 ff RSP: 0018:c9007be0 EFLAGS: 00010046 RAX: RBX: 19200f7e RCX: 0001 RDX: RSI: 8162da10 RDI: 8880a61a2440 RBP: 8880a61a2440 R08: 0033 R09: 8a05ae03 R10: 062e R11: 0001 R12: 8162da10 R13: c9007d08 R14: 8880a61a2440 R15: rcu_print_task_stall kernel/rcu/tree_stall.h:267 [inline] print_other_cpu_stall kernel/rcu/tree_stall.h:475 [inline] check_cpu_stall kernel/rcu/tree_stall.h:634 [inline] rcu_pending kernel/rcu/tree.c:3639 [inline] rcu_sched_clock_irq.cold+0x97e/0xdfd kernel/rcu/tree.c:2521 update_process_times+0x25/0xa0 kernel/time/timer.c:1710 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:176 tick_sched_timer+0x1d1/0x2a0 kernel/time/tick-sched.c:1328 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x334/0x940 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x147/0x5f0 arch/x86/kernel/apic/apic.c:1097 asm_call_irq_on_stack+0xf/0x20 __run_sysvec_on_irqstack arch/x86/include/asm/irq_stack.h:37 [inline] run_sysvec_on_irqstack_cond arch/x86/include/asm/irq_stack.h:89 [inline] sysvec_apic_timer_interrupt+0xb2/0xf0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline] RIP: 0010:check_kcov_mode kernel/kcov.c:163 [inline] RIP: 0010:__sanitizer_cov_trace_pc+0x9/0x60 kernel/kcov.c:197 Code: 5d be 03 00 00 00 e9 76 af 49 02 66 0f 1f 44 00 00 48 8b be b0 01 00 00 e8 b4 ff ff ff 31 c0 c3 90 65 48 8b 14 25 c0 fe 01 00 <65> 8b 05 e0 bf 8b 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74 RSP: 0018:c9f075a8 EFLAGS: 0246 RAX: RBX: 0004 RCX: 838a0be7 RDX: 88809c62c4c0 RSI: 88809c62c4c0 RDI: 0005 RBP: 8880a601de80 R08: 0001 R09: 8d5f79c7 R10: R11: R12: 0001 R13: 0183 R14: dc00 R15: tomoyo_domain_quota_is_ok+0x31a/0x550 security/tomoyo/util.c:1070 tomoyo_supervisor+0x2f2/0xef0 security/tomoyo/common.c:2089 tomoyo_audit_path_log security/tomoyo/file.c:168 [inline] tomoyo_path_permission security/tomoyo/file.c:587 [inline] tomoyo_path_permission+0x27
KASAN: vmalloc-out-of-bounds Read in bpf_trace_run5
Hello, syzbot found the following issue on: HEAD commit:b10b8ad8 Add linux-next specific files for 20200921 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1371eb1d90 kernel config: https://syzkaller.appspot.com/x/.config?x=3cf0782933432b43 dashboard link: https://syzkaller.appspot.com/bug?extid=856297c51366950e115e compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1510d3d990 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1328ecbb90 The issue was bisected to: commit 1e6d690b9334b7e1b31d25fd8d93e980e449a5f9 Author: Song Liu Date: Thu Nov 17 23:24:39 2016 + md/r5cache: caching phase of r5cache bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=109283d990 final oops: https://syzkaller.appspot.com/x/report.txt?x=129283d990 console output: https://syzkaller.appspot.com/x/log.txt?x=149283d990 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+856297c51366950e1...@syzkaller.appspotmail.com Fixes: 1e6d690b9334 ("md/r5cache: caching phase of r5cache") == BUG: KASAN: vmalloc-out-of-bounds in __bpf_trace_run kernel/trace/bpf_trace.c:1937 [inline] BUG: KASAN: vmalloc-out-of-bounds in bpf_trace_run5+0x401/0x410 kernel/trace/bpf_trace.c:1977 Read of size 8 at addr c9e80030 by task rs:main Q:Reg/6567 CPU: 1 PID: 6567 Comm: rs:main Q:Reg Not tainted 5.9.0-rc5-next-20200921-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fb lib/dump_stack.c:118 print_address_description.constprop.0.cold+0x5/0x497 mm/kasan/report.c:385 __kasan_report mm/kasan/report.c:545 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:562 __bpf_trace_run kernel/trace/bpf_trace.c:1937 [inline] bpf_trace_run5+0x401/0x410 kernel/trace/bpf_trace.c:1977 __bpf_trace_ext4_journal_start+0x142/0x180 include/trace/events/ext4.h:1788 __traceiter_ext4_journal_start+0x83/0xd0 include/trace/events/ext4.h:1788 trace_ext4_journal_start include/trace/events/ext4.h:1788 [inline] __ext4_journal_start_sb+0x228/0x440 fs/ext4/ext4_jbd2.c:96 __ext4_journal_start fs/ext4/ext4_jbd2.h:328 [inline] ext4_dirty_inode+0xbc/0x130 fs/ext4/inode.c:5850 __mark_inode_dirty+0x888/0x1190 fs/fs-writeback.c:2260 generic_update_time+0x21c/0x370 fs/inode.c:1764 update_time fs/inode.c:1777 [inline] file_update_time+0x434/0x520 fs/inode.c:1992 file_modified fs/inode.c:2015 [inline] file_modified+0x7d/0xa0 fs/inode.c:2000 ext4_write_checks fs/ext4/file.c:248 [inline] ext4_buffered_write_iter+0xf9/0x4a0 fs/ext4/file.c:264 ext4_file_write_iter+0x1f3/0x13e0 fs/ext4/file.c:660 call_write_iter include/linux/fs.h:1895 [inline] new_sync_write+0x426/0x650 fs/read_write.c:517 vfs_write+0x57d/0x700 fs/read_write.c:595 ksys_write+0x12d/0x250 fs/read_write.c:648 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fed08e3a1cd Code: c2 20 00 00 75 10 b8 01 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae fc ff ff 48 89 04 24 b8 01 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 f7 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 RSP: 002b:7fed063f5590 EFLAGS: 0293 ORIG_RAX: 0001 RAX: ffda RBX: 7fecfc0238a0 RCX: 7fed08e3a1cd RDX: 0dd6 RSI: 7fecfc0238a0 RDI: 0006 RBP: R08: R09: R10: R11: 0293 R12: 7fecfc023620 R13: 7fed063f55b0 R14: 560a2b025360 R15: 0dd6 Memory state around the buggy address: c9e7ff00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 c9e7ff80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >c9e8: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ c9e80080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 c9e80100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 == --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
INFO: rcu detected stall in exit_group
Hello, syzbot found the following issue on: HEAD commit:34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=134173a590 kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9 dashboard link: https://syzkaller.appspot.com/bug?extid=1a14a0f8ce1a06d4415f compiler: gcc (GCC) 10.1.0-syz 20200507 userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10c6642d90 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=132d00fd90 The issue was bisected to: commit 32021982a324dce93b4ae00c06213bf45fb319c8 Author: David Howells Date: Thu Nov 1 23:07:26 2018 + hugetlbfs: Convert to fs_context bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16cc40be90 final oops: https://syzkaller.appspot.com/x/report.txt?x=15cc40be90 console output: https://syzkaller.appspot.com/x/log.txt?x=11cc40be90 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+1a14a0f8ce1a06d44...@syzkaller.appspotmail.com Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu:Tasks blocked on level-0 rcu_node (CPUs 0-1): [ cut here ] WARNING: CPU: 0 PID: 3551 at kernel/sched/core.c:3013 rq_unlock kernel/sched/sched.h:1326 [inline] WARNING: CPU: 0 PID: 3551 at kernel/sched/core.c:3013 try_invoke_on_locked_down_task+0x214/0x2c0 kernel/sched/core.c:3019 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 3551 Comm: syz-executor649 Not tainted 5.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 panic+0x347/0x7c0 kernel/panic.c:231 __warn.cold+0x20/0x46 kernel/panic.c:600 report_bug+0x1bd/0x210 lib/bug.c:198 handle_bug+0x38/0x90 arch/x86/kernel/traps.c:234 exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:254 asm_exc_invalid_op+0x12/0x20 arch/x86/include/asm/idtentry.h:536 RIP: 0010:try_invoke_on_locked_down_task+0x214/0x2c0 kernel/sched/core.c:3013 Code: 45 31 f6 49 39 c0 74 3a 8b 74 24 38 49 8d 78 18 4c 89 04 24 e8 ad 9a 08 00 4c 8b 04 24 4c 89 c7 e8 01 40 a6 06 e9 29 ff ff ff <0f> 0b e9 86 fe ff ff 4c 89 ee 48 89 ef 41 ff d4 41 89 c6 e9 11 ff RSP: 0018:c9007bd8 EFLAGS: 00010046 RAX: RBX: 19200f7d RCX: 0001 RDX: RSI: 81612ed0 RDI: 888099502240 RBP: 888099502240 R08: 0033 R09: 89bcb4a3 R10: 05a2 R11: 0001 R12: 81612ed0 R13: c9007d00 R14: 8880995025c0 R15: 8880ae636c00 rcu_print_task_stall kernel/rcu/tree_stall.h:267 [inline] print_other_cpu_stall kernel/rcu/tree_stall.h:475 [inline] check_cpu_stall kernel/rcu/tree_stall.h:634 [inline] rcu_pending kernel/rcu/tree.c:3637 [inline] rcu_sched_clock_irq.cold+0x92e/0xccd kernel/rcu/tree.c:2519 update_process_times+0x25/0xa0 kernel/time/timer.c:1710 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:176 tick_sched_timer+0x1d1/0x2a0 kernel/time/tick-sched.c:1328 __run_hrtimer kernel/time/hrtimer.c:1524 [inline] __hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1588 hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1650 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0xb2/0xf0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:581 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:770 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x4d/0x90 kernel/locking/spinlock.c:191 Code: 48 c7 c0 48 3c b6 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 3c 48 83 3d 62 07 bf 01 00 74 29 48 89 df 57 9d <0f> 1f 44 00 00 bf 01 00 00 00 e8 44 80 58 f9 65 8b 05 7d c9 0a 78 RSP: 0018:c9000c997a20 EFLAGS: 0282 RAX: 1136c789 RBX: 0282 RCX: 115645e9 RDX: dc00 RSI: 0001 RDI: 0282 RBP: 8cb5e0e0 R08: 0001 R09: 0001 R10: R11: R12: 0017 R13: 0017 R14: dead0100 R15: dc00 __debug_check_no_obj_freed lib/debugobjects.c:977 [inline] debug_check_no_obj_freed+0x20c/0x41c lib/debugobjects.c:998 free_pages_prepare mm/page_alloc.c:1214 [inline] __free_pages_ok+0x240/0xcd0 mm/page_alloc.c:147
general protection fault in batadv_iv_ogm_schedule (2)
Hello, syzbot found the following issue on: HEAD commit:34d4ddd3 Merge tag 'linux-kselftest-5.9-rc5' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13db7cdd90 kernel config: https://syzkaller.appspot.com/x/.config?x=8f5c353182ed6199 dashboard link: https://syzkaller.appspot.com/bug?extid=870c4745cc7a955e17e2 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+870c4745cc7a955e1...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc0e: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0070-0x0077] CPU: 1 PID: 6396 Comm: kworker/u4:8 Not tainted 5.9.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:843 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x925/0xf40 net/batman-adv/bat_iv_ogm.c:869 Code: 00 48 c1 e8 03 48 89 44 24 28 48 c7 c5 48 e7 3a 8c 0f 1f 40 00 49 8d 5f 70 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 7d e0 a9 f9 48 8b 1b 48 b8 00 00 00 RSP: 0018:c90019cd7b88 EFLAGS: 00010202 RAX: 000e RBX: 0070 RCX: dc00 RDX: RSI: 0007 RDI: RBP: 8c3ae748 R08: 880ae416 R09: ed10152b4c06 R10: ed10152b4c06 R11: R12: 0007 R13: 8880a95a6028 R14: 8880a7f17870 R15: FS: () GS:8880ae90() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 931c4000 CR4: 001526e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_send_outstanding_bat_ogm_packet+0x68c/0x7c0 net/batman-adv/bat_iv_ogm.c:1723 process_one_work+0x789/0xfc0 kernel/workqueue.c:2269 worker_thread+0xaa4/0x1460 kernel/workqueue.c:2415 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Modules linked in: ---[ end trace 3bb6c6ec8627e29b ]--- RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:843 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x925/0xf40 net/batman-adv/bat_iv_ogm.c:869 Code: 00 48 c1 e8 03 48 89 44 24 28 48 c7 c5 48 e7 3a 8c 0f 1f 40 00 49 8d 5f 70 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 7d e0 a9 f9 48 8b 1b 48 b8 00 00 00 RSP: 0018:c90019cd7b88 EFLAGS: 00010202 RAX: 000e RBX: 0070 RCX: dc00 RDX: RSI: 0007 RDI: RBP: 8c3ae748 R08: 880ae416 R09: ed10152b4c06 R10: ed10152b4c06 R11: R12: 0007 R13: 8880a95a6028 R14: 8880a7f17870 R15: FS: () GS:8880ae90() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: CR3: 931c4000 CR4: 001526e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: INFO: task hung in tls_sk_proto_close
syzbot has bisected this issue to: commit 02d21b59d5cc4b4b395bbc2a29319b8a529ebeff Author: Ido Schimmel Date: Wed Jan 23 14:32:59 2019 + mlxsw: spectrum_nve: Enable VXLAN on Spectrum-2 bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14e89b0590 start commit: 5438dd45 net_sched: fix error path in red_init() git tree: net final oops: https://syzkaller.appspot.com/x/report.txt?x=16e89b0590 console output: https://syzkaller.appspot.com/x/log.txt?x=12e89b0590 kernel config: https://syzkaller.appspot.com/x/.config?x=a0437fdd630bee11 dashboard link: https://syzkaller.appspot.com/bug?extid=ca1345cca66556f3d79b syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14acdfe590 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1792598e90 Reported-by: syzbot+ca1345cca66556f3d...@syzkaller.appspotmail.com Fixes: 02d21b59d5cc ("mlxsw: spectrum_nve: Enable VXLAN on Spectrum-2") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
general protection fault in nexthop_is_blackhole
Hello, syzbot found the following issue on: HEAD commit:c3d8f220 Merge tag 'kbuild-fixes-v5.9' of git://git.kernel.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11c48c9690 kernel config: https://syzkaller.appspot.com/x/.config?x=bb68b9e8a8cc842f dashboard link: https://syzkaller.appspot.com/bug?extid=b2c08a2f5cfef635cc3a compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d75e3990 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12aea51990 The issue was bisected to: commit de47c5d8e11dda678e4354eeb4235e58e92f7cd2 Author: Hariprasad Kelam Date: Sat Jun 8 09:00:50 2019 + af_key: make use of BUG_ON macro bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1045097290 final oops: https://syzkaller.appspot.com/x/report.txt?x=1245097290 console output: https://syzkaller.appspot.com/x/log.txt?x=1445097290 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+b2c08a2f5cfef635c...@syzkaller.appspotmail.com Fixes: de47c5d8e11d ("af_key: make use of BUG_ON macro") IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route general protection fault, probably for non-canonical address 0xdc10: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0080-0x0087] CPU: 0 PID: 7050 Comm: syz-executor320 Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:nexthop_is_blackhole+0x145/0x250 include/net/nexthop.h:240 Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02 RSP: 0018:c900061172b8 EFLAGS: 00010202 RAX: 0010 RBX: 0080 RCX: 888091444300 RDX: RSI: RDI: 0001 RBP: 0001 R08: 8727dfc7 R09: ed1012299e09 R10: ed1012299e09 R11: R12: dc00 R13: 8880919da280 R14: 8880a9576610 R15: dc00 FS: 01a89880() GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2300 CR3: a7555000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: rt6_fill_node+0xfe9/0x1f90 net/ipv6/route.c:5584 inet6_rt_notify+0x2ab/0x500 net/ipv6/route.c:6017 fib6_add_rt2node net/ipv6/ip6_fib.c:1246 [inline] fib6_add+0x203b/0x3bd0 net/ipv6/ip6_fib.c:1473 __ip6_ins_rt net/ipv6/route.c:1317 [inline] ip6_route_add+0x84/0x120 net/ipv6/route.c:3744 inet6_rtm_newroute+0x22f/0x2150 net/ipv6/route.c:5360 rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1330 netlink_sendmsg+0xa57/0xd70 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg net/socket.c:671 [inline] sys_sendmsg+0x519/0x800 net/socket.c:2353 ___sys_sendmsg net/socket.c:2407 [inline] __sys_sendmsg+0x2b1/0x360 net/socket.c:2440 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x443ef9 Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7ffd64ccd428 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0003 RCX: 00443ef9 RDX: RSI: 2300 RDI: 0003 RBP: 7ffd64ccd430 R08: R09: R10: R11: 0246 R12: b6f1 R13: R14: R15: Modules linked in: ---[ end trace e62dc7d3de715e59 ]--- RIP: 0010:nexthop_is_blackhole+0x145/0x250 include/net/nexthop.h:240 Code: 4d fa 49 83 c6 10 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 39 f0 8c fa 49 8b 1e 48 83 eb 80 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 1c f0 8c fa 48 8b 1b e8 e4 4e 02 RSP: 0018:c900061172b8 EFLAGS: 00010202 RAX: 0010 RBX: 0080 RCX: 888091444300 RDX: RSI: RDI: 0001 RBP: 0001 R08: 8727dfc7 R09: ed1012299e09 R10: ed1012299e09 R11: R12: dc
general protection fault in rt6_fill_node
Hello, syzbot found the following issue on: HEAD commit:d7223aa5 Merge branch 'l2tp-replace-custom-logging-code-wi.. git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=1399802e90 kernel config: https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652 dashboard link: https://syzkaller.appspot.com/bug?extid=81af6e9b3c4b8bc874f8 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12949b5a90 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17b60e4690 The issue was bisected to: commit 867d03bc238f62fcd28f287b9da8af5e483baeab Author: Robert Hancock Date: Thu Jun 6 22:28:14 2019 + net: axienet: Add DMA registers to ethtool register dump bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1523f26690 final oops: https://syzkaller.appspot.com/x/report.txt?x=1723f26690 console output: https://syzkaller.appspot.com/x/log.txt?x=1323f26690 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+81af6e9b3c4b8bc87...@syzkaller.appspotmail.com Fixes: 867d03bc238f ("net: axienet: Add DMA registers to ethtool register dump") IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE IPv6: NLM_F_CREATE should be set when creating new route IPv6: NLM_F_CREATE should be set when creating new route general protection fault, probably for non-canonical address 0xdc10: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0080-0x0087] CPU: 1 PID: 7050 Comm: syz-executor648 Not tainted 5.9.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:nexthop_is_blackhole include/net/nexthop.h:240 [inline] RIP: 0010:rt6_fill_node+0x1396/0x2940 net/ipv6/route.c:5584 Code: 3c 02 00 0f 85 ef 14 00 00 4d 8b 6d 10 e8 f2 1c 87 fa 49 8d bd 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 10 15 00 00 4d 8b ad 80 00 00 00 e8 34 4b 06 01 RSP: 0018:c900063672b0 EFLAGS: 00010202 RAX: dc00 RBX: 8880a88bd800 RCX: 86ed2456 RDX: 0010 RSI: 86ed248e RDI: 0080 RBP: c900063673e8 R08: 0001 R09: 8880a88bd847 R10: 0001 R11: R12: 8880a8ded940 R13: R14: 8880a899ea00 R15: FS: 010e3880() GS:8880ae70() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2300 CR3: a8efa000 CR4: 001506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: inet6_rt_notify+0x14c/0x2b0 net/ipv6/route.c:6017 fib6_add_rt2node net/ipv6/ip6_fib.c:1246 [inline] fib6_add+0x2840/0x3ed0 net/ipv6/ip6_fib.c:1473 __ip6_ins_rt net/ipv6/route.c:1317 [inline] ip6_route_add+0x8b/0x150 net/ipv6/route.c:3744 inet6_rtm_newroute+0x152/0x160 net/ipv6/route.c:5360 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5563 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2470 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:671 sys_sendmsg+0x6e8/0x810 net/socket.c:2353 ___sys_sendmsg+0xf3/0x170 net/socket.c:2407 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2440 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x443ef9 Code: e8 8c 07 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7fff25138308 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 0003 RCX: 00443ef9 RDX: RSI: 2300 RDI: 0003 RBP: 7fff25138310 R08: R09: R10: R11: 0246 R12: e25f R13: R14: R15: Modules linked in: ---[ end trace 46e9e8854602a8a3 ]--- RIP: 0010:nexthop_is_blackhole include/net/nexthop.h:240 [inline] RIP: 0010:rt6_fill_node+0x1396/0x2940 net/ipv6/route.c:5584 Code: 3c 02 00 0f 85 ef 14 00 00 4d 8b 6d 10 e8 f2 1c 87 fa 49 8d bd 80 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 10 15 00 00 4d 8b ad 80 00 00 00 e8 34 4b 06 01 RSP: 0018:c900063672b0 EFLAGS: 00010202 RAX: dc00 RBX: 8880a88bd800 RCX: 86ed2456 RDX: 0010 RSI: 86ed248e RDI: 0080 RBP: c900063673e8 R08: 0001 R09: 8880a88bd847 R10: 00
inconsistent lock state in sco_sock_timeout
Hello, syzbot found the following issue on: HEAD commit:2cc3c4b3 Merge tag 'io_uring-5.9-2020-08-15' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10cf6aa690 kernel config: https://syzkaller.appspot.com/x/.config?x=19f02fc5c511a391 dashboard link: https://syzkaller.appspot.com/bug?extid=2f6d7c28bb4bf7e82060 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1307149190 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ec5be290 The issue was bisected to: commit 331c56ac73846fa267c04ee6aa9a00bb5fed9440 Author: Heiner Kallweit Date: Mon Aug 12 21:51:27 2019 + net: phy: add phy_speed_down_core and phy_resolve_min_speed bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1623bea690 final oops: https://syzkaller.appspot.com/x/report.txt?x=1523bea690 console output: https://syzkaller.appspot.com/x/log.txt?x=1123bea690 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2f6d7c28bb4bf7e82...@syzkaller.appspotmail.com Fixes: 331c56ac7384 ("net: phy: add phy_speed_down_core and phy_resolve_min_speed") WARNING: inconsistent lock state 5.8.0-syzkaller #0 Not tainted inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. swapper/1/0 [HC0[0]:SC1[1]:HE1:SE0] takes: 888088b810a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline] 888088b810a0 (slock-AF_BLUETOOTH-BTPROTO_SCO){+.?.}-{2:2}, at: sco_sock_timeout+0x2b/0x280 net/bluetooth/sco.c:83 {SOFTIRQ-ON-W} state was registered at: lock_acquire+0x160/0x730 kernel/locking/lockdep.c:5005 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sco_conn_del+0x100/0x710 net/bluetooth/sco.c:176 hci_disconn_cfm include/net/bluetooth/hci_core.h:1438 [inline] hci_conn_hash_flush+0x127/0x200 net/bluetooth/hci_conn.c:1557 hci_dev_do_close+0xb7b/0x1040 net/bluetooth/hci_core.c:1770 hci_unregister_dev+0x185/0x1590 net/bluetooth/hci_core.c:3790 vhci_release+0x73/0xc0 drivers/bluetooth/hci_vhci.c:340 __fput+0x34f/0x7b0 fs/file_table.c:281 task_work_run+0x137/0x1c0 kernel/task_work.c:141 exit_task_work include/linux/task_work.h:25 [inline] do_exit+0x5f3/0x1f20 kernel/exit.c:806 do_group_exit+0x161/0x2d0 kernel/exit.c:903 get_signal+0x13bb/0x1d50 kernel/signal.c:2757 arch_do_signal+0x33/0x610 arch/x86/kernel/signal.c:811 exit_to_user_mode_loop kernel/entry/common.c:135 [inline] exit_to_user_mode_prepare+0x8d/0x1b0 kernel/entry/common.c:166 syscall_exit_to_user_mode+0x5e/0x1a0 kernel/entry/common.c:241 entry_SYSCALL_64_after_hwframe+0x44/0xa9 irq event stamp: 1760434 hardirqs last enabled at (1760434): [] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:168 [inline] hardirqs last enabled at (1760434): [] _raw_spin_unlock_irq+0x1f/0x80 kernel/locking/spinlock.c:199 hardirqs last disabled at (1760433): [] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline] hardirqs last disabled at (1760433): [] _raw_spin_lock_irq+0x41/0x80 kernel/locking/spinlock.c:167 softirqs last enabled at (1760422): [] sysvec_apic_timer_interrupt+0x14/0xf0 arch/x86/kernel/apic/apic.c:1091 softirqs last disabled at (1760423): [] asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 other info that might help us debug this: Possible unsafe locking scenario: CPU0 lock(slock-AF_BLUETOOTH-BTPROTO_SCO); lock(slock-AF_BLUETOOTH-BTPROTO_SCO); *** DEADLOCK *** 1 lock held by swapper/1/0: #0: c9da8dc0 ((>sk_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:45 [inline] #0: c9da8dc0 ((>sk_timer)){+.-.}-{0:0}, at: call_timer_fn+0x57/0x160 kernel/time/timer.c:1403 stack backtrace: CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.8.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1f0/0x31e lib/dump_stack.c:118 print_usage_bug+0x1117/0x11d0 kernel/locking/lockdep.c:3350 mark_lock_irq arch/x86/include/asm/paravirt.h:661 [inline] mark_lock+0x10e2/0x1b00 kernel/locking/lockdep.c:4006 mark_usage kernel/locking/lockdep.c:3905 [inline] __lock_acquire+0xa99/0x2ab0 kernel/locking/lockdep.c:4380 lock_acquire+0x160/0x730 kernel/locking/lockdep.c:5005 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151 spin_lock include/linux/spinlock.h:354 [inline] sco_sock_timeout+0x2b/0x280 net/bluetooth/sco.c:83 call_timer_fn+0x91/0x160 kernel/time/timer.c:1413 expire_timers kerne
Re: KMSAN: uninit-value in batadv_hard_if_event (2)
syzbot has found a reproducer for the following issue on: HEAD commit:ce8056d1 wip: changed copy_from_user where instrumented git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=1015b61690 kernel config: https://syzkaller.appspot.com/x/.config?x=3afe005fb99591f dashboard link: https://syzkaller.appspot.com/bug?extid=abbc768b560c84d92fd3 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17837fba90 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1218cc1690 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com usb 1-1: new high-speed USB device number 2 using dummy_hcd usb 1-1: New USB device found, idVendor=07b8, idProduct=401a, bcdDevice=3d.3d usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 usb 1-1: config 0 descriptor?? = BUG: KMSAN: uninit-value in batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] BUG: KMSAN: uninit-value in batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] BUG: KMSAN: uninit-value in batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 CPU: 1 PID: 29 Comm: kworker/1:1 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 notifier_call_chain kernel/notifier.c:83 [inline] __raw_notifier_call_chain kernel/notifier.c:361 [inline] raw_notifier_call_chain+0x123/0x290 kernel/notifier.c:368 call_netdevice_notifiers_info net/core/dev.c:2027 [inline] call_netdevice_notifiers_extack net/core/dev.c:2039 [inline] call_netdevice_notifiers net/core/dev.c:2053 [inline] register_netdevice+0x3120/0x37d0 net/core/dev.c:9545 register_netdev+0xbe/0x100 net/core/dev.c:9645 rtl8150_probe+0x12d9/0x15b0 drivers/net/usb/rtl8150.c:916 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5208 [inline] hub_port_connect_change drivers/usb/core/hub.c:5348 [inline] port_event drivers/usb/core/hub.c:5494 [inline] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 set_ethernet_addr drivers/net/usb/rtl8150.c:282 [inline] rtl8150_probe+0x1236/0x15b0 drivers/net/usb/rtl8150.c:912 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers
KMSAN: uninit-value in batadv_hard_if_event (2)
Hello, syzbot found the following issue on: HEAD commit:ce8056d1 wip: changed copy_from_user where instrumented git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=106e4c3c90 kernel config: https://syzkaller.appspot.com/x/.config?x=3afe005fb99591f dashboard link: https://syzkaller.appspot.com/bug?extid=abbc768b560c84d92fd3 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+abbc768b560c84d92...@syzkaller.appspotmail.com usb 1-1: config 0 descriptor?? = BUG: KMSAN: uninit-value in batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] BUG: KMSAN: uninit-value in batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] BUG: KMSAN: uninit-value in batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 CPU: 0 PID: 8697 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_check_known_mac_addr net/batman-adv/hard-interface.c:512 [inline] batadv_hardif_add_interface net/batman-adv/hard-interface.c:944 [inline] batadv_hard_if_event+0x28d7/0x3bd0 net/batman-adv/hard-interface.c:1034 notifier_call_chain kernel/notifier.c:83 [inline] __raw_notifier_call_chain kernel/notifier.c:361 [inline] raw_notifier_call_chain+0x123/0x290 kernel/notifier.c:368 call_netdevice_notifiers_info net/core/dev.c:2027 [inline] call_netdevice_notifiers_extack net/core/dev.c:2039 [inline] call_netdevice_notifiers net/core/dev.c:2053 [inline] register_netdevice+0x3120/0x37d0 net/core/dev.c:9545 register_netdev+0xbe/0x100 net/core/dev.c:9645 rtl8150_probe+0x12d9/0x15b0 drivers/net/usb/rtl8150.c:916 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554 hub_port_connect drivers/usb/core/hub.c:5208 [inline] hub_port_connect_change drivers/usb/core/hub.c:5348 [inline] port_event drivers/usb/core/hub.c:5494 [inline] hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 set_ethernet_addr drivers/net/usb/rtl8150.c:282 [inline] rtl8150_probe+0x1236/0x15b0 drivers/net/usb/rtl8150.c:912 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 really_probe
Re: general protection fault in hci_phy_link_complete_evt
syzbot has bisected this issue to: commit b59abfbed638037f3b51eeb73266892cd2df177f Author: Johannes Berg Date: Thu Sep 15 13:30:03 2016 + mac80211_hwsim: statically initialize hwsim_radios list bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15dd5f9890 start commit: c0842fbc random32: move the pseudo-random 32-bit definitio.. git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=17dd5f9890 console output: https://syzkaller.appspot.com/x/log.txt?x=13dd5f9890 kernel config: https://syzkaller.appspot.com/x/.config?x=cf567e8c7428377e dashboard link: https://syzkaller.appspot.com/bug?extid=18e38290a2a263b31aa0 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e4e09490 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1143e7ca90 Reported-by: syzbot+18e38290a2a263b31...@syzkaller.appspotmail.com Fixes: b59abfbed638 ("mac80211_hwsim: statically initialize hwsim_radios list") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in hci_event_packet
syzbot has bisected this issue to: commit 941992d2944789641470626e9336d663236b1d28 Author: Javier Martinez Canillas Date: Mon Sep 12 14:03:34 2016 + ethernet: amd: use IS_ENABLED() instead of checking for built-in or module bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=155180c290 start commit: bcf87687 Linux 5.8 git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=175180c290 console output: https://syzkaller.appspot.com/x/log.txt?x=135180c290 kernel config: https://syzkaller.appspot.com/x/.config?x=4b489d75d0c8859d dashboard link: https://syzkaller.appspot.com/bug?extid=0bef568258653cff272f syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1043af0490 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ca1dea90 Reported-by: syzbot+0bef568258653cff2...@syzkaller.appspotmail.com Fixes: 941992d29447 ("ethernet: amd: use IS_ENABLED() instead of checking for built-in or module") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in hci_send_acl
syzbot has bisected this issue to: commit 4ffcd582301bd020b1f9d00c55473af305ec19b5 Author: Michael Chan Date: Mon Sep 19 07:58:07 2016 + bnxt_en: Pad TX packets below 52 bytes. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=167b0f0490 start commit: ac3a0c84 Merge git://git.kernel.org/pub/scm/linux/kernel/g.. git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=157b0f0490 console output: https://syzkaller.appspot.com/x/log.txt?x=117b0f0490 kernel config: https://syzkaller.appspot.com/x/.config?x=c0cfcf935bcc94d2 dashboard link: https://syzkaller.appspot.com/bug?extid=98228e7407314d2d4ba2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=152f190490 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1482dfca90 Reported-by: syzbot+98228e7407314d2d4...@syzkaller.appspotmail.com Fixes: 4ffcd582301b ("bnxt_en: Pad TX packets below 52 bytes.") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: INFO: rcu detected stall in netlink_sendmsg (4)
syzbot has bisected this issue to: commit 5a781ccbd19e4664babcbe4b4ead7aa2b9283d22 Author: Vinicius Costa Gomes Date: Sat Sep 29 00:59:43 2018 + tc: Add support for configuring the taprio scheduler bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16d46e1b10 start commit: 7cc2a8ea Merge tag 'block-5.8-2020-07-01' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11d46e1b10 kernel config: https://syzkaller.appspot.com/x/.config?x=7be693511b29b338 dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1023588f10 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1647a88f10 Reported-by: syzbot+0fb70e87d8e0ac278...@syzkaller.appspotmail.com Fixes: 5a781ccbd19e ("tc: Add support for configuring the taprio scheduler") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
INFO: rcu detected stall in seq_read (2)
Hello, syzbot found the following issue on: HEAD commit:4fa640dc Merge tag 'vfio-v5.8-rc7' of git://github.com/awi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=145cac3090 kernel config: https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267 dashboard link: https://syzkaller.appspot.com/bug?extid=c28b5fee66fd3b7f766e compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17e23ac890 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1198c44090 The issue was bisected to: commit 53e233ea2fa9fa7e2405e95070981f327d90e519 Author: Vasundhara Volam Date: Thu Oct 4 05:43:52 2018 + devlink: Add Documentation/networking/devlink-params-bnxt.txt bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15e22b9490 final oops: https://syzkaller.appspot.com/x/report.txt?x=17e22b9490 console output: https://syzkaller.appspot.com/x/log.txt?x=13e22b9490 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c28b5fee66fd3b7f7...@syzkaller.appspotmail.com Fixes: 53e233ea2fa9 ("devlink: Add Documentation/networking/devlink-params-bnxt.txt") hrtimer: interrupt took 6305559 ns rcu: INFO: rcu_preempt self-detected stall on CPU rcu:1-...!: (1 GPs behind) idle=91e/1/0x4000 softirq=10105/10107 fqs=1 (t=18319 jiffies g=8905 q=457) NMI backtrace for cpu 1 CPU: 1 PID: 4008 Comm: systemd-journal Not tainted 5.8.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x18f/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x1b3/0x223 lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x194/0x1cf kernel/rcu/tree_stall.h:320 print_cpu_stall kernel/rcu/tree_stall.h:553 [inline] check_cpu_stall kernel/rcu/tree_stall.h:627 [inline] rcu_pending kernel/rcu/tree.c:3489 [inline] rcu_sched_clock_irq.cold+0x5b3/0xccc kernel/rcu/tree.c:2504 update_process_times+0x25/0x60 kernel/time/timer.c:1737 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:176 tick_sched_timer+0x108/0x290 kernel/time/tick-sched.c:1320 __run_hrtimer kernel/time/hrtimer.c:1520 [inline] __hrtimer_run_queues+0x1d5/0xfc0 kernel/time/hrtimer.c:1584 hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0xe0/0x120 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:585 RIP: 0010:format_decode+0x0/0xad0 lib/vsprintf.c:2329 Code: c7 c7 10 05 af 8a be 10 00 00 00 e8 5a c3 46 00 48 c7 c7 20 78 0d 8a e9 6e f2 e2 fd 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 <41> 57 41 56 41 55 41 54 55 48 89 f5 53 48 bb 00 00 00 00 00 fc ff RSP: 0018:c90001077a10 EFLAGS: 0293 RAX: RBX: dc00 RCX: 83b0a497 RDX: 888093224040 RSI: c90001077a80 RDI: 884e6293 RBP: 884e6293 R08: 0001 R09: 8880952a63d1 R10: R11: R12: 8880952a63d2 R13: 884e6293 R14: 0025 R15: c90001077b30 vsnprintf+0x155/0x14f0 lib/vsprintf.c:2572 seq_vprintf fs/seq_file.c:379 [inline] seq_printf+0x195/0x240 fs/seq_file.c:394 proc_pid_status+0x1c6d/0x24b0 fs/proc/array.c:424 proc_single_show+0x116/0x1e0 fs/proc/base.c:766 seq_read+0x432/0x1070 fs/seq_file.c:208 vfs_read+0x1df/0x520 fs/read_write.c:479 ksys_read+0x12d/0x250 fs/read_write.c:607 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f0fc43d9910 Code: Bad RIP value. RSP: 002b:7ffdcb193978 EFLAGS: 0246 ORIG_RAX: RAX: ffda RBX: 55b1476b96f0 RCX: 7f0fc43d9910 RDX: 0800 RSI: 55b1476b8b00 RDI: 0013 RBP: 7f0fc4694440 R08: 7f0fc4697fc8 R09: 0410 R10: 55b1476b96f0 R11: 0246 R12: 0800 R13: 0d68 R14: 55b1476b8b00 R15: 7f0fc4693900 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for de
KMSAN: uninit-value in batadv_tt_hash_find
Hello, syzbot found the following crash on: HEAD commit:f0d5ec90 kmsan: apply __no_sanitize_memory to dotraplinkag.. git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=10c0883b10 kernel config: https://syzkaller.appspot.com/x/.config?x=86e4f8af239686c6 dashboard link: https://syzkaller.appspot.com/bug?extid=ab16e463b903f5a37036 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) userspace arch: i386 Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+ab16e463b903f5a37...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in __read_once_size include/linux/compiler.h:206 [inline] BUG: KMSAN: uninit-value in batadv_tt_hash_find+0x38a/0x810 net/batman-adv/translation-table.c:144 CPU: 0 PID: 23320 Comm: syz-executor.5 Not tainted 5.7.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 __read_once_size include/linux/compiler.h:206 [inline] batadv_tt_hash_find+0x38a/0x810 net/batman-adv/translation-table.c:144 batadv_tt_global_hash_find net/batman-adv/translation-table.c:203 [inline] batadv_transtable_search+0x292/0xa00 net/batman-adv/translation-table.c:2618 batadv_send_skb_via_tt_generic+0x181/0x290 net/batman-adv/send.c:423 batadv_send_skb_via_tt net/batman-adv/send.h:82 [inline] batadv_interface_tx+0x1b3d/0x2450 net/batman-adv/soft-interface.c:378 __netdev_start_xmit include/linux/netdevice.h:4533 [inline] netdev_start_xmit include/linux/netdevice.h:4547 [inline] xmit_one net/core/dev.c:3477 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3493 __dev_queue_xmit+0x2f8d/0x3b20 net/core/dev.c:4052 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4085 neigh_hh_output include/net/neighbour.h:499 [inline] neigh_output include/net/neighbour.h:508 [inline] ip_finish_output2+0x20fd/0x2610 net/ipv4/ip_output.c:228 ip_do_fragment+0x2c98/0x3570 net/ipv4/ip_output.c:849 ip_fragment+0x242/0x400 net/ipv4/ip_output.c:585 __ip_finish_output+0xd34/0xd80 net/ipv4/ip_output.c:304 ip_finish_output+0x166/0x410 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip_mc_output+0xfbf/0x1090 net/ipv4/ip_output.c:415 dst_output include/net/dst.h:435 [inline] ip_local_out net/ipv4/ip_output.c:125 [inline] ip_send_skb+0x179/0x360 net/ipv4/ip_output.c:1560 udp_send_skb+0x1046/0x18b0 net/ipv4/udp.c:891 udp_sendmsg+0x3bb5/0x4100 net/ipv4/udp.c:1178 inet_sendmsg+0x276/0x2e0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg net/socket.c:672 [inline] sys_sendmsg+0x1056/0x1350 net/socket.c:2362 ___sys_sendmsg net/socket.c:2416 [inline] __sys_sendmmsg+0x863/0xd60 net/socket.c:2499 __compat_sys_sendmmsg net/compat.c:672 [inline] __do_compat_sys_sendmmsg net/compat.c:679 [inline] __se_compat_sys_sendmmsg+0xcd/0xf0 net/compat.c:676 __ia32_compat_sys_sendmmsg+0x56/0x70 net/compat.c:676 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline] do_fast_syscall_32+0x3bf/0x6d0 arch/x86/entry/common.c:398 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7f3add9 Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:f5d140cc EFLAGS: 0296 ORIG_RAX: 0159 RAX: ffda RBX: 0003 RCX: 20007f80 RDX: 0001 RSI: RDI: RBP: R08: R09: R10: R11: R12: R13: R14: R15: Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 __msan_chain_origin+0x50/0x90 mm/kmsan/kmsan_instr.c:165 ether_addr_copy include/linux/etherdevice.h:279 [inline] batadv_tt_hash_find+0x333/0x810 net/batman-adv/translation-table.c:137 batadv_tt_global_hash_find net/batman-adv/translation-table.c:203 [inline] batadv_transtable_search+0x292/0xa00 net/batman-adv/translation-table.c:2618 batadv_send_skb_via_tt_generic+0x181/0x290 net/batman-adv/send.c:423 batadv_send_skb_via_tt net/batman-adv/send.h:82 [inline] batadv_interface_tx+0x1b3d/0x2450 net/batman-adv/soft-interface.c:378 __netdev_start_xmit include/linux/netdevice.h:4533 [inline] netdev_start_xmit include/linux/netdevice.h:4547 [inline] xm
general protection fault in batadv_hardif_get_by_netdev
Hello, syzbot found the following crash on: HEAD commit:0aea6d5c Merge tag 'for-linus-5.8b-rc5-tag' of git://git.k.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1596004f10 kernel config: https://syzkaller.appspot.com/x/.config?x=66ad203c2bb6d8b dashboard link: https://syzkaller.appspot.com/bug?extid=4a2d01c2df834fe6e86d compiler: gcc (GCC) 10.1.0-syz 20200507 userspace arch: i386 Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+4a2d01c2df834fe6e...@syzkaller.appspotmail.com netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. general protection fault, probably for non-canonical address 0xdc03: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0018-0x001f] CPU: 1 PID: 11316 Comm: syz-executor.4 Not tainted 5.8.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:batadv_hardif_get_by_netdev+0x14c/0x400 net/batman-adv/hard-interface.c:72 Code: 18 00 0f 85 92 02 00 00 4d 8b 24 24 49 81 fc e0 29 4f 8d 0f 84 b4 01 00 00 e8 00 01 ab f9 49 8d 7c 24 18 48 89 f8 48 c1 e8 03 <80> 3c 18 00 0f 85 73 02 00 00 4d 39 6c 24 18 75 b7 e8 de 00 ab f9 RSP: 0018:c900171aeca8 EFLAGS: 00010206 RAX: 0003 RBX: dc00 RCX: c90011a8c000 RDX: 0004 RSI: 87c8b900 RDI: 0018 RBP: 88802afd4000 R08: R09: 8c593a27 R10: R11: R12: R13: 88802afd4000 R14: R15: 8aa441c0 FS: () GS:8880ae70(0063) knlGS:f5d6db40 CS: 0010 DS: 002b ES: 002b CR0: 80050033 CR2: 55feecf1dcd8 CR3: 27b29000 CR4: 001426e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_hard_if_event+0x62/0x12f0 net/batman-adv/hard-interface.c:1031 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2027 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline] call_netdevice_notifiers net/core/dev.c:2053 [inline] register_netdevice+0xa52/0x1540 net/core/dev.c:9509 veth_newlink+0x405/0xa00 drivers/net/veth.c:1366 __rtnl_newlink+0x1090/0x1730 net/core/rtnetlink.c:3339 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3397 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5460 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2469 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 sys_sendmsg+0x6e8/0x810 net/socket.c:2352 ___sys_sendmsg+0xf3/0x170 net/socket.c:2406 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 do_syscall_32_irqs_on+0x3f/0x60 arch/x86/entry/common.c:428 __do_fast_syscall_32 arch/x86/entry/common.c:475 [inline] do_fast_syscall_32+0x7f/0x120 arch/x86/entry/common.c:503 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7f72569 Code: Bad RIP value. RSP: 002b:f5d6d0cc EFLAGS: 0296 ORIG_RAX: 0172 RAX: ffda RBX: 0007 RCX: 2040 RDX: RSI: RDI: RBP: R08: R09: R10: R11: R12: R13: R14: R15: Modules linked in: --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
general protection fault in batadv_iv_ogm_schedule_buff (2)
Hello, syzbot found the following crash on: HEAD commit:7cc2a8ea Merge tag 'block-5.8-2020-07-01' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=130b828f10 kernel config: https://syzkaller.appspot.com/x/.config?x=7be693511b29b338 dashboard link: https://syzkaller.appspot.com/bug?extid=2eeeb5ad0766b57394d8 compiler: gcc (GCC) 10.1.0-syz 20200507 Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+2eeeb5ad0766b5739...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc0e: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0070-0x0077] CPU: 1 PID: 9126 Comm: kworker/u4:9 Not tainted 5.8.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff+0xd1e/0x1410 net/batman-adv/bat_iv_ogm.c:843 Code: 80 3c 28 00 0f 85 ee 05 00 00 4d 8b 3f 49 81 ff e0 e9 4e 8d 0f 84 dd 02 00 00 e8 bd 80 ae f9 49 8d 7f 70 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 af 06 00 00 48 8b 44 24 08 49 8b 6f 70 80 38 RSP: 0018:c90004e97b98 EFLAGS: 00010202 RAX: 000e RBX: 8880a7471800 RCX: 87c5394d RDX: 88804cf02380 RSI: 87c536a3 RDI: 0070 RBP: 00077000 R08: 0001 R09: 8880a875a02b R10: R11: R12: 0007 R13: dc00 R14: 888051ad4c40 R15: FS: () GS:8880ae70() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 00400200 CR3: 61cac000 CR4: 001426e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:869 [inline] batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:862 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x5c8/0x800 net/batman-adv/bat_iv_ogm.c:1722 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:291 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293 Modules linked in: ---[ end trace f5c5eda032070cd1 ]--- RIP: 0010:batadv_iv_ogm_schedule_buff+0xd1e/0x1410 net/batman-adv/bat_iv_ogm.c:843 Code: 80 3c 28 00 0f 85 ee 05 00 00 4d 8b 3f 49 81 ff e0 e9 4e 8d 0f 84 dd 02 00 00 e8 bd 80 ae f9 49 8d 7f 70 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 af 06 00 00 48 8b 44 24 08 49 8b 6f 70 80 38 RSP: 0018:c90004e97b98 EFLAGS: 00010202 RAX: 000e RBX: 8880a7471800 RCX: 87c5394d RDX: 88804cf02380 RSI: 87c536a3 RDI: 0070 RBP: 00077000 R08: 0001 R09: 8880a875a02b R10: R11: R12: 0007 R13: dc00 R14: 888051ad4c40 R15: FS: () GS:8880ae70() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 00400200 CR3: 9480d000 CR4: 001426e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: INFO: rcu detected stall in netlink_sendmsg (4)
syzbot has found a reproducer for the following crash on: HEAD commit:9e50b94b Add linux-next specific files for 20200703 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=13e6ec3310 kernel config: https://syzkaller.appspot.com/x/.config?x=f99cc0faa1476ed6 dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=168ab5d510 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1771c5d510 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0fb70e87d8e0ac278...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu:0-...0: (3 ticks this GP) idle=ff2/1/0x4000 softirq=8592/8593 fqs=5250 (detected by 1, t=10502 jiffies, g=8273, q=66) Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 6802 Comm: syz-executor688 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__preempt_count_dec_and_test arch/x86/include/asm/preempt.h:94 [inline] RIP: 0010:rcu_lockdep_current_cpu_online kernel/rcu/tree.c:1144 [inline] RIP: 0010:rcu_lockdep_current_cpu_online+0xc8/0x110 kernel/rcu/tree.c:1131 Code: 59 48 8d 7d 70 48 8b 5b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 41 48 8b 45 70 48 85 c3 0f 95 c0 <65> ff 0d d1 18 a1 7e 74 07 48 83 c4 08 5b 5d c3 e8 52 93 9f ff eb RSP: 0018:c9007db8 EFLAGS: 0002 RAX: 0001 RBX: 0001 RCX: 11303b28 RDX: 11378c1e RSI: 00010204 RDI: 89bc60f0 RBP: 89bc6080 R08: R09: 8aaf028f R10: R11: R12: 0001 R13: 8880ae627840 R14: 888094512340 R15: dc00 FS: 017fe880() GS:8880ae60() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2610 CR3: 9aba2000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: rcu_read_lock_held_common kernel/rcu/update.c:110 [inline] rcu_read_lock_held_common kernel/rcu/update.c:100 [inline] rcu_read_lock_sched_held+0x25/0xb0 kernel/rcu/update.c:121 trace_hrtimer_expire_exit include/trace/events/timer.h:279 [inline] __run_hrtimer kernel/time/hrtimer.c:1523 [inline] __hrtimer_run_queues+0xd13/0xfc0 kernel/time/hrtimer.c:1584 hrtimer_interrupt+0x32a/0x930 kernel/time/hrtimer.c:1646 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1080 [inline] __sysvec_apic_timer_interrupt+0x142/0x5e0 arch/x86/kernel/apic/apic.c:1097 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:706 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] sysvec_apic_timer_interrupt+0xe0/0x120 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:596 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:765 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x8c/0xe0 kernel/locking/spinlock.c:191 Code: 48 c7 c0 00 ff b4 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 37 48 83 3d 9b 74 c8 01 00 74 22 48 89 df 57 9d <0f> 1f 44 00 00 bf 01 00 00 00 e8 95 fb 62 f9 65 8b 05 fe 73 15 78 RSP: 0018:c900010872c0 EFLAGS: 0282 RAX: 11369fe0 RBX: 0282 RCX: 0002 RDX: dc00 RSI: RDI: 0282 RBP: 8880945122e8 R08: R09: R10: 0001 R11: R12: 0282 R13: 161f14abb88be58f R14: 888094512000 R15: spin_unlock_irqrestore include/linux/spinlock.h:409 [inline] taprio_change+0x1fdc/0x2960 net/sched/sch_taprio.c:1556 taprio_init+0x52e/0x670 net/sched/sch_taprio.c:1669 qdisc_create+0x4b6/0x12e0 net/sched/sch_api.c:1245 tc_modify_qdisc+0x4c8/0x1990 net/sched/sch_api.c:1661 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5460 netlink_rcv_skb+0x15a/0x430 net/netlink/af_netlink.c:2469 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 sys_sendmsg+0x6e8/0x810 net/socket.c:2352 ___sys_sendmsg+0xf3/0x170 net/socket.c:2406 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2439 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:367 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x443799 Code: Bad RIP value. RSP: 002b:7ffceab
Re: KASAN: null-ptr-deref Write in blk_mq_map_swqueue
This bug is marked as fixed by commit: blk-mq: Fix a recently introduced regression in But I can't find it in any tested tree for more than 90 days. Is it a correct commit? Please update it by replying: #syz fix: exact-commit-title Until then the bug is still considered open and new crashes with the same signature are ignored.
KASAN: use-after-free Write in fsnotify_detach_connector_from_object
Hello, syzbot found the following crash on: HEAD commit:7ae77150 Merge tag 'powerpc-5.8-1' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=120b26c110 kernel config: https://syzkaller.appspot.com/x/.config?x=d195fe572fb15312 dashboard link: https://syzkaller.appspot.com/bug?extid=7d2debdcdb3cb93c1e5e compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1724b24610 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14ceb3de10 The bug was bisected to: commit 76313c70c52f930af4afd21684509ca52297ea71 Author: Eric W. Biederman Date: Wed Feb 19 16:37:15 2020 + uml: Create a private mount of proc for mconsole bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=117c491210 final crash:https://syzkaller.appspot.com/x/report.txt?x=137c491210 console output: https://syzkaller.appspot.com/x/log.txt?x=157c491210 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+7d2debdcdb3cb93c1...@syzkaller.appspotmail.com Fixes: 76313c70c52f ("uml: Create a private mount of proc for mconsole") == BUG: KASAN: use-after-free in atomic64_inc include/asm-generic/atomic-instrumented.h:1049 [inline] BUG: KASAN: use-after-free in atomic_long_inc include/asm-generic/atomic-long.h:160 [inline] BUG: KASAN: use-after-free in fsnotify_detach_connector_from_object+0x25e/0x380 fs/notify/mark.c:185 Write of size 8 at addr 88809fd7e7c0 by task syz-executor972/8021 CPU: 1 PID: 8021 Comm: syz-executor972 Not tainted 5.7.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_address_description.constprop.0.cold+0xd3/0x413 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 check_memory_region_inline mm/kasan/generic.c:186 [inline] check_memory_region+0x141/0x190 mm/kasan/generic.c:192 atomic64_inc include/asm-generic/atomic-instrumented.h:1049 [inline] atomic_long_inc include/asm-generic/atomic-long.h:160 [inline] fsnotify_detach_connector_from_object+0x25e/0x380 fs/notify/mark.c:185 fsnotify_put_mark+0x367/0x580 fs/notify/mark.c:250 fsnotify_clear_marks_by_group+0x33f/0x490 fs/notify/mark.c:764 fsnotify_destroy_group+0xc9/0x300 fs/notify/group.c:61 inotify_release+0x33/0x40 fs/notify/inotify/inotify_user.c:271 __fput+0x33e/0x880 fs/file_table.c:281 task_work_run+0xf4/0x1b0 kernel/task_work.c:123 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xb3f/0x2de0 kernel/exit.c:806 do_group_exit+0x125/0x340 kernel/exit.c:904 __do_sys_exit_group kernel/exit.c:915 [inline] __se_sys_exit_group kernel/exit.c:913 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:913 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x445448 Code: Bad RIP value. RSP: 002b:7ffe48521018 EFLAGS: 0246 ORIG_RAX: 00e7 RAX: ffda RBX: RCX: 00445448 RDX: RSI: 003c RDI: RBP: 004cca90 R08: 00e7 R09: ffd0 R10: 7ffe48521060 R11: 0246 R12: 0001 R13: 006e0340 R14: 0007 R15: 002d Allocated by task 8026: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc mm/kasan/common.c:494 [inline] __kasan_kmalloc.constprop.0+0xbf/0xd0 mm/kasan/common.c:467 kmem_cache_alloc_trace+0x153/0x7d0 mm/slab.c:3551 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] alloc_super+0x52/0x9d0 fs/super.c:203 sget_fc+0x13f/0x790 fs/super.c:530 vfs_get_super+0x6d/0x2d0 fs/super.c:1186 vfs_get_tree+0x89/0x2f0 fs/super.c:1547 do_new_mount fs/namespace.c:2874 [inline] do_mount+0x1306/0x1b40 fs/namespace.c:3199 __do_sys_mount fs/namespace.c:3409 [inline] __se_sys_mount fs/namespace.c:3386 [inline] __x64_sys_mount+0x18f/0x230 fs/namespace.c:3386 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295 entry_SYSCALL_64_after_hwframe+0x49/0xb3 Freed by task 23: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0xf7/0x140 mm/kasan/common.c:455 __cache_free mm/slab.c:3426 [inline] kfree+0x109/0x2b0 mm/slab.c:3757 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268 worker_thread+0x96/0xe20 kernel/workqueue.c:2414 kthread+0x388/0x470 kernel/kthread.c:268 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:351 The buggy address belongs to the object at 88809fd7e000 which belongs to the cache kmalloc-4k of size 4096
Re: BUG: Bad rss-counter state (4)
syzbot has bisected this bug to: commit 0d8dd67be013727ae57645ecd3ea2c36365d7da8 Author: Song Liu Date: Wed Dec 6 22:45:14 2017 + perf/headers: Sync new perf_event.h with the tools/include/uapi version bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13240a0210 start commit: ac935d22 Add linux-next specific files for 20200415 git tree: linux-next final crash:https://syzkaller.appspot.com/x/report.txt?x=10a40a0210 console output: https://syzkaller.appspot.com/x/log.txt?x=17240a0210 kernel config: https://syzkaller.appspot.com/x/.config?x=bc498783097e9019 dashboard link: https://syzkaller.appspot.com/bug?extid=347e2331d03d06ab0224 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12d18e6e10 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104170d610 Reported-by: syzbot+347e2331d03d06ab0...@syzkaller.appspotmail.com Fixes: 0d8dd67be013 ("perf/headers: Sync new perf_event.h with the tools/include/uapi version") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in kernfs_create_dir_ns
syzbot suspects this bug was fixed by commit: commit 810507fe6fd5ff3de429121adff49523fabb643a Author: Waiman Long Date: Thu Feb 6 15:24:08 2020 + locking/lockdep: Reuse freed chain_hlocks entries bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1008138be0 start commit: 72825454 Merge branch 'x86-urgent-for-linus' of git://git... git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=9a31528e58cc12e2 dashboard link: https://syzkaller.appspot.com/bug?extid=38f5d5cf7ae88c46b11a syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12a6c439a0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1353c323a0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: locking/lockdep: Reuse freed chain_hlocks entries For information about bisection process see: https://goo.gl/tpsmEJ#bisection
WARNING in ext4_da_update_reserve_space
Hello, syzbot found the following crash on: HEAD commit:1a147b74 Merge branch 'DSA-mtu' git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=14237713e0 kernel config: https://syzkaller.appspot.com/x/.config?x=46ee14d4915944bc dashboard link: https://syzkaller.appspot.com/bug?extid=67e4f16db666b1c8253c compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12237713e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ec7c97e0 The bug was bisected to: commit 658b0f92bc7003bc734471f61bf7cd56339eb8c3 Author: Murilo Opsfelder Araujo Date: Wed Aug 1 21:33:15 2018 + powerpc/traps: Print unhandled signals in a separate function bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15979f5be0 final crash:https://syzkaller.appspot.com/x/report.txt?x=17979f5be0 console output: https://syzkaller.appspot.com/x/log.txt?x=13979f5be0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+67e4f16db666b1c82...@syzkaller.appspotmail.com Fixes: 658b0f92bc70 ("powerpc/traps: Print unhandled signals in a separate function") EXT4-fs warning (device sda1): ext4_da_update_reserve_space:344: ext4_da_update_reserve_space: ino 15722, used 1 with only 0 reserved data blocks [ cut here ] WARNING: CPU: 1 PID: 359 at fs/ext4/inode.c:348 ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:344 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 359 Comm: kworker/u4:5 Not tainted 5.6.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: writeback wb_workfn (flush-8:0) Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 panic+0x2e3/0x75c kernel/panic.c:221 __warn.cold+0x2f/0x35 kernel/panic.c:582 report_bug+0x27b/0x2f0 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x12b/0x220 arch/x86/kernel/traps.c:267 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:ext4_da_update_reserve_space+0x622/0x7d0 fs/ext4/inode.c:348 Code: 02 00 0f 85 94 01 00 00 48 8b 7d 28 49 c7 c0 20 72 3c 88 41 56 48 c7 c1 80 60 3c 88 53 ba 58 01 00 00 4c 89 c6 e8 1e 6d 0d 00 <0f> 0b 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 0f b6 04 RSP: 0018:c90002197288 EFLAGS: 00010296 RAX: RBX: 0001 RCX: RDX: RSI: 820bf066 RDI: f52000432e21 RBP: 888086b744c8 R08: 0091 R09: ed1015ce6659 R10: ed1015ce6658 R11: 8880ae7332c7 R12: 0001 R13: 888086b74990 R14: R15: 888086b74a40 ext4_ext_map_blocks+0x24aa/0x37d0 fs/ext4/extents.c:4500 ext4_map_blocks+0x4cb/0x1650 fs/ext4/inode.c:622 mpage_map_one_extent fs/ext4/inode.c:2365 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2418 [inline] ext4_writepages+0x19eb/0x3080 fs/ext4/inode.c:2772 do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344 __writeback_single_inode+0x12a/0x1410 fs/fs-writeback.c:1452 writeback_sb_inodes+0x515/0xdd0 fs/fs-writeback.c:1716 wb_writeback+0x2a5/0xd90 fs/fs-writeback.c:1892 wb_do_writeback fs/fs-writeback.c:2037 [inline] wb_workfn+0x339/0x11c0 fs/fs-writeback.c:2078 process_one_work+0x94b/0x1690 kernel/workqueue.c:2266 worker_thread+0x96/0xe20 kernel/workqueue.c:2412 kthread+0x357/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Kernel Offset: disabled Rebooting in 86400 seconds.. --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches
INFO: rcu detected stall in netlink_sendmsg (4)
Hello, syzbot found the following crash on: HEAD commit:ae661dec Merge branch 'ifla_xdp_expected_fd' git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=12245647e0 kernel config: https://syzkaller.appspot.com/x/.config?x=b5acf5ac38a50651 dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9 compiler: gcc (GCC) 9.0.0 20181231 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0fb70e87d8e0ac278...@syzkaller.appspotmail.com rcu: INFO: rcu_preempt self-detected stall on CPU rcu:0-: (1 GPs behind) idle=5c2/1/0x4002 softirq=376075/376076 fqs=5176 (t=10500 jiffies g=506061 q=176208) NMI backtrace for cpu 0 CPU: 0 PID: 17281 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x169/0x1b3 kernel/rcu/tree_stall.h:254 print_cpu_stall kernel/rcu/tree_stall.h:475 [inline] check_cpu_stall kernel/rcu/tree_stall.h:549 [inline] rcu_pending kernel/rcu/tree.c:3030 [inline] rcu_sched_clock_irq.cold+0x518/0xc55 kernel/rcu/tree.c:2276 update_process_times+0x25/0x60 kernel/time/timer.c:1726 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:171 tick_sched_timer+0x4e/0x140 kernel/time/tick-sched.c:1314 __run_hrtimer kernel/time/hrtimer.c:1517 [inline] __hrtimer_run_queues+0x32c/0xdd0 kernel/time/hrtimer.c:1579 hrtimer_interrupt+0x312/0x770 kernel/time/hrtimer.c:1641 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline] smp_apic_timer_interrupt+0x15b/0x600 arch/x86/kernel/apic/apic.c:1144 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline] RIP: 0010:lock_release+0x45f/0x7c0 kernel/locking/lockdep.c:4505 Code: 94 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 d0 02 00 00 48 83 3d 6d 1d 1b 08 00 0f 84 71 01 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 RSP: 0018:c90003d9ec30 EFLAGS: 0282 ORIG_RAX: ff13 RAX: 112e7698 RBX: 1920007b3d89 RCX: 1110098769b9 RDX: dc00 RSI: 1110098769c5 RDI: 0282 RBP: 88804c3b4540 R08: 0004 R09: fbfff14cc269 R10: fbfff14cc268 R11: 8a661347 R12: bc95c6993a9665e0 R13: 87a36fb1 R14: 88804c3b4dd0 R15: 0003 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:174 [inline] _raw_spin_unlock_bh+0x12/0x30 kernel/locking/spinlock.c:207 spin_unlock_bh include/linux/spinlock.h:383 [inline] batadv_tt_local_purge_pending_clients+0x2a1/0x3b0 net/batman-adv/translation-table.c:3914 batadv_tt_local_resize_to_mtu+0x96/0x130 net/batman-adv/translation-table.c:4198 batadv_update_min_mtu net/batman-adv/hard-interface.c:626 [inline] batadv_hardif_activate_interface.part.0.cold+0xc6/0x294 net/batman-adv/hard-interface.c:653 batadv_hardif_activate_interface net/batman-adv/hard-interface.c:800 [inline] batadv_hardif_enable_interface+0x9f2/0xaa0 net/batman-adv/hard-interface.c:792 batadv_softif_slave_add+0x92/0x150 net/batman-adv/soft-interface.c:859 do_set_master net/core/rtnetlink.c:2470 [inline] do_set_master+0x1d7/0x230 net/core/rtnetlink.c:2443 do_setlink+0xaa2/0x3680 net/core/rtnetlink.c:2605 __rtnl_newlink+0xad5/0x1590 net/core/rtnetlink.c:3266 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3391 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5454 netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2478 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 sys_sendmsg+0x6b9/0x7d0 net/socket.c:2343 ___sys_sendmsg+0x100/0x170 net/socket.c:2397 __sys_sendmsg+0xec/0x1b0 net/socket.c:2430 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c849 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7f043b72fc78 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 7f043b7306d4 RCX: 0045c849 RDX: RSI: 21c0 RDI: 0003 RBP: 0076bf00 R08: R09: R10:
kernel panic: smack: Failed to initialize cipso DOI.
Hello, syzbot found the following crash on: HEAD commit:1b649e0b Merge git://git.kernel.org/pub/scm/linux/kernel/g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14957099e0 kernel config: https://syzkaller.appspot.com/x/.config?x=4ac76c43beddbd9 dashboard link: https://syzkaller.appspot.com/bug?extid=89731ccb6fec15ce1c22 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1202c375e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1390bb03e0 The bug was bisected to: commit a9d2d53a788a9c5bc8a7d1b4ea7857b68e221357 Author: Ken Cox Date: Tue Nov 15 19:00:37 2016 + ixgbe: test for trust in macvlan adjustments for VF bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13cb06f3e0 final crash:https://syzkaller.appspot.com/x/report.txt?x=102b06f3e0 console output: https://syzkaller.appspot.com/x/log.txt?x=17cb06f3e0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+89731ccb6fec15ce1...@syzkaller.appspotmail.com Fixes: a9d2d53a788a ("ixgbe: test for trust in macvlan adjustments for VF") RSP: 002b:7ffebd499a38 EFLAGS: 0246 ORIG_RAX: 0001 RAX: ffda RBX: 7ffebd499a40 RCX: 004404e9 RDX: 0014 RSI: 2040 RDI: 0003 RBP: 0004 R08: 0001 R09: 7ffebd490031 R10: R11: 0246 R12: 00401dd0 R13: 00401e60 R14: R15: Kernel panic - not syncing: smack: Failed to initialize cipso DOI. CPU: 1 PID: 7197 Comm: syz-executor480 Not tainted 5.6.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1e9/0x30e lib/dump_stack.c:118 panic+0x264/0x7a0 kernel/panic.c:221 smk_cipso_doi+0x4d8/0x4e0 security/smack/smackfs.c:698 smk_write_doi+0x123/0x190 security/smack/smackfs.c:1595 __vfs_write+0xa7/0x710 fs/read_write.c:494 vfs_write+0x271/0x570 fs/read_write.c:558 ksys_write+0x115/0x220 fs/read_write.c:611 do_syscall_64+0xf3/0x1b0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4404e9 Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7ffebd499a38 EFLAGS: 0246 ORIG_RAX: 0001 RAX: ffda RBX: 7ffebd499a40 RCX: 004404e9 RDX: 0014 RSI: 2040 RDI: 0003 RBP: 0004 R08: 0001 R09: 7ffebd490031 R10: R11: 0246 R12: 00401dd0 R13: 00401e60 R14: R15: Kernel Offset: disabled Rebooting in 86400 seconds.. --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: KASAN: null-ptr-deref Write in blk_mq_map_swqueue
syzbot has bisected this bug to: commit 768134d4f48109b90f4248feecbeeb7d684e410c Author: Jens Axboe Date: Mon Nov 11 03:30:53 2019 + io_uring: don't do flush cancel under inflight_lock bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14233ef5e0 start commit: 1b649e0b Merge git://git.kernel.org/pub/scm/linux/kernel/g.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=16233ef5e0 console output: https://syzkaller.appspot.com/x/log.txt?x=12233ef5e0 kernel config: https://syzkaller.appspot.com/x/.config?x=27392dd2975fd692 dashboard link: https://syzkaller.appspot.com/bug?extid=313d95e8a7a49263f88d syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13850447e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=119a26f5e0 Reported-by: syzbot+313d95e8a7a49263f...@syzkaller.appspotmail.com Fixes: 768134d4f481 ("io_uring: don't do flush cancel under inflight_lock") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Write in hci_sock_bind (2)
syzbot has bisected this bug to: commit 7d13eca09ed5e477f6ecfd97a35058762228b5e4 Author: Florian Fainelli Date: Sat Aug 27 22:34:20 2016 + Documentation: networking: dsa: Remove platform device TODO bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1746f3f9e0 start commit: 770fbb32 Add linux-next specific files for 20200228 git tree: linux-next final crash:https://syzkaller.appspot.com/x/report.txt?x=14c6f3f9e0 console output: https://syzkaller.appspot.com/x/log.txt?x=10c6f3f9e0 kernel config: https://syzkaller.appspot.com/x/.config?x=576314276bce4ad5 dashboard link: https://syzkaller.appspot.com/bug?extid=04e804c8c2224b6a9497 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11fc5e75e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10707013e0 Reported-by: syzbot+04e804c8c2224b6a9...@syzkaller.appspotmail.com Fixes: 7d13eca09ed5 ("Documentation: networking: dsa: Remove platform device TODO") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in sctp_ulpevent_nofity_peer_addr_change
syzbot has bisected this bug to: commit da2648390ce3d409218b6bbbf2386d8ddeec2265 Author: Lubomir Rintel Date: Thu Dec 20 18:13:09 2018 + pxa168fb: trivial typo fix bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1361e139e0 start commit: 5076190d mm: slub: be more careful about the double cmpxch.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=10e1e139e0 console output: https://syzkaller.appspot.com/x/log.txt?x=1761e139e0 kernel config: https://syzkaller.appspot.com/x/.config?x=9f894bd92023de02 dashboard link: https://syzkaller.appspot.com/bug?extid=3950016bd95c2ca0377b userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1162bbe3e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c93b45e0 Reported-by: syzbot+3950016bd95c2ca03...@syzkaller.appspotmail.com Fixes: da2648390ce3 ("pxa168fb: trivial typo fix") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1074c2a9e0 start commit: d96d875e Merge tag 'fixes_for_v5.5-rc8' of git://git.kerne.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba dashboard link: https://syzkaller.appspot.com/bug?extid=c1a1fb435465986efe35 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e36185e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104a7a11e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16b8e545e0 start commit: d96d875e Merge tag 'fixes_for_v5.5-rc8' of git://git.kerne.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba dashboard link: https://syzkaller.appspot.com/bug?extid=6491ea8f6dddbf04930e syz repro: https://syzkaller.appspot.com/x/repro.syz?x=126748d6e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1385f959e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=122e7c1de0 start commit: d5d359b0 Merge branch 'for-linus' of git://git.kernel.org/.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba dashboard link: https://syzkaller.appspot.com/bug?extid=7b6206fb525c1f5ec3f8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15909f21e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=141a1611e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10aef753e0 start commit: 4703d911 Merge tag 'xarray-5.5' of git://git.infradead.org.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=83c00afca9cf5153 dashboard link: https://syzkaller.appspot.com/bug?extid=a85062dec5d65617cc1c syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1301ed85e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14b7b79ee0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in idr_destroy
syzbot has bisected this bug to: commit 5b3709793d151e6e12eb6a38a5da3f7fc2923d3a Author: Thomas Zimmermann Date: Wed May 8 08:26:19 2019 + drm/ast: Convert AST driver to |struct drm_gem_vram_object| bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15a66fb5e0 start commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=17a66fb5e0 console output: https://syzkaller.appspot.com/x/log.txt?x=13a66fb5e0 kernel config: https://syzkaller.appspot.com/x/.config?x=5d2e033af114153f dashboard link: https://syzkaller.appspot.com/bug?extid=05835159fe322770fe3d syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e978e3e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10b1a819e0 Reported-by: syzbot+05835159fe322770f...@syzkaller.appspotmail.com Fixes: 5b3709793d15 ("drm/ast: Convert AST driver to |struct drm_gem_vram_object|") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: general protection fault in j1939_netdev_start
syzbot has bisected this bug to: commit 8330f73fe9742f201f467639f8356cf58756fb9f Author: Jiri Pirko Date: Wed Sep 4 07:40:47 2019 + rocker: add missing init_net check in FIB notifier bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=165cdcb1e0 start commit: 63623fd4 Merge tag 'for-linus' of git://git.kernel.org/pub.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=155cdcb1e0 console output: https://syzkaller.appspot.com/x/log.txt?x=115cdcb1e0 kernel config: https://syzkaller.appspot.com/x/.config?x=9833e26bab355358 dashboard link: https://syzkaller.appspot.com/bug?extid=f03d384f3455d28833eb syz repro: https://syzkaller.appspot.com/x/repro.syz?x=162b8331e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10f10a2de0 Reported-by: syzbot+f03d384f3455d2883...@syzkaller.appspotmail.com Fixes: 8330f73fe974 ("rocker: add missing init_net check in FIB notifier") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
KMSAN: uninit-value in batadv_get_vid
Hello, syzbot found the following crash on: HEAD commit:8bbbc5cf kmsan: don't compile memmove git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=15471109e0 kernel config: https://syzkaller.appspot.com/x/.config?x=cd0e9a6b0e555cc3 dashboard link: https://syzkaller.appspot.com/bug?extid=0adb190024de0a0e265b compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1247c109e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1349a779e0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0adb190024de0a0e2...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650 CPU: 0 PID: 12317 Comm: syz-executor026 Not tainted 5.6.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_get_vid+0x1fd/0x340 net/batman-adv/main.c:650 batadv_interface_tx+0x30a/0x2450 net/batman-adv/soft-interface.c:212 __netdev_start_xmit include/linux/netdevice.h:4524 [inline] netdev_start_xmit include/linux/netdevice.h:4538 [inline] xmit_one net/core/dev.c:3470 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3486 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4063 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4096 __bpf_tx_skb net/core/filter.c:2061 [inline] __bpf_redirect_common net/core/filter.c:2100 [inline] __bpf_redirect+0x11d5/0x1440 net/core/filter.c:2107 bpf_clone_redirect net/core/filter.c:2140 [inline] bpf_clone_redirect+0x466/0x620 net/core/filter.c:2112 bpf_prog_bb15b996d00816f9+0x7a4/0x1000 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline] bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline] __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline] do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139 RIP: 0023:0xf7fc8d99 Code: 90 e8 0b 00 00 00 f3 90 0f ae e8 eb f9 8d 74 26 00 89 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 002b:ff9adc0c EFLAGS: 0246 ORIG_RAX: 0165 RAX: ffda RBX: 000a RCX: 2280 RDX: 0040 RSI: RDI: 005b RBP: R08: R09: R10: R11: R12: R13: R14: R15: Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_poison_shadow+0x66/0xd0 mm/kmsan/kmsan.c:127 kmsan_slab_alloc+0x8a/0xe0 mm/kmsan/kmsan_hooks.c:82 slab_alloc_node mm/slub.c:2793 [inline] __kmalloc_node_track_caller+0xb40/0x1200 mm/slub.c:4401 __kmalloc_reserve net/core/skbuff.c:142 [inline] pskb_expand_head+0x20b/0x1b00 net/core/skbuff.c:1629 skb_ensure_writable+0x3ea/0x490 net/core/skbuff.c:5453 __bpf_try_make_writable net/core/filter.c:1635 [inline] bpf_try_make_writable net/core/filter.c:1641 [inline] bpf_try_make_head_writable net/core/filter.c:1649 [inline] bpf_clone_redirect net/core/filter.c:2134 [inline] bpf_clone_redirect+0x251/0x620 net/core/filter.c:2112 bpf_prog_bb15b996d00816f9+0x7a4/0x1000 bpf_dispatcher_nopfunc include/linux/bpf.h:521 [inline] bpf_test_run+0x60c/0xe50 net/bpf/test_run.c:48 bpf_prog_test_run_skb+0xcab/0x24a0 net/bpf/test_run.c:388 bpf_prog_test_run kernel/bpf/syscall.c:2572 [inline] __do_sys_bpf+0xa684/0x13510 kernel/bpf/syscall.c:3414 __se_sys_bpf kernel/bpf/syscall.c:3355 [inline] __ia32_sys_bpf+0xdb/0x120 kernel/bpf/syscall.c:3355 do_syscall_32_irqs_on arch/x86/entry/common.c:339 [inline] do_fast_syscall_32+0x3c7/0x6e0 arch/x86/entry/common.c:410 entry_SYSENTER_compat+0x68/0x77 arch/x86/entry/entry_64_compat.S:139 = --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for d
kernel panic: audit: backlog limit exceeded
Hello, syzbot found the following crash on: HEAD commit:36a44bcd Merge branch 'bnxt_en-shutdown-and-kexec-kdump-re.. git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=148bfdd9e0 kernel config: https://syzkaller.appspot.com/x/.config?x=768cc3d3e277cc16 dashboard link: https://syzkaller.appspot.com/bug?extid=9a5e789e4725b9ef1316 compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151b1109e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=128bfdd9e0 The bug was bisected to: commit 0c1b9970ddd4cc41002321c3877e7f91aacb896d Author: Dan Carpenter Date: Fri Jul 28 14:42:27 2017 + staging: lustre: lustre: Off by two in lmv_fid2path() bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17e6c3e9e0 final crash:https://syzkaller.appspot.com/x/report.txt?x=1416c3e9e0 console output: https://syzkaller.appspot.com/x/log.txt?x=1016c3e9e0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+9a5e789e4725b9ef1...@syzkaller.appspotmail.com Fixes: 0c1b9970ddd4 ("staging: lustre: lustre: Off by two in lmv_fid2path()") audit: audit_backlog=13 > audit_backlog_limit=7 audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=7 Kernel panic - not syncing: audit: backlog limit exceeded CPU: 1 PID: 9913 Comm: syz-executor024 Not tainted 5.6.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 panic+0x2e3/0x75c kernel/panic.c:221 audit_panic.cold+0x32/0x32 kernel/audit.c:307 audit_log_lost kernel/audit.c:377 [inline] audit_log_lost+0x8b/0x180 kernel/audit.c:349 audit_log_start kernel/audit.c:1788 [inline] audit_log_start+0x70e/0x7c0 kernel/audit.c:1745 audit_log+0x95/0x120 kernel/audit.c:2345 xt_replace_table+0x61d/0x830 net/netfilter/x_tables.c:1413 __do_replace+0x1da/0x950 net/ipv6/netfilter/ip6_tables.c:1084 do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline] do_ip6t_set_ctl+0x33a/0x4c8 net/ipv6/netfilter/ip6_tables.c:1681 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115 ipv6_setsockopt net/ipv6/ipv6_sockglue.c:949 [inline] ipv6_setsockopt+0x147/0x180 net/ipv6/ipv6_sockglue.c:933 tcp_setsockopt net/ipv4/tcp.c:3165 [inline] tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149 __sys_setsockopt+0x261/0x4c0 net/socket.c:2130 __do_sys_setsockopt net/socket.c:2146 [inline] __se_sys_setsockopt net/socket.c:2143 [inline] __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x44720a Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1a e0 fb ff c3 66 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fa df fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7ffd032dec78 EFLAGS: 0286 ORIG_RAX: 0036 RAX: ffda RBX: 0003 RCX: 0044720a RDX: 0040 RSI: 0029 RDI: 0003 RBP: 7ffd032deda0 R08: 03b8 R09: 4000 R10: 006d7b40 R11: 0286 R12: 7ffd032deca0 R13: 006d9d60 R14: 0029 R15: 006d7ba0 Kernel Offset: disabled Rebooting in 86400 seconds.. --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13435a7ee0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d9290aeb7e6cf1c4 dashboard link: https://syzkaller.appspot.com/bug?extid=33fc3ad6fa11675e1a7e userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15982cc9e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11be38d6e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_ext_cleanup
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17079245e0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=d9290aeb7e6cf1c4 dashboard link: https://syzkaller.appspot.com/bug?extid=b554d01b6c7870b17da2 userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=145948d6e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16202cc9e0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_destroy
syzbot suspects this bug was fixed by commit: commit 32c72165dbd0e246e69d16a3ad348a4851afd415 Author: Kadlecsik József Date: Sun Jan 19 21:06:49 2020 + netfilter: ipset: use bitmap infrastructure completely bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17fc79b5e0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=cfbb8fa33f49f9f3 dashboard link: https://syzkaller.appspot.com/bug?extid=8b5f151de2f35100bbc5 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12e22559e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16056faee0 If the result looks correct, please mark the bug fixed by replying with: #syz fix: netfilter: ipset: use bitmap infrastructure completely For information about bisection process see: https://goo.gl/tpsmEJ#bisection
general protection fault in batadv_iv_ogm_schedule_buff
Hello, syzbot found the following crash on: HEAD commit:2019fc96 Merge git://git.kernel.org/pub/scm/linux/kernel/g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16ebaae6e0 kernel config: https://syzkaller.appspot.com/x/.config?x=735296e4dd620b10 dashboard link: https://syzkaller.appspot.com/bug?extid=a98f2016f40b9cd3818a compiler: gcc (GCC) 9.0.0 20181231 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+a98f2016f40b9cd38...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc02: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0010-0x0017] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.6.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff+0x3f4/0x12d0 net/batman-adv/bat_iv_ogm.c:814 Code: c1 ea 03 80 3c 02 00 0f 85 e5 0d 00 00 4d 8b a7 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 16 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b8 RSP: 0018:c9dd7bb8 EFLAGS: 00010203 RAX: dc00 RBX: RCX: 11101537d9c1 RDX: 0002 RSI: 87cc2c28 RDI: 0016 RBP: c9dd7ca8 R08: 0004 R09: 8880a9bece10 R10: fbfff154b460 R11: 8aa5a307 R12: R13: 0001 R14: c9dd7c40 R15: 8880a9aa0800 FS: () GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: ff600400 CR3: 8f5a3000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:865 [inline] batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:858 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x5da/0x7c0 net/batman-adv/bat_iv_ogm.c:1718 process_one_work+0xa05/0x17a0 kernel/workqueue.c:2264 worker_thread+0x98/0xe40 kernel/workqueue.c:2410 kthread+0x361/0x430 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace 101b07e3062bfd0c ]--- RIP: 0010:batadv_iv_ogm_schedule_buff+0x3f4/0x12d0 net/batman-adv/bat_iv_ogm.c:814 Code: c1 ea 03 80 3c 02 00 0f 85 e5 0d 00 00 4d 8b a7 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 16 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b8 RSP: 0018:c9dd7bb8 EFLAGS: 00010203 RAX: dc00 RBX: RCX: 11101537d9c1 RDX: 0002 RSI: 87cc2c28 RDI: 0016 RBP: c9dd7ca8 R08: 0004 R09: 8880a9bece10 R10: fbfff154b460 R11: 8aa5a307 R12: R13: 0001 R14: c9dd7c40 R15: 8880a9aa0800 FS: () GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: ff600400 CR3: 9d9e7000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
general protection fault in batadv_iv_ogm_schedule
Hello, syzbot found the following crash on: HEAD commit:f7571657 Merge tag 'fuse-fixes-5.6-rc1' of git://git.kerne.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12dddbbee0 kernel config: https://syzkaller.appspot.com/x/.config?x=7f1d914a74bd6ddc dashboard link: https://syzkaller.appspot.com/bug?extid=ac36b6a33c28a491e929 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+ac36b6a33c28a491e...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc02: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0010-0x0017] CPU: 0 PID: 465 Comm: kworker/u4:5 Not tainted 5.5.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:814 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x220/0xf00 net/batman-adv/bat_iv_ogm.c:865 Code: e8 35 ef bf f9 4c 89 ad 60 ff ff ff 4d 8b 75 00 66 41 c1 c7 08 49 8d 5e 16 48 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df <42> 8a 04 28 84 c0 0f 85 e0 0b 00 00 66 44 89 3b 4c 89 a5 78 ff ff RSP: 0018:c90002887b78 EFLAGS: 00010203 RAX: 0002 RBX: 0016 RCX: 111012580611 RDX: RSI: 8880a80449b0 RDI: 0282 RBP: c90002887c38 R08: dc00 R09: fbfff12d3605 R10: fbfff12d3605 R11: R12: 888092c03000 R13: dc00 R14: R15: FS: () GS:8880aea0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0075bfd4 CR3: 90ab CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: batadv_iv_send_outstanding_bat_ogm_packet+0x664/0x770 net/batman-adv/bat_iv_ogm.c:1718 process_one_work+0x7f5/0x10f0 kernel/workqueue.c:2264 worker_thread+0xbbc/0x1630 kernel/workqueue.c:2410 kthread+0x332/0x350 kernel/kthread.c:255 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352 Modules linked in: ---[ end trace eddf69e5e4c9f596 ]--- RIP: 0010:batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:814 [inline] RIP: 0010:batadv_iv_ogm_schedule+0x220/0xf00 net/batman-adv/bat_iv_ogm.c:865 Code: e8 35 ef bf f9 4c 89 ad 60 ff ff ff 4d 8b 75 00 66 41 c1 c7 08 49 8d 5e 16 48 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df <42> 8a 04 28 84 c0 0f 85 e0 0b 00 00 66 44 89 3b 4c 89 a5 78 ff ff RSP: 0018:c90002887b78 EFLAGS: 00010203 RAX: 0002 RBX: 0016 RCX: 111012580611 RDX: RSI: 8880a80449b0 RDI: 0282 RBP: c90002887c38 R08: dc00 R09: fbfff12d3605 R10: fbfff12d3605 R11: R12: 888092c03000 R13: dc00 R14: R15: FS: () GS:8880aea0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0075bfd4 CR3: 9c67b000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
possible deadlock in pty_write
Hello, syzbot found the following crash on: HEAD commit:ccaaaf6f Merge tag 'mpx-for-linus' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11bc585ee0 kernel config: https://syzkaller.appspot.com/x/.config?x=879390c6b09ccf66 dashboard link: https://syzkaller.appspot.com/bug?extid=3118a33395397bb6b0ca compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=165bda4ee0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1646a85ee0 The bug was bisected to: commit 65b27995a4ab8fc51b4adc6b4dcdca20f7a595bb Author: Heiner Kallweit Date: Mon Aug 12 21:52:19 2019 + net: phy: let phy_speed_down/up support speeds >1Gbps bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1764f735e0 final crash:https://syzkaller.appspot.com/x/report.txt?x=14e4f735e0 console output: https://syzkaller.appspot.com/x/log.txt?x=10e4f735e0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+3118a33395397bb6b...@syzkaller.appspotmail.com Fixes: 65b27995a4ab ("net: phy: let phy_speed_down/up support speeds >1Gbps") == WARNING: possible circular locking dependency detected 5.5.0-syzkaller #0 Not tainted -- syz-executor465/10262 is trying to acquire lock: 89b9f960 (console_owner){-.-.}, at: console_trylock_spinning kernel/printk/printk.c:1724 [inline] 89b9f960 (console_owner){-.-.}, at: vprintk_emit+0x3fd/0x700 kernel/printk/printk.c:1995 but task is already holding lock: 88808d6b7940 (&(>lock)->rlock){-.-.}, at: pty_write+0xff/0x200 drivers/tty/pty.c:120 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (&(>lock)->rlock){-.-.}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:159 tty_port_tty_get+0x24/0x100 drivers/tty/tty_port.c:287 tty_port_default_wakeup+0x16/0x40 drivers/tty/tty_port.c:47 tty_port_tty_wakeup+0x57/0x70 drivers/tty/tty_port.c:387 uart_write_wakeup+0x46/0x70 drivers/tty/serial/serial_core.c:104 serial8250_tx_chars+0x495/0xaf0 drivers/tty/serial/8250/8250_port.c:1760 serial8250_handle_irq.part.0+0x261/0x2b0 drivers/tty/serial/8250/8250_port.c:1833 serial8250_handle_irq drivers/tty/serial/8250/8250_port.c:1819 [inline] serial8250_default_handle_irq+0xc0/0x150 drivers/tty/serial/8250/8250_port.c:1849 serial8250_interrupt+0xf1/0x1a0 drivers/tty/serial/8250/8250_core.c:126 __handle_irq_event_percpu+0x15d/0x970 kernel/irq/handle.c:149 handle_irq_event_percpu+0x74/0x160 kernel/irq/handle.c:189 handle_irq_event+0xa7/0x134 kernel/irq/handle.c:206 handle_edge_irq+0x25e/0x8d0 kernel/irq/chip.c:830 generic_handle_irq_desc include/linux/irqdesc.h:156 [inline] do_IRQ+0xde/0x280 arch/x86/kernel/irq.c:250 ret_from_intr+0x0/0x36 arch_local_irq_restore arch/x86/include/asm/paravirt.h:752 [inline] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] _raw_spin_unlock_irqrestore+0x90/0xe0 kernel/locking/spinlock.c:191 spin_unlock_irqrestore include/linux/spinlock.h:393 [inline] uart_write+0x3b6/0x6f0 drivers/tty/serial/serial_core.c:613 process_output_block drivers/tty/n_tty.c:595 [inline] n_tty_write+0x40e/0x1080 drivers/tty/n_tty.c:2333 do_tty_write drivers/tty/tty_io.c:962 [inline] tty_write+0x496/0x7f0 drivers/tty/tty_io.c:1046 redirected_tty_write+0xb2/0xc0 drivers/tty/tty_io.c:1067 __vfs_write+0x8a/0x110 fs/read_write.c:494 vfs_write+0x268/0x5d0 fs/read_write.c:558 ksys_write+0x14f/0x290 fs/read_write.c:611 __do_sys_write fs/read_write.c:623 [inline] __se_sys_write fs/read_write.c:620 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:620 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> #1 (_lock_key){-.-.}: __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x95/0xcd kernel/locking/spinlock.c:159 serial8250_console_write+0x253/0x9a0 drivers/tty/serial/8250/8250_port.c:3142 univ8250_console_write+0x5f/0x70 drivers/tty/serial/8250/8250_core.c:587 call_console_drivers kernel/printk/printk.c:1791 [inline] console_unlock+0xb7a/0xf00 kernel/printk/printk.c:2473 vprintk_emit+0x2a0/0x700 kernel/printk/printk.c:1996 vprintk_default+0x28/0x30 kernel/printk/printk.c:2023 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:386 printk+0xba/0xed kernel/printk/printk.c:2056 register_conso
KMSAN: uninit-value in batadv_bla_tx
Hello, syzbot found the following crash on: HEAD commit:686a4f77 kmsan: don't compile memmove git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=10b1da4ee0 kernel config: https://syzkaller.appspot.com/x/.config?x=e10654781bc1f11c dashboard link: https://syzkaller.appspot.com/bug?extid=37bad4f9cb2033876f32 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=102be0a1e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123105a5e0 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+37bad4f9cb2033876...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_bla_tx+0x2675/0x3730 net/batman-adv/bridge_loop_avoidance.c:1960 CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_bla_tx+0x2675/0x3730 net/batman-adv/bridge_loop_avoidance.c:1960 batadv_interface_tx+0x67c/0x2450 net/batman-adv/soft-interface.c:239 __netdev_start_xmit include/linux/netdevice.h:4447 [inline] netdev_start_xmit include/linux/netdevice.h:4461 [inline] xmit_one net/core/dev.c:3420 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3436 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4013 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4046 hsr_xmit net/hsr/hsr_forward.c:228 [inline] hsr_forward_do net/hsr/hsr_forward.c:285 [inline] hsr_forward_skb+0x2614/0x30d0 net/hsr/hsr_forward.c:361 hsr_handle_frame+0x385/0x4b0 net/hsr/hsr_slave.c:43 __netif_receive_skb_core+0x21de/0x5840 net/core/dev.c:5051 __netif_receive_skb_one_core net/core/dev.c:5148 [inline] __netif_receive_skb net/core/dev.c:5264 [inline] process_backlog+0x936/0x1410 net/core/dev.c:6095 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x786/0x1ab0 net/core/dev.c:6600 __do_softirq+0x311/0x83d kernel/softirq.c:293 run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 smpboot_thread_fn+0x493/0x980 kernel/smpboot.c:165 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 pskb_expand_head+0x38b/0x1b00 net/core/skbuff.c:1637 __skb_pad+0x47f/0x900 net/core/skbuff.c:1805 __skb_put_padto include/linux/skbuff.h:3193 [inline] skb_put_padto include/linux/skbuff.h:3212 [inline] send_hsr_supervision_frame+0x122d/0x1500 net/hsr/hsr_device.c:310 hsr_announce+0x1e2/0x370 net/hsr/hsr_device.c:341 call_timer_fn+0x218/0x510 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xcff/0x1210 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x311/0x83d kernel/softirq.c:293 Uninit was created at: kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:307 [inline] kmsan_alloc_page+0x12a/0x310 mm/kmsan/kmsan_shadow.c:336 __alloc_pages_nodemask+0x57f2/0x5f60 mm/page_alloc.c:4800 __alloc_pages include/linux/gfp.h:498 [inline] __alloc_pages_node include/linux/gfp.h:511 [inline] alloc_pages_node include/linux/gfp.h:525 [inline] __page_frag_cache_refill mm/page_alloc.c:4875 [inline] page_frag_alloc+0x3ae/0x910 mm/page_alloc.c:4905 __napi_alloc_skb+0x193/0xa60 net/core/skbuff.c:519 napi_alloc_skb include/linux/skbuff.h:2825 [inline] page_to_skb+0x19f/0x1100 drivers/net/virtio_net.c:384 receive_mergeable drivers/net/virtio_net.c:924 [inline] receive_buf+0xe57/0x8ac0 drivers/net/virtio_net.c:1033 virtnet_receive drivers/net/virtio_net.c:1323 [inline] virtnet_poll+0x64b/0x19f0 drivers/net/virtio_net.c:1428 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x786/0x1ab0 net/core/dev.c:6600 __do_softirq+0x311/0x83d kernel/softirq.c:293 = --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches
KMSAN: uninit-value in batadv_interface_tx (2)
Hello, syzbot found the following crash on: HEAD commit:686a4f77 kmsan: don't compile memmove git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=11aff3c9e0 kernel config: https://syzkaller.appspot.com/x/.config?x=e10654781bc1f11c dashboard link: https://syzkaller.appspot.com/bug?extid=24458cef7d37351dd0c3 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+24458cef7d37351dd...@syzkaller.appspotmail.com = BUG: KMSAN: uninit-value in batadv_interface_tx+0x10cf/0x2450 net/batman-adv/soft-interface.c:264 CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.5.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 batadv_interface_tx+0x10cf/0x2450 net/batman-adv/soft-interface.c:264 __netdev_start_xmit include/linux/netdevice.h:4447 [inline] netdev_start_xmit include/linux/netdevice.h:4461 [inline] xmit_one net/core/dev.c:3420 [inline] dev_hard_start_xmit+0x531/0xab0 net/core/dev.c:3436 __dev_queue_xmit+0x37de/0x4220 net/core/dev.c:4013 dev_queue_xmit+0x4b/0x60 net/core/dev.c:4046 hsr_xmit net/hsr/hsr_forward.c:228 [inline] hsr_forward_do net/hsr/hsr_forward.c:285 [inline] hsr_forward_skb+0x2614/0x30d0 net/hsr/hsr_forward.c:361 hsr_handle_frame+0x385/0x4b0 net/hsr/hsr_slave.c:43 __netif_receive_skb_core+0x21de/0x5840 net/core/dev.c:5051 __netif_receive_skb_one_core net/core/dev.c:5148 [inline] __netif_receive_skb net/core/dev.c:5264 [inline] process_backlog+0x936/0x1410 net/core/dev.c:6095 napi_poll net/core/dev.c:6532 [inline] net_rx_action+0x786/0x1ab0 net/core/dev.c:6600 __do_softirq+0x311/0x83d kernel/softirq.c:293 run_ksoftirqd+0x25/0x40 kernel/softirq.c:607 smpboot_thread_fn+0x493/0x980 kernel/smpboot.c:165 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:144 [inline] kmsan_internal_chain_origin+0xad/0x130 mm/kmsan/kmsan.c:310 kmsan_memcpy_memmove_metadata+0x272/0x2e0 mm/kmsan/kmsan.c:247 kmsan_memcpy_metadata+0xb/0x10 mm/kmsan/kmsan.c:267 __msan_memcpy+0x43/0x50 mm/kmsan/kmsan_instr.c:116 pskb_expand_head+0x38b/0x1b00 net/core/skbuff.c:1637 __skb_pad+0x47f/0x900 net/core/skbuff.c:1805 __skb_put_padto include/linux/skbuff.h:3193 [inline] skb_put_padto include/linux/skbuff.h:3212 [inline] send_hsr_supervision_frame+0x122d/0x1500 net/hsr/hsr_device.c:310 hsr_announce+0x1e2/0x370 net/hsr/hsr_device.c:341 call_timer_fn+0x218/0x510 kernel/time/timer.c:1404 expire_timers kernel/time/timer.c:1449 [inline] __run_timers+0xcff/0x1210 kernel/time/timer.c:1773 run_timer_softirq+0x2d/0x50 kernel/time/timer.c:1786 __do_softirq+0x311/0x83d kernel/softirq.c:293 Uninit was created at: kmsan_save_stack_with_flags+0x3c/0x90 mm/kmsan/kmsan.c:144 kmsan_internal_alloc_meta_for_pages mm/kmsan/kmsan_shadow.c:307 [inline] kmsan_alloc_page+0x12a/0x310 mm/kmsan/kmsan_shadow.c:336 __alloc_pages_nodemask+0x57f2/0x5f60 mm/page_alloc.c:4800 __alloc_pages include/linux/gfp.h:498 [inline] __alloc_pages_node include/linux/gfp.h:511 [inline] alloc_pages_node include/linux/gfp.h:525 [inline] __page_frag_cache_refill mm/page_alloc.c:4875 [inline] page_frag_alloc+0x3ae/0x910 mm/page_alloc.c:4905 __netdev_alloc_skb+0x703/0xbb0 net/core/skbuff.c:455 __netdev_alloc_skb_ip_align include/linux/skbuff.h:2801 [inline] netdev_alloc_skb_ip_align include/linux/skbuff.h:2811 [inline] batadv_iv_ogm_aggregate_new net/batman-adv/bat_iv_ogm.c:558 [inline] batadv_iv_ogm_queue_add+0x10da/0x1900 net/batman-adv/bat_iv_ogm.c:670 batadv_iv_ogm_schedule_buff net/batman-adv/bat_iv_ogm.c:829 [inline] batadv_iv_ogm_schedule+0xcf1/0x13c0 net/batman-adv/bat_iv_ogm.c:865 batadv_iv_send_outstanding_bat_ogm_packet+0xbae/0xd50 net/batman-adv/bat_iv_ogm.c:1718 process_one_work+0x1552/0x1ef0 kernel/workqueue.c:2264 worker_thread+0xef6/0x2450 kernel/workqueue.c:2410 kthread+0x4b5/0x4f0 kernel/kthread.c:256 ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353 = --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_destroy
syzbot has bisected this bug to: commit b9a1e627405d68d475a3c1f35e685ccfb5bbe668 Author: Cong Wang Date: Thu Jul 4 00:21:13 2019 + hsr: implement dellink to clean up resources bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=123fce01e0 start commit: 4703d911 Merge tag 'xarray-5.5' of git://git.infradead.org.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=113fce01e0 console output: https://syzkaller.appspot.com/x/log.txt?x=163fce01e0 kernel config: https://syzkaller.appspot.com/x/.config?x=83c00afca9cf5153 dashboard link: https://syzkaller.appspot.com/bug?extid=a85062dec5d65617cc1c syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1301ed85e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14b7b79ee0 Reported-by: syzbot+a85062dec5d65617c...@syzkaller.appspotmail.com Fixes: b9a1e627405d ("hsr: implement dellink to clean up resources") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: WARNING in __proc_create (2)
syzbot has bisected this bug to: commit f4b3526d83c40dd8bf5948b9d7a1b2c340f0dcc8 Author: David Howells Date: Thu Nov 2 15:27:48 2017 + afs: Connect up the CB.ProbeUuid bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1627a721e0 start commit: d96d875e Merge tag 'fixes_for_v5.5-rc8' of git://git.kerne.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=1527a721e0 console output: https://syzkaller.appspot.com/x/log.txt?x=1127a721e0 kernel config: https://syzkaller.appspot.com/x/.config?x=83c00afca9cf5153 dashboard link: https://syzkaller.appspot.com/bug?extid=b904ba7c947a37b4b291 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12c96185e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14f859c9e0 Reported-by: syzbot+b904ba7c947a37b4b...@syzkaller.appspotmail.com Fixes: f4b3526d83c4 ("afs: Connect up the CB.ProbeUuid") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_destroy
syzbot has bisected this bug to: commit 354d0fab649d47045517cf7cae03d653a4dcb3b8 Author: Peng Li Date: Thu Jul 4 14:04:26 2019 + net: hns3: add default value for tc_size and tc_offset bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15cc0685e0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=17cc0685e0 console output: https://syzkaller.appspot.com/x/log.txt?x=13cc0685e0 kernel config: https://syzkaller.appspot.com/x/.config?x=cfbb8fa33f49f9f3 dashboard link: https://syzkaller.appspot.com/bug?extid=8b5f151de2f35100bbc5 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12e22559e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16056faee0 Reported-by: syzbot+8b5f151de2f35100b...@syzkaller.appspotmail.com Fixes: 354d0fab649d ("net: hns3: add default value for tc_size and tc_offset") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ipmac_ext_cleanup
syzbot has bisected this bug to: commit ff95bf28c23490584b9d75913a520bb7bb1f2ecb Author: Po-Hsu Lin Date: Mon Jul 1 04:40:31 2019 + selftests/net: skip psock_tpacket test if KALLSYMS was not enabled bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17e2e966e0 start commit: 8f8972a3 Merge tag 'mtd/fixes-for-5.5-rc7' of git://git.ke.. git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=1412e966e0 console output: https://syzkaller.appspot.com/x/log.txt?x=1012e966e0 kernel config: https://syzkaller.appspot.com/x/.config?x=d9290aeb7e6cf1c4 dashboard link: https://syzkaller.appspot.com/bug?extid=33fc3ad6fa11675e1a7e userspace arch: i386 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15982cc9e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11be38d6e0 Reported-by: syzbot+33fc3ad6fa11675e1...@syzkaller.appspotmail.com Fixes: ff95bf28c234 ("selftests/net: skip psock_tpacket test if KALLSYMS was not enabled") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ipmac_gc
syzbot has bisected this bug to: commit 0d581ba311a27762fe1a14e5db5f65d225b3d844 Author: Yonglong Liu Date: Wed Jul 3 11:12:30 2019 + net: hns: add support for vlan TSO bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16d5dfaee0 start commit: def9d278 Linux 5.5-rc7 git tree: upstream final crash:https://syzkaller.appspot.com/x/report.txt?x=15d5dfaee0 console output: https://syzkaller.appspot.com/x/log.txt?x=11d5dfaee0 kernel config: https://syzkaller.appspot.com/x/.config?x=cf8e23e40aba dashboard link: https://syzkaller.appspot.com/bug?extid=c1a1fb435465986efe35 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=153ac495e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=153471d1e0 Reported-by: syzbot+c1a1fb435465986ef...@syzkaller.appspotmail.com Fixes: 0d581ba311a2 ("net: hns: add support for vlan TSO") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_ip_ext_cleanup
syzbot has bisected this bug to: commit d68dbb0c9ac8b1ff52eb09aa58ce6358400fa939 Author: Christian Brauner Date: Thu Jun 20 23:26:35 2019 + arch: handle arches who do not yet define clone3 bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1456fed1e0 start commit: 09d4f10a net: sched: act_ctinfo: fix memory leak git tree: net final crash:https://syzkaller.appspot.com/x/report.txt?x=1656fed1e0 console output: https://syzkaller.appspot.com/x/log.txt?x=1256fed1e0 kernel config: https://syzkaller.appspot.com/x/.config?x=7e89bd00623fe71e dashboard link: https://syzkaller.appspot.com/bug?extid=6491ea8f6dddbf04930e syz repro: https://syzkaller.appspot.com/x/repro.syz?x=141af959e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1067fa85e0 Reported-by: syzbot+6491ea8f6dddbf049...@syzkaller.appspotmail.com Fixes: d68dbb0c9ac8 ("arch: handle arches who do not yet define clone3") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: use-after-free Read in bitmap_ip_ext_cleanup
syzbot has bisected this bug to: commit 3d26eb8ad1e9b906433903ce05f775cf038e747f Author: Nikolay Aleksandrov Date: Tue Jul 2 12:00:20 2019 + net: bridge: don't cache ether dest pointer on input bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17bb1cc9e0 start commit: 9aaa2949 Merge branch '1GbE' of git://git.kernel.org/pub/s.. git tree: net-next final crash:https://syzkaller.appspot.com/x/report.txt?x=147b1cc9e0 console output: https://syzkaller.appspot.com/x/log.txt?x=107b1cc9e0 kernel config: https://syzkaller.appspot.com/x/.config?x=66d8660c57ff3c98 dashboard link: https://syzkaller.appspot.com/bug?extid=b554d01b6c7870b17da2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15db12a5e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15316faee0 Reported-by: syzbot+b554d01b6c7870b17...@syzkaller.appspotmail.com Fixes: 3d26eb8ad1e9 ("net: bridge: don't cache ether dest pointer on input") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: KASAN: slab-out-of-bounds Read in bitmap_port_ext_cleanup
syzbot has bisected this bug to: commit 2f9b0d93a9d3ec64558537ab5d7cff820886afa4 Author: Keerthy Date: Mon Jun 24 05:16:19 2019 + net: ethernet: ti: cpsw: Fix suspend/resume break bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17fcf959e0 start commit: e02d9c4c Merge branch 'bnxt_en-fixes' git tree: net final crash:https://syzkaller.appspot.com/x/report.txt?x=1402f959e0 console output: https://syzkaller.appspot.com/x/log.txt?x=1002f959e0 kernel config: https://syzkaller.appspot.com/x/.config?x=7e89bd00623fe71e dashboard link: https://syzkaller.appspot.com/bug?extid=7b6206fb525c1f5ec3f8 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16551cc9e0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14a04966e0 Reported-by: syzbot+7b6206fb525c1f5ec...@syzkaller.appspotmail.com Fixes: 2f9b0d93a9d3 ("net: ethernet: ti: cpsw: Fix suspend/resume break") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: Re: WARNING: bad unlock balance in __dev_queue_xmit
#syz dup: WARNING: bad unlock balance in sch_direct_xmit Your 'dup:' command is accepted, but please keep syzkaller-b...@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.