On Sun, Dec 17, 2017 at 01:56:01AM -0800, syzbot wrote: > Hello, > > syzkaller hit the following crash on > 41d8c16909ebda40f7b4982a7f5e2ad102705ade > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached > Raw console output is attached. > C reproducer is attached > syzkaller reproducer is attached. See https://goo.gl/kgGztJ > for information about syzkaller reproducers > > > RBP: 0000000000000008 R08: 0000000000000001 R09: 0000000000000034 > R10: 0000000000000000 R11: 0000000000000246 R12: 0000000030657267 > R13: 74656e2f7665642f R14: 0000000000000000 R15: 0000000000000000 > INFO: trying to register non-static key. > the code is fine but needs lockdep annotation. > turning off the locking correctness validator. > CPU: 1 PID: 3119 Comm: syzkaller228956 Not tainted 4.15.0-rc3-next-20171213+ > #66 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:17 [inline] > dump_stack+0xe9/0x14b lib/dump_stack.c:53 > register_lock_class+0x164/0x5d0 kernel/locking/lockdep.c:752 > __lock_acquire+0xb4/0x1430 kernel/locking/lockdep.c:3314 > lock_acquire+0xbf/0x220 kernel/locking/lockdep.c:3914 > __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] > _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 > spin_lock_bh include/linux/spinlock.h:315 [inline] > ptr_ring_consume_bh include/linux/ptr_ring.h:349 [inline] > skb_array_consume_bh include/linux/skb_array.h:136 [inline] > pfifo_fast_reset+0x9a/0x1b0 net/sched/sch_generic.c:662 > qdisc_destroy+0x94/0x210 net/sched/sch_generic.c:896 > qdisc_create_dflt+0xa6/0xb0 net/sched/sch_generic.c:840 > mq_init+0x105/0x150 net/sched/sch_mq.c:61 > qdisc_create_dflt+0x60/0xb0 net/sched/sch_generic.c:837 > attach_default_qdiscs net/sched/sch_generic.c:972 [inline] > dev_activate+0x363/0x3b0 net/sched/sch_generic.c:1011 > __dev_open+0x119/0x180 net/core/dev.c:1389 > __dev_change_flags+0x218/0x270 net/core/dev.c:6836 > dev_change_flags+0x30/0x70 net/core/dev.c:6905 > dev_ifsioc+0x3c2/0x520 net/core/dev_ioctl.c:257 > dev_ioctl+0x15d/0x7a0 net/core/dev_ioctl.c:566 > sock_do_ioctl+0x59/0x60 net/socket.c:971 > sock_ioctl+0x211/0x320 net/socket.c:1061 > vfs_ioctl fs/ioctl.c:46 [inline] > do_vfs_ioctl+0xaf/0x840 fs/ioctl.c:686 > SYSC_ioctl fs/ioctl.c:701 [inline] > SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692 > entry_SYSCALL_64_fastpath+0x1f/0x96 > RIP: 0033:0x4444b9 > RSP: 002b:00007ffcad5a5418 > > > --- > This bug is generated by a dumb bot. It may contain errors. > See https://goo.gl/tpsmEJ for details. > Direct all questions to syzkal...@googlegroups.com. > Please credit me with: Reported-by: syzbot <syzkal...@googlegroups.com> > > syzbot will keep track of this bug report. > Once a fix for this bug is merged into any tree, reply to this email with: > #syz fix: exact-commit-title
No longer occurring, seems to have been fixed by commit 1df94c3c5dadb: #syz fix: net_sched: properly check for empty skb array on error path - Eric