syzbot

 sign-in | mailing list | source | docs
🐞 Open [1630]
Subsystems
🐞 Fixed [6115]
🐞 Invalid [15333]
Missing Backports [170]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING in hrtimer_forward

Status: fixed on 2022/03/08 16:11
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+ca740b95a16399ceb9a5@syzkaller.appspotmail.com
Fix commit: 313bbd1990b6 mac80211-hwsim: fix late beacon hrtimer handling
First crash: 1647d, last: 1162d
Cause bisection: introduced by (bisect log) :
commit 0e7bbcc104baaade4f64205e9706b7d43c46db7d
Author: Julian Anastasov <ja@ssi.bg>
Date: Wed Jul 27 06:56:50 2016 +0000

  neigh: allow admin to set NUD_STALE

Crash: UBSAN: undefined-behaviour in ip_idents_reserve (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 313bbd1990b6ddfdaa7da098d0c56b098a833572
Author: Johannes Berg <johannes.berg@intel.com>
Date: Wed Sep 15 09:29:37 2021 +0000

  mac80211-hwsim: fix late beacon hrtimer handling

  
Discussions (4)
Title Replies (including bot) Last reply
WARNING in hrtimer_forward 2 (6) 2021/12/04 10:19
Re: WARNING in hrtimer_forward 2 (2) 2020/09/30 07:26
Re: [PATCH] mac80211_hwsim: close the race between running and enqueuing hrtimer 1 (1) 2020/09/29 19:28
Re: WARNING in hrtimer_forward 1 (1) 2020/09/28 14:18
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in hrtimer_forward (2) kernel 1 359d 355d 0/28 auto-obsoleted due to no activity on 2024/07/14 02:37
upstream WARNING in hrtimer_forward (3) kernel 3 143d 237d 28/28 fixed on 2024/12/16 09:50

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at kernel/time/hrtimer.c:1047 hrtimer_forward+0x1e3/0x270 kernel/time/hrtimer.c:1047
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.0-rc2-next-20210922-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:hrtimer_forward+0x1e3/0x270 kernel/time/hrtimer.c:1047
Code: e5 4d 0f 4e ec e8 cd 9f 10 00 4c 89 6b 20 e8 c4 9f 10 00 4c 89 f0 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ad 9f 10 00 <0f> 0b 45 31 f6 eb dd e8 a1 9f 10 00 4c 89 e0 48 8b 3c 24 48 99 48
RSP: 0018:ffffc90000007dc8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888079d1efe0 RCX: 0000000000000100
RDX: ffffffff8b6bc680 RSI: ffffffff8165a223 RDI: 0000000000000003
RBP: 00000000061a8000 R08: 0000000000000000 R09: 0000000000000001
R10: ffffffff8165a0d8 R11: 0000000000000000 R12: 0000000000000000
R13: 000000e747c0ff3d R14: 0000000000000001 R15: ffffffff85348070
FS:  0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffed2db7960 CR3: 000000000b68e000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 mac80211_hwsim_beacon+0x159/0x1a0 drivers/net/wireless/mac80211_hwsim.c:1870
 __run_hrtimer kernel/time/hrtimer.c:1685 [inline]
 __hrtimer_run_queues+0x609/0xe50 kernel/time/hrtimer.c:1749
 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1766
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 invoke_softirq kernel/softirq.c:432 [inline]
 __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637
 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1097
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:132 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:110 [inline]
RIP: 0010:acpi_idle_do_entry+0x1c6/0x250 drivers/acpi/processor_idle.c:553
Code: 89 de e8 dd 28 41 f8 84 db 75 ac e8 94 22 41 f8 e8 bf 4d 47 f8 eb 0c e8 88 22 41 f8 0f 00 2d f1 c8 ba 00 e8 7c 22 41 f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 c7 27 41 f8 48 85 db
RSP: 0018:ffffffff8b607d60 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff8b6bc680 RSI: ffffffff89351f54 RDI: 0000000000000000
RBP: ffff888016280864 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff817c6d38 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888016280800 R14: ffff888016280864 R15: ffff8881415c5004
 acpi_idle_enter+0x361/0x500 drivers/acpi/processor_idle.c:688
 cpuidle_enter_state+0x1b1/0xc80 drivers/cpuidle/cpuidle.c:237
 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:351
 call_cpuidle kernel/sched/idle.c:158 [inline]
 cpuidle_idle_call kernel/sched/idle.c:239 [inline]
 do_idle+0x3e8/0x590 kernel/sched/idle.c:306
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:403
 start_kernel+0x47a/0x49b init/main.c:1144
 secondary_startup_64_no_verify+0xb0/0xbb
 </TASK>
----------------
Code disassembly (best guess):
   0:	89 de                	mov    %ebx,%esi
   2:	e8 dd 28 41 f8       	callq  0xf84128e4
   7:	84 db                	test   %bl,%bl
   9:	75 ac                	jne    0xffffffb7
   b:	e8 94 22 41 f8       	callq  0xf84122a4
  10:	e8 bf 4d 47 f8       	callq  0xf8474dd4
  15:	eb 0c                	jmp    0x23
  17:	e8 88 22 41 f8       	callq  0xf84122a4
  1c:	0f 00 2d f1 c8 ba 00 	verw   0xbac8f1(%rip)        # 0xbac914
  23:	e8 7c 22 41 f8       	callq  0xf84122a4
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	9c                   	pushfq <-- trapping instruction
  2b:	5b                   	pop    %rbx
  2c:	81 e3 00 02 00 00    	and    $0x200,%ebx
  32:	fa                   	cli
  33:	31 ff                	xor    %edi,%edi
  35:	48 89 de             	mov    %rbx,%rsi
  38:	e8 c7 27 41 f8       	callq  0xf8412804
  3d:	48 85 db             	test   %rbx,%rbx

Crashes (217):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/09/23 06:15 linux-next e90f9946ba28 8cac236e .config console log report syz C ci-upstream-linux-next-kasan-gce-root WARNING in hrtimer_forward
2020/09/27 00:38 bpf-next ba5f4cfeac77 2d5ea0cb .config console log report syz C ci-upstream-bpf-next-kasan-gce
2020/12/03 02:53 linux-next 0eedceafd3a6 8c9190ef .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/11/17 11:58 upstream 9c87c9f41245 1bf9a662 .config console log report syz ci-upstream-kasan-gce-smack-root
2020/10/10 10:20 net-old 923527dcb4d1 93817d89 .config console log report syz ci-upstream-net-this-kasan-gce
2022/01/22 17:37 upstream 1c52283265a4 214351e1 .config console log report info ci-qemu-upstream WARNING in hrtimer_forward
2021/09/27 12:09 upstream 5816b3e6577e 78494d16 .config console log report info ci-upstream-kasan-gce-selinux-root WARNING in hrtimer_forward
2021/09/19 23:13 upstream bc1abb9e55ce 70b76c1d .config console log report info ci-upstream-kasan-gce-selinux-root WARNING in hrtimer_forward
2021/08/03 02:01 upstream c500bee1c5b2 6c236867 .config console log report info ci-upstream-kasan-gce WARNING in hrtimer_forward
2021/07/22 14:36 upstream 3d5895cd3517 241790bb .config console log report info ci-qemu-upstream WARNING in hrtimer_forward
2021/07/14 17:28 upstream 8096acd7442e 94e0b707 .config console log report info ci-upstream-kasan-gce WARNING in hrtimer_forward
2021/06/24 05:43 upstream 7266f2030eb0 fe4ab389 .config console log report info ci-upstream-kasan-gce-smack-root WARNING in hrtimer_forward
2021/12/27 09:58 upstream fc74e0a40e4f e4f103c4 .config console log report info ci-qemu-upstream-386 WARNING in hrtimer_forward
2021/12/27 05:37 upstream fc74e0a40e4f e4f103c4 .config console log report info ci-qemu-upstream-386 WARNING in hrtimer_forward
2021/11/11 09:26 upstream debe436e77c7 75b04091 .config console log report info ci-qemu-upstream-386 WARNING in hrtimer_forward
2021/07/16 10:35 upstream dd9c7df94c1b f115ae98 .config console log report info ci-qemu-upstream-386 WARNING in hrtimer_forward
2021/04/15 22:48 upstream 7e25f40eab52 c59079a6 .config console log report info ci-upstream-kasan-gce-386 WARNING in hrtimer_forward
2021/09/28 11:33 bpf 2248c2fca9c2 78494d16 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/09/14 05:40 bpf 57f780f1c433 58d09404 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/09/07 03:55 bpf 57f780f1c433 6ca60148 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/08/27 15:29 bpf 5b029a32cfe4 b318694d .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/08/25 21:07 bpf 5b029a32cfe4 b599f2fc .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/08/18 12:42 bpf 3776f3517ed9 a2fe1cb5 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/08/14 12:35 bpf 3776f3517ed9 2489ab88 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/08/14 08:36 bpf 3776f3517ed9 2489ab88 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/08/13 01:10 bpf 2d3a1e3615c5 3fd2ea69 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/08/11 15:37 bpf 519133debcc1 6972b106 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/31 16:56 bpf b4f0c24a5eaf 6c236867 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/30 17:35 bpf b4f0c24a5eaf 6c236867 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/26 22:16 bpf d6371c76e20d fd511809 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/20 15:30 bpf d6371c76e20d 1b201b48 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/16 23:12 bpf 20192d9c9f6a f115ae98 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/16 22:03 bpf 20192d9c9f6a f115ae98 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/12 01:51 bpf 5d52c906f059 8f5a7b8c .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/11 03:32 bpf 5d52c906f059 8f5a7b8c .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/10 11:39 bpf 5d52c906f059 8f5a7b8c .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/10 07:47 bpf 5d52c906f059 8f5a7b8c .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/09 03:18 bpf aa80a10c008c 1b20171a .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/09 02:13 bpf aa80a10c008c 1b20171a .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/07 14:40 bpf af0efa050caa 4846d5c1 .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/07/06 15:29 bpf 2620e92ae6ed 6c4484eb .config console log report info ci-upstream-bpf-kasan-gce WARNING in hrtimer_forward
2021/10/04 03:26 bpf-next d636c8da2d60 db0f5787 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/30 19:16 bpf-next 161ecd537948 be530f6c .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/30 15:59 bpf-next 161ecd537948 be530f6c .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/21 13:30 bpf-next 97c140d94e2e 169724fe .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/15 16:15 bpf-next 67dfac47dac6 07e953c1 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/08 06:58 bpf-next 27151f177827 064c9eb7 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/02 17:20 bpf-next a16ef91aa61a 15cea0a3 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/02 07:25 bpf-next a16ef91aa61a 7eb7e152 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/09/01 18:41 bpf-next a16ef91aa61a 7eb7e152 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/08/27 06:59 bpf-next 48b2e71c2e53 b318694d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/08/26 02:22 bpf-next 3bbc8ee7c363 b599f2fc .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/08/22 03:11 bpf-next f2a6ee924d26 b599f2fc .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/08/10 01:29 bpf-next c83ae15dc947 6972b106 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/08/01 15:00 bpf-next ab0720ce227c 6c236867 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/07/25 03:10 bpf-next 2b7e9f25e590 4d1b57d4 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/07/21 20:02 bpf-next 807b8f0e24e6 29c3f20f .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/07/17 14:18 bpf-next 78e4a955928e f115ae98 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/07/11 20:36 bpf-next eff94154cc1a 8f5a7b8c .config console log report info ci-upstream-bpf-next-kasan-gce WARNING in hrtimer_forward
2021/08/15 14:13 linux-next 4b358aabb93a 2489ab88 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING in hrtimer_forward
2020/11/08 04:16 upstream 4429f14aeea9 64069d48 .config console log report info ci-upstream-kasan-gce-root
2021/01/05 17:39 bpf 04901aab40ea a0234d98 .config console log report info ci-upstream-bpf-kasan-gce
2020/09/25 00:23 bpf 1245008122d7 54289b08 .config console log report info ci-upstream-bpf-kasan-gce
* Struck through repros no longer work on HEAD.