syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in cbs_dequeue_soft

Status: fixed on 2019/09/16 04:41
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+cdbea9b616d35e2365ae@syzkaller.appspotmail.com
Fix commit: 1c6c09a0ae62 net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate
First crash: 1693d, last: 1685d
Cause bisection: introduced by (bisect log) :
commit e0a7683d30e91e30ee6cf96314ae58a0314a095e
Author: Leandro Dorileo <leandro.maciel.dorileo@intel.com>
Date: Mon Apr 8 17:12:18 2019 +0000

  net/sched: cbs: fix port_rate miscalculation

Crash: WARNING in cbs_dequeue_soft (log)
Repro: C syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
WARNING in cbs_dequeue_soft 1 (2) 2019/09/09 22:28

Sample crash report:
------------[ cut here ]------------
cbs: dequeue() called with unknown port rate.
WARNING: CPU: 0 PID: 8739 at net/sched/sch_cbs.c:185 cbs_dequeue_soft+0x37e/0x4b0 net/sched/sch_cbs.c:185
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8739 Comm: rsyslogd Not tainted 5.3.0-rc6-next-20190830 #75
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 panic+0x2dc/0x755 kernel/panic.c:220
 __warn.cold+0x2f/0x3c kernel/panic.c:581
 report_bug+0x289/0x300 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:cbs_dequeue_soft+0x37e/0x4b0 net/sched/sch_cbs.c:185
Code: 1d 2c b3 f5 03 31 ff 89 de e8 fe 6d a6 fb 84 db 75 1a e8 b5 6c a6 fb 48 c7 c7 80 7d 4a 88 c6 05 0c b3 f5 03 01 e8 0a bb 77 fb <0f> 0b 45 31 e4 eb b1 49 bc ff ff ff ff ff ff ff 7f 48 89 55 d0 e8
RSP: 0018:ffff8880ae8095b8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000100 RSI: ffffffff815bf786 RDI: ffffed1015d012a9
RBP: ffff8880ae809600 R08: ffff888096f925c0 R09: fffffbfff14ed341
R10: fffffbfff14ed340 R11: ffffffff8a769a07 R12: ffff8880950ec000
R13: ffff8880950ecac8 R14: 00000011e23f6fc3 R15: ffffffffffffffff
 cbs_dequeue+0x34/0x40 net/sched/sch_cbs.c:237
 dequeue_skb net/sched/sch_generic.c:258 [inline]
 qdisc_restart net/sched/sch_generic.c:361 [inline]
 __qdisc_run+0x1e7/0x19d0 net/sched/sch_generic.c:379
 __dev_xmit_skb net/core/dev.c:3533 [inline]
 __dev_queue_xmit+0x16f1/0x37c0 net/core/dev.c:3838
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902
 neigh_hh_output include/net/neighbour.h:500 [inline]
 neigh_output include/net/neighbour.h:509 [inline]
 ip6_finish_output2+0xf58/0x2550 net/ipv6/ip6_output.c:116
 __ip6_finish_output+0x444/0xaa0 net/ipv6/ip6_output.c:142
 ip6_finish_output+0x38/0x1f0 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0x235/0x7f0 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 mld_sendpack+0x9c7/0xed0 net/ipv6/mcast.c:1682
 mld_send_cr net/ipv6/mcast.c:1978 [inline]
 mld_ifc_timer_expire+0x449/0x8a0 net/ipv6/mcast.c:2477
 call_timer_fn+0x1ac/0x780 kernel/time/timer.c:1404
 expire_timers kernel/time/timer.c:1449 [inline]
 __run_timers kernel/time/timer.c:1771 [inline]
 __run_timers kernel/time/timer.c:1738 [inline]
 run_timer_softirq+0x6c0/0x17f0 kernel/time/timer.c:1784
 __do_softirq+0x262/0x98c kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x19b/0x1e0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x1a3/0x610 arch/x86/kernel/apic/apic.c:1133
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830
 </IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:756 [inline]
RIP: 0010:qlink_free mm/kasan/quarantine.c:151 [inline]
RIP: 0010:qlist_free_all+0x10c/0x150 mm/kasan/quarantine.c:167
Code: 50 08 48 8d 4a ff 83 e2 01 48 0f 45 c1 4c 8b 78 18 e9 37 ff ff ff e8 43 97 ca ff 48 83 3d 0b b2 45 07 00 74 39 48 89 df 57 9d <0f> 1f 44 00 00 4d 85 ed 75 96 49 c7 46 08 00 00 00 00 49 c7 06 00
RSP: 0018:ffff88808f14fa48 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000007 RBX: 0000000000000282 RCX: 0000000000000006
RDX: 0000000000000000 RSI: ffff888096f92e88 RDI: 0000000000000282
RBP: ffff88808f14fa78 R08: 1ffffffff14ed33d R09: fffffbfff14ed33e
R10: fffffbfff14ed33d R11: ffffffff8a7699ef R12: 0000000000000000
R13: ffff8880a7ecf280 R14: ffff88808f14fa88 R15: ffff8880aa402000
 quarantine_reduce+0x15e/0x1a0 mm/kasan/quarantine.c:260
 __kasan_kmalloc.constprop.0+0xa3/0xe0 mm/kasan/common.c:491
 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:518
 slab_post_alloc_hook mm/slab.h:584 [inline]
 slab_alloc mm/slab.c:3319 [inline]
 kmem_cache_alloc_trace+0x141/0x790 mm/slab.c:3548
 kmalloc include/linux/slab.h:556 [inline]
 syslog_print kernel/printk/printk.c:1346 [inline]
 do_syslog kernel/printk/printk.c:1519 [inline]
 do_syslog+0x5fa/0x1820 kernel/printk/printk.c:1493
 kmsg_read+0x8f/0xc0 fs/proc/kmsg.c:40
 proc_reg_read+0x1fc/0x2c0 fs/proc/inode.c:223
 __vfs_read+0x8a/0x110 fs/read_write.c:425
 vfs_read+0x1f0/0x440 fs/read_write.c:461
 ksys_read+0x14f/0x290 fs/read_write.c:587
 __do_sys_read fs/read_write.c:597 [inline]
 __se_sys_read fs/read_write.c:595 [inline]
 __x64_sys_read+0x73/0xb0 fs/read_write.c:595
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff7e7e591fd
Code: d1 20 00 00 75 10 b8 00 00 00 00 0f 05 48 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e fa ff ff 48 89 04 24 b8 00 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 a7 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ff7e53f8e30 EFLAGS: 00000293 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00000000013cb650 RCX: 00007ff7e7e591fd
RDX: 0000000000000fff RSI: 00007ff7e6c2d5a0 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00000000013b6260 R09: 0000000000000000
R10: 205b5d3534313938 R11: 0000000000000293 R12: 000000000065e420
R13: 00007ff7e53f99c0 R14: 00007ff7e849e040 R15: 0000000000000003
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/09/11 19:10 linux-next 6d028043b55e a60cb4cd .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/09/07 18:45 linux-next 6d028043b55e a60cb4cd .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/09/15 10:12 linux-next 6d028043b55e 32d59357 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/15 04:43 linux-next 6d028043b55e 32d59357 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/15 04:20 linux-next 6d028043b55e 32d59357 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/15 03:12 linux-next 6d028043b55e 32d59357 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/13 21:37 linux-next 6d028043b55e 32d59357 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/13 19:42 linux-next 6d028043b55e 32d59357 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/13 18:33 linux-next 6d028043b55e 40fa42bc .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/13 18:30 linux-next 6d028043b55e 40fa42bc .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/13 15:12 linux-next 6d028043b55e 40fa42bc .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/13 13:52 linux-next 6d028043b55e 40fa42bc .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/07 17:47 linux-next 6d028043b55e a60cb4cd .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.