syzbot

 sign-in | mailing list | source | docs
🐞 Open [1413]
Subsystems
🐞 Fixed [5827]
🐞 Invalid [14217]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

WARNING in free_bprm

Status: moderation: reported on 2024/10/24 12:28
Subsystems: fs mm
[Documentation on labels]
Reported-by: syzbot+e84481166c30cf884641@syzkaller.appspotmail.com
First crash: 31d, last: 31d

Sample crash report:
NET: Registered PF_VSOCK protocol family
mpls_gso: MPLS GSO support
registered taskstats version 1
Loading compiled-in X.509 certificates
Loaded X.509 cert 'Build time autogenerated kernel key: 5ad8c79c50636cf058dc30d6db34f1f65627fcf2'
zswap: loaded using pool 842/z3fold
Demotion targets for Node 0: null
debug_vm_pgtable: [debug_vm_pgtable         ]: Validating architecture page table helpers
page_owner is disabled
Key type .fscrypt registered
Key type fscrypt-provisioning registered
kAFS: Red Hat AFS client v0.1 registering.
Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
Key type big_key registered
Key type encrypted registered
ima: No TPM chip found, activating TPM-bypass!
Loading compiled-in module X.509 certificates
Loaded X.509 cert 'Build time autogenerated kernel key: 5ad8c79c50636cf058dc30d6db34f1f65627fcf2'
ima: Allocated hash algorithm: sha256
ima: No architecture policies found
evm: Initialising EVM extended attributes:
evm: security.selinux (disabled)
evm: security.SMACK64
evm: security.SMACK64EXEC
evm: security.SMACK64TRANSMUTE
evm: security.SMACK64MMAP
evm: security.apparmor (disabled)
evm: security.ima
evm: security.capability
evm: HMAC attrs: 0x1
printk: legacy console [netcon0] enabled
netconsole: network logging started
gtp: GTP module loaded (pdp ctx size 128 bytes)
rdma_rxe: loaded
cfg80211: Loading compiled-in X.509 certificates for regulatory database
Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
clk: Disabling unused clocks
PM: genpd: Disabling unused power domains
ALSA device list:
  #0: Dummy 1
  #1: Loopback 1
  #2: Virtual MIDI Card 1
md: Skipping autodetection of RAID arrays. (raid=autodetect will force)
EXT4-fs (nvme0n1p2): mounted filesystem 77f159ba-7156-481d-a942-687645b0ff99 ro with ordered data mode. Quota mode: none.
VFS: Mounted root (ext4 filesystem) readonly on device 259:2.
devtmpfs: mounted
Freeing unused kernel memory: 4480K
Run /sbin/init as init process
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 kunwind_next_frame_record_meta arch/arm64/kernel/stacktrace.c:216 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 arch_stack_walk+0x458/0x48c arch/arm64/kernel/stacktrace.c:404
Modules linked in:
CPU: 0 UID: 0 PID: 1 Comm: init Not tainted 6.12.0-rc3-syzkaller-g9ec59cb3edc7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kunwind_next_frame_record_meta arch/arm64/kernel/stacktrace.c:216 [inline]
pc : kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline]
pc : kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline]
pc : do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline]
pc : kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline]
pc : arch_stack_walk+0x458/0x48c arch/arm64/kernel/stacktrace.c:404
lr : 0x0
sp : ffff8000978078e0
x29: ffff800097807990 x28: ffff80008b6df640 x27: 0000000000000000
x26: ffff0000c0001c9c x25: 0000000000212008 x24: dfff800000000000
x23: ffff700012f00f38 x22: ffff800097807a80 x21: ffff8000978078f8
x20: ffff800080462114 x19: ffff8000978079e0 x18: ffff8000978078c0
x17: 0000000000008653 x16: ffff80008b490b1c x15: 0000000000000001
x14: 1ffff00012eb0d53 x13: ffff800097807ff0 x12: ffff800097808000
x11: 0000000000000000 x10: ffff0000c1978000 x9 : ffff800097807e9f
x8 : ffff800097807fd8 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000000
x2 : ffff0000c1978000 x1 : ffff800080029c40 x0 : 0000000000000001
Call trace:
 kunwind_next_frame_record_meta arch/arm64/kernel/stacktrace.c:216 [inline] (P)
 kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline] (P)
 kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline] (P)
 do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline] (P)
 kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline] (P)
 arch_stack_walk+0x458/0x48c arch/arm64/kernel/stacktrace.c:404 (P)
 0x0 (L)
 stack_trace_save+0xfc/0x1a0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:68
 kasan_save_free_info+0x54/0x6c mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x64/0x8c mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kfree+0x184/0x47c mm/slub.c:4727
 free_bprm+0x270/0x2b4 fs/exec.c:1500
 kernel_execve+0x730/0x820 fs/exec.c:2014
 run_init_process+0x1bc/0x1ec init/main.c:1390
 try_to_run_init_process init/main.c:1397 [inline]
 kernel_init+0xdc/0x2a0 init/main.c:1525
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline]
WARNING: CPU: 0 PID: 1 at arch/arm64/kernel/stacktrace.c:223 dump_backtrace+0x980/0x9b0 arch/arm64/kernel/stacktrace.c:477
Modules linked in:
CPU: 0 UID: 0 PID: 1 Comm: init Not tainted 6.12.0-rc3-syzkaller-g9ec59cb3edc7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 804003c5 (Nzcv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline]
pc : kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline]
pc : do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline]
pc : kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline]
pc : dump_backtrace+0x980/0x9b0 arch/arm64/kernel/stacktrace.c:477
lr : kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline]
lr : kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline]
lr : do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline]
lr : kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline]
lr : dump_backtrace+0x980/0x9b0 arch/arm64/kernel/stacktrace.c:477
sp : ffff800097807380
x29: ffff800097807440 x28: ffff80008f81b770 x27: ffff8000978073a0
x26: ffff800097808000 x25: 0000000000000000 x24: ffff800097807e9f
x23: ffff800097807fd8 x22: ffff8000978073a0 x21: ffff80008b5a7ad8
x20: ffff80008b5a4a20 x19: ffff0000c1978000 x18: 0000000000000008
x17: 0000000000000000 x16: ffff80008b3ca11c x15: ffff700011f0d634
x14: 0000000000000000 x13: 0000000000000002 x12: ffff0000c1978000
x11: 0000000000ff0100 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : ffff0000c1978000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800097806a78 x4 : ffff80008f8dd8a0 x3 : ffff800080396c78
x2 : 0000000000000000 x1 : ffff80008f81b7b0 x0 : 0000000000000000
Call trace:
 kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline] (P)
 kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline] (P)
 do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline] (P)
 kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline] (P)
 dump_backtrace+0x980/0x9b0 arch/arm64/kernel/stacktrace.c:477 (P)
 kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline] (L)
 kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline] (L)
 do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline] (L)
 kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline] (L)
 dump_backtrace+0x980/0x9b0 arch/arm64/kernel/stacktrace.c:477 (L)
 show_regs+0x34/0x44 arch/arm64/kernel/process.c:248
 __warn+0x134/0x6b8 kernel/panic.c:746
 __report_bug lib/bug.c:199 [inline]
 report_bug+0x298/0x5b0 lib/bug.c:219
 bug_handler+0x50/0x1fc arch/arm64/kernel/traps.c:1010
 call_break_hook arch/arm64/kernel/debug-monitors.c:319 [inline]
 brk_handler+0x17c/0x2e0 arch/arm64/kernel/debug-monitors.c:326
 do_debug_exception+0x1e4/0x398 arch/arm64/mm/fault.c:1002
 el1_dbg+0x64/0x80 arch/arm64/kernel/entry-common.c:490
 el1h_64_sync_handler+0x40/0xcc arch/arm64/kernel/entry-common.c:536
 el1h_64_sync+0x6c/0x70 arch/arm64/kernel/entry.S:595
 kunwind_next_frame_record_meta arch/arm64/kernel/stacktrace.c:216 [inline] (P)
 kunwind_next_frame_record arch/arm64/kernel/stacktrace.c:248 [inline] (P)
 kunwind_next arch/arm64/kernel/stacktrace.c:278 [inline] (P)
 do_kunwind arch/arm64/kernel/stacktrace.c:309 [inline] (P)
 kunwind_stack_walk arch/arm64/kernel/stacktrace.c:380 [inline] (P)
 arch_stack_walk+0x458/0x48c arch/arm64/kernel/stacktrace.c:404 (P)
 0x0 (L)
 stack_trace_save+0xfc/0x1a0 kernel/stacktrace.c:122
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x40/0x78 mm/kasan/common.c:68
 kasan_save_free_info+0x54/0x6c mm/kasan/generic.c:579
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x64/0x8c mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:230 [inline]
 slab_free_hook mm/slub.c:2342 [inline]
 slab_free mm/slub.c:4579 [inline]
 kfree+0x184/0x47c mm/slub.c:4727
 free_bprm+0x270/0x2b4 fs/exec.c:1500
 kernel_execve+0x730/0x820 fs/exec.c:2014
 run_init_process+0x1bc/0x1ec init/main.c:1390
 try_to_run_init_process init/main.c:1397 [inline]
 kernel_init+0xdc/0x2a0 init/main.c:1525
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862
irq event stamp: 1350100
hardirqs last  enabled at (1350099): [<ffff80008b5824d4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (1350099): [<ffff80008b5824d4>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (1350100): [<ffff80008b48e15c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:488
softirqs last  enabled at (1349854): [<ffff8000802089c4>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (1349854): [<ffff8000802089c4>] handle_softirqs+0xa38/0xbf8 kernel/softirq.c:582
softirqs last disabled at (1349849): [<ffff800080020db4>] __do_softirq+0x14/0x20 kernel/softirq.c:588
---[ end trace 0000000000000000 ]---
irq event stamp: 1350100
hardirqs last  enabled at (1350099): [<ffff80008b5824d4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (1350099): [<ffff80008b5824d4>] _raw_spin_unlock_irqrestore+0x38/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (1350100): [<ffff80008b48e15c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:488
softirqs last  enabled at (1349854): [<ffff8000802089c4>] softirq_handle_end kernel/softirq.c:400 [inline]
softirqs last  enabled at (1349854): [<ffff8000802089c4>] handle_softirqs+0xa38/0xbf8 kernel/softirq.c:582
softirqs last disabled at (1349849): [<ffff800080020db4>] __do_softirq+0x14/0x20 kernel/softirq.c:588
---[ end trace 0000000000000000 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/20 12:24 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9ec59cb3edc7 cd6fc0a3 .config console log report [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in free_bprm
* Struck through repros no longer work on HEAD.