syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in __sk_destruct

Status: fixed on 2024/04/12 05:52
Subsystems: batman fs
[Documentation on labels]
Fix commit: 2a750d6a5b36 rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
First crash: 61d, last: 28d

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2431 at lib/ref_tracker.c:228 ref_tracker_free+0x5fe/0x7e0 lib/ref_tracker.c:228
Modules linked in:
CPU: 0 PID: 2431 Comm: kworker/u8:7 Not tainted 6.8.0-syzkaller-05204-g237bb5f7f7f5 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Workqueue: bat_events batadv_nc_worker
RIP: 0010:ref_tracker_free+0x5fe/0x7e0 lib/ref_tracker.c:228
Code: 00 78 01 8c e8 73 e5 8e 06 43 0f b6 04 3e 84 c0 0f 85 ca 01 00 00 41 8b 7d 00 e8 4d dc ff ff e9 7c ff ff ff e8 43 e7 b6 fc 90 <0f> 0b 90 4d 85 e4 0f 85 c1 fa ff ff 4c 8b 64 24 08 4d 8d 74 24 48
RSP: 0000:ffffc90000007b20 EFLAGS: 00010246
RAX: ffffffff84de092d RBX: 0000000000000001 RCX: ffff888029323c00
RDX: 0000000080000101 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90000007c50 R08: ffffffff84de03e5 R09: 0000000000000000
R10: ffffc90000007b60 R11: fffff52000000f7c R12: ffff88801f3e1ef8
R13: 1ffff92000000f68 R14: ffffc90000007b60 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f1e65daf8e5 CR3: 000000000df32000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 __netns_tracker_free include/net/net_namespace.h:348 [inline]
 __sk_destruct+0x4fd/0x5f0 net/core/sock.c:2206
 rcu_do_batch kernel/rcu/tree.c:2196 [inline]
 rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471
 __do_softirq+0x2bc/0x943 kernel/softirq.c:554
 do_softirq+0x11b/0x1e0 kernel/softirq.c:455
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 batadv_nc_purge_paths+0x30f/0x3b0 net/batman-adv/network-coding.c:471
 batadv_nc_worker+0x328/0x610 net/batman-adv/network-coding.c:720
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243
 </TASK>

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/29 10:30 net-next 237bb5f7f7f5 c52bcb23 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce WARNING in __sk_destruct
2024/02/26 01:29 net-next d662c5b3ce6d 8d446f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-net-next-test-gce WARNING in __sk_destruct
* Struck through repros no longer work on HEAD.