syzbot


WARNING: ODEBUG bug in nci_free_device

Status: upstream: reported on 2022/11/14 09:45
Reported-by: syzbot+c8ba0eb624e8efbb37a1@syzkaller.appspotmail.com
First crash: 13d, last: 4d20h

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 31815 at lib/debugobjects.c:502 debug_print_object+0xb0/0xc4 lib/debugobjects.c:502
ODEBUG: free active (active state 0) object type: timer_list hint: nci_cmd_timer+0x0/0x2c net/nfc/nci/core.c:625
Modules linked in:
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 31815 Comm: syz-executor.1 Not tainted 6.1.0-rc6-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<81751604>] (dump_backtrace) from [<817516f8>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:253)
 r7:81cf8970 r6:822228ec r5:60000093 r4:81d06d58
[<817516e0>] (show_stack) from [<8176d3c0>] (__dump_stack lib/dump_stack.c:88 [inline])
[<817516e0>] (show_stack) from [<8176d3c0>] (dump_stack_lvl+0x48/0x54 lib/dump_stack.c:106)
[<8176d378>] (dump_stack_lvl) from [<8176d3e4>] (dump_stack+0x18/0x1c lib/dump_stack.c:113)
 r5:00000000 r4:82445d14
[<8176d3cc>] (dump_stack) from [<817522a0>] (panic+0x11c/0x360 kernel/panic.c:274)
[<81752184>] (panic) from [<80241604>] (__warn+0x98/0x1a4 kernel/panic.c:621)
 r3:00000001 r2:00000000 r1:00000000 r0:81cf8970
 r7:807a8a7c
[<8024156c>] (__warn) from [<81752580>] (warn_slowpath_fmt+0x9c/0xd4 kernel/panic.c:651)
 r8:00000009 r7:807a8a7c r6:000001f6 r5:81d50c48 r4:81d50c08
[<817524e8>] (warn_slowpath_fmt) from [<807a8a7c>] (debug_print_object+0xb0/0xc4 lib/debugobjects.c:502)
 r8:81804850 r7:81d1dc04 r6:84e4bb40 r5:824c92cc r4:8220cd94
[<807a89cc>] (debug_print_object) from [<807aa1e4>] (__debug_check_no_obj_freed lib/debugobjects.c:989 [inline])
[<807a89cc>] (debug_print_object) from [<807aa1e4>] (debug_check_no_obj_freed+0x1e8/0x230 lib/debugobjects.c:1020)
 r8:81804850 r7:00000122 r6:88eb3800 r5:88eb3830 r4:84e4bb40
[<807a9ffc>] (debug_check_no_obj_freed) from [<804822b8>] (slab_free_hook mm/slub.c:1699 [inline])
[<807a9ffc>] (debug_check_no_obj_freed) from [<804822b8>] (slab_free_freelist_hook mm/slub.c:1750 [inline])
[<807a9ffc>] (debug_check_no_obj_freed) from [<804822b8>] (slab_free mm/slub.c:3661 [inline])
[<807a9ffc>] (debug_check_no_obj_freed) from [<804822b8>] (__kmem_cache_free+0x16c/0x340 mm/slub.c:3674)
 r10:5ac3c35a r9:00000000 r8:85126550 r7:816deedc r6:ddf3a0c0 r5:88eb3800
 r4:82801600
[<8048214c>] (__kmem_cache_free) from [<80426258>] (kfree+0x6c/0x158 mm/slab_common.c:1007)
 r10:5ac3c35a r9:7efffd08 r8:85126550 r7:83a3be50 r6:816deedc r5:ddf3a0c0
 r4:88eb3800
[<804261ec>] (kfree) from [<816deedc>] (nci_free_device+0x2c/0x30 net/nfc/nci/core.c:1205)
 r7:83a3be50 r6:834fa908 r5:000e001b r4:88eb3800
[<816deeb0>] (nci_free_device) from [<809f5984>] (virtual_ncidev_close+0x6c/0x7c drivers/nfc/virtual_ncidev.c:167)
 r5:000e001b r4:824fa0e4
[<809f5918>] (virtual_ncidev_close) from [<804a9d54>] (__fput+0x84/0x264 fs/file_table.c:320)
 r5:000e001b r4:83355f00
[<804a9cd0>] (__fput) from [<804a9fb0>] (____fput+0x10/0x14 fs/file_table.c:348)
 r9:7efffd08 r8:851eefc4 r7:824465dc r6:851ee780 r5:851eef94 r4:00000000
[<804a9fa0>] (____fput) from [<8026618c>] (task_work_run+0x8c/0xb4 kernel/task_work.c:179)
[<80266100>] (task_work_run) from [<8020c070>] (resume_user_mode_work include/linux/resume_user_mode.h:49 [inline])
[<80266100>] (task_work_run) from [<8020c070>] (do_work_pending+0x420/0x524 arch/arm/kernel/signal.c:630)
 r9:7efffd08 r8:80200288 r7:fffffe30 r6:80200288 r5:ebd8dfb0 r4:851ee780
[<8020bc50>] (do_work_pending) from [<80200088>] (slow_work_pending+0xc/0x20)
Exception stack(0xebd8dfb0 to 0xebd8dff8)
dfa0:                                     00000000 00000002 00000000 00000003
dfc0: 00000004 00eb14c0 00000000 00000006 00140000 000003e8 0014c550 0014c550
dfe0: 2ce60000 7e806400 0002a428 0002a8e4 80000010 00000003
 r10:00000006 r9:851ee780 r8:80200288 r7:00000006 r6:00000000 r5:00eb14c0
 r4:00000004
Rebooting in 86400 seconds..

Crashes (9):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu2-arm32 2022/11/22 06:26 upstream eb7081409f94 1c576c23 .config log report info WARNING: ODEBUG bug in nci_free_device
ci-qemu2-arm32 2022/11/21 17:37 upstream eb7081409f94 f9a97739 .config log report info WARNING: ODEBUG bug in nci_free_device
ci-qemu2-arm32 2022/11/20 06:52 upstream b6e7fdfd6f6a 5bb70014 .config log report info WARNING: ODEBUG bug in nci_free_device
ci-qemu2-arm32 2022/11/19 21:06 upstream fe24a97cf254 5bb70014 .config log report info WARNING: ODEBUG bug in nci_free_device
ci-qemu2-arm32 2022/11/19 18:49 upstream fe24a97cf254 5bb70014 .config log report info WARNING: ODEBUG bug in nci_free_device
ci-qemu2-arm32 2022/11/19 05:21 upstream 950a9f564aea 5bb70014 .config log report info WARNING: ODEBUG bug in nci_free_device
ci-qemu2-arm32 2022/11/16 07:27 upstream 81e7cfa3a9eb bfcab33d .config log report info WARNING: ODEBUG bug in nci_free_device
ci-qemu2-arm32 2022/11/14 02:07 upstream af7a05689189 7ba4d859 .config log report info WARNING: ODEBUG bug in nci_free_device
ci-upstream-gce-arm64 2022/11/16 14:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9500fc6e9e60 3a127a31 .config log report info WARNING: ODEBUG bug in nci_free_device
* Struck through repros no longer work on HEAD.