syzbot


WARNING: ODEBUG bug in rt6_release

Status: public: reported C repro on 2019/11/13 01:14
Reported-by: syzbot+998a1e04ff83a86a7bf0@syzkaller.appspotmail.com
First crash: 1597d, last: 1597d

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2069 at lib/debugobjects.c:260 debug_print_object+0x181/0x210 lib/debugobjects.c:260
ODEBUG: activate active (active state 1) object type: rcu_head hint:           (null)
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 2069 Comm: syz-executor540 Not tainted 4.9.194+ #0
 ffff8801cec66590 ffffffff81b67001 ffff8801cec66600 ffffffff82a3b3c0
 00000000ffffffff 0000000000000001 0000000000000009 ffff8801cec66670
 ffffffff813fef3a 0000000041b58ab3 ffffffff82e32f55 ffffffff813fed61
Call Trace:
 [<000000008eb2c42a>] __dump_stack lib/dump_stack.c:15 [inline]
 [<000000008eb2c42a>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
 [<000000006283bf7b>] panic+0x1d9/0x3bd kernel/panic.c:180
 [<00000000db36c619>] __warn.cold+0x2f/0x2f kernel/panic.c:546
 [<000000002079bb5c>] warn_slowpath_fmt+0xc2/0x100 kernel/panic.c:569
 [<000000005dea4f44>] debug_print_object+0x181/0x210 lib/debugobjects.c:260
 [<000000001a83b726>] debug_object_activate+0x361/0x4f0 lib/debugobjects.c:419
 [<00000000a9dbcf04>] debug_rcu_head_queue kernel/rcu/rcu.h:75 [inline]
 [<00000000a9dbcf04>] __call_rcu.constprop.0+0x35/0x8f0 kernel/rcu/tree.c:3146
 [<0000000041a21068>] call_rcu+0x12/0x20 kernel/rcu/tree_plugin.h:655
 [<00000000aa913362>] rt6_rcu_free net/ipv6/ip6_fib.c:170 [inline]
 [<00000000aa913362>] rt6_release net/ipv6/ip6_fib.c:200 [inline]
 [<00000000aa913362>] rt6_release+0x1ed/0x270 net/ipv6/ip6_fib.c:196
 [<000000000b066772>] fib6_del_route net/ipv6/ip6_fib.c:1465 [inline]
 [<000000000b066772>] fib6_del+0x76f/0xb20 net/ipv6/ip6_fib.c:1505
 [<00000000a82e28d7>] fib6_clean_node+0x29c/0x4d0 net/ipv6/ip6_fib.c:1657
 [<00000000793bfea6>] fib6_walk_continue+0x3e0/0x630 net/ipv6/ip6_fib.c:1583
 [<00000000ac84975d>] fib6_walk+0x9d/0xf0 net/ipv6/ip6_fib.c:1628
 [<000000002bf4dda2>] fib6_clean_tree+0xe7/0x120 net/ipv6/ip6_fib.c:1702
 [<000000005137b72d>] __fib6_clean_all+0xfb/0x230 net/ipv6/ip6_fib.c:1718
 [<00000000db6d692b>] fib6_clean_all+0x28/0x30 net/ipv6/ip6_fib.c:1729
 [<00000000dd225461>] rt6_ifdown+0xa8/0x810 net/ipv6/route.c:2719
 [<000000004b43ba1f>] addrconf_ifdown+0xd0/0x14d0 net/ipv6/addrconf.c:3572
 [<00000000417c7390>] addrconf_notify+0x7ac/0x1f50 net/ipv6/addrconf.c:3496
 [<000000005ccb9ea5>] notifier_call_chain+0xb4/0x1d0 kernel/notifier.c:93
 [<000000004ee3f5ab>] __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 [<000000004ee3f5ab>] raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:401
 [<00000000cea66204>] call_netdevice_notifiers_info+0x56/0x70 net/core/dev.c:1647
 [<000000004d39cb67>] netdev_state_change net/core/dev.c:1286 [inline]
 [<000000004d39cb67>] netdev_state_change+0xdd/0x100 net/core/dev.c:1280
 [<00000000c3852b72>] do_setlink+0x24c7/0x2dc0 net/core/rtnetlink.c:2199
 [<00000000c8d268ac>] rtnl_setlink+0x210/0x310 net/core/rtnetlink.c:2241
 [<00000000b3638839>] rtnetlink_rcv_msg+0x506/0x6e0 net/core/rtnetlink.c:4081
 [<00000000b92b267a>] netlink_rcv_skb+0xd4/0x2e0 net/netlink/af_netlink.c:2365
 [<00000000a84e0e36>] rtnetlink_rcv+0x2b/0x40 net/core/rtnetlink.c:4087
 [<00000000a07ff172>] netlink_unicast_kernel net/netlink/af_netlink.c:1285 [inline]
 [<00000000a07ff172>] netlink_unicast+0x4c6/0x6d0 net/netlink/af_netlink.c:1311
 [<00000000e641ca63>] netlink_sendmsg+0x6b6/0xc80 net/netlink/af_netlink.c:1859
 [<000000008cc5a0af>] sock_sendmsg_nosec net/socket.c:649 [inline]
 [<000000008cc5a0af>] sock_sendmsg+0xbe/0x110 net/socket.c:659
 [<000000009b3775de>] sock_write_iter+0x235/0x3d0 net/socket.c:857
 [<00000000d9263f6f>] do_iter_readv_writev+0x3d9/0x4b0 fs/read_write.c:698
 [<00000000b21573ad>] do_readv_writev+0x2ed/0x7a0 fs/read_write.c:874
 [<00000000db003448>] vfs_writev+0x89/0xc0 fs/read_write.c:913
 [<00000000bd8946c2>] do_writev+0x12e/0x310 fs/read_write.c:946
 [<0000000067a5552e>] SYSC_writev fs/read_write.c:1019 [inline]
 [<0000000067a5552e>] SyS_writev+0x28/0x30 fs/read_write.c:1016
 [<000000005c784ff3>] do_syscall_64+0x1ad/0x5c0 arch/x86/entry/common.c:288
 [<000000002888743d>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/13 00:13 https://android.googlesource.com/kernel/common android-4.9 7fe05eede1c8 048f2d49 .config console log report syz C ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.