syzbot

 sign-in | mailing list | source | docs
🐞 Open [978] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in debug_check_no_obj_freed

Status: fixed on 2019/08/27 17:15
Reported-by: syzbot+b972214bb803a343f4fe@syzkaller.appspotmail.com
Fix commit: f9cedf1a9b1c net/smc: do not schedule tx_work in SMC_CLOSED state
First crash: 1765d, last: 1696d
Cause bisection: introduced by (bisect log) :
commit 99182beed858a1bde22f60046602b9b223225f73
Author: Daniel Borkmann <daniel@iogearbox.net>
Date: Tue Apr 2 21:17:19 2019 +0000

  Merge branch 'bpf-selftest-clang-fixes'

Crash: WARNING: ODEBUG bug in netdev_freemem (log)
Repro: C syz .config
  
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.19 00/45] 4.19.66-stable review 51 (51) 2019/08/11 06:17
[PATCH 5.2 00/56] 5.2.8-stable review 63 (63) 2019/08/09 15:48
[PATCH net] net/smc: do not schedule tx_work in SMC_CLOSED state 2 (2) 2019/08/05 20:24
Reminder: 5 open syzbot bugs in "net/smc" subsystem 1 (1) 2019/07/24 02:29
Reminder: 6 open syzbot bugs in "net/smc" subsystem 1 (1) 2019/07/02 06:24
WARNING in debug_check_no_obj_freed 0 (2) 2019/06/23 09:47
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in debug_check_no_obj_freed (2) net 1 1689d 1689d 0/26 closed as invalid on 2019/10/16 19:51

Sample crash report:
------------[ cut here ]------------
ODEBUG: free active (active state 0) object type: timer_list hint: rfcomm_dlc_timeout+0x0/0x80 net/bluetooth/rfcomm/core.c:300
WARNING: CPU: 1 PID: 9261 at lib/debugobjects.c:484 debug_print_object lib/debugobjects.c:481 [inline]
WARNING: CPU: 1 PID: 9261 at lib/debugobjects.c:484 __debug_check_no_obj_freed lib/debugobjects.c:963 [inline]
WARNING: CPU: 1 PID: 9261 at lib/debugobjects.c:484 debug_check_no_obj_freed+0x464/0x5b0 lib/debugobjects.c:994
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9261 Comm: syz-executor801 Not tainted 5.3.0-rc6 #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1d8/0x2f8 lib/dump_stack.c:113
 panic+0x25c/0x799 kernel/panic.c:219
 __warn+0x22f/0x230 kernel/panic.c:576
 report_bug+0x190/0x290 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 do_error_trap+0xd7/0x440 arch/x86/kernel/traps.c:272
 do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:debug_print_object lib/debugobjects.c:481 [inline]
RIP: 0010:__debug_check_no_obj_freed lib/debugobjects.c:963 [inline]
RIP: 0010:debug_check_no_obj_freed+0x464/0x5b0 lib/debugobjects.c:994
Code: 08 48 89 df e8 4d aa 58 fe 4c 8b 03 48 c7 c7 9d 59 45 88 48 c7 c6 e4 7b 43 88 4c 89 e2 44 89 f9 4d 89 e9 31 c0 e8 cc 9a f2 fd <0f> 0b 4c 8b 6d a8 ff 05 a4 52 6a 05 49 83 c5 30 4c 89 e8 48 c1 e8
RSP: 0018:ffff888089c8fb78 EFLAGS: 00010046
RAX: 2c4fd74c16202500 RBX: ffffffff888da040 RCX: ffff8880a033c300
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: ffff888089c8fc10 R08: ffffffff815cf7d4 R09: ffffed1015d640d2
R10: ffffed1015d640d2 R11: 0000000000000000 R12: ffffffff884ee8b1
R13: ffffffff86c3f090 R14: dffffc0000000000 R15: 0000000000000000
 kfree+0x107/0x200 mm/slab.c:3755
 rfcomm_dlc_free+0x1e/0x30 net/bluetooth/rfcomm/core.c:328
 rfcomm_dlc_put include/net/bluetooth/rfcomm.h:258 [inline]
 __rfcomm_create_dev net/bluetooth/rfcomm/tty.c:417 [inline]
 rfcomm_create_dev net/bluetooth/rfcomm/tty.c:486 [inline]
 rfcomm_dev_ioctl+0xb9a/0x1c70 net/bluetooth/rfcomm/tty.c:588
 rfcomm_sock_ioctl+0x7e/0xa0 net/bluetooth/rfcomm/sock.c:902
 sock_do_ioctl+0x7c/0x260 net/socket.c:1038
 sock_ioctl+0x461/0x680 net/socket.c:1189
 do_vfs_ioctl+0x744/0x1730 fs/ioctl.c:46
 ksys_ioctl fs/ioctl.c:713 [inline]
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0xe3/0x120 fs/ioctl.c:718
 do_syscall_64+0xfe/0x140 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441229
Code: e8 fc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 9b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffeaa0d9698 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441229
RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000004
RBP: 000000000001081e R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402050
R13: 00000000004020e0 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (47):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/08/27 03:04 upstream a55aa89aab90 d21c5d9d .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/08/15 20:34 upstream 329120423947 0d298d6b .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/08/14 17:29 upstream ee1c7bd33e66 5576551b .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/07/28 16:36 upstream a9815a4fa2fd c85e1c5b .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/07/27 16:53 upstream 3ea54d9b0d65 c85e1c5b .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/06/26 21:33 upstream 249155c20f9b 7509bf36 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/06/23 19:51 upstream 241e39004581 472f0082 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/06/19 23:30 upstream bed3c0d84e7e 34bf9440 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/08/20 13:51 upstream 5f97cbe22b76 cfc9868f .config console log report ci-upstream-kasan-gce-smack-root
2019/08/07 15:52 upstream f4eb1423e433 cdde7486 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/06 21:14 upstream 0eb0ce0a78e1 c6f01e54 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/06 00:57 upstream 0eb0ce0a78e1 6affd8e8 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/04 19:02 upstream 4b6f23161b4e 6affd8e8 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/03 23:43 upstream dcb8cfbd8fe9 6affd8e8 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/02 22:03 upstream 97b00aff2c45 6affd8e8 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/02 03:26 upstream 1e78030e5e5b 835dffe7 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/02 00:41 upstream 1e78030e5e5b 835dffe7 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/01 00:35 upstream 4010b622f1d2 c692b5bd .config console log report ci-upstream-kasan-gce-smack-root
2019/07/30 01:24 upstream 2a11c76e5301 f67095ee .config console log report ci-upstream-kasan-gce-smack-root
2019/07/25 19:07 upstream 6789f873ed37 732bc5a0 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/24 21:12 upstream bed38c3e2dca 32329ceb .config console log report ci-upstream-kasan-gce-smack-root
2019/07/24 07:48 upstream c6dd78fcb8ee de453f34 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/23 13:13 upstream c6dd78fcb8ee de453f34 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/22 21:36 upstream c6dd78fcb8ee 55e0c077 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/19 06:29 upstream 3bfe1fc46794 7bb222f7 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/16 03:07 upstream be8454afc50f 6732e2c0 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/15 23:15 upstream fec88ab0af97 139ac68a .config console log report ci-upstream-kasan-gce-smack-root
2019/07/14 12:56 upstream 192f0f8e9db7 e6fb0f13 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/12 02:41 upstream 17a20acaf171 baa5258a .config console log report ci-upstream-kasan-gce-smack-root
2019/07/09 11:27 upstream 5ad18b2e60b7 f62e1e85 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/08 21:21 upstream 223cea6a4f05 f62e1e85 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/04 21:34 upstream c212ddaee2fd 429efa16 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/04 21:07 upstream c212ddaee2fd 429efa16 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/04 02:54 upstream 550d1f5bda33 55565fa0 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/03 03:43 upstream 6fbc7275c7a9 55565fa0 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/30 05:52 upstream 728254541ebc 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/28 12:45 upstream c84afab02c31 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/26 12:36 upstream 249155c20f9b 4d342240 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/24 08:07 upstream 241e39004581 472f0082 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/23 19:32 upstream 241e39004581 472f0082 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/23 12:49 upstream 241e39004581 3efccdd2 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/23 12:19 upstream 241e39004581 3efccdd2 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/23 08:52 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/21 18:34 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/21 00:11 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/20 17:34 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/19 22:58 upstream bed3c0d84e7e 34bf9440 .config console log report ci-upstream-kasan-gce-smack-root
* Struck through repros no longer work on HEAD.