syzbot

 sign-in | mailing list | source | docs
🐞 Open [957] Subsystems 🐞 Fixed [4880] 🐞 Invalid [11680] Missing Backports [73] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in net_free

Status: fixed on 2023/06/08 14:41
Subsystems: net
[Documentation on labels]
Fix commit: 9744d2bf1976 smc: Fix use-after-free in tcp_write_timer_handler().
First crash: 237d, last: 237d

Sample crash report:
 el0_svc+0x4c/0x15c arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
------------[ cut here ]------------
WARNING: CPU: 0 PID: 8549 at lib/ref_tracker.c:39 spin_unlock_irqrestore include/linux/spinlock.h:405 [inline]
WARNING: CPU: 0 PID: 8549 at lib/ref_tracker.c:39 ref_tracker_dir_exit+0x354/0x458 lib/ref_tracker.c:38
Modules linked in:
CPU: 0 PID: 8549 Comm: kworker/u4:33 Not tainted 6.3.0-rc6-syzkaller-g1f5b16c51aef #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Workqueue: netns cleanup_net
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ref_tracker_dir_exit+0x354/0x458 include/linux/spinlock.h:405
lr : spin_unlock_irqrestore include/linux/spinlock.h:405 [inline]
lr : ref_tracker_dir_exit+0x354/0x458 lib/ref_tracker.c:38
sp : ffff80001f4879f0
x29: ffff80001f487a00 x28: ffff000127493b90 x27: ffff000127493b40
x26: dfff800000000000 x25: dead000000000100 x24: ffff000127493b90
x23: ffff0000db6ef400 x22: ffff800012975520 x21: ffff000127493b90
x20: 1fffe0001b6dde80 x19: ffff000127493b40 x18: 1fffe00036851db6
x17: ffff800015c7d000 x16: ffff800008302b68 x15: 0000000000000002
x14: 1ffff00002b900b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : 0000000000000001
x8 : 0000000000000008 x7 : ffff80000827ec18 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff80001247b7c0 x0 : ffff80019e6c0000
Call trace:
 spin_unlock_irqrestore include/linux/spinlock.h:405 [inline]
 ref_tracker_dir_exit+0x354/0x458 lib/ref_tracker.c:38
 net_free+0x80/0xf4 net/core/net_namespace.c:447
 cleanup_net+0x82c/0x8d0 net/core/net_namespace.c:634
 process_one_work+0x788/0x12d4 kernel/workqueue.c:2390
 worker_thread+0x8e0/0xfe8 kernel/workqueue.c:2537
 kthread+0x24c/0x2d4 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
irq event stamp: 7223924
hardirqs last  enabled at (7223923): [<ffff80000827ecb8>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1378 [inline]
hardirqs last  enabled at (7223923): [<ffff80000827ecb8>] finish_lock_switch+0xbc/0x1e4 kernel/sched/core.c:5065
hardirqs last disabled at (7223924): [<ffff800012316484>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (7223920): [<ffff800008020c1c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (7223920): [<ffff800008020c1c>] __do_softirq+0xac0/0xd54 kernel/softirq.c:600
softirqs last disabled at (7223871): [<ffff80000802a724>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/04/16 03:10 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in net_free
* Struck through repros no longer work on HEAD.