* kernel BUG at mm/slab.c:LINE! (3) @ 2018-11-14 7:18 syzbot 2018-11-16 21:56 ` Dmitry Vyukov 2019-03-20 20:55 ` syzbot 0 siblings, 2 replies; 4+ messages in thread From: syzbot @ 2018-11-14 7:18 UTC (permalink / raw) To: linux-kernel, syzkaller-bugs Hello, syzbot found the following crash on: HEAD commit: 3e536cff3424 net: phy: check if advertising is zero using .. git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=16f95b83400000 kernel config: https://syzkaller.appspot.com/x/.config?x=4a0a89f12ca9b0f5 dashboard link: https://syzkaller.appspot.com/bug?extid=2182db487a523d86bf34 compiler: gcc (GCC) 8.0.1 20180413 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=148d46d5400000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c6a225400000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+2182db487a523d86bf34@syzkaller.appspotmail.com ------------[ cut here ]------------ DEBUG_LOCKS_WARN_ON(depth >= MAX_LOCK_DEPTH) ------------[ cut here ]------------ kernel BUG at mm/slab.c:4425! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: -642842048 Comm: ksoftirqd/0 Not tainted 4.20.0-rc2+ #294 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__check_heap_object+0xa7/0xb5 mm/slab.c:4450 Code: 48 c7 c7 15 73 12 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 15 73 12 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 d0 73 RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093 RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8 RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180 R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8 R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000068 CR3: 00000001bb987000 CR4: 00000000001406f0 Call Trace: Modules linked in: ---[ end trace 1c9eb38e9e38ee03 ]--- RIP: 0010:__check_heap_object+0xa7/0xb5 mm/slab.c:4450 Code: 48 c7 c7 15 73 12 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 15 73 12 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 d0 73 RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093 RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8 RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180 R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8 R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000068 CR3: 00000001bb987000 CR4: 00000000001406f0 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: kernel BUG at mm/slab.c:LINE! (3) 2018-11-14 7:18 kernel BUG at mm/slab.c:LINE! (3) syzbot @ 2018-11-16 21:56 ` Dmitry Vyukov 2019-03-20 20:55 ` syzbot 1 sibling, 0 replies; 4+ messages in thread From: Dmitry Vyukov @ 2018-11-16 21:56 UTC (permalink / raw) To: syzbot, netdev, David Miller; +Cc: LKML, syzkaller-bugs On Tue, Nov 13, 2018 at 11:18 PM, syzbot <syzbot+2182db487a523d86bf34@syzkaller.appspotmail.com> wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 3e536cff3424 net: phy: check if advertising is zero using .. > git tree: net-next > console output: https://syzkaller.appspot.com/x/log.txt?x=16f95b83400000 > kernel config: https://syzkaller.appspot.com/x/.config?x=4a0a89f12ca9b0f5 > dashboard link: https://syzkaller.appspot.com/bug?extid=2182db487a523d86bf34 > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=148d46d5400000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c6a225400000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+2182db487a523d86bf34@syzkaller.appspotmail.com All reproducers just do something simple with inet6 sockets and all crashes are on net-next, so +netdev r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x3ffffffffff0c00, 0x0) > ------------[ cut here ]------------ > DEBUG_LOCKS_WARN_ON(depth >= MAX_LOCK_DEPTH) > ------------[ cut here ]------------ > kernel BUG at mm/slab.c:4425! > invalid opcode: 0000 [#1] PREEMPT SMP KASAN > CPU: 0 PID: -642842048 Comm: ksoftirqd/0 Not tainted 4.20.0-rc2+ #294 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:__check_heap_object+0xa7/0xb5 mm/slab.c:4450 > Code: 48 c7 c7 15 73 12 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 > c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 15 > 73 12 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 d0 73 > RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093 > RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c > RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8 > RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180 > R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8 > R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001 > FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000000068 CR3: 00000001bb987000 CR4: 00000000001406f0 > Call Trace: > Modules linked in: > ---[ end trace 1c9eb38e9e38ee03 ]--- > RIP: 0010:__check_heap_object+0xa7/0xb5 mm/slab.c:4450 > Code: 48 c7 c7 15 73 12 89 e8 97 e3 0a 00 5d c3 41 8b 91 04 01 00 00 48 29 > c7 48 39 d7 77 be 48 01 d0 48 29 c8 48 39 f0 72 b3 5d c3 <0f> 0b 48 c7 c7 15 > 73 12 89 e8 fd eb 0a 00 44 89 e9 48 c7 c7 d0 73 > RSP: 0018:ffff8881d9af0030 EFLAGS: 00010093 > RAX: 00000000000a57eb RBX: 1ffff1103b35e00d RCX: 000000000000000c > RDX: ffff8881d9af0240 RSI: 0000000000000002 RDI: ffff8881d9af01d8 > RBP: ffff8881d9af0030 R08: ffff8881d9af0240 R09: ffff8881da970180 > R10: 000000004afd69e7 R11: 0000000000000000 R12: ffff8881d9af01d8 > R13: 0000000000000002 R14: ffffea000766bc00 R15: 0000000000000001 > FS: 0000000000000000(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000000068 CR3: 00000001bb987000 CR4: 00000000001406f0 > > > --- > This bug is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. See: > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with > syzbot. > syzbot can test patches for this bug, for details see: > https://goo.gl/tpsmEJ#testing-patches > > -- > You received this message because you are subscribed to the Google Groups > "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/syzkaller-bugs/0000000000005b7456057a9abc57%40google.com. > For more options, visit https://groups.google.com/d/optout. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: kernel BUG at mm/slab.c:LINE! (3) 2018-11-14 7:18 kernel BUG at mm/slab.c:LINE! (3) syzbot 2018-11-16 21:56 ` Dmitry Vyukov @ 2019-03-20 20:55 ` syzbot 2019-03-21 6:00 ` Dmitry Vyukov 1 sibling, 1 reply; 4+ messages in thread From: syzbot @ 2019-03-20 20:55 UTC (permalink / raw) To: davem, kuznet, linux-kernel, netdev, sbrivio, sd, syzkaller-bugs, yoshfuji syzbot has bisected this bug to: commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e Author: Stefano Brivio <sbrivio@redhat.com> Date: Thu Nov 8 11:19:23 2018 +0000 fou, fou6: ICMP error handlers for FoU and GUE bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=161b63cf200000 start commit: b8a51b38 fou, fou6: ICMP error handlers for FoU and GUE git tree: net-next final crash: https://syzkaller.appspot.com/x/report.txt?x=151b63cf200000 console output: https://syzkaller.appspot.com/x/log.txt?x=111b63cf200000 kernel config: https://syzkaller.appspot.com/x/.config?x=4a0a89f12ca9b0f5 dashboard link: https://syzkaller.appspot.com/bug?extid=2182db487a523d86bf34 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=148d46d5400000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c6a225400000 Reported-by: syzbot+2182db487a523d86bf34@syzkaller.appspotmail.com Fixes: b8a51b38 ("fou, fou6: ICMP error handlers for FoU and GUE") ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: kernel BUG at mm/slab.c:LINE! (3) 2019-03-20 20:55 ` syzbot @ 2019-03-21 6:00 ` Dmitry Vyukov 0 siblings, 0 replies; 4+ messages in thread From: Dmitry Vyukov @ 2019-03-21 6:00 UTC (permalink / raw) To: syzbot Cc: David Miller, Alexey Kuznetsov, LKML, netdev, Stefano Brivio, Sabrina Dubroca, syzkaller-bugs, Hideaki YOSHIFUJI On Wed, Mar 20, 2019 at 9:55 PM syzbot <syzbot+2182db487a523d86bf34@syzkaller.appspotmail.com> wrote: > > syzbot has bisected this bug to: > > commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e > Author: Stefano Brivio <sbrivio@redhat.com> > Date: Thu Nov 8 11:19:23 2018 +0000 > > fou, fou6: ICMP error handlers for FoU and GUE > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=161b63cf200000 > start commit: b8a51b38 fou, fou6: ICMP error handlers for FoU and GUE > git tree: net-next > final crash: https://syzkaller.appspot.com/x/report.txt?x=151b63cf200000 > console output: https://syzkaller.appspot.com/x/log.txt?x=111b63cf200000 > kernel config: https://syzkaller.appspot.com/x/.config?x=4a0a89f12ca9b0f5 > dashboard link: https://syzkaller.appspot.com/bug?extid=2182db487a523d86bf34 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=148d46d5400000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c6a225400000 > > Reported-by: syzbot+2182db487a523d86bf34@syzkaller.appspotmail.com > Fixes: b8a51b38 ("fou, fou6: ICMP error handlers for FoU and GUE") That commit caused lots of crashes that look completely differently. Now all that is fixed. The last crash for this bugs happened 2+ months ago. So let's just do: #syz fix: fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-03-21 6:01 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-11-14 7:18 kernel BUG at mm/slab.c:LINE! (3) syzbot 2018-11-16 21:56 ` Dmitry Vyukov 2019-03-20 20:55 ` syzbot 2019-03-21 6:00 ` Dmitry Vyukov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).