Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in ip_set_free

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+ebbab3e04c88fa141e6b@syzkaller.appspotmail.com>
To: kadlec@blackhole.kfki.hu, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [netfilter?] WARNING: ODEBUG bug in ip_set_free
Date: Wed, 14 Feb 2024 01:52:03 -0800	[thread overview]
Message-ID: <0000000000007c900506115476fc@google.com> (raw)
In-Reply-To: <9cf86b72-286d-f726-6907-ff2c11af6d75@blackhole.kfki.hu>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING: ODEBUG bug in ip_set_free

------------[ cut here ]------------
ODEBUG: free active (active state 0) object: 0000000062ae9ef3 object type: timer_list hint: bitmap_port_gc+0x0/0x4dc net/netfilter/ipset/ip_set_bitmap_port.c:282
WARNING: CPU: 0 PID: 6628 at lib/debugobjects.c:517 debug_print_object lib/debugobjects.c:514 [inline]
WARNING: CPU: 0 PID: 6628 at lib/debugobjects.c:517 __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
WARNING: CPU: 0 PID: 6628 at lib/debugobjects.c:517 debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
Modules linked in:
CPU: 0 PID: 6628 Comm: syz-executor.0 Not tainted 6.8.0-rc3-syzkaller-00010-gf735966ee23c-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_print_object lib/debugobjects.c:514 [inline]
pc : __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
pc : debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
lr : debug_print_object lib/debugobjects.c:514 [inline]
lr : __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
lr : debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
sp : ffff8000978c6950
x29: ffff8000978c6990 x28: 0000000000000000 x27: ffff80008aeec3c0
x26: ffff0000e345d318 x25: dfff800000000000 x24: 0000000000000000
x23: ffff80009368be40 x22: ffff0000e345d000 x21: 0000000000000000
x20: ffff8000894dfe30 x19: ffff0000e345d300 x18: 1fffe000367ff596
x17: ffff80008ec6d000 x16: ffff80008031fff4 x15: 0000000000000001
x14: 1fffe00036801de8 x13: 0000000000000000 x12: 0000000000000003
x11: 0000000000000001 x10: 0000000000000003 x9 : dee47f29bae7c100
x8 : dee47f29bae7c100 x7 : ffff800080296b68 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000006 x1 : ffff80008aecd8e0 x0 : ffff800125439000
Call trace:
 debug_print_object lib/debugobjects.c:514 [inline]
 __debug_check_no_obj_freed lib/debugobjects.c:989 [inline]
 debug_check_no_obj_freed+0x398/0x47c lib/debugobjects.c:1019
 slab_free_hook mm/slub.c:2093 [inline]
 slab_free mm/slub.c:4299 [inline]
 kfree+0x114/0x3cc mm/slub.c:4409
 kvfree+0x40/0x50 mm/util.c:663
 ip_set_free+0x28/0x7c net/netfilter/ipset/ip_set_core.c:264
 bitmap_port_destroy+0xe4/0x324 net/netfilter/ipset/ip_set_bitmap_gen.h:66
 ip_set_create+0x904/0xf48 net/netfilter/ipset/ip_set_core.c:1157
 nfnetlink_rcv_msg+0xa78/0xf80 net/netfilter/nfnetlink.c:302
 netlink_rcv_skb+0x214/0x3c4 net/netlink/af_netlink.c:2543
 nfnetlink_rcv+0x21c/0x1ed0 net/netfilter/nfnetlink.c:659
 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]
 netlink_unicast+0x65c/0x898 net/netlink/af_netlink.c:1367
 netlink_sendmsg+0x83c/0xb20 net/netlink/af_netlink.c:1908
 sock_sendmsg_nosec net/socket.c:730 [inline]
 __sock_sendmsg net/socket.c:745 [inline]
 ____sys_sendmsg+0x56c/0x840 net/socket.c:2584
 ___sys_sendmsg net/socket.c:2638 [inline]
 __sys_sendmsg+0x26c/0x33c net/socket.c:2667
 __do_sys_sendmsg net/socket.c:2676 [inline]
 __se_sys_sendmsg net/socket.c:2674 [inline]
 __arm64_sys_sendmsg+0x80/0x94 net/socket.c:2674
 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
irq event stamp: 294
hardirqs last  enabled at (293): [<ffff800080296c08>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1397 [inline]
hardirqs last  enabled at (293): [<ffff800080296c08>] finish_lock_switch+0xbc/0x1e4 kernel/sched/core.c:5154
hardirqs last disabled at (294): [<ffff80008ad60eac>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:436
softirqs last  enabled at (276): [<ffff80008002189c>] softirq_handle_end kernel/softirq.c:399 [inline]
softirqs last  enabled at (276): [<ffff80008002189c>] __do_softirq+0xac8/0xce4 kernel/softirq.c:582
softirqs last disabled at (147): [<ffff80008002ab48>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:81
---[ end trace 0000000000000000 ]---


Tested on:

commit:         f735966e Merge branches 'for-next/reorg-va-space' and ..
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10afd01c180000
kernel config:  https://syzkaller.appspot.com/x/.config?x=d47605a39da2cf06
dashboard link: https://syzkaller.appspot.com/bug?extid=ebbab3e04c88fa141e6b
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch:          https://syzkaller.appspot.com/x/patch.diff?x=10de0934180000

next      parent reply	other threads:[~2024-02-14  9:52 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <9cf86b72-286d-f726-6907-ff2c11af6d75@blackhole.kfki.hu>
2024-02-14  9:52 ` syzbot [this message]
     [not found] <20240215113851.GE25716@breakpoint.cc>
2024-02-15 12:25 ` [syzbot] [netfilter?] WARNING: ODEBUG bug in ip_set_free syzbot
     [not found] <71fab85e-966d-ba46-faec-a75a283bd325@netfilter.org>
2024-02-14  9:35 ` syzbot
2024-02-13 18:22 syzbot
2024-02-14  0:55 ` Hillf Danton
2024-02-14  3:44   ` syzbot
2024-02-14  8:58 ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000007c900506115476fc@google.com \
    --to=syzbot+ebbab3e04c88fa141e6b@syzkaller.appspotmail.com \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.