WARNING in __tun_detach

From: Yikebaer Aizezi
Date: Tue Aug 15 2023 - 10:55:40 EST

Next message: Takashi Iwai: "Re: [PATCH 21/25] ASoC: dmaengine: Convert to generic PCM copy ops"
Previous message: Andy Shevchenko: "Re: [PATCH v5 3/6] iio: adc: mcp3911: simplify usage of spi->dev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

When using Healer to fuzz the Latest Linux-6.5-rc6, the following crash
was triggered.

HEAD commit: 2ccdd1b13c591d306f0401d98dedc4bdcd02b421 (tag: v6.5-rc6）
git tree: upstream

console output:
https://drive.google.com/file/d/1gdz7U-3qEkqcMdTym5UURmFPkzKUgvJQ/view?usp=drive_link
kernel config:https://drive.google.com/file/d/1DO9JM2wVO3ADkB7SweHN9q2mACe0T8lA/view?usp=drive_link
C reproducer:https://drive.google.com/file/d/1JBLx8X_egdvNSAkBVm81Wbtq6bLYlQE_/view?usp=drive_link
Syzlang reproducer:
https://drive.google.com/file/d/1BbmMzlF3u148wNT12wcrNNZoiFATz8Yb/view?usp=drive_link

If you fix this issue, please add the following tag to the commit:
Reported-by: Yikebaer Aizezi <yikebaer61@xxxxxxxxx>

------------[ cut here ]------------
WARNING: CPU: 1 PID: 10367 at net/core/dev.c:10876
unregister_netdevice_many_notify+0x13eb/0x18a0 net/core/dev.c:10876
Modules linked in:
CPU: 1 PID: 10367 Comm: syz-executor Not tainted 6.5.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
RIP: 0010:unregister_netdevice_many_notify+0x13eb/0x18a0 net/core/dev.c:10876
Code: b4 1a 00 00 48 c7 c6 00 89 f7 8a 48 c7 c7 40 89 f7 8a c6 05 3f
4c 56 06 01 e8 71 b9 9e f9 0f 0b e9 49 f7 ff ff e8 55 b5 d6 f9 <0f> 0b
e9 20 f7 ff ff e8 49 b5 d6 f9 0f 0b e9 5f f7 ff ff e8 6d 81
RSP: 0018:ffffc90004eaf870 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000007d98201 RCX: 0000000000000000
RDX: ffff888017f3bc00 RSI: ffffffff87a9b59b RDI: 0000000000000001
RBP: ffff88810aa60080 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000008e001 R12: 0000000000000000
R13: ffff88810aa60080 R14: ffff8881078cc000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f79076d138 CR3: 000000010c171000 CR4: 0000000000750ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 00000000000088e3 DR6: 00000000ffff0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
unregister_netdevice_many net/core/dev.c:10906 [inline]
unregister_netdevice_queue+0x2e1/0x3c0 net/core/dev.c:10786
unregister_netdevice include/linux/netdevice.h:3112 [inline]
__tun_detach+0x10d1/0x1400 drivers/net/tun.c:684
tun_detach drivers/net/tun.c:700 [inline]
tun_chr_close+0xc4/0x240 drivers/net/tun.c:3491
__fput+0x406/0xac0 fs/file_table.c:384
task_work_run+0x164/0x250 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa8c/0x2990 kernel/exit.c:874
do_group_exit+0xd0/0x2a0 kernel/exit.c:1024
get_signal+0x25c3/0x25f0 kernel/signal.c:2881
arch_do_signal_or_restart+0x75/0x5b0 arch/x86/kernel/signal.c:308
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:297
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbdbc69442d
Code: Unable to access opcode bytes at 0x7fbdbc694403.
RSP: 002b:00007fbdbd8fe0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fbdbc7cc0a8 RCX: 00007fbdbc69442d
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbdbc7cc0a8
RBP: 00007fbdbc7cc0a0 R08: 00007fbdbd8fe640 R09: 00007fbdbd8fe640
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdbc7cc0ac
R13: 000000000000000b R14: 00007fbdbc653240 R15: 00007fbdbd8de000
</TASK>

Modules linked in:
CPU: 1 PID: 10367 Comm: syz-executor Not tainted 6.5.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
RIP: 0010:unregister_netdevice_many_notify+0x13eb/0x18a0 net/core/dev.c:10876
Code: b4 1a 00 00 48 c7 c6 00 89 f7 8a 48 c7 c7 40 89 f7 8a c6 05 3f
4c 56 06 01 e8 71 b9 9e f9 0f 0b e9 49 f7 ff ff e8 55 b5 d6 f9 <0f> 0b
e9 20 f7 ff ff e8 49 b5 d6 f9 0f 0b e9 5f f7 ff ff e8 6d 81
RSP: 0018:ffffc90004eaf870 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000007d98201 RCX: 0000000000000000
RDX: ffff888017f3bc00 RSI: ffffffff87a9b59b RDI: 0000000000000001
RBP: ffff88810aa60080 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000008e001 R12: 0000000000000000
R13: ffff88810aa60080 R14: ffff8881078cc000 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f79076d138 CR3: 000000010c171000 CR4: 0000000000750ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 00000000000088e3 DR6: 00000000ffff0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
<TASK>
unregister_netdevice_many net/core/dev.c:10906 [inline]
unregister_netdevice_queue+0x2e1/0x3c0 net/core/dev.c:10786
unregister_netdevice include/linux/netdevice.h:3112 [inline]
__tun_detach+0x10d1/0x1400 drivers/net/tun.c:684
tun_detach drivers/net/tun.c:700 [inline]
tun_chr_close+0xc4/0x240 drivers/net/tun.c:3491
__fput+0x406/0xac0 fs/file_table.c:384
task_work_run+0x164/0x250 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa8c/0x2990 kernel/exit.c:874
do_group_exit+0xd0/0x2a0 kernel/exit.c:1024
get_signal+0x25c3/0x25f0 kernel/signal.c:2881
arch_do_signal_or_restart+0x75/0x5b0 arch/x86/kernel/signal.c:308
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:297
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbdbc69442d
Code: Unable to access opcode bytes at 0x7fbdbc694403.
RSP: 002b:00007fbdbd8fe0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fbdbc7cc0a8 RCX: 00007fbdbc69442d
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbdbc7cc0a8
RBP: 00007fbdbc7cc0a0 R08: 00007fbdbd8fe640 R09: 00007fbdbd8fe640
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdbc7cc0ac
R13: 000000000000000b R14: 00007fbdbc653240 R15: 00007fbdbd8de000
</TASK>
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 1 PID: 10367 Comm: syz-executor Not tainted 6.5.0-rc6 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd5/0x150 lib/dump_stack.c:106
panic+0x67e/0x730 kernel/panic.c:340
check_panic_on_warn+0xad/0xb0 kernel/panic.c:236
__warn+0xee/0x390 kernel/panic.c:673
__report_bug lib/bug.c:199 [inline]
report_bug+0x2d9/0x500 lib/bug.c:219
handle_bug+0x3c/0x70 arch/x86/kernel/traps.c:326
exc_invalid_op+0x14/0x40 arch/x86/kernel/traps.c:347
asm_exc_invalid_op+0x16/0x20 arch/x86/include/asm/idtentry.h:568
RIP: 0010:unregister_netdevice_many_notify+0x13eb/0x18a0 net/core/dev.c:10876
Code: b4 1a 00 00 48 c7 c6 00 89 f7 8a 48 c7 c7 40 89 f7 8a c6 05 3f
4c 56 06 01 e8 71 b9 9e f9 0f 0b e9 49 f7 ff ff e8 55 b5 d6 f9 <0f> 0b
e9 20 f7 ff ff e8 49 b5 d6 f9 0f 0b e9 5f f7 ff ff e8 6d 81
RSP: 0018:ffffc90004eaf870 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000007d98201 RCX: 0000000000000000
RDX: ffff888017f3bc00 RSI: ffffffff87a9b59b RDI: 0000000000000001
RBP: ffff88810aa60080 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 000000000008e001 R12: 0000000000000000
R13: ffff88810aa60080 R14: ffff8881078cc000 R15: dffffc0000000000
unregister_netdevice_many net/core/dev.c:10906 [inline]
unregister_netdevice_queue+0x2e1/0x3c0 net/core/dev.c:10786
unregister_netdevice include/linux/netdevice.h:3112 [inline]
__tun_detach+0x10d1/0x1400 drivers/net/tun.c:684
tun_detach drivers/net/tun.c:700 [inline]
tun_chr_close+0xc4/0x240 drivers/net/tun.c:3491
__fput+0x406/0xac0 fs/file_table.c:384
task_work_run+0x164/0x250 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa8c/0x2990 kernel/exit.c:874
do_group_exit+0xd0/0x2a0 kernel/exit.c:1024
get_signal+0x25c3/0x25f0 kernel/signal.c:2881
arch_do_signal_or_restart+0x75/0x5b0 arch/x86/kernel/signal.c:308
exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
exit_to_user_mode_prepare+0x11f/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:297
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbdbc69442d
Code: Unable to access opcode bytes at 0x7fbdbc694403.
RSP: 002b:00007fbdbd8fe0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00007fbdbc7cc0a8 RCX: 00007fbdbc69442d
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbdbc7cc0a8
RBP: 00007fbdbc7cc0a0 R08: 00007fbdbd8fe640 R09: 00007fbdbd8fe640
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbdbc7cc0ac
R13: 000000000000000b R14: 00007fbdbc653240 R15: 00007fbdbd8de000
</TASK>
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 1 seconds..

Next message: Takashi Iwai: "Re: [PATCH 21/25] ASoC: dmaengine: Convert to generic PCM copy ops"
Previous message: Andy Shevchenko: "Re: [PATCH v5 3/6] iio: adc: mcp3911: simplify usage of spi->dev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]