BUG: corrupted list in account_entity_enqueue
29 views
Skip to first unread message
syzbot
Dec 31, 2018, 2:10:05 AM12/31/18
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, tg...@linutronix.de
Hello,
syzbot found the following crash on:
HEAD commit: 00c569b567c7 Merge tag 'locks-v4.21-1' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=136d858f400000
kernel config: https://syzkaller.appspot.com/x/.config?x=fbee5876573727cd
dashboard link: https://syzkaller.appspot.com/bug?extid=14005fa30c9a07192934
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+14005f...@syzkaller.appspotmail.com
attempt to access beyond end of device
list_add corruption. next->prev should be prev (ffff8880ae62d8d8), but was
0000000000000000. (next=ffff8880a9e1e330).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:25!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.20.0+ #393
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_add_valid.cold.0+0xf/0x25 lib/list_debug.c:23
Code: e8 23 0b 32 fe e9 68 ff ff ff e8 19 0b 32 fe eb c9 4c 89 e7 e8 0f 0b
32 fe eb 97 48 89 d9 48 c7 c7 40 c3 80 88 e8 32 ef d4 fd <0f> 0b 48 89 f1
48 c7 c7 00 c4 80 88 48 89 de e8 1e ef d4 fd 0f 0b
RSP: 0018:ffff8880ae607218 EFLAGS: 00010082
RAX: 0000000000000075 RBX: ffff8880a9e1e330 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81683015 RDI: 0000000000000005
RBP: ffff8880ae607230 R08: ffff8880a9e1c240 R09: ffffed1015cc5020
R10: ffffed1015cc5020 R11: ffff8880ae628107 R12: ffff888059bac2f0
R13: 1ffff11015cc0e4b R14: ffff8880ae6072b8 R15: ffff888059bac2f0
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe5cdd85018 CR3: 000000008679a000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__list_add include/linux/list.h:60 [inline]
list_add include/linux/list.h:79 [inline]
account_entity_enqueue+0x3a3/0x660 kernel/sched/fair.c:2679
enqueue_entity+0x2af/0x1ff0 kernel/sched/fair.c:3903
enqueue_task_fair+0x288/0x11f0 kernel/sched/fair.c:5134
enqueue_task kernel/sched/core.c:730 [inline]
activate_task+0x136/0x430 kernel/sched/core.c:751
ttwu_activate kernel/sched/core.c:1643 [inline]
ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1702
ttwu_queue kernel/sched/core.c:1847 [inline]
try_to_wake_up+0x9a3/0x1460 kernel/sched/core.c:2057
wake_up_process+0x10/0x20 kernel/sched/core.c:2129
hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1637
__run_hrtimer kernel/time/hrtimer.c:1389 [inline]
__hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1451
hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1035 [inline]
smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1060
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
</IRQ>
Modules linked in:
---[ end trace 8b80f5ec9872c871 ]---
RIP: 0010:__list_add_valid.cold.0+0xf/0x25 lib/list_debug.c:23
Code: e8 23 0b 32 fe e9 68 ff ff ff e8 19 0b 32 fe eb c9 4c 89 e7 e8 0f 0b
32 fe eb 97 48 89 d9 48 c7 c7 40 c3 80 88 e8 32 ef d4 fd <0f> 0b 48 89 f1
48 c7 c7 00 c4 80 88 48 89 de e8 1e ef d4 fd 0f 0b
RSP: 0018:ffff8880ae607218 EFLAGS: 00010082
RAX: 0000000000000075 RBX: ffff8880a9e1e330 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81683015 RDI: 0000000000000005
RBP: ffff8880ae607230 R08: ffff8880a9e1c240 R09: ffffed1015cc5020
R10: ffffed1015cc5020 R11: ffff8880ae628107 R12: ffff888059bac2f0
R13: 1ffff11015cc0e4b R14: ffff8880ae6072b8 R15: ffff888059bac2f0
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe5cdd85018 CR3: 000000008679a000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 00c569b567c7 Merge tag 'locks-v4.21-1' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=136d858f400000
kernel config: https://syzkaller.appspot.com/x/.config?x=fbee5876573727cd
dashboard link: https://syzkaller.appspot.com/bug?extid=14005fa30c9a07192934
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+14005f...@syzkaller.appspotmail.com
attempt to access beyond end of device
list_add corruption. next->prev should be prev (ffff8880ae62d8d8), but was
0000000000000000. (next=ffff8880a9e1e330).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:25!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9 Comm: ksoftirqd/0 Not tainted 4.20.0+ #393
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_add_valid.cold.0+0xf/0x25 lib/list_debug.c:23
Code: e8 23 0b 32 fe e9 68 ff ff ff e8 19 0b 32 fe eb c9 4c 89 e7 e8 0f 0b
32 fe eb 97 48 89 d9 48 c7 c7 40 c3 80 88 e8 32 ef d4 fd <0f> 0b 48 89 f1
48 c7 c7 00 c4 80 88 48 89 de e8 1e ef d4 fd 0f 0b
RSP: 0018:ffff8880ae607218 EFLAGS: 00010082
RAX: 0000000000000075 RBX: ffff8880a9e1e330 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81683015 RDI: 0000000000000005
RBP: ffff8880ae607230 R08: ffff8880a9e1c240 R09: ffffed1015cc5020
R10: ffffed1015cc5020 R11: ffff8880ae628107 R12: ffff888059bac2f0
R13: 1ffff11015cc0e4b R14: ffff8880ae6072b8 R15: ffff888059bac2f0
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe5cdd85018 CR3: 000000008679a000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__list_add include/linux/list.h:60 [inline]
list_add include/linux/list.h:79 [inline]
account_entity_enqueue+0x3a3/0x660 kernel/sched/fair.c:2679
enqueue_entity+0x2af/0x1ff0 kernel/sched/fair.c:3903
enqueue_task_fair+0x288/0x11f0 kernel/sched/fair.c:5134
enqueue_task kernel/sched/core.c:730 [inline]
activate_task+0x136/0x430 kernel/sched/core.c:751
ttwu_activate kernel/sched/core.c:1643 [inline]
ttwu_do_activate+0xd5/0x1f0 kernel/sched/core.c:1702
ttwu_queue kernel/sched/core.c:1847 [inline]
try_to_wake_up+0x9a3/0x1460 kernel/sched/core.c:2057
wake_up_process+0x10/0x20 kernel/sched/core.c:2129
hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1637
__run_hrtimer kernel/time/hrtimer.c:1389 [inline]
__hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1451
hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1035 [inline]
smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1060
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
</IRQ>
Modules linked in:
---[ end trace 8b80f5ec9872c871 ]---
RIP: 0010:__list_add_valid.cold.0+0xf/0x25 lib/list_debug.c:23
Code: e8 23 0b 32 fe e9 68 ff ff ff e8 19 0b 32 fe eb c9 4c 89 e7 e8 0f 0b
32 fe eb 97 48 89 d9 48 c7 c7 40 c3 80 88 e8 32 ef d4 fd <0f> 0b 48 89 f1
48 c7 c7 00 c4 80 88 48 89 de e8 1e ef d4 fd 0f 0b
RSP: 0018:ffff8880ae607218 EFLAGS: 00010082
RAX: 0000000000000075 RBX: ffff8880a9e1e330 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81683015 RDI: 0000000000000005
RBP: ffff8880ae607230 R08: ffff8880a9e1c240 R09: ffffed1015cc5020
R10: ffffed1015cc5020 R11: ffff8880ae628107 R12: ffff888059bac2f0
R13: 1ffff11015cc0e4b R14: ffff8880ae6072b8 R15: ffff888059bac2f0
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe5cdd85018 CR3: 000000008679a000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Jan 2, 2019, 12:02:05 PM1/2/19
to linux-...@vger.kernel.org, syzkall...@googlegroups.com, tg...@linutronix.de
syzbot has found a reproducer for the following crash on:
HEAD commit: 4cd1b60def51 Add linux-next specific files for 20190102
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=12b12dbf400000
kernel config: https://syzkaller.appspot.com/x/.config?x=3bf665f887bd3d7e
dashboard link: https://syzkaller.appspot.com/bug?extid=14005fa30c9a07192934
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10621f53400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=154d0427400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+14005f...@syzkaller.appspotmail.com
list_add corruption. next->prev should be prev (ffff8880ae72d8d8), but was
0000000000000610. (next=ffff8880a94b64f0).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:23!
Code: 34 fe eb d5 4c 89 e7 e8 3a 82 34 fe eb a3 4c 89 f7 e8 30 82 34 fe e9
56 ff ff ff 4c 89 e1 48 c7 c7 40 98 81 88 e8 00 cb d6 fd <0f> 0b 48 89 f2
4c 89 e1 4c 89 ee 48 c7 c7 80 99 81 88 e8 e9 ca d6
RSP: 0018:ffff8880ae707648 EFLAGS: 00010086
RAX: 0000000000000075 RBX: ffff8880a4783cc0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8167d786 RDI: ffffed1015ce0ebb
RBP: ffff8880ae707660 R08: 0000000000000075 R09: ffffed1015ce5021
R10: ffffed1015ce5020 R11: ffff8880ae728107 R12: ffff8880a94b64f0
R13: ffff8880a843a530 R14: ffff8880ae7076e8 R15: ffff8880a843a530
FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
enqueue_entity+0x276/0x20b0 kernel/sched/fair.c:3902
enqueue_task_fair+0x237/0x10c0 kernel/sched/fair.c:5133
enqueue_task kernel/sched/core.c:730 [inline]
activate_task+0x11d/0x470 kernel/sched/core.c:751
ttwu_activate kernel/sched/core.c:1643 [inline]
ttwu_do_activate+0xd4/0x1f0 kernel/sched/core.c:1702
ttwu_queue kernel/sched/core.c:1847 [inline]
try_to_wake_up+0x997/0x1480 kernel/sched/core.c:2057
hrtimer_interrupt+0x314/0x770 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1035 [inline]
smp_apic_timer_interrupt+0x18d/0x760 arch/x86/kernel/apic/apic.c:1060
RIP: 0010:__list_add_valid.cold+0xf/0x3c lib/list_debug.c:23
Code: 34 fe eb d5 4c 89 e7 e8 3a 82 34 fe eb a3 4c 89 f7 e8 30 82 34 fe e9
56 ff ff ff 4c 89 e1 48 c7 c7 40 98 81 88 e8 00 cb d6 fd <0f> 0b 48 89 f2
4c 89 e1 4c 89 ee 48 c7 c7 80 99 81 88 e8 e9 ca d6
RSP: 0018:ffff8880ae707648 EFLAGS: 00010086
RAX: 0000000000000075 RBX: ffff8880a4783cc0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8167d786 RDI: ffffed1015ce0ebb
RBP: ffff8880ae707660 R08: 0000000000000075 R09: ffffed1015ce5021
R10: ffffed1015ce5020 R11: ffff8880ae728107 R12: ffff8880a94b64f0
R13: ffff8880a843a530 R14: ffff8880ae7076e8 R15: ffff8880a843a530
FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
HEAD commit: 4cd1b60def51 Add linux-next specific files for 20190102
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=12b12dbf400000
kernel config: https://syzkaller.appspot.com/x/.config?x=3bf665f887bd3d7e
dashboard link: https://syzkaller.appspot.com/bug?extid=14005fa30c9a07192934
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10621f53400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=154d0427400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+14005f...@syzkaller.appspotmail.com
0000000000000610. (next=ffff8880a94b64f0).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:23!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: -1958513720 Comm: Not tainted 4.20.0-next-20190102 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_add_valid.cold+0xf/0x3c lib/list_debug.c:23
Google 01/01/2011
Code: 34 fe eb d5 4c 89 e7 e8 3a 82 34 fe eb a3 4c 89 f7 e8 30 82 34 fe e9
56 ff ff ff 4c 89 e1 48 c7 c7 40 98 81 88 e8 00 cb d6 fd <0f> 0b 48 89 f2
4c 89 e1 4c 89 ee 48 c7 c7 80 99 81 88 e8 e9 ca d6
RSP: 0018:ffff8880ae707648 EFLAGS: 00010086
RAX: 0000000000000075 RBX: ffff8880a4783cc0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8167d786 RDI: ffffed1015ce0ebb
RBP: ffff8880ae707660 R08: 0000000000000075 R09: ffffed1015ce5021
R10: ffffed1015ce5020 R11: ffff8880ae728107 R12: ffff8880a94b64f0
R13: ffff8880a843a530 R14: ffff8880ae7076e8 R15: ffff8880a843a530
FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000068 CR3: 00000000a43c7000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__list_add include/linux/list.h:60 [inline]
list_add include/linux/list.h:79 [inline]
account_entity_enqueue+0x3a0/0x660 kernel/sched/fair.c:2678
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
__list_add include/linux/list.h:60 [inline]
list_add include/linux/list.h:79 [inline]
enqueue_entity+0x276/0x20b0 kernel/sched/fair.c:3902
enqueue_task_fair+0x237/0x10c0 kernel/sched/fair.c:5133
enqueue_task kernel/sched/core.c:730 [inline]
activate_task+0x11d/0x470 kernel/sched/core.c:751
ttwu_activate kernel/sched/core.c:1643 [inline]
ttwu_do_activate+0xd4/0x1f0 kernel/sched/core.c:1702
ttwu_queue kernel/sched/core.c:1847 [inline]
try_to_wake_up+0x997/0x1480 kernel/sched/core.c:2057
wake_up_process+0x10/0x20 kernel/sched/core.c:2129
hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1637
__run_hrtimer kernel/time/hrtimer.c:1389 [inline]
__hrtimer_run_queues+0x3a7/0x1050 kernel/time/hrtimer.c:1451
hrtimer_wakeup+0x48/0x60 kernel/time/hrtimer.c:1637
__run_hrtimer kernel/time/hrtimer.c:1389 [inline]
hrtimer_interrupt+0x314/0x770 kernel/time/hrtimer.c:1509
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1035 [inline]
smp_apic_timer_interrupt+0x18d/0x760 arch/x86/kernel/apic/apic.c:1060
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
</IRQ>
Modules linked in:
---[ end trace 21a00246ce9209ce ]---
</IRQ>
Modules linked in:
RIP: 0010:__list_add_valid.cold+0xf/0x3c lib/list_debug.c:23
Code: 34 fe eb d5 4c 89 e7 e8 3a 82 34 fe eb a3 4c 89 f7 e8 30 82 34 fe e9
56 ff ff ff 4c 89 e1 48 c7 c7 40 98 81 88 e8 00 cb d6 fd <0f> 0b 48 89 f2
4c 89 e1 4c 89 ee 48 c7 c7 80 99 81 88 e8 e9 ca d6
RSP: 0018:ffff8880ae707648 EFLAGS: 00010086
RAX: 0000000000000075 RBX: ffff8880a4783cc0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8167d786 RDI: ffffed1015ce0ebb
RBP: ffff8880ae707660 R08: 0000000000000075 R09: ffffed1015ce5021
R10: ffffed1015ce5020 R11: ffff8880ae728107 R12: ffff8880a94b64f0
R13: ffff8880a843a530 R14: ffff8880ae7076e8 R15: ffff8880a843a530
FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000068 CR3: 00000000a43c7000 CR4: 00000000001406e0
Dmitry Vyukov
Jan 4, 2019, 6:12:44 AM1/4/19
to syzbot, LKML, syzkaller-bugs, Thomas Gleixner
On Wed, Jan 2, 2019 at 6:02 PM syzbot
<syzbot+14005f...@syzkaller.appspotmail.com> wrote:
>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 4cd1b60def51 Add linux-next specific files for 20190102
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=12b12dbf400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=3bf665f887bd3d7e
> dashboard link: https://syzkaller.appspot.com/bug?extid=14005fa30c9a07192934
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10621f53400000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=154d0427400000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+14005f...@syzkaller.appspotmail.com
Random manifestation of the stack overflow/corruption:
<syzbot+14005f...@syzkaller.appspotmail.com> wrote:
>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 4cd1b60def51 Add linux-next specific files for 20190102
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=12b12dbf400000
> kernel config: https://syzkaller.appspot.com/x/.config?x=3bf665f887bd3d7e
> dashboard link: https://syzkaller.appspot.com/bug?extid=14005fa30c9a07192934
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10621f53400000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=154d0427400000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+14005f...@syzkaller.appspotmail.com
#syz dup: kernel panic: stack is corrupted in udp4_lib_lookup2
See https://groups.google.com/forum/#!msg/syzkaller-bugs/vr87kmG5qRI/31nOcuVsFgAJ
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f9aaa5057e7c9ad5%40google.com.
> For more options, visit https://groups.google.com/d/optout.
syzbot
Jan 4, 2019, 8:25:04 AM1/4/19
to sbr...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
failed to checkout kernel repo
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git on commit
4cd1b60d: failed to run ["git" "checkout" "4cd1b60d"]: exit status 1
error: pathspec '4cd1b60d' did not match any file(s) known to git.
Tested on:
commit: [unknown]
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 4cd1b60d
syzbot tried to test the proposed patch but build/boot failed:
failed to checkout kernel repo
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git on commit
4cd1b60d: failed to run ["git" "checkout" "4cd1b60d"]: exit status 1
error: pathspec '4cd1b60d' did not match any file(s) known to git.
Tested on:
commit: [unknown]
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 4cd1b60d
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=166532bb400000
Dmitry Vyukov
Jan 4, 2019, 8:37:38 AM1/4/19
to syzbot, Stefano Brivio, syzkaller-bugs
On Fri, Jan 4, 2019 at 2:25 PM syzbot
<syzbot+14005f...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but build/boot failed:
>
> failed to checkout kernel repo
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git on commit
> 4cd1b60d: failed to run ["git" "checkout" "4cd1b60d"]: exit status 1
> error: pathspec '4cd1b60d' did not match any file(s) known to git.
Maybe try master branch? linux-next constantly causes such problem
<syzbot+14005f...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but build/boot failed:
>
> failed to checkout kernel repo
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git on commit
> 4cd1b60d: failed to run ["git" "checkout" "4cd1b60d"]: exit status 1
> error: pathspec '4cd1b60d' did not match any file(s) known to git.
with its rebases and tags and lots history. syzbot should have done
"git remote add", "git fetch" and then "git checkout HASH". Somehow it
failed. I know that fetch of a named remote fetches all branches, but
perhaps not free-standing tags?
> Tested on:
>
> commit: [unknown]
> git tree:
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 4cd1b60d
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> patch: https://syzkaller.appspot.com/x/patch.diff?x=166532bb400000
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000008f31d1057ea1ce35%40google.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
Stefano Brivio
Jan 4, 2019, 8:41:52 AM1/4/19
to Dmitry Vyukov, syzbot, syzkaller-bugs
On Fri, 4 Jan 2019 14:37:26 +0100
Dmitry Vyukov <dvy...@google.com> wrote:
> On Fri, Jan 4, 2019 at 2:25 PM syzbot
> <syzbot+14005f...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot tried to test the proposed patch but build/boot failed:
> >
> > failed to checkout kernel repo
> > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git on commit
> > 4cd1b60d: failed to run ["git" "checkout" "4cd1b60d"]: exit status 1
> > error: pathspec '4cd1b60d' did not match any file(s) known to git.
>
> Maybe try master branch?
Yes, email already sent :)
Dmitry Vyukov <dvy...@google.com> wrote:
> On Fri, Jan 4, 2019 at 2:25 PM syzbot
> <syzbot+14005f...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot tried to test the proposed patch but build/boot failed:
> >
> > failed to checkout kernel repo
> > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git on commit
> > 4cd1b60d: failed to run ["git" "checkout" "4cd1b60d"]: exit status 1
> > error: pathspec '4cd1b60d' did not match any file(s) known to git.
>
> Maybe try master branch?
> linux-next constantly causes such problem
> with its rebases and tags and lots history. syzbot should have done
> "git remote add", "git fetch" and then "git checkout HASH". Somehow it
> failed. I know that fetch of a named remote fetches all branches, but
> perhaps not free-standing tags?
--
Stefano
Dmitry Vyukov
Jan 4, 2019, 9:03:47 AM1/4/19
to Stefano Brivio, syzbot, syzkaller-bugs
https://github.com/google/syzkaller/commit/0127e3baa7b78ca59d4b1ebb3482a270c6c1c2af
at least this fetched something new for my local linux-next checkout.
syzbot
Jan 4, 2019, 10:22:04 AM1/4/19
to sbr...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
failed to checkout kernel repo
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/a4983672f9ca4c:
syzbot tried to test the proposed patch but build/boot failed:
failed to checkout kernel repo
failed to run
["git" "fetch" "git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git" "a4983672f9ca4c"]:
exit status 128
fatal: Couldn't find remote ref a4983672f9ca4c
Tested on:
commit: [unknown]
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=129406d7400000
Dmitry Vyukov
Jan 4, 2019, 11:46:29 AM1/4/19
to syzbot, Stefano Brivio, syzkaller-bugs
On Fri, Jan 4, 2019 at 4:22 PM syzbot
<syzbot+14005f...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but build/boot failed:
>
> failed to checkout kernel repo
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/a4983672f9ca4c:
> failed to run
> ["git" "fetch" "git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git" "a4983672f9ca4c"]:
> exit status 128
> fatal: Couldn't find remote ref a4983672f9ca4c
Should be fixed by:
<syzbot+14005f...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but build/boot failed:
>
> failed to checkout kernel repo
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/a4983672f9ca4c:
> failed to run
> ["git" "fetch" "git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git" "a4983672f9ca4c"]:
> exit status 128
> fatal: Couldn't find remote ref a4983672f9ca4c
https://github.com/google/syzkaller/commit/53be0a378fb4c5b60751659423b98bef7d502025
I wonder where did 14-char hash come from? Never seen these before.
> Tested on:
>
> commit: [unknown]
> git tree:
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
> a4983672f9ca4c
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> patch: https://syzkaller.appspot.com/x/patch.diff?x=129406d7400000
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000f4b0f0057ea37055%40google.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
syzbot
Jan 4, 2019, 11:56:04 AM1/4/19
to sbr...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+14005f...@syzkaller.appspotmail.com
Tested on:
commit: a4983672f9ca Add linux-next specific files for 20190103
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=3bf665f887bd3d7e
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+14005f...@syzkaller.appspotmail.com
Tested on:
commit: a4983672f9ca Add linux-next specific files for 20190103
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=3bf665f887bd3d7e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=13d49a80c00000
Note: testing is done by a robot and is best-effort only.
Stefano Brivio
Jan 4, 2019, 12:00:02 PM1/4/19
to Dmitry Vyukov, syzbot, syzkaller-bugs
On Fri, 4 Jan 2019 17:46:17 +0100
Dmitry Vyukov <dvy...@google.com> wrote:
> On Fri, Jan 4, 2019 at 4:22 PM syzbot
> <syzbot+14005f...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot tried to test the proposed patch but build/boot failed:
> >
> > failed to checkout kernel repo
> > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/a4983672f9ca4c:
> > failed to run
> > ["git" "fetch" "git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git" "a4983672f9ca4c"]:
> > exit status 128
> > fatal: Couldn't find remote ref a4983672f9ca4c
>
> Should be fixed by:
> https://github.com/google/syzkaller/commit/53be0a378fb4c5b60751659423b98bef7d502025
>
> I wonder where did 14-char hash come from? Never seen these before.
Just from a careless copy and paste I did -- I thought anything longer
Dmitry Vyukov <dvy...@google.com> wrote:
> On Fri, Jan 4, 2019 at 4:22 PM syzbot
> <syzbot+14005f...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot tried to test the proposed patch but build/boot failed:
> >
> > failed to checkout kernel repo
> > git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/a4983672f9ca4c:
> > failed to run
> > ["git" "fetch" "git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git" "a4983672f9ca4c"]:
> > exit status 128
> > fatal: Couldn't find remote ref a4983672f9ca4c
>
> Should be fixed by:
> https://github.com/google/syzkaller/commit/53be0a378fb4c5b60751659423b98bef7d502025
>
> I wonder where did 14-char hash come from? Never seen these before.
than 12 characters (de facto "standard" in references in kernel commit
messages for collisions to be reasonably unlikely) would be accepted.
Perhaps the check in CheckCommitHash() could be made more robust?
Something like
return ln == 8 || ln == 10 || (ln >= 12 && ln <= 40)
?
--
Stefano
Dmitry Vyukov
Jan 4, 2019, 12:20:38 PM1/4/19
to Stefano Brivio, syzbot, syzkaller-bugs
I've just noticed that hash length of --oneline output actually
depends on prompt length (wat?):
linux$ git log --oneline --grep "Reported-.*syz" v4.13..HEAD | grep -i kvm
dcbd3e49c2f0 KVM: X86: Fix NULL deref in vcpu_scan_ioapic
linux2$ git log --oneline --grep "Reported-.*syz" v4.13..HEAD | grep -i kvm
dcbd3e49c2f0b KVM: X86: Fix NULL deref in vcpu_scan_ioapic
This is in different tabs of the same terminal window, so windows
width is exactly the same...
Reply all
Reply to author
Forward
0 new messages