kernel BUG at lib/list_debug.c:LINE! (2)
108 views
Skip to first unread message
syzbot
Dec 17, 2017, 3:39:04 PM12/17/17
to ax...@kernel.dk, linux...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzkaller hit the following crash on
6084b576dca2e898f5c101baef151f7bfdbb606d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
Use struct sctp_assoc_value instead
device lo entered promiscuous mode
list_del corruption. prev->next should be 00000000ff375078, but
was (null)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
invalid opcode: 0000 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 17190 Comm: modprobe Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_del_entry_valid+0x78/0x90 lib/list_debug.c:51
RSP: 0000:ffff88021fc03d78 EFLAGS: 00010096
RAX: 0000000000000054 RBX: ffff88020ee1c400 RCX: ffffffff8123dede
RDX: 0000000000000100 RSI: ffff88021fc136f8 RDI: ffff88021fc136f8
RBP: ffff88021fc03d78 R08: 0000000000000001 R09: 000000000000000c
R10: ffff88021fc03d10 R11: 000000000000000c R12: ffff880215541140
R13: 0000000000000002 R14: ffff88021513c180 R15: 0000000000000286
FS: 00007f04577f2700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f04573bd000 CR3: 000000020ec6b000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020001010 DR2: 0000000020000008
DR3: 0000000020000008 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
<IRQ>
__list_del_entry include/linux/list.h:117 [inline]
list_del_init include/linux/list.h:159 [inline]
blk_queue_end_tag+0x4e/0x170 block/blk-tag.c:272
blk_finish_request+0x168/0x210 block/blk-core.c:3045
scsi_end_request+0x156/0x250 drivers/scsi/scsi_lib.c:702
scsi_io_completion+0x306/0x7b0 drivers/scsi/scsi_lib.c:865
scsi_finish_command+0x10c/0x130 drivers/scsi/scsi.c:248
scsi_softirq_done+0x17a/0x190 drivers/scsi/scsi_lib.c:1649
blk_done_softirq+0xcd/0x100 block/blk-softirq.c:37
__do_softirq+0xcb/0x4f3 kernel/softirq.c:285
invoke_softirq kernel/softirq.c:365 [inline]
irq_exit+0xd4/0xe0 kernel/softirq.c:405
exiting_irq arch/x86/include/asm/apic.h:540 [inline]
do_IRQ+0x89/0x100 arch/x86/kernel/irq.c:241
common_interrupt+0xa9/0xa9 arch/x86/entry/entry_64.S:695
</IRQ>
RIP: 0033:0x7f04575e4bf0
RSP: 002b:00007ffc8614c4d0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffffda
RAX: 0000000000000000 RBX: 00007f04577f9d00 RCX: 0000000000000000
RDX: 00007f0457045e30 RSI: 00007ffc8614c5c0 RDI: 00007f045704de0e
RBP: 00007ffc8614c610 R08: 00000000015742cb R09: 000000000000001c
R10: 00007ffc8614c450 R11: 00007ffc8614c450 R12: 00007f04577f3150
R13: 00007ffc8614c6c8 R14: 00007f04577f99a8 R15: 0000000055d0b2dc
Code: 82 e8 85 dd ae ff 0f 0b 48 89 fe 48 c7 c7 08 34 e8 82 e8 74 dd ae ff
0f 0b 48 89 f2 48 89 fe 48 c7 c7 40 34 e8 82 e8 60 dd ae ff <0f> 0b 48 c7
c7 80 34 e8 82 e8 52 dd ae ff 0f 0b 90 90 90 90 90
RIP: __list_del_entry_valid+0x78/0x90 lib/list_debug.c:51 RSP:
ffff88021fc03d78
---[ end trace 782bce8a49dd9566 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzkaller hit the following crash on
6084b576dca2e898f5c101baef151f7bfdbb606d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
Use struct sctp_assoc_value instead
device lo entered promiscuous mode
list_del corruption. prev->next should be 00000000ff375078, but
was (null)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
invalid opcode: 0000 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 17190 Comm: modprobe Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_del_entry_valid+0x78/0x90 lib/list_debug.c:51
RSP: 0000:ffff88021fc03d78 EFLAGS: 00010096
RAX: 0000000000000054 RBX: ffff88020ee1c400 RCX: ffffffff8123dede
RDX: 0000000000000100 RSI: ffff88021fc136f8 RDI: ffff88021fc136f8
RBP: ffff88021fc03d78 R08: 0000000000000001 R09: 000000000000000c
R10: ffff88021fc03d10 R11: 000000000000000c R12: ffff880215541140
R13: 0000000000000002 R14: ffff88021513c180 R15: 0000000000000286
FS: 00007f04577f2700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f04573bd000 CR3: 000000020ec6b000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020001010 DR2: 0000000020000008
DR3: 0000000020000008 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
<IRQ>
__list_del_entry include/linux/list.h:117 [inline]
list_del_init include/linux/list.h:159 [inline]
blk_queue_end_tag+0x4e/0x170 block/blk-tag.c:272
blk_finish_request+0x168/0x210 block/blk-core.c:3045
scsi_end_request+0x156/0x250 drivers/scsi/scsi_lib.c:702
scsi_io_completion+0x306/0x7b0 drivers/scsi/scsi_lib.c:865
scsi_finish_command+0x10c/0x130 drivers/scsi/scsi.c:248
scsi_softirq_done+0x17a/0x190 drivers/scsi/scsi_lib.c:1649
blk_done_softirq+0xcd/0x100 block/blk-softirq.c:37
__do_softirq+0xcb/0x4f3 kernel/softirq.c:285
invoke_softirq kernel/softirq.c:365 [inline]
irq_exit+0xd4/0xe0 kernel/softirq.c:405
exiting_irq arch/x86/include/asm/apic.h:540 [inline]
do_IRQ+0x89/0x100 arch/x86/kernel/irq.c:241
common_interrupt+0xa9/0xa9 arch/x86/entry/entry_64.S:695
</IRQ>
RIP: 0033:0x7f04575e4bf0
RSP: 002b:00007ffc8614c4d0 EFLAGS: 00000206 ORIG_RAX: ffffffffffffffda
RAX: 0000000000000000 RBX: 00007f04577f9d00 RCX: 0000000000000000
RDX: 00007f0457045e30 RSI: 00007ffc8614c5c0 RDI: 00007f045704de0e
RBP: 00007ffc8614c610 R08: 00000000015742cb R09: 000000000000001c
R10: 00007ffc8614c450 R11: 00007ffc8614c450 R12: 00007f04577f3150
R13: 00007ffc8614c6c8 R14: 00007f04577f99a8 R15: 0000000055d0b2dc
Code: 82 e8 85 dd ae ff 0f 0b 48 89 fe 48 c7 c7 08 34 e8 82 e8 74 dd ae ff
0f 0b 48 89 f2 48 89 fe 48 c7 c7 40 34 e8 82 e8 60 dd ae ff <0f> 0b 48 c7
c7 80 34 e8 82 e8 52 dd ae ff 0f 0b 90 90 90 90 90
RIP: __list_del_entry_valid+0x78/0x90 lib/list_debug.c:51 RSP:
ffff88021fc03d78
---[ end trace 782bce8a49dd9566 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Dmitry Vyukov
Feb 13, 2018, 2:47:04 PM2/13/18
to syzbot, syzkall...@googlegroups.com
old bug bankruptcy
#syz invalid
On Sun, Dec 17, 2017 at 9:39 PM, syzbot
<bot+dc02d7b5fbb3b8fc44...@syzkaller.appspotmail.com>
wrote:
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a113ed15e41a09d05608f390e%40google.com.
> For more options, visit https://groups.google.com/d/optout.
#syz invalid
On Sun, Dec 17, 2017 at 9:39 PM, syzbot
<bot+dc02d7b5fbb3b8fc44...@syzkaller.appspotmail.com>
wrote:
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a113ed15e41a09d05608f390e%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages