corrupted report
62 views
Skip to first unread message
syzbot
Apr 11, 2019, 12:14:09 AM4/11/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4d552acf Linux 4.19.34
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=107664d3200000
kernel config: https://syzkaller.appspot.com/x/.config?x=c95a88291f095edd
dashboard link: https://syzkaller.appspot.com/bug?extid=575a05c0b730cb786c77
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+575a05...@syzkaller.appspotmail.com
list_del corruption, ffff88805fc1fc90->next is LIST_POISON1
(dead000000000100)
list_del corruption, ffff88806426fc90->next is LIST_POISON1
(dead000000000100)
------------[ cut here ]------------
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:45!
kernel BUG at lib/list_debug.c:45!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 24242 Comm: syz-executor.5 Not tainted 4.19.34 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_del_entry_valid.cold+0x23/0x4f lib/list_debug.c:45
Code: e8 b5 de 30 fe 0f 0b 4c 89 f6 48 c7 c7 40 a2 81 87 e8 a4 de 30 fe 0f
0b 4c 89 ea 4c 89 f6 48 c7 c7 80 a1 81 87 e8 90 de 30 fe <0f> 0b 4c 89 e2
4c 89 f6 48 c7 c7 e0 a1 81 87 e8 7c de 30 fe 0f 0b
RSP: 0018:ffff88806426fb68 EFLAGS: 00010086
RAX: 000000000000004e RBX: ffff88806426fc78 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8155d206 RDI: ffffed100c84df5f
RBP: ffff88806426fb80 R08: 000000000000004e R09: ffffed1015d24fe9
R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: dead000000000200
R13: dead000000000100 R14: ffff88806426fc90 R15: ffff88806426fc98
FS: 00007f6b20b32700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6b20aefdb8 CR3: 00000000a90b8000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__list_del_entry include/linux/list.h:117 [inline]
list_del include/linux/list.h:125 [inline]
__remove_wait_queue include/linux/wait.h:184 [inline]
remove_wait_queue+0x2f/0x190 kernel/sched/wait.c:44
__tipc_shutdown+0x26e/0xae0 net/tipc/socket.c:509
tipc_release+0x70/0x1010 net/tipc/socket.c:574
__sock_release+0xd3/0x2b0 net/socket.c:579
sock_close+0x1b/0x30 net/socket.c:1140
__fput+0x2df/0x8b0 fs/file_table.c:278
____fput+0x16/0x20 fs/file_table.c:309
task_work_run+0x14a/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x273/0x2c0 arch/x86/entry/common.c:166
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
do_syscall_64+0x52d/0x610 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4582f9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6b20b31c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000004582f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b20b326d4
R13: 00000000004f5a92 R14: 00000000004cf118 R15: 00000000ffffffff
Modules linked in:
---[ end trace 94324203ba2b00e1 ]---
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 24247 Comm: syz-executor.5 Tainted: G D 4.19.34
#2
RIP: 0010:__list_del_entry_valid.cold+0x23/0x4f lib/list_debug.c:45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_del_entry_valid.cold+0x23/0x4f lib/list_debug.c:45
Code: e8 b5 de 30 fe 0f 0b 4c 89 f6 48 c7 c7 40 a2 81 87 e8 a4 de 30 fe 0f
0b 4c 89 ea 4c 89 f6 48 c7 c7 80 a1 81 87 e8 90 de 30 fe <0f> 0b 4c 89 e2
4c 89 f6 48 c7 c7 e0 a1 81 87 e8 7c de 30 fe 0f 0b
Code: e8 b5 de 30 fe 0f 0b 4c 89 f6 48 c7 c7 40 a2 81 87 e8 a4 de 30 fe 0f
0b 4c 89 ea 4c 89 f6 48 c7 c7 80 a1 81 87 e8 90 de 30 fe <0f> 0b 4c 89 e2
4c 89 f6 48 c7 c7 e0 a1 81 87 e8 7c de 30 fe 0f 0b
RSP: 0018:ffff88806426fb68 EFLAGS: 00010086
RSP: 0018:ffff88805fc1fb68 EFLAGS: 00010086
RAX: 000000000000004e RBX: ffff88806426fc78 RCX: 0000000000000000
RAX: 000000000000004e RBX: ffff88805fc1fc78 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8155d206 RDI: ffffed100c84df5f
RDX: 0000000000000000 RSI: ffffffff8155d206 RDI: ffffed100bf83f5f
RBP: ffff88806426fb80 R08: 000000000000004e R09: ffffed1015d24fe9
RBP: ffff88805fc1fb80 R08: 000000000000004e R09: ffffed1015d04fe9
R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: dead000000000200
R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: dead000000000200
R13: dead000000000100 R14: ffff88806426fc90 R15: ffff88806426fc98
R13: dead000000000100 R14: ffff88805fc1fc90 R15: ffff88805fc1fc98
FS: 00007f6b20b32700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
FS: 00007f6b20b11700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6b20aefdb8 CR3: 00000000a90b8000 CR4: 00000000001406e0
CR2: 000000000070b158 CR3: 00000000a90b8000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 4d552acf Linux 4.19.34
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=107664d3200000
kernel config: https://syzkaller.appspot.com/x/.config?x=c95a88291f095edd
dashboard link: https://syzkaller.appspot.com/bug?extid=575a05c0b730cb786c77
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+575a05...@syzkaller.appspotmail.com
list_del corruption, ffff88805fc1fc90->next is LIST_POISON1
(dead000000000100)
list_del corruption, ffff88806426fc90->next is LIST_POISON1
(dead000000000100)
------------[ cut here ]------------
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:45!
kernel BUG at lib/list_debug.c:45!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 24242 Comm: syz-executor.5 Not tainted 4.19.34 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_del_entry_valid.cold+0x23/0x4f lib/list_debug.c:45
Code: e8 b5 de 30 fe 0f 0b 4c 89 f6 48 c7 c7 40 a2 81 87 e8 a4 de 30 fe 0f
0b 4c 89 ea 4c 89 f6 48 c7 c7 80 a1 81 87 e8 90 de 30 fe <0f> 0b 4c 89 e2
4c 89 f6 48 c7 c7 e0 a1 81 87 e8 7c de 30 fe 0f 0b
RSP: 0018:ffff88806426fb68 EFLAGS: 00010086
RAX: 000000000000004e RBX: ffff88806426fc78 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8155d206 RDI: ffffed100c84df5f
RBP: ffff88806426fb80 R08: 000000000000004e R09: ffffed1015d24fe9
R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: dead000000000200
R13: dead000000000100 R14: ffff88806426fc90 R15: ffff88806426fc98
FS: 00007f6b20b32700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6b20aefdb8 CR3: 00000000a90b8000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__list_del_entry include/linux/list.h:117 [inline]
list_del include/linux/list.h:125 [inline]
__remove_wait_queue include/linux/wait.h:184 [inline]
remove_wait_queue+0x2f/0x190 kernel/sched/wait.c:44
__tipc_shutdown+0x26e/0xae0 net/tipc/socket.c:509
tipc_release+0x70/0x1010 net/tipc/socket.c:574
__sock_release+0xd3/0x2b0 net/socket.c:579
sock_close+0x1b/0x30 net/socket.c:1140
__fput+0x2df/0x8b0 fs/file_table.c:278
____fput+0x16/0x20 fs/file_table.c:309
task_work_run+0x14a/0x1c0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x273/0x2c0 arch/x86/entry/common.c:166
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
do_syscall_64+0x52d/0x610 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4582f9
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6b20b31c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 00000000004582f9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6b20b326d4
R13: 00000000004f5a92 R14: 00000000004cf118 R15: 00000000ffffffff
Modules linked in:
---[ end trace 94324203ba2b00e1 ]---
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 24247 Comm: syz-executor.5 Tainted: G D 4.19.34
#2
RIP: 0010:__list_del_entry_valid.cold+0x23/0x4f lib/list_debug.c:45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__list_del_entry_valid.cold+0x23/0x4f lib/list_debug.c:45
Code: e8 b5 de 30 fe 0f 0b 4c 89 f6 48 c7 c7 40 a2 81 87 e8 a4 de 30 fe 0f
0b 4c 89 ea 4c 89 f6 48 c7 c7 80 a1 81 87 e8 90 de 30 fe <0f> 0b 4c 89 e2
4c 89 f6 48 c7 c7 e0 a1 81 87 e8 7c de 30 fe 0f 0b
Code: e8 b5 de 30 fe 0f 0b 4c 89 f6 48 c7 c7 40 a2 81 87 e8 a4 de 30 fe 0f
0b 4c 89 ea 4c 89 f6 48 c7 c7 80 a1 81 87 e8 90 de 30 fe <0f> 0b 4c 89 e2
4c 89 f6 48 c7 c7 e0 a1 81 87 e8 7c de 30 fe 0f 0b
RSP: 0018:ffff88806426fb68 EFLAGS: 00010086
RSP: 0018:ffff88805fc1fb68 EFLAGS: 00010086
RAX: 000000000000004e RBX: ffff88806426fc78 RCX: 0000000000000000
RAX: 000000000000004e RBX: ffff88805fc1fc78 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8155d206 RDI: ffffed100c84df5f
RDX: 0000000000000000 RSI: ffffffff8155d206 RDI: ffffed100bf83f5f
RBP: ffff88806426fb80 R08: 000000000000004e R09: ffffed1015d24fe9
RBP: ffff88805fc1fb80 R08: 000000000000004e R09: ffffed1015d04fe9
R10: ffffed1015d24fe8 R11: ffff8880ae927f47 R12: dead000000000200
R10: ffffed1015d04fe8 R11: ffff8880ae827f47 R12: dead000000000200
R13: dead000000000100 R14: ffff88806426fc90 R15: ffff88806426fc98
R13: dead000000000100 R14: ffff88805fc1fc90 R15: ffff88805fc1fc98
FS: 00007f6b20b32700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
FS: 00007f6b20b11700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6b20aefdb8 CR3: 00000000a90b8000 CR4: 00000000001406e0
CR2: 000000000070b158 CR3: 00000000a90b8000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 12, 2019, 5:21:12 PM4/12/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 1ec8f1f0 Linux 4.14.111
syzbot found the following crash on:
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16bd5ae3200000
kernel config: https://syzkaller.appspot.com/x/.config?x=fdadf290ea9fc6f9
dashboard link: https://syzkaller.appspot.com/bug?extid=a160f82da570177ff4c6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a160f8...@syzkaller.appspotmail.com
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
FAT-fs (loop2): bogus number of reserved sectors
FAT-fs (loop2): Can't find a valid FAT filesystem
=====================================
WARNING: bad unlock balance detected!
4.14.111 #1 Not tainted
-------------------------------------
syz-executor.4/30280 is trying to release lock (
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
kobject: 'loop2' (ffff8880a49fa1a0): kobject_uevent_env
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 30280 Comm: syz-executor.4 Not tainted 4.14.111 #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8882144ea100 task.stack: ffff8882141a0000
Google 01/01/2011
RIP: 0010:print_unlock_imbalance_bug kernel/locking/lockdep.c:3540 [inline]
RIP: 0010:print_unlock_imbalance_bug.cold+0x89/0x123
kernel/locking/lockdep.c:3525
kobject: 'loop2' (ffff8880a49fa1a0): fill_kobj_path: path
= '/devices/virtual/block/loop2'
RSP: 0018:ffff8882141a7a88 EFLAGS: 00010086
RAX: dffffc0000000000 RBX: 0000000000000140 RCX: 0000000000000000
RDX: 0000000000000028 RSI: ffffffff814b2a55 RDI: ffffed1042834f47
RBP: ffff8882141a7aa8 R08: 0000000000000030 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8882144ea100
R13: ffffffff82505aca R14: ffffffff891a4640 R15: ffff8882141a7b28
FS: 00007f1e672d7700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
FAT-fs (loop2): bogus number of reserved sectors
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000c2de28 CR3: 0000000214238000 CR4: 00000000001406e0
Call Trace:
__lock_release kernel/locking/lockdep.c:3765 [inline]
lock_release+0x619/0x940 kernel/locking/lockdep.c:4013
FAT-fs (loop2): Can't find a valid FAT filesystem
up_write+0x1a/0x60 kernel/locking/rwsem.c:115
inode_unlock include/linux/fs.h:720 [inline]
debugfs_remove fs/debugfs/inode.c:660 [inline]
debugfs_remove+0xba/0x120 fs/debugfs/inode.c:649
blk_remove_buf_file_callback+0x16/0x20 kernel/trace/blktrace.c:434
relay_close_buf+0xea/0x140 kernel/relay.c:496
relay_close kernel/relay.c:847 [inline]
relay_close+0x13a/0x410 kernel/relay.c:833
blk_trace_free+0x8c/0x140 kernel/trace/blktrace.c:326
blk_trace_cleanup kernel/trace/blktrace.c:351 [inline]
blk_trace_remove+0x59/0x80 kernel/trace/blktrace.c:364
sg_ioctl+0x247/0x27e0 drivers/scsi/sg.c:1136
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7b9/0x1070 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x458c29
RSP: 002b:00007f1e672d6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29
RDX: 0000000000000000 RSI: 0000000000001276 RDI: 0000000000000006
RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1e672d76d4
R13: 00000000004c012d R14: 00000000004d23e0 R15: 00000000ffffffff
Code: 8b 94 24 e0 04 00 00 49 8d b4 24 b0 06 00 00 48 c7 c7 e0 4c 6b 86 e8
23 bc 02 00 48 89 da b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a <80> 3c 02 00
74 08 48 89 df e8 52 e0 3d 00 48 8d 7b 18 b8 ff ff
RIP: print_unlock_imbalance_bug kernel/locking/lockdep.c:3540 [inline] RSP:
ffff8882141a7a88
RIP: print_unlock_imbalance_bug.cold+0x89/0x123
kernel/locking/lockdep.c:3525 RSP: ffff8882141a7a88
---[ end trace 65b6e27867d3704e ]---
Reply all
Reply to author
Forward
0 new messages