BUG: corrupted list in kernfs_put_open_node (2)
9 views
Skip to first unread message
syzbot
Sep 20, 2021, 6:05:30 PM9/20/21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bf152b0b41dc Merge tag 'for_linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12e0b72d300000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a0a845d34d07474
dashboard link: https://syzkaller.appspot.com/bug?extid=7751c073b5e23286f687
userspace arch: arm
CC: [gre...@linuxfoundation.org linux-...@vger.kernel.org t...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7751c0...@syzkaller.appspotmail.com
list_del corruption. prev->next should be 86e9dfac, but was 00000000
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:51!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 3067 Comm: udevd Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __list_del_entry_valid+0x84/0x9c lib/list_debug.c:51
LR is at wake_up_klogd.part.0+0x7c/0xb4 kernel/printk/printk.c:3118
pc : [<80807340>] lr : [<802d21b0>] psr: 600e0093
sp : 85853e60 ip : 85853d90 fp : 85853e6c
r10: 5ac3c35a r9 : 85675734 r8 : 85d673c0
r7 : 84523b60 r6 : 600e0013 r5 : 86e9df00 r4 : 86eebb40
r3 : 00000000 r2 : 00000000 r1 : ddfc0688 r0 : 00000044
Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
Control: 30c5387d Table: 85864540 DAC: fffffffd
Process udevd (pid: 3067, stack limit = 0x85852210)
Stack: (0x85853e60 to 0x85854000)
3e60: 85853e8c 85853e70 805bae88 808072c8 85f63180 8745c3c0 86e9df00 84523b60
3e80: 85853eac 85853e90 805baf30 805bae50 8745c3c0 85f63180 000a800d 857a1550
3ea0: 85853ee4 85853eb0 804dc2e0 805baf04 85853edc 85853ec0 80384db8 8181ca64
3ec0: 00000000 856756e4 85675140 82c6ba40 81f4a770 85675734 85853ef4 85853ee8
3ee0: 804dc524 804dc250 85853f1c 85853ef8 80270030 804dc520 ffffe000 85853fb0
3f00: 80200224 85852000 fffffe30 81f42a14 85853fac 85853f20 8020ce3c 8026ff9c
3f20: 8745c3c0 00000000 85853f4c 85853f38 804dc0d8 8026fdd4 5ac3c35a 82a2244c
3f40: 85853f5c 85853f50 804dc564 804dc07c 85853f7c 85853f60 804d5158 804dc534
3f60: 837248c0 76d1ec18 00000000 00000006 85853f94 85853f80 80502460 56b92eae
3f80: 01734ec8 01734ec8 76d1ec18 00000000 00000006 80200224 85852000 00000006
3fa0: 00000000 85853fb0 80200098 8020c928 00000000 00000000 000005e8 76c3d894
3fc0: 01734ec8 76d1ec18 00000000 00000006 00000007 00000000 0004023d 00040246
3fe0: 00000000 7ebd21c4 76c3f1bc 76ca4950 200e0010 0000000c 00000000 00000000
Backtrace:
[<808072bc>] (__list_del_entry_valid) from [<805bae88>] (__list_del_entry include/linux/list.h:132 [inline])
[<808072bc>] (__list_del_entry_valid) from [<805bae88>] (list_del include/linux/list.h:146 [inline])
[<808072bc>] (__list_del_entry_valid) from [<805bae88>] (kernfs_put_open_node+0x44/0xb4 fs/kernfs/file.c:584)
[<805bae44>] (kernfs_put_open_node) from [<805baf30>] (kernfs_fop_release+0x38/0x88 fs/kernfs/file.c:760)
r7:84523b60 r6:86e9df00 r5:8745c3c0 r4:85f63180
[<805baef8>] (kernfs_fop_release) from [<804dc2e0>] (__fput+0x9c/0x264 fs/file_table.c:280)
r7:857a1550 r6:000a800d r5:85f63180 r4:8745c3c0
[<804dc244>] (__fput) from [<804dc524>] (____fput+0x10/0x14 fs/file_table.c:313)
r9:85675734 r8:81f4a770 r7:82c6ba40 r6:85675140 r5:856756e4 r4:00000000
[<804dc514>] (____fput) from [<80270030>] (task_work_run+0xa0/0xdc kernel/task_work.c:140)
[<8026ff90>] (task_work_run) from [<8020ce3c>] (tracehook_notify_resume include/linux/tracehook.h:189 [inline])
[<8026ff90>] (task_work_run) from [<8020ce3c>] (do_work_pending+0x520/0x648 arch/arm/kernel/signal.c:672)
r9:81f42a14 r8:fffffe30 r7:85852000 r6:80200224 r5:85853fb0 r4:ffffe000
[<8020c91c>] (do_work_pending) from [<80200098>] (slow_work_pending+0xc/0x20)
Exception stack(0x85853fb0 to 0x85853ff8)
3fa0: 00000000 00000000 000005e8 76c3d894
3fc0: 01734ec8 76d1ec18 00000000 00000006 00000007 00000000 0004023d 00040246
3fe0: 00000000 7ebd21c4 76c3f1bc 76ca4950 200e0010 0000000c
r10:00000006 r9:85852000 r8:80200224 r7:00000006 r6:00000000 r5:76d1ec18
r4:01734ec8
Code: e1a01000 e3000880 e34801fa eb3ffb0c (e7f001f2)
---[ end trace 741d5c2bb4d4e10b ]---
----------------
Code disassembly (best guess):
0: e1a01000 mov r1, r0
4: e3000880 movw r0, #2176 ; 0x880
8: e34801fa movt r0, #33274 ; 0x81fa
c: eb3ffb0c bl 0xffec44
* 10: e7f001f2 udf #18 <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: bf152b0b41dc Merge tag 'for_linus' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12e0b72d300000
kernel config: https://syzkaller.appspot.com/x/.config?x=4a0a845d34d07474
dashboard link: https://syzkaller.appspot.com/bug?extid=7751c073b5e23286f687
userspace arch: arm
CC: [gre...@linuxfoundation.org linux-...@vger.kernel.org t...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7751c0...@syzkaller.appspotmail.com
list_del corruption. prev->next should be 86e9dfac, but was 00000000
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:51!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 3067 Comm: udevd Not tainted 5.12.0-rc3-syzkaller #0
Hardware name: ARM-Versatile Express
PC is at __list_del_entry_valid+0x84/0x9c lib/list_debug.c:51
LR is at wake_up_klogd.part.0+0x7c/0xb4 kernel/printk/printk.c:3118
pc : [<80807340>] lr : [<802d21b0>] psr: 600e0093
sp : 85853e60 ip : 85853d90 fp : 85853e6c
r10: 5ac3c35a r9 : 85675734 r8 : 85d673c0
r7 : 84523b60 r6 : 600e0013 r5 : 86e9df00 r4 : 86eebb40
r3 : 00000000 r2 : 00000000 r1 : ddfc0688 r0 : 00000044
Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
Control: 30c5387d Table: 85864540 DAC: fffffffd
Process udevd (pid: 3067, stack limit = 0x85852210)
Stack: (0x85853e60 to 0x85854000)
3e60: 85853e8c 85853e70 805bae88 808072c8 85f63180 8745c3c0 86e9df00 84523b60
3e80: 85853eac 85853e90 805baf30 805bae50 8745c3c0 85f63180 000a800d 857a1550
3ea0: 85853ee4 85853eb0 804dc2e0 805baf04 85853edc 85853ec0 80384db8 8181ca64
3ec0: 00000000 856756e4 85675140 82c6ba40 81f4a770 85675734 85853ef4 85853ee8
3ee0: 804dc524 804dc250 85853f1c 85853ef8 80270030 804dc520 ffffe000 85853fb0
3f00: 80200224 85852000 fffffe30 81f42a14 85853fac 85853f20 8020ce3c 8026ff9c
3f20: 8745c3c0 00000000 85853f4c 85853f38 804dc0d8 8026fdd4 5ac3c35a 82a2244c
3f40: 85853f5c 85853f50 804dc564 804dc07c 85853f7c 85853f60 804d5158 804dc534
3f60: 837248c0 76d1ec18 00000000 00000006 85853f94 85853f80 80502460 56b92eae
3f80: 01734ec8 01734ec8 76d1ec18 00000000 00000006 80200224 85852000 00000006
3fa0: 00000000 85853fb0 80200098 8020c928 00000000 00000000 000005e8 76c3d894
3fc0: 01734ec8 76d1ec18 00000000 00000006 00000007 00000000 0004023d 00040246
3fe0: 00000000 7ebd21c4 76c3f1bc 76ca4950 200e0010 0000000c 00000000 00000000
Backtrace:
[<808072bc>] (__list_del_entry_valid) from [<805bae88>] (__list_del_entry include/linux/list.h:132 [inline])
[<808072bc>] (__list_del_entry_valid) from [<805bae88>] (list_del include/linux/list.h:146 [inline])
[<808072bc>] (__list_del_entry_valid) from [<805bae88>] (kernfs_put_open_node+0x44/0xb4 fs/kernfs/file.c:584)
[<805bae44>] (kernfs_put_open_node) from [<805baf30>] (kernfs_fop_release+0x38/0x88 fs/kernfs/file.c:760)
r7:84523b60 r6:86e9df00 r5:8745c3c0 r4:85f63180
[<805baef8>] (kernfs_fop_release) from [<804dc2e0>] (__fput+0x9c/0x264 fs/file_table.c:280)
r7:857a1550 r6:000a800d r5:85f63180 r4:8745c3c0
[<804dc244>] (__fput) from [<804dc524>] (____fput+0x10/0x14 fs/file_table.c:313)
r9:85675734 r8:81f4a770 r7:82c6ba40 r6:85675140 r5:856756e4 r4:00000000
[<804dc514>] (____fput) from [<80270030>] (task_work_run+0xa0/0xdc kernel/task_work.c:140)
[<8026ff90>] (task_work_run) from [<8020ce3c>] (tracehook_notify_resume include/linux/tracehook.h:189 [inline])
[<8026ff90>] (task_work_run) from [<8020ce3c>] (do_work_pending+0x520/0x648 arch/arm/kernel/signal.c:672)
r9:81f42a14 r8:fffffe30 r7:85852000 r6:80200224 r5:85853fb0 r4:ffffe000
[<8020c91c>] (do_work_pending) from [<80200098>] (slow_work_pending+0xc/0x20)
Exception stack(0x85853fb0 to 0x85853ff8)
3fa0: 00000000 00000000 000005e8 76c3d894
3fc0: 01734ec8 76d1ec18 00000000 00000006 00000007 00000000 0004023d 00040246
3fe0: 00000000 7ebd21c4 76c3f1bc 76ca4950 200e0010 0000000c
r10:00000006 r9:85852000 r8:80200224 r7:00000006 r6:00000000 r5:76d1ec18
r4:01734ec8
Code: e1a01000 e3000880 e34801fa eb3ffb0c (e7f001f2)
---[ end trace 741d5c2bb4d4e10b ]---
----------------
Code disassembly (best guess):
0: e1a01000 mov r1, r0
4: e3000880 movw r0, #2176 ; 0x880
8: e34801fa movt r0, #33274 ; 0x81fa
c: eb3ffb0c bl 0xffec44
* 10: e7f001f2 udf #18 <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 15, 2021, 4:59:18 PM12/15/21
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages