[moderation] fatal error: bad sweepgen in refill
15 views
Skip to first unread message
syzbot
Jun 29, 2023, 1:14:58 PM6/29/23
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a92b7d26c743 Merge tag 'drm-fixes-2023-06-23' of git://ano..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17fe48e0a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=24ce1b2abaee24cc
dashboard link: https://syzkaller.appspot.com/bug?extid=02f5bf89ee29f55ef1b3
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f0158c6c02c9/disk-a92b7d26.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/91b4daaa4521/vmlinux-a92b7d26.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b5e6c2198af0/bzImage-a92b7d26.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+02f5bf...@syzkaller.appspotmail.com
fatal error: bad sweepgen in refill
goroutine 23 [running]:
runtime.throw({0xaac756?, 0xc00280c7b0?})
/usr/local/go/src/runtime/panic.go:1047 +0x5d fp=0xc00280c6f0 sp=0xc00280c6c0 pc=0x4363bd
runtime.(*mcache).refill(0x7f5e30c2c108, 0x38?)
/usr/local/go/src/runtime/mcache.go:157 +0x216 fp=0xc00280c730 sp=0xc00280c6f0 pc=0x416956
runtime.(*mcache).nextFree(0x7f5e30c2c108, 0x5c)
/usr/local/go/src/runtime/malloc.go:855 +0x85 fp=0xc00280c778 sp=0xc00280c730 pc=0x40d2a5
runtime.mallocgc(0x14d0, 0x9e0640, 0x1)
/usr/local/go/src/runtime/malloc.go:1042 +0x44d fp=0xc00280c7e0 sp=0xc00280c778 pc=0x40d88d
runtime.newarray(0xc0222e8000?, 0x0?)
/usr/local/go/src/runtime/malloc.go:1276 +0x52 fp=0xc00280c808 sp=0xc00280c7e0 pc=0x40deb2
runtime.makeBucketArray(0x30?, 0x80?, 0x988580?)
/usr/local/go/src/runtime/map.go:363 +0x18e fp=0xc00280c848 sp=0xc00280c808 pc=0x40ed0e
runtime.hashGrow(0x0?, 0xc00280cd30)
/usr/local/go/src/runtime/map.go:1051 +0x79 fp=0xc00280c888 sp=0xc00280c848 pc=0x4105d9
runtime.mapassign_fast64ptr(0x988580, 0xc00280cd30, 0xc002c08510)
/usr/local/go/src/runtime/map_fast64.go:247 +0xdc fp=0xc00280c8c8 sp=0xc00280c888 pc=0x4123dc
github.com/google/syzkaller/prog.clone({0xcbea90?, 0xc002c08510?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:91 +0x578 fp=0xc00280c980 sp=0xc00280c8c8 pc=0x546138
github.com/google/syzkaller/prog.clone({0xcbea10?, 0xc002c02540?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:67 +0x64e fp=0xc00280ca38 sp=0xc00280c980 pc=0x54620e
github.com/google/syzkaller/prog.clone({0xcbea10?, 0xc002d23aa0?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:67 +0x64e fp=0xc00280caf0 sp=0xc00280ca38 pc=0x54620e
github.com/google/syzkaller/prog.clone({0xcbea10?, 0xc002d23ae0?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:67 +0x64e fp=0xc00280cba8 sp=0xc00280caf0 pc=0x54620e
github.com/google/syzkaller/prog.clone({0xcbea50?, 0xc002d47590?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:54 +0x115 fp=0xc00280cc60 sp=0xc00280cba8 pc=0x545cd5
github.com/google/syzkaller/prog.cloneCall(0xc002c00410, 0xa077a0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:36 +0x15a fp=0xc00280ccb0 sp=0xc00280cc60 pc=0x545b1a
github.com/google/syzkaller/prog.cloneCalls({0xc003bda900, 0x1b, 0x0?}, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:23 +0x67 fp=0xc00280ccf0 sp=0xc00280ccb0 pc=0x545947
github.com/google/syzkaller/prog.(*Prog).Clone(0xc0050cef00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:14 +0x96 fp=0xc00280ce00 sp=0xc00280ccf0 pc=0x545816
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc0263f59a0, 0xc00f14abe0, 0x1187540, 0x10?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:917 +0xb0 fp=0xc00280cf50 sp=0xc00280ce00 pc=0x5691b0
github.com/google/syzkaller/prog.(*ResourceType).generate(0x1187540, 0xc0263f59a0, 0xc00280d180?, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:732 +0xd4 fp=0xc00280cfe8 sp=0xc00280cf50 pc=0x566e94
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0263f59a0, 0xc00f14abe0, {0xcc4af0?, 0x1187540?}, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:720 +0x606 fp=0xc00280d0a8 sp=0xc00280cfe8 pc=0x566c06
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:670
github.com/google/syzkaller/prog.(*randGen).generateArgs(0x53fa60?, 0x412f02?, {0x1bd5d60, 0x7, 0x7}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x17b fp=0xc00280d178 sp=0xc00280d0a8 pc=0x56643b
github.com/google/syzkaller/prog.(*StructType).generate(0x1345560, 0xc000096210?, 0xb565f0?, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:856 +0x45 fp=0xc00280d1f0 sp=0xc00280d178 pc=0x568365
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0263f59a0, 0xc00f14abe0, {0xcc4bb8?, 0x1345560?}, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:720 +0x606 fp=0xc00280d2b0 sp=0xc00280d1f0 pc=0x566c06
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:670
github.com/google/syzkaller/prog.(*PtrType).generate(0x119c600, 0xc0263f59a0, 0xc00f2fc550?, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:875 +0x85 fp=0xc00280d338 sp=0xc00280d2b0 pc=0x568665
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: a92b7d26c743 Merge tag 'drm-fixes-2023-06-23' of git://ano..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17fe48e0a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=24ce1b2abaee24cc
dashboard link: https://syzkaller.appspot.com/bug?extid=02f5bf89ee29f55ef1b3
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f0158c6c02c9/disk-a92b7d26.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/91b4daaa4521/vmlinux-a92b7d26.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b5e6c2198af0/bzImage-a92b7d26.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+02f5bf...@syzkaller.appspotmail.com
fatal error: bad sweepgen in refill
goroutine 23 [running]:
runtime.throw({0xaac756?, 0xc00280c7b0?})
/usr/local/go/src/runtime/panic.go:1047 +0x5d fp=0xc00280c6f0 sp=0xc00280c6c0 pc=0x4363bd
runtime.(*mcache).refill(0x7f5e30c2c108, 0x38?)
/usr/local/go/src/runtime/mcache.go:157 +0x216 fp=0xc00280c730 sp=0xc00280c6f0 pc=0x416956
runtime.(*mcache).nextFree(0x7f5e30c2c108, 0x5c)
/usr/local/go/src/runtime/malloc.go:855 +0x85 fp=0xc00280c778 sp=0xc00280c730 pc=0x40d2a5
runtime.mallocgc(0x14d0, 0x9e0640, 0x1)
/usr/local/go/src/runtime/malloc.go:1042 +0x44d fp=0xc00280c7e0 sp=0xc00280c778 pc=0x40d88d
runtime.newarray(0xc0222e8000?, 0x0?)
/usr/local/go/src/runtime/malloc.go:1276 +0x52 fp=0xc00280c808 sp=0xc00280c7e0 pc=0x40deb2
runtime.makeBucketArray(0x30?, 0x80?, 0x988580?)
/usr/local/go/src/runtime/map.go:363 +0x18e fp=0xc00280c848 sp=0xc00280c808 pc=0x40ed0e
runtime.hashGrow(0x0?, 0xc00280cd30)
/usr/local/go/src/runtime/map.go:1051 +0x79 fp=0xc00280c888 sp=0xc00280c848 pc=0x4105d9
runtime.mapassign_fast64ptr(0x988580, 0xc00280cd30, 0xc002c08510)
/usr/local/go/src/runtime/map_fast64.go:247 +0xdc fp=0xc00280c8c8 sp=0xc00280c888 pc=0x4123dc
github.com/google/syzkaller/prog.clone({0xcbea90?, 0xc002c08510?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:91 +0x578 fp=0xc00280c980 sp=0xc00280c8c8 pc=0x546138
github.com/google/syzkaller/prog.clone({0xcbea10?, 0xc002c02540?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:67 +0x64e fp=0xc00280ca38 sp=0xc00280c980 pc=0x54620e
github.com/google/syzkaller/prog.clone({0xcbea10?, 0xc002d23aa0?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:67 +0x64e fp=0xc00280caf0 sp=0xc00280ca38 pc=0x54620e
github.com/google/syzkaller/prog.clone({0xcbea10?, 0xc002d23ae0?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:67 +0x64e fp=0xc00280cba8 sp=0xc00280caf0 pc=0x54620e
github.com/google/syzkaller/prog.clone({0xcbea50?, 0xc002d47590?}, 0xc00280cd30)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:54 +0x115 fp=0xc00280cc60 sp=0xc00280cba8 pc=0x545cd5
github.com/google/syzkaller/prog.cloneCall(0xc002c00410, 0xa077a0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:36 +0x15a fp=0xc00280ccb0 sp=0xc00280cc60 pc=0x545b1a
github.com/google/syzkaller/prog.cloneCalls({0xc003bda900, 0x1b, 0x0?}, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:23 +0x67 fp=0xc00280ccf0 sp=0xc00280ccb0 pc=0x545947
github.com/google/syzkaller/prog.(*Prog).Clone(0xc0050cef00)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/clone.go:14 +0x96 fp=0xc00280ce00 sp=0xc00280ccf0 pc=0x545816
github.com/google/syzkaller/prog.(*randGen).resourceCentric(0xc0263f59a0, 0xc00f14abe0, 0x1187540, 0x10?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:917 +0xb0 fp=0xc00280cf50 sp=0xc00280ce00 pc=0x5691b0
github.com/google/syzkaller/prog.(*ResourceType).generate(0x1187540, 0xc0263f59a0, 0xc00280d180?, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:732 +0xd4 fp=0xc00280cfe8 sp=0xc00280cf50 pc=0x566e94
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0263f59a0, 0xc00f14abe0, {0xcc4af0?, 0x1187540?}, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:720 +0x606 fp=0xc00280d0a8 sp=0xc00280cfe8 pc=0x566c06
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:670
github.com/google/syzkaller/prog.(*randGen).generateArgs(0x53fa60?, 0x412f02?, {0x1bd5d60, 0x7, 0x7}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:658 +0x17b fp=0xc00280d178 sp=0xc00280d0a8 pc=0x56643b
github.com/google/syzkaller/prog.(*StructType).generate(0x1345560, 0xc000096210?, 0xb565f0?, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:856 +0x45 fp=0xc00280d1f0 sp=0xc00280d178 pc=0x568365
github.com/google/syzkaller/prog.(*randGen).generateArgImpl(0xc0263f59a0, 0xc00f14abe0, {0xcc4bb8?, 0x1345560?}, 0x0, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:720 +0x606 fp=0xc00280d2b0 sp=0xc00280d1f0 pc=0x566c06
github.com/google/syzkaller/prog.(*randGen).generateArg(...)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:670
github.com/google/syzkaller/prog.(*PtrType).generate(0x119c600, 0xc0263f59a0, 0xc00f2fc550?, 0x0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/rand.go:875 +0x85 fp=0xc00280d338 sp=0xc00280d2b0 pc=0x568665
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Aleksandr Nogikh
Jun 29, 2023, 1:23:39 PM6/29/23
to syzbot, syzkaller-upst...@googlegroups.com, Dmitry Vyukov
Looks like yet another reiserfs-caused memory corruption.
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/000000000000f71c5805ff47d65d%40google.com.
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/000000000000f71c5805ff47d65d%40google.com.
syzbot
Sep 23, 2023, 1:11:39 PM9/23/23
to dvy...@google.com, nog...@google.com, syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages