syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: corrupted list in p9_conn_cancel

Status: upstream: reported syz repro on 2019/10/01 03:22
Reported-by: syzbot+1dfe737f13edb00a42cb@syzkaller.appspotmail.com
First crash: 1909d, last: 1659d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: corrupted list in p9_conn_cancel (3) v9fs 1 493d 489d 0/28 auto-obsoleted due to no activity on 2023/11/14 18:11
upstream BUG: corrupted list in p9_conn_cancel (2) v9fs 1 683d 679d 0/28 auto-obsoleted due to no activity on 2023/05/08 23:23
upstream BUG: corrupted list in p9_conn_cancel v9fs C done 18 2257d 2357d 13/28 fixed on 2019/11/11 16:48
Last patch testing requests (2)
Created Duration User Patch Repo Result
2023/01/20 16:32 12m retest repro linux-4.14.y report log
2022/09/05 05:27 14m retest repro linux-4.14.y report log
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2020/07/07 02:45 0m bisect fix linux-4.14.y error job log
2020/06/07 01:53 23m bisect fix linux-4.14.y OK (0) job log log
2020/05/08 01:27 26m bisect fix linux-4.14.y OK (0) job log log
2020/04/08 01:02 25m bisect fix linux-4.14.y OK (0) job log log
2020/03/09 00:35 26m bisect fix linux-4.14.y OK (0) job log log
2020/02/08 00:11 23m bisect fix linux-4.14.y OK (0) job log log
2020/01/08 23:46 25m bisect fix linux-4.14.y OK (0) job log log

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
8021q: adding VLAN 0 to HW filter on device batadv0
list_add corruption. next->prev should be prev (ffff8880a95d7ca8), but was ffff8880a08f07c0. (next=ffff888097a09ad8).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:23!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 277 Comm: kworker/0:1 Not tainted 4.14.151 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events p9_poll_workfn
task: ffff8880a9596200 task.stack: ffff8880a95d0000
RIP: 0010:__list_add_valid.cold+0xf/0x3c lib/list_debug.c:23
RSP: 0018:ffff8880a95d7c20 EFLAGS: 00010286
RAX: 0000000000000075 RBX: ffff8880a95d7ca8 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff866d1160 RDI: ffffed10152baf7a
RBP: ffff8880a95d7c38 R08: 0000000000000075 R09: ffff8880a9596af0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888097a09ad8
R13: ffff8880a95d7ca8 R14: ffff888097a09ab0 R15: ffff888097a09ad8
FS:  0000000000000000(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f50501a4000 CR3: 000000009a707000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __list_add include/linux/list.h:60 [inline]
 list_add include/linux/list.h:79 [inline]
 list_move include/linux/list.h:171 [inline]
 p9_conn_cancel+0x1e3/0x880 net/9p/trans_fd.c:216
 p9_poll_mux net/9p/trans_fd.c:632 [inline]
 p9_poll_workfn+0x27e/0x3e0 net/9p/trans_fd.c:1123
 process_one_work+0x863/0x1600 kernel/workqueue.c:2114
 worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
 kthread+0x319/0x430 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 3b ae fe eb d5 4c 89 e7 e8 8a 3b ae fe eb a3 4c 89 f7 e8 80 3b ae fe e9 56 ff ff ff 4c 89 e1 48 c7 c7 a0 33 9d 86 e8 df c4 72 fe <0f> 0b 48 89 f2 4c 89 e1 4c 89 ee 48 c7 c7 e0 34 9d 86 e8 c8 c4 
RIP: __list_add_valid.cold+0xf/0x3c lib/list_debug.c:23 RSP: ffff8880a95d7c20
---[ end trace 65aa45f043ec2865 ]---

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/30 23:25 linux-4.14.y ddef1e8e3f6e a41ca8fa .config console log report syz ci2-linux-4-14
2019/12/09 23:46 linux-4.14.y a844dc4c5442 b31eda3d .config console log report ci2-linux-4-14
2019/11/21 00:18 linux-4.14.y f56f3d0e65ad 8098ea0f .config console log report ci2-linux-4-14
2019/10/20 11:16 linux-4.14.y b98aebd29824 8c88c9c1 .config console log report ci2-linux-4-14
2019/10/01 02:21 linux-4.14.y f6e27dbb1afa c7a4fb99 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.