BUG: corrupted list in remove_wait

Title	Replies (including bot)	Last reply
[syzbot] [fs?] BUG: corrupted list in remove_wait_queue (2)	1 (5)	2025/07/07 11:43
[PATCH v2] media: dmxdev: fix repeated initialization of ringbuffer in dvb_dvr_open()	1 (1)	2025/04/07 09:16
[PATCH] media: dmxdev: fix repeated initialization of ringbuffer in dvb_dvr_open()	1 (1)	2025/04/06 16:58

Title

Replies (including bot)

Last reply

[syzbot] [fs?] BUG: corrupted list in remove_wait_queue (2)

1 (5)

2025/07/07 11:43

[PATCH v2] media: dmxdev: fix repeated initialization of ringbuffer in dvb_dvr_open()

1 (1)

2025/04/07 09:16

[PATCH] media: dmxdev: fix repeated initialization of ringbuffer in dvb_dvr_open()

1 (1)

2025/04/06 16:58

Kernel	Title	Rank 🛈	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	BUG: corrupted list in remove_wait_queue	8	C			31139	863d	2290d	0/1	upstream: reported C repro on 2019/04/10 16:06
upstream	BUG: corrupted list in remove_wait_queue kvm net virt	8	C			5	2672d	2675d	5/29	fixed on 2018/04/06 16:37
upstream	KASAN: use-after-free Read in remove_wait_queue (3) kernfs	19	C	inconclusive		123	914d	1339d	22/29	fixed on 2023/02/24 13:50
linux-4.14	KASAN: use-after-free Read in remove_wait_queue (2)	19	C		error	7	1232d	1928d	0/1	upstream: reported C repro on 2020/04/07 06:03
upstream	KASAN: slab-use-after-free Read in remove_wait_queue usb input	19				3	755d	757d	0/29	auto-obsoleted due to no activity on 2023/10/01 17:55

Rank 🛈

linux-4.19

BUG: corrupted list in remove_wait_queue

31139

863d

2290d

0/1

upstream: reported C repro on 2019/04/10 16:06

upstream

BUG: corrupted list in remove_wait_queue kvm net virt

2672d

2675d

5/29

fixed on 2018/04/06 16:37

upstream

KASAN: use-after-free Read in remove_wait_queue (3) kernfs

inconclusive

123

914d

1339d

22/29

fixed on 2023/02/24 13:50

linux-4.14

KASAN: use-after-free Read in remove_wait_queue (2)

error

1232d

1928d

0/1

upstream: reported C repro on 2020/04/07 06:03

upstream

KASAN: slab-use-after-free Read in remove_wait_queue usb input

755d

757d

0/29

auto-obsoleted due to no activity on 2023/10/01 17:55


Created	Duration	User	Patch	Repo	Result
2025/07/07 11:27	15m	hdanton@sina.com	patch	upstream	report log
2025/06/22 18:26	15m	retest repro		upstream	report log
2025/05/11 20:42	15m	retest repro		upstream	report log
2025/04/27 19:10	15m	retest repro		upstream	report log
2025/04/27 19:10	15m	retest repro		upstream	report log
2025/04/27 19:10	15m	retest repro		upstream	report log
2025/04/27 19:10	15m	retest repro		upstream	report log
2025/04/13 18:09	15m	retest repro		upstream	report log
2025/02/17 07:26	21m	lizhi.xu@windriver.com	patch	upstream	error
2025/02/16 18:54	17m	retest repro		upstream	report log
2025/02/02 17:42	13m	retest repro		upstream	report log
2025/02/02 17:42	13m	retest repro		upstream	report log

list_del corruption. prev->next should be ffffc90003377b98, but was ffff88802a2585c8. (prev=ffff88802a2585c8) ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:62! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 9290 Comm: syz-executor367 Not tainted 6.13.0-rc7-syzkaller-00191-gfda5e3f28400 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 RIP: 0010:__list_del_entry_valid_or_report+0x12c/0x1c0 lib/list_debug.c:62 Code: e8 19 db da fc 90 0f 0b 48 89 ca 48 c7 c7 00 a0 b1 8b e8 07 db da fc 90 0f 0b 48 89 c2 48 c7 c7 60 a0 b1 8b e8 f5 da da fc 90 <0f> 0b 48 89 d1 48 c7 c7 e0 a0 b1 8b 48 89 c2 e8 e0 da da fc 90 0f RSP: 0018:ffffc90003377880 EFLAGS: 00010086 RAX: 000000000000006d RBX: ffffc90003377b80 RCX: ffffffff8178e449 RDX: 0000000000000000 RSI: ffffffff81798bd6 RDI: 0000000000000005 RBP: ffff88802a258588 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000001 R11: 0000000000000001 R12: 0000000000000286 R13: ffffc90003377b98 R14: ffffc90003377ba0 R15: ffffc90003377b70 FS: 0000555578a00380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f687b8542b0 CR3: 0000000073a90000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __list_del_entry_valid include/linux/list.h:124 [inline] __list_del_entry include/linux/list.h:215 [inline] list_del include/linux/list.h:229 [inline] __remove_wait_queue include/linux/wait.h:207 [inline] remove_wait_queue+0x30/0x180 kernel/sched/wait.c:55 free_poll_entry fs/select.c:132 [inline] poll_freewait+0xd5/0x250 fs/select.c:141 do_sys_poll+0x6f7/0xde0 fs/select.c:1010 __do_sys_poll fs/select.c:1074 [inline] __se_sys_poll fs/select.c:1062 [inline] __x64_sys_poll+0x1a8/0x450 fs/select.c:1062 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f687b7d8809 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 1c 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffdb8bb93f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 RAX: ffffffffffffffda RBX: 00307276642f3072 RCX: 00007f687b7d8809 RDX: 0000000000000106 RSI: 0000000000000005 RDI: 0000000020000080 RBP: 0000000000000000 R08: 00007ffdb8bb8f60 R09: 00007ffdb8bb8f60 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdb8bb941c R13: 00007ffdb8bb9430 R14: 00007ffdb8bb9470 R15: 0000000000000359 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_del_entry_valid_or_report+0x12c/0x1c0 lib/list_debug.c:62 Code: e8 19 db da fc 90 0f 0b 48 89 ca 48 c7 c7 00 a0 b1 8b e8 07 db da fc 90 0f 0b 48 89 c2 48 c7 c7 60 a0 b1 8b e8 f5 da da fc 90 <0f> 0b 48 89 d1 48 c7 c7 e0 a0 b1 8b 48 89 c2 e8 e0 da da fc 90 0f RSP: 0018:ffffc90003377880 EFLAGS: 00010086 RAX: 000000000000006d RBX: ffffc90003377b80 RCX: ffffffff8178e449 RDX: 0000000000000000 RSI: ffffffff81798bd6 RDI: 0000000000000005 RBP: ffff88802a258588 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000080000001 R11: 0000000000000001 R12: 0000000000000286 R13: ffffc90003377b98 R14: ffffc90003377ba0 R15: ffffc90003377b70 FS: 0000555578a00380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f687b8542b0 CR3: 0000000073a90000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (20):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2025/01/19 17:38	upstream	fda5e3f28400	f2cb035c	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	BUG: corrupted list in remove_wait_queue
2025/01/19 15:02	upstream	fda5e3f28400	f2cb035c	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	BUG: corrupted list in remove_wait_queue
2025/01/19 12:45	upstream	fda5e3f28400	f2cb035c	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	BUG: corrupted list in remove_wait_queue
2025/01/19 08:27	upstream	fda5e3f28400	f2cb035c	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	BUG: corrupted list in remove_wait_queue
2025/01/19 06:05	upstream	fda5e3f28400	f2cb035c	.config	console log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	BUG: corrupted list in remove_wait_queue
2025/07/06 03:06	upstream	05df91921da6	4f67c4ae	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/10 00:50	linux-next	835244aba90d	f4e5e155	.config	strace log	report	syz / log	C		[disk image] [vmlinux] [kernel image]	ci-upstream-rust-kasan-gce	KASAN: slab-use-after-free Read in remove_wait_queue
2025/01/19 10:38	upstream	fda5e3f28400	f2cb035c	.config	console log	report	syz / log			[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	BUG: corrupted list in remove_wait_queue
2025/01/18 23:22	upstream	595523945be0	f2cb035c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-qemu-gce-upstream-auto	BUG: corrupted list in remove_wait_queue
2025/07/17 19:46	upstream	e2291551827f	0d1223f1	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/09 21:55	upstream	733923397fd9	f4e5e155	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/09 03:21	upstream	d006330be3f7	abade794	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/09 03:21	upstream	d006330be3f7	abade794	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/08 23:29	upstream	d006330be3f7	abade794	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/08 23:28	upstream	d006330be3f7	abade794	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/06 02:10	upstream	05df91921da6	4f67c4ae	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/15 17:48	upstream	155a3c003e55	03fcfc4b	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/13 13:56	upstream	3f31a806a62e	3cda49cf	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/10 13:49	upstream	8c2e52ebbe88	d7384b6d	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	KASAN: slab-use-after-free Read in remove_wait_queue
2025/07/13 13:22	upstream	3f31a806a62e	3cda49cf	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	KASAN: slab-use-after-free Read in remove_wait_queue

Crashes (20):

Assets (help?)

2025/01/19 17:38

upstream