BUG: corrupted list in nfc_llcp_register

Title	Replies (including bot)	Last reply
[syzbot] Monthly nfc report (May 2023)	0 (1)	2023/05/04 12:45
[syzbot] Monthly nfc report	0 (1)	2023/04/03 11:13
[syzbot] BUG: corrupted list in nfc_llcp_register_device	0 (2)	2023/01/23 07:58

Created	Duration	User	Patch	Repo	Result
2022/12/21 12:30	19m	hdanton@sina.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master	report log

Created

Duration

User

Patch

Repo

Result

2022/12/21 12:30

19m

hdanton@sina.com

patch

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

report log

list_add corruption. next->prev should be prev (ffffffff8e565e00), but was dead000000000122. (next=ffff88801a694000). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:27! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 2 PID: 24230 Comm: syz-executor175 Not tainted 6.2.0-rc8-syzkaller-00002-gb408817d4884 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 RIP: 0010:__list_add_valid.cold+0xf/0x58 lib/list_debug.c:27 Code: 48 c7 c6 60 b4 a6 8a 48 89 ef 49 c7 c7 ea ff ff ff e8 58 09 07 00 e9 b3 40 3c fa 4c 89 e1 48 c7 c7 00 bb a6 8a e8 75 2a f0 ff <0f> 0b 48 c7 c7 a0 ba a6 8a e8 67 2a f0 ff 0f 0b 48 c7 c7 00 ba a6 RSP: 0018:ffffc90025ac77f0 EFLAGS: 00010282 RAX: 0000000000000075 RBX: ffff88801e0da000 RCX: 0000000000000000 RDX: ffff88801acdba80 RSI: ffffffff816610ec RDI: fffff52004b58ef0 RBP: ffff88801e0da000 R08: 0000000000000075 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000000 R12: ffff88801a694000 R13: ffff88801a694000 R14: 0000000000000000 R15: ffff888026eb1140 FS: 0000000000000000(0000) GS:ffff88802c800000(0063) knlGS:000000005674f300 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000004a3ca000 CR4: 0000000000150ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __list_add include/linux/list.h:69 [inline] list_add include/linux/list.h:88 [inline] nfc_llcp_register_device+0x7a8/0x9e0 net/nfc/llcp_core.c:1604 nfc_register_device+0x70/0x3b0 net/nfc/core.c:1124 nci_register_device+0x7cb/0xb50 net/nfc/nci/core.c:1257 virtual_ncidev_open+0x14f/0x230 drivers/nfc/virtual_ncidev.c:148 misc_open+0x37a/0x4a0 drivers/char/misc.c:165 chrdev_open+0x26a/0x770 fs/char_dev.c:414 do_dentry_open+0x6cc/0x13f0 fs/open.c:882 do_open fs/namei.c:3557 [inline] path_openat+0x1bbc/0x2a50 fs/namei.c:3714 do_filp_open+0x1ba/0x410 fs/namei.c:3741 do_sys_openat2+0x16d/0x4c0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_compat_sys_openat fs/open.c:1386 [inline] __se_compat_sys_openat fs/open.c:1384 [inline] __ia32_compat_sys_openat+0x143/0x1f0 fs/open.c:1384 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0x65/0xf0 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 entry_SYSENTER_compat_after_hwframe+0x70/0x82 RIP: 0023:0xf7e5d549 Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 RSP: 002b:00000000ffcafb3c EFLAGS: 00000286 ORIG_RAX: 0000000000000127 RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000020000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7ee304a RBP: 0000000000000012 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__list_add_valid.cold+0xf/0x58 lib/list_debug.c:27 Code: 48 c7 c6 60 b4 a6 8a 48 89 ef 49 c7 c7 ea ff ff ff e8 58 09 07 00 e9 b3 40 3c fa 4c 89 e1 48 c7 c7 00 bb a6 8a e8 75 2a f0 ff <0f> 0b 48 c7 c7 a0 ba a6 8a e8 67 2a f0 ff 0f 0b 48 c7 c7 00 ba a6 RSP: 0018:ffffc90025ac77f0 EFLAGS: 00010282 RAX: 0000000000000075 RBX: ffff88801e0da000 RCX: 0000000000000000 RDX: ffff88801acdba80 RSI: ffffffff816610ec RDI: fffff52004b58ef0 RBP: ffff88801e0da000 R08: 0000000000000075 R09: 0000000000000000 R10: 0000000080000000 R11: 0000000000000000 R12: ffff88801a694000 R13: ffff88801a694000 R14: 0000000000000000 R15: ffff888026eb1140 FS: 0000000000000000(0000) GS:ffff88802c800000(0063) knlGS:000000005674f300 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000004a3ca000 CR4: 0000000000150ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 03 74 c0 01 add 0x1(%rax,%rax,8),%esi 4: 10 05 03 74 b8 01 adc %al,0x1b87403(%rip) # 0x1b8740d a: 10 06 adc %al,(%rsi) c: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi 10: 10 07 adc %al,(%rdi) 12: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi 16: 10 08 adc %cl,(%rax) 18: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi 1c: 00 00 add %al,(%rax) 1e: 00 00 add %al,(%rax) 20: 00 51 52 add %dl,0x52(%rcx) 23: 55 push %rbp 24: 89 e5 mov %esp,%ebp 26: 0f 34 sysenter 28: cd 80 int $0x80 * 2a: 5d pop %rbp <-- trapping instruction 2b: 5a pop %rdx 2c: 59 pop %rcx 2d: c3 retq 2e: 90 nop 2f: 90 nop 30: 90 nop 31: 90 nop 32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi

Crashes (53):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets	Manager	Title
2023/02/14 09:44	upstream	b408817d4884	93ae7e0a	.config	console log	report	syz	C			ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/01/23 07:58	upstream	2475bf0250de	7374c4e5	.config	console log	report	syz	C			ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/03/26 08:34	upstream	4bdec23f971b	fbf0499a	.config	console log	report	syz			[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	BUG: corrupted list in nfc_llcp_register_device
2022/12/21 01:38	upstream	6feb57c2fd7c	d3e76707	.config	console log	report	syz			[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	BUG: corrupted list in nfc_llcp_register_device
2023/05/23 04:43	upstream	421ca22e3138	4bce1a3e	.config	console log	report	syz			[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/05/11 16:19	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	14f8db1c0f9a	0fbd49f4	.config	console log	report	syz			[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	BUG: corrupted list in nfc_llcp_register_device
2023/01/15 02:12	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	9598c377d828	a63719e7	.config	console log	report	syz			[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	BUG: corrupted list in nfc_llcp_register_device
2023/05/31 11:40	upstream	afead42fdfca	09898419	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: corrupted list in nfc_llcp_register_device
2023/05/27 06:49	upstream	a92c9ab69f66	cf184559	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	BUG: corrupted list in nfc_llcp_register_device
2023/04/22 08:31	upstream	8e41e0a57566	2b32bd34	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	BUG: corrupted list in nfc_llcp_register_device
2023/03/25 23:15	upstream	65aca32efdcb	fbf0499a	.config	console log	report			info		ci-qemu-upstream	BUG: corrupted list in nfc_llcp_register_device
2023/03/21 08:06	upstream	7d31677bb7b1	7939252e	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	BUG: corrupted list in nfc_llcp_register_device
2023/03/02 03:39	upstream	ee3f96b16468	f8902b57	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	BUG: corrupted list in nfc_llcp_register_device
2023/01/14 19:57	upstream	97ec4d559d93	a63719e7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	BUG: corrupted list in nfc_llcp_register_device
2023/05/31 04:09	upstream	afead42fdfca	09898419	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/05/30 18:22	upstream	8b817fded42d	8d5c7541	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/05/28 16:23	upstream	7877cb91f108	cf184559	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-arm32	BUG: corrupted list in nfc_llcp_register_device
2023/05/24 21:08	upstream	9d646009f65d	4bce1a3e	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/03/16 14:19	upstream	9c1bec9c0b08	18b58603	.config	console log	report			info		ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/03/08 21:31	upstream	6a98c9cae232	f6ef8c9d	.config	console log	report			info		ci-qemu2-arm32	BUG: corrupted list in nfc_llcp_register_device
2023/03/06 22:32	upstream	8ca09d5fa354	f8902b57	.config	console log	report			info		ci-qemu2-arm32	BUG: corrupted list in nfc_llcp_register_device
2023/02/04 17:55	upstream	0136d86b7852	be607b78	.config	console log	report			info		ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/01/27 11:19	upstream	7c46948a6e9c	7374c4e5	.config	console log	report			info		ci-qemu2-arm32	BUG: corrupted list in nfc_llcp_register_device
2023/01/27 02:27	upstream	7c46948a6e9c	7374c4e5	.config	console log	report			info		ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2023/01/25 22:24	upstream	948ef7bb70c4	7374c4e5	.config	console log	report			info		ci-qemu-upstream-386	BUG: corrupted list in nfc_llcp_register_device
2022/12/17 12:43	upstream	77856d911a8c	05494336	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	BUG: corrupted list in nfc_llcp_register_device
2023/01/30 23:42	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	c62c88e05937	9dfcf09c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	BUG: corrupted list in nfc_llcp_register_device
2023/01/14 18:59	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	9598c377d828	a63719e7	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	BUG: corrupted list in nfc_llcp_register_device
2023/05/23 06:24	upstream	421ca22e3138	4bce1a3e	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu-upstream	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/05/16 14:07	upstream	f1fcbaa18b28	71b00cfb	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/04/25 08:44	upstream	1a0beef98b58	fdc18293	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/03/31 14:51	upstream	62bad54b26db	f325deb0	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/03/01 19:09	upstream	c0927a7a5391	f8902b57	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/02/04 02:40	upstream	7b753a909f42	1b2f701a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: use-after-free Read in nfc_llcp_register_device
2023/01/14 01:19	upstream	d9fc1511728c	529798b0	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	KASAN: use-after-free Read in nfc_llcp_register_device
2023/01/09 23:27	upstream	1fe4fd6f5cad	1dac8c7a	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: use-after-free Read in nfc_llcp_register_device
2023/01/02 09:36	upstream	150aae354b81	ab32d508	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: use-after-free Read in nfc_llcp_register_device
2022/12/31 19:27	upstream	c8451c141e07	ab32d508	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: use-after-free Read in nfc_llcp_register_device
2022/12/28 22:03	upstream	1b929c02afd3	44712fbc	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-upstream-fs	KASAN: use-after-free Read in nfc_llcp_register_device
2022/12/24 17:25	upstream	72a85e2b0a1e	9da18ae8	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	KASAN: use-after-free Read in nfc_llcp_register_device
2022/12/23 16:28	upstream	8395ae05cb5a	9da18ae8	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: use-after-free Read in nfc_llcp_register_device
2022/12/23 05:55	upstream	8395ae05cb5a	9da18ae8	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce	KASAN: use-after-free Read in nfc_llcp_register_device
2023/03/28 10:05	upstream	3a93e40326c8	47f3aaf1	.config	console log	report			info		ci-qemu-upstream-386	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/03/26 10:46	upstream	da8e7da11e4b	fbf0499a	.config	console log	report			info		ci-qemu2-arm64-mte	KASAN: slab-use-after-free Write in nfc_llcp_register_device
2023/03/23 11:33	upstream	fff5a5e7f528	f94b4a29	.config	console log	report			info		ci-qemu2-arm64-mte	KASAN: slab-use-after-free Write in nfc_llcp_register_device
2023/03/22 18:35	upstream	a1effab7a3a3	d846e076	.config	console log	report			info		ci-qemu-upstream-386	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/02/13 06:55	upstream	0983f6bf2bfc	93e26d60	.config	console log	report			info		ci-qemu2-arm64-mte	KASAN: use-after-free Read in nfc_llcp_register_device
2023/01/24 18:40	upstream	7bf70dbb1882	9dfcf09c	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-386	KASAN: use-after-free Read in nfc_llcp_register_device
2023/05/19 08:53	linux-next	715abedee4cd	3bb7af1d	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-linux-next-kasan-gce-root	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/05/06 05:05	git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes	950b879b7f02	90c93c40	.config	console log	report			info	[disk image (non-bootable)] [vmlinux] [kernel image]	ci-qemu2-riscv64	KASAN: use-after-free Read in nfc_llcp_register_device
2023/04/27 10:58	git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci	14f8db1c0f9a	6f5b1cc4	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-gce-arm64	KASAN: slab-use-after-free Read in nfc_llcp_register_device
2023/03/23 01:42	git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes	950b879b7f02	f94b4a29	.config	console log	report			info		ci-qemu2-riscv64	KASAN: use-after-free Read in nfc_llcp_register_device
2023/03/13 07:30	git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes	950b879b7f02	5205ef30	.config	console log	report			info		ci-qemu2-riscv64	KASAN: use-after-free Write in nfc_llcp_register_device

Crashes (53):

2023/02/14 09:44

upstream