syzbot

 sign-in | mailing list | source | docs
🐞 Open [1419]
Subsystems
🐞 Fixed [5828]
🐞 Invalid [14219]
Missing Backports [92]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: spinlock bad magic (2)

Status: closed as dup on 2018/01/30 22:28
Subsystems: rds
[Documentation on labels]
Reported-by: syzbot+d3f5d339869eb8cd834d2c9f0a88bf4f05c29781@syzkaller.appspotmail.com
First crash: 2534d, last: 2529d
Duplicate of
Title Repro Cause bisect Fix bisect Count Last Reported
BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit rds 2 2532d 2530d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 BUG: spinlock bad magic 1 2573d 2573d 0/3 closed as invalid on 2017/11/05 07:52
android-44 BUG: spinlock bad magic C 16 2483d 2049d 0/2 public: reported C repro on 2019/04/13 00:00
upstream BUG: spinlock bad magic C 6 2614d 2632d 0/28 closed as invalid on 2017/10/18 08:55
android-49 BUG: spinlock bad magic (2) C 52 2480d 2050d 0/3 public: reported C repro on 2019/04/12 00:00

Sample crash report:
audit: type=1400 audit(1513697734.783:2484): avc:  denied  { ipc_owner } for  pid=15299 comm="syz-executor5" capability=15  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
BUG: spinlock bad magic on CPU#0, syz-executor1/15308
 lock: 0xffff8801fce0e830, .magic: 00000000, .owner: <none>/-1, .owner_cpu: -1
CPU: 0 PID: 15308 Comm: syz-executor1 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 spin_dump+0x73/0xd0 kernel/locking/spinlock_debug.c:67
 spin_bug kernel/locking/spinlock_debug.c:75 [inline]
 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
 do_raw_spin_lock+0x6d/0xc0 kernel/locking/spinlock_debug.c:112
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:117 [inline]
 _raw_spin_lock_irqsave+0x5e/0x70 kernel/locking/spinlock.c:152
 rds_conn_message_info.isra.3+0x10d/0x2b0 net/rds/connection.c:493
 rds_conn_message_info_retrans+0x25/0x30 net/rds/connection.c:528
 rds_info_getsockopt+0xdb/0x2e0 net/rds/info.c:219
 rds_getsockopt+0xf2/0x1b0 net/rds/af_rds.c:395
 SYSC_getsockopt net/socket.c:1860 [inline]
 SyS_getsockopt+0x7c/0xe0 net/socket.c:1842
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f4f5acb1c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 000000000071bea0 RCX: 0000000000452a09
RDX: 0000000000002714 RSI: 0000200000000114 RDI: 0000000000000013
RBP: 0000000000000553 R08: 000000002086fffc R09: 0000000000000000
R10: 0000000020d87000 R11: 0000000000000212 R12: 00000000006f5068
R13: 00000000ffffffff R14: 00007f4f5acb26d4 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 1
CPU: 0 PID: 16853 Comm: syz-executor4 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 getname_flags+0x59/0x270 fs/namei.c:138
 getname+0x19/0x20 fs/namei.c:209
 do_sys_open+0x18e/0x340 fs/open.c:1053
 SYSC_openat fs/open.c:1086 [inline]
 SyS_openat+0x30/0x40 fs/open.c:1080
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f81a37dec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f81a37deaa0 RCX: 0000000000452a09
RDX: 0000000000000000 RSI: 0000000020000feb RDI: ffffffffffffff9c
RBP: 00007f81a37dea90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f81a37debc8 R14: 00000000004b75bb R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 16867 Comm: syz-executor4 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 kmem_cache_zalloc include/linux/slab.h:695 [inline]
 get_empty_filp+0x6b/0x210 fs/file_table.c:122
 path_openat+0x2b/0x1050 fs/namei.c:3514
 do_filp_open+0xaa/0x120 fs/namei.c:3572
 do_sys_open+0x280/0x340 fs/open.c:1059
 SYSC_openat fs/open.c:1086 [inline]
 SyS_openat+0x30/0x40 fs/open.c:1080
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f81a37dec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f81a37deaa0 RCX: 0000000000452a09
RDX: 0000000000000000 RSI: 0000000020000feb RDI: ffffffffffffff9c
RBP: 00007f81a37dea90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f81a37debc8 R14: 00000000004b75bb R15: 0000000000000000
CPU: 1 PID: 16851 Comm: syz-executor7 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 getname_flags+0x59/0x270 fs/namei.c:138
 getname+0x19/0x20 fs/namei.c:209
 do_sys_open+0x18e/0x340 fs/open.c:1053
 SYSC_openat fs/open.c:1086 [inline]
 SyS_openat+0x30/0x40 fs/open.c:1080
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f71a3b3dc58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f71a3b3daa0 RCX: 0000000000452a09
RDX: 0000000000000000 RSI: 0000000020000feb RDI: ffffffffffffff9c
RBP: 00007f71a3b3da90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f71a3b3dbc8 R14: 00000000004b75bb R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 16880 Comm: syz-executor4 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 kmem_cache_zalloc include/linux/slab.h:695 [inline]
 file_alloc_security security/selinux/hooks.c:369 [inline]
 selinux_file_alloc_security+0x3f/0x80 security/selinux/hooks.c:3455
 security_file_alloc+0x41/0x60 security/security.c:873
 get_empty_filp+0xa7/0x210 fs/file_table.c:128
 path_openat+0x2b/0x1050 fs/namei.c:3514
 do_filp_open+0xaa/0x120 fs/namei.c:3572
 do_sys_open+0x280/0x340 fs/open.c:1059
 SYSC_openat fs/open.c:1086 [inline]
 SyS_openat+0x30/0x40 fs/open.c:1080
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f81a37dec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f81a37deaa0 RCX: 0000000000452a09
RDX: 0000000000000000 RSI: 0000000020000feb RDI: ffffffffffffff9c
RBP: 00007f81a37dea90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f81a37debc8 R14: 00000000004b75bb R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16894 Comm: syz-executor2 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 getname_kernel+0x39/0x160 fs/namei.c:218
 kern_path_create+0x23/0x40 fs/namei.c:3684
 unix_mknod net/unix/af_unix.c:969 [inline]
 unix_bind+0xc1/0x420 net/unix/af_unix.c:1020
 SYSC_bind+0xa8/0x130 net/socket.c:1454
 SyS_bind+0x24/0x30 net/socket.c:1440
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f70a4d56c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00007f70a4d56aa0 RCX: 0000000000452a09
RDX: 000000000000000a RSI: 0000000020201000 RDI: 0000000000000013
RBP: 00007f70a4d56a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f70a4d56bc8 R14: 00000000004b75bb R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16900 Comm: syz-executor0 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 getname_kernel+0x39/0x160 fs/namei.c:218
 kern_path+0x1e/0x40 fs/namei.c:2422
 unix_find_other+0x4a/0x250 net/unix/af_unix.c:915
 unix_dgram_connect+0xa4/0x2f0 net/unix/af_unix.c:1130
 SYSC_connect+0xaf/0x130 net/socket.c:1619
 SyS_connect+0x24/0x30 net/socket.c:1600
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f245ebadc58 EFLAGS: 00000212 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007f245ebae700 RCX: 0000000000452a09
RDX: 000000000000000a RSI: 0000000020d6a000 RDI: 0000000000000013
RBP: 0000000000a2f880 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000000
R13: 0000000000a2f7ff R14: 00007f245ebae9c0 R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16920 Comm: syz-executor4 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc_trace+0x4b/0x710 mm/slab.c:3612
 kmalloc include/linux/slab.h:516 [inline]
 proc_self_get_link+0xc0/0xe0 fs/proc/self.c:21
 get_link fs/namei.c:1048 [inline]
 link_path_walk+0x624/0x690 fs/namei.c:2116
 path_openat+0xf6/0x1050 fs/namei.c:3537
 do_filp_open+0xaa/0x120 fs/namei.c:3572
 do_sys_open+0x280/0x340 fs/open.c:1059
 SYSC_openat fs/open.c:1086 [inline]
 SyS_openat+0x30/0x40 fs/open.c:1080
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f81a37dec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f81a37deaa0 RCX: 0000000000452a09
RDX: 0000000000000000 RSI: 0000000020000feb RDI: ffffffffffffff9c
RBP: 00007f81a37dea90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f81a37debc8 R14: 00000000004b75bb R15: 0000000000000000
CPU: 1 PID: 16913 Comm: syz-executor2 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 __d_alloc+0x2d/0x290 fs/dcache.c:1602
 d_alloc+0x2b/0xe0 fs/dcache.c:1683
 __lookup_hash+0x58/0xd0 fs/namei.c:1527
 filename_create+0x9d/0x1a0 fs/namei.c:3644
 kern_path_create+0x33/0x40 fs/namei.c:3684
 unix_mknod net/unix/af_unix.c:969 [inline]
 unix_bind+0xc1/0x420 net/unix/af_unix.c:1020
 SYSC_bind+0xa8/0x130 net/socket.c:1454
 SyS_bind+0x24/0x30 net/socket.c:1440
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f70a4d56c58 EFLAGS: 00000212 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00007f70a4d56aa0 RCX: 0000000000452a09
RDX: 000000000000000a RSI: 0000000020201000 RDI: 0000000000000013
RBP: 00007f70a4d56a90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f70a4d56bc8 R14: 00000000004b75bb R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 16952 Comm: syz-executor4 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0xe9/0x14b lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x1e5/0x220 lib/fault-inject.c:149
 should_failslab+0x73/0x90 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc mm/slab.c:3372 [inline]
 kmem_cache_alloc+0x47/0x720 mm/slab.c:3546
 __d_alloc+0x2d/0x290 fs/dcache.c:1602
 d_alloc+0x2b/0xe0 fs/dcache.c:1683
 d_alloc_parallel+0x5b/0xd00 fs/dcache.c:2441
 lookup_slow+0xe9/0x220 fs/namei.c:1635
 walk_component+0x260/0x4c0 fs/namei.c:1781
 link_path_walk+0x3a3/0x690 fs/namei.c:2110
 path_openat+0xf6/0x1050 fs/namei.c:3537
 do_filp_open+0xaa/0x120 fs/namei.c:3572
 do_sys_open+0x280/0x340 fs/open.c:1059
 SYSC_openat fs/open.c:1086 [inline]
 SyS_openat+0x30/0x40 fs/open.c:1080
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452a09
RSP: 002b:00007f81a37dec58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f81a37deaa0 RCX: 0000000000452a09
RDX: 0000000000000000 RSI: 0000000020000feb RDI: ffffffffffffff9c
RBP: 00007f81a37dea90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b75bb
R13: 00007f81a37debc8 R14: 00000000004b75bb R15: 0000000000000000
audit: type=1400 audit(1513697738.007:2485): avc:  denied  { net_raw } for  pid=17107 comm="syz-executor2" capability=13  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
audit: type=1400 audit(1513697738.104:2486): avc:  denied  { setgid } for  pid=17217 comm="syz-executor3" capability=6  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl
QAT: Invalid ioctl

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/19 15:35 linux-next 6084b576dca2 af9163c7 .config console log report ci-upstream-next-kasan-gce
2017/12/15 11:21 linux-next 6084b576dca2 ac20b98c .config console log report ci-upstream-next-kasan-gce
2017/12/15 03:35 linux-next 6084b576dca2 ac20b98c .config console log report ci-upstream-next-kasan-gce
2017/12/14 18:11 linux-next 6084b576dca2 ac20b98c .config console log report ci-upstream-next-kasan-gce
2017/12/14 13:08 linux-next 6084b576dca2 ac20b98c .config console log report ci-upstream-next-kasan-gce
2017/12/14 12:58 linux-next 6084b576dca2 ac20b98c .config console log report ci-upstream-next-kasan-gce
2017/12/14 12:18 linux-next 6084b576dca2 ac20b98c .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.