syzbot


WARNING in port_delete

Status: fixed on 2019/06/14 18:22
Subsystems: sound
[Documentation on labels]
Reported-by: syzbot+e4c8abb920efa77bace9@syzkaller.appspotmail.com
Fix commit: 7c32ae35fbf9 ALSA: seq: Cover unsubscribe_port() in list_mutex feb689025fbb ALSA: seq: Protect in-kernel ioctl calls with mutex
First crash: 2343d, last: 2128d
Cause bisection: introduced by (bisect log) :
commit 63d86a7e85f84b8ac3b2f394570965aedbb03787
Author: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Date: Tue May 1 20:08:46 2018 +0000

  rcu: Convert rcu_grace_period_init tracepoint to gp_seq

Crash: WARNING in port_delete (log)
Repro: syz .config
  
Discussions (15)
Title Replies (including bot) Last reply
[PATCH 4.9 000/117] 4.9.183-stable review 121 (121) 2019/06/22 00:44
[PATCH 4.4 00/84] 4.4.183-stable review 88 (88) 2019/06/22 00:43
[PATCH 4.19 00/75] 4.19.53-stable review 83 (83) 2019/06/20 01:46
[PATCH 4.14 00/53] 4.14.128-stable review 62 (62) 2019/06/19 13:40
[PATCH 5.1 000/115] 5.1.12-stable review 132 (132) 2019/06/19 12:16
[PATCH 4.19 000/118] 4.19.51-stable review 133 (133) 2019/06/18 07:01
[PATCH AUTOSEL 5.1 01/60] x86/uaccess, kcov: Disable stack protector 42 (42) 2019/06/15 22:26
[PATCH 5.1 000/155] 5.1.10-stable review 170 (170) 2019/06/14 13:55
[PATCH 4.14 00/81] 4.14.126-stable review 96 (96) 2019/06/14 10:28
[PATCH AUTOSEL 4.4 01/10] ALSA: seq: Cover unsubscribe_port() in list_mutex 11 (11) 2019/06/05 12:14
[PATCH AUTOSEL 4.9 01/17] x86/uaccess, kcov: Disable stack protector 17 (17) 2019/06/04 23:24
[PATCH AUTOSEL 4.14 01/24] x86/uaccess, kcov: Disable stack protector 24 (24) 2019/06/04 23:24
[PATCH AUTOSEL 4.19 01/36] x86/uaccess, kcov: Disable stack protector 26 (26) 2019/06/04 23:23
WARNING in port_delete 2 (5) 2019/04/02 13:12
BUG: soft lockup in snd_virmidi_output_trigger 8 (8) 2018/07/27 07:02

Sample crash report:
WARNING: CPU: 0 PID: 26593 at sound/core/seq/seq_ports.c:275 port_delete+0x177/0x1b0 sound/core/seq/seq_ports.c:275
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 26593 Comm: syz-executor3 Not tainted 4.19.0-rc7+ #277
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
 panic+0x238/0x4e7 kernel/panic.c:184
 __warn.cold.8+0x163/0x1ba kernel/panic.c:536
 report_bug+0x254/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:993
RIP: 0010:port_delete+0x177/0x1b0 sound/core/seq/seq_ports.c:275
Code: e1 99 fb 45 85 e4 75 14 e8 f6 df 99 fb 48 89 df e8 4e 24 dd fb 31 c0 5b 41 5c 5d c3 e8 e2 df 99 fb 0f 0b eb e3 e8 d9 df 99 fb <0f> 0b eb 9b e8 00 50 dd fb eb bd e8 f9 4f dd fb e9 77 ff ff ff e8
RSP: 0018:ffff8801bc83f890 EFLAGS: 00010293
RAX: ffff8801bcac2140 RBX: ffff8801a26e84c0 RCX: ffffffff85e4f551
RDX: 0000000000000000 RSI: ffffffff85e4f5b7 RDI: 0000000000000005
RBP: ffff8801bc83f8a0 R08: ffff8801bcac2140 R09: 00000000f073d89e
R10: 00000000face00ab R11: 0000000000000000 R12: 0000000000000002
R13: ffff8801a26e8510 R14: 1ffff10037907f20 R15: ffff8801cbc8a0c0
 snd_seq_delete_port+0x3cb/0x4a0 sound/core/seq/seq_ports.c:303
 snd_seq_ioctl_delete_port+0xba/0x190 sound/core/seq/seq_clientmgr.c:1324
 snd_seq_kernel_client_ctl+0x15a/0x190 sound/core/seq/seq_clientmgr.c:2353
 snd_seq_event_port_detach+0xfc/0x170 sound/core/seq/seq_ports.c:705
 delete_port+0x7d/0xc0 sound/core/seq/oss/seq_oss_init.c:354
 snd_seq_oss_release+0xf2/0x130 sound/core/seq/oss/seq_oss_init.c:433
 odev_release+0x52/0x70 sound/core/seq/oss/seq_oss.c:153
 __fput+0x385/0xa30 fs/file_table.c:278
 ____fput+0x15/0x20 fs/file_table.c:309
 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457519
Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fcbd4003c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000021
RAX: 0000000000000006 RBX: 0000000000000002 RCX: 0000000000457519
RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbd40046d4
R13: 00000000004bdafa R14: 00000000004cc670 R15: 00000000ffffffff
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/10/11 07:55 upstream b8db9e69dba9 5f818b4b .config console log report syz ci-upstream-kasan-gce
2018/10/11 05:22 upstream 3d647e62686f 5f818b4b .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/10/09 11:14 upstream 64c5e530ac2c 8b311eaf .config console log report syz ci-upstream-kasan-gce-smack-root
2018/10/06 12:57 upstream 091a1eaa0e30 8b311eaf .config console log report syz ci-upstream-kasan-gce-smack-root
2019/01/28 23:04 upstream 4aa9fc2a435a aa432daf .config console log report ci-upstream-kasan-gce-smack-root
2019/01/21 19:48 upstream 49a57857aeea badbbeee .config console log report ci-upstream-kasan-gce-selinux-root
2019/01/17 09:11 upstream 47bfa6d9dc8c c2faf9b2 .config console log report ci-upstream-kasan-gce-selinux-root
2019/01/10 23:17 upstream ba422731316d db9b6579 .config console log report ci-upstream-kasan-gce
2018/12/24 14:45 upstream 8fe28cb58bcb be79df56 .config console log report ci-upstream-kasan-gce-smack-root
2018/12/24 07:26 upstream 8fe28cb58bcb be79df56 .config console log report ci-upstream-kasan-gce-root
2018/10/12 08:50 upstream 0778a9f2dd92 ba6ddb43 .config console log report ci-upstream-kasan-gce-smack-root
2018/10/10 22:47 upstream 3d647e62686f 5f818b4b .config console log report ci-upstream-kasan-gce-selinux-root
2018/10/09 11:47 upstream 64c5e530ac2c 8b311eaf .config console log report ci-upstream-kasan-gce
2018/10/09 10:22 upstream 64c5e530ac2c 8b311eaf .config console log report ci-upstream-kasan-gce-smack-root
2018/10/09 08:18 upstream 64c5e530ac2c 8b311eaf .config console log report ci-upstream-kasan-gce-smack-root
2018/10/09 03:56 upstream 0854ba5ff5c9 8b311eaf .config console log report ci-upstream-kasan-gce-root
2018/10/04 23:53 upstream d2467adb6610 8b311eaf .config console log report ci-upstream-kasan-gce-selinux-root
2018/07/18 21:00 upstream 04a132065175 809256c3 .config console log report ci-upstream-kasan-gce-root
2018/07/11 03:45 upstream 30c2c32d7f70 2e0e3130 .config console log report ci-upstream-kasan-gce
2019/02/11 11:36 linux-next d4104460aec1 73f5f452 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/02 12:59 linux-next dc4c89997735 c198d5dd .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/12 18:03 linux-next 4110b42356f3 7a88b141 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.