syzbot


panic: inconsistent poll.fdMutex

Status: auto-closed as invalid on 2020/08/24 18:43
Reported-by: syzbot+987e4f22f7ff0f0a3b74@syzkaller.appspotmail.com
First crash: 1432d, last: 1432d

Sample crash report:
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cf], 0x10000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
panic: inconsistent poll.fdMutex

goroutine 36 [running]:
internal/poll.(*fdMutex).rwunlock(0xc435088aa0, 0x1, 0xc4203773f0)
	/syzkaller/go/src/internal/poll/fd_mutex.go:177 +0x10d
internal/poll.(*FD).readUnlock(0xc435088aa0)
	/syzkaller/go/src/internal/poll/fd_mutex.go:229 +0x32
internal/poll.(*FD).Read(0xc435088aa0, 0xc434802cd0, 0xc, 0xc, 0x0, 0x0, 0x0)
	/syzkaller/go/src/internal/poll/fd_unix.go:169 +0x1af
os.(*File).read(0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0x0, 0x0, 0x0)
	/syzkaller/go/src/os/file_unix.go:226 +0x4e
os.(*File).Read(0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0xc, 0xc434802cd0, 0x0)
	/syzkaller/go/src/os/file.go:107 +0x6a
io.ReadAtLeast(0xa22ac0, 0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0xc, 0x8507e0, 0x1, 0xc434802cd0)
	/syzkaller/go/src/io/io.go:309 +0x86
io.ReadFull(0xa22ac0, 0xc435428dc8, 0xc434802cd0, 0xc, 0xc, 0x0, 0x0, 0xceca70)
	/syzkaller/go/src/io/io.go:327 +0x58
github.com/google/syzkaller/pkg/ipc.(*command).exec(0xc435e37960, 0xc4200964a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xc4386a2988, 0x409e90, ...)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:757 +0x281
github.com/google/syzkaller/pkg/ipc.(*Env).Exec(0xc4305fb560, 0xc4200964a0, 0xc4386a2940, 0xa, 0x7a950b, 0xc42016ff50, 0xc4386a2940, 0xc44da300d8, 0xffffffffffffffff, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/pkg/ipc/ipc.go:282 +0x10b
main.(*Proc).executeRaw(0xc438db4500, 0xc4200964a0, 0xc4386a2940, 0x6, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:288 +0x1ec
main.(*Proc).execute(0xc438db4500, 0xc4200964a0, 0xc4386a2940, 0x0, 0x6, 0x1)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:251 +0x67
main.(*Proc).executeHintSeed.func1(0xc4386a2940)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:246 +0xd2
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func1()
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:76 +0x7e
github.com/google/syzkaller/prog.checkConstArg(0xc44c0c2520, 0xc427a617d0, 0xc420377dc0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:129 +0x99
github.com/google/syzkaller/prog.generateHints(0xc427a617d0, 0xa266e0, 0xc44c0c2520, 0xc420377dc0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:117 +0x158
github.com/google/syzkaller/prog.(*Prog).MutateWithHints.func2(0xa266e0, 0xc44c0c2520, 0xc44c0c26c0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:79 +0x47
github.com/google/syzkaller/prog.foreachArgImpl(0xa266e0, 0xc44c0c2520, 0xc4386a2988, 0x0, 0x0, 0x0, 0xc420377da8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:125 +0xbf
github.com/google/syzkaller/prog.ForeachArg(0xc4386a2980, 0xc420377da8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:120 +0x88
github.com/google/syzkaller/prog.(*Prog).MutateWithHints(0xc4366f63c0, 0x0, 0xc427a617d0, 0xc420377e20)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:78 +0x9d
main.(*Proc).executeHintSeed(0xc438db4500, 0xc4366f63c0, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:244 +0x12a
main.(*Proc).smashInput(0xc438db4500, 0xc43073a520)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:208 +0x21a
main.(*Proc).loop(0xc438db4500)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x194
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:259 +0x1071
SeaBIOS (version 1.8.2-20200402_173431-google)
Total RAM Size = 0x00000001e0000000 = 7680 MiB
CPUs found: 2     Max CPUs supported: 2
Comparing RSDP and RSDP
Comparing RSDT and RSDT
Comparing FACP and FACP
Comparing FACS and FACS
return 0 for FACS vs FACS: SUCCESS
Comparing DSDT and DSDT
return 0 for DSDT vs DSDT: SUCCESS
return 0 for FACP vs FACP: SUCCESS
Comparing SRAT and SRAT
return 0 for SRAT vs SRAT: SUCCESS
Comparing APIC and APIC
return 0 for APIC vs APIC: SUCCESS
Comparing SSDT and SSDT
return 0 for SSDT vs SSDT: SUCCESS
Comparing WAET and WAET
return 0 for WAET vs WAET: SUCCESS
return 0 for RSDT vs RSDT: SUCCESS
return 0 for RSDP vs RSDP: SUCCESS
found virtio-scsi at 0:3
virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0
virtio-scsi blksize=512 sectors=4194304 = 2048 MiB
drive 0x000f2120: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304
Sending Seabios boot VM event.
Booting from Hard Disk 0...
early console in extract_kernel
input_data: 0x000000000926e2e9
input_len: 0x000000000339364a
output: 0x0000000001000000
output_len: 0x000000000a0d0b28
kernel_total_size: 0x000000000b626000
trampoline_32bit: 0x000000000009d000

Decompressing Linux... Parsing ELF... done.
Booting the kernel.

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/26 18:42 linux-4.19.y 7edd66cf6167 0ce7569e .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.