syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: spinlock bad magic in __wake_up

Status: closed as invalid on 2019/01/16 18:02
First crash: 2263d, last: 2224d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 BUG: spinlock bad magic in __wake_up 19 2231d 2282d 0/3 closed as invalid on 2019/01/16 18:02

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read, 121 bits of entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 125 bits of entropy available)
random: nonblocking pool is initialized
kasan: CONFIG_KASAN_INLINE enabled[   32.137527] BUG: spinlock bad magic on CPU#1, syzkaller084253/3789
 lock: 0xffff8800aad88018, .magic: dead4eac, .owner: <none>/-1, .owner_cpu: -1
CPU: 1 PID: 3789 Comm: syzkaller084253 Not tainted 4.4.120-gd63fdf6 #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 030e976e9749cc1a ffff8801db307760 ffffffff81d0408d
 ffff8800aad88018 ffff8801c6048000 0000000000000001 0000000000000001
 0000000000000000 ffff8801db3077a0 ffffffff81246aad ffff8801d51d0d80
Call Trace:
 <IRQ>  [<ffffffff81d0408d>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ>  [<ffffffff81d0408d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff81246aad>] spin_dump+0x14d/0x280 kernel/locking/spinlock_debug.c:67
 [<ffffffff81246e98>] spin_bug kernel/locking/spinlock_debug.c:75 [inline]
 [<ffffffff81246e98>] debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
 [<ffffffff81246e98>] do_raw_spin_lock+0x228/0x2c0 kernel/locking/spinlock_debug.c:135
 [<ffffffff83773546>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:119 [inline]
 [<ffffffff83773546>] _raw_spin_lock_irqsave+0x56/0x70 kernel/locking/spinlock.c:159
 [<ffffffff8121f7ee>] __wake_up+0x1e/0x50 kernel/sched/wait.c:94
 [<ffffffff825bbcdc>] sg_rq_end_io+0x5dc/0xbc0 drivers/scsi/sg.c:1385
 [<ffffffff81c98e44>] __blk_mq_end_request+0x54/0xc0 block/blk-mq.c:311
 [<ffffffff82523a35>] scsi_end_request+0x135/0x5b0 drivers/scsi/scsi_lib.c:716
 [<ffffffff8252cc83>] scsi_io_completion+0x15c3/0x1710 drivers/scsi/scsi_lib.c:918
 [<ffffffff825101bf>] scsi_finish_command+0x3af/0x520 drivers/scsi/scsi.c:607
 [<ffffffff8252a380>] scsi_softirq_done+0x250/0x350 drivers/scsi/scsi_lib.c:1654
 [<ffffffff81c9b0a5>] blk_mq_ipi_complete_request block/blk-mq.c:356 [inline]
 [<ffffffff81c9b0a5>] __blk_mq_complete_request+0x205/0x500 block/blk-mq.c:368
 [<ffffffff81c9b3fb>] blk_mq_complete_request+0x5b/0x70 block/blk-mq.c:387
 [<ffffffff8252705b>] scsi_mq_done+0xfb/0x3c0 drivers/scsi/scsi_lib.c:1964
 [<ffffffff8254ff4f>] virtscsi_complete_cmd+0x5cf/0x7f0 drivers/scsi/virtio_scsi.c:210
 [<ffffffff8254dc69>] virtscsi_vq_done+0xc9/0x170 drivers/scsi/virtio_scsi.c:228
 [<ffffffff8254ddb7>] virtscsi_req_done+0xa7/0xd0 drivers/scsi/virtio_scsi.c:243
 [<ffffffff81f2cae9>] vring_interrupt+0x109/0x150 drivers/virtio/virtio_ring.c:722
 [<ffffffff8126e271>] handle_irq_event_percpu+0xf1/0x960 kernel/irq/handle.c:146
 [<ffffffff8126eb87>] handle_irq_event+0xa7/0x140 kernel/irq/handle.c:194
 [<ffffffff812788ea>] handle_edge_irq+0x1fa/0x8e0 kernel/irq/chip.c:623
 [<ffffffff81016900>] generic_handle_irq_desc include/linux/irqdesc.h:140 [inline]
 [<ffffffff81016900>] handle_irq+0x250/0x3a0 arch/x86/kernel/irq_64.c:78
 [<ffffffff83776419>] do_IRQ+0x89/0x1b0 arch/x86/kernel/irq.c:239
 [<ffffffff837744e0>] common_interrupt+0xa0/0xa0 arch/x86/entry/entry_64.S:592
 [<ffffffff8113daa9>] invoke_softirq kernel/softirq.c:350 [inline]
 [<ffffffff8113daa9>] irq_exit+0x119/0x140 kernel/softirq.c:391
 [<ffffffff837765bb>] exiting_irq arch/x86/include/asm/apic.h:653 [inline]
 [<ffffffff837765bb>] smp_apic_timer_interrupt+0x7b/0xa0 arch/x86/kernel/apic/apic.c:926
 [<ffffffff83775510>] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:737
 <EOI>  [<ffffffff81269de0>] ? console_cont_flush kernel/printk/printk.c:2217 [inline]
 <EOI>  [<ffffffff81269de0>] ? console_unlock+0x790/0xa00 kernel/printk/printk.c:2265
 [<ffffffff8126a5ae>] vprintk_emit+0x55e/0x850 kernel/printk/printk.c:1832
 [<ffffffff8126a8c8>] vprintk+0x28/0x30 kernel/printk/printk.c:1843
 [<ffffffff8126a8ed>] vprintk_default+0x1d/0x30 kernel/printk/printk.c:1844
 [<ffffffff8141b77d>] printk+0xb7/0xe2 kernel/printk/printk.c:1922
 [<ffffffff810f0d51>] kasan_die_handler+0x31/0x40 arch/x86/mm/kasan_init_64.c:58
 [<ffffffff81194025>] notifier_call_chain+0x95/0x1b0 kernel/notifier.c:93
 [<ffffffff8119564b>] __atomic_notifier_call_chain kernel/notifier.c:183 [inline]
 [<ffffffff8119564b>] atomic_notifier_call_chain+0x7b/0x140 kernel/notifier.c:193
 [<ffffffff811957ef>] notify_die+0xdf/0x160 kernel/notifier.c:549
 [<ffffffff81011fa7>] do_general_protection+0x2f7/0x390 arch/x86/kernel/traps.c:461
 [<ffffffff83774d28>] general_protection+0x28/0x30 arch/x86/entry/entry_64.S:1032
 [<ffffffff825b8611>] sg_remove_scat.isra.17+0x1c1/0x2d0 drivers/scsi/sg.c:1954
 [<ffffffff825b89d5>] sg_finish_rem_req+0x2b5/0x340 drivers/scsi/sg.c:1835
 [<ffffffff825b8bdd>] sg_new_read.isra.18+0x17d/0x3c0 drivers/scsi/sg.c:577
 [<ffffffff825ba6fc>] sg_read+0x8bc/0x1490 drivers/scsi/sg.c:466
 [<ffffffff8151d801>] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680
 [<ffffffff8151fb5d>] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810
 [<ffffffff8151fcd8>] vfs_readv+0x78/0xb0 fs/read_write.c:834
 [<ffffffff81522009>] SYSC_readv fs/read_write.c:860 [inline]
 [<ffffffff81522009>] SyS_readv+0xd9/0x240 fs/read_write.c:852
 [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
kasan: CONFIG_KASAN_INLINE enabledkasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3796 Comm: syzkaller084253 Not tainted 4.4.120-gd63fdf6 #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d9539800 task.stack: ffff8800bb3d8000
RIP: 0010:[<ffffffff81434701>]  [<ffffffff81434701>] __read_once_size include/linux/compiler.h:218 [inline]
RIP: 0010:[<ffffffff81434701>]  [<ffffffff81434701>] atomic_read arch/x86/include/asm/atomic.h:27 [inline]
RIP: 0010:[<ffffffff81434701>]  [<ffffffff81434701>] put_page_testzero include/linux/mm.h:357 [inline]
RIP: 0010:[<ffffffff81434701>]  [<ffffffff81434701>] __free_pages+0x21/0x90 mm/page_alloc.c:3365
RSP: 0018:ffff8800bb3df9f0  EFLAGS: 00010a07
RAX: dffffc0000000000 RBX: dead4ead00000000 RCX: ffffffff825b85eb
RDX: 1bd5a9d5a0000003 RSI: 0000000000000006 RDI: dead4ead0000001c
RBP: ffff8800bb3dfa00 R08: 0000000048000000 R09: 0000000000001e30
R10: 0000000000002100 R11: 1ffff1001767bf1c R12: 0000000000000004
R13: 0000000000000020 R14: ffff8801d8e9a100 R15: dffffc0000000000
FS:  00007f5f62974700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020a2afe3 CR3: 00000001cfa20000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 0000000000000246 ffff8801d8e9a258 ffff8800bb3dfa60 ffffffff825b8611
 ffff8801d8e9a270 ffffed003b1d344b ffffed003b1d344e ffff8801d8e9a268
 dead4ead00000000 ffff8801d8e9a240 0000000000000000 0000000000000000
Call Trace:
 [<ffffffff825b8611>] sg_remove_scat.isra.17+0x1c1/0x2d0 drivers/scsi/sg.c:1954
 [<ffffffff825b89d5>] sg_finish_rem_req+0x2b5/0x340 drivers/scsi/sg.c:1835
 [<ffffffff825b8bdd>] sg_new_read.isra.18+0x17d/0x3c0 drivers/scsi/sg.c:577
 [<ffffffff825ba6fc>] sg_read+0x8bc/0x1490 drivers/scsi/sg.c:466
 [<ffffffff8151d801>] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680
 [<ffffffff8151fb5d>] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810
 [<ffffffff8151fcd8>] vfs_readv+0x78/0xb0 fs/read_write.c:834
 [<ffffffff81522009>] SYSC_readv fs/read_write.c:860 [inline]
 [<ffffffff81522009>] SyS_readv+0xd9/0x240 fs/read_write.c:852
 [<ffffffff8377395f>] entry_SYSCALL_64_fastpath+0x1c/0x98
Code: c6 a0 0c 00 e9 78 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 55 48 89 e5 53 48 89 fb 48 83 c7 1c 48 89 fa 48 83 ec 08 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 49 
RIP  [<ffffffff81434701>] __read_once_size include/linux/compiler.h:218 [inline]
RIP  [<ffffffff81434701>] atomic_read arch/x86/include/asm/atomic.h:27 [inline]
RIP  [<ffffffff81434701>] put_page_testzero include/linux/mm.h:357 [inline]
RIP  [<ffffffff81434701>] __free_pages+0x21/0x90 mm/page_alloc.c:3365
 RSP <ffff8800bb3df9f0>
---[ end trace 8cf76e71675b5c3f ]---

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/03/15 04:10 https://android.googlesource.com/kernel/common android-4.4 d63fdf61a4dc 08dacaa0 .config console log report syz C ci-android-44-kasan-gce
2018/04/06 05:45 https://android.googlesource.com/kernel/common android-4.4 38f41ec1cb31 a932eae6 .config console log report syz ci-android-44-kasan-gce-386
2018/03/30 16:51 https://android.googlesource.com/kernel/common android-4.4 38f41ec1cb31 d47f0ed6 .config console log report ci-android-44-kasan-gce
2018/03/01 01:03 https://android.googlesource.com/kernel/common android-4.4 024f962d4b24 05b5a32c .config console log report ci-android-44-kasan-gce
2018/02/28 15:22 https://android.googlesource.com/kernel/common android-4.4 239a415f39e0 05b5a32c .config console log report ci-android-44-kasan-gce
2018/04/07 21:57 https://android.googlesource.com/kernel/common android-4.4 38f41ec1cb31 66f22a7f .config console log report ci-android-44-kasan-gce-386
2018/03/28 23:13 https://android.googlesource.com/kernel/common android-4.4 49632c6d9873 bf5e585c .config console log report ci-android-44-kasan-gce-386
2018/03/17 12:09 https://android.googlesource.com/kernel/common android-4.4 d63fdf61a4dc 08dacaa0 .config console log report ci-android-44-kasan-gce-386
2018/03/10 17:33 https://android.googlesource.com/kernel/common android-4.4 d63fdf61a4dc 36d1c454 .config console log report ci-android-44-kasan-gce-386
2018/03/09 07:35 https://android.googlesource.com/kernel/common android-4.4 d63fdf61a4dc 36d1c454 .config console log report ci-android-44-kasan-gce-386
2018/02/27 15:34 https://android.googlesource.com/kernel/common android-4.4 239a415f39e0 05b5a32c .config console log report ci-android-44-kasan-gce-386
* Struck through repros no longer work on HEAD.