syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

upstream boot error: BUG: corrupted list in find_and_remove_object

Status: fixed on 2023/02/24 13:50
Subsystems: mm
[Documentation on labels]
Fix commit: 9993a4f989c7 virtio: Revert "virtio: find_vqs() add arg sizes"
First crash: 622d, last: 622d

Sample crash report:
list_del corruption. next->prev should be ffff888141fe4d58, but was ffff000000000000. (next=ffff88810545ae48)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:62!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 1 PID: 1135 Comm: kworker/u4:3 Not tainted 5.19.0-syzkaller-14276-gaea23e7c464b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:__list_del_entry_valid.cold+0x23/0x6f lib/list_debug.c:62
Code: e8 68 24 fa ff 0f 0b 48 89 fe 48 c7 c7 20 b5 62 85 e8 57 24 fa ff 0f 0b 48 89 d1 48 c7 c7 40 b6 62 85 4c 89 c2 e8 43 24 fa ff <0f> 0b 48 89 f2 48 89 fe 48 c7 c7 f0 b5 62 85 e8 2f 24 fa ff 0f 0b
RSP: 0000:ffffc900030b7e60 EFLAGS: 00010086
RAX: 000000000000006d RBX: 0000000000000286 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff812d3408 RDI: 0000000000000005
RBP: 0000000000000046 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000001 R11: 6c65645f7473696c R12: ffff888141fe4d50
R13: ffff888102175200 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000005a29000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_del_entry include/linux/list.h:134 [inline]
 list_del_rcu include/linux/rculist.h:157 [inline]
 __remove_object mm/kmemleak.c:570 [inline]
 find_and_remove_object+0x60/0xa0 mm/kmemleak.c:588
 delete_object_full mm/kmemleak.c:746 [inline]
 kmemleak_free+0x21/0x30 mm/kmemleak.c:1028
 kmemleak_free_recursive include/linux/kmemleak.h:48 [inline]
 ___cache_free+0x201/0x3b0 mm/slab.c:3435
 __cache_free mm/slab.c:3426 [inline]
 kfree+0x111/0x270 mm/slab.c:3786
 call_usermodehelper_freeinfo kernel/umh.c:46 [inline]
 umh_complete kernel/umh.c:60 [inline]
 call_usermodehelper_exec_async+0x1a1/0x1c0 kernel/umh.c:122
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid.cold+0x23/0x6f lib/list_debug.c:62
Code: e8 68 24 fa ff 0f 0b 48 89 fe 48 c7 c7 20 b5 62 85 e8 57 24 fa ff 0f 0b 48 89 d1 48 c7 c7 40 b6 62 85 4c 89 c2 e8 43 24 fa ff <0f> 0b 48 89 f2 48 89 fe 48 c7 c7 f0 b5 62 85 e8 2f 24 fa ff 0f 0b
RSP: 0000:ffffc900030b7e60 EFLAGS: 00010086
RAX: 000000000000006d RBX: 0000000000000286 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff812d3408 RDI: 0000000000000005
RBP: 0000000000000046 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000001 R11: 6c65645f7473696c R12: ffff888141fe4d50
R13: ffff888102175200 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000005a29000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/08/14 06:26 upstream aea23e7c464b 8dfcaa3d .config console log report ci-upstream-gce-leak upstream boot error: BUG: corrupted list in find_and_remove_object
* Struck through repros no longer work on HEAD.