syzbot


BUG: corrupted list in nfc_llcp_local_put

Status: auto-obsoleted due to no activity on 2023/11/03 10:07
Subsystems: net nfc
[Documentation on labels]
Reported-by: syzbot+ecb2ae7b1add2a4120de@syzkaller.appspotmail.com
First crash: 429d, last: 218d
Cause bisection: failed (error log, bisect log)
  
Discussions (5)
Title Replies (including bot) Last reply
[syzbot] Monthly nfc report (Aug 2023) 0 (1) 2023/08/07 07:27
[syzbot] Monthly nfc report (Jul 2023) 0 (1) 2023/07/05 13:10
[syzbot] Monthly nfc report (Jun 2023) 0 (1) 2023/06/06 23:17
[syzbot] Monthly nfc report 0 (1) 2023/04/03 11:13
[syzbot] BUG: corrupted list in nfc_llcp_local_put 0 (1) 2022/12/30 14:33
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Write in nfc_llcp_local_put nfc net 3 1028d 1050d 0/26 auto-closed as invalid on 2021/09/03 13:37
Last patch testing requests (4)
Created Duration User Patch Repo Result
2023/08/27 12:49 33m retest repro upstream OK log
2023/08/24 21:48 24m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci OK log
2023/08/24 21:48 3h07m retest repro upstream OK log
2022/12/30 23:58 21m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log

Sample crash report:
list_del corruption. prev->next should be ffff0000dc9b6000, but was ffff0000d3957000. (prev=ffff800090afc840)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:61!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 26868 Comm: syz-executor.3 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
lr : __list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
sp : ffff80009a7777a0
x29: ffff80009a7777a0 x28: 1fffe0001b3654ff x27: 1fffe0001b3654f5
x26: ffff0000d9b2a7a8 x25: ffff0000cdc78780 x24: 1fffe0001b5cd4c1
x23: ffff800090afc840 x22: dfff800000000000 x21: ffff800090afc840
x20: ffff0000dae6f000 x19: ffff0000dc9b6000 x18: 1fffe000368473c6
x17: ffff80008dedd000 x16: ffff80008a4403e0 x15: ffff0001b4239e3c
x14: 1ffff00011bdc0ac x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : b7e680cb4bfacb00
x8 : b7e680cb4bfacb00 x7 : ffff80008028cc04 x6 : 0000000000000000
x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082a94044
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000006d
Call trace:
 __list_del_entry_valid+0x13c/0x158 lib/list_debug.c:59
 __list_del_entry include/linux/list.h:134 [inline]
 list_del include/linux/list.h:148 [inline]
 local_release net/nfc/llcp_core.c:172 [inline]
 kref_put include/linux/kref.h:65 [inline]
 nfc_llcp_local_put+0x6c/0x1b4 net/nfc/llcp_core.c:182
 nfc_llcp_unregister_device+0xa4/0x11c net/nfc/llcp_core.c:1620
 nfc_unregister_device+0x150/0x290 net/nfc/core.c:1179
 nci_unregister_device+0x1dc/0x21c net/nfc/nci/core.c:1303
 virtual_ncidev_close+0x5c/0xa0 drivers/nfc/virtual_ncidev.c:163
 __fput+0x30c/0x7bc fs/file_table.c:321
 ____fput+0x20/0x30 fs/file_table.c:349
 task_work_run+0x230/0x2e0 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 do_notify_resume+0x2180/0x3c90 arch/arm64/kernel/signal.c:1305
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:144 [inline]
 el0_svc+0x94/0x160 arch/arm64/kernel/entry-common.c:648
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:665
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
Code: 91340000 aa1303e1 aa1503e3 95e4cf2d (d4210000) 
---[ end trace 0000000000000000 ]---

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/07/02 13:57 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 bfc47836 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in nfc_llcp_local_put
2023/06/12 06:44 upstream 4c605260bc60 7086cdb9 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in nfc_llcp_local_put
2022/12/26 18:49 upstream 1b929c02afd3 9da18ae8 .config console log report syz [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in nfc_llcp_local_put
2023/03/27 17:59 upstream 197b6b60ae7b f8f96aa9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in nfc_llcp_local_put
2023/03/04 09:23 upstream 0a3f9a6b0265 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in nfc_llcp_local_put
2023/02/22 06:28 upstream 4a7d37e824f5 42a4d508 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in nfc_llcp_local_put
2023/02/08 03:48 upstream 513c1a3d3f19 15c3d445 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: corrupted list in nfc_llcp_local_put
2023/02/01 18:28 upstream c0b67534c95c 9a6f477c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: corrupted list in nfc_llcp_local_put
2023/01/26 20:05 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in nfc_llcp_local_put
2023/01/25 09:44 upstream fb6e71db53f3 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in nfc_llcp_local_put
2023/01/24 08:53 upstream 7bf70dbb1882 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: corrupted list in nfc_llcp_local_put
2023/01/16 17:51 upstream 5dc4c995db9e a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: corrupted list in nfc_llcp_local_put
2023/01/14 08:08 upstream d9fc1511728c 529798b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: corrupted list in nfc_llcp_local_put
2023/01/14 04:11 upstream d9fc1511728c 529798b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root BUG: corrupted list in nfc_llcp_local_put
2022/12/26 14:23 upstream 1b929c02afd3 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: corrupted list in nfc_llcp_local_put
2023/07/26 10:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 6756545c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in nfc_llcp_local_put
2023/06/24 12:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e40939bbfc68 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in nfc_llcp_local_put
2023/05/23 19:34 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f1fcbaa18b28 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in nfc_llcp_local_put
2023/04/09 06:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in nfc_llcp_local_put
2023/02/06 16:26 upstream d2d11f342b17 0a9c11b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in nfc_llcp_local_put
* Struck through repros no longer work on HEAD.