syzbot

 sign-in | mailing list | source | docs
🐞 Open [964] Subsystems 🐞 Fixed [4563] 🐞 Invalid [10513] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: corrupted list in nfc_llcp_unregister_device

Status: upstream: reported syz repro on 2022/11/28 09:53
Labels: nfc (incorrect?)
Reported-by: syzbot+81232c4a81a886e2b580@syzkaller.appspotmail.com
First crash: 187d, last: 2d00h

Cause bisection: failed (error log, bisect log)
Discussions (5)
Title Replies (including bot) Last reply
[syzbot] Monthly nfc report (May 2023) 0 (1) 2023/05/04 12:45
[syzbot] Monthly nfc report 0 (1) 2023/04/03 11:13
[PATCH] nfc: llcp: Fix race in handling llcp_devices 3 (3) 2023/02/08 09:01
[syzbot] BUG: corrupted list in nfc_llcp_unregister_device 0 (2) 2022/12/30 10:41
[PATCH v2] nfc: llcp: Fix race in handling llcp_devices 2 (2) 2022/12/06 11:09
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/12/30 12:52 18m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2258c2dc850b report log

Sample crash report:
list_del corruption. prev->next should be ffff88806b056000, but was dead000000000100. (prev=ffff888078872000)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:59!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7289 Comm: syz-executor.1 Not tainted 6.3.0-rc4-syzkaller-00195-g5a57b48fdfcb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:__list_del_entry_valid+0x11f/0x1b0 lib/list_debug.c:59
Code: b0 a6 8a e8 03 f4 52 fd 0f 0b 48 89 ca 48 c7 c7 c0 b0 a6 8a e8 f2 f3 52 fd 0f 0b 4c 89 c2 48 c7 c7 20 b1 a6 8a e8 e1 f3 52 fd <0f> 0b 48 89 d1 48 c7 c7 a0 b1 a6 8a 4c 89 c2 e8 cd f3 52 fd 0f 0b
RSP: 0018:ffffc9000568fd58 EFLAGS: 00010282
RAX: 000000000000006d RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8167778c RDI: 0000000000000005
RBP: ffff88806b056000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: ffff88806b056008
R13: ffff88806b053098 R14: ffff888017b7f000 R15: ffff88806b0535f0
FS:  0000555555ce8400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555572ea708 CR3: 000000002acc3000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 __list_del_entry include/linux/list.h:134 [inline]
 list_del include/linux/list.h:148 [inline]
 local_release net/nfc/llcp_core.c:172 [inline]
 kref_put include/linux/kref.h:65 [inline]
 nfc_llcp_local_put net/nfc/llcp_core.c:182 [inline]
 nfc_llcp_local_put net/nfc/llcp_core.c:177 [inline]
 nfc_llcp_unregister_device+0xb8/0x260 net/nfc/llcp_core.c:1620
 nfc_unregister_device+0x196/0x330 net/nfc/core.c:1179
 virtual_ncidev_close+0x52/0xb0 drivers/nfc/virtual_ncidev.c:163
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
 exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204
 __syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
 syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f073043dfab
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007fffeaa65020 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f073043dfab
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 00007f07305ad980 R08: 0000000000000000 R09: 00007f07300000b8
R10: 0000000000000000 R11: 0000000000000293 R12: 00000000001aa2b6
R13: 00007fffeaa65120 R14: 00007f07305ac050 R15: 0000000000000032
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid+0x11f/0x1b0 lib/list_debug.c:59
Code: b0 a6 8a e8 03 f4 52 fd 0f 0b 48 89 ca 48 c7 c7 c0 b0 a6 8a e8 f2 f3 52 fd 0f 0b 4c 89 c2 48 c7 c7 20 b1 a6 8a e8 e1 f3 52 fd <0f> 0b 48 89 d1 48 c7 c7 a0 b1 a6 8a 4c 89 c2 e8 cd f3 52 fd 0f 0b
RSP: 0018:ffffc9000568fd58 EFLAGS: 00010282
RAX: 000000000000006d RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8167778c RDI: 0000000000000005
RBP: ffff88806b056000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000000 R11: 0000000000000000 R12: ffff88806b056008
R13: ffff88806b053098 R14: ffff888017b7f000 R15: ffff88806b0535f0
FS:  0000555555ce8400(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff9aa585058 CR3: 000000002acc3000 CR4: 0000000000350ef0

Crashes (86):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/04/01 06:56 upstream 5a57b48fdfcb f325deb0 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/03/26 04:40 upstream 65aca32efdcb fbf0499a .config console log report syz ci-qemu-upstream BUG: corrupted list in nfc_llcp_unregister_device
2023/01/20 16:25 upstream d368967cb103 559a440a .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/02/15 21:07 upstream e1c04510f521 6be0f1f5 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 BUG: corrupted list in nfc_llcp_unregister_device
2023/02/19 18:24 upstream 925cf0457d7e bcdf85f8 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in nfc_llcp_unregister_device
2022/12/31 07:03 upstream c8451c141e07 ab32d508 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in nfc_llcp_unregister_device
2022/12/30 10:41 upstream 2258c2dc850b 44712fbc .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/05/07 12:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 14f8db1c0f9a 90c93c40 .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/06/01 10:17 upstream 929ed21dfdb6 babc4389 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream BUG: corrupted list in nfc_llcp_unregister_device
2023/05/29 09:31 upstream 7877cb91f108 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/05/28 21:57 upstream 416839029e38 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/05/26 00:21 upstream 9db898594c54 0513b3e6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: corrupted list in nfc_llcp_unregister_device
2023/05/23 16:11 upstream ae8373a5add4 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/05/18 12:53 upstream 1b66c114d161 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: corrupted list in nfc_llcp_unregister_device
2023/05/06 00:19 upstream 78b421b6a7c6 4cec9341 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/03/30 15:19 upstream ffe78bbd5121 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: corrupted list in nfc_llcp_unregister_device
2023/03/30 09:13 upstream ffe78bbd5121 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/03/29 19:08 upstream fcd476ea6a88 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/02/23 01:17 upstream 5b7c4cabbb65 409945bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: corrupted list in nfc_llcp_unregister_device
2023/02/08 19:26 upstream 0983f6bf2bfc fc9c934e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/02/06 02:46 upstream 837c07cf68fe be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: corrupted list in nfc_llcp_unregister_device
2023/02/05 02:10 upstream 0136d86b7852 be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/02/05 01:27 upstream 0136d86b7852 be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/02/01 11:15 upstream 58706f7fb045 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce BUG: corrupted list in nfc_llcp_unregister_device
2023/01/31 01:34 upstream 6d796c50f84c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: corrupted list in nfc_llcp_unregister_device
2023/01/30 19:24 upstream 6d796c50f84c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/01/29 11:33 upstream c96618275234 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root BUG: corrupted list in nfc_llcp_unregister_device
2023/06/01 06:36 upstream 929ed21dfdb6 babc4389 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 BUG: corrupted list in nfc_llcp_unregister_device
2023/04/14 18:45 upstream 7a934f4bd7d6 ec410564 .config console log report info ci-qemu2-arm64 BUG: corrupted list in nfc_llcp_unregister_device
2023/03/05 20:19 upstream f915322fe014 f8902b57 .config console log report info ci-qemu2-arm64-mte BUG: corrupted list in nfc_llcp_unregister_device
2023/02/17 16:24 upstream ec35307e18ba 3e7039f4 .config console log report info ci-qemu-upstream-386 BUG: corrupted list in nfc_llcp_unregister_device
2023/01/27 20:24 upstream 7c46948a6e9c 7374c4e5 .config console log report info ci-qemu-upstream-386 BUG: corrupted list in nfc_llcp_unregister_device
2023/05/24 03:47 linux-next 715abedee4cd 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/05/23 06:12 linux-next 715abedee4cd 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/03/21 02:24 linux-next 73f2c2a7e1d2 7939252e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/03/17 19:04 linux-next 6f08c1de13a9 18b58603 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/01/29 06:41 linux-next e2f86c02fdc9 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/01/26 16:11 linux-next 691781f561e9 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2022/11/28 00:10 linux-next 9e46a7996732 74a66371 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in nfc_llcp_unregister_device
2023/02/11 23:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2d3827b3f393 93e26d60 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in nfc_llcp_unregister_device
2023/01/31 05:50 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c62c88e05937 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: corrupted list in nfc_llcp_unregister_device
2023/05/13 15:29 upstream 9a48d6046722 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/04/08 06:10 upstream aa318c48808c 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/02/04 03:11 upstream 7b753a909f42 1b2f701a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/02/02 15:03 upstream 9f266ccaa2f5 16d19e30 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/01/23 12:16 upstream 2475bf0250de 44388686 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/05/25 15:56 upstream 933174ae28ba 51e154a0 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/05/21 05:35 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/05/08 08:09 upstream ac9a78681b92 90c93c40 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/05/03 13:07 upstream 348551ddaf31 48e0a81d .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/04/27 04:21 upstream 6e98b09da931 19a3dabe .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/04/21 01:17 upstream 6a66fdd29ea1 2b32bd34 .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/04/08 09:27 upstream aa318c48808c 71147e29 .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/04/05 19:05 upstream 99ddf2254feb 8b834965 .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/04/02 22:29 upstream 6ab608fe852b f325deb0 .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/03/30 18:15 upstream 8bb95a1662f8 f325deb0 .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/03/12 16:56 upstream 134231664868 5205ef30 .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/03/04 02:06 upstream fb35342f0a68 f8902b57 .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/02/27 21:09 upstream 982818426a0f 95aee97a .config console log report info ci-qemu2-arm64-mte KASAN: slab-use-after-free Read in nfc_llcp_unregister_device
2023/02/18 23:17 upstream 38f8ccde04a3 bcdf85f8 .config console log report info ci-qemu-upstream-386 KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/02/14 21:22 upstream 0983f6bf2bfc de9aae38 .config console log report info ci-qemu2-arm64-mte KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/01/28 11:20 upstream 5af6ce704936 7374c4e5 .config console log report info ci-qemu2-arm64-mte KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/01/24 13:28 upstream 7bf70dbb1882 7374c4e5 .config console log report info ci-qemu-upstream-386 KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/03/02 19:32 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2ebd1fbb946d f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 KASAN: use-after-free Read in nfc_llcp_unregister_device
2023/01/14 09:35 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9598c377d828 529798b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in nfc_llcp_unregister_device
* Struck through repros no longer work on HEAD.