syzbot

 sign-in | mailing list | source | docs
🐞 Open [960] 🐞 Fixed [3811] 🐞 Invalid [8185] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

kernel BUG at fs/inode.c:LINE! (2)
Status: upstream: reported C repro on 2020/08/28 13:18
Reported-by: syzbot+c92c93d1f1aaaacdb9db@syzkaller.appspotmail.com
First crash: 641d, last: 599d

Cause bisection: introduced by (bisect log) :
commit a9ed4a6560b8562b7e2e2bed9527e88001f7b682
Author: Marc Zyngier <maz@kernel.org>
Date: Wed Aug 19 16:12:17 2020 +0000

  epoll: Keep a reference on files added to the check list

Crash: WARNING: ODEBUG bug in exit_to_user_mode_prepare (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) [merge commit]:
commit 0fdf68c767c08004ff3a2fc032a139bdaf7826c5
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu Sep 3 15:22:16 2020 +0000

  Merge tag 'media/v5.9-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 kernel BUG in iput C error 2 69d 69d 2/2 fixed on 2022/03/29 10:01
linux-4.19 kernel BUG in iput C error 29 3d08h 361d 0/1 upstream: reported C repro on 2021/06/01 01:19
linux-4.19 kernel BUG at fs/inode.c:LINE! syz done 2 633d 663d 1/1 fixed on 2020/10/01 20:29
linux-4.19 kernel BUG at fs/inode.c:LINE! (2) C done 5 396d 535d 1/1 fixed on 2021/05/29 15:40
linux-4.14 kernel BUG at fs/inode.c:LINE! 1 748d 748d 0/1 auto-closed as invalid on 2020/09/07 09:12
android-54 kernel BUG at fs/inode.c:LINE! C 5 629d 638d 0/2 upstream: reported C repro on 2020/08/27 14:35
upstream kernel BUG at fs/inode.c:LINE! C done 2 1259d 1258d 13/22 fixed on 2019/04/12 21:13
Patch testing requests:
Created Duration User Patch Repo Result
2020/09/02 00:01 9m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2020/09/02 00:00 10m anant.thazhemadam@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2020/09/01 23:59 4m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master error
2020/09/01 21:32 17m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
2020/09/01 21:30 17m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
2020/08/31 05:16 4m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master error
2020/08/31 05:08 10m anant.thazhemadam@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log

Sample crash report:
------------[ cut here ]------------
kernel BUG at fs/inode.c:1668!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9371 Comm: syz-executor300 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:iput+0x6d8/0x6e0 fs/inode.c:1668
Code: ef ff e9 1a fc ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c8 fe ff ff 4c 89 ef e8 62 53 ef ff e9 bb fe ff ff e8 48 7b af ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 53 48 89 f5 48 89 fb 49 bf
RSP: 0018:ffffc9000d347da8 EFLAGS: 00010293
RAX: ffffffff81c580d8 RBX: ffff88808531ab40 RCX: ffff8880869c4000
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000000
RBP: 0000000000000040 R08: ffffffff81c57a60 R09: ffffed1014cc900d
R10: ffffed1014cc900d R11: 0000000000000000 R12: 1ffff11010a63554
R13: dffffc0000000000 R14: ffff88808531ab40 R15: ffff88808531aaa0
FS:  0000000001efe880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd1c88b280 CR3: 00000000a3213000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __sock_release net/socket.c:608 [inline]
 sock_close+0x1c3/0x260 net/socket.c:1277
 __fput+0x34f/0x7b0 fs/file_table.c:281
 task_work_run+0x137/0x1c0 kernel/task_work.c:141
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:140 [inline]
 exit_to_user_mode_prepare+0x11a/0x1e0 kernel/entry/common.c:167
 syscall_exit_to_user_mode+0x82/0x1d0 kernel/entry/common.c:242
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x405891
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffd1c88b260 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000405891
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000000005 R08: 0000000120080522 R09: 0000000120080522
R10: 00007ffd1c88b280 R11: 0000000000000293 R12: 00000000006dbc4c
R13: 000000000000002d R14: 0000000000000064 R15: 0000000000000000
Modules linked in:
---[ end trace 1fd93a73c7fcfd6b ]---
RIP: 0010:iput+0x6d8/0x6e0 fs/inode.c:1668
Code: ef ff e9 1a fc ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c c8 fe ff ff 4c 89 ef e8 62 53 ef ff e9 bb fe ff ff e8 48 7b af ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 53 48 89 f5 48 89 fb 49 bf
RSP: 0018:ffffc9000d347da8 EFLAGS: 00010293
RAX: ffffffff81c580d8 RBX: ffff88808531ab40 RCX: ffff8880869c4000
RDX: 0000000000000000 RSI: 0000000000000040 RDI: 0000000000000000
RBP: 0000000000000040 R08: ffffffff81c57a60 R09: ffffed1014cc900d
R10: ffffed1014cc900d R11: 0000000000000000 R12: 1ffff11010a63554
R13: dffffc0000000000 R14: ffff88808531ab40 R15: ffff88808531aaa0
FS:  0000000001efe880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd1c88b280 CR3: 00000000a3213000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (37):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2020/09/02 21:13 upstream 9c7d619be5a0 abf9ba4f .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/08/29 06:31 upstream 96d454cd2c16 d5a3ae1f .config log report syz C
ci-upstream-kasan-gce-root 2020/08/29 02:17 upstream 96d454cd2c16 d5a3ae1f .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/08/28 00:49 upstream 15bc20c6af4c 816e0689 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/28 00:29 upstream 15bc20c6af4c 816e0689 .config log report syz C
ci-upstream-kasan-gce-root 2020/08/28 00:20 upstream 15bc20c6af4c 816e0689 .config log report syz C
ci-upstream-kasan-gce-root 2020/08/27 14:57 upstream 15bc20c6af4c 816e0689 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/08/27 14:57 upstream 15bc20c6af4c 816e0689 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/27 14:49 upstream 15bc20c6af4c 816e0689 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/08/24 23:15 upstream d012a7190fc1 67b599d1 .config log report syz C
ci-upstream-net-this-kasan-gce 2020/09/03 15:20 net 1996cf46e467 abf9ba4f .config log report syz C
ci-upstream-net-this-kasan-gce 2020/08/31 22:34 net bb8872a1e6bc d5a3ae1f .config log report syz C
ci-upstream-net-this-kasan-gce 2020/08/27 14:56 net 5875568aa187 816e0689 .config log report syz C
ci-upstream-net-kasan-gce 2020/09/03 13:45 net-next d3dfc362e073 abf9ba4f .config log report syz C
ci-upstream-net-kasan-gce 2020/08/31 22:48 net-next c30a3c957c88 d5a3ae1f .config log report syz C
ci-upstream-net-kasan-gce 2020/08/28 20:20 net-next 0baf01942d3d d5a3ae1f .config log report syz C
ci-upstream-net-kasan-gce 2020/08/27 14:55 net-next f09665811b14 816e0689 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/08/29 18:09 linux-next b36c969764ab d5a3ae1f .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/08/28 00:30 linux-next 88abac0b753d 816e0689 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/08/27 15:05 linux-next 88abac0b753d 816e0689 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/08/25 13:58 linux-next 3a00d3dfd4b6 344da168 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/08/25 07:10 linux-next d8be0e12a522 344da168 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/08/25 06:33 linux-next d8be0e12a522 344da168 .config log report syz C
ci-upstream-kasan-gce-root 2020/08/31 22:17 upstream f75aef392f86 d5a3ae1f .config log report syz
ci-upstream-kasan-gce-smack-root 2020/08/31 12:07 upstream dcc5c6f013d8 d5a3ae1f .config log report syz
ci-upstream-kasan-gce-selinux-root 2020/08/27 01:51 upstream 2ac69819ba9e 318430cb .config log report syz
ci-upstream-kasan-gce-386 2020/08/30 19:30 upstream 1127b219ce94 d5a3ae1f .config log report syz
ci-upstream-net-this-kasan-gce 2020/08/27 02:03 net 2e1ec861a605 318430cb .config log report syz
ci-upstream-net-kasan-gce 2020/09/03 22:44 net-next 22b330b622e3 abf9ba4f .config log report syz
ci-upstream-net-kasan-gce 2020/08/26 22:39 net-next ea416e277f09 318430cb .config log report syz
ci-upstream-linux-next-kasan-gce-root 2020/08/26 23:21 linux-next f37be72473a0 318430cb .config log report syz
ci-upstream-kasan-gce 2020/09/15 21:10 upstream fc4f28bb3daf 6989d6f6 .config log report info
ci-upstream-kasan-gce 2020/09/03 05:06 upstream fc3abb53250a abf9ba4f .config log report
ci-upstream-kasan-gce-selinux-root 2020/09/02 03:46 upstream b765a32a2e91 abf9ba4f .config log report
ci-upstream-kasan-gce-smack-root 2020/08/27 22:16 upstream 15bc20c6af4c 816e0689 .config log report
ci-upstream-kasan-gce-selinux-root 2020/08/24 13:14 upstream d012a7190fc1 67b599d1 .config log report
ci-upstream-kasan-gce-386 2020/10/06 04:54 upstream 7575fdda569b 1880b4a9 .config log report info