[syzbot] BUG: corrupted list in remove_nodes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+9cb68ebbbe46dc73843e@syzkaller.appspotmail.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
	rafael@kernel.org, syzkaller-bugs@googlegroups.com
Subject: [syzbot] BUG: corrupted list in remove_nodes
Date: Fri, 25 Nov 2022 01:44:46 -0800	[thread overview]
Message-ID: <000000000000396ded05ee485f93@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    9500fc6e9e60 Merge branch 'for-next/core' into for-kernelci
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=10bf96b5880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b25c9f218686dd5e
dashboard link: https://syzkaller.appspot.com/bug?extid=9cb68ebbbe46dc73843e
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1363e60652f7/disk-9500fc6e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fcc4da811bb6/vmlinux-9500fc6e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0b554298f1fa/Image-9500fc6e.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9cb68ebbbe46dc73843e@syzkaller.appspotmail.com

list_del corruption. next->prev should be ffff0000c9d7ea00, but was 0000000000000000. (next=ffff0000cc0a8d00)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:64!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 8731 Comm: syz-executor.4 Not tainted 6.1.0-rc5-syzkaller-32269-g9500fc6e9e60 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __list_del_entry_valid+0xcc/0xd0 lib/list_debug.c:62
lr : __list_del_entry_valid+0xcc/0xd0 lib/list_debug.c:62
sp : ffff8000153a3990
x29: ffff8000153a3990 x28: ffff0000cc0a8d00 x27: ffff800009a8825c
x26: ffff800009a88240 x25: ffff0000cc0a8d00 x24: ffff0000c6bb5ec0
x23: ffff0000c9d7ea00 x22: 0000000000000000 x21: ffff0000fa4e1730
x20: ffff8000153a3a08 x19: 0000000000000000 x18: 00000000000000c0
x17: 20747562202c3030 x16: ffff80000dc18158 x15: ffff000102341a40
x14: 0000000000000000 x13: 00000000ffffffff x12: ffff000102341a40
x11: ff808000081c6510 x10: 0000000000000000 x9 : 31ba0981391d2e00
x8 : 31ba0981391d2e00 x7 : ffff80000c0b2b74 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff0001fefddcc8 x1 : 0000000100000001 x0 : 000000000000006d
Call trace:
 __list_del_entry_valid+0xcc/0xd0 lib/list_debug.c:62
 __list_del_entry include/linux/list.h:134 [inline]
 list_move_tail include/linux/list.h:229 [inline]
 remove_nodes+0xbc/0x2d0 drivers/base/devres.c:455
 devres_release_all+0x80/0x194 drivers/base/devres.c:529
 device_release+0x28/0xe0 drivers/base/core.c:2321
 kobject_cleanup+0xe8/0x280 lib/kobject.c:673
 kobject_release lib/kobject.c:704 [inline]
 kref_put include/linux/kref.h:65 [inline]
 kobject_put+0x94/0xf8 lib/kobject.c:721
 put_device+0x28/0x40 drivers/base/core.c:3624
 hci_free_dev+0x24/0x34 net/bluetooth/hci_core.c:2560
 vhci_release+0x4c/0x80 drivers/bluetooth/hci_vhci.c:569
 __fput+0x198/0x3e4 fs/file_table.c:320
 ____fput+0x20/0x30 fs/file_table.c:348
 task_work_run+0x100/0x148 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x2dc/0xcac kernel/exit.c:820
 do_group_exit+0x98/0xcc kernel/exit.c:950
 get_signal+0xabc/0xb2c kernel/signal.c:2858
 do_signal+0x128/0x438 arch/arm64/kernel/signal.c:1071
 do_notify_resume+0xc0/0x1f0 arch/arm64/kernel/signal.c:1124
 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
 asm_exit_to_user_mode+0x70/0x84 arch/arm64/kernel/entry-common.c:149
 ret_from_fork+0x1c/0x20 arch/arm64/kernel/entry.S:866
Code: d4210000 f001b780 912e0800 94aa876b (d4210000) 
---[ end trace 0000000000000000 ]---


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

                 reply	other threads:[~2022-11-25  9:45 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000396ded05ee485f93@google.com \
    --to=syzbot+9cb68ebbbe46dc73843e@syzkaller.appspotmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rafael@kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.