[syzbot] [block?] BUG: corrupted list in loop_process_work

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+c104904eeb2c0edbdb06@syzkaller.appspotmail.com>
To: axboe@kernel.dk, linux-block@vger.kernel.org,
	linux-kernel@vger.kernel.org,  syzkaller-bugs@googlegroups.com,
	zhaoyang.huang@unisoc.com
Subject: [syzbot] [block?] BUG: corrupted list in loop_process_work
Date: Fri, 14 Feb 2025 11:58:24 -0800	[thread overview]
Message-ID: <67afa060.050a0220.21dd3.0051.GAE@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    c674aa7c289e Add linux-next specific files for 20250212
git tree:       linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=125063f8580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=a0fd539126ae5541
dashboard link: https://syzkaller.appspot.com/bug?extid=c104904eeb2c0edbdb06
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=158a3bdf980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=17e18aa4580000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cc5b357d26d3/disk-c674aa7c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/11dcf272a27b/vmlinux-c674aa7c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4e487b1c1c6e/bzImage-c674aa7c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/4ea41e9eae4d/mount_0.gz

The issue was bisected to:

commit 3bee991f2b68175c828dc3f9c26367fe1827319a
Author: Zhaoyang Huang <zhaoyang.huang@unisoc.com>
Date:   Fri Feb 7 09:19:42 2025 +0000

    loop: release the lo_work_lock before queue_work

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=161029b0580000
final oops:     https://syzkaller.appspot.com/x/report.txt?x=151029b0580000
console output: https://syzkaller.appspot.com/x/log.txt?x=111029b0580000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c104904eeb2c0edbdb06@syzkaller.appspotmail.com
Fixes: 3bee991f2b68 ("loop: release the lo_work_lock before queue_work")

list_add double add: new=ffff88807fe21c70, prev=ffff88807fe21c70, next=ffff888024c29160.
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:37!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.14.0-rc2-next-20250212-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Workqueue: loop0 loop_workfn
RIP: 0010:__list_add_valid_or_report+0xa4/0x130 lib/list_debug.c:35
Code: f7 74 11 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 c7 c7 40 e5 60 8c 4c 89 fe 4c 89 e2 4c 89 f1 e8 fd 88 35 fc 90 <0f> 0b 48 c7 c7 40 e3 60 8c e8 ee 88 35 fc 90 0f 0b 48 c7 c7 e0 e3
RSP: 0018:ffffc90000117628 EFLAGS: 00010046
RAX: 0000000000000058 RBX: 1ffff1100ffc438e RCX: 89e05f8d6ffcb000
RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
RBP: 1ffff1100498522d R08: ffffffff819f562c R09: 1ffff92000022e60
R10: dffffc0000000000 R11: fffff52000022e61 R12: ffff88807fe21c70
R13: dffffc0000000000 R14: ffff888024c29160 R15: ffff88807fe21c70
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff4b64ffe00 CR3: 000000007cfa4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_add_valid include/linux/list.h:88 [inline]
 __list_add include/linux/list.h:150 [inline]
 list_add_tail include/linux/list.h:183 [inline]
 loop_process_work+0x1f96/0x21c0 drivers/block/loop.c:1977
 process_one_work kernel/workqueue.c:3236 [inline]
 process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
 worker_thread+0x870/0xd30 kernel/workqueue.c:3398
 kthread+0x7a9/0x920 kernel/kthread.c:464
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_add_valid_or_report+0xa4/0x130 lib/list_debug.c:35
Code: f7 74 11 b0 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 c7 c7 40 e5 60 8c 4c 89 fe 4c 89 e2 4c 89 f1 e8 fd 88 35 fc 90 <0f> 0b 48 c7 c7 40 e3 60 8c e8 ee 88 35 fc 90 0f 0b 48 c7 c7 e0 e3
RSP: 0018:ffffc90000117628 EFLAGS: 00010046
RAX: 0000000000000058 RBX: 1ffff1100ffc438e RCX: 89e05f8d6ffcb000
RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
RBP: 1ffff1100498522d R08: ffffffff819f562c R09: 1ffff92000022e60
R10: dffffc0000000000 R11: fffff52000022e61 R12: ffff88807fe21c70
R13: dffffc0000000000 R14: ffff888024c29160 R15: ffff88807fe21c70
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff4b64ffe00 CR3: 000000007cfa4000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

next             reply	other threads:[~2025-02-14 19:58 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-14 19:58 syzbot [this message]
2025-02-15 23:40 ` [syzbot] [block?] BUG: corrupted list in loop_process_work Hillf Danton
2025-02-16  2:00   ` syzbot
2025-02-17  5:57 ` reply: " 黄朝阳 (Zhaoyang Huang)
2025-02-18  2:49   ` Zhaoyang Huang
2025-02-18  3:33     ` Ming Lei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=67afa060.050a0220.21dd3.0051.GAE@google.com \
    --to=syzbot+c104904eeb2c0edbdb06@syzkaller.appspotmail.com \
    --cc=axboe@kernel.dk \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=zhaoyang.huang@unisoc.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.