syzbot |
sign-in | mailing list | source | docs |
keychord: invalid keycode count 0
=====================================
[ BUG: bad unlock balance detected! ]
binder: 2614:2617 BC_ACQUIRE_DONE node 285 has no pending acquire request
4.9.70-g9542d2a #109 Not tainted
-------------------------------------
syz-executor6/2620 is trying to release lock ([ 136.794724] binder: BINDER_SET_CONTEXT_MGR already set
binder: 2614:2636 ioctl 40046207 0 returned -16
binder_alloc: 2614: binder_alloc_buf, no vma
binder: 2614:2617 transaction failed 29189/-3, size 80-16 line 3130
binder: undelivered TRANSACTION_ERROR: 29189
binder: release 2614:2617 transaction 286 out, still active
binder: unexpected work type, 4, not freed
binder: unexpected work type, 4, not freed
binder: undelivered TRANSACTION_COMPLETE
binder: send failed reply for transaction 286, target dead
mrt_lock) at:
but there are no more locks to release!
other info that might help us debug this:
1 lock held by syz-executor6/2620:
#0: (&p->lock){+.+.+.}, at: [<ffffffff815e4f1d>] seq_read+0xdd/0x1290 fs/seq_file.c:178
stack backtrace:
CPU: 0 PID: 2620 Comm: syz-executor6 Not tainted 4.9.70-g9542d2a #109
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801c4c17948 ffffffff81d90a29 ffffffff849ae9f8 ffff8801bbad1800
ffffffff834df9b4 ffffffff849ae9f8 ffff8801bbad2088 ffff8801c4c17978
ffffffff81235404 dffffc0000000000 ffffffff849ae9f8 00000000ffffffff
Call Trace:
[<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff81235404>] print_unlock_imbalance_bug+0x174/0x1a0 kernel/locking/lockdep.c:3398
[<ffffffff8123ded8>] __lock_release kernel/locking/lockdep.c:3540 [inline]
[<ffffffff8123ded8>] lock_release+0x6f8/0xb80 kernel/locking/lockdep.c:3775
[<ffffffff838a9f8a>] __raw_read_unlock include/linux/rwlock_api_smp.h:225 [inline]
[<ffffffff838a9f8a>] _raw_read_unlock+0x1a/0x50 kernel/locking/spinlock.c:255
[<ffffffff834df9b4>] ipmr_mfc_seq_stop+0xe4/0x140 net/ipv6/ip6mr.c:553
[<ffffffff815e58c3>] seq_read+0xa83/0x1290 fs/seq_file.c:283
[<ffffffff816be57f>] proc_reg_read+0xef/0x170 fs/proc/inode.c:202
[<ffffffff81568ef1>] do_loop_readv_writev.part.17+0x141/0x1e0 fs/read_write.c:714
[<ffffffff8156cd60>] do_loop_readv_writev fs/read_write.c:880 [inline]
[<ffffffff8156cd60>] do_readv_writev+0x520/0x750 fs/read_write.c:874
[<ffffffff8156d014>] vfs_readv+0x84/0xc0 fs/read_write.c:898
[<ffffffff8156d3b5>] do_preadv+0x115/0x1a0 fs/read_write.c:975
[<ffffffff81570690>] SYSC_preadv fs/read_write.c:1025 [inline]
[<ffffffff81570690>] SyS_preadv+0x30/0x40 fs/read_write.c:1020
[<ffffffff838aa405>] entry_SYSCALL_64_fastpath+0x23/0xc6
keychord: invalid keycode count 0
IPVS: Creating netns size=2536 id=16
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 1 PID: 2660 Comm: syz-executor7 Not tainted 4.9.70-g9542d2a #109
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801c4c17990 ffffffff81d90a29 ffff8801c4c17c70 0000000000000000
ffff8801d6ab6e90 ffff8801c4c17b60 ffff8801d6ab6d80 ffff8801c4c17b88
ffffffff8165e557 ffff8801d0fd4800 ffff8801c4c17ae0 00000001d842a067
Call Trace:
[<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
[<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
[<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
[<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
[<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
[<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
[<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
[<ffffffff838ab5d8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
[<ffffffff838aa405>] entry_SYSCALL_64_fastpath+0x23/0xc6
FAULT_FLAG_ALLOW_RETRY missing 30
CPU: 0 PID: 2671 Comm: syz-executor7 Not tainted 4.9.70-g9542d2a #109
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801d1207990 ffffffff81d90a29 ffff8801d1207c70 0000000000000000
ffff8801b8b46110 ffff8801d1207b60 ffff8801b8b46000 ffff8801d1207b88
ffffffff8165e557 ffff8801b7008000 ffff8801d1207ae0 00000001d842a067
Call Trace:
[<ffffffff81d90a29>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d90a29>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8165e557>] handle_userfault+0xa37/0x1300 fs/userfaultfd.c:323
[<ffffffff814cd781>] do_anonymous_page mm/memory.c:2747 [inline]
[<ffffffff814cd781>] handle_pte_fault mm/memory.c:3488 [inline]
[<ffffffff814cd781>] __handle_mm_fault mm/memory.c:3577 [inline]
[<ffffffff814cd781>] handle_mm_fault+0x1fd1/0x2530 mm/memory.c:3614
[<ffffffff810dd452>] __do_page_fault+0x5c2/0xd40 arch/x86/mm/fault.c:1406
[<ffffffff810ddbf7>] do_page_fault+0x27/0x30 arch/x86/mm/fault.c:1469
[<ffffffff838ab5d8>] page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1012
[<ffffffff838aa405>] entry_SYSCALL_64_fastpath+0x23/0xc6
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=33 sclass=netlink_audit_socket pig=2715 comm=syz-executor2
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=33 sclass=netlink_audit_socket pig=2715 comm=syz-executor2
IPVS: Creating netns size=2536 id=17
pktgen: kernel_thread() failed for cpu 0
pktgen: Cannot create thread for cpu 0 (-4)
pktgen: kernel_thread() failed for cpu 1
pktgen: Cannot create thread for cpu 1 (-4)
pktgen: Initialization failed for all threads
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
netlink: 2 bytes leftover after parsing attributes in process `syz-executor1'.
binder: 2832:2834 transaction failed 29189/-22, size 0-0 line 3007
netlink: 21 bytes leftover after parsing attributes in process `syz-executor3'.
netlink: 21 bytes leftover after parsing attributes in process `syz-executor3'.
binder: 2832:2834 transaction failed 29189/-22, size 0-0 line 3007
binder: undelivered TRANSACTION_ERROR: 29189
binder: undelivered TRANSACTION_ERROR: 29189
netlink: 9 bytes leftover after parsing attributes in process `+'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
binder: 2952:2955 unknown command 0
binder: 2952:2955 ioctl c0306201 20000fd0 returned -22
binder: 2952:2959 unknown command 0
binder: 2952:2959 ioctl c0306201 20000fd0 returned -22
netlink: 9 bytes leftover after parsing attributes in process `+'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 9 bytes leftover after parsing attributes in process `+'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 9 bytes leftover after parsing attributes in process `+'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
audit: type=1400 audit(1513623729.737:75): avc: denied { dac_read_search } for pid=3050 comm="syz-executor1" capability=2 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1
netlink: 9 bytes leftover after parsing attributes in process `+'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
netlink: 9 bytes leftover after parsing attributes in process `+'.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
device gre0 entered promiscuous mode
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
keychord: keycode 16224 out of range
keychord: keycode 16224 out of range
tmpfs: No value for mount option '
'
device gre0 entered promiscuous mode
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9822 sclass=netlink_route_socket pig=4336 comm=syz-executor5
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=9822 sclass=netlink_route_socket pig=4336 comm=syz-executor5
binder_alloc: binder_alloc_mmap_handler: 4535 20000000-20002000 already mapped failed -16
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28128 sclass=netlink_route_socket pig=4881 comm=syz-executor4
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=28128 sclass=netlink_route_socket pig=4897 comm=syz-executor4
nla_parse: 113 callbacks suppressed
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor5'.
netlink: 9 bytes leftover after parsing attributes in process `syz-executor4'.
net_ratelimit: 115 callbacks suppressed
A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2017/12/18 19:02 | https://android.googlesource.com/kernel/common android-4.9 | 9542d2a0126e | 1c4160ef | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/18 01:41 | https://android.googlesource.com/kernel/common android-4.9 | 3f1d77ca5f8f | d5beb42a | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/17 05:28 | https://android.googlesource.com/kernel/common android-4.9 | 3f1d77ca5f8f | b6f0c91b | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/14 00:22 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 06ea774d | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/13 13:37 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | ce7f2399 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/13 12:58 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | ce7f2399 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/13 02:31 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 414a185f | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/13 00:17 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 414a185f | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 19:01 | https://android.googlesource.com/kernel/common android-4.9 | fb66dc2a6e5e | 27f5dfef | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 13:04 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 12:38 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 06:41 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/11 03:58 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 17:48 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 17:24 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 15:04 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 09:19 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 06:54 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 04:45 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 01:58 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/10 00:08 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 23:25 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 23:22 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 14:07 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 09:29 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 03:35 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/09 01:07 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 23:10 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5ad0ce95 | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 16:09 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | b0fa969c | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 15:50 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | b0fa969c | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 15:38 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | b0fa969c | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 13:18 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | b0fa969c | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 10:33 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 10:14 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 08:58 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 07:49 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 06:24 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/08 01:19 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/07 22:44 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce | |||||
| 2017/12/07 08:49 | https://android.googlesource.com/kernel/common android-4.9 | f26d3c76d376 | 5d643f8e | .config | console log | report | ci-android-49-kasan-gce |