search

google / syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer
Apache License 2.0
5.35k stars 1.23k forks source link

pkg/repro: does not reproduce original bugs #5426

Open dvyukov opened 1 day ago

dvyukov commented 1 day ago

This needs to be additionally confirmed, but filing here so it's not lost. I've run an instance on commit f1e4447ce91d33c3785db1a7c2bafc768eb3f790 (Linux commit 715ca9dd687f89ddaac8ec8ccb3b5e5a30311a99). It tried to do 86 reproductions, reproduction finished with a crash in only 36 runs, and only in 4 runs the resulting crash matched the one we tried to reproduce. This looks like too low number for both, may suggest some bug.

Orignal crash Resulting crash
kernel BUG in next_uptodate_folio  
possible deadlock in __ext4_mark_inode_dirty  
general protection fault in put_pwq_unlocked  
possible deadlock in ext4_xattr_set_handle  
WARNING in kvm_put_kvm  
WARNING: locking bug in srcu_gp_start_if_needed general protection fault in put_pwq_unlocked
possible deadlock in ntfs_read_folio  
possible deadlock in f2fs_get_node_info  
general protection fault in dst_dev_put  
possible deadlock in ntfs_set_size  
possible deadlock in jfs_set_acl general protection fault in lmLogSync
KASAN: wild-memory-access Read in __timer_delete_sync  
possible deadlock in f2fs_handle_error  
WARNING: refcount bug in sco_conn_del  
BUG: unable to handle kernel NULL pointer dereference in deactivate_slab general protection fault in put_pwq_unlocked
INFO: rcu detected stall in file_free  
KASAN: global-out-of-bounds Read in __timer_delete  
possible deadlock in join_transaction WARNING in plfxlc_mac_release
WARNING in current_check_refer_path WARNING in current_check_refer_path
WARNING in try_check_zero WARNING: locking bug in rcu_pending_exit
INFO: rcu detected stall in vms_gather_munmap_vmas INFO: task hung in bch2_copygc_stop
possible deadlock in diAllocAG KASAN: slab-use-after-free Read in release_metapage
kernel BUG in submit_bh_wbc BUG: MAX_LOCKDEP_KEYS too low!
INFO: rcu detected stall in udp_setsockopt  
possible deadlock in __jfs_setxattr WARNING: locking bug in rcu_pending_pcpu_dequeue
WARNING in hci_recv_frame  
SYZFAIL: repeatedly failed to execute the program  
WARNING: refcount bug in sco_sock_timeout  
INFO: rcu detected stall in shmem_file_write_iter  
INFO: rcu detected stall in rawv6_setsockopt  
possible deadlock in xfs_ilock kernel BUG in __bch2_trans_commit
general protection fault in aml_open general protection fault in aml_open
KASAN: stack-out-of-bounds Write in imageblit  
KASAN: slab-use-after-free Read in stop_tty  
WARNING in bch2_trans_put WARNING: locking bug in rcu_pending_exit
INFO: rcu detected stall in x64_sys_call WARNING: locking bug in rcu_pending_exit
WARNING in srcu_check_nmi_safety WARNING: locking bug in rcu_pending_exit
BUG: unable to handle kernel paging request in bitfill_aligned  
WARNING in ib_uverbs_release_dev  
KASAN: slab-use-after-free Read in hci_sock_get_cookie  
WARNING in io_ring_exit_work INFO: rcu detected stall in corrupted
INFO: task hung in del_device_store  
BUG: using smp_processor_id() in preemptible code in nft_inner_eval INFO: task hung in __closure_sync_timeout
possible deadlock in ext4_evict_inode  
BUG: unable to handle kernel NULL pointer dereference in __put_partials WARNING: locking bug in rcu_pending_exit
WARNING in delayed_work_timer_fn BUG: MAX_LOCKDEP_KEYS too low!
WARNING in kvm_dev_ioctl  
WARNING in ieee80211_rx_list  
possible deadlock in jfs_mount_rw  
WARNING in _xfs_buf_alloc  
WARNING: locking bug in rcu_pending_pcpu_dequeue WARNING: locking bug in rcu_pending_exit
possible deadlock in mgmt_set_connectable_complete  
INFO: task hung in blk_mq_get_tag INFO: task hung in blk_mq_get_tag
INFO: rcu detected stall in chrdev_open  
INFO: task hung in exit_mm  
general protection fault in xlog_cil_push_work WARNING: locking bug in rcu_pending_exit
possible deadlock in diFree lost connection to test machine
general protection fault in xfs_buf_bio_end_io WARNING: locking bug in rcu_pending_exit
WARNING in kernfs_get  
INFO: task hung in __closure_sync_timeout  
possible deadlock in nilfs_evict_inode BUG: MAX_LOCKDEP_KEYS too low!
INFO: task hung in nfsd_nl_threads_get_doit INFO: task hung in __alloc_workqueue
KASAN: vmalloc-out-of-bounds Write in tpg_fill_plane_buffer  
WARNING: locking bug in f2fs_getxattr  
INFO: task hung in ext4_evict_ea_inode  
WARNING: locking bug in rcu_pending_exit general protection fault in put_pwq_unlocked
INFO: rcu detected stall in rtnl_newlink  
possible deadlock in f2fs_evict_inode  
WARNING: locking bug in ext4_mb_add_groupinfo  
WARNING in cleanup_mnt WARNING: locking bug in rcu_pending_exit
INFO: task hung in genl_rcv_msg  
KASAN: slab-use-after-free Read in move_to_new_folio  
INFO: task hung in disable_device  
general protection fault in ip6_pol_route  
KASAN: slab-use-after-free Read in handle_tx  
INFO: task hung in do_renameat2 INFO: task hung in jfs_commit_inode
INFO: task hung in f2fs_stop_gc_thread  
general protection fault in gtp_dellink BUG: MAX_LOCKDEP_KEYS too low!
general protection fault in wg_packet_receive WARNING: locking bug in rcu_pending_exit
WARNING: locking bug in sco_sock_timeout WARNING in bch2_fs_release
BUG: unable to handle kernel paging request in drm_fbdev_ttm_helper_fb_dirty lost connection to test machine
INFO: task hung in ima_file_free INFO: task hung in ima_file_free
possible deadlock in f2fs_record_stop_reason  
general protection fault in __fib6_drop_pcpu_from  
KASAN: slab-use-after-free Read in bch2_get_next_online_dev WARNING: locking bug in rcu_pending_exit
WARNING in call_s_stream general protection fault in put_pwq_unlocked
dvyukov commented 4 hours ago

My instances used "dashboard_only_repro": true mode. @a-nogikh hypothesis is that this is WAI, it just tried to reproduce only crashes that are notoriously hard to reproduce (syzbot did not manage so far). This sounds plausible.

Then there may be another action item here: