WARNING in __brelse
32 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:58 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 140cda10 ANDROID: revert the rest of ANDROID_PARANOID_NETW..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1700472f200000
kernel config: https://syzkaller.appspot.com/x/.config?x=b24484e4972f20b
dashboard link: https://syzkaller.appspot.com/bug?extid=82944136071a6d213266
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=123c1b2f200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ba9673200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+829441...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1554217075.873:7): avc: denied { map } for
pid=1794 comm="syz-executor431" path="/root/syz-executor431875882"
dev="sda1" ino=16351 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
VFS: brelse: Trying to free free buffer
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1794 at fs/buffer.c:1206 __brelse fs/buffer.c:1206
[inline]
WARNING: CPU: 1 PID: 1794 at fs/buffer.c:1206 __brelse.cold+0x11/0x18
fs/buffer.c:1200
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 1794 Comm: syz-executor431 Not tainted 4.14.109+ #46
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
panic+0x1d9/0x3c2 kernel/panic.c:182
__warn.cold+0x2f/0x3b kernel/panic.c:546
Kernel Offset: 0x35200000 from 0xffffffff81000000 (relocation range:
0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 140cda10 ANDROID: revert the rest of ANDROID_PARANOID_NETW..
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=1700472f200000
kernel config: https://syzkaller.appspot.com/x/.config?x=b24484e4972f20b
dashboard link: https://syzkaller.appspot.com/bug?extid=82944136071a6d213266
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=123c1b2f200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ba9673200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+829441...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1554217075.873:7): avc: denied { map } for
pid=1794 comm="syz-executor431" path="/root/syz-executor431875882"
dev="sda1" ino=16351 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
VFS: brelse: Trying to free free buffer
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1794 at fs/buffer.c:1206 __brelse fs/buffer.c:1206
[inline]
WARNING: CPU: 1 PID: 1794 at fs/buffer.c:1206 __brelse.cold+0x11/0x18
fs/buffer.c:1200
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 1794 Comm: syz-executor431 Not tainted 4.14.109+ #46
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x10e lib/dump_stack.c:53
panic+0x1d9/0x3c2 kernel/panic.c:182
__warn.cold+0x2f/0x3b kernel/panic.c:546
Kernel Offset: 0x35200000 from 0xffffffff81000000 (relocation range:
0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 13, 2019, 8:00:33 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 5f5c1657 UPSTREAM: virt_wifi: Remove REGULATORY_WIPHY_SELF..
syzbot found the following crash on:
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1540704b200000
kernel config: https://syzkaller.appspot.com/x/.config?x=a99a3470ebe9a85e
dashboard link: https://syzkaller.appspot.com/bug?extid=dea3831bfc5dae8a83d9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=140ee52f200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=102ebc73200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
random: crng init done
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2060 at fs/buffer.c:1197 __brelse fs/buffer.c:1197
[inline]
WARNING: CPU: 0 PID: 2060 at fs/buffer.c:1197 __brelse+0x6c/0x80
fs/buffer.c:1191
VFS: brelse: Trying to free free buffer
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2060 Comm: syz-executor543 Not tainted 4.9.166+ #35
ffff8801cedaf8b0 ffffffff81b4ef81 ffff8801cedafa00 ffffffff82a39ba0
00000000ffffffff 0000000000000000 0000000000000009 ffff8801cedaf990
ffffffff813f91aa 0000000041b58ab3 ffffffff82e2ec1a ffffffff813f8fd1
Call Trace:
[<00000000034285cb>] __dump_stack lib/dump_stack.c:15 [inline]
[<00000000034285cb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<0000000027e5214a>] panic+0x1d9/0x3bd kernel/panic.c:180
[<00000000fc65cc8a>] __warn.cold+0x2f/0x2f kernel/panic.c:546
[<00000000370e8802>] warn_slowpath_fmt+0xc2/0x100 kernel/panic.c:569
[<00000000f6ca6260>] __brelse fs/buffer.c:1197 [inline]
[<00000000f6ca6260>] __brelse+0x6c/0x80 fs/buffer.c:1191
[<000000001bf99807>] brelse include/linux/buffer_head.h:288 [inline]
[<000000001bf99807>] ext4_ind_remove_space+0xfa3/0x13e0
fs/ext4/indirect.c:1390
[<00000000017d29df>] ext4_punch_hole+0xb28/0x1000 fs/ext4/inode.c:4104
[<0000000043d49354>] ext4_fallocate+0x34e/0x2070 fs/ext4/extents.c:4951
[<000000006e11dd45>] vfs_fallocate+0x407/0x6a0 fs/open.c:329
[<00000000daca6fc8>] SYSC_fallocate fs/open.c:352 [inline]
[<00000000daca6fc8>] SyS_fallocate+0x52/0x90 fs/open.c:346
[<000000000200ae04>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<00000000ad22cc6b>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Kernel Offset: disabled
Reply all
Reply to author
Forward
0 new messages