Hello,
syzbot found the following crash on:
HEAD commit: b859aa7d ANDROID: squashfs: resolve merge conflict with 4...
git tree: android-4.14
console output:
https://syzkaller.appspot.com/x/log.txt?x=176617e1400000
kernel config:
https://syzkaller.appspot.com/x/.config?x=c0bdd1b757a6ba0b
dashboard link:
https://syzkaller.appspot.com/bug?extid=e63021828e3d49c5b86f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=13aa94da400000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=13a1e98e400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+e63021...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1536372551.684:7): avc: denied { map } for
pid=1782 comm="syz-executor020" path="/root/syz-executor020758680"
dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1782 at mm/page_alloc.c:3889 __alloc_pages_slowpath
mm/page_alloc.c:3889 [inline]
WARNING: CPU: 0 PID: 1782 at mm/page_alloc.c:3889
__alloc_pages_nodemask+0x1662/0x2300 mm/page_alloc.c:4222
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 1782 Comm: syz-executor020 Not tainted 4.14.68+ #4
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
panic+0x1bf/0x3a4 kernel/panic.c:181
__warn.cold.7+0x148/0x185 kernel/panic.c:542
report_bug+0x1f7/0x26c lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
do_error_trap+0x1ba/0x2c0 arch/x86/kernel/traps.c:295
invalid_op+0x18/0x40 arch/x86/entry/entry_64.S:944
RIP: 0010:__alloc_pages_slowpath mm/page_alloc.c:3889 [inline]
RIP: 0010:__alloc_pages_nodemask+0x1662/0x2300 mm/page_alloc.c:4222
RSP: 0018:ffff8801d218f1a0 EFLAGS: 00010246
RAX: 00000000ffff9a87 RBX: 0000000000000000 RCX: ffffffffa421e890
RDX: 1ffffffff47c1200 RSI: 0000000000000001 RDI: 00000000014040c0
RBP: ffff8801d0c25e00 R08: 0000000000000001 R09: 00000000000a7caa
R10: ffff8801d0c26680 R11: 0000000000000000 R12: 00000000014040c0
R13: 0000000000000000 R14: 00000000014040c0 R15: ffff8801d218f3b0
__alloc_pages include/linux/gfp.h:461 [inline]
__alloc_pages_node include/linux/gfp.h:474 [inline]
alloc_pages_node include/linux/gfp.h:488 [inline]
kmalloc_order+0x1f/0x60 mm/slab_common.c:1126
kmalloc_order_trace+0x18/0x160 mm/slab_common.c:1137
kmalloc include/linux/slab.h:493 [inline]
str_read+0x32/0x150 security/selinux/ss/policydb.c:1102
common_read+0x265/0x370 security/selinux/ss/policydb.c:1175
policydb_read+0xcdd/0x2380 security/selinux/ss/policydb.c:2406
security_load_policy+0x25a/0x980 security/selinux/ss/services.c:2106
sel_write_load+0x1ff/0x1000 security/selinux/selinuxfs.c:503
__vfs_write+0xf4/0x5c0 fs/read_write.c:482
vfs_write+0x17f/0x4d0 fs/read_write.c:546
SYSC_write fs/read_write.c:593 [inline]
SyS_write+0xc2/0x1a0 fs/read_write.c:585
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440049
RSP: 002b:00007ffd7070cba8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440049
RDX: 0000000000000163 RSI: 0000000020000380 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018d0
R13: 0000000000401960 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x20a00000 from 0xffffffff81000000 (relocation range:
0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches