WARNING in __alloc_pages_nodemask
33 views
Skip to first unread message
syzbot
Apr 10, 2019, 8:00:19 PM4/10/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b859aa7d ANDROID: squashfs: resolve merge conflict with 4...
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=176617e1400000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0bdd1b757a6ba0b
dashboard link: https://syzkaller.appspot.com/bug?extid=e63021828e3d49c5b86f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13aa94da400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13a1e98e400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e63021...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1536372551.684:7): avc: denied { map } for
pid=1782 comm="syz-executor020" path="/root/syz-executor020758680"
dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1782 at mm/page_alloc.c:3889 __alloc_pages_slowpath
mm/page_alloc.c:3889 [inline]
WARNING: CPU: 0 PID: 1782 at mm/page_alloc.c:3889
__alloc_pages_nodemask+0x1662/0x2300 mm/page_alloc.c:4222
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 1782 Comm: syz-executor020 Not tainted 4.14.68+ #4
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
panic+0x1bf/0x3a4 kernel/panic.c:181
__warn.cold.7+0x148/0x185 kernel/panic.c:542
report_bug+0x1f7/0x26c lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
do_error_trap+0x1ba/0x2c0 arch/x86/kernel/traps.c:295
invalid_op+0x18/0x40 arch/x86/entry/entry_64.S:944
RIP: 0010:__alloc_pages_slowpath mm/page_alloc.c:3889 [inline]
RIP: 0010:__alloc_pages_nodemask+0x1662/0x2300 mm/page_alloc.c:4222
RSP: 0018:ffff8801d218f1a0 EFLAGS: 00010246
RAX: 00000000ffff9a87 RBX: 0000000000000000 RCX: ffffffffa421e890
RDX: 1ffffffff47c1200 RSI: 0000000000000001 RDI: 00000000014040c0
RBP: ffff8801d0c25e00 R08: 0000000000000001 R09: 00000000000a7caa
R10: ffff8801d0c26680 R11: 0000000000000000 R12: 00000000014040c0
R13: 0000000000000000 R14: 00000000014040c0 R15: ffff8801d218f3b0
__alloc_pages include/linux/gfp.h:461 [inline]
__alloc_pages_node include/linux/gfp.h:474 [inline]
alloc_pages_node include/linux/gfp.h:488 [inline]
kmalloc_order+0x1f/0x60 mm/slab_common.c:1126
kmalloc_order_trace+0x18/0x160 mm/slab_common.c:1137
kmalloc include/linux/slab.h:493 [inline]
str_read+0x32/0x150 security/selinux/ss/policydb.c:1102
common_read+0x265/0x370 security/selinux/ss/policydb.c:1175
policydb_read+0xcdd/0x2380 security/selinux/ss/policydb.c:2406
security_load_policy+0x25a/0x980 security/selinux/ss/services.c:2106
sel_write_load+0x1ff/0x1000 security/selinux/selinuxfs.c:503
__vfs_write+0xf4/0x5c0 fs/read_write.c:482
vfs_write+0x17f/0x4d0 fs/read_write.c:546
SYSC_write fs/read_write.c:593 [inline]
SyS_write+0xc2/0x1a0 fs/read_write.c:585
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440049
RSP: 002b:00007ffd7070cba8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440049
RDX: 0000000000000163 RSI: 0000000020000380 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018d0
R13: 0000000000401960 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x20a00000 from 0xffffffff81000000 (relocation range:
0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: b859aa7d ANDROID: squashfs: resolve merge conflict with 4...
git tree: android-4.14
console output: https://syzkaller.appspot.com/x/log.txt?x=176617e1400000
kernel config: https://syzkaller.appspot.com/x/.config?x=c0bdd1b757a6ba0b
dashboard link: https://syzkaller.appspot.com/bug?extid=e63021828e3d49c5b86f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13aa94da400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13a1e98e400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e63021...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1536372551.684:7): avc: denied { map } for
pid=1782 comm="syz-executor020" path="/root/syz-executor020758680"
dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1782 at mm/page_alloc.c:3889 __alloc_pages_slowpath
mm/page_alloc.c:3889 [inline]
WARNING: CPU: 0 PID: 1782 at mm/page_alloc.c:3889
__alloc_pages_nodemask+0x1662/0x2300 mm/page_alloc.c:4222
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 1782 Comm: syz-executor020 Not tainted 4.14.68+ #4
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xb9/0x11b lib/dump_stack.c:53
panic+0x1bf/0x3a4 kernel/panic.c:181
__warn.cold.7+0x148/0x185 kernel/panic.c:542
report_bug+0x1f7/0x26c lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:177 [inline]
do_error_trap+0x1ba/0x2c0 arch/x86/kernel/traps.c:295
invalid_op+0x18/0x40 arch/x86/entry/entry_64.S:944
RIP: 0010:__alloc_pages_slowpath mm/page_alloc.c:3889 [inline]
RIP: 0010:__alloc_pages_nodemask+0x1662/0x2300 mm/page_alloc.c:4222
RSP: 0018:ffff8801d218f1a0 EFLAGS: 00010246
RAX: 00000000ffff9a87 RBX: 0000000000000000 RCX: ffffffffa421e890
RDX: 1ffffffff47c1200 RSI: 0000000000000001 RDI: 00000000014040c0
RBP: ffff8801d0c25e00 R08: 0000000000000001 R09: 00000000000a7caa
R10: ffff8801d0c26680 R11: 0000000000000000 R12: 00000000014040c0
R13: 0000000000000000 R14: 00000000014040c0 R15: ffff8801d218f3b0
__alloc_pages include/linux/gfp.h:461 [inline]
__alloc_pages_node include/linux/gfp.h:474 [inline]
alloc_pages_node include/linux/gfp.h:488 [inline]
kmalloc_order+0x1f/0x60 mm/slab_common.c:1126
kmalloc_order_trace+0x18/0x160 mm/slab_common.c:1137
kmalloc include/linux/slab.h:493 [inline]
str_read+0x32/0x150 security/selinux/ss/policydb.c:1102
common_read+0x265/0x370 security/selinux/ss/policydb.c:1175
policydb_read+0xcdd/0x2380 security/selinux/ss/policydb.c:2406
security_load_policy+0x25a/0x980 security/selinux/ss/services.c:2106
sel_write_load+0x1ff/0x1000 security/selinux/selinuxfs.c:503
__vfs_write+0xf4/0x5c0 fs/read_write.c:482
vfs_write+0x17f/0x4d0 fs/read_write.c:546
SYSC_write fs/read_write.c:593 [inline]
SyS_write+0xc2/0x1a0 fs/read_write.c:585
do_syscall_64+0x19b/0x4b0 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440049
RSP: 002b:00007ffd7070cba8 EFLAGS: 00000213 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440049
RDX: 0000000000000163 RSI: 0000000020000380 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000213 R12: 00000000004018d0
R13: 0000000000401960 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: 0x20a00000 from 0xffffffff81000000 (relocation range:
0xffffffff80000000-0xffffffffbfffffff)
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Apr 11, 2019, 4:44:27 AM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 09eb2ba5 ANDROID: x86_64_cuttlefish_defconfig: Enable lz4 ..
syzbot found the following crash on:
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=15cb9dfe400000
kernel config: https://syzkaller.appspot.com/x/.config?x=18438f2a4429a3c4
dashboard link: https://syzkaller.appspot.com/bug?extid=a909b7889d28cf463b04
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13311ce1400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=142bca0a400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
random: sshd: uninitialized urandom read (32 bytes read)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2225 at mm/page_alloc.c:3556 __alloc_pages_slowpath
mm/page_alloc.c:3556 [inline]
WARNING: CPU: 0 PID: 2225 at mm/page_alloc.c:3556
__alloc_pages_nodemask+0x1189/0x1b90 mm/page_alloc.c:3862
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2225 Comm: syz-executor518 Not tainted 4.9.124+ #32
ffff8801bee27700 ffffffff81af4529 ffffffff82838de0 00000000ffffffff
0000000000000000 0000000000000000 0000000000000de4 ffff8801bee277c0
ffffffff813f1b55 0000000041b58ab3 ffffffff82c2889b ffffffff813f1996
Call Trace:
[<ffffffff81af4529>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81af4529>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff813f1b55>] panic+0x1bf/0x39f kernel/panic.c:179
[<ffffffff813f1e24>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff810dcebc>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff81423449>] __alloc_pages_slowpath mm/page_alloc.c:3556 [inline]
[<ffffffff81423449>] __alloc_pages_nodemask+0x1189/0x1b90
mm/page_alloc.c:3862
[<ffffffff8146fb6a>] __alloc_pages include/linux/gfp.h:433 [inline]
[<ffffffff8146fb6a>] __alloc_pages_node include/linux/gfp.h:446 [inline]
[<ffffffff8146fb6a>] alloc_pages_node include/linux/gfp.h:460 [inline]
[<ffffffff8146fb6a>] kmalloc_order+0x2a/0x70 mm/slab_common.c:1043
[<ffffffff8146fbcf>] kmalloc_order_trace+0x1f/0x190 mm/slab_common.c:1054
[<ffffffff814e1124>] kmalloc_large include/linux/slab.h:422 [inline]
[<ffffffff814e1124>] __kmalloc+0x194/0x300 mm/slub.c:3730
[<ffffffff81d3b408>] kmalloc include/linux/slab.h:495 [inline]
[<ffffffff81d3b408>] vga_arb_write+0xd8/0xcc0 drivers/gpu/vga/vgaarb.c:1032
[<ffffffff814fa895>] __vfs_write+0x115/0x580 fs/read_write.c:507
[<ffffffff814fd3a7>] vfs_write+0x187/0x520 fs/read_write.c:557
[<ffffffff815011d9>] SYSC_write fs/read_write.c:604 [inline]
[<ffffffff815011d9>] SyS_write+0xd9/0x1c0 fs/read_write.c:596
[<ffffffff8100554f>] do_syscall_64+0x19f/0x480 arch/x86/entry/common.c:282
[<ffffffff8278ba53>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
(ftrace buffer empty)
syzbot
Apr 11, 2019, 8:00:33 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b68e78cf BACKPORT: arm64/vdso: Fix nsec handling for CLOCK..
syzbot found the following crash on:
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=12f05cd1400000
kernel config: https://syzkaller.appspot.com/x/.config?x=7e912d922815a1c1
dashboard link: https://syzkaller.appspot.com/bug?extid=0da6e7447c32555b6b5e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=108e17e1400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=170694da400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2072 at mm/page_alloc.c:3069 __alloc_pages_slowpath
mm/page_alloc.c:3069 [inline]()
WARNING: CPU: 0 PID: 2072 at mm/page_alloc.c:3069
__alloc_pages_nodemask+0x1139/0x1430 mm/page_alloc.c:3313()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2072 Comm: syz-executor954 Not tainted 4.4.154+ #97
0000000000000000 c8ec66adc4324111 ffff8801d3c9f728 ffffffff81a54fed
ffffffff82835440 ffff8801d4ed97c0 ffffffff828848e0 0000000000000009
0000000000000bfd ffff8801d3c9f7e8 ffffffff8138a884 0000000041b58ab3
Call Trace:
[<ffffffff81a54fed>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81a54fed>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff8138a884>] panic+0x19e/0x359 kernel/panic.c:112
[<ffffffff8138aa74>] warn_slowpath_common.cold.6+0x20/0x20
kernel/panic.c:455
[<ffffffff810d17a9>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492
[<ffffffff813b5f19>] __alloc_pages_slowpath mm/page_alloc.c:3069 [inline]
[<ffffffff813b5f19>] __alloc_pages_nodemask+0x1139/0x1430
mm/page_alloc.c:3313
[<ffffffff813b6922>] __alloc_pages include/linux/gfp.h:415 [inline]
[<ffffffff813b6922>] __alloc_pages_node include/linux/gfp.h:428 [inline]
[<ffffffff813b6922>] alloc_pages_node include/linux/gfp.h:442 [inline]
[<ffffffff813b6922>] alloc_kmem_pages+0x12/0x20 mm/page_alloc.c:3492
[<ffffffff813f85ff>] kmalloc_order+0x1f/0x70 mm/slab_common.c:1014
[<ffffffff813f866f>] kmalloc_order_trace+0x1f/0x1a0 mm/slab_common.c:1025
[<ffffffff8145cc2e>] kmalloc_large include/linux/slab.h:408 [inline]
[<ffffffff8145cc2e>] __kmalloc+0x1be/0x330 mm/slub.c:3602
[<ffffffff81c922f8>] kmalloc include/linux/slab.h:481 [inline]
[<ffffffff81c922f8>] vga_arb_write+0xd8/0xcb0 drivers/gpu/vga/vgaarb.c:926
[<ffffffff814727cc>] __vfs_write+0x11c/0x3e0 fs/read_write.c:489
[<ffffffff8147444e>] vfs_write+0x17e/0x4e0 fs/read_write.c:538
[<ffffffff81476a89>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff81476a89>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
[<ffffffff82690521>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Reply all
Reply to author
Forward
0 new messages