Hello,
syzbot found the following crash on:
HEAD commit: 1b37d68f ANDROID: Fix massive cpufreq_times memory leaks
git tree: android-4.4
console output:
https://syzkaller.appspot.com/x/log.txt?x=163db4c8400000
kernel config:
https://syzkaller.appspot.com/x/.config?x=36e4962c7a9b82b1
dashboard link:
https://syzkaller.appspot.com/bug?extid=99f7858b4f046076e1bd
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=14810c44400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+99f785...@syzkaller.appspotmail.com
IPVS: Creating netns size=2552 id=5
IPVS: Creating netns size=2552 id=6
IPVS: Creating netns size=2552 id=7
IPVS: Creating netns size=2552 id=8
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral
protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4062 Comm: syz-executor3 Not tainted 4.4.141-g1b37d68 #71
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801d9be1800 task.stack: ffff8800b9878000
RIP: 0010:[<ffffffff8251545d>] [<ffffffff8251545d>]
loop_validate_file+0x20d/0x400 drivers/block/loop.c:667
RSP: 0018:ffff8800b987fb70 EFLAGS: 00010206
RAX: 0000000000000036 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8251542d RDI: 00000000000001b0
RBP: ffff8800b987fb88 R08: ffff8801d9be2128 R09: 0000000000000001
R10: 0000000000000000 R11: ffff8801d9be1800 R12: 0000000000000000
R13: ffff8800ba0b2e00 R14: ffff8800ba0b2e00 R15: ffff8801d6fc60d8
FS: 00007fc978052700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000017258c0 CR3: 00000000b2b14000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffff8801d6fc5f80 0000000000004c00 ffff8800bb3f7a00 ffff8800b987fc18
ffffffff8251bc77 0000000b0000004c 0000000100000000 0000000000000000
0000000300000001 000000000000004c 0000000041b58ab3 ffff8801d6fc60d0
Call Trace:
[<ffffffff8251bc77>] loop_set_fd drivers/block/loop.c:920 [inline]
[<ffffffff8251bc77>] lo_ioctl+0x6a7/0x16c0 drivers/block/loop.c:1367
[<ffffffff81db73e8>] __blkdev_driver_ioctl block/ioctl.c:288 [inline]
[<ffffffff81db73e8>] blkdev_ioctl+0x7b8/0x19c0 block/ioctl.c:584
blk_update_request: I/O error, dev loop3, sector 0
[<ffffffff815d409e>] block_ioctl+0xde/0x120 fs/block_dev.c:1625
[<ffffffff81559cff>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffffff81559cff>] file_ioctl fs/ioctl.c:470 [inline]
[<ffffffff81559cff>] do_vfs_ioctl+0x63f/0xf40 fs/ioctl.c:605
[<ffffffff8155a68f>] SYSC_ioctl fs/ioctl.c:622 [inline]
[<ffffffff8155a68f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613
[<ffffffff838c2c25>] entry_SYSCALL_64_fastpath+0x22/0x9e
Code: 00 00 00 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 f7 01 00 00 4d 8b a4
24 f0 00 00 00 49 8d bc 24 b0 01 00 00 48 89 f8 48 c1 e8 03 <80> 3c 18 00
0f 85 cc 01 00 00 4d 8b a4 24 b0 01 00 00 4c 89 e0
RIP [<ffffffff8251545d>] loop_validate_file+0x20d/0x400
drivers/block/loop.c:667
RSP <ffff8800b987fb70>
---[ end trace e06a10220708838e ]---
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches