kernel BUG at mm/filemap.c:LINE!
15 views
Skip to first unread message
syzbot
Apr 11, 2019, 4:44:32 AM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 3702e76f goldfish: pipe: ANDROID: Add DMA support
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=168c1157800000
kernel config: https://syzkaller.appspot.com/x/.config?x=d85a409f99813739
dashboard link: https://syzkaller.appspot.com/bug?extid=2c9d964e89e2907be129
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13a077f7800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10fb8e97800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2c9d96...@syzkaller.appspotmail.com
random: nonblocking pool is initialized
page:ffffea00071a8000 count:2 mapcount:0 mapping: (null) index:0x0
flags: 0x8000000000004004(referenced|head)
page dumped because: VM_BUG_ON_PAGE(!PageLocked(page))
------------[ cut here ]------------
kernel BUG at mm/filemap.c:819!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3841 Comm: syz-executor583 Not tainted 4.4.131-g3702e76 #38
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8800ac074800 task.stack: ffff8800bb8e0000
RIP: 0010:[<ffffffff8141de15>] [<ffffffff8141de15>]
unlock_page+0x115/0x150 mm/filemap.c:819
RSP: 0018:ffff8800bb8e77d8 EFLAGS: 00010293
RAX: ffffffff83a6e7c0 RBX: ffffea00071a8000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81513249 RDI: ffff8800ac0750dc
RBP: ffff8800bb8e77f8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff8800bb8e7aa8 R14: ffffea00071a9480 R15: ffffea00071a8008
FS: 00007fe177dfb700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000204a4ff0 CR3: 00000000ae4a8000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffea00071a8000 dffffc0000000000 ffff8800bb8e7aa8 ffffea00071a9480
ffff8800bb8e78e0 ffffffff812cc1bc 0000000000000001 ffff8800bb8e7890
0000000000000046 ffff8800b093d400 00000000ac0750d8 ffff8800bb8e7ab8
Call Trace:
[<ffffffff812cc1bc>] get_futex_key+0xadc/0xd80 kernel/futex.c:598
[<ffffffff812cc999>] futex_wait_setup+0xd9/0x330 kernel/futex.c:2336
[<ffffffff812cce9f>] futex_wait+0x2af/0x600 kernel/futex.c:2399
[<ffffffff812d07b2>] do_futex+0x2a2/0x1770 kernel/futex.c:3186
[<ffffffff812d1e70>] SYSC_futex kernel/futex.c:3246 [inline]
[<ffffffff812d1e70>] SyS_futex+0x1f0/0x300 kernel/futex.c:3214
[<ffffffff838bfd65>] entry_SYSCALL_64_fastpath+0x22/0x9e
Code: e8 48 8d 04 c0 49 8d 3c c6 e8 48 c0 df ff 5b 41 5c 41 5d 41 5e 5d c3
e8 da 33 f3 ff 48 c7 c6 60 aa a9 83 48 89 df e8 4b eb 06 00 <0f> 0b 48 89
df e8 f1 b1 0d 00 e9 0a ff ff ff e8 e7 b1 0d 00 e9
RIP [<ffffffff8141de15>] unlock_page+0x115/0x150 mm/filemap.c:819
RSP <ffff8800bb8e77d8>
---[ end trace 7ede212255b20a51 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 3702e76f goldfish: pipe: ANDROID: Add DMA support
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=168c1157800000
kernel config: https://syzkaller.appspot.com/x/.config?x=d85a409f99813739
dashboard link: https://syzkaller.appspot.com/bug?extid=2c9d964e89e2907be129
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13a077f7800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10fb8e97800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2c9d96...@syzkaller.appspotmail.com
random: nonblocking pool is initialized
page:ffffea00071a8000 count:2 mapcount:0 mapping: (null) index:0x0
flags: 0x8000000000004004(referenced|head)
page dumped because: VM_BUG_ON_PAGE(!PageLocked(page))
------------[ cut here ]------------
kernel BUG at mm/filemap.c:819!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3841 Comm: syz-executor583 Not tainted 4.4.131-g3702e76 #38
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8800ac074800 task.stack: ffff8800bb8e0000
RIP: 0010:[<ffffffff8141de15>] [<ffffffff8141de15>]
unlock_page+0x115/0x150 mm/filemap.c:819
RSP: 0018:ffff8800bb8e77d8 EFLAGS: 00010293
RAX: ffffffff83a6e7c0 RBX: ffffea00071a8000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81513249 RDI: ffff8800ac0750dc
RBP: ffff8800bb8e77f8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
R13: ffff8800bb8e7aa8 R14: ffffea00071a9480 R15: ffffea00071a8008
FS: 00007fe177dfb700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000204a4ff0 CR3: 00000000ae4a8000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffea00071a8000 dffffc0000000000 ffff8800bb8e7aa8 ffffea00071a9480
ffff8800bb8e78e0 ffffffff812cc1bc 0000000000000001 ffff8800bb8e7890
0000000000000046 ffff8800b093d400 00000000ac0750d8 ffff8800bb8e7ab8
Call Trace:
[<ffffffff812cc1bc>] get_futex_key+0xadc/0xd80 kernel/futex.c:598
[<ffffffff812cc999>] futex_wait_setup+0xd9/0x330 kernel/futex.c:2336
[<ffffffff812cce9f>] futex_wait+0x2af/0x600 kernel/futex.c:2399
[<ffffffff812d07b2>] do_futex+0x2a2/0x1770 kernel/futex.c:3186
[<ffffffff812d1e70>] SYSC_futex kernel/futex.c:3246 [inline]
[<ffffffff812d1e70>] SyS_futex+0x1f0/0x300 kernel/futex.c:3214
[<ffffffff838bfd65>] entry_SYSCALL_64_fastpath+0x22/0x9e
Code: e8 48 8d 04 c0 49 8d 3c c6 e8 48 c0 df ff 5b 41 5c 41 5d 41 5e 5d c3
e8 da 33 f3 ff 48 c7 c6 60 aa a9 83 48 89 df e8 4b eb 06 00 <0f> 0b 48 89
df e8 f1 b1 0d 00 e9 0a ff ff ff e8 e7 b1 0d 00 e9
RIP [<ffffffff8141de15>] unlock_page+0x115/0x150 mm/filemap.c:819
RSP <ffff8800bb8e77d8>
---[ end trace 7ede212255b20a51 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages