[syzbot] KASAN: use-after-free Read in inc_rlimit_ucounts
33 views
Skip to first unread message
syzbot
Jul 8, 2021, 3:56:24 AM7/8/21
to ebie...@xmission.com, leg...@kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3dbdb38e Merge branch 'for-5.14' of git://git.kernel.org/p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=149ba2e2300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1700b0b2b41cd52c
dashboard link: https://syzkaller.appspot.com/bug?extid=6913b594227aa60e1925
compiler: Debian clang version 11.0.1-2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1108c6e2300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137c72e4300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6913b5...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in inc_rlimit_ucounts+0x7a/0x1f0 kernel/ucount.c:257
Read of size 8 at addr ffff888016f76f10 by task syz-executor031/8444
CPU: 1 PID: 8444 Comm: syz-executor031 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
print_address_description+0x66/0x3b0 mm/kasan/report.c:233
__kasan_report mm/kasan/report.c:419 [inline]
kasan_report+0x163/0x210 mm/kasan/report.c:436
inc_rlimit_ucounts+0x7a/0x1f0 kernel/ucount.c:257
__sigqueue_alloc+0x24c/0x540 kernel/signal.c:428
__send_signal+0x213/0xe50 kernel/signal.c:1116
force_sig_info_to_task+0x2a4/0x3f0 kernel/signal.c:1337
force_sig_fault_to_task kernel/signal.c:1676 [inline]
force_sig_fault+0x11e/0x1c0 kernel/signal.c:1683
__bad_area_nosemaphore+0x390/0x570 arch/x86/mm/fault.c:840
do_kern_addr_fault arch/x86/mm/fault.c:1200 [inline]
handle_page_fault arch/x86/mm/fault.c:1473 [inline]
exc_page_fault+0x153/0x1e0 arch/x86/mm/fault.c:1531
asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0033:0x401e38
Code: 4a 00 bf 08 cd 49 00 48 89 e5 e8 b3 d9 07 00 5d e9 5d ff ff ff 0f 1f 44 00 00 e9 53 ff ff ff 0f 1f 00 48 83 ec 08 48 8b 46 10 <64> 8b 14 25 c0 ff ff ff 48 2d 00 00 10 00 48 3d 00 00 30 06 76 1e
RSP: 002b:00007ffec8539b30 EFLAGS: 00010206
RAX: ffffffffffffffc0 RBX: 00000000004ac0f8 RCX: 0000000000000001
RDX: 00007ffec8539b40 RSI: 00007ffec8539c70 RDI: 000000000000000b
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000401e30
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000004ac018 R15: 0000000000400488
Allocated by task 8423:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
____kasan_kmalloc+0xc4/0xf0 mm/kasan/common.c:513
kasan_kmalloc include/linux/kasan.h:263 [inline]
kmem_cache_alloc_trace+0x96/0x340 mm/slub.c:2997
kmalloc include/linux/slab.h:591 [inline]
kzalloc include/linux/slab.h:721 [inline]
alloc_ucounts+0x176/0x420 kernel/ucount.c:169
set_cred_ucounts kernel/cred.c:684 [inline]
copy_creds+0xb3c/0xd70 kernel/cred.c:375
copy_process+0xbae/0x5b30 kernel/fork.c:1992
kernel_clone+0x21a/0x7d0 kernel/fork.c:2509
__do_sys_clone kernel/fork.c:2626 [inline]
__se_sys_clone kernel/fork.c:2610 [inline]
__x64_sys_clone+0x236/0x2b0 kernel/fork.c:2610
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Freed by task 8444:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track+0x3d/0x70 mm/kasan/common.c:46
kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
____kasan_slab_free+0x109/0x150 mm/kasan/common.c:366
kasan_slab_free include/linux/kasan.h:229 [inline]
slab_free_hook mm/slub.c:1639 [inline]
slab_free_freelist_hook+0x1d8/0x290 mm/slub.c:1664
slab_free mm/slub.c:3224 [inline]
kfree+0xcf/0x2d0 mm/slub.c:4268
__sigqueue_free kernel/signal.c:455 [inline]
dequeue_synchronous_signal kernel/signal.c:745 [inline]
get_signal+0xadf/0x20d0 kernel/signal.c:2676
arch_do_signal_or_restart+0x8e/0x6d0 arch/x86/kernel/signal.c:789
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
exit_to_user_mode_prepare+0x191/0x220 kernel/entry/common.c:209
irqentry_exit_to_user_mode+0x6/0x40 kernel/entry/common.c:315
exc_page_fault+0xe0/0x1e0 arch/x86/mm/fault.c:1534
asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
Last potentially related work creation:
kasan_save_stack+0x27/0x50 mm/kasan/common.c:38
kasan_record_aux_stack+0xee/0x120 mm/kasan/generic.c:348
insert_work+0x54/0x400 kernel/workqueue.c:1332
__queue_work+0x90e/0xc40 kernel/workqueue.c:1498
queue_work_on+0x111/0x200 kernel/workqueue.c:1525
queue_work include/linux/workqueue.h:507 [inline]
call_usermodehelper_exec+0x283/0x470 kernel/umh.c:435
kobject_uevent_env+0x1337/0x1700 lib/kobject_uevent.c:618
kobject_synth_uevent+0x3bf/0x900 lib/kobject_uevent.c:208
uevent_store+0x20/0x60 drivers/base/core.c:2370
kernfs_fop_write_iter+0x3b6/0x510 fs/kernfs/file.c:296
call_write_iter include/linux/fs.h:2114 [inline]
new_sync_write fs/read_write.c:518 [inline]
vfs_write+0xa39/0xc90 fs/read_write.c:605
ksys_write+0x171/0x2a0 fs/read_write.c:658
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Second to last potentially related work creation:
kasan_save_stack+0x27/0x50 mm/kasan/common.c:38
kasan_record_aux_stack+0xee/0x120 mm/kasan/generic.c:348
insert_work+0x54/0x400 kernel/workqueue.c:1332
__queue_work+0x90e/0xc40 kernel/workqueue.c:1498
queue_work_on+0x111/0x200 kernel/workqueue.c:1525
queue_work include/linux/workqueue.h:507 [inline]
call_usermodehelper_exec+0x283/0x470 kernel/umh.c:435
kobject_uevent_env+0x1337/0x1700 lib/kobject_uevent.c:618
kobject_synth_uevent+0x3bf/0x900 lib/kobject_uevent.c:208
uevent_store+0x47/0x70 drivers/base/bus.c:585
kernfs_fop_write_iter+0x3b6/0x510 fs/kernfs/file.c:296
call_write_iter include/linux/fs.h:2114 [inline]
new_sync_write fs/read_write.c:518 [inline]
vfs_write+0xa39/0xc90 fs/read_write.c:605
ksys_write+0x171/0x2a0 fs/read_write.c:658
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The buggy address belongs to the object at ffff888016f76f00
which belongs to the cache kmalloc-192 of size 192
The buggy address is located 16 bytes inside of
192-byte region [ffff888016f76f00, ffff888016f76fc0)
The buggy address belongs to the page:
page:ffffea00005bdd80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16f76
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000200 ffffea00005c6340 0000000a0000000a ffff888011841a00
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2541399091, free_ts 2456137529
prep_new_page mm/page_alloc.c:2445 [inline]
get_page_from_freelist+0x779/0xa30 mm/page_alloc.c:4178
__alloc_pages+0x26c/0x5f0 mm/page_alloc.c:5386
alloc_page_interleave+0x22/0x1c0 mm/mempolicy.c:2147
alloc_slab_page mm/slub.c:1702 [inline]
allocate_slab+0xf1/0x540 mm/slub.c:1842
new_slab mm/slub.c:1905 [inline]
new_slab_objects mm/slub.c:2651 [inline]
___slab_alloc+0x1cf/0x350 mm/slub.c:2814
__slab_alloc mm/slub.c:2854 [inline]
slab_alloc_node mm/slub.c:2936 [inline]
slab_alloc mm/slub.c:2978 [inline]
kmem_cache_alloc_trace+0x29d/0x340 mm/slub.c:2995
kmalloc include/linux/slab.h:591 [inline]
kzalloc include/linux/slab.h:721 [inline]
call_usermodehelper_setup+0x8a/0x260 kernel/umh.c:365
kobject_uevent_env+0x1311/0x1700 lib/kobject_uevent.c:614
kernel_add_sysfs_param+0x106/0x126 kernel/params.c:798
param_sysfs_builtin+0x145/0x1b9 kernel/params.c:833
param_sysfs_init+0x68/0x6c kernel/params.c:952
do_one_initcall+0x1a7/0x400 init/main.c:1246
do_initcall_level+0x14a/0x1f5 init/main.c:1319
do_initcalls+0x4b/0x8c init/main.c:1335
kernel_init_freeable+0x3f1/0x57e init/main.c:1557
kernel_init+0x19/0x2a0 init/main.c:1449
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1355 [inline]
free_pcp_prepare+0xc29/0xd20 mm/page_alloc.c:1406
free_unref_page_prepare mm/page_alloc.c:3341 [inline]
free_unref_page_list+0x118/0xad0 mm/page_alloc.c:3457
release_pages+0x18bb/0x1af0 mm/swap.c:972
tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
tlb_flush_mmu+0x780/0x910 mm/mmu_gather.c:249
tlb_finish_mmu+0xcb/0x200 mm/mmu_gather.c:340
exit_mmap+0x404/0x7a0 mm/mmap.c:3204
__mmput+0x111/0x370 kernel/fork.c:1101
free_bprm+0x136/0x2f0 fs/exec.c:1482
kernel_execve+0x740/0x9a0 fs/exec.c:1979
call_usermodehelper_exec_async+0x262/0x3b0 kernel/umh.c:112
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Memory state around the buggy address:
ffff888016f76e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888016f76e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888016f76f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888016f76f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffff888016f77000: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 3dbdb38e Merge branch 'for-5.14' of git://git.kernel.org/p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=149ba2e2300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1700b0b2b41cd52c
dashboard link: https://syzkaller.appspot.com/bug?extid=6913b594227aa60e1925
compiler: Debian clang version 11.0.1-2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1108c6e2300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137c72e4300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6913b5...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in inc_rlimit_ucounts+0x7a/0x1f0 kernel/ucount.c:257
Read of size 8 at addr ffff888016f76f10 by task syz-executor031/8444
CPU: 1 PID: 8444 Comm: syz-executor031 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
print_address_description+0x66/0x3b0 mm/kasan/report.c:233
__kasan_report mm/kasan/report.c:419 [inline]
kasan_report+0x163/0x210 mm/kasan/report.c:436
inc_rlimit_ucounts+0x7a/0x1f0 kernel/ucount.c:257
__sigqueue_alloc+0x24c/0x540 kernel/signal.c:428
__send_signal+0x213/0xe50 kernel/signal.c:1116
force_sig_info_to_task+0x2a4/0x3f0 kernel/signal.c:1337
force_sig_fault_to_task kernel/signal.c:1676 [inline]
force_sig_fault+0x11e/0x1c0 kernel/signal.c:1683
__bad_area_nosemaphore+0x390/0x570 arch/x86/mm/fault.c:840
do_kern_addr_fault arch/x86/mm/fault.c:1200 [inline]
handle_page_fault arch/x86/mm/fault.c:1473 [inline]
exc_page_fault+0x153/0x1e0 arch/x86/mm/fault.c:1531
asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0033:0x401e38
Code: 4a 00 bf 08 cd 49 00 48 89 e5 e8 b3 d9 07 00 5d e9 5d ff ff ff 0f 1f 44 00 00 e9 53 ff ff ff 0f 1f 00 48 83 ec 08 48 8b 46 10 <64> 8b 14 25 c0 ff ff ff 48 2d 00 00 10 00 48 3d 00 00 30 06 76 1e
RSP: 002b:00007ffec8539b30 EFLAGS: 00010206
RAX: ffffffffffffffc0 RBX: 00000000004ac0f8 RCX: 0000000000000001
RDX: 00007ffec8539b40 RSI: 00007ffec8539c70 RDI: 000000000000000b
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000401e30
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000004ac018 R15: 0000000000400488
Allocated by task 8423:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
____kasan_kmalloc+0xc4/0xf0 mm/kasan/common.c:513
kasan_kmalloc include/linux/kasan.h:263 [inline]
kmem_cache_alloc_trace+0x96/0x340 mm/slub.c:2997
kmalloc include/linux/slab.h:591 [inline]
kzalloc include/linux/slab.h:721 [inline]
alloc_ucounts+0x176/0x420 kernel/ucount.c:169
set_cred_ucounts kernel/cred.c:684 [inline]
copy_creds+0xb3c/0xd70 kernel/cred.c:375
copy_process+0xbae/0x5b30 kernel/fork.c:1992
kernel_clone+0x21a/0x7d0 kernel/fork.c:2509
__do_sys_clone kernel/fork.c:2626 [inline]
__se_sys_clone kernel/fork.c:2610 [inline]
__x64_sys_clone+0x236/0x2b0 kernel/fork.c:2610
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Freed by task 8444:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track+0x3d/0x70 mm/kasan/common.c:46
kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:360
____kasan_slab_free+0x109/0x150 mm/kasan/common.c:366
kasan_slab_free include/linux/kasan.h:229 [inline]
slab_free_hook mm/slub.c:1639 [inline]
slab_free_freelist_hook+0x1d8/0x290 mm/slub.c:1664
slab_free mm/slub.c:3224 [inline]
kfree+0xcf/0x2d0 mm/slub.c:4268
__sigqueue_free kernel/signal.c:455 [inline]
dequeue_synchronous_signal kernel/signal.c:745 [inline]
get_signal+0xadf/0x20d0 kernel/signal.c:2676
arch_do_signal_or_restart+0x8e/0x6d0 arch/x86/kernel/signal.c:789
handle_signal_work kernel/entry/common.c:148 [inline]
exit_to_user_mode_loop kernel/entry/common.c:172 [inline]
exit_to_user_mode_prepare+0x191/0x220 kernel/entry/common.c:209
irqentry_exit_to_user_mode+0x6/0x40 kernel/entry/common.c:315
exc_page_fault+0xe0/0x1e0 arch/x86/mm/fault.c:1534
asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
Last potentially related work creation:
kasan_save_stack+0x27/0x50 mm/kasan/common.c:38
kasan_record_aux_stack+0xee/0x120 mm/kasan/generic.c:348
insert_work+0x54/0x400 kernel/workqueue.c:1332
__queue_work+0x90e/0xc40 kernel/workqueue.c:1498
queue_work_on+0x111/0x200 kernel/workqueue.c:1525
queue_work include/linux/workqueue.h:507 [inline]
call_usermodehelper_exec+0x283/0x470 kernel/umh.c:435
kobject_uevent_env+0x1337/0x1700 lib/kobject_uevent.c:618
kobject_synth_uevent+0x3bf/0x900 lib/kobject_uevent.c:208
uevent_store+0x20/0x60 drivers/base/core.c:2370
kernfs_fop_write_iter+0x3b6/0x510 fs/kernfs/file.c:296
call_write_iter include/linux/fs.h:2114 [inline]
new_sync_write fs/read_write.c:518 [inline]
vfs_write+0xa39/0xc90 fs/read_write.c:605
ksys_write+0x171/0x2a0 fs/read_write.c:658
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Second to last potentially related work creation:
kasan_save_stack+0x27/0x50 mm/kasan/common.c:38
kasan_record_aux_stack+0xee/0x120 mm/kasan/generic.c:348
insert_work+0x54/0x400 kernel/workqueue.c:1332
__queue_work+0x90e/0xc40 kernel/workqueue.c:1498
queue_work_on+0x111/0x200 kernel/workqueue.c:1525
queue_work include/linux/workqueue.h:507 [inline]
call_usermodehelper_exec+0x283/0x470 kernel/umh.c:435
kobject_uevent_env+0x1337/0x1700 lib/kobject_uevent.c:618
kobject_synth_uevent+0x3bf/0x900 lib/kobject_uevent.c:208
uevent_store+0x47/0x70 drivers/base/bus.c:585
kernfs_fop_write_iter+0x3b6/0x510 fs/kernfs/file.c:296
call_write_iter include/linux/fs.h:2114 [inline]
new_sync_write fs/read_write.c:518 [inline]
vfs_write+0xa39/0xc90 fs/read_write.c:605
ksys_write+0x171/0x2a0 fs/read_write.c:658
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
The buggy address belongs to the object at ffff888016f76f00
which belongs to the cache kmalloc-192 of size 192
The buggy address is located 16 bytes inside of
192-byte region [ffff888016f76f00, ffff888016f76fc0)
The buggy address belongs to the page:
page:ffffea00005bdd80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16f76
flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000200 ffffea00005c6340 0000000a0000000a ffff888011841a00
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2541399091, free_ts 2456137529
prep_new_page mm/page_alloc.c:2445 [inline]
get_page_from_freelist+0x779/0xa30 mm/page_alloc.c:4178
__alloc_pages+0x26c/0x5f0 mm/page_alloc.c:5386
alloc_page_interleave+0x22/0x1c0 mm/mempolicy.c:2147
alloc_slab_page mm/slub.c:1702 [inline]
allocate_slab+0xf1/0x540 mm/slub.c:1842
new_slab mm/slub.c:1905 [inline]
new_slab_objects mm/slub.c:2651 [inline]
___slab_alloc+0x1cf/0x350 mm/slub.c:2814
__slab_alloc mm/slub.c:2854 [inline]
slab_alloc_node mm/slub.c:2936 [inline]
slab_alloc mm/slub.c:2978 [inline]
kmem_cache_alloc_trace+0x29d/0x340 mm/slub.c:2995
kmalloc include/linux/slab.h:591 [inline]
kzalloc include/linux/slab.h:721 [inline]
call_usermodehelper_setup+0x8a/0x260 kernel/umh.c:365
kobject_uevent_env+0x1311/0x1700 lib/kobject_uevent.c:614
kernel_add_sysfs_param+0x106/0x126 kernel/params.c:798
param_sysfs_builtin+0x145/0x1b9 kernel/params.c:833
param_sysfs_init+0x68/0x6c kernel/params.c:952
do_one_initcall+0x1a7/0x400 init/main.c:1246
do_initcall_level+0x14a/0x1f5 init/main.c:1319
do_initcalls+0x4b/0x8c init/main.c:1335
kernel_init_freeable+0x3f1/0x57e init/main.c:1557
kernel_init+0x19/0x2a0 init/main.c:1449
page last free stack trace:
reset_page_owner include/linux/page_owner.h:24 [inline]
free_pages_prepare mm/page_alloc.c:1355 [inline]
free_pcp_prepare+0xc29/0xd20 mm/page_alloc.c:1406
free_unref_page_prepare mm/page_alloc.c:3341 [inline]
free_unref_page_list+0x118/0xad0 mm/page_alloc.c:3457
release_pages+0x18bb/0x1af0 mm/swap.c:972
tlb_batch_pages_flush mm/mmu_gather.c:49 [inline]
tlb_flush_mmu_free mm/mmu_gather.c:242 [inline]
tlb_flush_mmu+0x780/0x910 mm/mmu_gather.c:249
tlb_finish_mmu+0xcb/0x200 mm/mmu_gather.c:340
exit_mmap+0x404/0x7a0 mm/mmap.c:3204
__mmput+0x111/0x370 kernel/fork.c:1101
free_bprm+0x136/0x2f0 fs/exec.c:1482
kernel_execve+0x740/0x9a0 fs/exec.c:1979
call_usermodehelper_exec_async+0x262/0x3b0 kernel/umh.c:112
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Memory state around the buggy address:
ffff888016f76e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff888016f76e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888016f76f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888016f76f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
ffff888016f77000: 00 00 00 00 00 00 00 00 fc fc fc fc 00 00 00 00
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Rajat Asthana
Jul 8, 2021, 4:27:40 AM7/8/21
to syzkaller-bugs
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
syzbot
Jul 8, 2021, 4:27:43 AM7/8/21
to Rajat Asthana, syzkall...@googlegroups.com, thisi...@gmail.com
> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
I see the command but can't find the corresponding bug.
Please resend the email to syzbo...@syzkaller.appspotmail.com address
that is the sender of the bug report (also present in the Reported-by tag).
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/88141f0b-8d55-435c-baea-b89a198cb115n%40googlegroups.com.
I see the command but can't find the corresponding bug.
Please resend the email to syzbo...@syzkaller.appspotmail.com address
that is the sender of the bug report (also present in the Reported-by tag).
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/88141f0b-8d55-435c-baea-b89a198cb115n%40googlegroups.com.
Rajat Asthana
Jul 8, 2021, 4:30:42 AM7/8/21
to syzkaller-bugs, syzbot+6913b5...@syzkaller.appspotmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
--
You received this message because you are subscribed to a topic in the Google Groups "syzkaller-bugs" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/syzkaller-bugs/sijsTijg7Ss/unsubscribe.
To unsubscribe from this group and all its topics, send an email to syzkaller-bug...@googlegroups.com.
syzbot
Jul 8, 2021, 2:47:07 PM7/8/21
to syzkall...@googlegroups.com, thisi...@gmail.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
re version 1.1.29
[ 11.439176][ T1] NET: Registered PF_ISDN protocol family
[ 11.441163][ T1] DSP module 2.0
[ 11.442139][ T1] mISDN_dsp: DSP clocks every 80 samples. This equals 1 jiffies.
[ 11.447773][ T1] mISDN: Layer-1-over-IP driver Rev. 2.00
[ 11.450772][ T1] 0 virtual devices registered
[ 11.454419][ T1] usbcore: registered new interface driver HFC-S_USB
[ 11.457728][ T1] intel_pstate: CPU model not supported
[ 11.458830][ T1] VUB300 Driver rom wait states = 1C irqpoll timeout = 0400
[ 11.460143][ T1] usbcore: registered new interface driver vub300
[ 11.464881][ T1] usbcore: registered new interface driver ushc
[ 11.471626][ T1] iscsi: registered transport (iser)
[ 11.473656][ T1] SoftiWARP attached
[ 11.474913][ T1] Driver 'framebuffer' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.477613][ T1] Driver 'memconsole' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.480124][ T1] Driver 'vpd' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.490063][ T1] hid: raw HID events driver (C) Jiri Kosina
[ 11.537674][ T1] usbcore: registered new interface driver usbhid
[ 11.539246][ T1] usbhid: USB HID core driver
[ 11.544268][ T1] usbcore: registered new interface driver es2_ap_driver
[ 11.545606][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 11.547056][ T1] usbcore: registered new interface driver dt9812
[ 11.548686][ T1] usbcore: registered new interface driver ni6501
[ 11.550299][ T1] usbcore: registered new interface driver usbdux
[ 11.553722][ T1] usbcore: registered new interface driver usbduxfast
[ 11.555130][ T1] usbcore: registered new interface driver usbduxsigma
[ 11.556986][ T1] usbcore: registered new interface driver vmk80xx
[ 11.558511][ T1] usbcore: registered new interface driver prism2_usb
[ 11.560800][ T1] usbcore: registered new interface driver r8712u
[ 11.564282][ T1] ashmem: initialized
[ 11.565497][ T1] greybus: registered new driver hid
[ 11.566599][ T1] greybus: registered new driver gbphy
[ 11.567633][ T1] gb_gbphy: registered new driver usb
[ 11.568690][ T1] asus_wmi: ASUS WMI generic driver loaded
[ 11.630433][ T1] usbcore: registered new interface driver snd-usb-audio
[ 11.635141][ T1] usbcore: registered new interface driver snd-ua101
[ 11.636895][ T1] usbcore: registered new interface driver snd-usb-usx2y
[ 11.638704][ T1] usbcore: registered new interface driver snd-usb-us122l
[ 11.642717][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 11.645118][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 11.647861][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 11.649588][ T1] usbcore: registered new interface driver snd-bcd2000
[ 11.652207][ T1] usbcore: registered new interface driver snd_usb_pod
[ 11.654568][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 11.656647][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 11.658281][ T1] usbcore: registered new interface driver snd_usb_variax
[ 11.659847][ T1] drop_monitor: Initializing network drop monitor service
[ 11.663054][ T1] NET: Registered PF_LLC protocol family
[ 11.664165][ T1] GACT probability on
[ 11.664936][ T1] Mirror/redirect action on
[ 11.665736][ T1] Simple TC action Loaded
[ 11.668694][ T1] netem: version 1.3
[ 11.670132][ T1] u32 classifier
[ 11.671493][ T1] Performance counters on
[ 11.672571][ T1] input device check on
[ 11.673665][ T1] Actions configured
[ 11.675532][ T1] nf_conntrack_irc: failed to register helpers
[ 11.678071][ T1] nf_conntrack_sane: failed to register helpers
[ 11.696571][ T1] nf_conntrack_sip: failed to register helpers
[ 11.700227][ T1] xt_time: kernel timezone is -0000
[ 11.701641][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 11.703570][ T1] IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
[ 11.705355][ T1] IPVS: ipvs loaded.
[ 11.705967][ T1] IPVS: [rr] scheduler registered.
[ 11.708662][ T1] IPVS: [wrr] scheduler registered.
[ 11.709457][ T1] IPVS: [lc] scheduler registered.
[ 11.710621][ T1] IPVS: [wlc] scheduler registered.
[ 11.712016][ T1] IPVS: [fo] scheduler registered.
[ 11.712916][ T1] IPVS: [ovf] scheduler registered.
[ 11.713815][ T1] IPVS: [lblc] scheduler registered.
[ 11.714828][ T1] IPVS: [lblcr] scheduler registered.
[ 11.715791][ T1] IPVS: [dh] scheduler registered.
[ 11.716732][ T1] IPVS: [sh] scheduler registered.
[ 11.717562][ T1] IPVS: [mh] scheduler registered.
[ 11.718875][ T1] IPVS: [sed] scheduler registered.
[ 11.720339][ T1] IPVS: [nq] scheduler registered.
[ 11.721961][ T1] IPVS: [twos] scheduler registered.
[ 11.722943][ T1] IPVS: [sip] pe registered.
[ 11.723799][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 11.726424][ T1] gre: GRE over IPv4 demultiplexor driver
[ 11.728121][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 11.734241][ T1] IPv4 over IPsec tunneling driver
[ 11.737695][ T1] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[ 11.739493][ T1] Initializing XFRM netlink socket
[ 11.740782][ T1] IPsec XFRM device driver
[ 11.743505][ T1] NET: Registered PF_INET6 protocol family
[ 11.754697][ T1] Segment Routing with IPv6
[ 11.755957][ T1] RPL Segment Routing with IPv6
[ 11.758139][ T1] mip6: Mobile IPv6
[ 11.763021][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 11.768222][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 11.771657][ T1] NET: Registered PF_PACKET protocol family
[ 11.773290][ T1] NET: Registered PF_KEY protocol family
[ 11.775914][ T1] Bridge firewalling registered
[ 11.777953][ T1] NET: Registered PF_X25 protocol family
[ 11.779456][ T1] X25: Linux Version 0.2
[ 11.805541][ T1] NET: Registered PF_NETROM protocol family
[ 11.838567][ T1] NET: Registered PF_ROSE protocol family
[ 11.840052][ T1] NET: Registered PF_AX25 protocol family
[ 11.842580][ T1] can: controller area network core
[ 11.844433][ T1] NET: Registered PF_CAN protocol family
[ 11.846326][ T1] can: raw protocol
[ 11.847655][ T1] can: broadcast manager protocol
[ 11.849756][ T1] can: netlink gateway - max_hops=1
[ 11.852702][ T1] can: SAE J1939
[ 11.854507][ T1] can: isotp protocol
[ 11.856374][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 11.858012][ T1] Bluetooth: RFCOMM socket layer initialized
[ 11.862802][ T1] Bluetooth: RFCOMM ver 1.11
[ 11.867701][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 11.875423][ T1] Bluetooth: BNEP filters: protocol multicast
[ 11.882706][ T1] Bluetooth: BNEP socket layer initialized
[ 11.888808][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 11.895572][ T1] Bluetooth: CMTP socket layer initialized
[ 11.902330][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 11.909823][ T1] Bluetooth: HIDP socket layer initialized
[ 11.918494][ T1] NET: Registered PF_RXRPC protocol family
[ 11.924552][ T1] Key type rxrpc registered
[ 11.929080][ T1] Key type rxrpc_s registered
[ 11.935023][ T1] NET: Registered PF_KCM protocol family
[ 11.941878][ T1] lec:lane_module_init: lec.c: initialized
[ 11.947775][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 11.953977][ T1] l2tp_core: L2TP core driver, V2.0
[ 11.959496][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 11.965498][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 11.972640][ T1] l2tp_netlink: L2TP netlink interface
[ 11.978395][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 11.985554][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 11.993494][ T1] NET: Registered PF_PHONET protocol family
[ 11.999834][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 12.015412][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 12.021681][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 12.032112][ T1] sctp: Hash tables configured (bind 32/56)
[ 12.039790][ T1] NET: Registered PF_RDS protocol family
[ 12.046439][ T1] Registered RDS/infiniband transport
[ 12.053358][ T1] Registered RDS/tcp transport
[ 12.058493][ T1] tipc: Activated (version 2.0.0)
[ 12.064064][ T1] NET: Registered PF_TIPC protocol family
[ 12.070119][ T1] tipc: Started in single node mode
[ 12.076067][ T1] NET: Registered PF_SMC protocol family
[ 12.082657][ T1] 9pnet: Installing 9P2000 support
[ 12.088226][ T1] NET: Registered PF_CAIF protocol family
[ 12.100064][ T1] NET: Registered PF_IEEE802154 protocol family
[ 12.106973][ T1] Key type dns_resolver registered
[ 12.112221][ T1] Key type ceph registered
[ 12.117543][ T1] libceph: loaded (mon/osd proto 15/24)
[ 12.125311][ T1] batman_adv: B.A.T.M.A.N. advanced 2021.2 (compatibility version 15) loaded
[ 12.134873][ T1] openvswitch: Open vSwitch switching datapath
[ 12.142872][ T1] NET: Registered PF_VSOCK protocol family
[ 12.149746][ T1] mpls_gso: MPLS GSO support
[ 12.160093][ T1] IPI shorthand broadcast: enabled
[ 12.165916][ T1] AVX2 version of gcm_enc/dec engaged.
[ 12.171890][ T1] AES CTR mode by8 optimization enabled
[ 12.181654][ T1] sched_clock: Marking stable (12138196942, 43357589)->(12184077381, -2522850)
[ 12.192841][ T1] registered taskstats version 1
[ 12.202825][ T1] Loading compiled-in X.509 certificates
[ 12.210331][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 12.223942][ T1] zswap: loaded using pool lzo/zbud
[ 12.230600][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 12.241877][ T1] Key type ._fscrypt registered
[ 12.246901][ T1] Key type .fscrypt registered
[ 12.251711][ T1] Key type fscrypt-provisioning registered
[ 12.261552][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 12.268153][ T1] FS-Cache: Netfs 'afs' registered for caching
[ 12.282050][ T1] Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes
[ 12.290309][ T1] Key type big_key registered
[ 12.298396][ T1] Key type encrypted registered
[ 12.304084][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 12.312140][ T1] Loading compiled-in module X.509 certificates
[ 12.319618][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 12.331438][ T1] ima: Allocated hash algorithm: sha256
[ 12.337248][ T1] ima: No architecture policies found
[ 12.343028][ T1] evm: Initialising EVM extended attributes:
[ 12.348992][ T1] evm: security.selinux (disabled)
[ 12.355507][ T1] evm: security.SMACK64
[ 12.360329][ T1] evm: security.SMACK64EXEC
[ 12.366139][ T1] evm: security.SMACK64TRANSMUTE
[ 12.371610][ T1] evm: security.SMACK64MMAP
[ 12.376116][ T1] evm: security.apparmor (disabled)
[ 12.381432][ T1] evm: security.ima
[ 12.385405][ T1] evm: security.capability
[ 12.389893][ T1] evm: HMAC attrs: 0x1
[ 12.395486][ T1] PM: Magic number: 13:98:645
[ 12.401259][ T1] tty ptyda: hash matches
[ 12.406873][ T1] printk: console [netcon0] enabled
[ 12.412247][ T1] netconsole: network logging started
[ 12.418240][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 12.426196][ T1] rdma_rxe: loaded
[ 12.430333][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 12.441256][ T1] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 12.450319][ T20] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 12.451184][ T1] ALSA device list:
[ 12.459923][ T20] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 12.463739][ T1] #0: Dummy 1
[ 12.477400][ T1] #1: Loopback 1
[ 12.482136][ T1] #2: Virtual MIDI Card 1
[ 12.488601][ T1] md: Waiting for all devices to be available before autodetect
[ 12.497861][ T1] md: If you don't use raid, use raid=noautodetect
[ 12.505901][ T1] md: Autodetecting RAID arrays.
[ 12.511533][ T1] md: autorun ...
[ 12.515287][ T1] md: ... autorun DONE.
[ 12.522133][ T1] VFS: Cannot open root device "sda1" or unknown-block(0,0): error -6
[ 12.530981][ T1] Please append a correct "root=" boot option; here are the available partitions:
[ 12.540641][ T1] 0100 4096 ram0
[ 12.540651][ T1] (driver?)
[ 12.548650][ T1] 0101 4096 ram1
[ 12.548661][ T1] (driver?)
[ 12.556821][ T1] 0102 4096 ram2
[ 12.556833][ T1] (driver?)
[ 12.565321][ T1] 0103 4096 ram3
[ 12.565332][ T1] (driver?)
[ 12.573361][ T1] 0104 4096 ram4
[ 12.573371][ T1] (driver?)
[ 12.581847][ T1] 0105 4096 ram5
[ 12.581857][ T1] (driver?)
[ 12.589983][ T1] 0106 4096 ram6
[ 12.589994][ T1] (driver?)
[ 12.598018][ T1] 0107 4096 ram7
[ 12.598028][ T1] (driver?)
[ 12.605950][ T1] 0108 4096 ram8
[ 12.605961][ T1] (driver?)
[ 12.614112][ T1] 0109 4096 ram9
[ 12.614123][ T1] (driver?)
[ 12.622681][ T1] 010a 4096 ram10
[ 12.622692][ T1] (driver?)
[ 12.630728][ T1] 010b 4096 ram11
[ 12.630741][ T1] (driver?)
[ 12.639420][ T1] 010c 4096 ram12
[ 12.639431][ T1] (driver?)
[ 12.647516][ T1] 010d 4096 ram13
[ 12.647525][ T1] (driver?)
[ 12.655502][ T1] 010e 4096 ram14
[ 12.655510][ T1] (driver?)
[ 12.663531][ T1] 010f 4096 ram15
[ 12.663540][ T1] (driver?)
[ 12.671764][ T1] 1f00 128 mtdblock0
[ 12.671774][ T1] (driver?)
[ 12.680435][ T1] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 12.689679][ T1] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 5.13.0-syzkaller #0
[ 12.699254][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 12.709330][ T1] Call Trace:
[ 12.712599][ T1] dump_stack_lvl+0x1ae/0x29f
[ 12.717375][ T1] ? show_regs_print_info+0x12/0x12
[ 12.722661][ T1] ? vsnprintf+0x19e/0x1d60
[ 12.727284][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 12.733002][ T1] ? printk_all_partitions+0x6ea/0x73d
[ 12.738450][ T1] panic+0x2e1/0x850
[ 12.742444][ T1] ? trace_hardirqs_on+0x30/0x80
[ 12.747601][ T1] ? nmi_panic+0x90/0x90
[ 12.751837][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 12.757834][ T1] ? _raw_read_unlock+0x24/0x40
[ 12.762669][ T1] ? get_filesystem_list+0x11e/0x12c
[ 12.768199][ T1] ? do_mount_root+0x164/0x3c3
[ 12.773261][ T1] mount_block_root+0x3ab/0x4f5
[ 12.778303][ T1] ? root_delay_setup+0x22/0x22
[ 12.783328][ T1] ? memcpy+0x3c/0x60
[ 12.787394][ T1] prepare_namespace+0x1f3/0x22d
[ 12.792393][ T1] kernel_init_freeable+0x432/0x57e
[ 12.797773][ T1] ? report_meminit+0x64/0x64
[ 12.802552][ T1] ? _raw_spin_lock_irq+0xba/0xf0
[ 12.808054][ T1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 12.813476][ T1] ? lockdep_hardirqs_on+0x8d/0x130
[ 12.819053][ T1] ? rest_init+0x2e0/0x2e0
[ 12.823572][ T1] kernel_init+0x19/0x2a0
[ 12.828153][ T1] ? rest_init+0x2e0/0x2e0
[ 12.832655][ T1] ret_from_fork+0x1f/0x30
[ 12.839008][ T1] Kernel Offset: disabled
[ 12.843346][ T1] Rebooting in 86400 seconds..
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=16c5aee4300000
Tested on:
commit: e9f1cbc0 Merge tag 'acpi-5.14-rc1-2' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=12f149e2d330f9f8
syzbot tried to test the proposed patch but the build/boot failed:
re version 1.1.29
[ 11.439176][ T1] NET: Registered PF_ISDN protocol family
[ 11.441163][ T1] DSP module 2.0
[ 11.442139][ T1] mISDN_dsp: DSP clocks every 80 samples. This equals 1 jiffies.
[ 11.447773][ T1] mISDN: Layer-1-over-IP driver Rev. 2.00
[ 11.450772][ T1] 0 virtual devices registered
[ 11.454419][ T1] usbcore: registered new interface driver HFC-S_USB
[ 11.457728][ T1] intel_pstate: CPU model not supported
[ 11.458830][ T1] VUB300 Driver rom wait states = 1C irqpoll timeout = 0400
[ 11.460143][ T1] usbcore: registered new interface driver vub300
[ 11.464881][ T1] usbcore: registered new interface driver ushc
[ 11.471626][ T1] iscsi: registered transport (iser)
[ 11.473656][ T1] SoftiWARP attached
[ 11.474913][ T1] Driver 'framebuffer' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.477613][ T1] Driver 'memconsole' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.480124][ T1] Driver 'vpd' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.490063][ T1] hid: raw HID events driver (C) Jiri Kosina
[ 11.537674][ T1] usbcore: registered new interface driver usbhid
[ 11.539246][ T1] usbhid: USB HID core driver
[ 11.544268][ T1] usbcore: registered new interface driver es2_ap_driver
[ 11.545606][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 11.547056][ T1] usbcore: registered new interface driver dt9812
[ 11.548686][ T1] usbcore: registered new interface driver ni6501
[ 11.550299][ T1] usbcore: registered new interface driver usbdux
[ 11.553722][ T1] usbcore: registered new interface driver usbduxfast
[ 11.555130][ T1] usbcore: registered new interface driver usbduxsigma
[ 11.556986][ T1] usbcore: registered new interface driver vmk80xx
[ 11.558511][ T1] usbcore: registered new interface driver prism2_usb
[ 11.560800][ T1] usbcore: registered new interface driver r8712u
[ 11.564282][ T1] ashmem: initialized
[ 11.565497][ T1] greybus: registered new driver hid
[ 11.566599][ T1] greybus: registered new driver gbphy
[ 11.567633][ T1] gb_gbphy: registered new driver usb
[ 11.568690][ T1] asus_wmi: ASUS WMI generic driver loaded
[ 11.630433][ T1] usbcore: registered new interface driver snd-usb-audio
[ 11.635141][ T1] usbcore: registered new interface driver snd-ua101
[ 11.636895][ T1] usbcore: registered new interface driver snd-usb-usx2y
[ 11.638704][ T1] usbcore: registered new interface driver snd-usb-us122l
[ 11.642717][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 11.645118][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 11.647861][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 11.649588][ T1] usbcore: registered new interface driver snd-bcd2000
[ 11.652207][ T1] usbcore: registered new interface driver snd_usb_pod
[ 11.654568][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 11.656647][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 11.658281][ T1] usbcore: registered new interface driver snd_usb_variax
[ 11.659847][ T1] drop_monitor: Initializing network drop monitor service
[ 11.663054][ T1] NET: Registered PF_LLC protocol family
[ 11.664165][ T1] GACT probability on
[ 11.664936][ T1] Mirror/redirect action on
[ 11.665736][ T1] Simple TC action Loaded
[ 11.668694][ T1] netem: version 1.3
[ 11.670132][ T1] u32 classifier
[ 11.671493][ T1] Performance counters on
[ 11.672571][ T1] input device check on
[ 11.673665][ T1] Actions configured
[ 11.675532][ T1] nf_conntrack_irc: failed to register helpers
[ 11.678071][ T1] nf_conntrack_sane: failed to register helpers
[ 11.696571][ T1] nf_conntrack_sip: failed to register helpers
[ 11.700227][ T1] xt_time: kernel timezone is -0000
[ 11.701641][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 11.703570][ T1] IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
[ 11.705355][ T1] IPVS: ipvs loaded.
[ 11.705967][ T1] IPVS: [rr] scheduler registered.
[ 11.708662][ T1] IPVS: [wrr] scheduler registered.
[ 11.709457][ T1] IPVS: [lc] scheduler registered.
[ 11.710621][ T1] IPVS: [wlc] scheduler registered.
[ 11.712016][ T1] IPVS: [fo] scheduler registered.
[ 11.712916][ T1] IPVS: [ovf] scheduler registered.
[ 11.713815][ T1] IPVS: [lblc] scheduler registered.
[ 11.714828][ T1] IPVS: [lblcr] scheduler registered.
[ 11.715791][ T1] IPVS: [dh] scheduler registered.
[ 11.716732][ T1] IPVS: [sh] scheduler registered.
[ 11.717562][ T1] IPVS: [mh] scheduler registered.
[ 11.718875][ T1] IPVS: [sed] scheduler registered.
[ 11.720339][ T1] IPVS: [nq] scheduler registered.
[ 11.721961][ T1] IPVS: [twos] scheduler registered.
[ 11.722943][ T1] IPVS: [sip] pe registered.
[ 11.723799][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 11.726424][ T1] gre: GRE over IPv4 demultiplexor driver
[ 11.728121][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 11.734241][ T1] IPv4 over IPsec tunneling driver
[ 11.737695][ T1] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[ 11.739493][ T1] Initializing XFRM netlink socket
[ 11.740782][ T1] IPsec XFRM device driver
[ 11.743505][ T1] NET: Registered PF_INET6 protocol family
[ 11.754697][ T1] Segment Routing with IPv6
[ 11.755957][ T1] RPL Segment Routing with IPv6
[ 11.758139][ T1] mip6: Mobile IPv6
[ 11.763021][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 11.768222][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 11.771657][ T1] NET: Registered PF_PACKET protocol family
[ 11.773290][ T1] NET: Registered PF_KEY protocol family
[ 11.775914][ T1] Bridge firewalling registered
[ 11.777953][ T1] NET: Registered PF_X25 protocol family
[ 11.779456][ T1] X25: Linux Version 0.2
[ 11.805541][ T1] NET: Registered PF_NETROM protocol family
[ 11.838567][ T1] NET: Registered PF_ROSE protocol family
[ 11.840052][ T1] NET: Registered PF_AX25 protocol family
[ 11.842580][ T1] can: controller area network core
[ 11.844433][ T1] NET: Registered PF_CAN protocol family
[ 11.846326][ T1] can: raw protocol
[ 11.847655][ T1] can: broadcast manager protocol
[ 11.849756][ T1] can: netlink gateway - max_hops=1
[ 11.852702][ T1] can: SAE J1939
[ 11.854507][ T1] can: isotp protocol
[ 11.856374][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 11.858012][ T1] Bluetooth: RFCOMM socket layer initialized
[ 11.862802][ T1] Bluetooth: RFCOMM ver 1.11
[ 11.867701][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 11.875423][ T1] Bluetooth: BNEP filters: protocol multicast
[ 11.882706][ T1] Bluetooth: BNEP socket layer initialized
[ 11.888808][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 11.895572][ T1] Bluetooth: CMTP socket layer initialized
[ 11.902330][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 11.909823][ T1] Bluetooth: HIDP socket layer initialized
[ 11.918494][ T1] NET: Registered PF_RXRPC protocol family
[ 11.924552][ T1] Key type rxrpc registered
[ 11.929080][ T1] Key type rxrpc_s registered
[ 11.935023][ T1] NET: Registered PF_KCM protocol family
[ 11.941878][ T1] lec:lane_module_init: lec.c: initialized
[ 11.947775][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 11.953977][ T1] l2tp_core: L2TP core driver, V2.0
[ 11.959496][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 11.965498][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 11.972640][ T1] l2tp_netlink: L2TP netlink interface
[ 11.978395][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 11.985554][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 11.993494][ T1] NET: Registered PF_PHONET protocol family
[ 11.999834][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 12.015412][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 12.021681][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 12.032112][ T1] sctp: Hash tables configured (bind 32/56)
[ 12.039790][ T1] NET: Registered PF_RDS protocol family
[ 12.046439][ T1] Registered RDS/infiniband transport
[ 12.053358][ T1] Registered RDS/tcp transport
[ 12.058493][ T1] tipc: Activated (version 2.0.0)
[ 12.064064][ T1] NET: Registered PF_TIPC protocol family
[ 12.070119][ T1] tipc: Started in single node mode
[ 12.076067][ T1] NET: Registered PF_SMC protocol family
[ 12.082657][ T1] 9pnet: Installing 9P2000 support
[ 12.088226][ T1] NET: Registered PF_CAIF protocol family
[ 12.100064][ T1] NET: Registered PF_IEEE802154 protocol family
[ 12.106973][ T1] Key type dns_resolver registered
[ 12.112221][ T1] Key type ceph registered
[ 12.117543][ T1] libceph: loaded (mon/osd proto 15/24)
[ 12.125311][ T1] batman_adv: B.A.T.M.A.N. advanced 2021.2 (compatibility version 15) loaded
[ 12.134873][ T1] openvswitch: Open vSwitch switching datapath
[ 12.142872][ T1] NET: Registered PF_VSOCK protocol family
[ 12.149746][ T1] mpls_gso: MPLS GSO support
[ 12.160093][ T1] IPI shorthand broadcast: enabled
[ 12.165916][ T1] AVX2 version of gcm_enc/dec engaged.
[ 12.171890][ T1] AES CTR mode by8 optimization enabled
[ 12.181654][ T1] sched_clock: Marking stable (12138196942, 43357589)->(12184077381, -2522850)
[ 12.192841][ T1] registered taskstats version 1
[ 12.202825][ T1] Loading compiled-in X.509 certificates
[ 12.210331][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 12.223942][ T1] zswap: loaded using pool lzo/zbud
[ 12.230600][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 12.241877][ T1] Key type ._fscrypt registered
[ 12.246901][ T1] Key type .fscrypt registered
[ 12.251711][ T1] Key type fscrypt-provisioning registered
[ 12.261552][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 12.268153][ T1] FS-Cache: Netfs 'afs' registered for caching
[ 12.282050][ T1] Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes
[ 12.290309][ T1] Key type big_key registered
[ 12.298396][ T1] Key type encrypted registered
[ 12.304084][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 12.312140][ T1] Loading compiled-in module X.509 certificates
[ 12.319618][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 12.331438][ T1] ima: Allocated hash algorithm: sha256
[ 12.337248][ T1] ima: No architecture policies found
[ 12.343028][ T1] evm: Initialising EVM extended attributes:
[ 12.348992][ T1] evm: security.selinux (disabled)
[ 12.355507][ T1] evm: security.SMACK64
[ 12.360329][ T1] evm: security.SMACK64EXEC
[ 12.366139][ T1] evm: security.SMACK64TRANSMUTE
[ 12.371610][ T1] evm: security.SMACK64MMAP
[ 12.376116][ T1] evm: security.apparmor (disabled)
[ 12.381432][ T1] evm: security.ima
[ 12.385405][ T1] evm: security.capability
[ 12.389893][ T1] evm: HMAC attrs: 0x1
[ 12.395486][ T1] PM: Magic number: 13:98:645
[ 12.401259][ T1] tty ptyda: hash matches
[ 12.406873][ T1] printk: console [netcon0] enabled
[ 12.412247][ T1] netconsole: network logging started
[ 12.418240][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 12.426196][ T1] rdma_rxe: loaded
[ 12.430333][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 12.441256][ T1] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 12.450319][ T20] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 12.451184][ T1] ALSA device list:
[ 12.459923][ T20] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 12.463739][ T1] #0: Dummy 1
[ 12.477400][ T1] #1: Loopback 1
[ 12.482136][ T1] #2: Virtual MIDI Card 1
[ 12.488601][ T1] md: Waiting for all devices to be available before autodetect
[ 12.497861][ T1] md: If you don't use raid, use raid=noautodetect
[ 12.505901][ T1] md: Autodetecting RAID arrays.
[ 12.511533][ T1] md: autorun ...
[ 12.515287][ T1] md: ... autorun DONE.
[ 12.522133][ T1] VFS: Cannot open root device "sda1" or unknown-block(0,0): error -6
[ 12.530981][ T1] Please append a correct "root=" boot option; here are the available partitions:
[ 12.540641][ T1] 0100 4096 ram0
[ 12.540651][ T1] (driver?)
[ 12.548650][ T1] 0101 4096 ram1
[ 12.548661][ T1] (driver?)
[ 12.556821][ T1] 0102 4096 ram2
[ 12.556833][ T1] (driver?)
[ 12.565321][ T1] 0103 4096 ram3
[ 12.565332][ T1] (driver?)
[ 12.573361][ T1] 0104 4096 ram4
[ 12.573371][ T1] (driver?)
[ 12.581847][ T1] 0105 4096 ram5
[ 12.581857][ T1] (driver?)
[ 12.589983][ T1] 0106 4096 ram6
[ 12.589994][ T1] (driver?)
[ 12.598018][ T1] 0107 4096 ram7
[ 12.598028][ T1] (driver?)
[ 12.605950][ T1] 0108 4096 ram8
[ 12.605961][ T1] (driver?)
[ 12.614112][ T1] 0109 4096 ram9
[ 12.614123][ T1] (driver?)
[ 12.622681][ T1] 010a 4096 ram10
[ 12.622692][ T1] (driver?)
[ 12.630728][ T1] 010b 4096 ram11
[ 12.630741][ T1] (driver?)
[ 12.639420][ T1] 010c 4096 ram12
[ 12.639431][ T1] (driver?)
[ 12.647516][ T1] 010d 4096 ram13
[ 12.647525][ T1] (driver?)
[ 12.655502][ T1] 010e 4096 ram14
[ 12.655510][ T1] (driver?)
[ 12.663531][ T1] 010f 4096 ram15
[ 12.663540][ T1] (driver?)
[ 12.671764][ T1] 1f00 128 mtdblock0
[ 12.671774][ T1] (driver?)
[ 12.680435][ T1] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 12.689679][ T1] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 5.13.0-syzkaller #0
[ 12.699254][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 12.709330][ T1] Call Trace:
[ 12.712599][ T1] dump_stack_lvl+0x1ae/0x29f
[ 12.717375][ T1] ? show_regs_print_info+0x12/0x12
[ 12.722661][ T1] ? vsnprintf+0x19e/0x1d60
[ 12.727284][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 12.733002][ T1] ? printk_all_partitions+0x6ea/0x73d
[ 12.738450][ T1] panic+0x2e1/0x850
[ 12.742444][ T1] ? trace_hardirqs_on+0x30/0x80
[ 12.747601][ T1] ? nmi_panic+0x90/0x90
[ 12.751837][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 12.757834][ T1] ? _raw_read_unlock+0x24/0x40
[ 12.762669][ T1] ? get_filesystem_list+0x11e/0x12c
[ 12.768199][ T1] ? do_mount_root+0x164/0x3c3
[ 12.773261][ T1] mount_block_root+0x3ab/0x4f5
[ 12.778303][ T1] ? root_delay_setup+0x22/0x22
[ 12.783328][ T1] ? memcpy+0x3c/0x60
[ 12.787394][ T1] prepare_namespace+0x1f3/0x22d
[ 12.792393][ T1] kernel_init_freeable+0x432/0x57e
[ 12.797773][ T1] ? report_meminit+0x64/0x64
[ 12.802552][ T1] ? _raw_spin_lock_irq+0xba/0xf0
[ 12.808054][ T1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 12.813476][ T1] ? lockdep_hardirqs_on+0x8d/0x130
[ 12.819053][ T1] ? rest_init+0x2e0/0x2e0
[ 12.823572][ T1] kernel_init+0x19/0x2a0
[ 12.828153][ T1] ? rest_init+0x2e0/0x2e0
[ 12.832655][ T1] ret_from_fork+0x1f/0x30
[ 12.839008][ T1] Kernel Offset: disabled
[ 12.843346][ T1] Rebooting in 86400 seconds..
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=16c5aee4300000
Tested on:
commit: e9f1cbc0 Merge tag 'acpi-5.14-rc1-2' of git://git.kernel.o..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=12f149e2d330f9f8
syzbot
Oct 1, 2022, 4:44:35 PM10/1/22
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages