Hello,
syzbot found the following crash on:
HEAD commit: a41ba30d Linux 4.14.181
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=113d069a100000
kernel config:
https://syzkaller.appspot.com/x/.config?x=c5458e9cda81cf95
dashboard link:
https://syzkaller.appspot.com/bug?extid=a36286c38cd8ead29be5
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+a36286...@syzkaller.appspotmail.com
WARNING: can't dereference registers at ffff88808bf25928 for ip common_interrupt+0x93/0x93 arch/x86/entry/entry_64.S:576
audit: type=1800 audit(1590490005.805:72): pid=29816 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=15779 res=0
audit: type=1800 audit(1590490006.065:73): pid=29846 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=15779 res=0
netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
hub 9-0:1.0: USB hub found
hub 9-0:1.0: 8 ports detected
netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
audit: type=1800 audit(1590490006.675:74): pid=29887 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=16408 res=0
audit: type=1800 audit(1590490006.805:75): pid=29898 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=16408 res=0
audit: type=1800 audit(1590490006.885:76): pid=29901 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=16400 res=0
audit: type=1800 audit(1590490007.045:77): pid=29911 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=16409 res=0
audit: type=1800 audit(1590490007.465:78): pid=29929 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=16407 res=0
batman_adv: batadv0: Interface deactivated: batadv_slave_0
device batadv_slave_0 entered promiscuous mode
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 30027 Comm: syz-executor.1 Not tainted 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x28e/0x3c0 mm/slab.c:3550
aio_get_req fs/aio.c:1049 [inline]
io_submit_one fs/aio.c:1589 [inline]
do_io_submit+0x2c4/0x1400 fs/aio.c:1709
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca29
RSP: 002b:00007face659ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00000000004e0d00 RCX: 000000000045ca29
RDX: 00000000200000c0 RSI: 0000000000000008 RDI: 00007face657a000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000001fb R14: 00000000004c4446 R15: 00007face659f6d4
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 30039 Comm: syz-executor.1 Not tainted 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550
cgroup: cgroup2: unknown option " "
mempool_alloc+0x111/0x2d0 mm/mempool.c:330
bio_alloc_bioset+0x352/0x640 block/bio.c:486
__blkdev_direct_IO fs/block_dev.c:364 [inline]
blkdev_direct_IO+0x2a2/0xe70 fs/block_dev.c:457
generic_file_direct_write+0x1df/0x420 mm/filemap.c:2950
__generic_file_write_iter+0x2a5/0x590 mm/filemap.c:3129
blkdev_write_iter fs/block_dev.c:1914 [inline]
blkdev_write_iter+0x1e8/0x3a0 fs/block_dev.c:1891
cgroup: cgroup2: unknown option " "
call_write_iter include/linux/fs.h:1778 [inline]
aio_write+0x2ba/0x4f0 fs/aio.c:1553
io_submit_one fs/aio.c:1641 [inline]
do_io_submit+0x930/0x1400 fs/aio.c:1709
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca29
RSP: 002b:00007face659ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00000000004e0d00 RCX: 000000000045ca29
RDX: 00000000200000c0 RSI: 0000000000000008 RDI: 00007face657a000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000001fb R14: 00000000004c4446 R15: 00007face659f6d4
audit: type=1800 audit(1590490009.155:79): pid=30044 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=16434 res=0
audit: type=1800 audit(1590490009.155:80): pid=30049 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=16434 res=0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 30085 Comm: syz-executor.1 Not tainted 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550
mempool_alloc+0x111/0x2d0 mm/mempool.c:330
bvec_alloc+0xcc/0x2d0 block/bio.c:216
bio_alloc_bioset+0x3fa/0x640 block/bio.c:506
__blkdev_direct_IO fs/block_dev.c:364 [inline]
blkdev_direct_IO+0x2a2/0xe70 fs/block_dev.c:457
generic_file_direct_write+0x1df/0x420 mm/filemap.c:2950
__generic_file_write_iter+0x2a5/0x590 mm/filemap.c:3129
blkdev_write_iter fs/block_dev.c:1914 [inline]
blkdev_write_iter+0x1e8/0x3a0 fs/block_dev.c:1891
call_write_iter include/linux/fs.h:1778 [inline]
aio_write+0x2ba/0x4f0 fs/aio.c:1553
io_submit_one fs/aio.c:1641 [inline]
do_io_submit+0x930/0x1400 fs/aio.c:1709
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca29
RSP: 002b:00007face659ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00000000004e0d00 RCX: 000000000045ca29
RDX: 00000000200000c0 RSI: 0000000000000008 RDI: 00007face657a000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000001fb R14: 00000000004c4446 R15: 00007face659f6d4
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 30132 Comm: syz-executor.1 Not tainted 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc_node mm/slab.c:3297 [inline]
kmem_cache_alloc_node+0x54/0x400 mm/slab.c:3640
create_task_io_context+0x2a/0x3c0 block/blk-ioc.c:278
create_io_context block/blk.h:323 [inline]
generic_make_request_checks+0x1605/0x1a20 block/blk-core.c:2125
generic_make_request+0x6b/0x850 block/blk-core.c:2183
submit_bio+0x234/0x390 block/blk-core.c:2301
__blkdev_direct_IO fs/block_dev.c:418 [inline]
blkdev_direct_IO+0x5e0/0xe70 fs/block_dev.c:457
generic_file_direct_write+0x1df/0x420 mm/filemap.c:2950
__generic_file_write_iter+0x2a5/0x590 mm/filemap.c:3129
blkdev_write_iter fs/block_dev.c:1914 [inline]
blkdev_write_iter+0x1e8/0x3a0 fs/block_dev.c:1891
call_write_iter include/linux/fs.h:1778 [inline]
aio_write+0x2ba/0x4f0 fs/aio.c:1553
io_submit_one fs/aio.c:1641 [inline]
do_io_submit+0x930/0x1400 fs/aio.c:1709
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca29
RSP: 002b:00007face659ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00000000004e0d00 RCX: 000000000045ca29
RDX: 00000000200000c0 RSI: 0000000000000008 RDI: 00007face657a000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000001fb R14: 00000000004c4446 R15: 00007face659f6d4
audit: type=1804 audit(1590490011.345:81): pid=30134 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir507100555/syzkaller.2eofDg/2346/file0/bus" dev="sda1" ino=16445 res=1
audit: type=1804 audit(1590490011.345:82): pid=30133 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir507100555/syzkaller.2eofDg/2346/file0/bus" dev="sda1" ino=16445 res=1
audit: type=1804 audit(1590490011.375:83): pid=30133 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir507100555/syzkaller.2eofDg/2346/file0/bus" dev="sda1" ino=16445 res=1
audit: type=1804 audit(1590490011.475:84): pid=30151 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir972608049/syzkaller.8ww3Xc/2839/bus" dev="sda1" ino=16442 res=1
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 30155 Comm: syz-executor.1 Not tainted 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550
mempool_alloc+0x111/0x2d0 mm/mempool.c:330
bio_alloc_bioset+0x352/0x640 block/bio.c:486
bio_alloc include/linux/bio.h:422 [inline]
__blkdev_direct_IO fs/block_dev.c:419 [inline]
blkdev_direct_IO+0x609/0xe70 fs/block_dev.c:457
generic_file_direct_write+0x1df/0x420 mm/filemap.c:2950
__generic_file_write_iter+0x2a5/0x590 mm/filemap.c:3129
blkdev_write_iter fs/block_dev.c:1914 [inline]
blkdev_write_iter+0x1e8/0x3a0 fs/block_dev.c:1891
call_write_iter include/linux/fs.h:1778 [inline]
aio_write+0x2ba/0x4f0 fs/aio.c:1553
io_submit_one fs/aio.c:1641 [inline]
do_io_submit+0x930/0x1400 fs/aio.c:1709
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca29
RSP: 002b:00007face659ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00000000004e0d00 RCX: 000000000045ca29
RDX: 00000000200000c0 RSI: 0000000000000008 RDI: 00007face657a000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000001fb R14: 00000000004c4446 R15: 00007face659f6d4
print_req_error: I/O error, dev loop5, sector 0
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 30172 Comm: syz-executor.1 Not tainted 4.14.181-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1b2/0x283 lib/dump_stack.c:58
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10a/0x154 lib/fault-inject.c:149
should_failslab+0xd6/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x40/0x3c0 mm/slab.c:3550
mempool_alloc+0x111/0x2d0 mm/mempool.c:330
bvec_alloc+0xcc/0x2d0 block/bio.c:216
bio_alloc_bioset+0x3fa/0x640 block/bio.c:506
bio_alloc include/linux/bio.h:422 [inline]
__blkdev_direct_IO fs/block_dev.c:419 [inline]
blkdev_direct_IO+0x609/0xe70 fs/block_dev.c:457
generic_file_direct_write+0x1df/0x420 mm/filemap.c:2950
__generic_file_write_iter+0x2a5/0x590 mm/filemap.c:3129
blkdev_write_iter fs/block_dev.c:1914 [inline]
blkdev_write_iter+0x1e8/0x3a0 fs/block_dev.c:1891
call_write_iter include/linux/fs.h:1778 [inline]
aio_write+0x2ba/0x4f0 fs/aio.c:1553
io_submit_one fs/aio.c:1641 [inline]
do_io_submit+0x930/0x1400 fs/aio.c:1709
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45ca29
RSP: 002b:00007face659ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00000000004e0d00 RCX: 000000000045ca29
RDX: 00000000200000c0 RSI: 0000000000000008 RDI: 00007face657a000
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
R13: 00000000000001fb R14: 00000000004c4446 R15: 00007face659f6d4
audit: type=1804 audit(1590490012.405:85): pid=30151 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir972608049/syzkaller.8ww3Xc/2839/bus" dev="sda1" ino=16442 res=1
print_req_error: I/O error, dev loop5, sector 0
print_req_error: I/O error, dev loop5, sector 0
audit: type=1804 audit(1590490013.075:86): pid=30222 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir972608049/syzkaller.8ww3Xc/2840/bus" dev="sda1" ino=16428 res=1
print_req_error: I/O error, dev loop5, sector 0
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'.
tmpfs: Bad mount option fd
tmpfs: Bad mount option fd
x86/PAT: syz-executor.1:30339 map pfn RAM range req write-combining for [mem 0x1ac800000-0x1ac9fffff], got write-back
overlayfs: missing 'workdir'
x86/PAT: syz-executor.1:30339 map pfn RAM range req write-combining for [mem 0x1ae400000-0x1ae5fffff], got write-back
overlayfs: missing 'workdir'
audit: type=1800 audit(1590490014.695:87): pid=30364 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.2" name="file0" dev="sda1" ino=16464 res=0
VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2.
VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop2.
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.