KASAN: use-after-free Write in get_block
18 views
Skip to first unread message
syzbot
Apr 12, 2020, 7:36:15 PM4/12/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=148e4557e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=7e141a7bc0e3beee9d49
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7e141a...@syzkaller.appspotmail.com
attempt to access beyond end of device
loop3: rw=0, want=94114, limit=52
Process accounting resumed
MINIX-fs: mounting unchecked file system, running fsck is recommended
==================================================================
BUG: KASAN: use-after-free in alloc_branch fs/minix/itree_common.c:92 [inline]
BUG: KASAN: use-after-free in get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
Write of size 2 at addr ffff888021eebdba by task syz-executor.3/6350
CPU: 1 PID: 6350 Comm: syz-executor.3 Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
print_address_description.cold+0x7c/0x1e2 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0xa9/0x2ae mm/kasan/report.c:393
alloc_branch fs/minix/itree_common.c:92 [inline]
get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
minix_get_block+0xd6/0x100 fs/minix/inode.c:379
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2027
__block_write_begin fs/buffer.c:2077 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2136
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
generic_file_write_iter+0x2fa/0x650 mm/filemap.c:3200
call_write_iter include/linux/fs.h:1778 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
__kernel_write+0xf5/0x330 fs/read_write.c:501
do_acct_process+0xb49/0xf60 kernel/acct.c:520
acct_pin_kill+0x28/0xe0 kernel/acct.c:174
pin_kill+0x147/0x650 fs/fs_pin.c:50
mnt_pin_kill+0x62/0x170 fs/fs_pin.c:87
cleanup_mnt+0x110/0x140 fs/namespace.c:1180
task_work_run+0x113/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1d6/0x220 arch/x86/entry/common.c:164
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45f2b7
RSP: 002b:00007ffed108e658 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045f2b7
RDX: 0000000000402f88 RSI: 0000000000000002 RDI: 00007ffed108e700
RBP: 00000000000002cf R08: 0000000000000000 R09: 000000000000000b
R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffed108f790
R13: 0000000001d42940 R14: 0000000000000000 R15: 00007ffed108f790
The buggy address belongs to the page:
page:ffffea000087bac0 count:0 mapcount:0 mapping: (null) index:0x1
flags: 0xfffe0000000000()
raw: 00fffe0000000000 0000000000000000 0000000000000001 00000000ffffffff
raw: ffffea0000935220 ffffea00008e7920 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888021eebc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888021eebd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888021eebd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff888021eebe00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888021eebe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
MINIX-fs: mounting unchecked file system, running fsck is recommended
MINIX-fs: mounting unchecked file system, running fsck is recommended
attempt to access beyond end of device
Process accounting resumed
loop5: rw=0, want=13402, limit=52
MINIX-fs: mounting unchecked file system, running fsck is recommended
buffer_io_error: 143 callbacks suppressed
Buffer I/O error on dev loop5, logical block 6700, async page read
attempt to access beyond end of device
loop5: rw=0, want=128050, limit=52
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=148e4557e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=7e141a7bc0e3beee9d49
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7e141a...@syzkaller.appspotmail.com
attempt to access beyond end of device
loop3: rw=0, want=94114, limit=52
Process accounting resumed
MINIX-fs: mounting unchecked file system, running fsck is recommended
==================================================================
BUG: KASAN: use-after-free in alloc_branch fs/minix/itree_common.c:92 [inline]
BUG: KASAN: use-after-free in get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
Write of size 2 at addr ffff888021eebdba by task syz-executor.3/6350
CPU: 1 PID: 6350 Comm: syz-executor.3 Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
print_address_description.cold+0x7c/0x1e2 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0xa9/0x2ae mm/kasan/report.c:393
alloc_branch fs/minix/itree_common.c:92 [inline]
get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
minix_get_block+0xd6/0x100 fs/minix/inode.c:379
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2027
__block_write_begin fs/buffer.c:2077 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2136
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
generic_file_write_iter+0x2fa/0x650 mm/filemap.c:3200
call_write_iter include/linux/fs.h:1778 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
__kernel_write+0xf5/0x330 fs/read_write.c:501
do_acct_process+0xb49/0xf60 kernel/acct.c:520
acct_pin_kill+0x28/0xe0 kernel/acct.c:174
pin_kill+0x147/0x650 fs/fs_pin.c:50
mnt_pin_kill+0x62/0x170 fs/fs_pin.c:87
cleanup_mnt+0x110/0x140 fs/namespace.c:1180
task_work_run+0x113/0x190 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:191 [inline]
exit_to_usermode_loop+0x1d6/0x220 arch/x86/entry/common.c:164
prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45f2b7
RSP: 002b:00007ffed108e658 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045f2b7
RDX: 0000000000402f88 RSI: 0000000000000002 RDI: 00007ffed108e700
RBP: 00000000000002cf R08: 0000000000000000 R09: 000000000000000b
R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffed108f790
R13: 0000000001d42940 R14: 0000000000000000 R15: 00007ffed108f790
The buggy address belongs to the page:
page:ffffea000087bac0 count:0 mapcount:0 mapping: (null) index:0x1
flags: 0xfffe0000000000()
raw: 00fffe0000000000 0000000000000000 0000000000000001 00000000ffffffff
raw: ffffea0000935220 ffffea00008e7920 0000000000000000 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888021eebc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888021eebd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888021eebd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff888021eebe00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888021eebe80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
MINIX-fs: mounting unchecked file system, running fsck is recommended
MINIX-fs: mounting unchecked file system, running fsck is recommended
attempt to access beyond end of device
Process accounting resumed
loop5: rw=0, want=13402, limit=52
MINIX-fs: mounting unchecked file system, running fsck is recommended
buffer_io_error: 143 callbacks suppressed
Buffer I/O error on dev loop5, logical block 6700, async page read
attempt to access beyond end of device
loop5: rw=0, want=128050, limit=52
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 15, 2020, 5:15:11 PM4/15/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 6dd0e326 Linux 4.19.115
syzbot found the following crash on:
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=152ffd57e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=75bfa32b46e7b6cf
dashboard link: https://syzkaller.appspot.com/bug?extid=1fde2a0dfc903e8c5d2e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1fde2a...@syzkaller.appspotmail.com
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Process accounting resumed
==================================================================
BUG: KASAN: use-after-free in alloc_branch fs/minix/itree_common.c:92 [inline]
BUG: KASAN: use-after-free in get_block+0x11e1/0x1300 fs/minix/itree_common.c:191
BUG: KASAN: use-after-free in alloc_branch fs/minix/itree_common.c:92 [inline]
Write of size 2 at addr ffff8880362ce726 by task syz-executor.4/6863
CPU: 1 PID: 6863 Comm: syz-executor.4 Not tainted 4.19.115-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
Call Trace:
dump_stack+0x188/0x20d lib/dump_stack.c:118
print_address_description.cold+0x7c/0x212 mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report mm/kasan/report.c:412 [inline]
kasan_report.cold+0x88/0x2b9 mm/kasan/report.c:396
alloc_branch fs/minix/itree_common.c:92 [inline]
get_block+0x11e1/0x1300 fs/minix/itree_common.c:191
minix_get_block+0xe5/0x110 fs/minix/inode.c:379
__block_write_begin_int+0x480/0x17a0 fs/buffer.c:1967
__block_write_begin fs/buffer.c:2017 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2076
minix_write_begin+0x35/0xe0 fs/minix/inode.c:415
generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3162
__generic_file_write_iter+0x24c/0x610 mm/filemap.c:3287
generic_file_write_iter+0x37f/0x729 mm/filemap.c:3315
call_write_iter include/linux/fs.h:1821 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
__kernel_write+0x109/0x370 fs/read_write.c:506
do_acct_process+0xcd8/0x10e0 kernel/acct.c:520
acct_pin_kill+0x29/0xf0 kernel/acct.c:174
pin_kill+0x17a/0x7e0 fs/fs_pin.c:50
mnt_pin_kill+0x6c/0x1c0 fs/fs_pin.c:87
cleanup_mnt+0x116/0x150 fs/namespace.c:1095
task_work_run+0x13f/0x1b0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x25a/0x2b0 arch/x86/entry/common.c:167
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45f2b7
Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
netlink: 45 bytes leftover after parsing attributes in process `syz-executor.2'.
RSP: 002b:00007ffe03ebade8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 000000000003ae6f RCX: 000000000045f2b7
RDX: 0000000000402f88 RSI: 0000000000000002 RDI: 00007ffe03ebae90
RBP: 000000000000002c R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffe03ebbf20
R13: 00000000024c5940 R14: 0000000000000000 R15: 00007ffe03ebbf20
The buggy address belongs to the page:
flags: 0xfffe0000000000()
raw: 00fffe0000000000 ffffea0000d8d808 ffffea0000e04f08 0000000000000000
raw: 0000000000000001 0000000000000001 00000000ffffff7f 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8880362ce600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Memory state around the buggy address:
ffff8880362ce680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff8880362ce700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff8880362ce780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8880362ce800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
syzbot
May 2, 2020, 8:21:17 PM5/2/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 773e2b1c Linux 4.14.178
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1699b374100000
kernel config: https://syzkaller.appspot.com/x/.config?x=51a99e08e1400ec5
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=128152ffe00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7e141a...@syzkaller.appspotmail.com
Process accounting resumed
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
Process accounting resumed
CPU: 1 PID: 7637 Comm: syz-executor824 Not tainted 4.14.178-syzkaller #0
minix_get_block+0xd6/0x100 fs/minix/inode.c:379
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2038
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
__block_write_begin fs/buffer.c:2088 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2147
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
device veth0_macvtap entered promiscuous mode
slow_acct_process kernel/acct.c:579 [inline]
acct_process+0x38a/0x422 kernel/acct.c:605
do_exit+0x1712/0x2b00 kernel/exit.c:848
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
do_group_exit+0x100/0x310 kernel/exit.c:955
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
SYSC_exit_group kernel/exit.c:966 [inline]
SyS_exit_group+0x19/0x20 kernel/exit.c:964
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
entry_SYSCALL_64_after_hwframe+0x42/0xb7
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
RIP: 0033:0x4475c8
RSP: 002b:00007fff65aaef38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004475c8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RBP: 00000000004c9e90 R08: 00000000000000e7 R09: ffffffffffffffd4
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006dca40 R14: 0000000000000000 R15: 0000000000000000
The buggy address belongs to the page:
page:ffffea000203b400 count:0 mapcount:0 mapping: (null) index:0x1
ffff888080ed0b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888080ed0b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff888080ed0c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888080ed0c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
HEAD commit: 773e2b1c Linux 4.14.178
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1699b374100000
kernel config: https://syzkaller.appspot.com/x/.config?x=51a99e08e1400ec5
dashboard link: https://syzkaller.appspot.com/bug?extid=7e141a7bc0e3beee9d49
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16619fac100000
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=128152ffe00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7e141a...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
Process accounting resumed
==================================================================
BUG: KASAN: use-after-free in alloc_branch fs/minix/itree_common.c:92 [inline]
BUG: KASAN: use-after-free in get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
Write of size 2 at addr ffff888080ed0ba4 by task syz-executor824/7637
BUG: KASAN: use-after-free in alloc_branch fs/minix/itree_common.c:92 [inline]
BUG: KASAN: use-after-free in get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
CPU: 1 PID: 7637 Comm: syz-executor824 Not tainted 4.14.178-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
print_address_description.cold+0x7c/0x1e2 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0xa9/0x2ae mm/kasan/report.c:393
device veth1_vlan entered promiscuous mode
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
print_address_description.cold+0x7c/0x1e2 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report mm/kasan/report.c:409 [inline]
kasan_report.cold+0xa9/0x2ae mm/kasan/report.c:393
alloc_branch fs/minix/itree_common.c:92 [inline]
get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
get_block+0xfaa/0x10f0 fs/minix/itree_common.c:191
minix_get_block+0xd6/0x100 fs/minix/inode.c:379
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2038
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
__block_write_begin fs/buffer.c:2088 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2147
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
device veth0_macvtap entered promiscuous mode
generic_file_write_iter+0x2fa/0x650 mm/filemap.c:3200
call_write_iter include/linux/fs.h:1778 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
call_write_iter include/linux/fs.h:1778 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
__kernel_write+0xf5/0x330 fs/read_write.c:501
do_acct_process+0xb49/0xf60 kernel/acct.c:520
device veth1_macvtap entered promiscuous mode
do_acct_process+0xb49/0xf60 kernel/acct.c:520
slow_acct_process kernel/acct.c:579 [inline]
acct_process+0x38a/0x422 kernel/acct.c:605
do_exit+0x1712/0x2b00 kernel/exit.c:848
IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready
do_group_exit+0x100/0x310 kernel/exit.c:955
IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
SYSC_exit_group kernel/exit.c:966 [inline]
SyS_exit_group+0x19/0x20 kernel/exit.c:964
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
entry_SYSCALL_64_after_hwframe+0x42/0xb7
batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
RIP: 0033:0x4475c8
RSP: 002b:00007fff65aaef38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004475c8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
RBP: 00000000004c9e90 R08: 00000000000000e7 R09: ffffffffffffffd4
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006dca40 R14: 0000000000000000 R15: 0000000000000000
The buggy address belongs to the page:
flags: 0xfffe0000000000()
raw: 00fffe0000000000 0000000000000000 0000000000000001 00000000ffffffff
raw: ffffea000203a7a0 ffffea000203b320 0000000000000000 0000000000000000
raw: 00fffe0000000000 0000000000000000 0000000000000001 00000000ffffffff
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff888080ed0a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Memory state around the buggy address:
ffff888080ed0b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888080ed0b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff888080ed0c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888080ed0c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
syzbot
Sep 1, 2020, 8:35:10 PM9/1/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages