KASAN: stack-out-of-bounds Read in __jbd2_journal_clean_checkpoint_list
2 views
Skip to first unread message
syzbot
Jul 4, 2018, 12:59:02 PM7/4/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 2bdea157b999 Merge branch 'sctp-fully-support-for-dscp-and..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=160aae68400000
kernel config: https://syzkaller.appspot.com/x/.config?x=f62553dc846b0692
dashboard link: https://syzkaller.appspot.com/bug?extid=f271a76f3be129583d19
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ja...@suse.com linux...@vger.kernel.org
linux-...@vger.kernel.org ty...@mit.edu]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f271a7...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: stack-out-of-bounds in
__jbd2_journal_clean_checkpoint_list+0x1fb/0x210 fs/jbd2/checkpoint.c:473
Read of size 8 at addr ffff880194e4a5d8 by task jbd2/sda1-8/2299
CPU: 0 PID: 2299 Comm: jbd2/sda1-8 Not tainted 4.18.0-rc3+ #45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
BUG: unable to handle kernel paging request at ffff8801a01161c8
Call Trace:
PGD b4df067 P4D b4df067
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
PUD 1cfa99063
PMD 194049063
PTE 0
print_address_description+0x6c/0x20b mm/kasan/report.c:256
Oops: 0002 [#1] SMP KASAN
CPU: 1 PID: 16463 Comm: syz-executor4 Not tainted 4.18.0-rc3+ #45
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
RIP: 0010:__hlist_del include/linux/list.h:651 [inline]
RIP: 0010:detach_timer kernel/time/timer.c:817 [inline]
RIP: 0010:expire_timers kernel/time/timer.c:1353 [inline]
RIP: 0010:__run_timers+0x650/0xc70 kernel/time/timer.c:1666
__jbd2_journal_clean_checkpoint_list+0x1fb/0x210 fs/jbd2/checkpoint.c:473
Code:
jbd2_journal_commit_transaction+0x11a6/0x8c54 fs/jbd2/commit.c:485
04 38
f8
4d
85
ed
74
26
e8
dd
7e
12
00
49
8d
7d
08
48
8b 95
58
fd
ff
ff
48
89
f8
48
c1
e8
03
42
80
3c
38
00
0f
85
1c
05
00
00
<49> 89
55
08
e8
b7
7e
12
00
4c
89
e0
48
c1
e8
03
42
80
3c
38
00
0f
RSP: 0018:ffff8801daf07980 EFLAGS: 00010046
RAX: 1ffff10034022c39 RBX: ffff8801a23ae140 RCX: 1ffff1003b5e0f79
RDX: ffff8801daf07bc8 RSI: ffffffff81698cf3 RDI: ffff8801a01161c8
RBP: ffff8801daf07c70 R08: ffff8801d65dc2c0 R09: fffffbfff1585971
R10: fffffbfff1585971 R11: ffffffff8ac2cb8b R12: ffff8801a23ae148
R13: ffff8801a01161c0 R14: ffff8801daf07c48 R15: dffffc0000000000
FS: 00007fecdf050700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8801a01161c8 CR3: 0000000008e6a000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
<IRQ>
kjournald2+0x274/0xb50 fs/jbd2/journal.c:229
run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1692
__do_softirq+0x2e8/0xb17 kernel/softirq.c:288
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Allocated by task 3481771008:
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x1d1/0x200 kernel/softirq.c:408
exiting_irq arch/x86/include/asm/apic.h:527 [inline]
smp_apic_timer_interrupt+0x186/0x730 arch/x86/kernel/apic/apic.c:1052
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
</IRQ>
Modules linked in:
Dumping ftrace buffer:
---------------------------------
syz-exec-23504 1...2 268132568us : 0: }D
syz-exec-1927 1...2 456411363us : 0: }D
syz-exec-1927 1...2 456411369us : 0: }D
syz-exec-1927 1...2 456411371us : 0: }D
syz-exec-1927 1...2 456411373us : 0: }D
syz-exec-1927 1...2 456411375us : 0: }D
syz-exec-1927 1...2 456411448us : 0: }D
syz-exec-1927 1...2 456411450us : 0: }D
syz-exec-1927 1...2 456411453us : 0: }D
syz-exec-1927 1...2 456411455us : 0: }D
syz-exec-1927 1...2 456411457us : 0: }D
syz-exec-1927 1...2 456411459us : 0: }D
syz-exec-1927 1...2 456411461us : 0: }D
syz-exec-1927 1...2 456411463us : 0: }D
syz-exec-1927 1...2 456411465us : 0: }D
syz-exec-1927 1...2 456411467us : 0: }D
syz-exec-1927 1...2 456411469us : 0: }D
syz-exec-1927 1...2 456411471us : 0: }D
syz-exec-1927 1...2 456411473us : 0: }D
syz-exec-1927 1...2 456411475us : 0: }D
syz-exec-1927 1...2 456411477us : 0: }D
syz-exec-1927 1...2 456411479us : 0: }D
syz-exec-1927 1...2 456411482us : 0: }D
syz-exec-1927 1...2 456411483us : 0: }D
syz-exec-1927 1...2 456411485us : 0: }D
syz-exec-1927 1...2 456411487us : 0: }D
syz-exec-1927 1...2 456411489us : 0: }D
syz-exec-1927 1...2 456411491us : 0: }D
syz-exec-1927 1...2 456411493us : 0: }D
syz-exec-1927 1...2 456411496us : 0: }D
syz-exec-1927 1...2 456411498us : 0: }D
syz-exec-1927 1...2 456411500us : 0: }D
syz-exec-1927 1...2 456411503us : 0: }D
syz-exec-1927 1...2 456411505us : 0: }D
syz-exec-1927 1...2 456411508us : 0: }D
syz-exec-1927 1...2 456411511us : 0: }D
syz-exec-1927 1...2 456411513us : 0: }D
syz-exec-1927 1...2 456411516us : 0: }D
syz-exec-1927 1...2 456411519us : 0: }D
syz-exec-1927 1...2 456411521us : 0: }D
syz-exec-1927 1...2 456411524us : 0: }D
syz-exec-1927 1...2 456411526us : 0: }D
syz-exec-1927 1...2 456411529us : 0: }D
syz-exec-1927 1...2 456411531us : 0: }D
syz-exec-1927 1...2 456411535us : 0: }D
syz-exec-1927 1...2 456411537us : 0: }D
syz-exec-1927 1...2 456411539us : 0: }D
syz-exec-1927 1...2 456411541us : 0: }D
syz-exec-1927 1...2 456411543us : 0: }D
syz-exec-1927 1...2 456411546us : 0: }D
syz-exec-1927 1...2 456411547us : 0: }D
syz-exec-1927 1...2 456411550us : 0: }D
syz-exec-1927 1...2 456411553us : 0: }D
syz-exec-1927 1...2 456411555us : 0: }D
syz-exec-1927 1...2 456411558us : 0: }D
syz-exec-1927 1...2 456411561us : 0: }D
syz-exec-1927 1...2 456411563us : 0: }D
syz-exec-1927 1...2 456411565us : 0: }D
syz-exec-1927 1...2 456411567us : 0: }D
syz-exec-1927 1...2 456411570us : 0: }D
syz-exec-1927 1...2 456411572us : 0: }D
syz-exec-1927 1...2 456411574us : 0: }D
syz-exec-1927 1...2 456411577us : 0: }D
syz-exec-1927 1...2 456411579us : 0: }D
syz-exec-1927 1...2 456411581us : 0: }D
syz-exec-1927 1...2 456411584us : 0: }D
syz-exec-1927 1...2 456411586us : 0: }D
syz-exec-1927 1...2 456411588us : 0: }D
syz-exec-1927 1...2 456411591us : 0: }D
syz-exec-1927 1...2 456411593us : 0: }D
syz-exec-1927 1...2 456411595us : 0: }D
syz-exec-1927 1...2 456411598us : 0: }D
syz-exec-1927 1...2 456411600us : 0: }D
syz-exec-1927 1...2 456411602us : 0: }D
syz-exec-1927 1...2 456411604us : 0: }D
syz-exec-1927 1...2 456411607us : 0: }D
syz-exec-1927 1...2 456411609us : 0: }D
syz-exec-1927 1...2 456411611us : 0: }D
syz-exec-1927 1...2 456411613us : 0: }D
syz-exec-1927 1...2 456411615us : 0: }D
syz-exec-1927 1...2 456411618us : 0: }D
syz-exec-1927 1...2 456411620us : 0: }D
syz-exec-1927 1.n.2 456411622us : 0: }D
syz-exec-1927 1.N.2 456411627us : 0: }D
syz-exec-1927 1...2 456411663us : 0: }D
syz-exec-1927 1...2 456411667us : 0: }D
syz-exec-1927 1...2 456411669us : 0: }D
syz-exec-1927 1...2 456411672us : 0: }D
syz-exec-1927 1...2 456411675us : 0: }D
syz-exec-1927 1...2 456411678us : 0: }D
syz-exec-1927 1...2 456411680us : 0: }D
syz-exec-1927 1...2 456411684us : 0: }D
syz-exec-1927 1...2 456411686us : 0: }D
syz-exec-1927 1...2 456411689us : 0: }D
syz-exec-1927 1...2 456411691us : 0: }D
syz-exec-1927 1...2 456411694us : 0: }D
syz-exec-1927 1...2 456411697us : 0: }D
syz-exec-1927 1...2 456411699us : 0: }D
syz-exec-1927 1...2 456411702us : 0: }D
syz-exec-1927 1...2 456411705us : 0: }D
syz-exec-1927 1...2 456411707us : 0: }D
syz-exec-1927 1...2 456411710us : 0: }D
syz-exec-1927 1...2 456411713us : 0: }D
syz-exec-1927 1...2 456411716us : 0: }D
syz-exec-1927 1...2 456411718us : 0: }D
syz-exec-1927 1...2 456411720us : 0: }D
syz-exec-1927 1...2 456411724us : 0: }D
syz-exec-1927 1...2 456411726us : 0: }D
syz-exec-1927 1...2 456411728us : 0: }D
syz-exec-1927 1...2 456411730us : 0: }D
syz-exec-1927 1...2 456411734us : 0: }D
syz-exec-1927 1...2 456411736us : 0: }D
syz-exec-1927 1...2 456411739us : 0: }D
syz-exec-1927 1...2 456411742us : 0: }D
syz-exec-1927 1...2 456411744us : 0: }D
syz-exec-1927 1...2 456411747us : 0: }D
syz-exec-1927 1...2 456411749us : 0: }D
syz-exec-1927 1...2 456411752us : 0: }D
syz-exec-1927 1...2 456411754us : 0: }D
syz-exec-1927 1...2 456411756us : 0: }D
syz-exec-1927 1...2 456411759us : 0: }D
syz-exec-1927 1...2 456411762us : 0: }D
syz-exec-1927 1...2 456411764us : 0: }D
syz-exec-1927 1...2 456411767us : 0: }D
syz-exec-1927 1...2 456411770us : 0: }D
syz-exec-1927 1...2 456411772us : 0: }D
syz-exec-1927 1...2 456411774us : 0: }D
syz-exec-1927 1...2 456411777us : 0: }D
syz-exec-1927 1...2 456411780us : 0: }D
syz-exec-1927 1...2 456411782us : 0: }D
syz-exec-1927 1...2 456411784us : 0: }D
syz-exec-1927 1...2 456411786us : 0: }D
syz-exec-1927 1...2 456411788us : 0: }D
syz-exec-1927 1...2 456411791us : 0: }D
syz-exec-1927 1.N.2 456411795us : 0: }D
syz-exec-1927 1...2 456411823us : 0: }D
syz-exec-1927 1...2 456411826us : 0: }D
syz-exec-1927 1...2 456411828us : 0: }D
syz-exec-1927 1...2 456411830us : 0: }D
syz-exec-1927 1...2 456411833us : 0: }D
syz-exec-1927 1...2 456411835us : 0: }D
syz-exec-1927 1...2 456411838us : 0: }D
syz-exec-1927 1.N.2 456411842us : 0: }D
syz-exec-1927 1...2 456411870us : 0: }D
syz-exec-1927 1...2 456411873us : 0: }D
syz-exec-1927 1...2 456411876us : 0: }D
syz-exec-1927 1...2 456411878us : 0: }D
syz-exec-1927 1...2 456411880us : 0: }D
syz-exec-1927 1...2 456411882us : 0: }D
syz-exec-1927 1...2 456411884us : 0: }D
syz-exec-1927 1...2 456411887us : 0: }D
syz-exec-1927 1...2 456411889us : 0: }D
syz-exec-1927 1...2 456411892us : 0: }D
syz-exec-1927 1...2 456411894us : 0: }D
syz-exec-1927 1...2 456411897us : 0: }D
syz-exec-1927 1...2 456411899us : 0: }D
syz-exec-1927 1...2 456411902us : 0: }D
syz-exec-1927 1...2 456411905us : 0: }D
syz-exec-1927 1...2 456411907us : 0: }D
syz-exec-1927 1...2 456411910us : 0: }D
syz-exec-1927 1...2 456411912us : 0: }D
syz-exec-1927 1...2 456411914us : 0: }D
syz-exec-1927 1...2 456411917us : 0: }D
syz-exec-1927 1...2 456411919us : 0: }D
syz-exec-1927 1...2 456411922us : 0: }D
syz-exec-1927 1...2 456411925us : 0: }D
syz-exec-1927 1...2 456411927us : 0: }D
syz-exec-1927 1...2 456411930us : 0: }D
syz-exec-1927 1...2 456411932us : 0: }D
syz-exec-1927 1...2 456411937us : 0: }D
syz-exec-1927 1...2 456411940us : 0: }D
syz-exec-1927 1...2 456411943us : 0: }D
syz-exec-1927 1...2 456411945us : 0: }D
syz-exec-1927 1...2 456411947us : 0: }D
syz-exec-1927 1...2 456411950us : 0: }D
syz-exec-1927 1...2 456411952us : 0: }D
syz-exec-1927 1...2 456411955us : 0: }D
syz-exec-1927 1...2 456411957us : 0: }D
syz-exec-1927 1.n.2 456411960us : 0: }D
syz-exec-1927 1...2 456411986us : 0: }D
syz-exec-1927 1...2 456411989us : 0: }D
syz-exec-1927 1...2 456411991us : 0: }D
syz-exec-1927 1...2 456411994us : 0: }D
syz-exec-1927 1...2 456411996us : 0: }D
syz-exec-1927 1...2 456411999us : 0: }D
syz-exec-1927 1...2 456412001us : 0: }D
syz-exec-1927 1...2 456412004us : 0: }D
syz-exec-1927 1...2 456412006us : 0: }D
syz-exec-1927 1...2 456412009us : 0: }D
syz-exec-1927 1...2 456412011us : 0: }D
syz-exec-1927 1...2 456412014us : 0: }D
syz-exec-1927 1...2 456412016us : 0: }D
syz-exec-1927 1...2 456412019us : 0: }D
syz-exec-1927 1...2 456412021us : 0: }D
syz-exec-1927 1...2 456412024us : 0: }D
syz-exec-1927 1...2 456412026us : 0: }D
syz-exec-1927 1...2 456412029us : 0: }D
syz-exec-1927 1...2 456412031us : 0: }D
syz-exec-1927 1...2 456412034us : 0: }D
syz-exec-1927 1...2 456412036us : 0: }D
syz-exec-1927 1...2 456412039us : 0: }D
syz-exec-1927 1...2 456412041us : 0: }D
syz-exec-1927 1...2 456412044us : 0: }D
syz-exec-1927 1...2 456412046us : 0: }D
syz-exec-1927 1...2 456412049us : 0: }D
syz-exec-1927 1...2 456412051us : 0: }D
syz-exec-1927 1...2 456412053us : 0: }D
syz-exec-1927 1...2 456412056us : 0: }D
syz-exec-1927 1...2 456412058us : 0: }D
syz-exec-1927 1...2 456412068us : 0: }D
syz-exec-1927 1...2 456412071us : 0: }D
syz-exec-1927 1...2 456412074us : 0: }D
syz-exec-1927 1...2 456412077us : 0: }D
syz-exec-1927 1...2 456412079us : 0: }D
syz-exec-1927 1...2 456412082us : 0: }D
syz-exec-1927 1...2 456412085us : 0: }D
syz-exec-1927 1...2 456412088us : 0: }D
syz-exec-1927 1...2 456412090us : 0: }D
syz-exec-1927 1...2 456412093us : 0: }D
syz-exec-1927 1...2 456412096us : 0: }D
syz-exec-1927 1...2 456412098us : 0: }D
syz-exec-1927 1...2 456412100us : 0: }D
syz-exec-1927 1...2 456412103us : 0: }D
syz-exec-1927 1...2 456412106us : 0: }D
syz-exec-1927 1...2 456412109us : 0: }D
syz-exec-1927 1...2 456412111us : 0: }D
syz-exec-1927 1...2 456412114us : 0: }D
syz-exec-1927 1...2 456412117us : 0: }D
syz-exec-1927 1...2 456412120us : 0: }D
syz-exec-1927 1...2 456412122us : 0: }D
syz-exec-1927 1...2 456412126us : 0: }D
syz-exec-1927 1...2 456412128us : 0: }D
syz-exec-1927 1...2 456412131us : 0: }D
syz-exec-1927 1...2 456412133us : 0: }D
syz-exec-1927 1...2 456412136us : 0: }D
syz-exec-1927 1...2 456412139us : 0: }D
syz-exec-1927 1...2 456412141us : 0: }D
syz-exec-1927 1...2 456412144us : 0: }D
syz-exec-1927 1...2 456412147us : 0: }D
syz-exec-1927 1...2 456412150us : 0: }D
syz-exec-1927 1...2 456412152us : 0: }D
syz-exec-1927 1...2 456412155us : 0: }D
syz-exec-1927 1...2 456412158us : 0: }D
syz-exec-1927 1...2 456412160us : 0: }D
syz-exec-1927 1...2 456412162us : 0: }D
syz-exec-1927 1...2 456412166us : 0: }D
syz-exec-1927 1...2 456412168us : 0: }D
syz-exec-1927 1...2 456412171us : 0: }D
syz-exec-1927 1...2 456412173us : 0: }D
syz-exec-1927 1...2 456412176us : 0: }D
syz-exec-1927 1...2 456412179us : 0: }D
syz-exec-1927 1...2 456412181us : 0: }D
syz-exec-1927 1...2 456412184us : 0: }D
syz-exec-1927 1...2 456412187us : 0: }D
syz-exec-1927 1...2 456412189us : 0: }D
syz-exec-1927 1...2 456412192us : 0: }D
syz-exec-1927 1...2 456412195us : 0: }D
syz-exec-1927 1...2 456412198us : 0: }D
syz-exec-1927 1...2 456412200us : 0: }D
syz-exec-1927 1...2 456412203us : 0: }D
syz-exec-1927 1...2 456412206us : 0: }D
syz-exec-1927 1...2 456412209us : 0: }D
syz-exec-1927 1...2 456412211us : 0: }D
syz-exec-1927 1...2 456412214us : 0: }D
syz-exec-1927 1...2 456412217us : 0: }D
syz-exec-1927 1...2 456412220us : 0: }D
syz-exec-1927 1...2 456412222us : 0: }D
syz-exec-1927 1...2 456412224us : 0: }D
syz-exec-1927 1...2 456412231us : 0: }D
syz-exec-1927 1...2 456412234us : 0: }D
syz-exec-1927 1...2 456412236us : 0: }D
syz-exec-1927 1...2 456412239us : 0: }D
syz-exec-1927 1...2 456412241us : 0: }D
syz-exec-1927 1...2 456412244us : 0: }D
syz-exec-1927 1...2 456412246us : 0: }D
syz-exec-1927 1...2 456412249us : 0: }D
syz-exec-1927 1...2 456412251us : 0: }D
syz-exec-1927 1...2 456412254us : 0: }D
syz-exec-1927 1...2 456412256us : 0: }D
syz-exec-1927 1...2 456412259us : 0: }D
syz-exec-1927 1...2 456412261us : 0: }D
syz-exec-1927 1...2 456412264us : 0: }D
syz-exec-1927 1...2 456412266us : 0: }D
syz-exec-1927 1...2 456412268us : 0: }D
syz-exec-1927 1...2 456412271us : 0: }D
syz-exec-1927 1...2 456412273us : 0: }D
syz-exec-1927 1...2 456412275us : 0: }D
syz-exec-1927 1...2 456412278us : 0: }D
syz-exec-1927 1...2 456412280us : 0: }D
syz-exec-1927 1...2 456412283us : 0: }D
syz-exec-1927 1...2 456412285us : 0: }D
syz-exec-1927 1...2 456412288us : 0: }D
syz-exec-1927 1...2 456412290us : 0: }D
syz-exec-1927 1...2 456412292us : 0: }D
syz-exec-1927 1...2 456412316us : 0: }D
syz-exec-1927 1.N.2 456412318us : 0: }D
syz-exec-1927 1...2 456420117us : 0: }D
syz-exec-1927 1...2 456420124us : 0: }D
syz-exec-1927 1...2 456420127us : 0: }D
syz-exec-1927 1...2 456420129us : 0: }D
syz-exec-1927 1...2 456420132us : 0: }D
syz-exec-1927 1...2 456420135us : 0: }D
syz-exec-1927 1...2 456420138us : 0: }D
syz-exec-1927 1...2 456420140us : 0: }D
syz-exec-1927 1...2 456420143us : 0: }D
syz-exec-1927 1...2 456420145us : 0: }D
syz-exec-1927 1...2 456420147us : 0: }D
syz-exec-1927 1...2 456420150us : 0: }D
syz-exec-1927 1...2 456420154us : 0: }D
syz-exec-1927 1...2 456420156us : 0: }D
syz-exec-1927 1...2 456420158us : 0: }D
syz-exec-1927 1...2 456420161us : 0: }D
syz-exec-1927 1...2 456420163us : 0: }D
syz-exec-1927 1...2 456420166us : 0: }D
syz-exec-1927 1...2 456420168us : 0: }D
syz-exec-1927 1...2 456420171us : 0: }D
syz-exec-1927 1...2 456420173us : 0: }D
syz-exec-1927 1...2 456420176us : 0: }D
syz-exec-1927 1...2 456420178us : 0: }D
syz-exec-1927 1...2 456420180us : 0: }D
syz-exec-1927 1...2 456420183us : 0: }D
syz-exec-1927 1...2 456420185us : 0: }D
syz-exec-1927 1...2 456420187us : 0: }D
syz-exec-1927 1...2 456420190us : 0: }D
syz-exec-1927 1...2 456420192us : 0: }D
syz-exec-1927 1...2 456420194us : 0: }D
syz-exec-1927 1...2 456420197us : 0: }D
syz-exec-1927 1...2 456420199us : 0: }D
syz-exec-1927 1...2 456420201us : 0: }D
syz-exec-1927 1...2 456420203us : 0: }D
syz-exec-1927 1...2 456420206us : 0: }D
syz-exec-1927 1...2 456420208us : 0: }D
syz-exec-1927 1...2 456420210us : 0: }D
syz-exec-1927 1...2 456420213us : 0: }D
syz-exec-1927 1...2 456420215us : 0: }D
syz-exec-1927 1...2 456420217us : 0: }D
syz-exec-1927 1...2 456420220us : 0: }D
syz-exec-1927 1...2 456420222us : 0: }D
syz-exec-1927 1...2 456420225us : 0: }D
syz-exec-1927 1...2 456420229us : 0: }D
syz-exec-1927 1...2 456420232us : 0: }D
syz-exec-1927 1...2 456420234us : 0: }D
syz-exec-1927 1...2 456420237us : 0: }D
syz-exec-1927 1...2 456420239us : 0: }D
syz-exec-1927 1...2 456420242us : 0: }D
syz-exec-1927 1...2 456420244us : 0: }D
syz-exec-1927 1...2 456420246us : 0: }D
syz-exec-1927 1...2 456420248us : 0: }D
syz-exec-1927 1...2 456420251us : 0: }D
syz-exec-1927 1...2 456420253us : 0: }D
syz-exec-1927 1...2 456420256us : 0: }D
syz-exec-1927 1...2 456420258us : 0: }D
syz-exec-1927 1...2 456420261us : 0: }D
syz-exec-1927 1...2 456420263us : 0: }D
syz-exec-1927 1...2 456420266us : 0: }D
syz-exec-1927 1...2 456420268us : 0: }D
syz-exec-1927 1...2 456420271us : 0: }D
syz-exec-1927 1...2 456420273us : 0: }D
syz-exec-1927 1...2 456420275us : 0: }D
syz-exec-1927 1...2 456420277us : 0: }D
syz-exec-1927 1...2 456420280us : 0: }D
syz-exec-1927 1...2 456420282us : 0: }D
syz-exec-1927 1...2 456420284us : 0: }D
syz-exec-1927 1...2 456420287us : 0: }D
syz-exec-1927 1...2 456420289us : 0: }D
syz-exec-1927 1...2 456420291us : 0: }D
syz-exec-1927 1.N.2 456420320us : 0: }D
---------------------------------
CR2: ffff8801a01161c8
---[ end trace aff300a6d2e8bea0 ]---
BUG: unable to handle kernel paging request at ffffffff8c3a5a30
PGD 8e6d067
RIP: 0010:__hlist_del include/linux/list.h:651 [inline]
RIP: 0010:detach_timer kernel/time/timer.c:817 [inline]
RIP: 0010:expire_timers kernel/time/timer.c:1353 [inline]
RIP: 0010:__run_timers+0x650/0xc70 kernel/time/timer.c:1666
P4D 8e6d067
Code:
PUD 8e6e063
04
PMD 0
38
f8
Oops: 0000 [#2] SMP KASAN
4d 85
CPU: 0 PID: 2299 Comm: jbd2/sda1-8 Tainted: G D 4.18.0-rc3+
#45
ed
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
74
RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:201
26 e8
Code:
dd
e8
7e
65
12
30
00
47
49
fe
8d 7d
e9
08
b3
48
fd
8b
ff
95
ff
58
e8
fd
5b
ff
30
ff
47
48
fe
89
e9
f8
55
48
fd
c1
ff
e8
ff
03
90
42
90
80
90
3c
90
38
90
00
90
0f
89
85
f8
1c
c1
05
ef
00
11
00
25
<49>
ff
89
ff
55
1f
08
00
e8
81
b7
e7
7e 12
f0
00
3f
4c
00
89
00 <48>
e0
03
48
3c
c1
c5
e8
60
03
09
42
43
80
8b
3c
8b
38
47
00
0c
0f
48
83
RSP: 0018:ffff8801daf07980 EFLAGS: 00010046
c7
18
RAX: 1ffff10034022c39 RBX: ffff8801a23ae140 RCX: 1ffff1003b5e0f79
c7
RDX: ffff8801daf07bc8 RSI: ffffffff81698cf3 RDI: ffff8801a01161c8
46
RBP: ffff8801daf07c70 R08: ffff8801d65dc2c0 R09: fffffbfff1585971
10
R10: fffffbfff1585971 R11: ffffffff8ac2cb8b R12: ffff8801a23ae148
00
R13: ffff8801a01161c0 R14: ffff8801daf07c48 R15: dffffc0000000000
00
FS: 00007fecdf050700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
00
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
00
CR2: ffff8801a01161c8 CR3: 0000000008e6a000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
RSP: 0018:ffff8801cc26ec90 EFLAGS: 00010002
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 2bdea157b999 Merge branch 'sctp-fully-support-for-dscp-and..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=160aae68400000
kernel config: https://syzkaller.appspot.com/x/.config?x=f62553dc846b0692
dashboard link: https://syzkaller.appspot.com/bug?extid=f271a76f3be129583d19
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ja...@suse.com linux...@vger.kernel.org
linux-...@vger.kernel.org ty...@mit.edu]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f271a7...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: stack-out-of-bounds in
__jbd2_journal_clean_checkpoint_list+0x1fb/0x210 fs/jbd2/checkpoint.c:473
Read of size 8 at addr ffff880194e4a5d8 by task jbd2/sda1-8/2299
CPU: 0 PID: 2299 Comm: jbd2/sda1-8 Not tainted 4.18.0-rc3+ #45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
BUG: unable to handle kernel paging request at ffff8801a01161c8
Call Trace:
PGD b4df067 P4D b4df067
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
PUD 1cfa99063
PMD 194049063
PTE 0
print_address_description+0x6c/0x20b mm/kasan/report.c:256
Oops: 0002 [#1] SMP KASAN
CPU: 1 PID: 16463 Comm: syz-executor4 Not tainted 4.18.0-rc3+ #45
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
RIP: 0010:__hlist_del include/linux/list.h:651 [inline]
RIP: 0010:detach_timer kernel/time/timer.c:817 [inline]
RIP: 0010:expire_timers kernel/time/timer.c:1353 [inline]
RIP: 0010:__run_timers+0x650/0xc70 kernel/time/timer.c:1666
__jbd2_journal_clean_checkpoint_list+0x1fb/0x210 fs/jbd2/checkpoint.c:473
Code:
jbd2_journal_commit_transaction+0x11a6/0x8c54 fs/jbd2/commit.c:485
04 38
f8
4d
85
ed
74
26
e8
dd
7e
12
00
49
8d
7d
08
48
8b 95
58
fd
ff
ff
48
89
f8
48
c1
e8
03
42
80
3c
38
00
0f
85
1c
05
00
00
<49> 89
55
08
e8
b7
7e
12
00
4c
89
e0
48
c1
e8
03
42
80
3c
38
00
0f
RSP: 0018:ffff8801daf07980 EFLAGS: 00010046
RAX: 1ffff10034022c39 RBX: ffff8801a23ae140 RCX: 1ffff1003b5e0f79
RDX: ffff8801daf07bc8 RSI: ffffffff81698cf3 RDI: ffff8801a01161c8
RBP: ffff8801daf07c70 R08: ffff8801d65dc2c0 R09: fffffbfff1585971
R10: fffffbfff1585971 R11: ffffffff8ac2cb8b R12: ffff8801a23ae148
R13: ffff8801a01161c0 R14: ffff8801daf07c48 R15: dffffc0000000000
FS: 00007fecdf050700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8801a01161c8 CR3: 0000000008e6a000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
<IRQ>
kjournald2+0x274/0xb50 fs/jbd2/journal.c:229
run_timer_softirq+0x4c/0x70 kernel/time/timer.c:1692
__do_softirq+0x2e8/0xb17 kernel/softirq.c:288
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Allocated by task 3481771008:
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x1d1/0x200 kernel/softirq.c:408
exiting_irq arch/x86/include/asm/apic.h:527 [inline]
smp_apic_timer_interrupt+0x186/0x730 arch/x86/kernel/apic/apic.c:1052
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:863
</IRQ>
Modules linked in:
Dumping ftrace buffer:
---------------------------------
syz-exec-23504 1...2 268132568us : 0: }D
syz-exec-1927 1...2 456411363us : 0: }D
syz-exec-1927 1...2 456411369us : 0: }D
syz-exec-1927 1...2 456411371us : 0: }D
syz-exec-1927 1...2 456411373us : 0: }D
syz-exec-1927 1...2 456411375us : 0: }D
syz-exec-1927 1...2 456411448us : 0: }D
syz-exec-1927 1...2 456411450us : 0: }D
syz-exec-1927 1...2 456411453us : 0: }D
syz-exec-1927 1...2 456411455us : 0: }D
syz-exec-1927 1...2 456411457us : 0: }D
syz-exec-1927 1...2 456411459us : 0: }D
syz-exec-1927 1...2 456411461us : 0: }D
syz-exec-1927 1...2 456411463us : 0: }D
syz-exec-1927 1...2 456411465us : 0: }D
syz-exec-1927 1...2 456411467us : 0: }D
syz-exec-1927 1...2 456411469us : 0: }D
syz-exec-1927 1...2 456411471us : 0: }D
syz-exec-1927 1...2 456411473us : 0: }D
syz-exec-1927 1...2 456411475us : 0: }D
syz-exec-1927 1...2 456411477us : 0: }D
syz-exec-1927 1...2 456411479us : 0: }D
syz-exec-1927 1...2 456411482us : 0: }D
syz-exec-1927 1...2 456411483us : 0: }D
syz-exec-1927 1...2 456411485us : 0: }D
syz-exec-1927 1...2 456411487us : 0: }D
syz-exec-1927 1...2 456411489us : 0: }D
syz-exec-1927 1...2 456411491us : 0: }D
syz-exec-1927 1...2 456411493us : 0: }D
syz-exec-1927 1...2 456411496us : 0: }D
syz-exec-1927 1...2 456411498us : 0: }D
syz-exec-1927 1...2 456411500us : 0: }D
syz-exec-1927 1...2 456411503us : 0: }D
syz-exec-1927 1...2 456411505us : 0: }D
syz-exec-1927 1...2 456411508us : 0: }D
syz-exec-1927 1...2 456411511us : 0: }D
syz-exec-1927 1...2 456411513us : 0: }D
syz-exec-1927 1...2 456411516us : 0: }D
syz-exec-1927 1...2 456411519us : 0: }D
syz-exec-1927 1...2 456411521us : 0: }D
syz-exec-1927 1...2 456411524us : 0: }D
syz-exec-1927 1...2 456411526us : 0: }D
syz-exec-1927 1...2 456411529us : 0: }D
syz-exec-1927 1...2 456411531us : 0: }D
syz-exec-1927 1...2 456411535us : 0: }D
syz-exec-1927 1...2 456411537us : 0: }D
syz-exec-1927 1...2 456411539us : 0: }D
syz-exec-1927 1...2 456411541us : 0: }D
syz-exec-1927 1...2 456411543us : 0: }D
syz-exec-1927 1...2 456411546us : 0: }D
syz-exec-1927 1...2 456411547us : 0: }D
syz-exec-1927 1...2 456411550us : 0: }D
syz-exec-1927 1...2 456411553us : 0: }D
syz-exec-1927 1...2 456411555us : 0: }D
syz-exec-1927 1...2 456411558us : 0: }D
syz-exec-1927 1...2 456411561us : 0: }D
syz-exec-1927 1...2 456411563us : 0: }D
syz-exec-1927 1...2 456411565us : 0: }D
syz-exec-1927 1...2 456411567us : 0: }D
syz-exec-1927 1...2 456411570us : 0: }D
syz-exec-1927 1...2 456411572us : 0: }D
syz-exec-1927 1...2 456411574us : 0: }D
syz-exec-1927 1...2 456411577us : 0: }D
syz-exec-1927 1...2 456411579us : 0: }D
syz-exec-1927 1...2 456411581us : 0: }D
syz-exec-1927 1...2 456411584us : 0: }D
syz-exec-1927 1...2 456411586us : 0: }D
syz-exec-1927 1...2 456411588us : 0: }D
syz-exec-1927 1...2 456411591us : 0: }D
syz-exec-1927 1...2 456411593us : 0: }D
syz-exec-1927 1...2 456411595us : 0: }D
syz-exec-1927 1...2 456411598us : 0: }D
syz-exec-1927 1...2 456411600us : 0: }D
syz-exec-1927 1...2 456411602us : 0: }D
syz-exec-1927 1...2 456411604us : 0: }D
syz-exec-1927 1...2 456411607us : 0: }D
syz-exec-1927 1...2 456411609us : 0: }D
syz-exec-1927 1...2 456411611us : 0: }D
syz-exec-1927 1...2 456411613us : 0: }D
syz-exec-1927 1...2 456411615us : 0: }D
syz-exec-1927 1...2 456411618us : 0: }D
syz-exec-1927 1...2 456411620us : 0: }D
syz-exec-1927 1.n.2 456411622us : 0: }D
syz-exec-1927 1.N.2 456411627us : 0: }D
syz-exec-1927 1...2 456411663us : 0: }D
syz-exec-1927 1...2 456411667us : 0: }D
syz-exec-1927 1...2 456411669us : 0: }D
syz-exec-1927 1...2 456411672us : 0: }D
syz-exec-1927 1...2 456411675us : 0: }D
syz-exec-1927 1...2 456411678us : 0: }D
syz-exec-1927 1...2 456411680us : 0: }D
syz-exec-1927 1...2 456411684us : 0: }D
syz-exec-1927 1...2 456411686us : 0: }D
syz-exec-1927 1...2 456411689us : 0: }D
syz-exec-1927 1...2 456411691us : 0: }D
syz-exec-1927 1...2 456411694us : 0: }D
syz-exec-1927 1...2 456411697us : 0: }D
syz-exec-1927 1...2 456411699us : 0: }D
syz-exec-1927 1...2 456411702us : 0: }D
syz-exec-1927 1...2 456411705us : 0: }D
syz-exec-1927 1...2 456411707us : 0: }D
syz-exec-1927 1...2 456411710us : 0: }D
syz-exec-1927 1...2 456411713us : 0: }D
syz-exec-1927 1...2 456411716us : 0: }D
syz-exec-1927 1...2 456411718us : 0: }D
syz-exec-1927 1...2 456411720us : 0: }D
syz-exec-1927 1...2 456411724us : 0: }D
syz-exec-1927 1...2 456411726us : 0: }D
syz-exec-1927 1...2 456411728us : 0: }D
syz-exec-1927 1...2 456411730us : 0: }D
syz-exec-1927 1...2 456411734us : 0: }D
syz-exec-1927 1...2 456411736us : 0: }D
syz-exec-1927 1...2 456411739us : 0: }D
syz-exec-1927 1...2 456411742us : 0: }D
syz-exec-1927 1...2 456411744us : 0: }D
syz-exec-1927 1...2 456411747us : 0: }D
syz-exec-1927 1...2 456411749us : 0: }D
syz-exec-1927 1...2 456411752us : 0: }D
syz-exec-1927 1...2 456411754us : 0: }D
syz-exec-1927 1...2 456411756us : 0: }D
syz-exec-1927 1...2 456411759us : 0: }D
syz-exec-1927 1...2 456411762us : 0: }D
syz-exec-1927 1...2 456411764us : 0: }D
syz-exec-1927 1...2 456411767us : 0: }D
syz-exec-1927 1...2 456411770us : 0: }D
syz-exec-1927 1...2 456411772us : 0: }D
syz-exec-1927 1...2 456411774us : 0: }D
syz-exec-1927 1...2 456411777us : 0: }D
syz-exec-1927 1...2 456411780us : 0: }D
syz-exec-1927 1...2 456411782us : 0: }D
syz-exec-1927 1...2 456411784us : 0: }D
syz-exec-1927 1...2 456411786us : 0: }D
syz-exec-1927 1...2 456411788us : 0: }D
syz-exec-1927 1...2 456411791us : 0: }D
syz-exec-1927 1.N.2 456411795us : 0: }D
syz-exec-1927 1...2 456411823us : 0: }D
syz-exec-1927 1...2 456411826us : 0: }D
syz-exec-1927 1...2 456411828us : 0: }D
syz-exec-1927 1...2 456411830us : 0: }D
syz-exec-1927 1...2 456411833us : 0: }D
syz-exec-1927 1...2 456411835us : 0: }D
syz-exec-1927 1...2 456411838us : 0: }D
syz-exec-1927 1.N.2 456411842us : 0: }D
syz-exec-1927 1...2 456411870us : 0: }D
syz-exec-1927 1...2 456411873us : 0: }D
syz-exec-1927 1...2 456411876us : 0: }D
syz-exec-1927 1...2 456411878us : 0: }D
syz-exec-1927 1...2 456411880us : 0: }D
syz-exec-1927 1...2 456411882us : 0: }D
syz-exec-1927 1...2 456411884us : 0: }D
syz-exec-1927 1...2 456411887us : 0: }D
syz-exec-1927 1...2 456411889us : 0: }D
syz-exec-1927 1...2 456411892us : 0: }D
syz-exec-1927 1...2 456411894us : 0: }D
syz-exec-1927 1...2 456411897us : 0: }D
syz-exec-1927 1...2 456411899us : 0: }D
syz-exec-1927 1...2 456411902us : 0: }D
syz-exec-1927 1...2 456411905us : 0: }D
syz-exec-1927 1...2 456411907us : 0: }D
syz-exec-1927 1...2 456411910us : 0: }D
syz-exec-1927 1...2 456411912us : 0: }D
syz-exec-1927 1...2 456411914us : 0: }D
syz-exec-1927 1...2 456411917us : 0: }D
syz-exec-1927 1...2 456411919us : 0: }D
syz-exec-1927 1...2 456411922us : 0: }D
syz-exec-1927 1...2 456411925us : 0: }D
syz-exec-1927 1...2 456411927us : 0: }D
syz-exec-1927 1...2 456411930us : 0: }D
syz-exec-1927 1...2 456411932us : 0: }D
syz-exec-1927 1...2 456411937us : 0: }D
syz-exec-1927 1...2 456411940us : 0: }D
syz-exec-1927 1...2 456411943us : 0: }D
syz-exec-1927 1...2 456411945us : 0: }D
syz-exec-1927 1...2 456411947us : 0: }D
syz-exec-1927 1...2 456411950us : 0: }D
syz-exec-1927 1...2 456411952us : 0: }D
syz-exec-1927 1...2 456411955us : 0: }D
syz-exec-1927 1...2 456411957us : 0: }D
syz-exec-1927 1.n.2 456411960us : 0: }D
syz-exec-1927 1...2 456411986us : 0: }D
syz-exec-1927 1...2 456411989us : 0: }D
syz-exec-1927 1...2 456411991us : 0: }D
syz-exec-1927 1...2 456411994us : 0: }D
syz-exec-1927 1...2 456411996us : 0: }D
syz-exec-1927 1...2 456411999us : 0: }D
syz-exec-1927 1...2 456412001us : 0: }D
syz-exec-1927 1...2 456412004us : 0: }D
syz-exec-1927 1...2 456412006us : 0: }D
syz-exec-1927 1...2 456412009us : 0: }D
syz-exec-1927 1...2 456412011us : 0: }D
syz-exec-1927 1...2 456412014us : 0: }D
syz-exec-1927 1...2 456412016us : 0: }D
syz-exec-1927 1...2 456412019us : 0: }D
syz-exec-1927 1...2 456412021us : 0: }D
syz-exec-1927 1...2 456412024us : 0: }D
syz-exec-1927 1...2 456412026us : 0: }D
syz-exec-1927 1...2 456412029us : 0: }D
syz-exec-1927 1...2 456412031us : 0: }D
syz-exec-1927 1...2 456412034us : 0: }D
syz-exec-1927 1...2 456412036us : 0: }D
syz-exec-1927 1...2 456412039us : 0: }D
syz-exec-1927 1...2 456412041us : 0: }D
syz-exec-1927 1...2 456412044us : 0: }D
syz-exec-1927 1...2 456412046us : 0: }D
syz-exec-1927 1...2 456412049us : 0: }D
syz-exec-1927 1...2 456412051us : 0: }D
syz-exec-1927 1...2 456412053us : 0: }D
syz-exec-1927 1...2 456412056us : 0: }D
syz-exec-1927 1...2 456412058us : 0: }D
syz-exec-1927 1...2 456412068us : 0: }D
syz-exec-1927 1...2 456412071us : 0: }D
syz-exec-1927 1...2 456412074us : 0: }D
syz-exec-1927 1...2 456412077us : 0: }D
syz-exec-1927 1...2 456412079us : 0: }D
syz-exec-1927 1...2 456412082us : 0: }D
syz-exec-1927 1...2 456412085us : 0: }D
syz-exec-1927 1...2 456412088us : 0: }D
syz-exec-1927 1...2 456412090us : 0: }D
syz-exec-1927 1...2 456412093us : 0: }D
syz-exec-1927 1...2 456412096us : 0: }D
syz-exec-1927 1...2 456412098us : 0: }D
syz-exec-1927 1...2 456412100us : 0: }D
syz-exec-1927 1...2 456412103us : 0: }D
syz-exec-1927 1...2 456412106us : 0: }D
syz-exec-1927 1...2 456412109us : 0: }D
syz-exec-1927 1...2 456412111us : 0: }D
syz-exec-1927 1...2 456412114us : 0: }D
syz-exec-1927 1...2 456412117us : 0: }D
syz-exec-1927 1...2 456412120us : 0: }D
syz-exec-1927 1...2 456412122us : 0: }D
syz-exec-1927 1...2 456412126us : 0: }D
syz-exec-1927 1...2 456412128us : 0: }D
syz-exec-1927 1...2 456412131us : 0: }D
syz-exec-1927 1...2 456412133us : 0: }D
syz-exec-1927 1...2 456412136us : 0: }D
syz-exec-1927 1...2 456412139us : 0: }D
syz-exec-1927 1...2 456412141us : 0: }D
syz-exec-1927 1...2 456412144us : 0: }D
syz-exec-1927 1...2 456412147us : 0: }D
syz-exec-1927 1...2 456412150us : 0: }D
syz-exec-1927 1...2 456412152us : 0: }D
syz-exec-1927 1...2 456412155us : 0: }D
syz-exec-1927 1...2 456412158us : 0: }D
syz-exec-1927 1...2 456412160us : 0: }D
syz-exec-1927 1...2 456412162us : 0: }D
syz-exec-1927 1...2 456412166us : 0: }D
syz-exec-1927 1...2 456412168us : 0: }D
syz-exec-1927 1...2 456412171us : 0: }D
syz-exec-1927 1...2 456412173us : 0: }D
syz-exec-1927 1...2 456412176us : 0: }D
syz-exec-1927 1...2 456412179us : 0: }D
syz-exec-1927 1...2 456412181us : 0: }D
syz-exec-1927 1...2 456412184us : 0: }D
syz-exec-1927 1...2 456412187us : 0: }D
syz-exec-1927 1...2 456412189us : 0: }D
syz-exec-1927 1...2 456412192us : 0: }D
syz-exec-1927 1...2 456412195us : 0: }D
syz-exec-1927 1...2 456412198us : 0: }D
syz-exec-1927 1...2 456412200us : 0: }D
syz-exec-1927 1...2 456412203us : 0: }D
syz-exec-1927 1...2 456412206us : 0: }D
syz-exec-1927 1...2 456412209us : 0: }D
syz-exec-1927 1...2 456412211us : 0: }D
syz-exec-1927 1...2 456412214us : 0: }D
syz-exec-1927 1...2 456412217us : 0: }D
syz-exec-1927 1...2 456412220us : 0: }D
syz-exec-1927 1...2 456412222us : 0: }D
syz-exec-1927 1...2 456412224us : 0: }D
syz-exec-1927 1...2 456412231us : 0: }D
syz-exec-1927 1...2 456412234us : 0: }D
syz-exec-1927 1...2 456412236us : 0: }D
syz-exec-1927 1...2 456412239us : 0: }D
syz-exec-1927 1...2 456412241us : 0: }D
syz-exec-1927 1...2 456412244us : 0: }D
syz-exec-1927 1...2 456412246us : 0: }D
syz-exec-1927 1...2 456412249us : 0: }D
syz-exec-1927 1...2 456412251us : 0: }D
syz-exec-1927 1...2 456412254us : 0: }D
syz-exec-1927 1...2 456412256us : 0: }D
syz-exec-1927 1...2 456412259us : 0: }D
syz-exec-1927 1...2 456412261us : 0: }D
syz-exec-1927 1...2 456412264us : 0: }D
syz-exec-1927 1...2 456412266us : 0: }D
syz-exec-1927 1...2 456412268us : 0: }D
syz-exec-1927 1...2 456412271us : 0: }D
syz-exec-1927 1...2 456412273us : 0: }D
syz-exec-1927 1...2 456412275us : 0: }D
syz-exec-1927 1...2 456412278us : 0: }D
syz-exec-1927 1...2 456412280us : 0: }D
syz-exec-1927 1...2 456412283us : 0: }D
syz-exec-1927 1...2 456412285us : 0: }D
syz-exec-1927 1...2 456412288us : 0: }D
syz-exec-1927 1...2 456412290us : 0: }D
syz-exec-1927 1...2 456412292us : 0: }D
syz-exec-1927 1...2 456412316us : 0: }D
syz-exec-1927 1.N.2 456412318us : 0: }D
syz-exec-1927 1...2 456420117us : 0: }D
syz-exec-1927 1...2 456420124us : 0: }D
syz-exec-1927 1...2 456420127us : 0: }D
syz-exec-1927 1...2 456420129us : 0: }D
syz-exec-1927 1...2 456420132us : 0: }D
syz-exec-1927 1...2 456420135us : 0: }D
syz-exec-1927 1...2 456420138us : 0: }D
syz-exec-1927 1...2 456420140us : 0: }D
syz-exec-1927 1...2 456420143us : 0: }D
syz-exec-1927 1...2 456420145us : 0: }D
syz-exec-1927 1...2 456420147us : 0: }D
syz-exec-1927 1...2 456420150us : 0: }D
syz-exec-1927 1...2 456420154us : 0: }D
syz-exec-1927 1...2 456420156us : 0: }D
syz-exec-1927 1...2 456420158us : 0: }D
syz-exec-1927 1...2 456420161us : 0: }D
syz-exec-1927 1...2 456420163us : 0: }D
syz-exec-1927 1...2 456420166us : 0: }D
syz-exec-1927 1...2 456420168us : 0: }D
syz-exec-1927 1...2 456420171us : 0: }D
syz-exec-1927 1...2 456420173us : 0: }D
syz-exec-1927 1...2 456420176us : 0: }D
syz-exec-1927 1...2 456420178us : 0: }D
syz-exec-1927 1...2 456420180us : 0: }D
syz-exec-1927 1...2 456420183us : 0: }D
syz-exec-1927 1...2 456420185us : 0: }D
syz-exec-1927 1...2 456420187us : 0: }D
syz-exec-1927 1...2 456420190us : 0: }D
syz-exec-1927 1...2 456420192us : 0: }D
syz-exec-1927 1...2 456420194us : 0: }D
syz-exec-1927 1...2 456420197us : 0: }D
syz-exec-1927 1...2 456420199us : 0: }D
syz-exec-1927 1...2 456420201us : 0: }D
syz-exec-1927 1...2 456420203us : 0: }D
syz-exec-1927 1...2 456420206us : 0: }D
syz-exec-1927 1...2 456420208us : 0: }D
syz-exec-1927 1...2 456420210us : 0: }D
syz-exec-1927 1...2 456420213us : 0: }D
syz-exec-1927 1...2 456420215us : 0: }D
syz-exec-1927 1...2 456420217us : 0: }D
syz-exec-1927 1...2 456420220us : 0: }D
syz-exec-1927 1...2 456420222us : 0: }D
syz-exec-1927 1...2 456420225us : 0: }D
syz-exec-1927 1...2 456420229us : 0: }D
syz-exec-1927 1...2 456420232us : 0: }D
syz-exec-1927 1...2 456420234us : 0: }D
syz-exec-1927 1...2 456420237us : 0: }D
syz-exec-1927 1...2 456420239us : 0: }D
syz-exec-1927 1...2 456420242us : 0: }D
syz-exec-1927 1...2 456420244us : 0: }D
syz-exec-1927 1...2 456420246us : 0: }D
syz-exec-1927 1...2 456420248us : 0: }D
syz-exec-1927 1...2 456420251us : 0: }D
syz-exec-1927 1...2 456420253us : 0: }D
syz-exec-1927 1...2 456420256us : 0: }D
syz-exec-1927 1...2 456420258us : 0: }D
syz-exec-1927 1...2 456420261us : 0: }D
syz-exec-1927 1...2 456420263us : 0: }D
syz-exec-1927 1...2 456420266us : 0: }D
syz-exec-1927 1...2 456420268us : 0: }D
syz-exec-1927 1...2 456420271us : 0: }D
syz-exec-1927 1...2 456420273us : 0: }D
syz-exec-1927 1...2 456420275us : 0: }D
syz-exec-1927 1...2 456420277us : 0: }D
syz-exec-1927 1...2 456420280us : 0: }D
syz-exec-1927 1...2 456420282us : 0: }D
syz-exec-1927 1...2 456420284us : 0: }D
syz-exec-1927 1...2 456420287us : 0: }D
syz-exec-1927 1...2 456420289us : 0: }D
syz-exec-1927 1...2 456420291us : 0: }D
syz-exec-1927 1.N.2 456420320us : 0: }D
---------------------------------
CR2: ffff8801a01161c8
---[ end trace aff300a6d2e8bea0 ]---
BUG: unable to handle kernel paging request at ffffffff8c3a5a30
PGD 8e6d067
RIP: 0010:__hlist_del include/linux/list.h:651 [inline]
RIP: 0010:detach_timer kernel/time/timer.c:817 [inline]
RIP: 0010:expire_timers kernel/time/timer.c:1353 [inline]
RIP: 0010:__run_timers+0x650/0xc70 kernel/time/timer.c:1666
P4D 8e6d067
Code:
PUD 8e6e063
04
PMD 0
38
f8
Oops: 0000 [#2] SMP KASAN
4d 85
CPU: 0 PID: 2299 Comm: jbd2/sda1-8 Tainted: G D 4.18.0-rc3+
#45
ed
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
74
RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:201
26 e8
Code:
dd
e8
7e
65
12
30
00
47
49
fe
8d 7d
e9
08
b3
48
fd
8b
ff
95
ff
58
e8
fd
5b
ff
30
ff
47
48
fe
89
e9
f8
55
48
fd
c1
ff
e8
ff
03
90
42
90
80
90
3c
90
38
90
00
90
0f
89
85
f8
1c
c1
05
ef
00
11
00
25
<49>
ff
89
ff
55
1f
08
00
e8
81
b7
e7
7e 12
f0
00
3f
4c
00
89
00 <48>
e0
03
48
3c
c1
c5
e8
60
03
09
42
43
80
8b
3c
8b
38
47
00
0c
0f
48
83
RSP: 0018:ffff8801daf07980 EFLAGS: 00010046
c7
18
RAX: 1ffff10034022c39 RBX: ffff8801a23ae140 RCX: 1ffff1003b5e0f79
c7
RDX: ffff8801daf07bc8 RSI: ffffffff81698cf3 RDI: ffff8801a01161c8
46
RBP: ffff8801daf07c70 R08: ffff8801d65dc2c0 R09: fffffbfff1585971
10
R10: fffffbfff1585971 R11: ffffffff8ac2cb8b R12: ffff8801a23ae148
00
R13: ffff8801a01161c0 R14: ffff8801daf07c48 R15: dffffc0000000000
00
FS: 00007fecdf050700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
00
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
00
CR2: ffff8801a01161c8 CR3: 0000000008e6a000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
RSP: 0018:ffff8801cc26ec90 EFLAGS: 00010002
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Dmitry Vyukov
Jul 5, 2018, 12:16:33 PM7/5/18
to syzbot, 'Dmitry Vyukov' via syzkaller-upstream-moderation
Actually dup of upstream-reported "KASAN: stack-out-of-bounds Read in
timerqueue_add". But I will dedup them in moderation to not spam
upstream:
#syz dup: BUG: unable to handle kernel paging request in ttwu_do_activate
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-upstream-moderation/000000000000f9d5f205702f5844%40google.com.
> For more options, visit https://groups.google.com/d/optout.
timerqueue_add". But I will dedup them in moderation to not spam
upstream:
#syz dup: BUG: unable to handle kernel paging request in ttwu_do_activate
> You received this message because you are subscribed to the Google Groups
> "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-upstream-moderation/000000000000f9d5f205702f5844%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages