WARNING in kmalloc_slab (5)
7 views
Skip to first unread message
syzbot
Apr 3, 2018, 11:01:05 AM4/3/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot hit the following crash on upstream commit
86bbbebac1933e6e95e8234c4f7d220c5ddd38bc (Mon Apr 2 18:47:07 2018 +0000)
Merge branch 'ras-core-for-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=e523187f968b279cd1f0
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5988868499177472
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6801295859785128502
compiler: gcc (GCC) 7.1.1 20170620
CC: [gre...@linuxfoundation.org kste...@linuxfoundation.org
linux-...@vger.kernel.org linu...@kvack.org pombr...@nexb.com
tg...@linutronix.de]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e52318...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
CPU: 1 PID: 17814 Comm: syz-executor3 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1a7/0x27d lib/dump_stack.c:53
WARNING: CPU: 0 PID: 17813 at mm/slab_common.c:1012 kmalloc_slab+0x5d/0x70
mm/slab_common.c:1012
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x914/0xae0 lib/fault-inject.c:149
Kernel panic - not syncing: panic_on_warn set ...
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3366 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3540
kmem_cache_zalloc include/linux/slab.h:691 [inline]
get_empty_filp+0xfb/0x510 fs/file_table.c:122
alloc_file+0x26/0x390 fs/file_table.c:163
__shmem_file_setup+0x54f/0x6a0 mm/shmem.c:4239
shmem_file_setup mm/shmem.c:4276 [inline]
SYSC_memfd_create mm/shmem.c:3736 [inline]
SyS_memfd_create+0x3ba/0x4c0 mm/shmem.c:3679
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4552d9
RSP: 002b:00007f346514cbb8 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004552d9
RDX: 0000000020000218 RSI: 0000000000000000 RDI: 00000000004ba0e5
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000002000000 R11: 0000000000000246 R12: 0000000000000014
R13: 0000000000000662 R14: 00000000006fc9d0 R15: 0000000000000003
CPU: 0 PID: 17813 Comm: syz-executor0 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1a7/0x27d lib/dump_stack.c:53
panic+0x1f8/0x42c kernel/panic.c:183
__warn+0x1dc/0x200 kernel/panic.c:547
BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
report_bug+0x1f4/0x2b0 lib/bug.c:186
fixup_bug.part.10+0x37/0x80 arch/x86/kernel/traps.c:178
fixup_bug arch/x86/kernel/traps.c:247 [inline]
do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
BFS-fs: bfs_fill_super(): Superblock is corrupted
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:986
RIP: 0010:kmalloc_slab+0x5d/0x70 mm/slab_common.c:1012
RSP: 0018:ffff88018d637908 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8801be761004 RCX: ffffffff820964ba
RDX: 1ffff1003a59d624 RSI: 0000000000000000 RDI: 0000000000800000
RBP: ffff88018d637908 R08: ffffed003b604f99 R09: ffffed003b604f99
R10: 0000000000000001 R11: ffffed003b604f98 R12: 00000000007fffff
R13: ffff8801be761000 R14: 00000000014080c0 R15: ffff88018cf8c400
__do_kmalloc mm/slab.c:3701 [inline]
__kmalloc+0x25/0x760 mm/slab.c:3715
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kmalloc include/linux/slab.h:517 [inline]
kzalloc include/linux/slab.h:701 [inline]
bfs_fill_super+0x3d3/0xea0 fs/bfs/inode.c:362
mount_bdev+0x2b7/0x370 fs/super.c:1119
bfs_mount+0x34/0x40 fs/bfs/inode.c:465
mount_fs+0x66/0x2d0 fs/super.c:1222
vfs_kern_mount.part.26+0xc6/0x4a0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:2509 [inline]
do_new_mount fs/namespace.c:2512 [inline]
do_mount+0xea4/0x2bb0 fs/namespace.c:2842
SYSC_mount fs/namespace.c:3058 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3035
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457d0a
RSP: 002b:00007fa164808bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457d0a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa164808c00
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
R13: 0000000000000662 R14: 00000000006fc9d0 R15: 0000000000000000
CPU: 1 PID: 17834 Comm: syz-executor3 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1a7/0x27d lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x914/0xae0 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3366 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3540
getname_flags+0xcb/0x580 fs/namei.c:138
getname+0x19/0x20 fs/namei.c:209
do_sys_open+0x2e7/0x6d0 fs/open.c:1053
SYSC_open fs/open.c:1077 [inline]
SyS_open+0x2d/0x40 fs/open.c:1072
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x40f531
RSP: 002b:00007f346514cbb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 000000000040f531
RDX: 00007f346514cc0a RSI: 0000000000000002 RDI: 00007f346514cc00
RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000015
R13: 0000000000000662 R14: 00000000006fc9d0 R15: 0000000000000004
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
syzbot hit the following crash on upstream commit
86bbbebac1933e6e95e8234c4f7d220c5ddd38bc (Mon Apr 2 18:47:07 2018 +0000)
Merge branch 'ras-core-for-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=e523187f968b279cd1f0
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5988868499177472
Kernel config:
https://syzkaller.appspot.com/x/.config?id=6801295859785128502
compiler: gcc (GCC) 7.1.1 20170620
CC: [gre...@linuxfoundation.org kste...@linuxfoundation.org
linux-...@vger.kernel.org linu...@kvack.org pombr...@nexb.com
tg...@linutronix.de]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e52318...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
CPU: 1 PID: 17814 Comm: syz-executor3 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1a7/0x27d lib/dump_stack.c:53
WARNING: CPU: 0 PID: 17813 at mm/slab_common.c:1012 kmalloc_slab+0x5d/0x70
mm/slab_common.c:1012
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x914/0xae0 lib/fault-inject.c:149
Kernel panic - not syncing: panic_on_warn set ...
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3366 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3540
kmem_cache_zalloc include/linux/slab.h:691 [inline]
get_empty_filp+0xfb/0x510 fs/file_table.c:122
alloc_file+0x26/0x390 fs/file_table.c:163
__shmem_file_setup+0x54f/0x6a0 mm/shmem.c:4239
shmem_file_setup mm/shmem.c:4276 [inline]
SYSC_memfd_create mm/shmem.c:3736 [inline]
SyS_memfd_create+0x3ba/0x4c0 mm/shmem.c:3679
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4552d9
RSP: 002b:00007f346514cbb8 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004552d9
RDX: 0000000020000218 RSI: 0000000000000000 RDI: 00000000004ba0e5
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000002000000 R11: 0000000000000246 R12: 0000000000000014
R13: 0000000000000662 R14: 00000000006fc9d0 R15: 0000000000000003
CPU: 0 PID: 17813 Comm: syz-executor0 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1a7/0x27d lib/dump_stack.c:53
panic+0x1f8/0x42c kernel/panic.c:183
__warn+0x1dc/0x200 kernel/panic.c:547
BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
report_bug+0x1f4/0x2b0 lib/bug.c:186
fixup_bug.part.10+0x37/0x80 arch/x86/kernel/traps.c:178
fixup_bug arch/x86/kernel/traps.c:247 [inline]
do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
BFS-fs: bfs_fill_super(): Superblock is corrupted
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:986
RIP: 0010:kmalloc_slab+0x5d/0x70 mm/slab_common.c:1012
RSP: 0018:ffff88018d637908 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8801be761004 RCX: ffffffff820964ba
RDX: 1ffff1003a59d624 RSI: 0000000000000000 RDI: 0000000000800000
RBP: ffff88018d637908 R08: ffffed003b604f99 R09: ffffed003b604f99
R10: 0000000000000001 R11: ffffed003b604f98 R12: 00000000007fffff
R13: ffff8801be761000 R14: 00000000014080c0 R15: ffff88018cf8c400
__do_kmalloc mm/slab.c:3701 [inline]
__kmalloc+0x25/0x760 mm/slab.c:3715
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kmalloc include/linux/slab.h:517 [inline]
kzalloc include/linux/slab.h:701 [inline]
bfs_fill_super+0x3d3/0xea0 fs/bfs/inode.c:362
mount_bdev+0x2b7/0x370 fs/super.c:1119
bfs_mount+0x34/0x40 fs/bfs/inode.c:465
mount_fs+0x66/0x2d0 fs/super.c:1222
vfs_kern_mount.part.26+0xc6/0x4a0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:2509 [inline]
do_new_mount fs/namespace.c:2512 [inline]
do_mount+0xea4/0x2bb0 fs/namespace.c:2842
SYSC_mount fs/namespace.c:3058 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3035
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x457d0a
RSP: 002b:00007fa164808bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457d0a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fa164808c00
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
R13: 0000000000000662 R14: 00000000006fc9d0 R15: 0000000000000000
CPU: 1 PID: 17834 Comm: syz-executor3 Not tainted 4.16.0+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x1a7/0x27d lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail+0x914/0xae0 lib/fault-inject.c:149
should_failslab+0xec/0x120 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:422 [inline]
slab_alloc mm/slab.c:3366 [inline]
kmem_cache_alloc+0x47/0x760 mm/slab.c:3540
getname_flags+0xcb/0x580 fs/namei.c:138
getname+0x19/0x20 fs/namei.c:209
do_sys_open+0x2e7/0x6d0 fs/open.c:1053
SYSC_open fs/open.c:1077 [inline]
SyS_open+0x2d/0x40 fs/open.c:1072
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x40f531
RSP: 002b:00007f346514cbb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 000000000040f531
RDX: 00007f346514cc0a RSI: 0000000000000002 RDI: 00007f346514cc00
RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a
R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000015
R13: 0000000000000662 R14: 00000000006fc9d0 R15: 0000000000000004
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
Dmitry Vyukov
Apr 9, 2018, 8:26:03 AM4/9/18
to syzbot, 'Dmitry Vyukov' via syzkaller-upstream-moderation
Now should be marked as corrupted:
https://github.com/google/syzkaller/commit/3fdee3b0057fc61eb4cea14173183877c343f193
#syz invalid
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-upstream-moderation/001a1140ccc4a356e50568f2f93c%40google.com.
> For more options, visit https://groups.google.com/d/optout.
https://github.com/google/syzkaller/commit/3fdee3b0057fc61eb4cea14173183877c343f193
#syz invalid
> You received this message because you are subscribed to the Google Groups
> "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-upstream-moderation/001a1140ccc4a356e50568f2f93c%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages