Hello,
syzbot found the following crash on:
HEAD commit: 5f5c1657 UPSTREAM: virt_wifi: Remove REGULATORY_WIPHY_SELF..
git tree: android-4.9
console output:
https://syzkaller.appspot.com/x/log.txt?x=1540704b200000
kernel config:
https://syzkaller.appspot.com/x/.config?x=a99a3470ebe9a85e
dashboard link:
https://syzkaller.appspot.com/bug?extid=dea3831bfc5dae8a83d9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=140ee52f200000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=102ebc73200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+dea383...@syzkaller.appspotmail.com
random: crng init done
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2060 at fs/buffer.c:1197 __brelse fs/buffer.c:1197
[inline]
WARNING: CPU: 0 PID: 2060 at fs/buffer.c:1197 __brelse+0x6c/0x80
fs/buffer.c:1191
VFS: brelse: Trying to free free buffer
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 2060 Comm: syz-executor543 Not tainted 4.9.166+ #35
ffff8801cedaf8b0 ffffffff81b4ef81 ffff8801cedafa00 ffffffff82a39ba0
00000000ffffffff 0000000000000000 0000000000000009 ffff8801cedaf990
ffffffff813f91aa 0000000041b58ab3 ffffffff82e2ec1a ffffffff813f8fd1
Call Trace:
[<00000000034285cb>] __dump_stack lib/dump_stack.c:15 [inline]
[<00000000034285cb>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<0000000027e5214a>] panic+0x1d9/0x3bd kernel/panic.c:180
[<00000000fc65cc8a>] __warn.cold+0x2f/0x2f kernel/panic.c:546
[<00000000370e8802>] warn_slowpath_fmt+0xc2/0x100 kernel/panic.c:569
[<00000000f6ca6260>] __brelse fs/buffer.c:1197 [inline]
[<00000000f6ca6260>] __brelse+0x6c/0x80 fs/buffer.c:1191
[<000000001bf99807>] brelse include/linux/buffer_head.h:288 [inline]
[<000000001bf99807>] ext4_ind_remove_space+0xfa3/0x13e0
fs/ext4/indirect.c:1390
[<00000000017d29df>] ext4_punch_hole+0xb28/0x1000 fs/ext4/inode.c:4104
[<0000000043d49354>] ext4_fallocate+0x34e/0x2070 fs/ext4/extents.c:4951
[<000000006e11dd45>] vfs_fallocate+0x407/0x6a0 fs/open.c:329
[<00000000daca6fc8>] SYSC_fallocate fs/open.c:352 [inline]
[<00000000daca6fc8>] SyS_fallocate+0x52/0x90 fs/open.c:346
[<000000000200ae04>] do_syscall_64+0x1ad/0x570 arch/x86/entry/common.c:285
[<00000000ad22cc6b>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Kernel Offset: disabled