| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-49 | WARNING in __lock_acquire | 1 | 2571d | 2571d | 0/3 | auto-closed as invalid on 2019/02/22 13:09 |
syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| android-49 | WARNING in __lock_acquire | 1 | 2571d | 2571d | 0/3 | auto-closed as invalid on 2019/02/22 13:09 |
================================================================== ------------[ cut here ]------------ WARNING: CPU: 1 PID: 4085 at kernel/locking/lockdep.c:3190 __lock_acquire+0x23b3/0x4b50 kernel/locking/lockdep.c:3190() DEBUG_LOCKS_WARN_ON(id >= MAX_LOCKDEP_KEYS) Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 4085 Comm: syzkaller160734 Not tainted 4.4.107-g79f138a #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 fac66347bd2b1d29 ffff8800b6a470c0 ffffffff81d03a1d ffffffff838429a0 ffff8800b6a47198 ffffffff83854820 0000000000000009 0000000000000c76 ffff8800b6a47188 ffffffff81416dca 0000000041b58ab3 Call Trace: [<ffffffff81d03a1d>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d03a1d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [<ffffffff81416dca>] panic+0x1aa/0x388 kernel/panic.c:112 [<ffffffff8112ad95>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455 [<ffffffff8112ae71>] warn_slowpath_fmt+0xc1/0x110 kernel/panic.c:471 [<ffffffff812361f3>] __lock_acquire+0x23b3/0x4b50 kernel/locking/lockdep.c:3190 [<ffffffff8123a1fe>] lock_acquire+0x15e/0x460 kernel/locking/lockdep.c:3592 [<ffffffff8376f89e>] __raw_write_lock_irqsave include/linux/rwlock_api_smp.h:186 [inline] [<ffffffff8376f89e>] _raw_write_lock_irqsave+0x4e/0x70 kernel/locking/spinlock.c:303 [<ffffffff825b46c9>] sg_remove_request+0x69/0x110 drivers/scsi/sg.c:2132 [<ffffffff825b4cd5>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1848 [<ffffffff825b6b11>] sg_read+0xa21/0x1490 drivers/scsi/sg.c:538 [<ffffffff810002b8>] ? 0xffffffff810002b8 [<ffffffff8151a8e1>] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680 [<ffffffff8151cc3d>] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810 [<ffffffff8151cdb8>] vfs_readv+0x78/0xb0 fs/read_write.c:834 [<ffffffff815b863a>] kernel_readv fs/splice.c:586 [inline] [<ffffffff815b863a>] default_file_splice_read+0x4fa/0x8e0 fs/splice.c:662 [<ffffffff815b4365>] do_splice_to+0xf5/0x140 fs/splice.c:1154 [<ffffffff815ba599>] do_splice fs/splice.c:1427 [inline] [<ffffffff815ba599>] SYSC_splice fs/splice.c:1707 [inline] [<ffffffff815ba599>] SyS_splice+0x1009/0x14b0 fs/splice.c:1690 [<ffffffff81006d84>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline] [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457 [<ffffffff83771357>] sysenter_flags_fixed+0xd/0x17 BUG: KASAN: out-of-bounds in list_empty include/linux/list.h:189 [inline] BUG: KASAN: out-of-bounds in sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2130 Read of size 8 at addr ffff8801d5993740 by task syzkaller160734/4073 CPU: 0 PID: 4073 Comm: syzkaller160734 Not tainted 4.4.107-g79f138a #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 0000000000000000 847e5af13f711d75 ffff8801ccf27480 ffffffff81d03a1d ffffea00075664c0 ffff8801d5993740 0000000000000000 ffff8801d5993748 ffff8800b57a4438 ffff8801ccf274b8 ffffffff814fb0c3 ffff8801d5993740 Call Trace: [<ffffffff81d03a1d>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d03a1d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51 [<ffffffff814fb0c3>] print_address_description+0x73/0x260 mm/kasan/report.c:252 [<ffffffff814fb5d5>] kasan_report_error mm/kasan/report.c:351 [inline] [<ffffffff814fb5d5>] kasan_report+0x285/0x370 mm/kasan/report.c:408 [<ffffffff814fb734>] __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:429 [<ffffffff825b4759>] list_empty include/linux/list.h:189 [inline] [<ffffffff825b4759>] sg_remove_request+0xf9/0x110 drivers/scsi/sg.c:2130 [<ffffffff825b4cd5>] sg_finish_rem_req+0x295/0x340 drivers/scsi/sg.c:1848 [<ffffffff825b6b11>] sg_read+0xa21/0x1490 drivers/scsi/sg.c:538 [<ffffffff810002b8>] ? 0xffffffff810002b8 [<ffffffff8151a8e1>] do_loop_readv_writev+0x141/0x1e0 fs/read_write.c:680 [<ffffffff8151cc3d>] do_readv_writev+0x5dd/0x6e0 fs/read_write.c:810 [<ffffffff8151cdb8>] vfs_readv+0x78/0xb0 fs/read_write.c:834 [<ffffffff815b863a>] kernel_readv fs/splice.c:586 [inline] [<ffffffff815b863a>] default_file_splice_read+0x4fa/0x8e0 fs/splice.c:662 [<ffffffff815b4365>] do_splice_to+0xf5/0x140 fs/splice.c:1154 [<ffffffff815ba599>] do_splice fs/splice.c:1427 [inline] [<ffffffff815ba599>] SYSC_splice fs/splice.c:1707 [inline] [<ffffffff815ba599>] SyS_splice+0x1009/0x14b0 fs/splice.c:1690 [<ffffffff81006d84>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline] [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457 [<ffffffff83771357>] sysenter_flags_fixed+0xd/0x17 Allocated by task 4082: [<ffffffff81035c86>] save_stack_trace+0x26/0x50 arch/x86/kernel/stacktrace.c:63 [<ffffffff814fa133>] save_stack+0x43/0xd0 mm/kasan/kasan.c:512 [<ffffffff814fa3fd>] set_track mm/kasan/kasan.c:524 [inline] [<ffffffff814fa3fd>] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:616 [<ffffffff814fa9d2>] kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:554 [<ffffffff814f60da>] slab_post_alloc_hook mm/slub.c:1349 [inline] [<ffffffff814f60da>] slab_alloc_node mm/slub.c:2615 [inline] [<ffffffff814f60da>] slab_alloc mm/slub.c:2623 [inline] [<ffffffff814f60da>] kmem_cache_alloc+0xba/0x290 mm/slub.c:2628 [<ffffffff81556aa7>] fasync_alloc fs/fcntl.c:603 [inline] [<ffffffff81556aa7>] fasync_add_entry fs/fcntl.c:661 [inline] [<ffffffff81556aa7>] fasync_helper+0x37/0xb0 fs/fcntl.c:690 [<ffffffff825b33e6>] sg_fasync+0x86/0xb0 drivers/scsi/sg.c:1213 [<ffffffff81558121>] ioctl_fioasync fs/ioctl.c:511 [inline] [<ffffffff81558121>] do_vfs_ioctl+0x981/0xee0 fs/ioctl.c:576 [<ffffffff8161cf1e>] C_SYSC_ioctl fs/compat_ioctl.c:1614 [inline] [<ffffffff8161cf1e>] compat_SyS_ioctl+0x64e/0x2540 fs/compat_ioctl.c:1544 [<ffffffff81006d84>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline] [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457 [<ffffffff83771357>] sysenter_flags_fixed+0xd/0x17 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8801d5993700 which belongs to the cache fasync_cache of size 96 The buggy address is located 64 bytes inside of 96-byte region [ffff8801d5993700, ffff8801d5993760) The buggy address belongs to the page: Shutting down cpus with NMI Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2017/12/20 17:12 | https://android.googlesource.com/kernel/common android-4.4 | 79f138ac8c95 | 90a46995 | .config | console log | report | syz | C | ci-android-44-kasan-gce-386 | |||
| 2017/12/19 14:53 | https://android.googlesource.com/kernel/common android-4.4 | 170051828437 | af9163c7 | .config | console log | report | ci-android-44-kasan-gce-386 | |||||
| 2017/12/16 13:30 | https://android.googlesource.com/kernel/common android-4.4 | dcfa5fe36a67 | b6f0c91b | .config | console log | report | ci-android-44-kasan-gce |