syzbot

 sign-in | mailing list | source | docs
🐞 Open [1167] 🐞 Fixed [4299] 🐞 Invalid [9646] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

kernel BUG in find_lock_entries

Status: fixed on 2022/03/08 16:11
Reported-by: syzbot+c87be4f669d920c76330@syzkaller.appspotmail.com
Fix commit: d417b49fff3e mm/filemap.c: remove bogus VM_BUG_ON
First crash: 542d, last: 375d

Cause bisection: introduced by (bisect log) :
commit 997acaf6b4b59c6a9c259740312a69ea549cc684
Author: Mark Rutland <mark.rutland@arm.com>
Date: Mon Jan 11 15:37:07 2021 +0000

  lockdep: report broken irq restoration

Crash: WARNING in kvm_wait (log)
Repro: C syz .config
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in __filemap_get_folio C done 814 113d 284d 23/24 upstream: reported C repro on 2022/04/20 15:54
upstream kernel BUG at mm/filemap.c:LINE! (2) 1 805d 801d 0/24 auto-closed as invalid on 2021/03/15 06:14
android-44 kernel BUG at mm/filemap.c:LINE! C 1082 1614d 1389d 0/2 public: reported C repro on 2019/04/11 08:44
upstream kernel BUG at mm/filemap.c:LINE! 1 1435d 1434d 0/24 auto-closed as invalid on 2019/08/24 03:17
Last patch testing requests:
Created Duration User Patch Repo Result
2021/08/12 08:04 35m chouhan.shreyansh630@gmail.com upstream report log

Sample crash report:
 __pagevec_release+0x7d/0xf0 mm/swap.c:992
 pagevec_release include/linux/pagevec.h:81 [inline]
 shmem_undo_range+0x5da/0x1a60 mm/shmem.c:931
 shmem_truncate_range mm/shmem.c:1030 [inline]
 shmem_setattr+0x4f0/0x890 mm/shmem.c:1091
 notify_change+0xbb8/0x1060 fs/attr.c:398
 do_truncate fs/open.c:64 [inline]
 vfs_truncate+0x6be/0x880 fs/open.c:112
 do_sys_truncate fs/open.c:135 [inline]
 __do_sys_truncate fs/open.c:147 [inline]
 __se_sys_truncate fs/open.c:145 [inline]
 __x64_sys_truncate+0x110/0x1b0 fs/open.c:145
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
------------[ cut here ]------------
kernel BUG at mm/filemap.c:2041!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 24786 Comm: syz-executor626 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:find_lock_entries+0x10d5/0x1110 mm/filemap.c:2041
Code: e8 00 3d d8 ff 4c 89 e7 48 c7 c6 20 70 39 8a e8 71 bf 0d 00 0f 0b e8 ea 3c d8 ff 4c 89 e7 48 c7 c6 40 62 39 8a e8 5b bf 0d 00 <0f> 0b e8 d4 3c d8 ff 4c 89 e7 48 c7 c6 80 6a 39 8a e8 45 bf 0d 00
RSP: 0018:ffffc9000a52f7e0 EFLAGS: 00010246
RAX: c75c992acedb0700 RBX: 0000000000000001 RCX: ffff8880161ab880
RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff
RBP: ffffc9000a52f930 R08: ffffffff81d080d4 R09: ffffed1017383f24
R10: ffffed1017383f24 R11: 0000000000000000 R12: ffffea0000f40000
R13: 0000000000001000 R14: fffffffffffffffe R15: 0000000000001140
FS:  00007f1334d1f700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007faaa593a000 CR3: 00000000165b1000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 shmem_undo_range+0x1ea/0x1a60 mm/shmem.c:910
 shmem_truncate_range mm/shmem.c:1030 [inline]
 shmem_setattr+0x4f0/0x890 mm/shmem.c:1091
 notify_change+0xbb8/0x1060 fs/attr.c:398
 do_truncate fs/open.c:64 [inline]
 vfs_truncate+0x6be/0x880 fs/open.c:112
 do_sys_truncate fs/open.c:135 [inline]
 __do_sys_truncate fs/open.c:147 [inline]
 __se_sys_truncate fs/open.c:145 [inline]
 __x64_sys_truncate+0x110/0x1b0 fs/open.c:145
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x44a9a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1334d1f208 EFLAGS: 00000246 ORIG_RAX: 000000000000004c
RAX: ffffffffffffffda RBX: 00000000004cb4f8 RCX: 000000000044a9a9
RDX: 00007f1334d1f700 RSI: 0000000000000001 RDI: 0000000020000340
RBP: 00000000004cb4f0 R08: 00007f1334d1f700 R09: 0000000000000000
R10: 00007f1334d1f700 R11: 0000000000000246 R12: 00000000004cb4fc
R13: 00007ffdec06b36f R14: 00007f1334d1f300 R15: 0000000000022000
Modules linked in:
---[ end trace 4dcd0c81778c7d51 ]---
RIP: 0010:find_lock_entries+0x10d5/0x1110 mm/filemap.c:2041
Code: e8 00 3d d8 ff 4c 89 e7 48 c7 c6 20 70 39 8a e8 71 bf 0d 00 0f 0b e8 ea 3c d8 ff 4c 89 e7 48 c7 c6 40 62 39 8a e8 5b bf 0d 00 <0f> 0b e8 d4 3c d8 ff 4c 89 e7 48 c7 c6 80 6a 39 8a e8 45 bf 0d 00
RSP: 0018:ffffc9000a52f7e0 EFLAGS: 00010246
RAX: c75c992acedb0700 RBX: 0000000000000001 RCX: ffff8880161ab880
RDX: 0000000000000000 RSI: 000000000000ffff RDI: 000000000000ffff
RBP: ffffc9000a52f930 R08: ffffffff81d080d4 R09: ffffed1017383f24
R10: ffffed1017383f24 R11: 0000000000000000 R12: ffffea0000f40000
R13: 0000000000001000 R14: fffffffffffffffe R15: 0000000000001140
FS:  00007f1334d1f700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557a29364160 CR3: 00000000165b1000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (10):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-smack-root 2021/08/06 03:25 upstream 902e7f373fff d2d6e680 .config console log report syz C kernel BUG in find_lock_entries
ci-upstream-kasan-gce-smack-root 2021/12/23 06:39 upstream 3f066e882bf1 6caa12e4 .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-smack-root 2021/10/30 19:38 upstream 119c85055d86 098b5d53 .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-selinux-root 2021/10/21 19:14 upstream 2f111a6fd5b5 c5cb7da8 .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-root 2021/09/30 20:39 upstream 02d5e016800d 1d849ab4 .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-root 2021/09/27 10:06 upstream 5816b3e6577e 78494d16 .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-selinux-root 2021/09/10 12:59 upstream bf9f243f23e6 5ae8508a .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-root 2021/08/26 11:58 upstream 73f3af7b4611 b599f2fc .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-smack-root 2021/08/05 20:56 upstream 902e7f373fff d2d6e680 .config console log report info kernel BUG in find_lock_entries
ci-upstream-kasan-gce-root 2022/01/19 16:10 upstream e9f5cbc0c851 0620189b .config console log report info kernel BUG in __filemap_get_folio
* Struck through repros no longer work on HEAD.