syzbot


[upstream] kernel BUG at fs/inode.c:LINE!
Status: upstream: reported C repro on 2018/12/17 06:11
Reported-by: syzbot+5399ed0832693e29f392@syzkaller.appspotmail.com
First crash: 93d, last: 93d

Bisection: the first bad commit could be any of (bisect log):

  cd4f2a66 lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk
  df3f18d3 fls: change parameter to unsigned int
  9067c8d5 lib/find_bit_benchmark.c: align test_find_next_and_bit with others
  c2824829 include/linux/printk.h: drop silly "static inline asmlinkage" from dump_stack()
  26e88a47 checkpatch: warn on const char foo[] = "bar"; declarations
  e98eceb8 drivers/dma-buf/udmabuf.c: convert to use vm_fault_t
  5b6bf71d build_bug.h: remove most of dummy BUILD_BUG_ON stubs for Sparse
  f34c9474 fs/epoll: remove max_nests argument from ep_call_nested()
  56f6c16e build_bug.h: remove negative-array fallback for BUILD_BUG_ON()
  cd2f11e6 fs/epoll: simplify ep_send_events_proc() ready-list loop
  74a37b90 Documentation/process/coding-style.rst: don't use "extern" with function prototypes
  ab1909a8 fs/epoll: drop ovflist branch prediction
  499aeb57 proc/sysctl: fix return error for proc_doulongvec_minmax()
  b7fa8017 fs/epoll: robustify ep->mtx held checks
  d877fd09 fs/proc/base.c: slightly faster /proc/*/limits
  f2c37862 fs/epoll: reduce the scope of wq lock in epoll_wait()
  860705c8 fs-epoll-reduce-the-scope-of-wq-lock-in-epoll_wait-fix
  c62975fb fs/proc/inode.c: delete unnecessary variable in proc_alloc_inode()
  9460069d fs/proc/util.c: include fs/proc/internal.h for name_to_int()
  ea5f967a fs/epoll: avoid barrier after an epoll_wait(2) timeout
  b61909d2 fs-epoll-avoid-barrier-after-an-epoll_wait2-timeout-fix
  c768eca0 fs/proc/base.c: use ns_capable instead of capable for timerslack_ns
  81553cde fs/epoll: rename check_events label to send_events
  b6af7800 fs/buffer.c: add debug print for __getblk_gfp() stall problem
  11193e16 mm/page_owner: align with pageblock_nr pages
  349afd96 fs/epoll: deal with wait_queue only once
  393af37c fs-epoll-deal-with-wait_queue-only-once-fix
  c20187bf mm/page_owner: align with pageblock_nr_pages
  20fbef31 mm: don't expose page to fast gup before it's ready
  ad4f37b8 init/main.c: make "initcall_level_names[]" const char *
  0bcbe611 autofs: improve ioctl sbi checks
  69ab6b14 mm: fix race between swapoff and mincore
  b783d261 autofs-improve-ioctl-sbi-checks-fix
  de44564f mm, swap: fix race between swapoff and some swap operations
  010a80ff mm, swap: fix race between swapoff and some swap operations
  9c82e3b8 autofs: fix possible inode leak in autofs_fill_super()
  855b7de1 mm/page_alloc.c: remove software prefetching in __free_pages_core()
  cd4d5fa9 autofs: simplify parse_options() function call
  e8fed666 memory_hotplug-free-pages-as-higher-order-fix-fix
  f7aa1250 autofs: change catatonic setting to a bit flag
  578f6458 autofs: add strictexpire mount option
  71e7f022 memory_hotplug-free-pages-as-higher-order-fix
  8286148b mm/page_alloc.c: memory hotplug: free pages as higher order
  e5d8e894 hfsplus: return file attributes on statx
  728804fa include/uapi/linux/msdos_fs.h: use MSDOS_NAME for volume label size
  e93a0c0d include/linux/memory_hotplug.h: remove duplicate declaration of offline_pages()
  3d991a59 ptrace: take into account saved_sigmask in PTRACE_{GET,SET}SIGMASK
  a7b16608 mm/mmu_notifier: contextual information for event triggering invalidation v2
  302092c9 mm-mmu_notifier-use-structure-for-invalidate_range_start-end-calls-v2-checkpatch-fixes
  cdd7a0aa fork: fix some -Wmissing-prototypes warnings
  137d92bd mm/mmu_notifier: use structure for invalidate_range_start/end calls v2
  b89cf731 exec: load_script: don't blindly truncate shebang string
  42905641 mm-mmu_notifier-use-structure-for-invalidate_range_start-end-callback-fix-fix
  ad2539c7 exec: increase BINPRM_BUF_SIZE to 256
  0db734c6 mm/mmu_notifier: use structure for invalidate_range_start/end callback
  c09b6daf exec: separate MM_ANONPAGES and RLIMIT_STACK accounting
  37ba86cc hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
  dc98b124 exec-separate-mm_anonpages-and-rlimit_stack-accounting-fix
  28286054 exec-separate-mm_anonpages-and-rlimit_stack-accounting-checkpatch-fixes
  b08acb20 mm-kmemleak-little-optimization-while-scanning-fix
  27faeb70 bfs: extra sanity checking and static inode bitmap
  79d0fd91 mm, kmemleak: little optimization while scanning
  232619fc lib/ioremap: ensure break-before-make is used for huge p4d mappings
  7a489f5d panic: add options to print system info when panic happens
  784bedb5 kernel/sysctl: add panic_print into sysctl
  e5dfd59e lib/ioremap: ensure phys_addr actually corresponds to a physical address
  5f8d4992 kernel/kcov.c: mark write_comp_data() as notrace
  7bdcb055 x86/pgtable: drop pXd_none() checks from pXd_free_pYd_table()
  0aa19fc1 arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()
  7ab8b68a scripts/gdb: fix lx-version string output
  b2581b70 initramfs: cleanup incomplete rootfs
  ee095458 ioremap: rework pXd_free_pYd_page() API
  ce10bcf4 mm/page_alloc.c: calculate first_deferred_pfn directly
  efae8091 ipc: allow boot time extension of IPCMNI from 32k to 8M
  ab7db927 ipc-allow-boot-time-extension-of-ipcmni-from-32k-to-8m-checkpatch-fixes
  f163b82f mm/filemap.c: remove useless check in pagecache_get_page()
  399e0a80 mm/page_io.c: fix polled swap page in
  d04978ca ipc: conserve sequence numbers in extended IPCMNI mode
  07365469 Merge branch 'akpm-current/current'

Tree: linux-next
Repro: C syz .config

Sample crash report:

All crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro Maintainers
ci-upstream-linux-next-kasan-gce-root 2018/12/16 05:47 linux-next d14b746c def91db3 .config log report syz C linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci-upstream-linux-next-kasan-gce-root 2018/12/16 01:48 linux-next d14b746c def91db3 .config log report linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk