general protection fault in p9_fd_create_unix
已查看 6 次
跳至第一个未读帖子
syzbot
2019年4月13日 20:00:352019/4/13
收件人 syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 03c70fea Merge 4.9.111 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=115e3968400000
kernel config: https://syzkaller.appspot.com/x/.config?x=ca051f5c6a5ae8e0
dashboard link: https://syzkaller.appspot.com/bug?extid=add14a6a3183ff166837
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=100ee6dc400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1270fafc400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+add14a...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 3786 Comm: syz-executor249 Not tainted 4.9.111-g03c70fe #58
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801b99f1800 task.stack: ffff8801d94d0000
RIP: 0010:[<ffffffff81ecf9cf>] [<ffffffff81ecf9cf>] strlen+0x1f/0xa0
lib/string.c:478
RSP: 0018:ffff8801d94d7768 EFLAGS: 00010292
RAX: dffffc0000000000 RBX: 1ffff1003b29aef3 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff839c46c5 RDI: 0000000000000000
RBP: ffff8801d94d7780 R08: ffffed0039b39313 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801b7de1158 R14: 0000000000000000 R15: ffff8801b7de1100
FS: 0000000001d51880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200003c0 CR3: 00000001bfabe000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000296 1ffff1003b29aef3 dffffc0000000000 ffff8801d94d78c0
ffffffff839c46d8 ffff8801b99f20c0 0000000041b58ab3 ffffffff8442d2d8
ffffffff839c4640 0000000000000189 0000000000000000 ffff8801d94d77e8
Call Trace:
[<ffffffff839c46d8>] p9_fd_create_unix+0x98/0x260 net/9p/trans_fd.c:988
[<ffffffff839b329f>] p9_client_create+0x6ff/0x10a0 net/9p/client.c:1036
[<ffffffff8195ab03>] v9fs_session_init+0x333/0x13a0 fs/9p/v9fs.c:343
[<ffffffff8194c3fd>] v9fs_mount+0x7d/0x810 fs/9p/vfs_super.c:130
[<ffffffff8157e22c>] mount_fs+0x28c/0x370 fs/super.c:1206
[<ffffffff815dd9f1>] vfs_kern_mount.part.29+0xd1/0x3d0 fs/namespace.c:991
[<ffffffff815e5319>] vfs_kern_mount fs/namespace.c:973 [inline]
[<ffffffff815e5319>] do_new_mount fs/namespace.c:2513 [inline]
[<ffffffff815e5319>] do_mount+0x3c9/0x2740 fs/namespace.c:2835
[<ffffffff815e806e>] SYSC_mount fs/namespace.c:3051 [inline]
[<ffffffff815e806e>] SyS_mount+0xfe/0x110 fs/namespace.c:3028
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff839f8cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 87 90 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55
48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02
48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c
RIP [<ffffffff81ecf9cf>] strlen+0x1f/0xa0 lib/string.c:478
RSP <ffff8801d94d7768>
---[ end trace 3807795de3d1ecb3 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 03c70fea Merge 4.9.111 into android-4.9
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=115e3968400000
kernel config: https://syzkaller.appspot.com/x/.config?x=ca051f5c6a5ae8e0
dashboard link: https://syzkaller.appspot.com/bug?extid=add14a6a3183ff166837
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=100ee6dc400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1270fafc400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+add14a...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 3786 Comm: syz-executor249 Not tainted 4.9.111-g03c70fe #58
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8801b99f1800 task.stack: ffff8801d94d0000
RIP: 0010:[<ffffffff81ecf9cf>] [<ffffffff81ecf9cf>] strlen+0x1f/0xa0
lib/string.c:478
RSP: 0018:ffff8801d94d7768 EFLAGS: 00010292
RAX: dffffc0000000000 RBX: 1ffff1003b29aef3 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff839c46c5 RDI: 0000000000000000
RBP: ffff8801d94d7780 R08: ffffed0039b39313 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801b7de1158 R14: 0000000000000000 R15: ffff8801b7de1100
FS: 0000000001d51880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200003c0 CR3: 00000001bfabe000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
0000000000000296 1ffff1003b29aef3 dffffc0000000000 ffff8801d94d78c0
ffffffff839c46d8 ffff8801b99f20c0 0000000041b58ab3 ffffffff8442d2d8
ffffffff839c4640 0000000000000189 0000000000000000 ffff8801d94d77e8
Call Trace:
[<ffffffff839c46d8>] p9_fd_create_unix+0x98/0x260 net/9p/trans_fd.c:988
[<ffffffff839b329f>] p9_client_create+0x6ff/0x10a0 net/9p/client.c:1036
[<ffffffff8195ab03>] v9fs_session_init+0x333/0x13a0 fs/9p/v9fs.c:343
[<ffffffff8194c3fd>] v9fs_mount+0x7d/0x810 fs/9p/vfs_super.c:130
[<ffffffff8157e22c>] mount_fs+0x28c/0x370 fs/super.c:1206
[<ffffffff815dd9f1>] vfs_kern_mount.part.29+0xd1/0x3d0 fs/namespace.c:991
[<ffffffff815e5319>] vfs_kern_mount fs/namespace.c:973 [inline]
[<ffffffff815e5319>] do_new_mount fs/namespace.c:2513 [inline]
[<ffffffff815e5319>] do_mount+0x3c9/0x2740 fs/namespace.c:2835
[<ffffffff815e806e>] SYSC_mount fs/namespace.c:3051 [inline]
[<ffffffff815e806e>] SyS_mount+0xfe/0x110 fs/namespace.c:3028
[<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
[<ffffffff839f8cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 87 90 66 2e 0f 1f 84 00 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 55
48 89 fa 48 89 e5 48 c1 ea 03 41 54 49 89 fc 53 48 83 ec 08 <0f> b6 04 02
48 89 fa 83 e2 07 38 d0 7f 04 84 c0 75 4d 41 80 3c
RIP [<ffffffff81ecf9cf>] strlen+0x1f/0xa0 lib/string.c:478
RSP <ffff8801d94d7768>
---[ end trace 3807795de3d1ecb3 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
回复全部
回复作者
转发
0 个新帖子