general protection fault in klist_put
42 views
Skip to first unread message
syzbot
Nov 5, 2017, 3:05:04 AM11/5/17
to gre...@linuxfoundation.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzkaller hit the following crash on
36ef71cae353f88fd6e095e2aaa3e5953af1685d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 3 PID: 5416 Comm: syz-executor7 Not tainted 4.14.0-rc5-next-20171018+
#8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88002d53a4c0 task.stack: ffff88003a5c8000
RIP: 0010:klist_put+0x4e/0x160 lib/klist.c:213
RSP: 0018:ffff88003a5cf390 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84df18f6
RDX: 000000000000000a RSI: ffffc90003712000 RDI: 0000000000000050
RBP: ffff88003a5cf3b0 R08: 0000000000000001 R09: 1ffff100074b9e56
R10: ffff88003a5cf278 R11: 0000000000000002 R12: ffff88006b79caf8
R13: 0000000000000001 R14: ffffffff84df1ddb R15: ffff88006b03ad10
FS: 00007f03f0680700(0000) GS:ffff88006df00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002085dff8 CR3: 000000003d7cc000 CR4: 00000000000006e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
klist_del lib/klist.c:231 [inline]
klist_remove+0x220/0x4e0 lib/klist.c:250
__device_release_driver drivers/base/dd.c:873 [inline]
device_release_driver_internal+0x42b/0x5b0 drivers/base/dd.c:893
device_release_driver+0x19/0x20 drivers/base/dd.c:918
usb_driver_release_interface+0x138/0x160 drivers/usb/core/driver.c:604
proc_disconnect_claim+0x221/0x380 drivers/usb/core/devio.c:2282
usbdev_do_ioctl+0x169f/0x3670 drivers/usb/core/devio.c:2524
usbdev_ioctl+0x25/0x30 drivers/usb/core/devio.c:2552
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007f03f067fbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f03f06806cc RCX: 0000000000447c89
RDX: 000000002027efff RSI: 000000008108551b RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000008640 R14: 00000000006ec6e0 R15: 00007f03f0680700
Code: 48 c1 ea 03 80 3c 02 00 0f 85 1b 01 00 00 49 8b 1c 24 48 b8 00 00 00
00 00 fc ff df 48 83 e3 fe 48 8d 7b 50 48 89 fa 48 c1 ea 03 <80> 3c 02 00
0f 85 ea 00 00 00 48 89 df 4c 8b 73 50 e8 7c 3e 06
RIP: klist_put+0x4e/0x160 lib/klist.c:213 RSP: ffff88003a5cf390
---[ end trace 13ad6cc38e4181e7 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.
syzkaller hit the following crash on
36ef71cae353f88fd6e095e2aaa3e5953af1685d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 3 PID: 5416 Comm: syz-executor7 Not tainted 4.14.0-rc5-next-20171018+
#8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88002d53a4c0 task.stack: ffff88003a5c8000
RIP: 0010:klist_put+0x4e/0x160 lib/klist.c:213
RSP: 0018:ffff88003a5cf390 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff84df18f6
RDX: 000000000000000a RSI: ffffc90003712000 RDI: 0000000000000050
RBP: ffff88003a5cf3b0 R08: 0000000000000001 R09: 1ffff100074b9e56
R10: ffff88003a5cf278 R11: 0000000000000002 R12: ffff88006b79caf8
R13: 0000000000000001 R14: ffffffff84df1ddb R15: ffff88006b03ad10
FS: 00007f03f0680700(0000) GS:ffff88006df00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002085dff8 CR3: 000000003d7cc000 CR4: 00000000000006e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
klist_del lib/klist.c:231 [inline]
klist_remove+0x220/0x4e0 lib/klist.c:250
__device_release_driver drivers/base/dd.c:873 [inline]
device_release_driver_internal+0x42b/0x5b0 drivers/base/dd.c:893
device_release_driver+0x19/0x20 drivers/base/dd.c:918
usb_driver_release_interface+0x138/0x160 drivers/usb/core/driver.c:604
proc_disconnect_claim+0x221/0x380 drivers/usb/core/devio.c:2282
usbdev_do_ioctl+0x169f/0x3670 drivers/usb/core/devio.c:2524
usbdev_ioctl+0x25/0x30 drivers/usb/core/devio.c:2552
vfs_ioctl fs/ioctl.c:45 [inline]
do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007f03f067fbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f03f06806cc RCX: 0000000000447c89
RDX: 000000002027efff RSI: 000000008108551b RDI: 0000000000000013
RBP: 0000000000000082 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000008640 R14: 00000000006ec6e0 R15: 00007f03f0680700
Code: 48 c1 ea 03 80 3c 02 00 0f 85 1b 01 00 00 49 8b 1c 24 48 b8 00 00 00
00 00 fc ff df 48 83 e3 fe 48 8d 7b 50 48 89 fa 48 c1 ea 03 <80> 3c 02 00
0f 85 ea 00 00 00 48 89 df 4c 8b 73 50 e8 7c 3e 06
RIP: klist_put+0x4e/0x160 lib/klist.c:213 RSP: ffff88003a5cf390
---[ end trace 13ad6cc38e4181e7 ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line.
Greg KH
Nov 5, 2017, 5:33:17 AM11/5/17
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Sun, Nov 05, 2017 at 01:05:01AM -0700, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 36ef71cae353f88fd6e095e2aaa3e5953af1685d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
<snip>
> Hello,
>
> syzkaller hit the following crash on
> 36ef71cae353f88fd6e095e2aaa3e5953af1685d
> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
Thanks for reporting stuff like this, but really, this format of
reporting bugs is horrible, it does not contain any hints as to what you
were doing, nor how to reproduce it at all.
What am I supposed to do with this? How do I know if this bug is ever
resolved? When did it show up? What workload caused it?
A strace really doesn't help much here, do you have a reproducer?
thanks,
greg k-h
Dmitry Vyukov
Nov 6, 2017, 7:11:38 AM11/6/17
to Greg KH, syzbot, LKML, syzkall...@googlegroups.com
The last question is answered in the provided link:
https://github.com/google/syzkaller/blob/master/docs/syzbot.md#no-reproducer-at-all
We try hard to provide reproducers. And we understand that bugs
without reproducers are not actionable sometimes.
This crash happened. That's a fact. We could keep this fact secret,
but I don't think that keeping it secret makes sense either.
For a significant portion of bugs (I would say close to a half or so),
the crash itself provides enough information to root cause it. E.g.
KASAN reports contain allocation, free and use stacks. Lockdep
deadlock/wrong context reports usually have all necessary info.
WARNING/BUGs can point to immediately preceding missing/wrong syscall
arguments checks. For harder cases, even if it's not possible to root
cause a bug, multiple different reports can provide at least some
hints re root cause. These are the reasons why we still report them.
One of the other ones you complained is caused by a simple
single-threaded preceding kmalloc failure, as Eric pointed out:
https://groups.google.com/d/msg/syzkaller-bugs/KSG_mvGUj4c/MtYD_gD6AgAJ
And you also fixed a bunch of recent bugs in USB without reproducers.
If you don't see this as actionable after spending some minimal time
on this, then we don't ask you to do anything supernatural, let's
leave it aside for now.
Thanks
Dmitry Vyukov
Feb 14, 2018, 9:49:40 AM2/14/18
to syzbot, syzkall...@googlegroups.com
old bug bankruptcy
#syz invalid
On Sun, Nov 5, 2017 at 9:05 AM, syzbot
<bot+f841f737eaae84758e...@syzkaller.appspotmail.com>
wrote:
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c049582789e47055d37cb34%40google.com.
> For more options, visit https://groups.google.com/d/optout.
#syz invalid
On Sun, Nov 5, 2017 at 9:05 AM, syzbot
<bot+f841f737eaae84758e...@syzkaller.appspotmail.com>
wrote:
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/94eb2c049582789e47055d37cb34%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages