general protection fault in cgroup_kill_sb
5 views
Skip to first unread message
syzbot
Apr 18, 2019, 3:38:06 AM4/18/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 58b454eb Linux 4.14.112
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1591752d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=8b0e7ab7678533ab
dashboard link: https://syzkaller.appspot.com/bug?extid=0611b66a8c93f334c4e1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0611b6...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 8516 Comm: syz-executor.4 Not tainted 4.14.112 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8880a5b7c040 task.stack: ffff888064358000
RIP: 0010:cgroup_root_from_kf kernel/cgroup/cgroup.c:1173 [inline]
RIP: 0010:cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2030
RSP: 0018:ffff88806435fac0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: ffffffff81a9506c RDI: ffff888063170330
RBP: ffff88806435fae0 R08: ffff8880a5b7c040 R09: ffff8880a5b7c8e0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888063170300
R13: ffffffff877ad360 R14: ffff888063170300 R15: dffffc0000000000
FS: 00007f4c19fa5700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000018fbcc0 CR3: 00000000a56c1000 CR4: 00000000001406e0
Call Trace:
deactivate_locked_super+0x79/0xe0 fs/super.c:319
sget_userns+0x9df/0xc30 fs/super.c:537
kernfs_mount_ns+0xe9/0x790 fs/kernfs/mount.c:324
kernfs_mount include/linux/kernfs.h:543 [inline]
cgroup_do_mount+0x9e/0x420 kernel/cgroup/cgroup.c:1947
cgroup_mount+0x789/0x8b0 kernel/cgroup/cgroup.c:2014
mount_fs+0x9d/0x2a7 fs/super.c:1237
vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x417/0x27d0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3072
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x458c29
RSP: 002b:00007f4c19fa4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f4c19fa4c90 RCX: 0000000000458c29
RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000073bf00 R08: 0000000020000240 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c19fa56d4
R13: 00000000004c4c0e R14: 00000000004d8888 R15: 0000000000000003
Code: e5 41 55 41 54 49 89 fc 53 48 83 ec 08 e8 0b 26 06 00 4c 89 e7 e8 33
9f 52 00 48 ba 00 00 00 00 00 fc ff df 48 89 c1 48 c1 e9 03 <80> 3c 11 00
0f 85 ca 02 00 00 48 8b 18 48 b8 00 00 00 00 00 fc
RIP: cgroup_root_from_kf kernel/cgroup/cgroup.c:1173 [inline] RSP:
ffff88806435fac0
RIP: cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2030 RSP:
ffff88806435fac0
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
---[ end trace b71d90d83819430f ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 58b454eb Linux 4.14.112
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1591752d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=8b0e7ab7678533ab
dashboard link: https://syzkaller.appspot.com/bug?extid=0611b66a8c93f334c4e1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0611b6...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 8516 Comm: syz-executor.4 Not tainted 4.14.112 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8880a5b7c040 task.stack: ffff888064358000
RIP: 0010:cgroup_root_from_kf kernel/cgroup/cgroup.c:1173 [inline]
RIP: 0010:cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2030
RSP: 0018:ffff88806435fac0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: ffffffff81a9506c RDI: ffff888063170330
RBP: ffff88806435fae0 R08: ffff8880a5b7c040 R09: ffff8880a5b7c8e0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888063170300
R13: ffffffff877ad360 R14: ffff888063170300 R15: dffffc0000000000
FS: 00007f4c19fa5700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000018fbcc0 CR3: 00000000a56c1000 CR4: 00000000001406e0
Call Trace:
deactivate_locked_super+0x79/0xe0 fs/super.c:319
sget_userns+0x9df/0xc30 fs/super.c:537
kernfs_mount_ns+0xe9/0x790 fs/kernfs/mount.c:324
kernfs_mount include/linux/kernfs.h:543 [inline]
cgroup_do_mount+0x9e/0x420 kernel/cgroup/cgroup.c:1947
cgroup_mount+0x789/0x8b0 kernel/cgroup/cgroup.c:2014
mount_fs+0x9d/0x2a7 fs/super.c:1237
vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x417/0x27d0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3072
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x458c29
RSP: 002b:00007f4c19fa4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f4c19fa4c90 RCX: 0000000000458c29
RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000073bf00 R08: 0000000020000240 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c19fa56d4
R13: 00000000004c4c0e R14: 00000000004d8888 R15: 0000000000000003
Code: e5 41 55 41 54 49 89 fc 53 48 83 ec 08 e8 0b 26 06 00 4c 89 e7 e8 33
9f 52 00 48 ba 00 00 00 00 00 fc ff df 48 89 c1 48 c1 e9 03 <80> 3c 11 00
0f 85 ca 02 00 00 48 8b 18 48 b8 00 00 00 00 00 fc
RIP: cgroup_root_from_kf kernel/cgroup/cgroup.c:1173 [inline] RSP:
ffff88806435fac0
RIP: cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2030 RSP:
ffff88806435fac0
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
---[ end trace b71d90d83819430f ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Aug 30, 2019, 1:23:06 PM8/30/19
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 01fd1694 Linux 4.14.141
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17ff089e600000
kernel config: https://syzkaller.appspot.com/x/.config?x=62c9b69e1b2adda9
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16724f2e600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0611b6...@syzkaller.appspotmail.com
RBP: 00007ffd6dee33a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
RIP: 0010:cgroup_root_from_kf kernel/cgroup/cgroup.c:1178 [inline]
RIP: 0010:cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2035
RSP: 0018:ffff888084fc7ac0 EFLAGS: 00010246
RBP: ffff888084fc7ae0 R08: ffff8880763ac740 R09: ffff8880763acfe0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888090020e80
R13: ffffffff877add80 R14: ffff888090020e80 R15: dffffc0000000000
FS: 0000000000ad5880(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
deactivate_locked_super+0x74/0xe0 fs/super.c:319
sget_userns+0x9d9/0xc30 fs/super.c:537
cgroup_mount+0x789/0x8b0 kernel/cgroup/cgroup.c:2019
mount_fs+0x97/0x2a1 fs/super.c:1237
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x441129
RSP: 002b:00007ffd6dee3388 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441129
RDX: 00000000200002c0 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007ffd6dee33a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
Code: e5 41 55 41 54 49 89 fc 53 48 83 ec 08 e8 7b 2a 06 00 4c 89 e7 e8 f3
f3 52 00 48 ba 00 00 00 00 00 fc ff df 48 89 c1 48 c1 e9 03 <80> 3c 11 00
0f 85 c4 02 00 00 48 8b 18 48 b8 00 00 00 00 00 fc
RIP: cgroup_root_from_kf kernel/cgroup/cgroup.c:1178 [inline] RSP:
ffff888084fc7ac0
RIP: cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2035 RSP:
ffff888084fc7ac0
---[ end trace 207d3c26eed271f0 ]---
HEAD commit: 01fd1694 Linux 4.14.141
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17ff089e600000
kernel config: https://syzkaller.appspot.com/x/.config?x=62c9b69e1b2adda9
dashboard link: https://syzkaller.appspot.com/bug?extid=0611b66a8c93f334c4e1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e58ff2600000
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16724f2e600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0611b6...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 6817 Comm: syz-executor305 Not tainted 4.14.141 #37
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8880763ac740 task.stack: ffff888084fc0000
Google 01/01/2011
RIP: 0010:cgroup_root_from_kf kernel/cgroup/cgroup.c:1178 [inline]
RIP: 0010:cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2035
RSP: 0018:ffff888084fc7ac0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: ffffffff8778f720 RDI: ffff888090020eb0
RBP: ffff888084fc7ae0 R08: ffff8880763ac740 R09: ffff8880763acfe0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888090020e80
R13: ffffffff877add80 R14: ffff888090020e80 R15: dffffc0000000000
FS: 0000000000ad5880(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000300 CR3: 000000009bc47000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
deactivate_locked_super+0x74/0xe0 fs/super.c:319
sget_userns+0x9d9/0xc30 fs/super.c:537
kernfs_mount_ns+0xe9/0x790 fs/kernfs/mount.c:324
kernfs_mount include/linux/kernfs.h:543 [inline]
cgroup_do_mount+0x9e/0x270 kernel/cgroup/cgroup.c:1952
kernfs_mount include/linux/kernfs.h:543 [inline]
cgroup_mount+0x789/0x8b0 kernel/cgroup/cgroup.c:2019
mount_fs+0x97/0x2a1 fs/super.c:1237
vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x417/0x27d0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3072
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x417/0x27d0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3072
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x441129
RSP: 002b:00007ffd6dee3388 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441129
RDX: 00000000200002c0 RSI: 0000000020000200 RDI: 0000000000000000
RBP: 00007ffd6dee33a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
Code: e5 41 55 41 54 49 89 fc 53 48 83 ec 08 e8 7b 2a 06 00 4c 89 e7 e8 f3
f3 52 00 48 ba 00 00 00 00 00 fc ff df 48 89 c1 48 c1 e9 03 <80> 3c 11 00
0f 85 c4 02 00 00 48 8b 18 48 b8 00 00 00 00 00 fc
RIP: cgroup_root_from_kf kernel/cgroup/cgroup.c:1178 [inline] RSP:
ffff888084fc7ac0
RIP: cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2035 RSP:
ffff888084fc7ac0
---[ end trace 207d3c26eed271f0 ]---
Reply all
Reply to author
Forward
0 new messages