Hello,
syzbot found the following crash on:
HEAD commit: 58b454eb Linux 4.14.112
git tree: linux-4.14.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=1591752d200000
kernel config:
https://syzkaller.appspot.com/x/.config?x=8b0e7ab7678533ab
dashboard link:
https://syzkaller.appspot.com/bug?extid=0611b66a8c93f334c4e1
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+0611b6...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 8516 Comm: syz-executor.4 Not tainted 4.14.112 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8880a5b7c040 task.stack: ffff888064358000
RIP: 0010:cgroup_root_from_kf kernel/cgroup/cgroup.c:1173 [inline]
RIP: 0010:cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2030
RSP: 0018:ffff88806435fac0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: ffffffff81a9506c RDI: ffff888063170330
RBP: ffff88806435fae0 R08: ffff8880a5b7c040 R09: ffff8880a5b7c8e0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888063170300
R13: ffffffff877ad360 R14: ffff888063170300 R15: dffffc0000000000
FS: 00007f4c19fa5700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000018fbcc0 CR3: 00000000a56c1000 CR4: 00000000001406e0
Call Trace:
deactivate_locked_super+0x79/0xe0 fs/super.c:319
sget_userns+0x9df/0xc30 fs/super.c:537
kernfs_mount_ns+0xe9/0x790 fs/kernfs/mount.c:324
kernfs_mount include/linux/kernfs.h:543 [inline]
cgroup_do_mount+0x9e/0x420 kernel/cgroup/cgroup.c:1947
cgroup_mount+0x789/0x8b0 kernel/cgroup/cgroup.c:2014
mount_fs+0x9d/0x2a7 fs/super.c:1237
vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
vfs_kern_mount fs/namespace.c:1036 [inline]
do_new_mount fs/namespace.c:2549 [inline]
do_mount+0x417/0x27d0 fs/namespace.c:2879
SYSC_mount fs/namespace.c:3095 [inline]
SyS_mount+0xab/0x120 fs/namespace.c:3072
do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x458c29
RSP: 002b:00007f4c19fa4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f4c19fa4c90 RCX: 0000000000458c29
RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 000000000073bf00 R08: 0000000020000240 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c19fa56d4
R13: 00000000004c4c0e R14: 00000000004d8888 R15: 0000000000000003
Code: e5 41 55 41 54 49 89 fc 53 48 83 ec 08 e8 0b 26 06 00 4c 89 e7 e8 33
9f 52 00 48 ba 00 00 00 00 00 fc ff df 48 89 c1 48 c1 e9 03 <80> 3c 11 00
0f 85 ca 02 00 00 48 8b 18 48 b8 00 00 00 00 00 fc
RIP: cgroup_root_from_kf kernel/cgroup/cgroup.c:1173 [inline] RSP:
ffff88806435fac0
RIP: cgroup_kill_sb+0x2e/0x330 kernel/cgroup/cgroup.c:2030 RSP:
ffff88806435fac0
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
---[ end trace b71d90d83819430f ]---
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.