general protection fault in set_root
7 views
Skip to first unread message
syzbot
Sep 9, 2020, 12:50:23 AM9/9/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c37da90e Linux 4.19.143
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1016fe59900000
kernel config: https://syzkaller.appspot.com/x/.config?x=d162ec57805c4e4d
dashboard link: https://syzkaller.appspot.com/bug?extid=4215f4ca138b02f4c20e
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4215f4...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1508 Comm: systemd-udevd Not tainted 4.19.143-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x1eb/0x3ff0 kernel/locking/lockdep.c:3294
Code: 2b 29 00 00 48 81 c4 98 01 00 00 44 89 f8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 2a 00 00 49 81 3e 60 25 d4 8a 0f 84 65 ff ff
RSP: 0018:ffff888206c87818 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888000172040 R14: 0000000000000048 R15: 0000000000000001
FS: 00007ff480d498c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff79eb3c87 CR3: 000000004e605000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline]
read_seqcount_begin include/linux/seqlock.h:164 [inline]
set_root+0x136/0x5f0 fs/namei.c:818
path_init+0x1057/0x19d0 fs/namei.c:2208
path_openat+0x185/0x2df0 fs/namei.c:3535
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff47fe90840
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
tmpfs: No value for mount option ' uge�p
$ ��� ӿ� T^'h��> �
�; ���e�j�� �n'
RSP: 002b:00007fff79eb5e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 000055b98fe8f810 RCX: 00007ff47fe90840
RDX: 000055b98ef52fe3 RSI: 00000000000a0800 RDI: 000055b98fe8a0d0
RBP: 00007fff79eb5f90 R08: 000055b98ef52670 R09: 0000000000000010
R10: 000055b98ef52d0c R11: 0000000000000246 R12: 00007fff79eb5ee0
R13: 000055b98fe89ef0 R14: 0000000000000003 R15: 000000000000000e
Modules linked in:
---[ end trace edb6ee3f5f99d5e1 ]---
RIP: 0010:__lock_acquire+0x1eb/0x3ff0 kernel/locking/lockdep.c:3294
Code: 2b 29 00 00 48 81 c4 98 01 00 00 44 89 f8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 2a 00 00 49 81 3e 60 25 d4 8a 0f 84 65 ff ff
RSP: 0018:ffff888206c87818 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888000172040 R14: 0000000000000048 R15: 0000000000000001
FS: 00007ff480d498c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff79eb3c87 CR3: 000000004e605000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: c37da90e Linux 4.19.143
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1016fe59900000
kernel config: https://syzkaller.appspot.com/x/.config?x=d162ec57805c4e4d
dashboard link: https://syzkaller.appspot.com/bug?extid=4215f4ca138b02f4c20e
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4215f4...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1508 Comm: systemd-udevd Not tainted 4.19.143-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x1eb/0x3ff0 kernel/locking/lockdep.c:3294
Code: 2b 29 00 00 48 81 c4 98 01 00 00 44 89 f8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 2a 00 00 49 81 3e 60 25 d4 8a 0f 84 65 ff ff
RSP: 0018:ffff888206c87818 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888000172040 R14: 0000000000000048 R15: 0000000000000001
FS: 00007ff480d498c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff79eb3c87 CR3: 000000004e605000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3907
seqcount_lockdep_reader_access include/linux/seqlock.h:81 [inline]
read_seqcount_begin include/linux/seqlock.h:164 [inline]
set_root+0x136/0x5f0 fs/namei.c:818
path_init+0x1057/0x19d0 fs/namei.c:2208
path_openat+0x185/0x2df0 fs/namei.c:3535
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff47fe90840
Code: 73 01 c3 48 8b 0d 68 77 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 89 bb 20 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 1e f6 ff ff 48 89 04 24
tmpfs: No value for mount option ' uge�p
$ ��� ӿ� T^'h��> �
�; ���e�j�� �n'
RSP: 002b:00007fff79eb5e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 000055b98fe8f810 RCX: 00007ff47fe90840
RDX: 000055b98ef52fe3 RSI: 00000000000a0800 RDI: 000055b98fe8a0d0
RBP: 00007fff79eb5f90 R08: 000055b98ef52670 R09: 0000000000000010
R10: 000055b98ef52d0c R11: 0000000000000246 R12: 00007fff79eb5ee0
R13: 000055b98fe89ef0 R14: 0000000000000003 R15: 000000000000000e
Modules linked in:
---[ end trace edb6ee3f5f99d5e1 ]---
RIP: 0010:__lock_acquire+0x1eb/0x3ff0 kernel/locking/lockdep.c:3294
Code: 2b 29 00 00 48 81 c4 98 01 00 00 44 89 f8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 b3 2a 00 00 49 81 3e 60 25 d4 8a 0f 84 65 ff ff
RSP: 0018:ffff888206c87818 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000002
RDX: 0000000000000009 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888000172040 R14: 0000000000000048 R15: 0000000000000001
FS: 00007ff480d498c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff79eb3c87 CR3: 000000004e605000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 6, 2021, 11:50:19 PM1/6/21
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages