general protection fault in entry_SYSCALL_64_after_hwframe
19 views
Skip to first unread message
syzbot
Mar 31, 2021, 9:09:23 PM3/31/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bd634aa6 Linux 4.14.228
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a63611d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5fab202d11a349c3
dashboard link: https://syzkaller.appspot.com/bug?extid=70dd97e5b7f57bb62128
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+70dd97...@syzkaller.appspotmail.com
should_fail_alloc_page mm/page_alloc.c:2898 [inline]
prepare_alloc_pages mm/page_alloc.c:4131 [inline]
__alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4179
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
__alloc_pages include/linux/gfp.h:484 [inline]
__alloc_pages_node include/linux/gfp.h:497 [inline]
kmem_getpages mm/slab.c:1419 [inline]
cache_grow_begin+0x91/0x630 mm/slab.c:2676
CPU: 0 PID: 21893 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
cache_alloc_refill+0x273/0x350 mm/slab.c:3043
task: ffff888050f4e440 task.stack: ffff888050530000
____cache_alloc mm/slab.c:3125 [inline]
__do_cache_alloc mm/slab.c:3347 [inline]
slab_alloc mm/slab.c:3382 [inline]
kmem_cache_alloc+0x333/0x3c0 mm/slab.c:3550
RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline]
RIP: 0010:rb_erase+0x29/0x1290 lib/rbtree.c:459
getname_flags+0xc8/0x550 fs/namei.c:138
RSP: 0018:ffff888050537a68 EFLAGS: 00010292
getname fs/namei.c:209 [inline]
SYSC_renameat2 fs/namei.c:4569 [inline]
SyS_renameat2+0x17b/0xad0 fs/namei.c:4533
RAX: dffffc0000000000 RBX: ffff88808de986b0 RCX: ffffc900083db000
RDX: 0000000000000001 RSI: ffffffff8bf97ea0 RDI: 0000000000000008
RBP: 0000000000000000 R08: ffffffff8b993b18 R09: 0000000000040411
R10: ffff888050f4ecf0 R11: ffff888050f4e440 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88808df4b7f8 R15: ffffffff8bf97ea0
FS: 00007fb88befc700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000050cb90 CR3: 00000000471ab000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
Call Trace:
entry_SYSCALL_64_after_hwframe+0x46/0xbb
integrity_inode_free+0x119/0x300 security/integrity/iint.c:146
RIP: 0033:0x466459
security_inode_free+0x14/0x80 security/security.c:443
RSP: 002b:00007fca00411188 EFLAGS: 00000246
__destroy_inode+0x1e8/0x4d0 fs/inode.c:238
ORIG_RAX: 0000000000000052
destroy_inode+0x49/0x110 fs/inode.c:265
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
iput_final fs/inode.c:1524 [inline]
iput+0x458/0x7e0 fs/inode.c:1551
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 00000000200000c0
RBP: 00007fca004111d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
swap_inode_boot_loader fs/ext4/ioctl.c:197 [inline]
ext4_ioctl+0x16c5/0x3870 fs/ext4/ioctl.c:924
R13: 00007fff3aa2212f R14: 00007fca00411300 R15: 0000000000022000
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
team0: Device macsec0 is up. Set it down before adding it as a team port
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x466459
RSP: 002b:00007fb88befc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000008
RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000
new mount options do not match the existing superblock, will be ignored
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffeadcaea9f R14: 00007fb88befc300 R15: 0000000000022000
Code: ff ff 48 b8 00
new mount options do not match the existing superblock, will be ignored
00 00 00 00 fc ff df 41 57 49 89 f7 41 56 41 55 41 54 49 89 fc 48 83 c7 08 48 89 fa 55 48 c1 ea 03 53 48 83 ec 18 <80> 3c 02 00 0f 85 f2 0c 00 00 49 8d 7c 24 10 4d 8b 74 24 08 48
RIP: __rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline] RSP: ffff888050537a68
RIP: rb_erase+0x29/0x1290 lib/rbtree.c:459 RSP: ffff888050537a68
---[ end trace 2498934f795d9eb8 ]---
team0: Device macsec0 is up. Set it down before adding it as a team port
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: bd634aa6 Linux 4.14.228
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a63611d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=5fab202d11a349c3
dashboard link: https://syzkaller.appspot.com/bug?extid=70dd97e5b7f57bb62128
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+70dd97...@syzkaller.appspotmail.com
should_fail_alloc_page mm/page_alloc.c:2898 [inline]
prepare_alloc_pages mm/page_alloc.c:4131 [inline]
__alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4179
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
__alloc_pages include/linux/gfp.h:484 [inline]
__alloc_pages_node include/linux/gfp.h:497 [inline]
kmem_getpages mm/slab.c:1419 [inline]
cache_grow_begin+0x91/0x630 mm/slab.c:2676
CPU: 0 PID: 21893 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
cache_alloc_refill+0x273/0x350 mm/slab.c:3043
task: ffff888050f4e440 task.stack: ffff888050530000
____cache_alloc mm/slab.c:3125 [inline]
__do_cache_alloc mm/slab.c:3347 [inline]
slab_alloc mm/slab.c:3382 [inline]
kmem_cache_alloc+0x333/0x3c0 mm/slab.c:3550
RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline]
RIP: 0010:rb_erase+0x29/0x1290 lib/rbtree.c:459
getname_flags+0xc8/0x550 fs/namei.c:138
RSP: 0018:ffff888050537a68 EFLAGS: 00010292
getname fs/namei.c:209 [inline]
SYSC_renameat2 fs/namei.c:4569 [inline]
SyS_renameat2+0x17b/0xad0 fs/namei.c:4533
RAX: dffffc0000000000 RBX: ffff88808de986b0 RCX: ffffc900083db000
RDX: 0000000000000001 RSI: ffffffff8bf97ea0 RDI: 0000000000000008
RBP: 0000000000000000 R08: ffffffff8b993b18 R09: 0000000000040411
R10: ffff888050f4ecf0 R11: ffff888050f4e440 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88808df4b7f8 R15: ffffffff8bf97ea0
FS: 00007fb88befc700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000050cb90 CR3: 00000000471ab000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
Call Trace:
entry_SYSCALL_64_after_hwframe+0x46/0xbb
integrity_inode_free+0x119/0x300 security/integrity/iint.c:146
RIP: 0033:0x466459
security_inode_free+0x14/0x80 security/security.c:443
RSP: 002b:00007fca00411188 EFLAGS: 00000246
__destroy_inode+0x1e8/0x4d0 fs/inode.c:238
ORIG_RAX: 0000000000000052
destroy_inode+0x49/0x110 fs/inode.c:265
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
iput_final fs/inode.c:1524 [inline]
iput+0x458/0x7e0 fs/inode.c:1551
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 00000000200000c0
RBP: 00007fca004111d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
swap_inode_boot_loader fs/ext4/ioctl.c:197 [inline]
ext4_ioctl+0x16c5/0x3870 fs/ext4/ioctl.c:924
R13: 00007fff3aa2212f R14: 00007fca00411300 R15: 0000000000022000
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
team0: Device macsec0 is up. Set it down before adding it as a team port
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x466459
RSP: 002b:00007fb88befc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000008
RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000
new mount options do not match the existing superblock, will be ignored
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffeadcaea9f R14: 00007fb88befc300 R15: 0000000000022000
Code: ff ff 48 b8 00
new mount options do not match the existing superblock, will be ignored
00 00 00 00 fc ff df 41 57 49 89 f7 41 56 41 55 41 54 49 89 fc 48 83 c7 08 48 89 fa 55 48 c1 ea 03 53 48 83 ec 18 <80> 3c 02 00 0f 85 f2 0c 00 00 49 8d 7c 24 10 4d 8b 74 24 08 48
RIP: __rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline] RSP: ffff888050537a68
RIP: rb_erase+0x29/0x1290 lib/rbtree.c:459 RSP: ffff888050537a68
---[ end trace 2498934f795d9eb8 ]---
team0: Device macsec0 is up. Set it down before adding it as a team port
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jul 29, 2021, 9:09:14 PM7/29/21
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages