general protection fault in scatterwalk_map_and_copy
11 views
Skip to first unread message
syzbot
Sep 2, 2019, 9:29:07 AM9/2/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 01fd1694 Linux 4.14.141
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12e07d8e600000
kernel config: https://syzkaller.appspot.com/x/.config?x=62c9b69e1b2adda9
dashboard link: https://syzkaller.appspot.com/bug?extid=b4fe4bd679770c7dc441
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b4fe4b...@syzkaller.appspotmail.com
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0x102/0x110 fs/read_write.c:1488
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459879
CPU: 1 PID: 23711 Comm: syz-executor.3 Not tainted 4.14.141 #37
RSP: 002b:00007f0e97312c78 EFLAGS: 00000246
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ORIG_RAX: 0000000000000028
task: ffff888062514340 task.stack: ffff888048c60000
RAX: ffffffffffffffda RBX: 00007f0e97312c90 RCX: 0000000000459879
RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline]
RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline]
RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline]
RIP: 0010:scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RSP: 0018:ffff888048c67648 EFLAGS: 00010202
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000040d09 R11: 0000000000000246 R12: 00007f0e973136d4
RAX: dffffc0000000000 RBX: 0000000000001000 RCX: ffffc9001433f000
R13: 00000000004c7065 R14: 00000000004dc6d0 R15: 0000000000000006
RDX: 0000000000000002 RSI: ffffffff82d55709 RDI: ffff88806462f5a8
RBP: ffff888048c676b8 R08: ffffed100c8ae7da R09: 0000000000000002
R10: ffffed100c8ae7d9 R11: ffff888064573ecc R12: 0000000000001000
R13: 0000000000000000 R14: ffff888048c67710 R15: 0000000000003000
FS: 00007fda0ba05700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31f27000 CR3: 00000000a52fa000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
CPU: 0 PID: 23707 Comm: syz-executor.2 Not tainted 4.14.141 #37
Call Trace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline]
scatterwalk_map_and_copy+0x12f/0x1d0 crypto/scatterwalk.c:60
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
should_failslab+0xdb/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
gcmaes_encrypt.constprop.0+0x1d2/0xb90
arch/x86/crypto/aesni-intel_glue.c:778
skb_clone+0x129/0x320 net/core/skbuff.c:1282
__skb_tstamp_tx+0x35f/0x640 net/core/skbuff.c:4367
generic_gcmaes_encrypt+0xf4/0x130 arch/x86/crypto/aesni-intel_glue.c:1111
__dev_queue_xmit+0x181f/0x25e0 net/core/dev.c:3460
crypto_aead_encrypt include/crypto/aead.h:330 [inline]
gcmaes_wrapper_encrypt+0xef/0x150 arch/x86/crypto/aesni-intel_glue.c:945
crypto_aead_encrypt include/crypto/aead.h:330 [inline]
tls_do_encryption net/tls/tls_sw.c:234 [inline]
tls_push_record+0x906/0x1210 net/tls/tls_sw.c:270
tls_sw_sendpage+0x434/0xb50 net/tls/tls_sw.c:617
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
inet_sendpage+0x157/0x580 net/ipv4/af_inet.c:779
packet_snd net/packet/af_packet.c:2993 [inline]
packet_sendmsg+0x1de0/0x5a70 net/packet/af_packet.c:3018
kernel_sendpage+0x92/0xf0 net/socket.c:3406
sock_sendpage+0x8b/0xc0 net/socket.c:871
pipe_to_sendpage+0x242/0x340 fs/splice.c:451
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x348/0x780 fs/splice.c:626
___sys_sendmsg+0x349/0x840 net/socket.c:2062
splice_from_pipe+0xf0/0x150 fs/splice.c:661
generic_splice_sendpage+0x3c/0x50 fs/splice.c:832
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
RIP: 0033:0x459879
RSP: 002b:00007fda0ba04c78 EFLAGS: 00000246
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459879
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000
RIP: 0033:0x459879
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda0ba056d4
RSP: 002b:00007feaaa924c78 EFLAGS: 00000246
R13: 00000000004c907b R14: 00000000004df4f0 R15: 00000000ffffffff
ORIG_RAX: 0000000000000133
Code:
RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879
RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005
00
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
00
R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4
fc
R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000006
ff df 80 3c 02 00 0f 85 37 01 00 00 49 8d 45 10 4d 89 2e 48 89 c2 48 89 45
c0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c
03 0f 8e 7d 01 00 00 48 b8 00 00 00
RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP:
ffff888048c67648
RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP:
ffff888048c67648
RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline] RSP:
ffff888048c67648
RIP: scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55 RSP:
ffff888048c67648
kobject: 'loop4' (ffff8880a4a577e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a577e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
---[ end trace e72752ec8a61adb8 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 01fd1694 Linux 4.14.141
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12e07d8e600000
kernel config: https://syzkaller.appspot.com/x/.config?x=62c9b69e1b2adda9
dashboard link: https://syzkaller.appspot.com/bug?extid=b4fe4bd679770c7dc441
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b4fe4b...@syzkaller.appspotmail.com
SYSC_sendfile64 fs/read_write.c:1502 [inline]
SyS_sendfile64+0x102/0x110 fs/read_write.c:1488
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459879
CPU: 1 PID: 23711 Comm: syz-executor.3 Not tainted 4.14.141 #37
RSP: 002b:00007f0e97312c78 EFLAGS: 00000246
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ORIG_RAX: 0000000000000028
task: ffff888062514340 task.stack: ffff888048c60000
RAX: ffffffffffffffda RBX: 00007f0e97312c90 RCX: 0000000000459879
RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline]
RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline]
RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline]
RIP: 0010:scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RSP: 0018:ffff888048c67648 EFLAGS: 00010202
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000040d09 R11: 0000000000000246 R12: 00007f0e973136d4
RAX: dffffc0000000000 RBX: 0000000000001000 RCX: ffffc9001433f000
R13: 00000000004c7065 R14: 00000000004dc6d0 R15: 0000000000000006
RDX: 0000000000000002 RSI: ffffffff82d55709 RDI: ffff88806462f5a8
RBP: ffff888048c676b8 R08: ffffed100c8ae7da R09: 0000000000000002
R10: ffffed100c8ae7d9 R11: ffff888064573ecc R12: 0000000000001000
R13: 0000000000000000 R14: ffff888048c67710 R15: 0000000000003000
FS: 00007fda0ba05700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31f27000 CR3: 00000000a52fa000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
CPU: 0 PID: 23707 Comm: syz-executor.2 Not tainted 4.14.141 #37
Call Trace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline]
scatterwalk_map_and_copy+0x12f/0x1d0 crypto/scatterwalk.c:60
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x197 lib/dump_stack.c:53
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
should_failslab+0xdb/0x130 mm/failslab.c:32
slab_pre_alloc_hook mm/slab.h:421 [inline]
slab_alloc mm/slab.c:3376 [inline]
kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
gcmaes_encrypt.constprop.0+0x1d2/0xb90
arch/x86/crypto/aesni-intel_glue.c:778
skb_clone+0x129/0x320 net/core/skbuff.c:1282
__skb_tstamp_tx+0x35f/0x640 net/core/skbuff.c:4367
generic_gcmaes_encrypt+0xf4/0x130 arch/x86/crypto/aesni-intel_glue.c:1111
__dev_queue_xmit+0x181f/0x25e0 net/core/dev.c:3460
crypto_aead_encrypt include/crypto/aead.h:330 [inline]
gcmaes_wrapper_encrypt+0xef/0x150 arch/x86/crypto/aesni-intel_glue.c:945
crypto_aead_encrypt include/crypto/aead.h:330 [inline]
tls_do_encryption net/tls/tls_sw.c:234 [inline]
tls_push_record+0x906/0x1210 net/tls/tls_sw.c:270
tls_sw_sendpage+0x434/0xb50 net/tls/tls_sw.c:617
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
inet_sendpage+0x157/0x580 net/ipv4/af_inet.c:779
packet_snd net/packet/af_packet.c:2993 [inline]
packet_sendmsg+0x1de0/0x5a70 net/packet/af_packet.c:3018
kernel_sendpage+0x92/0xf0 net/socket.c:3406
sock_sendpage+0x8b/0xc0 net/socket.c:871
pipe_to_sendpage+0x242/0x340 fs/splice.c:451
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
splice_from_pipe_feed fs/splice.c:502 [inline]
__splice_from_pipe+0x348/0x780 fs/splice.c:626
___sys_sendmsg+0x349/0x840 net/socket.c:2062
splice_from_pipe+0xf0/0x150 fs/splice.c:661
generic_splice_sendpage+0x3c/0x50 fs/splice.c:832
do_splice_from fs/splice.c:851 [inline]
do_splice fs/splice.c:1147 [inline]
SYSC_splice fs/splice.c:1402 [inline]
SyS_splice+0xd92/0x1430 fs/splice.c:1382
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
RIP: 0033:0x459879
RSP: 002b:00007fda0ba04c78 EFLAGS: 00000246
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459879
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000
RIP: 0033:0x459879
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda0ba056d4
RSP: 002b:00007feaaa924c78 EFLAGS: 00000246
R13: 00000000004c907b R14: 00000000004df4f0 R15: 00000000ffffffff
ORIG_RAX: 0000000000000133
Code:
RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879
RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005
00
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
00
R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4
fc
R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000006
ff df 80 3c 02 00 0f 85 37 01 00 00 49 8d 45 10 4d 89 2e 48 89 c2 48 89 45
c0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c
03 0f 8e 7d 01 00 00 48 b8 00 00 00
RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP:
ffff888048c67648
RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP:
ffff888048c67648
RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline] RSP:
ffff888048c67648
RIP: scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55 RSP:
ffff888048c67648
kobject: 'loop4' (ffff8880a4a577e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a577e0): fill_kobj_path: path
= '/devices/virtual/block/loop4'
---[ end trace e72752ec8a61adb8 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 31, 2019, 7:29:06 AM12/31/19
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages