general protection fault in unlink_anon_vmas (2)
7 views
Skip to first unread message
syzbot
Apr 30, 2021, 5:28:17 PM4/30/21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: e3d35712 Add linux-next specific files for 20210423
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14717a51d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=e370221d7500b26a
dashboard link: https://syzkaller.appspot.com/bug?extid=a85f3423e84e91079145
CC: [ak...@linux-foundation.org linux-...@vger.kernel.org linu...@kvack.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a85f34...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xe0000612dffffd4f: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x00005096ffffea78-0x00005096ffffea7f]
CPU: 1 PID: 8379 Comm: (agetty) Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0xcf0/0x5230 kernel/locking/lockdep.c:4772
Code: 3b 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 f6 3f 3b 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 82 2f 00 00 49 81 3e c0 b3 40 8f 0f 84 da f3 ff
RSP: 0018:ffffc9000162f660 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 00000a12dffffd4f RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1b91922 R11: 0000000000000000 R12: ffff8880297d0000
R13: 0000000000000000 R14: 00005096ffffea78 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005623bd3fd4f8 CR3: 000000001401a000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire kernel/locking/lockdep.c:5512 [inline]
lock_acquire+0x1ab/0x740 kernel/locking/lockdep.c:5477
down_write+0x92/0x150 kernel/locking/rwsem.c:1406
lock_anon_vma_root mm/rmap.c:245 [inline]
unlink_anon_vmas+0x1fc/0x860 mm/rmap.c:401
free_pgtables+0x1ab/0x2f0 mm/memory.c:427
exit_mmap+0x2b7/0x590 mm/mmap.c:3208
__mmput+0x122/0x470 kernel/fork.c:1095
mmput+0x58/0x60 kernel/fork.c:1116
exec_mmap fs/exec.c:1031 [inline]
begin_new_exec+0xea9/0x2c40 fs/exec.c:1287
load_elf_binary+0x159d/0x4b30 fs/binfmt_elf.c:1001
search_binary_handler fs/exec.c:1720 [inline]
exec_binprm fs/exec.c:1761 [inline]
bprm_execve fs/exec.c:1830 [inline]
bprm_execve+0x7ef/0x19b0 fs/exec.c:1792
do_execveat_common+0x621/0x7c0 fs/exec.c:1919
do_execve fs/exec.c:1987 [inline]
__do_sys_execve fs/exec.c:2063 [inline]
__se_sys_execve fs/exec.c:2058 [inline]
__x64_sys_execve+0x8f/0xc0 fs/exec.c:2058
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f15cf216647
Code: Unable to access opcode bytes at RIP 0x7f15cf21661d.
RSP: 002b:00007fff08a381f8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00005623bd3b6c80 RCX: 00007f15cf216647
RDX: 00005623bd3c9530 RSI: 00005623bd3b26f0 RDI: 00005623bd394230
RBP: 00007fff08a38360 R08: 00005623bd3b26f0 R09: 0000000000000000
R10: 00005623bd35d580 R11: 0000000000000246 R12: 00005623bd3c6998
R13: 0000000000000000 R14: 00005623bd3b26f0 R15: 00007fff08a38440
Modules linked in:
---[ end trace a4558ea0e2a677b1 ]---
RIP: 0010:__lock_acquire+0xcf0/0x5230 kernel/locking/lockdep.c:4772
Code: 3b 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 f6 3f 3b 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 82 2f 00 00 49 81 3e c0 b3 40 8f 0f 84 da f3 ff
RSP: 0018:ffffc9000162f660 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 00000a12dffffd4f RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1b91922 R11: 0000000000000000 R12: ffff8880297d0000
R13: 0000000000000000 R14: 00005096ffffea78 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f15cf21661d CR3: 000000001401a000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: e3d35712 Add linux-next specific files for 20210423
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14717a51d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=e370221d7500b26a
dashboard link: https://syzkaller.appspot.com/bug?extid=a85f3423e84e91079145
CC: [ak...@linux-foundation.org linux-...@vger.kernel.org linu...@kvack.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a85f34...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xe0000612dffffd4f: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x00005096ffffea78-0x00005096ffffea7f]
CPU: 1 PID: 8379 Comm: (agetty) Not tainted 5.12.0-rc8-next-20210423-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0xcf0/0x5230 kernel/locking/lockdep.c:4772
Code: 3b 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 f6 3f 3b 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 82 2f 00 00 49 81 3e c0 b3 40 8f 0f 84 da f3 ff
RSP: 0018:ffffc9000162f660 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 00000a12dffffd4f RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1b91922 R11: 0000000000000000 R12: ffff8880297d0000
R13: 0000000000000000 R14: 00005096ffffea78 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005623bd3fd4f8 CR3: 000000001401a000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
lock_acquire kernel/locking/lockdep.c:5512 [inline]
lock_acquire+0x1ab/0x740 kernel/locking/lockdep.c:5477
down_write+0x92/0x150 kernel/locking/rwsem.c:1406
lock_anon_vma_root mm/rmap.c:245 [inline]
unlink_anon_vmas+0x1fc/0x860 mm/rmap.c:401
free_pgtables+0x1ab/0x2f0 mm/memory.c:427
exit_mmap+0x2b7/0x590 mm/mmap.c:3208
__mmput+0x122/0x470 kernel/fork.c:1095
mmput+0x58/0x60 kernel/fork.c:1116
exec_mmap fs/exec.c:1031 [inline]
begin_new_exec+0xea9/0x2c40 fs/exec.c:1287
load_elf_binary+0x159d/0x4b30 fs/binfmt_elf.c:1001
search_binary_handler fs/exec.c:1720 [inline]
exec_binprm fs/exec.c:1761 [inline]
bprm_execve fs/exec.c:1830 [inline]
bprm_execve+0x7ef/0x19b0 fs/exec.c:1792
do_execveat_common+0x621/0x7c0 fs/exec.c:1919
do_execve fs/exec.c:1987 [inline]
__do_sys_execve fs/exec.c:2063 [inline]
__se_sys_execve fs/exec.c:2058 [inline]
__x64_sys_execve+0x8f/0xc0 fs/exec.c:2058
do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f15cf216647
Code: Unable to access opcode bytes at RIP 0x7f15cf21661d.
RSP: 002b:00007fff08a381f8 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00005623bd3b6c80 RCX: 00007f15cf216647
RDX: 00005623bd3c9530 RSI: 00005623bd3b26f0 RDI: 00005623bd394230
RBP: 00007fff08a38360 R08: 00005623bd3b26f0 R09: 0000000000000000
R10: 00005623bd35d580 R11: 0000000000000246 R12: 00005623bd3c6998
R13: 0000000000000000 R14: 00005623bd3b26f0 R15: 00007fff08a38440
Modules linked in:
---[ end trace a4558ea0e2a677b1 ]---
RIP: 0010:__lock_acquire+0xcf0/0x5230 kernel/locking/lockdep.c:4772
Code: 3b 0e 41 bf 01 00 00 00 0f 86 8c 00 00 00 89 05 f6 3f 3b 0e e9 81 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 82 2f 00 00 49 81 3e c0 b3 40 8f 0f 84 da f3 ff
RSP: 0018:ffffc9000162f660 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 00000a12dffffd4f RSI: 0000000000000001 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1b91922 R11: 0000000000000000 R12: ffff8880297d0000
R13: 0000000000000000 R14: 00005096ffffea78 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f15cf21661d CR3: 000000001401a000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Aug 21, 2021, 4:44:18 AM8/21/21
to syzkaller-upst...@googlegroups.com
Sending this report upstream.
Reply all
Reply to author
Forward
0 new messages