general protection fault in ___cache_free (2)
4 views
Skip to first unread message
syzbot
Sep 11, 2020, 4:49:15 PM9/11/20
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f4d51dff Linux 5.9-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1054f29e900000
kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
dashboard link: https://syzkaller.appspot.com/bug?extid=30bc606bc7d13bf92060
compiler: gcc (GCC) 10.1.0-syz 20200507
CC: [jmo...@namei.org linux-...@vger.kernel.org linux-secu...@vger.kernel.org penguin...@I-love.SAKURA.ne.jp se...@hallyn.com take...@nttdata.co.jp]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+30bc60...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xffff1100f301d878: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0xfff8a807980ec3c0-0xfff8a807980ec3c7]
CPU: 1 PID: 3706 Comm: systemd-udevd Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:___cache_free+0x27e/0x730 mm/slab.c:3451
Code: 84 7e 03 00 00 e8 32 c4 ad ff 48 c7 c6 d9 d8 b3 81 48 c7 c7 40 6a bd 89 e8 0f 8c a6 ff 83 3d 4c 9c fe 08 01 0f 87 2f 01 00 00 <8b> 43 04 39 03 0f 83 ec 01 00 00 e9 5a 00 00 00 8b 03 8d 50 01 89
RSP: 0018:ffffc90008597878 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff1100f301d878 RCX: ffffffff8134b990
RDX: 0000000000000000 RSI: ffffffff8134b99a RDI: ffffea0002280240
RBP: ffff88804491daa0 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88808a009d38
R13: ffffea0002280240 R14: 0000000000000200 R15: dffffc0000000000
FS: 00007fa7a7fa98c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff1f845010 CR3: 0000000046569000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
qlink_free mm/kasan/quarantine.c:149 [inline]
qlist_free_all+0x98/0x170 mm/kasan/quarantine.c:168
quarantine_reduce+0x17e/0x200 mm/kasan/quarantine.c:261
__kasan_kmalloc.constprop.0+0x9e/0xd0 mm/kasan/common.c:442
__do_kmalloc mm/slab.c:3655 [inline]
__kmalloc+0x1b0/0x310 mm/slab.c:3664
kmalloc include/linux/slab.h:559 [inline]
kzalloc include/linux/slab.h:666 [inline]
tomoyo_encode2.part.0+0xe9/0x3a0 security/tomoyo/realpath.c:45
tomoyo_encode2 security/tomoyo/realpath.c:31 [inline]
tomoyo_encode+0x28/0x50 security/tomoyo/realpath.c:80
tomoyo_realpath_from_path+0x186/0x620 security/tomoyo/realpath.c:288
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x212/0x3f0 security/tomoyo/file.c:822
security_inode_getattr+0xcf/0x140 security/security.c:1278
vfs_getattr fs/stat.c:121 [inline]
vfs_statx+0x170/0x390 fs/stat.c:206
vfs_lstat include/linux/fs.h:3178 [inline]
__do_sys_newlstat+0x91/0x110 fs/stat.c:374
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fa7a6e1c335
Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
RSP: 002b:00007fff1f8429b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000556957f16120 RCX: 00007fa7a6e1c335
RDX: 00007fff1f8429f0 RSI: 00007fff1f8429f0 RDI: 0000556957f15120
RBP: 00007fff1f842ab0 R08: 00007fa7a70db1f8 R09: 0000000000001010
R10: 00007fa7a70dab58 R11: 0000000000000246 R12: 0000556957f15120
R13: 0000556957f15134 R14: 0000556957f2153d R15: 0000556957f21544
Modules linked in:
---[ end trace 96c4a7b3fdc5d510 ]---
RIP: 0010:___cache_free+0x27e/0x730 mm/slab.c:3451
Code: 84 7e 03 00 00 e8 32 c4 ad ff 48 c7 c6 d9 d8 b3 81 48 c7 c7 40 6a bd 89 e8 0f 8c a6 ff 83 3d 4c 9c fe 08 01 0f 87 2f 01 00 00 <8b> 43 04 39 03 0f 83 ec 01 00 00 e9 5a 00 00 00 8b 03 8d 50 01 89
RSP: 0018:ffffc90008597878 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff1100f301d878 RCX: ffffffff8134b990
RDX: 0000000000000000 RSI: ffffffff8134b99a RDI: ffffea0002280240
RBP: ffff88804491daa0 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88808a009d38
R13: ffffea0002280240 R14: 0000000000000200 R15: dffffc0000000000
FS: 00007fa7a7fa98c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff1f845010 CR3: 0000000046569000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: f4d51dff Linux 5.9-rc4
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1054f29e900000
kernel config: https://syzkaller.appspot.com/x/.config?x=a9075b36a6ae26c9
dashboard link: https://syzkaller.appspot.com/bug?extid=30bc606bc7d13bf92060
compiler: gcc (GCC) 10.1.0-syz 20200507
CC: [jmo...@namei.org linux-...@vger.kernel.org linux-secu...@vger.kernel.org penguin...@I-love.SAKURA.ne.jp se...@hallyn.com take...@nttdata.co.jp]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+30bc60...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xffff1100f301d878: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0xfff8a807980ec3c0-0xfff8a807980ec3c7]
CPU: 1 PID: 3706 Comm: systemd-udevd Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:___cache_free+0x27e/0x730 mm/slab.c:3451
Code: 84 7e 03 00 00 e8 32 c4 ad ff 48 c7 c6 d9 d8 b3 81 48 c7 c7 40 6a bd 89 e8 0f 8c a6 ff 83 3d 4c 9c fe 08 01 0f 87 2f 01 00 00 <8b> 43 04 39 03 0f 83 ec 01 00 00 e9 5a 00 00 00 8b 03 8d 50 01 89
RSP: 0018:ffffc90008597878 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff1100f301d878 RCX: ffffffff8134b990
RDX: 0000000000000000 RSI: ffffffff8134b99a RDI: ffffea0002280240
RBP: ffff88804491daa0 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88808a009d38
R13: ffffea0002280240 R14: 0000000000000200 R15: dffffc0000000000
FS: 00007fa7a7fa98c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff1f845010 CR3: 0000000046569000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
qlink_free mm/kasan/quarantine.c:149 [inline]
qlist_free_all+0x98/0x170 mm/kasan/quarantine.c:168
quarantine_reduce+0x17e/0x200 mm/kasan/quarantine.c:261
__kasan_kmalloc.constprop.0+0x9e/0xd0 mm/kasan/common.c:442
__do_kmalloc mm/slab.c:3655 [inline]
__kmalloc+0x1b0/0x310 mm/slab.c:3664
kmalloc include/linux/slab.h:559 [inline]
kzalloc include/linux/slab.h:666 [inline]
tomoyo_encode2.part.0+0xe9/0x3a0 security/tomoyo/realpath.c:45
tomoyo_encode2 security/tomoyo/realpath.c:31 [inline]
tomoyo_encode+0x28/0x50 security/tomoyo/realpath.c:80
tomoyo_realpath_from_path+0x186/0x620 security/tomoyo/realpath.c:288
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x212/0x3f0 security/tomoyo/file.c:822
security_inode_getattr+0xcf/0x140 security/security.c:1278
vfs_getattr fs/stat.c:121 [inline]
vfs_statx+0x170/0x390 fs/stat.c:206
vfs_lstat include/linux/fs.h:3178 [inline]
__do_sys_newlstat+0x91/0x110 fs/stat.c:374
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7fa7a6e1c335
Code: 69 db 2b 00 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 8b 15 31 db 2b 00 f7 d8 64 89
RSP: 002b:00007fff1f8429b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000556957f16120 RCX: 00007fa7a6e1c335
RDX: 00007fff1f8429f0 RSI: 00007fff1f8429f0 RDI: 0000556957f15120
RBP: 00007fff1f842ab0 R08: 00007fa7a70db1f8 R09: 0000000000001010
R10: 00007fa7a70dab58 R11: 0000000000000246 R12: 0000556957f15120
R13: 0000556957f15134 R14: 0000556957f2153d R15: 0000556957f21544
Modules linked in:
---[ end trace 96c4a7b3fdc5d510 ]---
RIP: 0010:___cache_free+0x27e/0x730 mm/slab.c:3451
Code: 84 7e 03 00 00 e8 32 c4 ad ff 48 c7 c6 d9 d8 b3 81 48 c7 c7 40 6a bd 89 e8 0f 8c a6 ff 83 3d 4c 9c fe 08 01 0f 87 2f 01 00 00 <8b> 43 04 39 03 0f 83 ec 01 00 00 e9 5a 00 00 00 8b 03 8d 50 01 89
RSP: 0018:ffffc90008597878 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff1100f301d878 RCX: ffffffff8134b990
RDX: 0000000000000000 RSI: ffffffff8134b99a RDI: ffffea0002280240
RBP: ffff88804491daa0 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88808a009d38
R13: ffffea0002280240 R14: 0000000000000200 R15: dffffc0000000000
FS: 00007fa7a7fa98c0(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fff1f845010 CR3: 0000000046569000 CR4: 00000000001526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 6, 2020, 3:44:07 PM12/6/20
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages