BUG: unable to handle kernel paging request in kmem_cache_alloc_node_trace (2)
17 Aufrufe
Direkt zur ersten ungelesenen Nachricht
syzbot
11.01.2019, 11:03:0411.01.19
an syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: ba422731316d mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifie..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14015cf7400000
kernel config: https://syzkaller.appspot.com/x/.config?x=edf1c3031097c304
dashboard link: https://syzkaller.appspot.com/bug?extid=a1f84a6bc42d90e292c3
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
CC: [da...@davemloft.net kuz...@ms2.inr.ac.ru
linux-...@vger.kernel.org net...@vger.kernel.org yosh...@linux-ipv6.org]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a1f84a...@syzkaller.appspotmail.com
BUG: unable to handle kernel paging request at fffffbffffffffff
#PF error: [PROT] [WRITE]
PANIC: double fault, error_code: 0x0
PGD 21ffee067 P4D 21ffee067 PUD 21ffed067 PMD a985067 PTE 800000000a988161
PANIC: double fault, error_code: 0x0
Oops: 0003 [#1] PREEMPT SMP KASAN
PANIC: double fault, error_code: 0x0
CPU: 1 PID: 7629 Comm: syz-executor5 Not tainted 5.0.0-rc1+ #18
PANIC: double fault, error_code: 0x0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
PANIC: double fault, error_code: 0x0
RIP: 0010:memset_erms+0x9/0x10 arch/x86/lib/memset_64.S:66
PANIC: double fault, error_code: 0x0
Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48
ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 <f3> aa 4c 89 c8
c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01
PANIC: double fault, error_code: 0x0
RSP: 0018:ffff8880ae707138 EFLAGS: 00010287
PANIC: double fault, error_code: 0x0
RAX: 0000000000000000 RBX: dffffc00000000ff RCX: e000000000000100
PANIC: double fault, error_code: 0x0
RDX: e000000000000100 RSI: 0000000000000000 RDI: fffffbffffffffff
PANIC: double fault, error_code: 0x0
RBP: ffff8880ae707150 R08: 0000000000000002 R09: fffffbffffffffff
PANIC: double fault, error_code: 0x0
R10: ffff888062aea400 R11: 0000000000000000 R12: 0000000000000800
PANIC: double fault, error_code: 0x0
R13: ffffffffffffffff R14: 00000000000007fe R15: ffff88812c3f0c40
PANIC: double fault, error_code: 0x0
FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
PANIC: double fault, error_code: 0x0
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
PANIC: double fault, error_code: 0x0
CR2: fffffbffffffffff CR3: 0000000062aac000 CR4: 00000000001406e0
PANIC: double fault, error_code: 0x0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
PANIC: double fault, error_code: 0x0
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PANIC: double fault, error_code: 0x0
Call Trace:
PANIC: double fault, error_code: 0x0
<IRQ>
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
__kasan_kmalloc.constprop.0+0x4c/0xe0 mm/kasan/common.c:491
PANIC: double fault, error_code: 0x0
kasan_kmalloc mm/kasan/common.c:504 [inline]
kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:411
PANIC: double fault, error_code: 0x0
slab_post_alloc_hook mm/slab.h:444 [inline]
slab_alloc_node mm/slab.c:3324 [inline]
kmem_cache_alloc_node_trace+0x13c/0x720 mm/slab.c:3650
PANIC: double fault, error_code: 0x0
__do_kmalloc_node mm/slab.c:3672 [inline]
__kmalloc_node_track_caller+0x3d/0x70 mm/slab.c:3687
PANIC: double fault, error_code: 0x0
__kmalloc_reserve.isra.0+0x40/0xe0 net/core/skbuff.c:140
PANIC: double fault, error_code: 0x0
__alloc_skb+0x12d/0x730 net/core/skbuff.c:208
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
alloc_skb include/linux/skbuff.h:1011 [inline]
alloc_skb_with_frags+0x13a/0x770 net/core/skbuff.c:5288
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
sock_alloc_send_pskb+0x8c9/0xad0 net/core/sock.c:2091
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2108
PANIC: double fault, error_code: 0x0
mld_newpack+0x215/0x870 net/ipv6/mcast.c:1610
PANIC: double fault, error_code: 0x0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: ba422731316d mm/mmu_notifier: mm/rmap.c: Fix a mmu_notifie..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14015cf7400000
kernel config: https://syzkaller.appspot.com/x/.config?x=edf1c3031097c304
dashboard link: https://syzkaller.appspot.com/bug?extid=a1f84a6bc42d90e292c3
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
userspace arch: i386
CC: [da...@davemloft.net kuz...@ms2.inr.ac.ru
linux-...@vger.kernel.org net...@vger.kernel.org yosh...@linux-ipv6.org]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a1f84a...@syzkaller.appspotmail.com
BUG: unable to handle kernel paging request at fffffbffffffffff
#PF error: [PROT] [WRITE]
PANIC: double fault, error_code: 0x0
PGD 21ffee067 P4D 21ffee067 PUD 21ffed067 PMD a985067 PTE 800000000a988161
PANIC: double fault, error_code: 0x0
Oops: 0003 [#1] PREEMPT SMP KASAN
PANIC: double fault, error_code: 0x0
CPU: 1 PID: 7629 Comm: syz-executor5 Not tainted 5.0.0-rc1+ #18
PANIC: double fault, error_code: 0x0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
PANIC: double fault, error_code: 0x0
RIP: 0010:memset_erms+0x9/0x10 arch/x86/lib/memset_64.S:66
PANIC: double fault, error_code: 0x0
Code: c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48
ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 <f3> aa 4c 89 c8
c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01 01
PANIC: double fault, error_code: 0x0
RSP: 0018:ffff8880ae707138 EFLAGS: 00010287
PANIC: double fault, error_code: 0x0
RAX: 0000000000000000 RBX: dffffc00000000ff RCX: e000000000000100
PANIC: double fault, error_code: 0x0
RDX: e000000000000100 RSI: 0000000000000000 RDI: fffffbffffffffff
PANIC: double fault, error_code: 0x0
RBP: ffff8880ae707150 R08: 0000000000000002 R09: fffffbffffffffff
PANIC: double fault, error_code: 0x0
R10: ffff888062aea400 R11: 0000000000000000 R12: 0000000000000800
PANIC: double fault, error_code: 0x0
R13: ffffffffffffffff R14: 00000000000007fe R15: ffff88812c3f0c40
PANIC: double fault, error_code: 0x0
FS: 0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
PANIC: double fault, error_code: 0x0
CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
PANIC: double fault, error_code: 0x0
CR2: fffffbffffffffff CR3: 0000000062aac000 CR4: 00000000001406e0
PANIC: double fault, error_code: 0x0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
PANIC: double fault, error_code: 0x0
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PANIC: double fault, error_code: 0x0
Call Trace:
PANIC: double fault, error_code: 0x0
<IRQ>
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
__kasan_kmalloc.constprop.0+0x4c/0xe0 mm/kasan/common.c:491
PANIC: double fault, error_code: 0x0
kasan_kmalloc mm/kasan/common.c:504 [inline]
kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:411
PANIC: double fault, error_code: 0x0
slab_post_alloc_hook mm/slab.h:444 [inline]
slab_alloc_node mm/slab.c:3324 [inline]
kmem_cache_alloc_node_trace+0x13c/0x720 mm/slab.c:3650
PANIC: double fault, error_code: 0x0
__do_kmalloc_node mm/slab.c:3672 [inline]
__kmalloc_node_track_caller+0x3d/0x70 mm/slab.c:3687
PANIC: double fault, error_code: 0x0
__kmalloc_reserve.isra.0+0x40/0xe0 net/core/skbuff.c:140
PANIC: double fault, error_code: 0x0
__alloc_skb+0x12d/0x730 net/core/skbuff.c:208
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
alloc_skb include/linux/skbuff.h:1011 [inline]
alloc_skb_with_frags+0x13a/0x770 net/core/skbuff.c:5288
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
sock_alloc_send_pskb+0x8c9/0xad0 net/core/sock.c:2091
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
PANIC: double fault, error_code: 0x0
sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2108
PANIC: double fault, error_code: 0x0
mld_newpack+0x215/0x870 net/ipv6/mcast.c:1610
PANIC: double fault, error_code: 0x0
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
02.09.2019, 11:10:0502.09.19
an syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Allen antworten
Antwort an Autor
Weiterleiten
0 neue Nachrichten