general protection fault in __x86_indirect_thunk_rax
239 views
Skip to first unread message
syzbot
Jul 13, 2018, 12:59:02 AM7/13/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 3ee15ba60e6b Add linux-next specific files for 20180712
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=110c2b70400000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe1c3df2c7c0c81
dashboard link: https://syzkaller.appspot.com/bug?extid=f56d57a8d1075c255ccd
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ak...@linux-foundation.org arya...@virtuozzo.com
jba...@fb.com ktk...@virtuozzo.com linux-...@vger.kernel.org
linu...@kvack.org mho...@suse.com penguin...@I-love.SAKURA.ne.jp
s...@canb.auug.org.au shak...@google.com vdavyd...@gmail.com
wi...@infradead.org ying....@intel.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f56d57...@syzkaller.appspotmail.com
page:ffffea0007287380 count:1 mapcount:0 mapping:ffff8801da987dc0 index:0x0
compound_mapcount: 0
flags: 0x2fffc0000008100(slab|head)
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
^
CPU: 0 PID: 22998 Comm: syz-executor4 Not tainted 4.18.0-rc4-next-20180712+
#6
ffff8801ca1ce980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801ca1cea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
RIP: 0010:__x86_indirect_thunk_rax+0x10/0x20 arch/x86/lib/retpoline.S:32
==================================================================
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
90 90 90 e8 07 00 00 00 f3 90 0f
Kernel panic - not syncing: panic_on_warn set ...
ae e8 eb f9 48 89 04 24 <c3> 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00
e8 07 00 00 00 f3
RSP: 0018:ffff8801b8ac60a8 EFLAGS: 00010282
RAX: 00337a79732f6465 RBX: dffffc0000000000 RCX: ffffffff81a1c409
RDX: 0000000000000000 RSI: ffff8801b8ac6330 RDI: ffff8801ca1ce8f0
RBP: ffff8801b8ac62a0 R08: ffff88019344e580 R09: ffffed003aeb6cb8
R10: ffffed003aeb6cb8 R11: ffff8801d75b65c7 R12: ffff8801b8ac6330
R13: ffff8801ca1ce8f0 R14: ffff8801ca1ce918 R15: 00007fa52b7f42e6
FS: 0000000002677940(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f123000 CR3: 00000001995d6000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
shrink_slab_memcg mm/vmscan.c:598 [inline]
shrink_slab+0x861/0xa60 mm/vmscan.c:671
shrink_node+0x429/0x16a0 mm/vmscan.c:2735
shrink_zones mm/vmscan.c:2964 [inline]
do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3026
try_to_free_pages+0x4b2/0xb80 mm/vmscan.c:3241
__perform_reclaim mm/page_alloc.c:3769 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline]
__alloc_pages_slowpath+0x953/0x2d00 mm/page_alloc.c:4191
__alloc_pages_nodemask+0xa7c/0xdb0 mm/page_alloc.c:4390
alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093
alloc_pages include/linux/gfp.h:492 [inline]
__page_cache_alloc+0x398/0x5e0 mm/filemap.c:925
__do_page_cache_readahead+0x24e/0x690 mm/readahead.c:192
ra_submit mm/internal.h:66 [inline]
do_sync_mmap_readahead mm/filemap.c:2356 [inline]
filemap_fault+0xe41/0x2220 mm/filemap.c:2432
__do_fault+0xee/0x450 mm/memory.c:3226
do_shared_fault mm/memory.c:3691 [inline]
do_fault mm/memory.c:3740 [inline]
handle_pte_fault mm/memory.c:3967 [inline]
__handle_mm_fault+0x2ae9/0x44a0 mm/memory.c:4091
handle_mm_fault+0x53e/0xc80 mm/memory.c:4128
__do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1397
do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1472
page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1164
RIP: 0033:0x43ce97
Code: 0b 0f b6 0e 88 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f
48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e <89> 0f 48 83 c6
04 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e 48 89 0f 48
RSP: 002b:00007ffce1229b58 EFLAGS: 00010202
RAX: 00000000200000c0 RBX: 0000000000000000 RCX: 000000007665642f
RDX: 000000000000000c RSI: 0000000000730020 RDI: 00000000200000c0
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffce1229b20 R11: 0000000000000246 R12: 0000000000190f87
R13: 0000000000000002 R14: 000000000072c920 R15: 0000000000000000
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
Dumping ftrace buffer:
---------------------------------
syz-exec-9568 1...3 823588825us : 0: }D
syz-exec-9584 1...3 823599462us : 0: }D
syz-exec-9601 1...3 823704768us : 0: }D
---------------------------------
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 3ee15ba60e6b Add linux-next specific files for 20180712
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=110c2b70400000
kernel config: https://syzkaller.appspot.com/x/.config?x=fe1c3df2c7c0c81
dashboard link: https://syzkaller.appspot.com/bug?extid=f56d57a8d1075c255ccd
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ak...@linux-foundation.org arya...@virtuozzo.com
jba...@fb.com ktk...@virtuozzo.com linux-...@vger.kernel.org
linu...@kvack.org mho...@suse.com penguin...@I-love.SAKURA.ne.jp
s...@canb.auug.org.au shak...@google.com vdavyd...@gmail.com
wi...@infradead.org ying....@intel.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f56d57...@syzkaller.appspotmail.com
page:ffffea0007287380 count:1 mapcount:0 mapping:ffff8801da987dc0 index:0x0
compound_mapcount: 0
flags: 0x2fffc0000008100(slab|head)
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
^
CPU: 0 PID: 22998 Comm: syz-executor4 Not tainted 4.18.0-rc4-next-20180712+
#6
ffff8801ca1ce980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801ca1cea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
RIP: 0010:__x86_indirect_thunk_rax+0x10/0x20 arch/x86/lib/retpoline.S:32
==================================================================
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
90 90 90 e8 07 00 00 00 f3 90 0f
Kernel panic - not syncing: panic_on_warn set ...
ae e8 eb f9 48 89 04 24 <c3> 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00
e8 07 00 00 00 f3
RSP: 0018:ffff8801b8ac60a8 EFLAGS: 00010282
RAX: 00337a79732f6465 RBX: dffffc0000000000 RCX: ffffffff81a1c409
RDX: 0000000000000000 RSI: ffff8801b8ac6330 RDI: ffff8801ca1ce8f0
RBP: ffff8801b8ac62a0 R08: ffff88019344e580 R09: ffffed003aeb6cb8
R10: ffffed003aeb6cb8 R11: ffff8801d75b65c7 R12: ffff8801b8ac6330
R13: ffff8801ca1ce8f0 R14: ffff8801ca1ce918 R15: 00007fa52b7f42e6
FS: 0000000002677940(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2f123000 CR3: 00000001995d6000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
shrink_slab_memcg mm/vmscan.c:598 [inline]
shrink_slab+0x861/0xa60 mm/vmscan.c:671
shrink_node+0x429/0x16a0 mm/vmscan.c:2735
shrink_zones mm/vmscan.c:2964 [inline]
do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3026
try_to_free_pages+0x4b2/0xb80 mm/vmscan.c:3241
__perform_reclaim mm/page_alloc.c:3769 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3790 [inline]
__alloc_pages_slowpath+0x953/0x2d00 mm/page_alloc.c:4191
__alloc_pages_nodemask+0xa7c/0xdb0 mm/page_alloc.c:4390
alloc_pages_current+0x10c/0x210 mm/mempolicy.c:2093
alloc_pages include/linux/gfp.h:492 [inline]
__page_cache_alloc+0x398/0x5e0 mm/filemap.c:925
__do_page_cache_readahead+0x24e/0x690 mm/readahead.c:192
ra_submit mm/internal.h:66 [inline]
do_sync_mmap_readahead mm/filemap.c:2356 [inline]
filemap_fault+0xe41/0x2220 mm/filemap.c:2432
__do_fault+0xee/0x450 mm/memory.c:3226
do_shared_fault mm/memory.c:3691 [inline]
do_fault mm/memory.c:3740 [inline]
handle_pte_fault mm/memory.c:3967 [inline]
__handle_mm_fault+0x2ae9/0x44a0 mm/memory.c:4091
handle_mm_fault+0x53e/0xc80 mm/memory.c:4128
__do_page_fault+0x620/0xe50 arch/x86/mm/fault.c:1397
do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1472
page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1164
RIP: 0033:0x43ce97
Code: 0b 0f b6 0e 88 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f
48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e <89> 0f 48 83 c6
04 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e 48 89 0f 48
RSP: 002b:00007ffce1229b58 EFLAGS: 00010202
RAX: 00000000200000c0 RBX: 0000000000000000 RCX: 000000007665642f
RDX: 000000000000000c RSI: 0000000000730020 RDI: 00000000200000c0
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffce1229b20 R11: 0000000000000246 R12: 0000000000190f87
R13: 0000000000000002 R14: 000000000072c920 R15: 0000000000000000
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
Dumping ftrace buffer:
---------------------------------
syz-exec-9568 1...3 823588825us : 0: }D
syz-exec-9584 1...3 823599462us : 0: }D
syz-exec-9601 1...3 823704768us : 0: }D
---------------------------------
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
Dmitry Vyukov
Mar 9, 2019, 2:41:33 AM3/9/19
to syzbot, 'Dmitry Vyukov' via syzkaller-upstream-moderation
This is now superseded by a report with __x86_indirect_thunk_rax ignored.
#syz invalid
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/0000000000009eef280570da56e5%40google.com.
> For more options, visit https://groups.google.com/d/optout.
#syz invalid
> You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/0000000000009eef280570da56e5%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages