general protection fault in __rhashtable_lookup
10 views
Skip to first unread message
syzbot
Mar 29, 2018, 6:01:04 PM3/29/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot hit the following crash on upstream commit
0b412605ef5f5c64b31f19e2910b1d5eba9929c3 (Thu Mar 29 01:07:23 2018 +0000)
Merge tag 'drm-fixes-for-v4.16-rc8' of
git://people.freedesktop.org/~airlied/linux
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=ebe63a0a735cfad556c7
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5481689501401088
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-8440362230543204781
compiler: gcc (GCC) 7.1.1 20170620
CC: [da...@davemloft.net kuz...@ms2.inr.ac.ru linux-...@vger.kernel.org
net...@vger.kernel.org yosh...@linux-ipv6.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ebe63a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
device bridge0 left promiscuous mode
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 13923 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #370
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:rht_key_hashfn include/linux/rhashtable.h:277 [inline]
RIP: 0010:__rhashtable_lookup.isra.31.constprop.57+0x1f4/0x720
include/linux/rhashtable.h:630
RSP: 0018:ffff8801bd13f3e8 EFLAGS: 00010203
RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffffffff857b3987
RDX: 0000000000000000 RSI: ffffc90002be9000 RDI: 000000000000000c
RBP: ffff8801bd13f5c0 R08: 1ffff10037a27dfb R09: 0000000000000002
R10: ffff8801bd13f4a0 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801bd13f778 R14: ffff8801bd13f698 R15: ffff8801bd13f598
FS: 00007fa3bb46d700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 00000001d6de3002 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
rhltable_lookup include/linux/rhashtable.h:716 [inline]
ipmr_cache_find net/ipv4/ipmr.c:994 [inline]
ipmr_ioctl+0x42e/0xab0 net/ipv4/ipmr.c:1699
raw_ioctl+0x139/0x240 net/ipv4/raw.c:936
inet_ioctl+0x2d4/0x310 net/ipv4/af_inet.c:924
sock_do_ioctl+0xef/0x390 net/socket.c:958
sock_ioctl+0x367/0x670 net/socket.c:1081
vfs_ioctl fs/ioctl.c:46 [inline]
do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4548b9
RSP: 002b:00007fa3bb46cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa3bb46d6d4 RCX: 00000000004548b9
RDX: 0000000020000000 RSI: 00000000000089e1 RDI: 0000000000000014
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000003ac R14: 00000000006f78c0 R15: 0000000000000000
Code: 01 d8 48 89 85 58 fe ff ff e8 99 8f f6 fb 48 8b 85 50 fe ff ff 49 8d
7c 24 0c 31 d2 48 c1 e8 03 66 89 14 18 48 89 f8 48 c1 e8 03 <0f> b6 14 18
48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP: rht_key_hashfn include/linux/rhashtable.h:277 [inline] RSP:
ffff8801bd13f3e8
RIP: __rhashtable_lookup.isra.31.constprop.57+0x1f4/0x720
include/linux/rhashtable.h:630 RSP: ffff8801bd13f3e8
---[ end trace 0f8a2197f96a0d4d ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
syzbot hit the following crash on upstream commit
0b412605ef5f5c64b31f19e2910b1d5eba9929c3 (Thu Mar 29 01:07:23 2018 +0000)
Merge tag 'drm-fixes-for-v4.16-rc8' of
git://people.freedesktop.org/~airlied/linux
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=ebe63a0a735cfad556c7
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5481689501401088
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-8440362230543204781
compiler: gcc (GCC) 7.1.1 20170620
CC: [da...@davemloft.net kuz...@ms2.inr.ac.ru linux-...@vger.kernel.org
net...@vger.kernel.org yosh...@linux-ipv6.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ebe63a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
device bridge0 left promiscuous mode
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 13923 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #370
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:rht_key_hashfn include/linux/rhashtable.h:277 [inline]
RIP: 0010:__rhashtable_lookup.isra.31.constprop.57+0x1f4/0x720
include/linux/rhashtable.h:630
RSP: 0018:ffff8801bd13f3e8 EFLAGS: 00010203
RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffffffff857b3987
RDX: 0000000000000000 RSI: ffffc90002be9000 RDI: 000000000000000c
RBP: ffff8801bd13f5c0 R08: 1ffff10037a27dfb R09: 0000000000000002
R10: ffff8801bd13f4a0 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801bd13f778 R14: ffff8801bd13f698 R15: ffff8801bd13f598
FS: 00007fa3bb46d700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200000c0 CR3: 00000001d6de3002 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
rhltable_lookup include/linux/rhashtable.h:716 [inline]
ipmr_cache_find net/ipv4/ipmr.c:994 [inline]
ipmr_ioctl+0x42e/0xab0 net/ipv4/ipmr.c:1699
raw_ioctl+0x139/0x240 net/ipv4/raw.c:936
inet_ioctl+0x2d4/0x310 net/ipv4/af_inet.c:924
sock_do_ioctl+0xef/0x390 net/socket.c:958
sock_ioctl+0x367/0x670 net/socket.c:1081
vfs_ioctl fs/ioctl.c:46 [inline]
do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4548b9
RSP: 002b:00007fa3bb46cc68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa3bb46d6d4 RCX: 00000000004548b9
RDX: 0000000020000000 RSI: 00000000000089e1 RDI: 0000000000000014
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000003ac R14: 00000000006f78c0 R15: 0000000000000000
Code: 01 d8 48 89 85 58 fe ff ff e8 99 8f f6 fb 48 8b 85 50 fe ff ff 49 8d
7c 24 0c 31 d2 48 c1 e8 03 66 89 14 18 48 89 f8 48 c1 e8 03 <0f> b6 14 18
48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85
RIP: rht_key_hashfn include/linux/rhashtable.h:277 [inline] RSP:
ffff8801bd13f3e8
RIP: __rhashtable_lookup.isra.31.constprop.57+0x1f4/0x720
include/linux/rhashtable.h:630 RSP: ffff8801bd13f3e8
---[ end trace 0f8a2197f96a0d4d ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
syzbot
Feb 22, 2019, 5:26:12 AM2/22/19
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages