Hello,
syzbot found the following crash on:
HEAD commit: e53f31bf Merge tag '5.1-rc5-smb3-fixes' of git://git.samba..
git tree: upstream
console output:
https://syzkaller.appspot.com/x/log.txt?x=174ea35b200000
kernel config:
https://syzkaller.appspot.com/x/.config?x=856fc6d0fbbeede9
dashboard link:
https://syzkaller.appspot.com/bug?extid=15927486a4f1bfcbaf91
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=166cf35b200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by:
syzbot+159274...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 12999 Comm: syz-executor.0 Not tainted 5.1.0-rc5+ #73
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:fanotify_get_fsid fs/notify/fanotify/fanotify.c:352 [inline]
RIP: 0010:fanotify_handle_event+0x7d0/0xc40
fs/notify/fanotify/fanotify.c:412
Code: ff ff 48 8b 18 48 8d 7b 68 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85
47 04 00 00 48 8b 5b 68 48 8d 7b 3c 48 89 fa 48 c1 ea 03 <42> 0f b6 0c 3a
48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85
RSP: 0018:ffff8880a8947b78 EFLAGS: 00010203
RAX: 1ffff110127b460d RBX: 0000000000000000 RCX: ffffffff81c41e9e
RDX: 0000000000000007 RSI: ffffffff81c41eab RDI: 000000000000003c
RBP: ffff8880a8947cc0 R08: ffff888087904240 R09: 0000000000000000
R10: ffff888087904b10 R11: ffff888087904240 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
FS: 00007f9f15bf7700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9f15bb4db8 CR3: 000000008d545000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
send_to_group fs/notify/fsnotify.c:243 [inline]
fsnotify+0x725/0xbc0 fs/notify/fsnotify.c:381
fsnotify_path include/linux/fsnotify.h:54 [inline]
fsnotify_path include/linux/fsnotify.h:47 [inline]
fsnotify_modify include/linux/fsnotify.h:263 [inline]
vfs_write+0x4dc/0x580 fs/read_write.c:551
ksys_write+0x14f/0x2d0 fs/read_write.c:599
__do_sys_write fs/read_write.c:611 [inline]
__se_sys_write fs/read_write.c:608 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:608
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458c29
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f9f15bf6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29
RDX: 0000000000000007 RSI: 0000000020000080 RDI: 0000000000000005
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9f15bf76d4
R13: 00000000004c8386 R14: 00000000004de8b8 R15: 00000000ffffffff
Modules linked in:
---[ end trace 026b9c3311d87f36 ]---
RIP: 0010:fanotify_get_fsid fs/notify/fanotify/fanotify.c:352 [inline]
RIP: 0010:fanotify_handle_event+0x7d0/0xc40
fs/notify/fanotify/fanotify.c:412
Code: ff ff 48 8b 18 48 8d 7b 68 48 89 f8 48 c1 e8 03 42 80 3c 38 00 0f 85
47 04 00 00 48 8b 5b 68 48 8d 7b 3c 48 89 fa 48 c1 ea 03 <42> 0f b6 0c 3a
48 89 fa 83 e2 07 83 c2 03 38 ca 7c 08 84 c9 0f 85
RSP: 0018:ffff8880a8947b78 EFLAGS: 00010203
RAX: 1ffff110127b460d RBX: 0000000000000000 RCX: ffffffff81c41e9e
RDX: 0000000000000007 RSI: ffffffff81c41eab RDI: 000000000000003c
RBP: ffff8880a8947cc0 R08: ffff888087904240 R09: 0000000000000000
R10: ffff888087904b10 R11: ffff888087904240 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000001 R15: dffffc0000000000
FS: 00007f9f15bf7700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9f15bb4db8 CR3: 000000008d545000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches