general protection fault in shmem_get_next

Title	Replies (including bot)	Last reply
[syzbot] [mm?] general protection fault in shmem_get_next_id	5 (7)	2024/04/12 16:23

Title

Replies (including bot)

Last reply

[syzbot] [mm?] general protection fault in shmem_get_next_id

5 (7)

2024/04/12 16:23


Created	Duration	User	Patch	Repo	Result
2024/04/24 04:04	21m	retest repro		upstream	OK log
2024/04/24 04:04	22m	retest repro		upstream	OK log
2024/04/24 04:04	2h24m	retest repro		upstream	OK log
2024/04/02 13:00	12h09m	hdanton@sina.com	patch	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git fe46a7dd189e	OK log

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 5070 Comm: syz-executor253 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:shmem_get_next_id+0x92/0x5c0 mm/shmem_quota.c:119 Code: 04 db 49 8d 9c c6 90 02 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 f8 66 1b 00 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 df 66 1b 00 4c 8b 23 48 8d 5d 07 RSP: 0018:ffffc900043a7be0 EFLAGS: 00010256 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8880266c8000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: ffffc900043a7d00 R08: ffffffff81dcdd47 R09: ffffffff822e7d5a R10: 0000000000000003 R11: ffffffff81dcdcf0 R12: 1ffff92000874fa0 R13: ffff888022110000 R14: ffff888022110000 R15: dffffc0000000000 FS: 0000555578677380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001000 CR3: 000000007a384000 CR4: 0000000000350ef0 Call Trace: <TASK> dquot_get_next_dqblk+0x75/0x3a0 fs/quota/dquot.c:2705 quota_getnextquota+0x2c7/0x6c0 fs/quota/quota.c:250 __do_sys_quotactl_fd fs/quota/quota.c:1002 [inline] __se_sys_quotactl_fd+0x2a1/0x440 fs/quota/quota.c:973 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f5c0349b329 Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc39d71138 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb RAX: ffffffffffffffda RBX: 0031656c69662f2e RCX: 00007f5c0349b329 RDX: 0000000000000000 RSI: ffffffff80000901 RDI: 0000000000000003 RBP: 00007f5c0350e610 R08: 0000000000000000 R09: 00007ffc39d71308 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffc39d712f8 R14: 0000000000000001 R15: 0000000000000001 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:shmem_get_next_id+0x92/0x5c0 mm/shmem_quota.c:119 Code: 04 db 49 8d 9c c6 90 02 00 00 48 89 d8 48 c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 f8 66 1b 00 48 8b 1b 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 df 66 1b 00 4c 8b 23 48 8d 5d 07 RSP: 0018:ffffc900043a7be0 EFLAGS: 00010256 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8880266c8000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004 RBP: ffffc900043a7d00 R08: ffffffff81dcdd47 R09: ffffffff822e7d5a R10: 0000000000000003 R11: ffffffff81dcdcf0 R12: 1ffff92000874fa0 R13: ffff888022110000 R14: ffff888022110000 R15: dffffc0000000000 FS: 0000555578677380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001000 CR3: 000000007a384000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess): 0: 04 db add $0xdb,%al 2: 49 8d 9c c6 90 02 00 lea 0x290(%r14,%rax,8),%rbx 9: 00 a: 48 89 d8 mov %rbx,%rax d: 48 c1 e8 03 shr $0x3,%rax 11: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) 16: 74 08 je 0x20 18: 48 89 df mov %rbx,%rdi 1b: e8 f8 66 1b 00 call 0x1b6718 20: 48 8b 1b mov (%rbx),%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 df mov %rbx,%rdi 34: e8 df 66 1b 00 call 0x1b6718 39: 4c 8b 23 mov (%rbx),%r12 3c: 48 8d 5d 07 lea 0x7(%rbp),%rbx

Crashes (19):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/03/29 07:23	upstream	fe46a7dd189e	120789fd	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	general protection fault in shmem_get_next_id
2024/03/29 07:22	upstream	fe46a7dd189e	120789fd	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	general protection fault in shmem_get_next_id
2024/03/29 07:16	upstream	fe46a7dd189e	120789fd	.config	strace log	report	syz	C		[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	general protection fault in shmem_get_next_id
2024/04/10 00:26	upstream	fe46a7dd189e	56086b24	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	general protection fault in shmem_get_next_id
2024/04/09 19:11	upstream	fe46a7dd189e	56086b24	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	general protection fault in shmem_get_next_id
2024/04/09 19:07	upstream	fe46a7dd189e	56086b24	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	general protection fault in shmem_get_next_id
2024/04/09 19:06	upstream	fe46a7dd189e	56086b24	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	general protection fault in shmem_get_next_id
2024/04/02 13:36	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	general protection fault in shmem_get_next_id
2024/04/02 07:31	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	general protection fault in shmem_get_next_id
2024/04/01 18:32	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	general protection fault in shmem_get_next_id
2024/04/01 11:11	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	general protection fault in shmem_get_next_id
2024/04/01 04:48	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	general protection fault in shmem_get_next_id
2024/04/01 04:47	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	general protection fault in shmem_get_next_id
2024/04/01 04:46	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	general protection fault in shmem_get_next_id
2024/03/31 09:55	upstream	fe46a7dd189e	6baf5069	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	general protection fault in shmem_get_next_id
2024/03/29 07:49	upstream	fe46a7dd189e	120789fd	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-badwrites-root	general protection fault in shmem_get_next_id
2024/03/29 07:01	upstream	fe46a7dd189e	120789fd	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-smack-root	general protection fault in shmem_get_next_id
2024/03/29 07:00	upstream	fe46a7dd189e	120789fd	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-root	general protection fault in shmem_get_next_id
2024/03/29 06:52	upstream	fe46a7dd189e	120789fd	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci-upstream-kasan-gce-selinux-root	general protection fault in shmem_get_next_id

Crashes (19):

Assets (help?)

2024/03/29 07:23

upstream