syzbot


general protection fault in page_mapping

Status: fixed on 2018/02/01 16:29
Subsystems: fs mm
[Documentation on labels]
Reported-by: syzbot+2ae755141b3df39bc92fbca1cb7272b7de1334b5@syzkaller.appspotmail.com
Fix commit: 7d11f77f84b2 RDS: null pointer dereference in rds_atomic_free_op
First crash: 2364d, last: 2331d

Sample crash report:
audit: type=1400 audit(1513613066.953:7): avc:  denied  { map } for  pid=3142 comm="syzkaller235630" path="/root/syzkaller235630333" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 3142 Comm: syzkaller235630 Not tainted 4.15.0-rc4+ #227
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__read_once_size include/linux/compiler.h:183 [inline]
RIP: 0010:compound_head include/linux/page-flags.h:147 [inline]
RIP: 0010:page_mapping+0xa4/0x530 mm/util.c:475
RSP: 0018:ffff8801ca5d7320 EFLAGS: 00010202
RAX: 0000000000000004 RBX: 1ffff100394bae65 RCX: ffffffff81949ded
RDX: 0000000000000000 RSI: 1ffff100394baf03 RDI: 0000000000000000
RBP: ffff8801ca5d7470 R08: ffffed00394d1972 R09: ffff8801ca68cb70
R10: ffff8801ca855888 R11: ffffed00394d1971 R12: 0000000000000000
R13: ffff8801ca5d7448 R14: dffffc0000000000 R15: 0000000000000020
FS:  0000000000f8a880(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020fc8000 CR3: 00000001db156001 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 set_page_dirty+0xb9/0x5d0 mm/page-writeback.c:2544
 rds_atomic_free_op+0xc2/0x330 net/rds/rdma.c:481
 rds_message_purge net/rds/message.c:79 [inline]
 rds_message_put+0x53c/0x6b0 net/rds/message.c:91
 rds_sendmsg+0x14ee/0x1f90 net/rds/send.c:1204
 sock_sendmsg_nosec net/socket.c:636 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:646
 ___sys_sendmsg+0x755/0x890 net/socket.c:2026
 __sys_sendmsg+0xe5/0x210 net/socket.c:2060
 SYSC_sendmsg net/socket.c:2071 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2067
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x43fea9
RSP: 002b:00007ffc603ac968 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fea9
RDX: 0000000000000000 RSI: 0000000020002000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401810
R13: 00000000004018a0 R14: 0000000000000000 R15: 0000000000000000
Code: f2 f2 f2 c7 40 14 00 f2 f2 f2 c7 40 18 f2 f2 f2 f2 c7 40 1c 00 f2 f2 f2 c7 40 20 f3 f3 f3 f3 e8 d3 37 db ff 4c 89 f8 48 c1 e8 03 <42> 80 3c 30 00 0f 85 3c 04 00 00 4d 8d b5 00 ff ff ff 48 ba 00 
RIP: __read_once_size include/linux/compiler.h:183 [inline] RSP: ffff8801ca5d7320
RIP: compound_head include/linux/page-flags.h:147 [inline] RSP: ffff8801ca5d7320
RIP: page_mapping+0xa4/0x530 mm/util.c:475 RSP: ffff8801ca5d7320
---[ end trace 3630832bd9a1166a ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (46):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/18 16:06 upstream 1291a0d5049d 1c4160ef .config console log report syz C ci-upstream-kasan-gce
2017/12/13 14:39 upstream d39a01eff9af ce7f2399 .config console log report syz C ci-upstream-kasan-gce
2017/12/09 11:52 upstream f335195adf04 5ad0ce95 .config console log report syz C ci-upstream-kasan-gce
2017/12/18 16:06 net-next-old c30abd5e40dd 1c4160ef .config console log report syz C ci-upstream-net-kasan-gce
2017/12/13 11:40 net-next-old 48d79b49e168 ce7f2399 .config console log report syz C ci-upstream-net-kasan-gce
2017/12/08 16:55 net-next-old 66c5c5b56682 b0fa969c .config console log report syz C ci-upstream-net-kasan-gce
2017/12/19 17:12 mmots 82bcf1def3b5 af9163c7 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/12/15 14:15 mmots 82bcf1def3b5 ac20b98c .config console log report syz C ci-upstream-mmots-kasan-gce
2017/12/10 02:51 linux-next ad4dac17f9d5 5ad0ce95 .config console log report syz C ci-upstream-next-kasan-gce
2017/12/08 16:42 mmots 82bcf1def3b5 b0fa969c .config console log report syz C ci-upstream-mmots-kasan-gce
2017/12/07 12:05 upstream 968edbd93c0c 5d643f8e .config console log report syz ci-upstream-kasan-gce-386
2017/12/07 08:17 upstream e56d565d67ae 5d643f8e .config console log report syz ci-upstream-kasan-gce-386
2018/01/09 10:13 upstream d32da5841b0f 11dc42f6 .config console log report ci-upstream-kasan-gce
2017/12/29 12:54 upstream 2758b3e3e630 7d240098 .config console log report ci-upstream-kasan-gce
2017/12/23 07:23 upstream 9c294ec08408 73aba437 .config console log report ci-upstream-kasan-gce
2017/12/22 06:20 upstream 9035a8961b50 81fe66b4 .config console log report ci-upstream-kasan-gce
2017/12/10 16:36 upstream 4ded3bec65a0 5ad0ce95 .config console log report ci-upstream-kasan-gce
2017/12/09 21:59 upstream f335195adf04 5ad0ce95 .config console log report ci-upstream-kasan-gce
2017/12/09 06:03 upstream 3625de4b2872 5ad0ce95 .config console log report ci-upstream-kasan-gce
2018/01/01 07:46 upstream 30a7acd57389 00193447 .config console log report ci-upstream-kasan-gce-386
2017/12/28 09:20 upstream 5f520fc31876 7d240098 .config console log report ci-upstream-kasan-gce-386
2017/12/28 05:01 upstream 5f520fc31876 7d240098 .config console log report ci-upstream-kasan-gce-386
2017/12/26 10:33 upstream 464e1d5f23cc 73aba437 .config console log report ci-upstream-kasan-gce-386
2017/12/25 20:19 upstream 464e1d5f23cc 73aba437 .config console log report ci-upstream-kasan-gce-386
2017/12/25 17:26 upstream 464e1d5f23cc 73aba437 .config console log report ci-upstream-kasan-gce-386
2017/12/24 02:48 upstream caf9a82657b3 73aba437 .config console log report ci-upstream-kasan-gce-386
2017/12/22 14:34 upstream ead68f216110 81fe66b4 .config console log report ci-upstream-kasan-gce-386
2017/12/22 07:50 upstream 9035a8961b50 81fe66b4 .config console log report ci-upstream-kasan-gce-386
2017/12/21 22:52 upstream 9035a8961b50 81fe66b4 .config console log report ci-upstream-kasan-gce-386
2017/12/07 11:48 upstream 968edbd93c0c 5d643f8e .config console log report ci-upstream-kasan-gce-386
2017/12/07 07:47 upstream e56d565d67ae 5d643f8e .config console log report ci-upstream-kasan-gce-386
2018/01/07 09:56 net-next-old d0adb51edb73 19c05fff .config console log report ci-upstream-net-kasan-gce
2018/01/07 05:24 net-next-old d0adb51edb73 19c05fff .config console log report ci-upstream-net-kasan-gce
2018/01/04 17:13 net-next-old 4b24dd802280 00193447 .config console log report ci-upstream-net-kasan-gce
2018/01/03 23:08 net-next-old 4b24dd802280 00193447 .config console log report ci-upstream-net-kasan-gce
2018/01/01 18:13 net-next-old 6bb8824732f6 00193447 .config console log report ci-upstream-net-kasan-gce
2017/12/31 02:54 net-next-old 6bb8824732f6 bb6384b8 .config console log report ci-upstream-net-kasan-gce
2017/12/30 16:41 net-next-old 6bb8824732f6 bb6384b8 .config console log report ci-upstream-net-kasan-gce
2017/12/28 02:56 net-next-old 55b07a65e15b 7d240098 .config console log report ci-upstream-net-kasan-gce
2017/12/26 20:50 net-next-old 243dc5fb4697 73aba437 .config console log report ci-upstream-net-kasan-gce
2017/12/22 11:32 net-next-old 0a80f0c26bf5 81fe66b4 .config console log report ci-upstream-net-kasan-gce
2017/12/22 08:26 net-next-old 90bbec0f912a 81fe66b4 .config console log report ci-upstream-net-kasan-gce
2018/01/05 04:07 linux-next 73005e1a35fd 00193447 .config console log report ci-upstream-next-kasan-gce
2017/12/31 10:11 mmots 37759fa6d0fa bb6384b8 .config console log report ci-upstream-mmots-kasan-gce
2017/12/22 01:51 mmots 37759fa6d0fa 81fe66b4 .config console log report ci-upstream-mmots-kasan-gce
2017/12/08 16:15 mmots 82bcf1def3b5 b0fa969c .config console log report ci-upstream-mmots-kasan-gce
* Struck through repros no longer work on HEAD.