syzbot


general protection fault in cdev_del

Status: upstream: reported C repro on 2019/12/04 03:14
Subsystems: vfs
[Documentation on labels]
Reported-by: syzbot+3ed778aa210a888794e3@syzkaller.appspotmail.com
First crash: 1540d, last: 353d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in cdev_del (2) fs C error 45 967d 1245d 20/26 fixed on 2021/11/10 00:50
upstream general protection fault in cdev_del usb fs C 315 1262d 1730d 15/26 fixed on 2020/09/16 22:51
linux-4.19 general protection fault in cdev_del vfs C 415 351d 1535d 0/1 upstream: reported C repro on 2019/12/09 03:59
Fix bisection attempts (6)
Created Duration User Patch Repo Result
2021/11/13 21:21 25m bisect fix linux-4.14.y job log (0) log
2021/10/14 20:43 28m bisect fix linux-4.14.y job log (0) log
2021/09/14 20:17 25m bisect fix linux-4.14.y job log (0) log
2021/08/15 19:48 28m bisect fix linux-4.14.y job log (0) log
2021/07/16 19:24 24m bisect fix linux-4.14.y job log (0) log
2021/06/16 19:01 22m bisect fix linux-4.14.y job log (0) log

Sample crash report:
RBP: 00007ffec2c481d0 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7957 Comm: syz-executor308 Not tainted 4.14.304-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
task: ffff8880b4cb4100 task.stack: ffff88809a3d8000
RIP: 0010:cdev_del+0x22/0x90 fs/char_dev.c:602
RSP: 0018:ffff88809a3dfb90 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: ffff8880af05df00 RCX: 0000000000000000
RDX: 000000000000000c RSI: ffff8880b4cb4988 RDI: 0000000000000064
RBP: 0000000000000000 R08: ffffffff8b9da690 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880af05df08
R13: ffff8880af04c9c8 R14: ffff8880a11730c0 R15: ffff8880a1f35818
FS:  0000555556685300(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000565140838160 CR3: 0000000008e6a000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tty_unregister_device drivers/tty/tty_io.c:3046 [inline]
 tty_unregister_device+0x101/0x1a0 drivers/tty/tty_io.c:3041
 gsmld_detach_gsm drivers/tty/n_gsm.c:2361 [inline]
 gsmld_close+0xaa/0x1f0 drivers/tty/n_gsm.c:2430
 tty_ldisc_close+0x8c/0xc0 drivers/tty/tty_ldisc.c:505
 tty_ldisc_kill drivers/tty/tty_ldisc.c:651 [inline]
 tty_ldisc_release+0xe8/0x400 drivers/tty/tty_ldisc.c:818
 tty_release_struct+0x20/0xe0 drivers/tty/tty_io.c:1603
 tty_release+0xb3f/0x10d0 drivers/tty/tty_io.c:1776
 __fput+0x25f/0x7a0 fs/file_table.c:210
 task_work_run+0x11f/0x190 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0xa44/0x2850 kernel/exit.c:868
 do_group_exit+0x100/0x2e0 kernel/exit.c:965
 SYSC_exit_group kernel/exit.c:976 [inline]
 SyS_exit_group+0x19/0x20 kernel/exit.c:974
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7f047652dcf9
RSP: 002b:00007ffec2c48168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f04765a23f0 RCX: 00007f047652dcf9
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f04765a23f0
R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
Code: c5 3e f7 ff eb d2 0f 1f 00 55 48 89 fd 48 83 ec 08 e8 f3 7b cd ff 48 8d 7d 64 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 4f 
RIP: cdev_del+0x22/0x90 fs/char_dev.c:602 RSP: ffff88809a3dfb90
---[ end trace 5a01e659fa6a90fc ]---
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	3e f7 ff             	ds idiv %edi
   3:	eb d2                	jmp    0xffffffd7
   5:	0f 1f 00             	nopl   (%rax)
   8:	55                   	push   %rbp
   9:	48 89 fd             	mov    %rdi,%rbp
   c:	48 83 ec 08          	sub    $0x8,%rsp
  10:	e8 f3 7b cd ff       	callq  0xffcd7c08
  15:	48 8d 7d 64          	lea    0x64(%rbp),%rdi
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 14 02          	movzbl (%rdx,%rax,1),%edx <-- trapping instruction
  2e:	48 89 f8             	mov    %rdi,%rax
  31:	83 e0 07             	and    $0x7,%eax
  34:	83 c0 03             	add    $0x3,%eax
  37:	38 d0                	cmp    %dl,%al
  39:	7c 04                	jl     0x3f
  3b:	84 d2                	test   %dl,%dl
  3d:	75 4f                	jne    0x8e

Crashes (279):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/25 08:49 linux-4.14.y 3949d1610004 9dfcf09c .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/01/22 12:46 linux-4.14.y 97205fccccdc cc0f9968 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2022/10/09 10:47 linux-4.14.y 9d5c0b3a8e1a aea5da89 .config console log report syz C [disk image] [vmlinux] ci2-linux-4-14 general protection fault in cdev_del
2022/06/30 06:38 linux-4.14.y f051383ef03b 1434eec0 .config console log report syz C ci2-linux-4-14 general protection fault in cdev_del
2022/05/21 00:16 linux-4.14.y dffb5c6ff09c bd37ad7e .config console log report syz C ci2-linux-4-14 general protection fault in cdev_del
2019/12/04 02:46 linux-4.14.y fbc5fe7a54d0 0ecb9746 .config console log report syz C ci2-linux-4-14
2023/03/05 06:38 linux-4.14.y 7878a41b6cc1 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/03/04 14:19 linux-4.14.y 7878a41b6cc1 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/02/19 18:46 linux-4.14.y a8ad60f2af58 bcdf85f8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/02/11 10:02 linux-4.14.y a8ad60f2af58 93e26d60 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/01/30 09:47 linux-4.14.y 3949d1610004 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/01/22 12:33 linux-4.14.y 97205fccccdc cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/01/13 09:09 linux-4.14.y c4215ee4771b 96166539 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2023/01/02 07:26 linux-4.14.y c4215ee4771b ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2022/11/21 01:08 linux-4.14.y e911713e40ca 5bb70014 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2022/11/04 13:57 linux-4.14.y a901bb6c7db7 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in cdev_del
2022/09/30 14:33 linux-4.14.y 9d5c0b3a8e1a 45fd7169 .config console log report info [disk image] [vmlinux] ci2-linux-4-14 general protection fault in cdev_del
2022/09/22 12:23 linux-4.14.y 4edbf74132a4 60af5050 .config console log report info [disk image] [vmlinux] ci2-linux-4-14 general protection fault in cdev_del
2022/09/19 10:51 linux-4.14.y 5df8b4735177 dd9a85ff .config console log report info [disk image] [vmlinux] ci2-linux-4-14 general protection fault in cdev_del
2022/09/17 01:04 linux-4.14.y 5df8b4735177 dd9a85ff .config console log report info [disk image] [vmlinux] ci2-linux-4-14 general protection fault in cdev_del
2022/09/09 15:31 linux-4.14.y 65640c873dcf 90058bdc .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/08/18 14:35 linux-4.14.y b641242202ed d58e263f .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/08/07 09:31 linux-4.14.y b641242202ed 88e3a122 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/08/07 00:27 linux-4.14.y b641242202ed 88e3a122 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/08/04 10:04 linux-4.14.y b641242202ed 1c9013ac .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/31 19:47 linux-4.14.y b641242202ed fef302b1 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/29 06:55 linux-4.14.y 9c3bf9cf362f fb95c74d .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/23 22:36 linux-4.14.y 9c3bf9cf362f 22343af4 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/23 00:43 linux-4.14.y 9c3bf9cf362f 22343af4 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/17 13:31 linux-4.14.y 424a46ea058e 95cb00d1 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/09 23:25 linux-4.14.y 1048779a1d7d b5765a15 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/08 05:20 linux-4.14.y 1048779a1d7d bff65f44 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/07/05 03:41 linux-4.14.y ed2e96e11936 bff65f44 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/06/19 00:37 linux-4.14.y 84bae26850e3 8f633d84 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/06/08 07:07 linux-4.14.y b8f3be299d51 b2706118 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/06/02 07:52 linux-4.14.y 501eec4f9e13 b4bc6a3d .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/05/30 11:56 linux-4.14.y 501eec4f9e13 a46af346 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/05/05 17:18 linux-4.14.y e3a56aaade89 b3f09415 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/05/02 21:49 linux-4.14.y e3a56aaade89 2df221f6 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/26 02:15 linux-4.14.y 15a1c6b6f516 152baedd .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/21 10:25 linux-4.14.y 15a1c6b6f516 d4befee1 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/19 02:47 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/15 00:23 linux-4.14.y 74766a973637 b17b2923 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/14 11:57 linux-4.14.y 74766a973637 b17b2923 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/12 05:01 linux-4.14.y 74766a973637 af01ee7d .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/10 15:21 linux-4.14.y 74766a973637 e22c3da3 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/10 03:01 linux-4.14.y 74766a973637 e22c3da3 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/08 13:11 linux-4.14.y 74766a973637 c6ff3e05 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/04/05 13:50 linux-4.14.y 74766a973637 5915c2cb .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/03/29 18:44 linux-4.14.y af1af6ebca0e 6bdac766 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/03/26 13:47 linux-4.14.y 004bfaafc45c 89bc8608 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/03/26 04:59 linux-4.14.y 004bfaafc45c 89bc8608 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/03/21 02:59 linux-4.14.y eb045674aab3 e2d91b1d .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2022/03/03 20:49 linux-4.14.y e853993d29aa 45a13a73 .config console log report info ci2-linux-4-14 general protection fault in cdev_del
2021/01/15 01:27 linux-4.14.y f79dc86058bc 468dbb55 .config console log report info ci2-linux-4-14
* Struck through repros no longer work on HEAD.