syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in __kmalloc

Status: closed as invalid on 2018/06/27 15:18
Subsystems: mm
[Documentation on labels]
First crash: 2472d, last: 2457d

Sample crash report:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x87b/0xab0 lib/fault-inject.c:149
 should_failslab+0x279/0x2a0 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc_node mm/slub.c:2663 [inline]
 slab_alloc mm/slub.c:2745 [inline]
 __kmalloc+0xc2/0x350 mm/slub.c:3785
 kmalloc include/linux/slab.h:517 [inline]
 kzalloc include/linux/slab.h:701 [inline]
 drbg_alloc_state crypto/drbg.c:1206 [inline]
 drbg_instantiate crypto/drbg.c:1481 [inline]
 drbg_kcapi_seed+0x129f/0x2270 crypto/drbg.c:1880
general protection fault: 0000 [#1] SMP PTI
 crypto_rng_reset+0x262/0x310 crypto/rng.c:52
Dumping ftrace buffer:
 rng_setkey+0x8b/0xa0 crypto/algif_rng.c:167
   (ftrace buffer empty)
 alg_setkey crypto/af_alg.c:223 [inline]
 alg_setsockopt+0x6c5/0x740 crypto/af_alg.c:256
Modules linked in:
CPU: 0 PID: 4561 Comm: syz-executor7 Not tainted 4.16.0+ #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 SYSC_setsockopt+0x4b8/0x570 net/socket.c:1849
RIP: 0010:get_freepointer mm/slub.c:270 [inline]
RIP: 0010:get_freepointer_safe mm/slub.c:285 [inline]
RIP: 0010:slab_alloc_node mm/slub.c:2706 [inline]
RIP: 0010:slab_alloc mm/slub.c:2745 [inline]
RIP: 0010:__kmalloc+0x13b/0x350 mm/slub.c:3785
 SyS_setsockopt+0x76/0xa0 net/socket.c:1828
RSP: 0018:ffff88019da5f7c8 EFLAGS: 00010286
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
RAX: 0000000000000000 RBX: ffff88021fc420f0 RCX: ffff8801ceb99d00
RDX: 0000000000004e48 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000
RBP: ffff88019da5f828 R08: ffff88021f005500 R09: 0000000000000002
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
R10: 0000000000000000 R11: ffff88019da50000 R12: 746e6e6f635f666e
RIP: 0033:0x455979
R13: ffff88021f005500 R14: ffff8801ceb9a698 R15: 00000000014080c0
RSP: 002b:00007ffcc1d7f998 EFLAGS: 00000246
FS:  0000000000f45940(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
 ORIG_RAX: 0000000000000036
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RAX: ffffffffffffffda RBX: 0000000001769914 RCX: 0000000000455979
CR2: 000000000093002d CR3: 000000019da44000 CR4: 00000000001406f0
RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000004
R13: 000000000000055e R14: 00000000006fc170 R15: 0000000000000004
Call Trace:
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
 kmalloc include/linux/slab.h:517 [inline]
 kzalloc include/linux/slab.h:701 [inline]
 __register_sysctl_table+0x17c/0x29f0 fs/proc/proc_sysctl.c:1298
CPU: 1 PID: 4575 Comm: syz-executor4 Not tainted 4.16.0+ #87
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 register_net_sysctl+0x9f/0xb0 net/sysctl_net.c:120
Call Trace:
 xfrm6_net_sysctl_init net/ipv6/xfrm6_policy.c:340 [inline]
 xfrm6_net_init+0x255/0x400 net/ipv6/xfrm6_policy.c:387
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x87b/0xab0 lib/fault-inject.c:149
 ops_init+0x60f/0x7b0 net/core/net_namespace.c:118
 should_failslab+0x279/0x2a0 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc_node mm/slub.c:2663 [inline]
 slab_alloc mm/slub.c:2745 [inline]
 __kmalloc+0xc2/0x350 mm/slub.c:3785
 setup_net+0x213/0xcf0 net/core/net_namespace.c:302
 kmalloc include/linux/slab.h:517 [inline]
 kzalloc include/linux/slab.h:701 [inline]
 drbg_alloc_state crypto/drbg.c:1206 [inline]
 drbg_instantiate crypto/drbg.c:1481 [inline]
 drbg_kcapi_seed+0x129f/0x2270 crypto/drbg.c:1880
 copy_net_ns+0x572/0xc40 net/core/net_namespace.c:426
 create_new_namespaces+0x7f5/0xe80 kernel/nsproxy.c:107
 crypto_rng_reset+0x262/0x310 crypto/rng.c:52
 unshare_nsproxy_namespaces+0x23b/0x320 kernel/nsproxy.c:206
 rng_setkey+0x8b/0xa0 crypto/algif_rng.c:167
 SYSC_unshare+0x88c/0x10f0 kernel/fork.c:2408
 alg_setkey crypto/af_alg.c:223 [inline]
 alg_setsockopt+0x6c5/0x740 crypto/af_alg.c:256
 SyS_unshare+0x36/0x50 kernel/fork.c:2358
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 SYSC_setsockopt+0x4b8/0x570 net/socket.c:1849
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
 SyS_setsockopt+0x76/0xa0 net/socket.c:1828
RIP: 0033:0x458427
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
RSP: 002b:00007ffd7da03588 EFLAGS: 00000202
 ORIG_RAX: 0000000000000110
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000458427
RIP: 0033:0x455979
RDX: 0000000000000000 RSI: 00007ffd7da03560 RDI: 0000000040000000
RSP: 002b:00007ffe69bb7868 EFLAGS: 00000246
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001a
R10: 0000000000000000 R11: 0000000000000202 R12: 00000000004117f0
 ORIG_RAX: 0000000000000036
R13: 0000000000411880 R14: 0000000000000000 R15: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000001b32914 RCX: 0000000000455979
Code: 
RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
8b 
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
18 
R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000004
65 
R13: 000000000000055e R14: 00000000006fc170 R15: 0000000000000004
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
48 8b 53 08 65 48 03 1c 25 28 a1 02 00 4c 
CPU: 1 PID: 4578 Comm: syz-executor5 Not tainted 4.16.0+ #87
8b 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
23 
Call Trace:
4d 
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
85 
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x87b/0xab0 lib/fault-inject.c:149
e4 
 should_failslab+0x279/0x2a0 mm/failslab.c:32
0f 
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc_node mm/slub.c:2663 [inline]
 slab_alloc mm/slub.c:2745 [inline]
 __kmalloc+0xc2/0x350 mm/slub.c:3785
84 
38 
 kmalloc include/linux/slab.h:517 [inline]
 kzalloc include/linux/slab.h:701 [inline]
 drbg_alloc_state crypto/drbg.c:1206 [inline]
 drbg_instantiate crypto/drbg.c:1481 [inline]
 drbg_kcapi_seed+0x129f/0x2270 crypto/drbg.c:1880
01 
00 
 crypto_rng_reset+0x262/0x310 crypto/rng.c:52
00 
 rng_setkey+0x8b/0xa0 crypto/algif_rng.c:167
48 
 alg_setkey crypto/af_alg.c:223 [inline]
 alg_setsockopt+0x6c5/0x740 crypto/af_alg.c:256
83 
7b 
10 
 SYSC_setsockopt+0x4b8/0x570 net/socket.c:1849
00 
 SyS_setsockopt+0x76/0xa0 net/socket.c:1828
0f 
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
84 
2d 
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
01 
RIP: 0033:0x455979
00 
RSP: 002b:00007ffd92459f68 EFLAGS: 00000246
00 
 ORIG_RAX: 0000000000000036
49 
RAX: ffffffffffffffda RBX: 0000000000c75914 RCX: 0000000000455979
RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
63 
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000004
40 
R13: 000000000000055e R14: 00000000006fc170 R15: 0000000000000004
20 
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
<49> 
CPU: 1 PID: 4579 Comm: syz-executor5 Not tainted 4.16.0+ #87
8b 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
1c 
Call Trace:
04 48 
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
89 
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x87b/0xab0 lib/fault-inject.c:149
d1 
 should_failslab+0x279/0x2a0 mm/failslab.c:32
48 
 slab_pre_alloc_hook mm/slab.h:422 [inline]
 slab_alloc_node mm/slub.c:2663 [inline]
 slab_alloc mm/slub.c:2745 [inline]
 __kmalloc+0xc2/0x350 mm/slub.c:3785
83 
c1 
 kmalloc include/linux/slab.h:517 [inline]
 kzalloc include/linux/slab.h:701 [inline]
 drbg_alloc_state crypto/drbg.c:1206 [inline]
 drbg_instantiate crypto/drbg.c:1481 [inline]
 drbg_kcapi_seed+0x129f/0x2270 crypto/drbg.c:1880
01 
49 
 crypto_rng_reset+0x262/0x310 crypto/rng.c:52
8b 
 rng_setkey+0x8b/0xa0 crypto/algif_rng.c:167
38 
 alg_setkey crypto/af_alg.c:223 [inline]
 alg_setsockopt+0x6c5/0x740 crypto/af_alg.c:256
4c 
89 
e0 
 SYSC_setsockopt+0x4b8/0x570 net/socket.c:1849
65 
 SyS_setsockopt+0x76/0xa0 net/socket.c:1828
48 
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
0f 
c7 
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x455979
RIP: get_freepointer mm/slub.c:270 [inline] RSP: ffff88019da5f7c8
RIP: get_freepointer_safe mm/slub.c:285 [inline] RSP: ffff88019da5f7c8
RIP: slab_alloc_node mm/slub.c:2706 [inline] RSP: ffff88019da5f7c8
RIP: slab_alloc mm/slub.c:2745 [inline] RSP: ffff88019da5f7c8
RIP: __kmalloc+0x13b/0x350 mm/slub.c:3785 RSP: ffff88019da5f7c8
RSP: 002b:00007ffd92459f68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000c75914 RCX: 0000000000455979
---[ end trace daeb94e6788ce821 ]---
RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000004

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/05/08 15:52 https://github.com/google/kmsan.git master d2d741e5d189 045bbd4a .config console log report syz ci-upstream-kmsan-gce
2018/05/05 18:34 https://github.com/google/kmsan.git master d2d741e5d189 6a0382b5 .config console log report syz ci-upstream-kmsan-gce
2018/05/03 14:16 https://github.com/google/kmsan.git master d2d741e5d189 9ce14f4b .config console log report ci-upstream-kmsan-gce
2018/04/25 07:21 https://github.com/google/kmsan.git master d2d741e5d189 37e76fe2 .config console log report ci-upstream-kmsan-gce
2018/04/24 19:41 https://github.com/google/kmsan.git master d2d741e5d189 37e76fe2 .config console log report ci-upstream-kmsan-gce
2018/04/24 07:55 https://github.com/google/kmsan.git master d2d741e5d189 e7e85d36 .config console log report ci-upstream-kmsan-gce
2018/04/23 17:23 https://github.com/google/kmsan.git master d2d741e5d189 0d8e591c .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.