syzbot


general protection fault in push_pipe

Status: auto-closed as invalid on 2021/08/17 04:05
Reported-by: syzbot+331f4012bcb5abab7c71@syzkaller.appspotmail.com
First crash: 1314d, last: 1314d

Sample crash report:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x149 lib/fault-inject.c:149
kasan: CONFIG_KASAN_INLINE enabled
 should_fail_alloc_page mm/page_alloc.c:2898 [inline]
 prepare_alloc_pages mm/page_alloc.c:4131 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4179
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 14683 Comm: syz-executor.3 Not tainted 4.14.231-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888099dce2c0 task.stack: ffff88803d0b8000
RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline]
RIP: 0010:rb_erase+0x29/0x1290 lib/rbtree.c:459
RSP: 0018:ffff88803d0bfa68 EFLAGS: 00010292
RAX: dffffc0000000000 RBX: ffff8880378f06b0 RCX: ffffc900098d0000
RDX: 0000000000000001 RSI: ffffffff8bf99ea0 RDI: 0000000000000008
RBP: 0000000000000000 R08: ffffffff8b9bbad0 R09: 0000000000040410
R10: ffff888099dceb70 R11: ffff888099dce2c0 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888043bfe9b8 R15: ffffffff8bf99ea0
FS:  00007efe415bc700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000050cb90 CR3: 00000000428b0000 CR4: 00000000001406e0
 alloc_pages_current+0x155/0x260 mm/mempolicy.c:2113
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 alloc_pages include/linux/gfp.h:520 [inline]
 push_pipe+0x3b0/0x750 lib/iov_iter.c:515
 integrity_inode_free+0x119/0x300 security/integrity/iint.c:146
 __pipe_get_pages lib/iov_iter.c:1035 [inline]
 pipe_get_pages_alloc lib/iov_iter.c:1139 [inline]
 iov_iter_get_pages_alloc+0x4d7/0xf00 lib/iov_iter.c:1157
 security_inode_free+0x14/0x80 security/security.c:443
 __destroy_inode+0x1e8/0x4d0 fs/inode.c:238
 destroy_inode+0x49/0x110 fs/inode.c:265
 iput_final fs/inode.c:1524 [inline]
 iput+0x458/0x7e0 fs/inode.c:1551
 default_file_splice_read+0x171/0x910 fs/splice.c:390
 swap_inode_boot_loader fs/ext4/ioctl.c:197 [inline]
 ext4_ioctl+0x16c5/0x3870 fs/ext4/ioctl.c:924
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 do_splice_to+0xfb/0x140 fs/splice.c:880
 splice_direct_to_actor+0x207/0x730 fs/splice.c:952
 do_splice_direct+0x164/0x210 fs/splice.c:1061
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 do_sendfile+0x47f/0xb30 fs/read_write.c:1441
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x466459
 SYSC_sendfile64 fs/read_write.c:1502 [inline]
 SyS_sendfile64+0xff/0x110 fs/read_write.c:1488
RSP: 002b:00007efe415bc188 EFLAGS: 00000246
 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000007
RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffff5ce4c7f R14: 00007efe415bc300 R15: 0000000000022000
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
Code: 
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
ff 
RIP: 0033:0x466459
ff 48 
RSP: 002b:00007fe92d19e188 EFLAGS: 00000246
b8 
 ORIG_RAX: 0000000000000028
00 
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
00 
RBP: 00007fe92d19e1d0 R08: 0000000000000000 R09: 0000000000000000
00 00 
R10: 000000000000edc0 R11: 0000000000000246 R12: 0000000000000001
00 
R13: 00007fffbb1dffbf R14: 00007fe92d19e300 R15: 0000000000022000
fc ff df 41 57 49 89 f7 41 56 41 55 41 54 49 89 fc 48 83 c7 08 48 89 fa 55 48 c1 ea 03 53 48 83 ec 18 <80> 3c 02 00 0f 85 f2 0c 00 00 49 8d 7c 24 10 4d 8b 74 24 08 48 
RIP: __rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline] RSP: ffff88803d0bfa68
RIP: rb_erase+0x29/0x1290 lib/rbtree.c:459 RSP: ffff88803d0bfa68
---[ end trace 3b4b51adee82283d ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/19 04:04 linux-4.14.y cf256fbcbe34 7e2b734b .config console log report info ci2-linux-4-14 general protection fault in push_pipe
* Struck through repros no longer work on HEAD.