syzbot


general protection fault in __mnt_want_write

Status: fixed on 2018/07/09 18:05
Subsystems: fs
[Documentation on labels]
Fix commit: 66e58e0ef80a bpfilter: fix race in pipe access
First crash: 2200d, last: 2200d

Sample crash report:
netlink: 20 bytes leftover after parsing attributes in process `syz-executor7'.
bpfilter: read fail -512
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 4591 Comm: syz-executor3 Not tainted 4.17.0+ #83
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__mnt_want_write+0x85/0x3d0 fs/namespace.c:349
Code: c7 40 04 04 f2 f2 f2 c7 40 08 f3 f3 f3 f3 e8 a2 af af ff 65 ff 05 7b 62 37 7e 49 8d 44 24 28 48 89 85 50 ff ff ff 48 c1 e8 03 <80> 3c 18 00 0f 85 f0 02 00 00 49 8b 44 24 28 65 ff 40 04 f0 83 44 
RSP: 0018:ffff880197bdf5f0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: dffffc0000000000 RCX: ffffffff81ca8fdf
RDX: 0000000000000000 RSI: ffffffff81ca8b4e RDI: 0000000000000000
RBP: ffff880197bdf6a0 R08: ffff880197bd2240 R09: 0000000000000006
R10: ffff880197bd2240 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801cd9a52c0 R14: 0000000000000006 R15: ffff880197bdf678
FS:  000000000109f940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000701138 CR3: 0000000197079000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __mnt_want_write_file+0x80/0xc0 fs/namespace.c:428
 file_update_time+0x2f9/0x640 fs/inode.c:1867
 pipe_write+0xa84/0xeb0 fs/pipe.c:481
 call_write_iter include/linux/fs.h:1791 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x64d/0x960 fs/read_write.c:487
 __kernel_write+0x10c/0x380 fs/read_write.c:506
 __bpfilter_process_sockopt+0x1d8/0x35b net/bpfilter/bpfilter_kern.c:66
 bpfilter_mbox_request+0x4d/0xb0 net/ipv4/bpfilter/sockopt.c:25
 bpfilter_ip_get_sockopt+0x6b/0x90 net/ipv4/bpfilter/sockopt.c:42
 ip_getsockopt+0x238/0x2a0 net/ipv4/ip_sockglue.c:1563
 tcp_getsockopt+0x93/0xe0 net/ipv4/tcp.c:3532
 sock_common_getsockopt+0x9a/0xe0 net/core/sock.c:3012
 __sys_getsockopt+0x1a5/0x370 net/socket.c:1972
 __do_sys_getsockopt net/socket.c:1983 [inline]
 __se_sys_getsockopt net/socket.c:1980 [inline]
 __x64_sys_getsockopt+0xbe/0x150 net/socket.c:1980
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4584ea
Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d 8f fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fa 8e fb ff c3 66 0f 1f 84 00 00 00 00 00 
RSP: 002b:0000000000a3e328 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000a3e350 RCX: 00000000004584ea
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000706f20 R08: 0000000000a3e34c R09: 0000000000004000
R10: 0000000000a3e350 R11: 0000000000000246 R12: 0000000000000013
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000704d60
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 6eeb06fe62e519a7 ]---
RIP: 0010:__mnt_want_write+0x85/0x3d0 fs/namespace.c:349
Code: c7 40 04 04 f2 f2 f2 c7 40 08 f3 f3 f3 f3 e8 a2 af af ff 65 ff 05 7b 62 37 7e 49 8d 44 24 28 48 89 85 50 ff ff ff 48 c1 e8 03 <80> 3c 18 00 0f 85 f0 02 00 00 49 8b 44 24 28 65 ff 40 04 f0 83 44 
RSP: 0018:ffff880197bdf5f0 EFLAGS: 00010206
RAX: 0000000000000005 RBX: dffffc0000000000 RCX: ffffffff81ca8fdf
RDX: 0000000000000000 RSI: ffffffff81ca8b4e RDI: 0000000000000000
RBP: ffff880197bdf6a0 R08: ffff880197bd2240 R09: 0000000000000006
R10: ffff880197bd2240 R11: 0000000000000000 R12: 0000000000000000
R13: ffff8801cd9a52c0 R14: 0000000000000006 R15: ffff880197bdf678
FS:  000000000109f940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000701138 CR3: 0000000197079000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/09 22:16 net-next-old 3a979e8c07e3 866118af .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.