syzbot


general protection fault in entry_SYSCALL_64_after_hwframe

Status: auto-closed as invalid on 2021/07/30 01:09
Reported-by: syzbot+70dd97e5b7f57bb62128@syzkaller.appspotmail.com
First crash: 449d, last: 449d

Sample crash report:
 should_fail_alloc_page mm/page_alloc.c:2898 [inline]
 prepare_alloc_pages mm/page_alloc.c:4131 [inline]
 __alloc_pages_nodemask+0x22c/0x2720 mm/page_alloc.c:4179
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 kmem_getpages mm/slab.c:1419 [inline]
 cache_grow_begin+0x91/0x630 mm/slab.c:2676
CPU: 0 PID: 21893 Comm: syz-executor.2 Not tainted 4.14.228-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 cache_alloc_refill+0x273/0x350 mm/slab.c:3043
task: ffff888050f4e440 task.stack: ffff888050530000
 ____cache_alloc mm/slab.c:3125 [inline]
 __do_cache_alloc mm/slab.c:3347 [inline]
 slab_alloc mm/slab.c:3382 [inline]
 kmem_cache_alloc+0x333/0x3c0 mm/slab.c:3550
RIP: 0010:__rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline]
RIP: 0010:rb_erase+0x29/0x1290 lib/rbtree.c:459
 getname_flags+0xc8/0x550 fs/namei.c:138
RSP: 0018:ffff888050537a68 EFLAGS: 00010292
 getname fs/namei.c:209 [inline]
 SYSC_renameat2 fs/namei.c:4569 [inline]
 SyS_renameat2+0x17b/0xad0 fs/namei.c:4533
RAX: dffffc0000000000 RBX: ffff88808de986b0 RCX: ffffc900083db000
RDX: 0000000000000001 RSI: ffffffff8bf97ea0 RDI: 0000000000000008
RBP: 0000000000000000 R08: ffffffff8b993b18 R09: 0000000000040411
R10: ffff888050f4ecf0 R11: ffff888050f4e440 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff88808df4b7f8 R15: ffffffff8bf97ea0
FS:  00007fb88befc700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000050cb90 CR3: 00000000471ab000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
Call Trace:
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
 integrity_inode_free+0x119/0x300 security/integrity/iint.c:146
RIP: 0033:0x466459
 security_inode_free+0x14/0x80 security/security.c:443
RSP: 002b:00007fca00411188 EFLAGS: 00000246
 __destroy_inode+0x1e8/0x4d0 fs/inode.c:238
 ORIG_RAX: 0000000000000052
 destroy_inode+0x49/0x110 fs/inode.c:265
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
 iput_final fs/inode.c:1524 [inline]
 iput+0x458/0x7e0 fs/inode.c:1551
RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 00000000200000c0
RBP: 00007fca004111d0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
 swap_inode_boot_loader fs/ext4/ioctl.c:197 [inline]
 ext4_ioctl+0x16c5/0x3870 fs/ext4/ioctl.c:924
R13: 00007fff3aa2212f R14: 00007fca00411300 R15: 0000000000022000
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
team0: Device macsec0 is up. Set it down before adding it as a team port
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x466459
RSP: 002b:00007fb88befc188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000466459
RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000008
RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000
new mount options do not match the existing superblock, will be ignored
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007ffeadcaea9f R14: 00007fb88befc300 R15: 0000000000022000
Code: ff ff 48 b8 00 
new mount options do not match the existing superblock, will be ignored
00 00 00 00 fc ff df 41 57 49 89 f7 41 56 41 55 41 54 49 89 fc 48 83 c7 08 48 89 fa 55 48 c1 ea 03 53 48 83 ec 18 <80> 3c 02 00 0f 85 f2 0c 00 00 49 8d 7c 24 10 4d 8b 74 24 08 48 
RIP: __rb_erase_augmented include/linux/rbtree_augmented.h:167 [inline] RSP: ffff888050537a68
RIP: rb_erase+0x29/0x1290 lib/rbtree.c:459 RSP: ffff888050537a68
---[ end trace 2498934f795d9eb8 ]---
team0: Device macsec0 is up. Set it down before adding it as a team port

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2021/04/01 01:08 linux-4.14.y bd634aa64163 6a81331a .config log report info general protection fault in entry_SYSCALL_64_after_hwframe