syzbot


general protection fault in kernfs_kill_sb

Status: upstream: reported C repro on 2019/04/18 07:59
Reported-by: syzbot+3c27271ea22f106cb9a9@syzkaller.appspotmail.com
First crash: 1265d, last: 235d

Fix bisection: failed (bisect log)
similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in kernfs_kill_sb (2) C 22 1593d 1605d 6/24 fixed on 2018/06/07 13:52
upstream general protection fault in kernfs_kill_sb C 29 1610d 1646d 6/24 fixed on 2018/05/08 18:30
Patch testing requests:
Created Duration User Patch Repo Result
2022/09/22 08:29 10m linux-4.14.y report log
2022/09/22 07:29 11m linux-4.14.y report log
2022/09/22 06:29 11m linux-4.14.y report log
2022/09/22 05:29 10m linux-4.14.y report log
2022/09/22 04:29 10m linux-4.14.y report log

Sample crash report:
RBP: 000000000000a984 R08: 0000000000000000 R09: 0000000000000039
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 6951 Comm: syz-executor796 Not tainted 4.14.150 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809ffe8540 task.stack: ffff888080138000
RIP: 0010:__list_del_entry_valid+0x85/0xf5 lib/list_debug.c:51
RSP: 0018:ffff88808013fb30 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880a99095a0
RBP: ffff88808013fb48 R08: dffffc0000000000 R09: ffffffff88c9f878
R10: ffff88808013fb48 R11: ffff88809ffe8540 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880a9909598 R15: ffff8880a99095a0
FS:  0000000001186940(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a0257000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __list_del_entry include/linux/list.h:117 [inline]
 list_del include/linux/list.h:125 [inline]
 kernfs_kill_sb+0x62/0x1e0 fs/kernfs/mount.c:365
 sysfs_kill_sb+0x23/0x40 fs/sysfs/mount.c:53
 deactivate_locked_super+0x74/0xe0 fs/super.c:319
 sget_userns+0x9d9/0xc30 fs/super.c:537
 kernfs_mount_ns+0xe9/0x790 fs/kernfs/mount.c:324
 sysfs_mount+0xaa/0x170 fs/sysfs/mount.c:39
 mount_fs+0x97/0x2a1 fs/super.c:1237
 vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x417/0x27d0 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3072
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x441829
RSP: 002b:00007ffd826d9c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441829
RDX: 0000000020000500 RSI: 0000000020000480 RDI: 0000000000000000
RBP: 000000000000a984 R08: 0000000000000000 R09: 0000000000000039
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
Code: c5 0f 84 e1 00 00 00 48 b8 00 02 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 
RIP: __list_del_entry_valid+0x85/0xf5 lib/list_debug.c:51 RSP: ffff88808013fb30
---[ end trace 2c396c50043bc97f ]---

Crashes (163):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2019/10/29 06:17 linux-4.14.y b98aebd29824 5ea87a66 .config log report syz C
ci2-linux-4-14 2019/08/30 04:01 linux-4.14.y 01fd1694b93c cd626f3b .config log report syz C
ci2-linux-4-14 2019/08/25 02:24 linux-4.14.y 45f092f9e9cb d21c5d9d .config log report syz C
ci2-linux-4-14 2019/08/19 21:11 linux-4.14.y 45f092f9e9cb ae348fb7 .config log report syz C
ci2-linux-4-14 2019/04/18 06:58 linux-4.14.y 58b454ebf81e b0e8efcb .config log report syz C
ci2-linux-4-14 2021/05/16 11:08 linux-4.14.y 7d7d1c0ab3eb f54a5c09 .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/05/16 00:54 linux-4.14.y 7d7d1c0ab3eb 93f844de .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/05/08 14:37 linux-4.14.y 7d7d1c0ab3eb bc5434be .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/05/07 18:23 linux-4.14.y 7d7d1c0ab3eb f6da8120 .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/05/06 01:30 linux-4.14.y 7d7d1c0ab3eb 06c27ff5 .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/27 13:32 linux-4.14.y cf256fbcbe34 805b5003 .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/22 05:53 linux-4.14.y cf256fbcbe34 2bc8999a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/20 07:13 linux-4.14.y cf256fbcbe34 4285c989 .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/16 02:14 linux-4.14.y 958e517f4e16 c59079a6 .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/15 01:26 linux-4.14.y 958e517f4e16 fcdb12ba .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/13 08:30 linux-4.14.y 958e517f4e16 6a81331a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/12 06:04 linux-4.14.y 958e517f4e16 6a81331a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/10 16:33 linux-4.14.y 958e517f4e16 6a81331a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/08 04:21 linux-4.14.y 0cc244011f40 6a81331a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/06 16:45 linux-4.14.y bd634aa64163 6a81331a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/04/01 08:39 linux-4.14.y bd634aa64163 6a81331a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/03/22 11:13 linux-4.14.y cb83ddcd5332 bea32f74 .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/03/12 16:30 linux-4.14.y c7150cd2fa8c 429d8a6b .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/03/05 22:18 linux-4.14.y 397a88b2cc86 4a024a9b .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/02/23 18:18 linux-4.14.y 3242aa3a635c fcc6d71b .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/02/11 13:59 linux-4.14.y 2c8a3fceddf0 a52ee10a .config log report info general protection fault in kernfs_kill_sb
ci2-linux-4-14 2021/01/02 12:36 linux-4.14.y 1752938529c6 79264ae3 .config log report info
ci2-linux-4-14 2021/01/01 20:58 linux-4.14.y 1752938529c6 79264ae3 .config log report info
ci2-linux-4-14 2021/01/01 11:36 linux-4.14.y 1752938529c6 79264ae3 .config log report info
ci2-linux-4-14 2020/12/25 14:59 linux-4.14.y 3f2ecb86cb90 b982b3ea .config log report info
ci2-linux-4-14 2020/12/18 18:52 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/11/22 22:53 linux-4.14.y 0df445b0f0da 0d27f508 .config log report info
ci2-linux-4-14 2020/11/22 12:01 linux-4.14.y 0df445b0f0da 0d27f508 .config log report info
ci2-linux-4-14 2020/10/29 13:43 linux-4.14.y 2b7915014161 f24824d3 .config log report info
ci2-linux-4-14 2020/10/28 13:11 linux-4.14.y 5b7a52cd2eef 96e03c1c .config log report info
ci2-linux-4-14 2020/10/21 05:18 linux-4.14.y cbfa1702aaf6 ff4a3345 .config log report info
ci2-linux-4-14 2020/09/25 09:38 linux-4.14.y cbfa1702aaf6 54289b08 .config log report info
ci2-linux-4-14 2020/08/23 23:27 linux-4.14.y 6a24ca2506d6 cef5ae68 .config log report
ci2-linux-4-14 2020/08/21 20:59 linux-4.14.y 6a24ca2506d6 6436ce4b .config log report
ci2-linux-4-14 2020/08/14 04:30 linux-4.14.y 14b58326976d 54ce1ed6 .config log report
ci2-linux-4-14 2020/08/08 21:13 linux-4.14.y 14b58326976d 01975a06 .config log report
ci2-linux-4-14 2020/08/05 19:20 linux-4.14.y ca4f2c56d416 b7129355 .config log report
ci2-linux-4-14 2020/08/03 00:22 linux-4.14.y 7f2c5eb458b8 96dd3623 .config log report
ci2-linux-4-14 2020/07/31 07:06 linux-4.14.y e5a54aa2d312 8df85ed9 .config log report
ci2-linux-4-14 2020/07/27 13:59 linux-4.14.y 69b94dd6dcd1 cb93dc6a .config log report
ci2-linux-4-14 2020/07/27 00:28 linux-4.14.y 69b94dd6dcd1 51265195 .config log report
ci2-linux-4-14 2020/07/15 12:20 linux-4.14.y b850307b279c ada108d0 .config log report
ci2-linux-4-14 2020/07/10 03:18 linux-4.14.y b850307b279c edf162e8 .config log report
ci2-linux-4-14 2020/07/09 03:23 linux-4.14.y b850307b279c 9f9845eb .config log report
ci2-linux-4-14 2020/07/08 23:56 linux-4.14.y b850307b279c 9f9845eb .config log report
* Struck through repros no longer work on HEAD.