syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in lo_ioctl

Status: auto-closed as invalid on 2019/02/22 15:09
First crash: 2141d, last: 2141d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 general protection fault in lo_ioctl 13 2132d 2464d 0/3 closed as invalid on 2019/01/01 20:10
upstream general protection fault in lo_ioctl 17 2370d 2364d 0/26 closed as invalid on 2018/02/12 16:15
upstream general protection fault in lo_ioctl (2) block syz 2 2185d 2184d 11/26 fixed on 2019/01/15 20:25

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 11990 Comm: syz-executor4 Not tainted 4.4.137-ga2e2217 #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d4346000 task.stack: ffff88009f638000
RIP: 0010:[<ffffffff8251d1b6>]  [<ffffffff8251d1b6>] loop_set_fd drivers/block/loop.c:897 [inline]
RIP: 0010:[<ffffffff8251d1b6>]  [<ffffffff8251d1b6>] lo_ioctl+0x1536/0x1ad0 drivers/block/loop.c:1358
RSP: 0018:ffff88009f63faf8  EFLAGS: 00010206
RAX: 0000000000000036 RBX: 0000000000000000 RCX: dffffc0000000000
RDX: 00000000000028de RSI: ffffffff8251d175 RDI: 00000000000001b0
RBP: ffff88009f63fb78 R08: ffff8801d4346928 R09: 0000000000000001
R10: 0000000000000000 R11: ffff8801d4346000 R12: ffff8800b9cc46a0
R13: ffff8800b9cc05c0 R14: ffff8801d6a0b600 R15: ffff8801d6a0b758
FS:  0000000000000000(0000) GS:ffff8801db200000(0063) knlGS:00000000f57bbb40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 00007f8be3414df8 CR3: 00000000b693a000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801b9c9a060 ffff880000000001 ffffffff00000000 ffff8801d6a0b750
 ffff88009f636000 ffff88009f63fb18 ffff8800b9cc4888 ffff8800b3b42a00
 ffff8800b9cc06b0 dffffc000002001d 9bf2b00000000000 ffff8800b9cc05c0
Call Trace:
 [<ffffffff8251d802>] lo_compat_ioctl+0xb2/0x140 drivers/block/loop.c:1551
 [<ffffffff81e00915>] compat_blkdev_ioctl+0x395/0x3a10 block/compat_ioctl.c:751
Mem-Info:
active_anon:69596 inactive_anon:44 isolated_anon:0
 active_file:6960 inactive_file:14493 isolated_file:0
 unevictable:0 dirty:231 writeback:0 unstable:0
 slab_reclaimable:5931 slab_unreclaimable:62017
 mapped:73761 shmem:69 pagetables:870 bounce:0
 free:1394843 free_pcp:590 free_cma:0
DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
lowmem_reserve[]: 0 2908 6409 6409
DMA32 free:2524452kB min:30596kB low:38244kB high:45892kB active_anon:130348kB inactive_anon:24kB active_file:14564kB inactive_file:27312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2980440kB mlocked:0kB dirty:248kB writeback:0kB mapped:132300kB shmem:48kB slab_reclaimable:11896kB slab_unreclaimable:113244kB kernel_stack:2848kB pagetables:1728kB unstable:0kB bounce:0kB free_pcp:1352kB local_pcp:684kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 3500 3500
Normal free:3039016kB min:36820kB low:46024kB high:55228kB active_anon:148036kB inactive_anon:152kB active_file:13276kB inactive_file:30660kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:676kB writeback:0kB mapped:162744kB shmem:228kB slab_reclaimable:11828kB slab_unreclaimable:134824kB kernel_stack:4032kB pagetables:1752kB unstable:0kB bounce:0kB free_pcp:1008kB local_pcp:648kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
DMA32: 461*4kB (UME) 892*8kB (UME) 835*16kB (UME) 235*32kB (UME) 201*64kB (UME) 173*128kB (UME) 104*256kB (UM) 24*512kB (UM) 24*1024kB (M) 2*2048kB (M) 584*4096kB (UM) = 2524516kB
Normal: 640*4kB (UME) 1151*8kB (UME) 1047*16kB (UME) 363*32kB (UME) 280*64kB (UME) 272*128kB (UME) 114*256kB (UM) 23*512kB (UM) 19*1024kB (UM) 3*2048kB (UM) 703*4096kB (M) = 3038920kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
21521 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
320718 pages reserved
vmalloc: allocation failure: 0 bytes
syz-executor1: page allocation failure: order:0, mode:0x24000c2
CPU: 1 PID: 11961 Comm: syz-executor1 Not tainted 4.4.137-ga2e2217 #59
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 0000000000000000 ca5a403f432e0018 ffff8800b672f8b8 ffffffff81e0ee0d
 1ffff10016ce5f1a ffff8800bbaf1800 00000000024000c2 0000000000000000
 ffffffff83aad4a0 ffff8800b672f9c8 ffffffff815118eb ffffffff00000001
Call Trace:
 [<ffffffff81e0ee0d>] __dump_stack lib/dump_stack.c:15 [inline]
 [<ffffffff81e0ee0d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
 [<ffffffff815118eb>] warn_alloc_failed.cold.116+0x83/0x149 mm/page_alloc.c:2757
 [<ffffffff814c4519>] __vmalloc_node_range+0x359/0x630 mm/vmalloc.c:1692
 [<ffffffff814c48bb>] __vmalloc_node mm/vmalloc.c:1715 [inline]
 [<ffffffff814c48bb>] __vmalloc_node_flags mm/vmalloc.c:1729 [inline]
 [<ffffffff814c48bb>] vmalloc+0x5b/0x70 mm/vmalloc.c:1744
 [<ffffffff81c78c25>] sel_write_load+0x135/0xfc0 security/selinux/selinuxfs.c:527
 [<ffffffff8151cc1c>] __vfs_write+0x11c/0x3f0 fs/read_write.c:489
 [<ffffffff8151e9f1>] vfs_write+0x191/0x4e0 fs/read_write.c:538
 [<ffffffff81520ff9>] SYSC_write fs/read_write.c:585 [inline]
 [<ffffffff81520ff9>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
 [<ffffffff81006d96>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
 [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0 arch/x86/entry/common.c:459
 [<ffffffff838c422a>] sysenter_flags_fixed+0xd/0x17
Mem-Info:
active_anon:69596 inactive_anon:44 isolated_anon:0
 active_file:6960 inactive_file:14493 isolated_file:0
 unevictable:0 dirty:231 writeback:0 unstable:0
 slab_reclaimable:5931 slab_unreclaimable:62017
 mapped:73761 shmem:69 pagetables:870 bounce:0
 free:1394843 free_pcp:590 free_cma:0
DMA free:15904kB min:160kB low:200kB high:240kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15904kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? yes
lowmem_reserve[]: 0 2908 6409 6409
DMA32 free:2524452kB min:30596kB low:38244kB high:45892kB active_anon:130348kB inactive_anon:24kB active_file:14564kB inactive_file:27312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:3129292kB managed:2980440kB mlocked:0kB dirty:248kB writeback:0kB mapped:132300kB shmem:48kB slab_reclaimable:11896kB slab_unreclaimable:113244kB kernel_stack:2848kB pagetables:1728kB unstable:0kB bounce:0kB free_pcp:1352kB local_pcp:684kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 3500 3500
Normal free:3039016kB min:36820kB low:46024kB high:55228kB active_anon:148036kB inactive_anon:152kB active_file:13276kB inactive_file:30660kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:4718592kB managed:3584660kB mlocked:0kB dirty:676kB writeback:0kB mapped:162744kB shmem:228kB slab_reclaimable:11828kB slab_unreclaimable:134824kB kernel_stack:4032kB pagetables:1752kB unstable:0kB bounce:0kB free_pcp:1008kB local_pcp:648kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15904kB
DMA32: 461*4kB (UME) 892*8kB (UME) 835*16kB (UME) 235*32kB (UME) 201*64kB (UME) 173*128kB (UME) 104*256kB (UM) 24*512kB (UM) 24*1024kB (M) 2*2048kB (M) 584*4096kB (UM) = 2524516kB
Normal: 640*4kB (UME) 1151*8kB (UME) 1047*16kB (UME) 363*32kB (UME) 280*64kB (UME) 272*128kB (UME) 114*256kB (UM) 23*512kB (UM) 19*1024kB (UM) 3*2048kB (UM) 703*4096kB (M) = 3038920kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
21521 total pagecache pages
0 pages in swap cache
Swap cache stats: add 0, delete 0, find 0/0
Free swap  = 0kB
Total swap = 0kB
1965969 pages RAM
0 pages HighMem/MovableOnly
320718 pages reserved
 [<ffffffff81628a04>] C_SYSC_ioctl fs/compat_ioctl.c:1592 [inline]
 [<ffffffff81628a04>] compat_SyS_ioctl+0x484/0x2270 fs/compat_ioctl.c:1544
 [<ffffffff81006d96>] do_syscall_32_irqs_on arch/x86/entry/common.c:392 [inline]
 [<ffffffff81006d96>] do_fast_syscall_32+0x326/0x8b0 arch/x86/entry/common.c:459
 [<ffffffff838c422a>] sysenter_flags_fixed+0xd/0x17
Code: e8 03 80 3c 08 00 0f 85 92 02 00 00 48 8b 9b f0 00 00 00 48 b9 00 00 00 00 00 fc ff df 48 8d bb b0 01 00 00 48 89 f8 48 c1 e8 03 <80> 3c 08 00 0f 85 cd 03 00 00 48 8b 9b b0 01 00 00 48 b9 00 00 
RIP  [<ffffffff8251d1b6>] loop_set_fd drivers/block/loop.c:897 [inline]
RIP  [<ffffffff8251d1b6>] lo_ioctl+0x1536/0x1ad0 drivers/block/loop.c:1358
 RSP <ffff88009f63faf8>
---[ end trace ddaf3e1ab690c63d ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/14 08:17 https://android.googlesource.com/kernel/common android-4.4 a2e2217bd824 27c5f59f .config console log report ci-android-44-kasan-gce-386
* Struck through repros no longer work on HEAD.