[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0000000000005eae9a05e657afc9@google.com>
Date: Tue, 16 Aug 2022 01:39:22 -0700
From: syzbot <syzbot+0bd8bc660debfdbd190d@...kaller.appspotmail.com>
To: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, nathan@...nel.org, ndesaulniers@...gle.com,
syzkaller-bugs@...glegroups.com, trix@...hat.com,
viro@...iv.linux.org.uk
Subject: [syzbot] upstream boot error: general protection fault in dup_fd
Hello,
syzbot found the following issue on:
HEAD commit: 4a9350597aff Merge tag 'sound-fix-6.0-rc1' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=169a15dd080000
kernel config: https://syzkaller.appspot.com/x/.config?x=4757943c2b26daff
dashboard link: https://syzkaller.appspot.com/bug?extid=0bd8bc660debfdbd190d
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+0bd8bc660debfdbd190d@...kaller.appspotmail.com
general protection fault, probably for non-canonical address 0xffff0000000001a0: 0000 [#1] PREEMPT SMP KASAN
KASAN: maybe wild-memory-access in range [0xfff8200000000d00-0xfff8200000000d07]
CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 5.19.0-syzkaller-14090-g4a9350597aff #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: events_unbound call_usermodehelper_exec_work
RIP: 0010:slab_alloc mm/slub.c:3251 [inline]
RIP: 0010:__kmem_cache_alloc_lru mm/slub.c:3258 [inline]
RIP: 0010:kmem_cache_alloc+0x12d/0x310 mm/slub.c:3268
Code: 84 1c 01 00 00 48 83 78 10 00 0f 84 11 01 00 00 49 8b 3f 40 f6 c7 0f 0f 85 e3 01 00 00 45 84 c0 0f 84 dc 01 00 00 41 8b 47 28 <49> 8b 5c 05 00 48 8d 4a 08 4c 89 e8 65 48 0f c7 0f 0f 94 c0 a8 01
RSP: 0000:ffffc90000b775c8 EFLAGS: 00010202
RAX: 00000000000001a0 RBX: 0000000000000cc0 RCX: 0000000000000000
RDX: 0000000000000b51 RSI: 0000000000000cc0 RDI: 0000000000040a00
RBP: ffffffff81f3d035 R08: dffffc0000000001 R09: fffffbfff1c4ad5e
R10: fffffbfff1c4ad5e R11: 1ffffffff1c4ad5d R12: ffffc90000b77720
R13: ffff000000000000 R14: ffffffff81f3d035 R15: ffff888140006640
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000000ca8e000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
dup_fd+0x75/0xb90 fs/file.c:324
copy_files+0xe6/0x200 kernel/fork.c:1623
copy_process+0x18b6/0x4010 kernel/fork.c:2244
kernel_clone+0x22f/0x7a0 kernel/fork.c:2673
user_mode_thread+0x12d/0x190 kernel/fork.c:2742
call_usermodehelper_exec_work+0x57/0x220 kernel/umh.c:174
process_one_work+0x81c/0xd10 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30
</TASK>
Modules linked in:
----------------
Code disassembly (best guess):
0: 84 1c 01 test %bl,(%rcx,%rax,1)
3: 00 00 add %al,(%rax)
5: 48 83 78 10 00 cmpq $0x0,0x10(%rax)
a: 0f 84 11 01 00 00 je 0x121
10: 49 8b 3f mov (%r15),%rdi
13: 40 f6 c7 0f test $0xf,%dil
17: 0f 85 e3 01 00 00 jne 0x200
1d: 45 84 c0 test %r8b,%r8b
20: 0f 84 dc 01 00 00 je 0x202
26: 41 8b 47 28 mov 0x28(%r15),%eax
* 2a: 49 8b 5c 05 00 mov 0x0(%r13,%rax,1),%rbx <-- trapping instruction
2f: 48 8d 4a 08 lea 0x8(%rdx),%rcx
33: 4c 89 e8 mov %r13,%rax
36: 65 48 0f c7 0f cmpxchg16b %gs:(%rdi)
3b: 0f 94 c0 sete %al
3e: a8 01 test $0x1,%al
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists