From: syzbot <syzbot+7ade6c94abb2774c0fee@syzkaller.appspotmail.com>
To: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk
Subject: general protection fault in __vfs_write
Date: Thu, 07 Jun 2018 08:19:01 -0700 [thread overview]
Message-ID: <000000000000973c2c056e0ecddd@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 7170e6045a6a strparser: Add __strp_unpause and use it in k..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14bde74f800000
kernel config: https://syzkaller.appspot.com/x/.config?x=a601a80fec461d44
dashboard link: https://syzkaller.appspot.com/bug?extid=7ade6c94abb2774c0fee
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7ade6c94abb2774c0fee@syzkaller.appspotmail.com
bpfilter: read fail -512
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4590 Comm: syz-executor7 Not tainted 4.17.0-rc7+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:file_write_hint include/linux/fs.h:1925 [inline]
RIP: 0010:init_sync_kiocb include/linux/fs.h:1935 [inline]
RIP: 0010:new_sync_write fs/read_write.c:470 [inline]
RIP: 0010:__vfs_write+0x4a6/0x960 fs/read_write.c:487
RSP: 0018:ffff88019b5c7850 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801d2117c80 RCX: ffffffff81bfc6bb
RDX: 0000000000000019 RSI: ffffffff81bfc6ca RDI: 00000000000000c8
RBP: ffff88019b5c79c8 R08: ffff88019b5ba540 R09: fffffbfff12cae69
R10: ffff88019b5c7a10 R11: ffffffff8965734b R12: 0000000000000000
R13: ffff88019b5c79a0 R14: 0000000000000000 R15: ffff88019b5c7a88
FS: 0000000002a11940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000700138 CR3: 000000019b410000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__kernel_write+0x10c/0x380 fs/read_write.c:506
__bpfilter_process_sockopt+0x1d8/0x35b net/bpfilter/bpfilter_kern.c:66
bpfilter_mbox_request+0x4d/0xb0 net/ipv4/bpfilter/sockopt.c:25
bpfilter_ip_get_sockopt+0x6b/0x90 net/ipv4/bpfilter/sockopt.c:42
ip_getsockopt+0x238/0x2a0 net/ipv4/ip_sockglue.c:1563
tcp_getsockopt+0x93/0xe0 net/ipv4/tcp.c:3543
sock_common_getsockopt+0x9a/0xe0 net/core/sock.c:3018
__sys_getsockopt+0x1a5/0x370 net/socket.c:1940
__do_sys_getsockopt net/socket.c:1951 [inline]
__se_sys_getsockopt net/socket.c:1948 [inline]
__x64_sys_getsockopt+0xbe/0x150 net/socket.c:1948
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4584ea
RSP: 002b:0000000000a3e328 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 0000000000a3e350 RCX: 00000000004584ea
RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000013
RBP: 0000000000705f20 R08: 0000000000a3e34c R09: 0000000000004000
R10: 0000000000a3e350 R11: 0000000000000246 R12: 0000000000000013
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000705860
Code: 48 c1 ea 03 80 3c 02 00 0f 85 1b 04 00 00 48 b8 00 00 00 00 00 fc ff
df 4c 8b 63 20 49 8d bc 24 c8 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02
84 c0 74 08 3c 03 0f 8e ec 02 00 00 41 8b 84 24 c8
RIP: file_write_hint include/linux/fs.h:1925 [inline] RSP: ffff88019b5c7850
RIP: init_sync_kiocb include/linux/fs.h:1935 [inline] RSP: ffff88019b5c7850
RIP: new_sync_write fs/read_write.c:470 [inline] RSP: ffff88019b5c7850
RIP: __vfs_write+0x4a6/0x960 fs/read_write.c:487 RSP: ffff88019b5c7850
---[ end trace 556c3fc867e1de54 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
next reply other threads:[~2018-06-07 15:19 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-07 15:19 syzbot [this message]
2018-06-07 15:28 ` general protection fault in __vfs_write Matthew Wilcox
2018-06-07 21:58 ` Alexei Starovoitov
2018-06-09 15:36 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000973c2c056e0ecddd@google.com \
--to=syzbot+7ade6c94abb2774c0fee@syzkaller.appspotmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.