---------- Forwarded message ----------
From: Gene Blue <geneblue.mail@xxxxxxxxx>
Date: 2017-06-07 20:03 GMT+08:00
Subject: kernel BUG at lib/radix-tree.c:1008!
To: syzkaller@xxxxxxxxxxxxxxxx
From: Gene Blue <geneblue.mail@xxxxxxxxx>
Date: 2017-06-07 20:03 GMT+08:00
Subject: kernel BUG at lib/radix-tree.c:1008!
To: syzkaller@xxxxxxxxxxxxxxxx
Hello:
Another bug when fuzzing the kernel with syzkaller.
My kernel version is 4.11.0-rc1 directly download from kernel.org.
*********************************************************************************************
kernel BUG at lib/radix-tree.c:1008!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 7809 Comm: syz-executor2 Not tainted 4.11.0-rc1 #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88006a1bdb40 task.stack: ffff88006b348000
RIP: 0010:__radix_tree_insert+0x26b/0x2f0 lib/radix-tree.c:1008
RSP: 0018:ffff88006b34f760 EFLAGS: 00010087
RAX: ffff88006a1bdb40 RBX: 1ffff1000d669eee RCX: 0000000000000001
RDX: 0000000000000000 RSI: ffffffff81bd50fb RDI: ffffc90004032000
RBP: ffff88006b34f838 R08: 00000000000000fa R09: 0000000000010000
R10: 0000000000000003 R11: ffff8800605b8ed0 R12: 0000000000000000
R13: 1ffff1000c0b71da R14: 0000000000000000 R15: ffff8800605b8ed0
FS: 00007f8722b38700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001ff4 CR3: 000000003c6d6000 CR4: 00000000000006e0
Call Trace:
radix_tree_insert include/linux/radix-tree.h:297 [inline]
shmem_add_to_page_cache+0x2fe/0x420 mm/shmem.c:591
shmem_getpage_gfp.isra.49+0x110a/0x1c90 mm/shmem.c:1792
shmem_fault+0x21f/0x690 mm/shmem.c:1985
__do_fault+0x83/0x210 mm/memory.c:2888
do_read_fault mm/memory.c:3270 [inline]
do_fault mm/memory.c:3370 [inline]
handle_pte_fault mm/memory.c:3600 [inline]
__handle_mm_fault+0x8d5/0x1bc0 mm/memory.c:3714
handle_mm_fault+0x1ea/0x4c0 mm/memory.c:3751
__do_page_fault+0x508/0xb00 arch/x86/mm/fault.c:1397
trace_do_page_fault+0x93/0x450 arch/x86/mm/fault.c:1490
do_async_page_fault+0x14/0x60 arch/x86/kernel/kvm.c:264
async_page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1014
RIP: 0010:do_strncpy_from_user lib/strncpy_from_user.c:44 [inline]
RIP: 0010:strncpy_from_user+0xa9/0x2b0 lib/strncpy_from_user.c:117
RSP: 0018:ffff88006b34fdc0 EFLAGS: 00010246
RAX: ffff88006a1bdb40 RBX: 0000000000000fe4 RCX: 0000000000000001
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90004032000
RBP: ffff88006b34fe00 R08: 0000000000000017 R09: 0000000000010000
R10: ffff88003a9568ff R11: ffffed000752ad20 R12: 0000000000000fe4
R13: 0000000020001ff4 R14: 0000000000000fe4 R15: fffffffffffffff2
getname_flags+0x113/0x580 fs/namei.c:148
getname+0x19/0x20 fs/namei.c:208
do_sys_open+0x1c7/0x450 fs/open.c:1045
SYSC_openat fs/open.c:1078 [inline]
SyS_openat+0x30/0x40 fs/open.c:1072
entry_SYSCALL_64_fastpath+0x1f/0xc2
RIP: 0033:0x4458d9
RSP: 002b:00007f8722b37b58 EFLAGS: 00000292 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00000000007080a8 RCX: 00000000004458d9
RDX: 0000000000010100 RSI: 0000000020001ff4 RDI: ffffffffffffff9c
RBP: 0000000000000046 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f8722b389c0 R15: 00007f8722b38700
Code: 38 ca 7c 0d 45 84 c9 74 08 4c 89 ff e8 8f a5 97 ff 4c 8b 9d 30 ff ff ff 41 8b 03 c1 e8 1a 85 c0 0f 84 8b fe ff ff e8 15 52 78 ff <0f> 0b e8 0e 52 78 ff 49 8d 7d 03 48 b9 00 00 00 00 00 fc ff df
RIP: __radix_tree_insert+0x26b/0x2f0 lib/radix-tree.c:1008 RSP: ffff88006b34f760
---[ end trace c1b7be537b8a3b4a ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
