Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Q
qlist-free-4.20.17
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
zhanggen
qlist-free-4.20.17
Commits
d43ff072
Commit
d43ff072
authored
Mar 21, 2019
by
zhanggen
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add new file
parents
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
62 additions
and
0 deletions
+62
-0
report
report
+62
-0
No files found.
report
0 → 100644
View file @
d43ff072
Syzkaller hit 'BUG: unable to handle kernel paging request in qlist_free_all' bug.
audit: type=1400 audit(1553138575.932:8): avc: denied { execmem } for pid=2072 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
BUG: unable to handle kernel paging request at ffff88806b8c61c0
PGD 6801067 P4D 6801067 PUD 6804067 PMD 69e05063 PTE 0
Oops: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 1218 Comm: systemd-udevd Not tainted 4.20.17 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
RIP: 0010:qlist_free_all+0x3c/0xc0 mm/kasan/quarantine.c:164
Code: f6 0f 84 8e 00 00 00 49 89 fd 41 be 00 00 00 80 49 c7 c4 05 c0 61 81 49 bf 00 00 00 00 00 ea ff ff eb 1d 48 63 87 80 01 00 00 <48> 8b 2e 4c 89 e2 48 29 c6 e8 06 bb ff ff 48 89 ee 48 85 ed 74 3d
RSP: 0018:ffff888065027d58 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea0001ae3100
RDX: 0000000000000001 RSI: ffff88806b8c61c0 RDI: ffff88806cc9fa00
RBP: ffff88806b8c61c0 R08: fffff9400035f096 R09: fffff9400035f094
R10: fffff9400035f095 R11: ffffea0001af84af R12: ffffffff8161c005
R13: ffff888065027d90 R14: 0000000080000000 R15: ffffea0000000000
FS: 00007f0d290778c0(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88806b8c61c0 CR3: 000000006c6a8003 CR4: 00000000001606f0
Call Trace:
quarantine_reduce+0x166/0x1a0 mm/kasan/quarantine.c:259
kasan_kmalloc+0x95/0xe0 mm/kasan/kasan.c:538
slab_post_alloc_hook mm/slab.h:444 [inline]
slab_alloc_node mm/slub.c:2744 [inline]
slab_alloc mm/slub.c:2752 [inline]
kmem_cache_alloc+0xd8/0x280 mm/slub.c:2757
prepare_creds+0x23/0x310 kernel/cred.c:252
do_faccessat+0x9b/0x730 fs/open.c:359
do_syscall_64+0xbc/0x4e0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f0d27eeb787
Code: 83 c4 08 48 3d 01 f0 ff ff 73 01 c3 48 8b 0d 08 d7 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 15 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d6 2b 00 f7 d8 64 89 01 48
RSP: 002b:00007fff73fff068 EFLAGS: 00000246 ORIG_RAX: 0000000000000015
RAX: ffffffffffffffda RBX: 000055ce518a4160 RCX: 00007f0d27eeb787
RDX: 00746e657665752f RSI: 0000000000000000 RDI: 00007fff73fff070
RBP: 00007fff73fff0f0 R08: 000000000000c400 R09: 0000000000001010
R10: 00007f0d281a9b58 R11: 0000000000000246 R12: 000055ce51766616
R13: 000055ce518929c0 R14: 00007fff73fff070 R15: 000055ce51888aa0
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
CR2: ffff88806b8c61c0
---[ end trace 9e05e6eb5f649edf ]---
RIP: 0010:qlist_free_all+0x3c/0xc0 mm/kasan/quarantine.c:164
Code: f6 0f 84 8e 00 00 00 49 89 fd 41 be 00 00 00 80 49 c7 c4 05 c0 61 81 49 bf 00 00 00 00 00 ea ff ff eb 1d 48 63 87 80 01 00 00 <48> 8b 2e 4c 89 e2 48 29 c6 e8 06 bb ff ff 48 89 ee 48 85 ed 74 3d
RSP: 0018:ffff888065027d58 EFLAGS: 00010202
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea0001ae3100
RDX: 0000000000000001 RSI: ffff88806b8c61c0 RDI: ffff88806cc9fa00
RBP: ffff88806b8c61c0 R08: fffff9400035f096 R09: fffff9400035f094
R10: fffff9400035f095 R11: ffffea0001af84af R12: ffffffff8161c005
R13: ffff888065027d90 R14: 0000000080000000 R15: ffffea0000000000
FS: 00007f0d290778c0(0000) GS:ffff88806d000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88806b8c61c0 CR3: 000000006c6a8003 CR4: 00000000001606f0
Syzkaller reproducer:
# {Threaded:true Collide:true Repeat:false RepeatTimes:0 Procs:1 Sandbox:none Fault:false FaultCall:-1 FaultNth:0 EnableTun:true EnableNetDev:true EnableNetReset:false EnableCgroups:false EnableBinfmtMisc:true UseTmpDir:true HandleSegv:true Repro:false Trace:false}
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)={0x1, 0x0, 0x8, "e9"})
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
