---------- Forwarded message ---------- From: Gene Blue Date: 2017-06-07 20:03 GMT+08:00 Subject: kernel BUG at lib/radix-tree.c:1008! To: syzkaller@googlegroups.com Hello: Another bug when fuzzing the kernel with syzkaller. My kernel version is 4.11.0-rc1 directly download from kernel.org. ************************************************************ ********************************* kernel BUG at lib/radix-tree.c:1008! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 7809 Comm: syz-executor2 Not tainted 4.11.0-rc1 #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff88006a1bdb40 task.stack: ffff88006b348000 RIP: 0010:__radix_tree_insert+0x26b/0x2f0 lib/radix-tree.c:1008 RSP: 0018:ffff88006b34f760 EFLAGS: 00010087 RAX: ffff88006a1bdb40 RBX: 1ffff1000d669eee RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffffff81bd50fb RDI: ffffc90004032000 RBP: ffff88006b34f838 R08: 00000000000000fa R09: 0000000000010000 R10: 0000000000000003 R11: ffff8800605b8ed0 R12: 0000000000000000 R13: 1ffff1000c0b71da R14: 0000000000000000 R15: ffff8800605b8ed0 FS: 00007f8722b38700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020001ff4 CR3: 000000003c6d6000 CR4: 00000000000006e0 Call Trace: radix_tree_insert include/linux/radix-tree.h:297 [inline] shmem_add_to_page_cache+0x2fe/0x420 mm/shmem.c:591 shmem_getpage_gfp.isra.49+0x110a/0x1c90 mm/shmem.c:1792 shmem_fault+0x21f/0x690 mm/shmem.c:1985 __do_fault+0x83/0x210 mm/memory.c:2888 do_read_fault mm/memory.c:3270 [inline] do_fault mm/memory.c:3370 [inline] handle_pte_fault mm/memory.c:3600 [inline] __handle_mm_fault+0x8d5/0x1bc0 mm/memory.c:3714 handle_mm_fault+0x1ea/0x4c0 mm/memory.c:3751 __do_page_fault+0x508/0xb00 arch/x86/mm/fault.c:1397 trace_do_page_fault+0x93/0x450 arch/x86/mm/fault.c:1490 do_async_page_fault+0x14/0x60 arch/x86/kernel/kvm.c:264 async_page_fault+0x28/0x30 arch/x86/entry/entry_64.S:1014 RIP: 0010:do_strncpy_from_user lib/strncpy_from_user.c:44 [inline] RIP: 0010:strncpy_from_user+0xa9/0x2b0 lib/strncpy_from_user.c:117 RSP: 0018:ffff88006b34fdc0 EFLAGS: 00010246 RAX: ffff88006a1bdb40 RBX: 0000000000000fe4 RCX: 0000000000000001 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90004032000 RBP: ffff88006b34fe00 R08: 0000000000000017 R09: 0000000000010000 R10: ffff88003a9568ff R11: ffffed000752ad20 R12: 0000000000000fe4 R13: 0000000020001ff4 R14: 0000000000000fe4 R15: fffffffffffffff2 getname_flags+0x113/0x580 fs/namei.c:148 getname+0x19/0x20 fs/namei.c:208 do_sys_open+0x1c7/0x450 fs/open.c:1045 SYSC_openat fs/open.c:1078 [inline] SyS_openat+0x30/0x40 fs/open.c:1072 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: 0033:0x4458d9 RSP: 002b:00007f8722b37b58 EFLAGS: 00000292 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00000000007080a8 RCX: 00000000004458d9 RDX: 0000000000010100 RSI: 0000000020001ff4 RDI: ffffffffffffff9c RBP: 0000000000000046 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f8722b389c0 R15: 00007f8722b38700 Code: 38 ca 7c 0d 45 84 c9 74 08 4c 89 ff e8 8f a5 97 ff 4c 8b 9d 30 ff ff ff 41 8b 03 c1 e8 1a 85 c0 0f 84 8b fe ff ff e8 15 52 78 ff <0f> 0b e8 0e 52 78 ff 49 8d 7d 03 48 b9 00 00 00 00 00 fc ff df RIP: __radix_tree_insert+0x26b/0x2f0 lib/radix-tree.c:1008 RSP: ffff88006b34f760 ---[ end trace c1b7be537b8a3b4a ]--- Kernel panic - not syncing: Fatal exception Dumping ftrace buffer: (ftrace buffer empty) Kernel Offset: disabled Rebooting in 86400 seconds..