Re: general protection fault in mas_empty_area_rev

From: Liam R. Howlett
Date: Mon Apr 22 2024 - 10:13:43 EST

Next message: Thomas Gleixner: "Re: [PATCH] selftests: Make ksft_exit functions return void instead of int"
Previous message: Jani Nikula: "Re: Reliably selecting non-CEA modes on Intel graphics (and maybe others)"
In reply to: Marius Fleischer: "general protection fault in mas_empty_area_rev"
Next in thread: Marius Fleischer: "Re: general protection fault in mas_empty_area_rev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Marius Fleischer <fleischermarius@xxxxxxxxx> [240420 16:08]:
> Hi,
>
>
> We would like to report the following bug which has been found by our
> modified version of syzkaller.
>
> ======================================================
>
> description: general protection fault in mas_empty_area_rev
>
> affected file: lib/maple_tree.c
>
> kernel version: 6.9-rc4
>
> kernel commit: 0bbac3facb5d6cc0171c45c9873a2dc96bea9680
>
> git tree: upstream
>
> kernel config: attached
>
> crash reproducer: attached
>
> ======================================================

Thank you for reporting this issue. I'm currently looking at what went
wrong.

It does not occur with my configuration against the reported kernel
version. I'll attempt to recreate it with your kernel config next -
with whatever modifications I need to get it to boot in my test
environment.

>
> Crash log:
>
> general protection fault, probably for non-canonical address
> 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
>
> KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
>
> CPU: 0 PID: 79545 Comm: syz-executor.0 Not tainted 6.9.0-rc4-dirty #3

This indicates that you built with your own patches. Could you test an
unmodified 6.9.0-rc4 with your setup?

Thanks,
Liam

>
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1
> 04/01/2014
>
> RIP: 0010:ma_dead_node lib/maple_tree.c:560 [inline]
>
> RIP: 0010:mas_data_end lib/maple_tree.c:1450 [inline]
>
> RIP: 0010:mas_empty_area_rev+0x15ad/0x2320 lib/maple_tree.c:5114
>
..

> Call Trace:
>
> <TASK>
>
> unmapped_area_topdown mm/mmap.c:1643 [inline]
>
> vm_unmapped_area+0x2db/0xb30 mm/mmap.c:1682
>
> arch_get_unmapped_area_topdown+0x384/0x750 arch/x86/kernel/sys_x86_64.c:212
>
> thp_get_unmapped_area mm/huge_memory.c:864 [inline]
>
> thp_get_unmapped_area+0x361/0x430 mm/huge_memory.c:854
>
> get_unmapped_area+0x1db/0x3e0 mm/mmap.c:1845
>
> do_mmap+0x282/0xef0 mm/mmap.c:1261
>
> vm_mmap_pgoff+0x1a7/0x3b0 mm/util.c:573
..

Next message: Thomas Gleixner: "Re: [PATCH] selftests: Make ksft_exit functions return void instead of int"
Previous message: Jani Nikula: "Re: Reliably selecting non-CEA modes on Intel graphics (and maybe others)"
In reply to: Marius Fleischer: "general protection fault in mas_empty_area_rev"
Next in thread: Marius Fleischer: "Re: general protection fault in mas_empty_area_rev"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]