Kernel crash at i2cdev_ioctl_rdwr in drivers/i2c/i2c-dev.c:297
86 views
Skip to first unread message
$rik@nth
Dec 5, 2018, 11:37:31 PM12/5/18
to linu...@vger.kernel.org, syzkaller
Hi i2c-dev,
Kernel Version: Linux version 4.14.78+ (smuppand@smuppand-linux) (clang version 6.0.9 for Android NDK)
Additional Configs: https://android.googlesource.com/kernel/configs/+/master/android-4.14/ + KASAN + FAULT INJECTION.
Refer https://github.com/google/syzkaller/blob/master/docs/linux/kernel_configs.md on how to enable KASAN and FAULT INJECTION.
Observed kernel crash while fuzzing I2C IOCTLS, Unfortunately i don't have an reproducer to provide.
=============================================================================================================================================
Unable to handle kernel paging request at virtual address dfffff9000000002Mem abort info:
Exception class = DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 4
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
[dfffff9000000002] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in: wlan(O) wcd937x_slave_dlkm(O) machine_dlkm(O) wcd937x_dlkm(O) wcd934x_dlkm(O) mbhc_dlkm(O) wcd9xxx_dlkm(O) tx_macro_dlkm(O) rx_macro_dlkm(O) va_macro_dlkm(O) wsa_macro_dlkm(O) swr_ctrl_dlkm(O) bolero_cdc_dlkm(O) wsa881x_dlkm(O) wcd_core_dlkm(O) stub_dlkm(O) wcd_spi_dlkm(O) hdmi_dlkm(O) swr_dlkm(O) pinctrl_lpi_dlkm(O) pinctrl_wcd_dlkm(O) usf_dlkm(O) native_dlkm(O) platform_dlkm(O) q6_dlkm(O) adsp_loader_dlkm(O) apr_dlkm(O) snd_event_dlkm(O) q6_notifier_dlkm(O) q6_pdr_dlkm(O) wglink_dlkm(O) msm_11ad_proxy
init: Received control message 'interface_start' for 'android.hardware.drm@1.0::IDrmFactory/default' from pid: 517 (/system/bin/hwservicemanager)
init: Could not find service hosting interface android.hardware.drm@1.0::IDrmFactory/default
CPU: 7 PID: 20427 Comm: syz-executor Tainted: G S B W O 4.14.78+ #1
Hardware name: Kernel Development board
task: ffffffc06c73b500 task.stack: ffffffc050d28000
pc : i2cdev_ioctl_rdwr+0x2ac/0x718 drivers/i2c/i2c-dev.c:297
lr : i2cdev_ioctl_rdwr+0x25c/0x718 drivers/i2c/i2c-dev.c:278
sp : ffffffc050d2faa0 pstate : 00400145
x29: ffffffc050d2fbb0 x28: 1ffffff80d6986a0
x27: ffffffc06b4c3500 x26: ffffffc06b4c3504
x25: ffffffc06b4c2d80 x24: 0000000000000000
x23: 0000000000000010 x22: dfffff9000000000
x21: 00000000ffffffff x20: 1ffffff80d6986a1
x19: ffffffc06b4c3500 x18: 0000007fd31308af
x17: 69622f3a6e696273 x16: ffffff900851ec38
x15: ffffffffffffffff x14: 0000000008084f00
x13: 00000000cb749452 x12: ffffffffffffffff
x11: 0000000000040000 x10: 0000000000001198
x9 : ffffff9034f34000 x8 : 0000000000000002
x7 : ffffffffffffffff x6 : 0000000000000010
x5 : 0000000000000010 x4 : 004f080890ffffff
x3 : ffffff9008432174 x2 : 0000000000000000
x1 : 0000000020000180 x0 : 0000000000000010
PC: 0xffffff90098d417c:
417c 97af774d b14006ff f9000377 54000aa8 91000a7b d343ff68 38f66908 35000528
419c 79400368 37500088 97a80202 f94027fb 14000012 f94027fb 36001928 d343fee8
41bc 38f66908 35000528 394002f3 340018f3 38f66b88 35000568 79400354 11008277
41dc 97a801f4 6b1402ff 54001868 38f66b88 35000568 79000353 f94023fa 91002339
LR: 0xffffff90098d412c:
412c 38766a88 34000068 aa1b03e0 97af7718 d343ff28 f9400377 38766908 34000068
414c aa1903e0 97af7758 f9000337 38f66b88 35000628 79400341 aa1703e0 97ad77d3
416c 38766a88 aa0003f7 34000068 aa1b03e0 97af774d b14006ff f9000377 54000aa8
418c 91000a7b d343ff68 38f66908 35000528 79400368 37500088 97a80202 f94027fb
SP: 0xffffffc050d2fa60:
fa60 098d41bc ffffff90 00400145 00000000 00000000 dfffff90 ffffffff 00000000
fa80 ffffffff 0000007f 6b4c3500 ffffffc0 50d2fbb0 ffffffc0 098d41bc ffffff90
faa0 45e0360e 00000000 0b09418e ffffff90 088e7be8 ffffff90 0b5c5010 ffffff90
fac0 6e00d480 ffffffc0 6b4c2d80 ffffffc0 0d8e76a8 1ffffff8 6c73b540 ffffffc0
Process syz-executor (pid: 20427, stack limit = 0xffffffc050d28000)
Call trace:
i2cdev_ioctl_rdwr+0x2ac/0x718 drivers/i2c/i2c-dev.c:297
i2cdev_ioctl+0x2bc/0x56c drivers/i2c/i2c-dev.c:458
vfs_ioctl+0x7c/0xb4 fs/ioctl.c:46
do_vfs_ioctl+0x868/0x1384 fs/ioctl.c:686
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x6c/0xa4 fs/ioctl.c:692
el0_svc_naked+0x34/0x38
Code: 14000012 f94027fb 36001928 d343fee8 (38f66908)
---[ end trace ee939dfcd192a9ce ]---
=============================================================================================================================================
--
--
Thanks & Regards,
M.Srikanth Kumar.
M.Srikanth Kumar.
Reply all
Reply to author
Forward
0 new messages