kernel BUG at arch/x86/kernel/traps.c:LINE!
78 views
Skip to first unread message
syzbot
Aug 23, 2020, 5:14:22 AM8/23/20
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2f4d6c9f ANDROID: arm64: add __va_function
git tree: android-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1718b9a9900000
kernel config: https://syzkaller.appspot.com/x/.config?x=71d36a7b70f701e3
dashboard link: https://syzkaller.appspot.com/bug?extid=9f45ad0cae96e2ce89f9
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9f45ad...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at arch/x86/kernel/traps.c:656!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.4.59-syzkaller-00527-g2f4d6c9fd77c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fixup_bad_iret+0x93/0xa0 arch/x86/kernel/traps.c:657
Code: c3 e0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3f 24 6a 00 f6 03 03 74 0d 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:fffffe000003bef0 EFLAGS: 00010046
RAX: 1fffffc0000077fc RBX: fffffe000003bfe0 RCX: ffffffff810619a7
RDX: 0000000000000008 RSI: fffffe000003bf20 RDI: fffffe000003bf50
RBP: 0000000000000000 R08: ffffffff81330774 R09: ffffffff83e00078
R10: ffffffff83e00e88 R11: ffffffff83e00e88 R12: fffffe000003bfd8
R13: dffffc0000000000 R14: fffffe000003bf50 R15: fffffe000003bf20
FS: 0000000000000000(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa661e75000 CR3: 000000019a370004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<ENTRY_TRAMPOLINE>
error_entry+0xaf/0xc0 arch/x86/entry/entry_64.S:1365
RIP: db923748:0x1ffff1103b7246e9
------------[ cut here ]------------
PANIC: double fault, error_code: 0x0
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.4.59-syzkaller-00527-g2f4d6c9fd77c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:number+0x8e/0x1170 lib/vsprintf.c:418
Code: f5 d5 83 48 8d 94 24 80 00 00 00 48 c1 ea 03 48 b8 f1 f1 f1 f1 00 00 00 f3 48 89 04 0a 48 89 54 24 78 c7 44 0a 08 f3 f3 f3 f3 <e8> 3d 11 6c fd 4d 89 e6 49 c1 ee 20 45 89 f7 41 83 e7 40 31 ff 44
RSP: 0018:fffffe000003b000 EFLAGS: 00010802
RAX: f3000000f1f1f1f1 RBX: fffffe000003b260 RCX: dffffc0000000000
RDX: 1fffffc000007610 RSI: fffffe008003b3bf RDI: fffffe000003b3c1
RBP: fffffe000003b130 R08: ffffffff83d5b39e R09: ffffffff83d5b27c
R10: ffff8881da9bcd80 R11: 0000000000000012 R12: ffff0a0000000509
R13: fffffe000003b3c1 R14: fffffe000003b3c1 R15: ffffffff8494cb2b
FS: 0000000000000000(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffe000003aff8 CR3: 000000019a370004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<ENTRY_TRAMPOLINE>
vsnprintf+0x1323/0x1c50 lib/vsprintf.c:2601
sprintf+0xd9/0x120 lib/vsprintf.c:2737
print_time kernel/printk/printk.c:1299 [inline]
print_prefix kernel/printk/printk.c:1325 [inline]
msg_print_text+0x1f4/0x580 kernel/printk/printk.c:1344
console_unlock+0x544/0xe50 kernel/printk/printk.c:2476
vprintk_emit+0x1f9/0x4f0 kernel/printk/printk.c:2024
printk+0xd2/0x114 kernel/printk/printk.c:2084
__warn_printk+0xb2/0x120 kernel/panic.c:625
ex_handler_uaccess+0x9c/0xc0 arch/x86/mm/extable.c:126
fixup_exception+0x92/0xd0 arch/x86/mm/extable.c:228
do_general_protection+0x1a3/0x3e0 arch/x86/kernel/traps.c:539
general_protection+0x28/0x30 arch/x86/entry/entry_64.S:1202
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205
Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4
RSP: 0018:fffffe000003bb20 EFLAGS: 00010046
RAX: ffffffff817345a5 RBX: 0000000000000040 RCX: 0000000000000040
RDX: 0000000000000040 RSI: 1ffff1103b7246bf RDI: fffffe000003bb80
RBP: 1ffff1103b537af6 R08: ffffffff8173458d R09: ffffffff8173433a
R10: ffff8881da9bcd80 R11: 0000000000000003 R12: fffffe000003bb80
R13: ffff8881da9bd7b0 R14: 1ffff1103b537b1b R15: ffff8881da9bcd80
copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
raw_copy_from_user arch/x86/include/asm/uaccess_64.h:71 [inline]
__copy_from_user_inatomic include/linux/uaccess.h:63 [inline]
probe_read_common mm/maccess.c:15 [inline]
__probe_kernel_read+0xee/0x1a0 mm/maccess.c:57
show_opcodes arch/x86/kernel/dumpstack.c:109 [inline]
show_ip+0xa5/0x100 arch/x86/kernel/dumpstack.c:126
show_iret_regs+0x10/0x40 arch/x86/kernel/dumpstack.c:131
__show_regs+0x23/0x510 arch/x86/kernel/process_64.c:74
show_regs_if_on_stack arch/x86/kernel/dumpstack.c:149 [inline]
show_trace_log_lvl+0x4f4/0x5b0 arch/x86/kernel/dumpstack.c:274
show_regs arch/x86/kernel/dumpstack.c:423 [inline]
__die+0xbd/0x100 arch/x86/kernel/dumpstack.c:388
die+0x26/0x50 arch/x86/kernel/dumpstack.c:408
do_trap_no_signal arch/x86/kernel/traps.c:212 [inline]
do_trap+0x1e7/0x340 arch/x86/kernel/traps.c:251
do_error_trap arch/x86/kernel/traps.c:278 [inline]
do_invalid_op+0xfb/0x110 arch/x86/kernel/traps.c:291
invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:1029
RIP: 0010:fixup_bad_iret+0x93/0xa0 arch/x86/kernel/traps.c:657
Code: c3 e0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3f 24 6a 00 f6 03 03 74 0d 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:fffffe000003bef0 EFLAGS: 00010046
RAX: 1fffffc0000077fc RBX: fffffe000003bfe0 RCX: ffffffff810619a7
RDX: 0000000000000008 RSI: fffffe000003bf20 RDI: fffffe000003bf50
RBP: 0000000000000000 R08: ffffffff81330774 R09: ffffffff83e00078
R10: ffffffff83e00e88 R11: ffffffff83e00e88 R12: fffffe000003bfd8
R13: dffffc0000000000 R14: fffffe000003bf50 R15: fffffe000003bf20
error_entry+0xaf/0xc0 arch/x86/entry/entry_64.S:1365
RIP: db923748:0x1ffff1103b7246e9
Code: Bad RIP value.
RSP: db923740:ffff8881db909d88 EFLAGS: 1ffff1103b7213b1 ORIG_RAX: 00000000ffffbc10
RAX: ffff88818a0071c0 RBX: ffffffff83e00e88 RCX: ffff88818a0071c8
RDX: ffffffff83e00078 RSI: ffff88818a0071e0 RDI: ffffffff8133050c
RBP: ffff88818a0071c0 R08: ffff8881db923740 R09: 0000000000000000
R10: ffffffff83e00078 R11: ffffffff81330774 R12: ffff8881db923740
R13: 0000000000000000 R14: ffffffff83e00078 R15: ffffffff81330774
</ENTRY_TRAMPOLINE>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 2f4d6c9f ANDROID: arm64: add __va_function
git tree: android-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=1718b9a9900000
kernel config: https://syzkaller.appspot.com/x/.config?x=71d36a7b70f701e3
dashboard link: https://syzkaller.appspot.com/bug?extid=9f45ad0cae96e2ce89f9
compiler: Android (6032204 based on r370808) clang version 10.0.1 (https://android.googlesource.com/toolchain/llvm-project 6e765c10313d15c02ab29977a82938f66742c3a9)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9f45ad...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at arch/x86/kernel/traps.c:656!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.4.59-syzkaller-00527-g2f4d6c9fd77c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fixup_bad_iret+0x93/0xa0 arch/x86/kernel/traps.c:657
Code: c3 e0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3f 24 6a 00 f6 03 03 74 0d 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:fffffe000003bef0 EFLAGS: 00010046
RAX: 1fffffc0000077fc RBX: fffffe000003bfe0 RCX: ffffffff810619a7
RDX: 0000000000000008 RSI: fffffe000003bf20 RDI: fffffe000003bf50
RBP: 0000000000000000 R08: ffffffff81330774 R09: ffffffff83e00078
R10: ffffffff83e00e88 R11: ffffffff83e00e88 R12: fffffe000003bfd8
R13: dffffc0000000000 R14: fffffe000003bf50 R15: fffffe000003bf20
FS: 0000000000000000(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa661e75000 CR3: 000000019a370004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<ENTRY_TRAMPOLINE>
error_entry+0xaf/0xc0 arch/x86/entry/entry_64.S:1365
RIP: db923748:0x1ffff1103b7246e9
------------[ cut here ]------------
PANIC: double fault, error_code: 0x0
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 5.4.59-syzkaller-00527-g2f4d6c9fd77c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:number+0x8e/0x1170 lib/vsprintf.c:418
Code: f5 d5 83 48 8d 94 24 80 00 00 00 48 c1 ea 03 48 b8 f1 f1 f1 f1 00 00 00 f3 48 89 04 0a 48 89 54 24 78 c7 44 0a 08 f3 f3 f3 f3 <e8> 3d 11 6c fd 4d 89 e6 49 c1 ee 20 45 89 f7 41 83 e7 40 31 ff 44
RSP: 0018:fffffe000003b000 EFLAGS: 00010802
RAX: f3000000f1f1f1f1 RBX: fffffe000003b260 RCX: dffffc0000000000
RDX: 1fffffc000007610 RSI: fffffe008003b3bf RDI: fffffe000003b3c1
RBP: fffffe000003b130 R08: ffffffff83d5b39e R09: ffffffff83d5b27c
R10: ffff8881da9bcd80 R11: 0000000000000012 R12: ffff0a0000000509
R13: fffffe000003b3c1 R14: fffffe000003b3c1 R15: ffffffff8494cb2b
FS: 0000000000000000(0000) GS:ffff8881db900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffe000003aff8 CR3: 000000019a370004 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<ENTRY_TRAMPOLINE>
vsnprintf+0x1323/0x1c50 lib/vsprintf.c:2601
sprintf+0xd9/0x120 lib/vsprintf.c:2737
print_time kernel/printk/printk.c:1299 [inline]
print_prefix kernel/printk/printk.c:1325 [inline]
msg_print_text+0x1f4/0x580 kernel/printk/printk.c:1344
console_unlock+0x544/0xe50 kernel/printk/printk.c:2476
vprintk_emit+0x1f9/0x4f0 kernel/printk/printk.c:2024
printk+0xd2/0x114 kernel/printk/printk.c:2084
__warn_printk+0xb2/0x120 kernel/panic.c:625
ex_handler_uaccess+0x9c/0xc0 arch/x86/mm/extable.c:126
fixup_exception+0x92/0xd0 arch/x86/mm/extable.c:228
do_general_protection+0x1a3/0x3e0 arch/x86/kernel/traps.c:539
general_protection+0x28/0x30 arch/x86/entry/entry_64.S:1202
RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 arch/x86/lib/copy_user_64.S:205
Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 <f3> a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4
RSP: 0018:fffffe000003bb20 EFLAGS: 00010046
RAX: ffffffff817345a5 RBX: 0000000000000040 RCX: 0000000000000040
RDX: 0000000000000040 RSI: 1ffff1103b7246bf RDI: fffffe000003bb80
RBP: 1ffff1103b537af6 R08: ffffffff8173458d R09: ffffffff8173433a
R10: ffff8881da9bcd80 R11: 0000000000000003 R12: fffffe000003bb80
R13: ffff8881da9bd7b0 R14: 1ffff1103b537b1b R15: ffff8881da9bcd80
copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline]
raw_copy_from_user arch/x86/include/asm/uaccess_64.h:71 [inline]
__copy_from_user_inatomic include/linux/uaccess.h:63 [inline]
probe_read_common mm/maccess.c:15 [inline]
__probe_kernel_read+0xee/0x1a0 mm/maccess.c:57
show_opcodes arch/x86/kernel/dumpstack.c:109 [inline]
show_ip+0xa5/0x100 arch/x86/kernel/dumpstack.c:126
show_iret_regs+0x10/0x40 arch/x86/kernel/dumpstack.c:131
__show_regs+0x23/0x510 arch/x86/kernel/process_64.c:74
show_regs_if_on_stack arch/x86/kernel/dumpstack.c:149 [inline]
show_trace_log_lvl+0x4f4/0x5b0 arch/x86/kernel/dumpstack.c:274
show_regs arch/x86/kernel/dumpstack.c:423 [inline]
__die+0xbd/0x100 arch/x86/kernel/dumpstack.c:388
die+0x26/0x50 arch/x86/kernel/dumpstack.c:408
do_trap_no_signal arch/x86/kernel/traps.c:212 [inline]
do_trap+0x1e7/0x340 arch/x86/kernel/traps.c:251
do_error_trap arch/x86/kernel/traps.c:278 [inline]
do_invalid_op+0xfb/0x110 arch/x86/kernel/traps.c:291
invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:1029
RIP: 0010:fixup_bad_iret+0x93/0xa0 arch/x86/kernel/traps.c:657
Code: c3 e0 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3f 24 6a 00 f6 03 03 74 0d 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41
RSP: 0018:fffffe000003bef0 EFLAGS: 00010046
RAX: 1fffffc0000077fc RBX: fffffe000003bfe0 RCX: ffffffff810619a7
RDX: 0000000000000008 RSI: fffffe000003bf20 RDI: fffffe000003bf50
RBP: 0000000000000000 R08: ffffffff81330774 R09: ffffffff83e00078
R10: ffffffff83e00e88 R11: ffffffff83e00e88 R12: fffffe000003bfd8
R13: dffffc0000000000 R14: fffffe000003bf50 R15: fffffe000003bf20
error_entry+0xaf/0xc0 arch/x86/entry/entry_64.S:1365
RIP: db923748:0x1ffff1103b7246e9
Code: Bad RIP value.
RSP: db923740:ffff8881db909d88 EFLAGS: 1ffff1103b7213b1 ORIG_RAX: 00000000ffffbc10
RAX: ffff88818a0071c0 RBX: ffffffff83e00e88 RCX: ffff88818a0071c8
RDX: ffffffff83e00078 RSI: ffff88818a0071e0 RDI: ffffffff8133050c
RBP: ffff88818a0071c0 R08: ffff8881db923740 R09: 0000000000000000
R10: ffffffff83e00078 R11: ffffffff81330774 R12: ffff8881db923740
R13: 0000000000000000 R14: ffffffff83e00078 R15: ffffffff81330774
</ENTRY_TRAMPOLINE>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 21, 2020, 4:14:07 AM12/21/20
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages