kernel BUG in add_grec (2)
10 views
Skip to first unread message
syzbot
Nov 23, 2022, 11:35:50 AM11/23/22
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 673a7341bdab Merge 5.10.153 into android12-5.10-lts
git tree: android12-5.10-lts
console+strace: https://syzkaller.appspot.com/x/log.txt?x=15140153880000
kernel config: https://syzkaller.appspot.com/x/.config?x=4e4b21ca1ff54f91
dashboard link: https://syzkaller.appspot.com/bug?extid=17a1beb51531a35c0b72
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11932805880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11bce119880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/783883aa563c/disk-673a7341.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2dba445780bf/vmlinux-673a7341.xz
kernel image: https://storage.googleapis.com/syzbot-assets/879a2fd72143/bzImage-673a7341.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+17a1be...@syzkaller.appspotmail.com
skbuff: skb_over_panic: text:ffffffff8302bd69 len:184 put:172 head:ffff8881180b4c00 data:ffff8881180b4c00 tail:0xb8 end:0x80 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:110!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 4850 Comm: sed Not tainted 5.10.153-syzkaller-00570-g673a7341bdab #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:skb_panic+0x14c/0x150 net/core/skbuff.c:106
Code: c7 40 39 79 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 31 c0 53 41 56 41 55 41 54 e8 35 0b d1 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 78 4c
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010286
RAX: 0000000000000087 RBX: ffffffff857939c0 RCX: 776f35013eb05e00
RDX: 0000000000000704 RSI: 0000000000000704 RDI: 0000000000000000
RBP: ffffc90000006f00 R08: ffffffff8153d238 R09: fffff52000000cfd
R10: fffff52000000cfd R11: 1ffff92000000cfc R12: ffff8881180b4c00
R13: 00000000000000b8 R14: 0000000000000080 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0eac406038 CR3: 000000011eb40000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
skb_over_panic net/core/skbuff.c:115 [inline]
skb_put+0x153/0x210 net/core/skbuff.c:1877
skb_put_zero include/linux/skbuff.h:2309 [inline]
cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1118 [inline]
cdc_ncm_fill_tx_frame+0x1229/0x3db0 drivers/net/usb/cdc_ncm.c:1295
cdc_ncm_tx_fixup+0xa2/0xf0 drivers/net/usb/cdc_ncm.c:1516
usbnet_start_xmit+0x116/0x19f0 drivers/net/usb/usbnet.c:1336
__netdev_start_xmit include/linux/netdevice.h:4839 [inline]
netdev_start_xmit include/linux/netdevice.h:4853 [inline]
xmit_one+0x16a/0x480 net/core/dev.c:3593
dev_hard_start_xmit+0xad/0x1c0 net/core/dev.c:3609
sch_direct_xmit+0x28f/0x9b0 net/sched/sch_generic.c:336
qdisc_restart net/sched/sch_generic.c:401 [inline]
__qdisc_run+0x245/0x3e0 net/sched/sch_generic.c:409
qdisc_run include/net/pkt_sched.h:127 [inline]
__dev_xmit_skb net/core/dev.c:3785 [inline]
__dev_queue_xmit+0xe77/0x2a20 net/core/dev.c:4141
dev_queue_xmit+0x17/0x20 net/core/dev.c:4209
neigh_resolve_output+0x6d3/0x780 net/core/neighbour.c:1517
neigh_output include/net/neighbour.h:524 [inline]
ip6_finish_output2+0x108d/0x1950 net/ipv6/ip6_output.c:145
__ip6_finish_output+0x653/0x810 net/ipv6/ip6_output.c:210
ip6_finish_output+0x1c9/0x1e0 net/ipv6/ip6_output.c:220
NF_HOOK_COND include/linux/netfilter.h:293 [inline]
ip6_output+0x211/0x4c0 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:443 [inline]
NF_HOOK include/linux/netfilter.h:304 [inline]
mld_sendpack+0x5d7/0xaf0 net/ipv6/mcast.c:1676
mld_send_cr net/ipv6/mcast.c:1972 [inline]
mld_ifc_timer_expire+0x85b/0xc50 net/ipv6/mcast.c:2471
call_timer_fn+0x35/0x270 kernel/time/timer.c:1420
expire_timers+0x21b/0x3a0 kernel/time/timer.c:1465
__run_timers+0x598/0x6f0 kernel/time/timer.c:1759
run_timer_softirq+0x69/0xf0 kernel/time/timer.c:1772
__do_softirq+0x27e/0x596 kernel/softirq.c:305
asm_call_irq_on_stack+0xf/0x20
</IRQ>
__run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
do_softirq_own_stack+0x60/0x80 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:402 [inline]
__irq_exit_rcu+0x128/0x150 kernel/softirq.c:432
irq_exit_rcu+0x9/0x10 kernel/softirq.c:444
sysvec_apic_timer_interrupt+0xbf/0xe0 arch/x86/kernel/apic/apic.c:1095
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:check_kcov_mode kernel/kcov.c:165 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:218 [inline]
RIP: 0010:__sanitizer_cov_trace_cmp8+0x31/0xa0 kernel/kcov.c:264
Code: 08 65 48 8b 14 25 80 6d 02 00 65 8b 0d 44 87 95 7e f7 c1 00 01 ff 00 74 11 f7 c1 00 01 00 00 74 76 83 ba ac 0a 00 00 00 74 6d <8b> 8a 88 0a 00 00 83 f9 03 75 62 48 8b 8a 90 0a 00 00 44 8b 8a 8c
RSP: 0018:ffffc900046d7790 EFLAGS: 00000246
RAX: 1ffff110231fcd0a RBX: 0000000000003000 RCX: 0000000080000001
RDX: ffff88811aba13c0 RSI: 000000f0f88b2000 RDI: 0000000000003000
RBP: ffffc900046d7790 R08: ffffffff819de8f5 R09: ffff888118fe6968
R10: ffffed10231fcd2f R11: 1ffff110231fcd2d R12: ffff88811e04f818
R13: dffffc0000000000 R14: 000000f0f88b2000 R15: 1ffff110231fcd0a
vma_gap_callbacks_compute_max mm/mmap.c:453 [inline]
vma_gap_callbacks_propagate mm/mmap.c:453 [inline]
vma_gap_update mm/mmap.c:475 [inline]
__vma_link_rb+0x4f5/0x5e0 mm/mmap.c:691
__vma_link mm/mmap.c:721 [inline]
vma_link+0xca/0x290 mm/mmap.c:735
insert_vm_struct+0x32e/0x360 mm/mmap.c:3389
__install_special_mapping+0x1ee/0x330 mm/mmap.c:3627
_install_special_mapping+0x3c/0x50 mm/mmap.c:3664
map_vdso+0x19f/0x290 arch/x86/entry/vdso/vma.c:297
map_vdso_randomized arch/x86/entry/vdso/vma.c:366 [inline]
arch_setup_additional_pages+0x119/0x130 arch/x86/entry/vdso/vma.c:411
load_elf_binary+0x1f27/0x27e0 fs/binfmt_elf.c:1261
search_binary_handler fs/exec.c:1714 [inline]
exec_binprm+0x2a8/0xbc0 fs/exec.c:1755
bprm_execve+0x6fc/0x9f0 fs/exec.c:1831
do_execveat_common+0x905/0xa90 fs/exec.c:1942
do_execve fs/exec.c:2012 [inline]
__do_sys_execve fs/exec.c:2088 [inline]
__se_sys_execve fs/exec.c:2083 [inline]
__x64_sys_execve+0x92/0xb0 fs/exec.c:2083
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f932672b337
Code: Unable to access opcode bytes at RIP 0x7f932672b30d.
RSP: 002b:00007ffea325f838 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 000055cbb6812c80 RCX: 00007f932672b337
RDX: 000055cbb6812ca8 RSI: 000055cbb6812c80 RDI: 000055cbb6812d38
RBP: 000055cbb6812d38 R08: 000055cbb6812d3d R09: 00007f932691d000
R10: 00007f93265c1800 R11: 0000000000000246 R12: 000055cbb6812ca8
R13: 00007f93268d0ff4 R14: 000055cbb6812ca8 R15: 0000000000000000
Modules linked in:
---[ end trace 8a9e5979a69d8489 ]---
RIP: 0010:skb_panic+0x14c/0x150 net/core/skbuff.c:106
Code: c7 40 39 79 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 31 c0 53 41 56 41 55 41 54 e8 35 0b d1 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 78 4c
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010286
RAX: 0000000000000087 RBX: ffffffff857939c0 RCX: 776f35013eb05e00
RDX: 0000000000000704 RSI: 0000000000000704 RDI: 0000000000000000
RBP: ffffc90000006f00 R08: ffffffff8153d238 R09: fffff52000000cfd
R10: fffff52000000cfd R11: 1ffff92000000cfc R12: ffff8881180b4c00
R13: 00000000000000b8 R14: 0000000000000080 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f932672b30d CR3: 000000011eb40000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 08 65 48 or %ah,0x48(%rbp)
3: 8b 14 25 80 6d 02 00 mov 0x26d80,%edx
a: 65 8b 0d 44 87 95 7e mov %gs:0x7e958744(%rip),%ecx # 0x7e958755
11: f7 c1 00 01 ff 00 test $0xff0100,%ecx
17: 74 11 je 0x2a
19: f7 c1 00 01 00 00 test $0x100,%ecx
1f: 74 76 je 0x97
21: 83 ba ac 0a 00 00 00 cmpl $0x0,0xaac(%rdx)
28: 74 6d je 0x97
* 2a: 8b 8a 88 0a 00 00 mov 0xa88(%rdx),%ecx <-- trapping instruction
30: 83 f9 03 cmp $0x3,%ecx
33: 75 62 jne 0x97
35: 48 8b 8a 90 0a 00 00 mov 0xa90(%rdx),%rcx
3c: 44 rex.R
3d: 8b .byte 0x8b
3e: 8a .byte 0x8a
3f: 8c .byte 0x8c
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 673a7341bdab Merge 5.10.153 into android12-5.10-lts
git tree: android12-5.10-lts
console+strace: https://syzkaller.appspot.com/x/log.txt?x=15140153880000
kernel config: https://syzkaller.appspot.com/x/.config?x=4e4b21ca1ff54f91
dashboard link: https://syzkaller.appspot.com/bug?extid=17a1beb51531a35c0b72
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11932805880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11bce119880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/783883aa563c/disk-673a7341.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/2dba445780bf/vmlinux-673a7341.xz
kernel image: https://storage.googleapis.com/syzbot-assets/879a2fd72143/bzImage-673a7341.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+17a1be...@syzkaller.appspotmail.com
skbuff: skb_over_panic: text:ffffffff8302bd69 len:184 put:172 head:ffff8881180b4c00 data:ffff8881180b4c00 tail:0xb8 end:0x80 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:110!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 4850 Comm: sed Not tainted 5.10.153-syzkaller-00570-g673a7341bdab #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:skb_panic+0x14c/0x150 net/core/skbuff.c:106
Code: c7 40 39 79 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 31 c0 53 41 56 41 55 41 54 e8 35 0b d1 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 78 4c
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010286
RAX: 0000000000000087 RBX: ffffffff857939c0 RCX: 776f35013eb05e00
RDX: 0000000000000704 RSI: 0000000000000704 RDI: 0000000000000000
RBP: ffffc90000006f00 R08: ffffffff8153d238 R09: fffff52000000cfd
R10: fffff52000000cfd R11: 1ffff92000000cfc R12: ffff8881180b4c00
R13: 00000000000000b8 R14: 0000000000000080 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0eac406038 CR3: 000000011eb40000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
skb_over_panic net/core/skbuff.c:115 [inline]
skb_put+0x153/0x210 net/core/skbuff.c:1877
skb_put_zero include/linux/skbuff.h:2309 [inline]
cdc_ncm_ndp16 drivers/net/usb/cdc_ncm.c:1118 [inline]
cdc_ncm_fill_tx_frame+0x1229/0x3db0 drivers/net/usb/cdc_ncm.c:1295
cdc_ncm_tx_fixup+0xa2/0xf0 drivers/net/usb/cdc_ncm.c:1516
usbnet_start_xmit+0x116/0x19f0 drivers/net/usb/usbnet.c:1336
__netdev_start_xmit include/linux/netdevice.h:4839 [inline]
netdev_start_xmit include/linux/netdevice.h:4853 [inline]
xmit_one+0x16a/0x480 net/core/dev.c:3593
dev_hard_start_xmit+0xad/0x1c0 net/core/dev.c:3609
sch_direct_xmit+0x28f/0x9b0 net/sched/sch_generic.c:336
qdisc_restart net/sched/sch_generic.c:401 [inline]
__qdisc_run+0x245/0x3e0 net/sched/sch_generic.c:409
qdisc_run include/net/pkt_sched.h:127 [inline]
__dev_xmit_skb net/core/dev.c:3785 [inline]
__dev_queue_xmit+0xe77/0x2a20 net/core/dev.c:4141
dev_queue_xmit+0x17/0x20 net/core/dev.c:4209
neigh_resolve_output+0x6d3/0x780 net/core/neighbour.c:1517
neigh_output include/net/neighbour.h:524 [inline]
ip6_finish_output2+0x108d/0x1950 net/ipv6/ip6_output.c:145
__ip6_finish_output+0x653/0x810 net/ipv6/ip6_output.c:210
ip6_finish_output+0x1c9/0x1e0 net/ipv6/ip6_output.c:220
NF_HOOK_COND include/linux/netfilter.h:293 [inline]
ip6_output+0x211/0x4c0 net/ipv6/ip6_output.c:243
dst_output include/net/dst.h:443 [inline]
NF_HOOK include/linux/netfilter.h:304 [inline]
mld_sendpack+0x5d7/0xaf0 net/ipv6/mcast.c:1676
mld_send_cr net/ipv6/mcast.c:1972 [inline]
mld_ifc_timer_expire+0x85b/0xc50 net/ipv6/mcast.c:2471
call_timer_fn+0x35/0x270 kernel/time/timer.c:1420
expire_timers+0x21b/0x3a0 kernel/time/timer.c:1465
__run_timers+0x598/0x6f0 kernel/time/timer.c:1759
run_timer_softirq+0x69/0xf0 kernel/time/timer.c:1772
__do_softirq+0x27e/0x596 kernel/softirq.c:305
asm_call_irq_on_stack+0xf/0x20
</IRQ>
__run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
do_softirq_own_stack+0x60/0x80 arch/x86/kernel/irq_64.c:77
invoke_softirq kernel/softirq.c:402 [inline]
__irq_exit_rcu+0x128/0x150 kernel/softirq.c:432
irq_exit_rcu+0x9/0x10 kernel/softirq.c:444
sysvec_apic_timer_interrupt+0xbf/0xe0 arch/x86/kernel/apic/apic.c:1095
asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:635
RIP: 0010:check_kcov_mode kernel/kcov.c:165 [inline]
RIP: 0010:write_comp_data kernel/kcov.c:218 [inline]
RIP: 0010:__sanitizer_cov_trace_cmp8+0x31/0xa0 kernel/kcov.c:264
Code: 08 65 48 8b 14 25 80 6d 02 00 65 8b 0d 44 87 95 7e f7 c1 00 01 ff 00 74 11 f7 c1 00 01 00 00 74 76 83 ba ac 0a 00 00 00 74 6d <8b> 8a 88 0a 00 00 83 f9 03 75 62 48 8b 8a 90 0a 00 00 44 8b 8a 8c
RSP: 0018:ffffc900046d7790 EFLAGS: 00000246
RAX: 1ffff110231fcd0a RBX: 0000000000003000 RCX: 0000000080000001
RDX: ffff88811aba13c0 RSI: 000000f0f88b2000 RDI: 0000000000003000
RBP: ffffc900046d7790 R08: ffffffff819de8f5 R09: ffff888118fe6968
R10: ffffed10231fcd2f R11: 1ffff110231fcd2d R12: ffff88811e04f818
R13: dffffc0000000000 R14: 000000f0f88b2000 R15: 1ffff110231fcd0a
vma_gap_callbacks_compute_max mm/mmap.c:453 [inline]
vma_gap_callbacks_propagate mm/mmap.c:453 [inline]
vma_gap_update mm/mmap.c:475 [inline]
__vma_link_rb+0x4f5/0x5e0 mm/mmap.c:691
__vma_link mm/mmap.c:721 [inline]
vma_link+0xca/0x290 mm/mmap.c:735
insert_vm_struct+0x32e/0x360 mm/mmap.c:3389
__install_special_mapping+0x1ee/0x330 mm/mmap.c:3627
_install_special_mapping+0x3c/0x50 mm/mmap.c:3664
map_vdso+0x19f/0x290 arch/x86/entry/vdso/vma.c:297
map_vdso_randomized arch/x86/entry/vdso/vma.c:366 [inline]
arch_setup_additional_pages+0x119/0x130 arch/x86/entry/vdso/vma.c:411
load_elf_binary+0x1f27/0x27e0 fs/binfmt_elf.c:1261
search_binary_handler fs/exec.c:1714 [inline]
exec_binprm+0x2a8/0xbc0 fs/exec.c:1755
bprm_execve+0x6fc/0x9f0 fs/exec.c:1831
do_execveat_common+0x905/0xa90 fs/exec.c:1942
do_execve fs/exec.c:2012 [inline]
__do_sys_execve fs/exec.c:2088 [inline]
__se_sys_execve fs/exec.c:2083 [inline]
__x64_sys_execve+0x92/0xb0 fs/exec.c:2083
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7f932672b337
Code: Unable to access opcode bytes at RIP 0x7f932672b30d.
RSP: 002b:00007ffea325f838 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 000055cbb6812c80 RCX: 00007f932672b337
RDX: 000055cbb6812ca8 RSI: 000055cbb6812c80 RDI: 000055cbb6812d38
RBP: 000055cbb6812d38 R08: 000055cbb6812d3d R09: 00007f932691d000
R10: 00007f93265c1800 R11: 0000000000000246 R12: 000055cbb6812ca8
R13: 00007f93268d0ff4 R14: 000055cbb6812ca8 R15: 0000000000000000
Modules linked in:
---[ end trace 8a9e5979a69d8489 ]---
RIP: 0010:skb_panic+0x14c/0x150 net/core/skbuff.c:106
Code: c7 40 39 79 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 31 c0 53 41 56 41 55 41 54 e8 35 0b d1 00 48 83 c4 20 <0f> 0b 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 ec 78 4c
RSP: 0018:ffffc90000006eb8 EFLAGS: 00010286
RAX: 0000000000000087 RBX: ffffffff857939c0 RCX: 776f35013eb05e00
RDX: 0000000000000704 RSI: 0000000000000704 RDI: 0000000000000000
RBP: ffffc90000006f00 R08: ffffffff8153d238 R09: fffff52000000cfd
R10: fffff52000000cfd R11: 1ffff92000000cfc R12: ffff8881180b4c00
R13: 00000000000000b8 R14: 0000000000000080 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f932672b30d CR3: 000000011eb40000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 08 65 48 or %ah,0x48(%rbp)
3: 8b 14 25 80 6d 02 00 mov 0x26d80,%edx
a: 65 8b 0d 44 87 95 7e mov %gs:0x7e958744(%rip),%ecx # 0x7e958755
11: f7 c1 00 01 ff 00 test $0xff0100,%ecx
17: 74 11 je 0x2a
19: f7 c1 00 01 00 00 test $0x100,%ecx
1f: 74 76 je 0x97
21: 83 ba ac 0a 00 00 00 cmpl $0x0,0xaac(%rdx)
28: 74 6d je 0x97
* 2a: 8b 8a 88 0a 00 00 mov 0xa88(%rdx),%ecx <-- trapping instruction
30: 83 f9 03 cmp $0x3,%ecx
33: 75 62 jne 0x97
35: 48 8b 8a 90 0a 00 00 mov 0xa90(%rdx),%rcx
3c: 44 rex.R
3d: 8b .byte 0x8b
3e: 8a .byte 0x8a
3f: 8c .byte 0x8c
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages