general protection fault in __switch_to_asm
23 views
Skip to first unread message
syzbot
Jun 10, 2020, 6:03:12 AM6/10/20
to ak...@linux-foundation.org, linux-...@vger.kernel.org, li...@dominikbrodowski.net, mhir...@kernel.org, ros...@goodmis.org, syzkall...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e7b08814 Add linux-next specific files for 20200529
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14a1f451100000
kernel config: https://syzkaller.appspot.com/x/.config?x=1e62421a5de6da96
dashboard link: https://syzkaller.appspot.com/bug?extid=fe6eeea133f070606074
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1524ea96100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17fab432100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fe6eee...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.7.0-rc7-next-20200529-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__switch_to_asm+0x0/0x40 arch/x86/entry/entry_64.S:228
Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
RSP: 0018:ffffffff89a07cd8 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88809fce2b40 RCX: 1ffffffff1350dc9
RDX: 1ffff11015cc6fc2 RSI: ffff88809489e280 RDI: ffffffff89a86580
RBP: ffffffff89a07da8 R08: 0000000000000000 R09: fffffbfff155b432
R10: ffffffff8aada18f R11: fffffbfff155b431 R12: ffffffff89a86580
R13: ffff8880ae637e00 R14: ffff88809489e280 R15: ffff8880ae637e18
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563f12be20f8 CR3: 000000009a876000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
context_switch kernel/sched/core.c:3430 [inline]
__schedule+0x8f3/0x1f80 kernel/sched/core.c:4155
schedule_idle+0x53/0x90 kernel/sched/core.c:4258
do_idle+0x327/0x690 kernel/sched/idle.c:297
cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:365
start_kernel+0x9be/0x9fb init/main.c:1043
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Modules linked in:
---[ end trace 7e4004b4996f54a3 ]---
RIP: 0010:__switch_to_asm+0x0/0x40 arch/x86/entry/entry_64.S:228
Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
RSP: 0018:ffffffff89a07cd8 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88809fce2b40 RCX: 1ffffffff1350dc9
RDX: 1ffff11015cc6fc2 RSI: ffff88809489e280 RDI: ffffffff89a86580
RBP: ffffffff89a07da8 R08: 0000000000000000 R09: fffffbfff155b432
R10: ffffffff8aada18f R11: fffffbfff155b431 R12: ffffffff89a86580
R13: ffff8880ae637e00 R14: ffff88809489e280 R15: ffff8880ae637e18
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563f12be20f8 CR3: 000000009a876000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: e7b08814 Add linux-next specific files for 20200529
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14a1f451100000
kernel config: https://syzkaller.appspot.com/x/.config?x=1e62421a5de6da96
dashboard link: https://syzkaller.appspot.com/bug?extid=fe6eeea133f070606074
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1524ea96100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17fab432100000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fe6eee...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.7.0-rc7-next-20200529-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__switch_to_asm+0x0/0x40 arch/x86/entry/entry_64.S:228
Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
RSP: 0018:ffffffff89a07cd8 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88809fce2b40 RCX: 1ffffffff1350dc9
RDX: 1ffff11015cc6fc2 RSI: ffff88809489e280 RDI: ffffffff89a86580
RBP: ffffffff89a07da8 R08: 0000000000000000 R09: fffffbfff155b432
R10: ffffffff8aada18f R11: fffffbfff155b431 R12: ffffffff89a86580
R13: ffff8880ae637e00 R14: ffff88809489e280 R15: ffff8880ae637e18
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563f12be20f8 CR3: 000000009a876000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
context_switch kernel/sched/core.c:3430 [inline]
__schedule+0x8f3/0x1f80 kernel/sched/core.c:4155
schedule_idle+0x53/0x90 kernel/sched/core.c:4258
do_idle+0x327/0x690 kernel/sched/idle.c:297
cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:365
start_kernel+0x9be/0x9fb init/main.c:1043
secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Modules linked in:
---[ end trace 7e4004b4996f54a3 ]---
RIP: 0010:__switch_to_asm+0x0/0x40 arch/x86/entry/entry_64.S:228
Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
RSP: 0018:ffffffff89a07cd8 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff88809fce2b40 RCX: 1ffffffff1350dc9
RDX: 1ffff11015cc6fc2 RSI: ffff88809489e280 RDI: ffffffff89a86580
RBP: ffffffff89a07da8 R08: 0000000000000000 R09: fffffbfff155b432
R10: ffffffff8aada18f R11: fffffbfff155b431 R12: ffffffff89a86580
R13: ffff8880ae637e00 R14: ffff88809489e280 R15: ffff8880ae637e18
FS: 0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000563f12be20f8 CR3: 000000009a876000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Oct 20, 2020, 2:48:07 AM10/20/20
to ak...@linux-foundation.org, b...@alien8.de, daniel...@ffwll.ch, ggher...@suse.cz, gre...@linuxfoundation.org, h...@zytor.com, linux-...@vger.kernel.org, li...@dominikbrodowski.net, mhir...@kernel.org, mi...@redhat.com, penguin...@i-love.sakura.ne.jp, penguin...@i-love.sakura.ne.jp, pet...@infradead.org, rafael.j...@intel.com, rkov...@gmail.com, ros...@goodmis.org, syzkall...@googlegroups.com, tg...@linutronix.de, x...@kernel.org
syzbot suspects this issue was fixed by commit:
commit 033724d6864245a11f8e04c066002e6ad22b3fd0
Author: Tetsuo Handa <penguin...@I-love.SAKURA.ne.jp>
Date: Wed Jul 15 01:51:02 2020 +0000
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17f3766f900000
start commit: 04300d66 Merge tag 'riscv-for-linus-5.8-rc7' of git://git...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267
dashboard link: https://syzkaller.appspot.com/bug?extid=fe6eeea133f070606074
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1575d102900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15dd6ac0900000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 033724d6864245a11f8e04c066002e6ad22b3fd0
Author: Tetsuo Handa <penguin...@I-love.SAKURA.ne.jp>
Date: Wed Jul 15 01:51:02 2020 +0000
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17f3766f900000
start commit: 04300d66 Merge tag 'riscv-for-linus-5.8-rc7' of git://git...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267
dashboard link: https://syzkaller.appspot.com/bug?extid=fe6eeea133f070606074
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1575d102900000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15dd6ac0900000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Tetsuo Handa
Oct 20, 2020, 3:02:49 AM10/20/20
to syzbot, syzkaller-bugs
#syz dup: general protection fault in syscall_return_slowpath
Reply all
Reply to author
Forward
0 new messages