general protection fault in io_apic_modify_irq
9 views
Skip to first unread message
syzbot
Dec 3, 2017, 9:25:05 AM12/3/17
to andriy.s...@linux.intel.com, b...@suse.de, douly...@cn.fujitsu.com, h...@zytor.com, jgr...@suse.com, linux-...@vger.kernel.org, mi...@redhat.com, m...@chromium.org, raymon...@gmail.com, rrus...@cisco.com, syzkall...@googlegroups.com, tg...@linutronix.de, x...@kernel.org
Hello,
syzkaller hit the following crash on
a4f586bceda49b0e43a3606905582e5104052e4b
git://git.cmpxchg.org/linux-mmots.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
APIC: Switch to symmetric I/O mode setup
x2apic enabled
Switched APIC routing to physical x2apic.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.15.0-rc1-mm1+ #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffffffff85e2f380 task.stack: ffffffff85e00000
RIP: 0010:io_apic_modify_irq+0x2c/0x210 arch/x86/kernel/apic/io_apic.c:439
RSP: 0000:ffff8801db407ea8 EFLAGS: 00010082
RAX: dffffc0000000000 RBX: 0000000000000082 RCX: ffffffff812e4470
RDX: 0000000000010000 RSI: 00000000ffffffff RDI: 0000000000000002
RBP: ffff8801db407ee0 R08: ffff8801db407878 R09: 1ffffffff0e49401
R10: 0000000000000000 R11: ffffffff8748cda0 R12: ffffffff812e4470
R13: 0000000000000010 R14: ffff8801db014978 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88021ffff000 CR3: 0000000005e25000 CR4: 00000000000406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
mask_ioapic_irq+0x51/0x70 arch/x86/kernel/apic/io_apic.c:473
mask_irq.part.31+0x64/0xe0 kernel/irq/chip.c:420
mask_irq kernel/irq/chip.c:634 [inline]
mask_ack_irq kernel/irq/chip.c:408 [inline]
handle_level_irq+0x374/0x430 kernel/irq/chip.c:629
generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
handle_irq+0x17a/0x300 arch/x86/kernel/irq_64.c:77
do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:229
common_interrupt+0xa9/0xa9 arch/x86/entry/entry_64.S:687
</IRQ>
RIP: 0010:mp_irqdomain_get_attr arch/x86/kernel/apic/io_apic.c:2883 [inline]
RIP: 0010:mp_irqdomain_alloc+0x33f/0xed0 arch/x86/kernel/apic/io_apic.c:2951
RSP: 0000:ffffffff85e07958 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffcf
RAX: dffffc0000000000 RBX: ffffffff85e07bd8 RCX: ffffffff815b2578
RDX: 1ffff1003b602933 RSI: 1ffffffff0bc5f8b RDI: ffff8801db014998
RBP: ffffffff85e07a20 R08: 1ffffffff0bc0ea6 R09: ffff8801db014968
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff865ebaa0
R13: ffffffff85e07bf4 R14: ffffffff85e07bec R15: ffff8801db012780
irq_domain_alloc_irqs_hierarchy kernel/irq/irqdomain.c:1373 [inline]
__irq_domain_alloc_irqs+0x37a/0x7e0 kernel/irq/irqdomain.c:1434
alloc_isa_irq_from_domain.isra.9+0x1a4/0x290
arch/x86/kernel/apic/io_apic.c:1018
mp_map_pin_to_irq+0x5dc/0xbb0 arch/x86/kernel/apic/io_apic.c:1057
pin_2_irq+0x9e/0x110 arch/x86/kernel/apic/io_apic.c:1103
setup_IO_APIC_irqs arch/x86/kernel/apic/io_apic.c:1219 [inline]
setup_IO_APIC+0x3d7/0x15b7 arch/x86/kernel/apic/io_apic.c:2328
apic_bsp_setup+0x105/0x10a arch/x86/kernel/apic/apic.c:2339
apic_intr_mode_init+0x376/0x37d arch/x86/kernel/apic/apic.c:1318
x86_late_time_init+0x56/0x5d arch/x86/kernel/time.c:92
start_kernel+0x632/0x74f init/main.c:677
x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 e5 41 57 41 56 41 55 4c 8d 6f 10
41 54 49 89 ff 53 49 89 cc 4c 89 ef 48 c1 ef 03 48 83 ec 10 <80> 3c 07 00
0f 85 77 01 00 00 4c 89 ef 48 b8 00 00 00 00 00 fc
RIP: io_apic_modify_irq+0x2c/0x210 arch/x86/kernel/apic/io_apic.c:439 RSP:
ffff8801db407ea8
---[ end trace 6cab3876646e447c ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzkaller hit the following crash on
a4f586bceda49b0e43a3606905582e5104052e4b
git://git.cmpxchg.org/linux-mmots.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
APIC: Switch to symmetric I/O mode setup
x2apic enabled
Switched APIC routing to physical x2apic.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.15.0-rc1-mm1+ #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffffffff85e2f380 task.stack: ffffffff85e00000
RIP: 0010:io_apic_modify_irq+0x2c/0x210 arch/x86/kernel/apic/io_apic.c:439
RSP: 0000:ffff8801db407ea8 EFLAGS: 00010082
RAX: dffffc0000000000 RBX: 0000000000000082 RCX: ffffffff812e4470
RDX: 0000000000010000 RSI: 00000000ffffffff RDI: 0000000000000002
RBP: ffff8801db407ee0 R08: ffff8801db407878 R09: 1ffffffff0e49401
R10: 0000000000000000 R11: ffffffff8748cda0 R12: ffffffff812e4470
R13: 0000000000000010 R14: ffff8801db014978 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88021ffff000 CR3: 0000000005e25000 CR4: 00000000000406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
mask_ioapic_irq+0x51/0x70 arch/x86/kernel/apic/io_apic.c:473
mask_irq.part.31+0x64/0xe0 kernel/irq/chip.c:420
mask_irq kernel/irq/chip.c:634 [inline]
mask_ack_irq kernel/irq/chip.c:408 [inline]
handle_level_irq+0x374/0x430 kernel/irq/chip.c:629
generic_handle_irq_desc include/linux/irqdesc.h:159 [inline]
handle_irq+0x17a/0x300 arch/x86/kernel/irq_64.c:77
do_IRQ+0x78/0x190 arch/x86/kernel/irq.c:229
common_interrupt+0xa9/0xa9 arch/x86/entry/entry_64.S:687
</IRQ>
RIP: 0010:mp_irqdomain_get_attr arch/x86/kernel/apic/io_apic.c:2883 [inline]
RIP: 0010:mp_irqdomain_alloc+0x33f/0xed0 arch/x86/kernel/apic/io_apic.c:2951
RSP: 0000:ffffffff85e07958 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffcf
RAX: dffffc0000000000 RBX: ffffffff85e07bd8 RCX: ffffffff815b2578
RDX: 1ffff1003b602933 RSI: 1ffffffff0bc5f8b RDI: ffff8801db014998
RBP: ffffffff85e07a20 R08: 1ffffffff0bc0ea6 R09: ffff8801db014968
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff865ebaa0
R13: ffffffff85e07bf4 R14: ffffffff85e07bec R15: ffff8801db012780
irq_domain_alloc_irqs_hierarchy kernel/irq/irqdomain.c:1373 [inline]
__irq_domain_alloc_irqs+0x37a/0x7e0 kernel/irq/irqdomain.c:1434
alloc_isa_irq_from_domain.isra.9+0x1a4/0x290
arch/x86/kernel/apic/io_apic.c:1018
mp_map_pin_to_irq+0x5dc/0xbb0 arch/x86/kernel/apic/io_apic.c:1057
pin_2_irq+0x9e/0x110 arch/x86/kernel/apic/io_apic.c:1103
setup_IO_APIC_irqs arch/x86/kernel/apic/io_apic.c:1219 [inline]
setup_IO_APIC+0x3d7/0x15b7 arch/x86/kernel/apic/io_apic.c:2328
apic_bsp_setup+0x105/0x10a arch/x86/kernel/apic/apic.c:2339
apic_intr_mode_init+0x376/0x37d arch/x86/kernel/apic/apic.c:1318
x86_late_time_init+0x56/0x5d arch/x86/kernel/time.c:92
start_kernel+0x632/0x74f init/main.c:677
x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:378
x86_64_start_kernel+0x77/0x7a arch/x86/kernel/head64.c:359
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:237
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 e5 41 57 41 56 41 55 4c 8d 6f 10
41 54 49 89 ff 53 49 89 cc 4c 89 ef 48 c1 ef 03 48 83 ec 10 <80> 3c 07 00
0f 85 77 01 00 00 4c 89 ef 48 b8 00 00 00 00 00 fc
RIP: io_apic_modify_irq+0x2c/0x210 arch/x86/kernel/apic/io_apic.c:439 RSP:
ffff8801db407ea8
---[ end trace 6cab3876646e447c ]---
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
Please credit me with: Reported-by: syzbot <syzk...@googlegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is committed, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Dmitry Vyukov
Feb 13, 2018, 2:32:42 PM2/13/18
to syzbot, syzkall...@googlegroups.com
old bug bankruptcy
#syz invalid
On Sun, Dec 3, 2017 at 3:25 PM, syzbot
<bot+96d3999f590194d7da...@syzkaller.appspotmail.com>
wrote:
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a113ece8c0239c0055f705ea3%40google.com.
> For more options, visit https://groups.google.com/d/optout.
#syz invalid
On Sun, Dec 3, 2017 at 3:25 PM, syzbot
<bot+96d3999f590194d7da...@syzkaller.appspotmail.com>
wrote:
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/001a113ece8c0239c0055f705ea3%40google.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages