[syzbot] [kernel?] general protection fault in bnep_session
7 views
Skip to first unread message
syzbot
Nov 23, 2024, 6:04:21 PM11/23/24
to gre...@linuxfoundation.org, linux-...@vger.kernel.org, net...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: fcc79e1714e8 Merge tag 'net-next-6.13' of git://git.kernel..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=135bbb78580000
kernel config: https://syzkaller.appspot.com/x/.config?x=275de99a754927af
dashboard link: https://syzkaller.appspot.com/bug?extid=6df45dd3d03e1a9aca96
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1539da626e54/disk-fcc79e17.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d44dbcc68df2/vmlinux-fcc79e17.xz
kernel image: https://storage.googleapis.com/syzbot-assets/76fdad1309ae/bzImage-fcc79e17.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6df45d...@syzkaller.appspotmail.com
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 8179 Comm: kbnepd bnep0 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:klist_put lib/klist.c:212 [inline]
RIP: 0010:klist_del+0x49/0x110 lib/klist.c:230
Code: f5 4d 89 f5 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 f7 e8 f9 77 3d f6 49 8b 1e 48 83 e3 fe 48 8d 7b 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 db 77 3d f6 4c 8b 7b 58 48 89 df e8 2f 99
RSP: 0000:ffffc9000b91f828 EFLAGS: 00010202
RAX: 000000000000000b RBX: 0000000000000000 RCX: ffff88807e749e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058
RBP: ffffc9000b91f950 R08: ffffffff823dd8ba R09: 1ffff11005dda786
R10: dffffc0000000000 R11: ffffed1005dda787 R12: dffffc0000000000
R13: 1ffff1100b406f8c R14: ffff88805a037c60 R15: ffff88805dc14b88
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e57cfc57c CR3: 000000005ded8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
device_del+0x2c9/0x9b0 drivers/base/core.c:3838
unregister_netdevice_many_notify+0x1859/0x1da0 net/core/dev.c:11556
unregister_netdevice_many net/core/dev.c:11584 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11456
unregister_netdevice include/linux/netdevice.h:3192 [inline]
unregister_netdev+0x1c/0x30 net/core/dev.c:11602
bnep_session+0x2e3c/0x3030 net/bluetooth/bnep/core.c:525
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:klist_put lib/klist.c:212 [inline]
RIP: 0010:klist_del+0x49/0x110 lib/klist.c:230
Code: f5 4d 89 f5 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 f7 e8 f9 77 3d f6 49 8b 1e 48 83 e3 fe 48 8d 7b 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 db 77 3d f6 4c 8b 7b 58 48 89 df e8 2f 99
RSP: 0000:ffffc9000b91f828 EFLAGS: 00010202
RAX: 000000000000000b RBX: 0000000000000000 RCX: ffff88807e749e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058
RBP: ffffc9000b91f950 R08: ffffffff823dd8ba R09: 1ffff11005dda786
R10: dffffc0000000000 R11: ffffed1005dda787 R12: dffffc0000000000
R13: 1ffff1100b406f8c R14: ffff88805a037c60 R15: ffff88805dc14b88
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e57cfc57c CR3: 0000000033700000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: f5 cmc
1: 4d 89 f5 mov %r14,%r13
4: 49 c1 ed 03 shr $0x3,%r13
8: 43 80 7c 25 00 00 cmpb $0x0,0x0(%r13,%r12,1)
e: 74 08 je 0x18
10: 4c 89 f7 mov %r14,%rdi
13: e8 f9 77 3d f6 call 0xf63d7811
18: 49 8b 1e mov (%r14),%rbx
1b: 48 83 e3 fe and $0xfffffffffffffffe,%rbx
1f: 48 8d 7b 58 lea 0x58(%rbx),%rdi
23: 48 89 f8 mov %rdi,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction
2f: 74 05 je 0x36
31: e8 db 77 3d f6 call 0xf63d7811
36: 4c 8b 7b 58 mov 0x58(%rbx),%r15
3a: 48 89 df mov %rbx,%rdi
3d: e8 .byte 0xe8
3e: 2f (bad)
3f: 99 cltd
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: fcc79e1714e8 Merge tag 'net-next-6.13' of git://git.kernel..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=135bbb78580000
kernel config: https://syzkaller.appspot.com/x/.config?x=275de99a754927af
dashboard link: https://syzkaller.appspot.com/bug?extid=6df45dd3d03e1a9aca96
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1539da626e54/disk-fcc79e17.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d44dbcc68df2/vmlinux-fcc79e17.xz
kernel image: https://storage.googleapis.com/syzbot-assets/76fdad1309ae/bzImage-fcc79e17.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6df45d...@syzkaller.appspotmail.com
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 8179 Comm: kbnepd bnep0 Not tainted 6.12.0-syzkaller-05480-gfcc79e1714e8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:klist_put lib/klist.c:212 [inline]
RIP: 0010:klist_del+0x49/0x110 lib/klist.c:230
Code: f5 4d 89 f5 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 f7 e8 f9 77 3d f6 49 8b 1e 48 83 e3 fe 48 8d 7b 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 db 77 3d f6 4c 8b 7b 58 48 89 df e8 2f 99
RSP: 0000:ffffc9000b91f828 EFLAGS: 00010202
RAX: 000000000000000b RBX: 0000000000000000 RCX: ffff88807e749e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058
RBP: ffffc9000b91f950 R08: ffffffff823dd8ba R09: 1ffff11005dda786
R10: dffffc0000000000 R11: ffffed1005dda787 R12: dffffc0000000000
R13: 1ffff1100b406f8c R14: ffff88805a037c60 R15: ffff88805dc14b88
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e57cfc57c CR3: 000000005ded8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
device_del+0x2c9/0x9b0 drivers/base/core.c:3838
unregister_netdevice_many_notify+0x1859/0x1da0 net/core/dev.c:11556
unregister_netdevice_many net/core/dev.c:11584 [inline]
unregister_netdevice_queue+0x303/0x370 net/core/dev.c:11456
unregister_netdevice include/linux/netdevice.h:3192 [inline]
unregister_netdev+0x1c/0x30 net/core/dev.c:11602
bnep_session+0x2e3c/0x3030 net/bluetooth/bnep/core.c:525
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:klist_put lib/klist.c:212 [inline]
RIP: 0010:klist_del+0x49/0x110 lib/klist.c:230
Code: f5 4d 89 f5 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 f7 e8 f9 77 3d f6 49 8b 1e 48 83 e3 fe 48 8d 7b 58 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 05 e8 db 77 3d f6 4c 8b 7b 58 48 89 df e8 2f 99
RSP: 0000:ffffc9000b91f828 EFLAGS: 00010202
RAX: 000000000000000b RBX: 0000000000000000 RCX: ffff88807e749e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000058
RBP: ffffc9000b91f950 R08: ffffffff823dd8ba R09: 1ffff11005dda786
R10: dffffc0000000000 R11: ffffed1005dda787 R12: dffffc0000000000
R13: 1ffff1100b406f8c R14: ffff88805a037c60 R15: ffff88805dc14b88
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6e57cfc57c CR3: 0000000033700000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: f5 cmc
1: 4d 89 f5 mov %r14,%r13
4: 49 c1 ed 03 shr $0x3,%r13
8: 43 80 7c 25 00 00 cmpb $0x0,0x0(%r13,%r12,1)
e: 74 08 je 0x18
10: 4c 89 f7 mov %r14,%rdi
13: e8 f9 77 3d f6 call 0xf63d7811
18: 49 8b 1e mov (%r14),%rbx
1b: 48 83 e3 fe and $0xfffffffffffffffe,%rbx
1f: 48 8d 7b 58 lea 0x58(%rbx),%rdi
23: 48 89 f8 mov %rdi,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction
2f: 74 05 je 0x36
31: e8 db 77 3d f6 call 0xf63d7811
36: 4c 8b 7b 58 mov 0x58(%rbx),%r15
3a: 48 89 df mov %rbx,%rdi
3d: e8 .byte 0xe8
3e: 2f (bad)
3f: 99 cltd
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Dec 22, 2024, 5:32:29 PM12/22/24
to gre...@linuxfoundation.org, linux-...@vger.kernel.org, net...@vger.kernel.org, raf...@kernel.org, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: bcde95ce32b6 Merge tag 'devicetree-fixes-for-6.13-1' of gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12b0fcf8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f1586bab1323870
dashboard link: https://syzkaller.appspot.com/bug?extid=6df45dd3d03e1a9aca96
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b90adf980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-bcde95ce.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d1b2e8d294e3/vmlinux-bcde95ce.xz
kernel image: https://storage.googleapis.com/syzbot-assets/593ff4631acc/bzImage-bcde95ce.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6df45d...@syzkaller.appspotmail.com
Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] PREEMPT SMP KASAN NOPTI
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:klist_put+0x4d/0x1b0 lib/klist.c:212
Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 7c ce 0c
RSP: 0018:ffffc900047e79c0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888033468860 RCX: ffffffff8239c3fd
RDX: 000000000000000b RSI: ffffffff8b1f72c5 RDI: 0000000000000058
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000b92 R12: 0000000000000000
R13: 0000000000000001 R14: ffff88802426bb80 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
unregister_netdevice_many_notify+0x105d/0x1e60 net/core/dev.c:11562
unregister_netdevice_many net/core/dev.c:11590 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11462
unregister_netdevice include/linux/netdevice.h:3192 [inline]
unregister_netdev+0x1c/0x30 net/core/dev.c:11608
bnep_session+0x21b6/0x2ca0 net/bluetooth/bnep/core.c:525
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 7c ce 0c
RSP: 0018:ffffc900047e79c0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888033468860 RCX: ffffffff8239c3fd
RDX: 000000000000000b RSI: ffffffff8b1f72c5 RDI: 0000000000000058
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000b92 R12: 0000000000000000
R13: 0000000000000001 R14: ffff88802426bb80 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88806a700000(0000) knlGS:0000000000000000
3: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
7: 0f 85 5f 01 00 00 jne 0x16c
d: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
14: fc ff df
17: 4c 8b 23 mov (%rbx),%r12
1a: 49 83 e4 fe and $0xfffffffffffffffe,%r12
1e: 49 8d 7c 24 58 lea 0x58(%r12),%rdi
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 2e 01 00 00 jne 0x162
34: 4c 89 e7 mov %r12,%rdi
37: 4d 8b 74 24 58 mov 0x58(%r12),%r14
3c: e8 .byte 0xe8
3d: 7c ce jl 0xd
3f: 0c .byte 0xc
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: bcde95ce32b6 Merge tag 'devicetree-fixes-for-6.13-1' of gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12b0fcf8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f1586bab1323870
dashboard link: https://syzkaller.appspot.com/bug?extid=6df45dd3d03e1a9aca96
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b90adf980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-bcde95ce.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d1b2e8d294e3/vmlinux-bcde95ce.xz
kernel image: https://storage.googleapis.com/syzbot-assets/593ff4631acc/bzImage-bcde95ce.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+6df45d...@syzkaller.appspotmail.com
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 6160 Comm: kbnepd bnep0 Not tainted 6.13.0-rc3-syzkaller-00301-gbcde95ce32b6 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:klist_put+0x4d/0x1b0 lib/klist.c:212
Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 7c ce 0c
RSP: 0018:ffffc900047e79c0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888033468860 RCX: ffffffff8239c3fd
RDX: 000000000000000b RSI: ffffffff8b1f72c5 RDI: 0000000000000058
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000b92 R12: 0000000000000000
R13: 0000000000000001 R14: ffff88802426bb80 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffabd6b5108 CR3: 000000003551a000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
device_del+0x1d9/0x9f0 drivers/base/core.c:3831
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
unregister_netdevice_many_notify+0x105d/0x1e60 net/core/dev.c:11562
unregister_netdevice_many net/core/dev.c:11590 [inline]
unregister_netdevice_queue+0x307/0x3f0 net/core/dev.c:11462
unregister_netdevice include/linux/netdevice.h:3192 [inline]
unregister_netdev+0x1c/0x30 net/core/dev.c:11608
bnep_session+0x21b6/0x2ca0 net/bluetooth/bnep/core.c:525
kthread+0x2c1/0x3a0 kernel/kthread.c:389
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:klist_put+0x4d/0x1b0 lib/klist.c:212
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 7c ce 0c
RSP: 0018:ffffc900047e79c0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888033468860 RCX: ffffffff8239c3fd
RDX: 000000000000000b RSI: ffffffff8b1f72c5 RDI: 0000000000000058
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000b92 R12: 0000000000000000
R13: 0000000000000001 R14: ffff88802426bb80 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff88806a700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe5193ea718 CR3: 0000000024a3c000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: c1 ea 03 shr $0x3,%edx
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
3: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
7: 0f 85 5f 01 00 00 jne 0x16c
d: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
14: fc ff df
17: 4c 8b 23 mov (%rbx),%r12
1a: 49 83 e4 fe and $0xfffffffffffffffe,%r12
1e: 49 8d 7c 24 58 lea 0x58(%r12),%rdi
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 2e 01 00 00 jne 0x162
34: 4c 89 e7 mov %r12,%rdi
37: 4d 8b 74 24 58 mov 0x58(%r12),%r14
3c: e8 .byte 0xe8
3d: 7c ce jl 0xd
3f: 0c .byte 0xc
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages