[v6.1] KASAN: slab-out-of-bounds Read in read_descriptors
11 views
Skip to first unread message
syzbot
Jun 17, 2023, 3:47:48 AM6/17/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: ca87e77a2ef8 Linux 6.1.34
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104f0717280000
kernel config: https://syzkaller.appspot.com/x/.config?x=143044f84cdceac2
dashboard link: https://syzkaller.appspot.com/bug?extid=cb9a66e7d40d1bd13b25
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10dedf9b280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=169524d3280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1141c37ce351/disk-ca87e77a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/de1fca0d0bb4/vmlinux-ca87e77a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c3417b70e0bf/Image-ca87e77a.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb9a66...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in read_descriptors+0x23c/0x290 drivers/usb/core/sysfs.c:883
Read of size 2 at addr ffff0000d8e96aaa by task udevd/4228
CPU: 1 PID: 4228 Comm: udevd Not tainted 6.1.34-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x174/0x4c0 mm/kasan/report.c:395
kasan_report+0xd4/0x130 mm/kasan/report.c:495
__asan_report_load2_noabort+0x2c/0x38 mm/kasan/report_generic.c:349
read_descriptors+0x23c/0x290 drivers/usb/core/sysfs.c:883
sysfs_kf_bin_read+0x19c/0x1d4 fs/sysfs/file.c:97
kernfs_file_read_iter fs/kernfs/file.c:247 [inline]
kernfs_fop_read_iter+0x3ac/0x5c8 fs/kernfs/file.c:276
call_read_iter include/linux/fs.h:2199 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x5bc/0x8ac fs/read_write.c:470
ksys_read+0x15c/0x26c fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__arm64_sys_read+0x7c/0x90 fs/read_write.c:621
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Allocated by task 4226:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
____kasan_kmalloc mm/kasan/common.c:374 [inline]
__kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:383
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:955 [inline]
__kmalloc+0xd8/0x1c4 mm/slab_common.c:968
kmalloc include/linux/slab.h:558 [inline]
kzalloc include/linux/slab.h:689 [inline]
usb_get_configuration+0xd8/0x4048 drivers/usb/core/config.c:882
usb_enumerate_device drivers/usb/core/hub.c:2407 [inline]
usb_new_device+0x134/0x142c drivers/usb/core/hub.c:2545
hub_port_connect drivers/usb/core/hub.c:5355 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5499 [inline]
port_event drivers/usb/core/hub.c:5655 [inline]
hub_event+0x23dc/0x44a0 drivers/usb/core/hub.c:5737
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
The buggy address belongs to the object at ffff0000d8e96800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 682 bytes inside of
1024-byte region [ffff0000d8e96800, ffff0000d8e96c00)
The buggy address belongs to the physical page:
page:000000003eb4bdce refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118e90
head:000000003eb4bdce order:3 compound_mapcount:0 compound_pincount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000d8e96980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0000d8e96a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000d8e96a80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
^
ffff0000d8e96b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0000d8e96b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: ca87e77a2ef8 Linux 6.1.34
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104f0717280000
kernel config: https://syzkaller.appspot.com/x/.config?x=143044f84cdceac2
dashboard link: https://syzkaller.appspot.com/bug?extid=cb9a66e7d40d1bd13b25
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10dedf9b280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=169524d3280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1141c37ce351/disk-ca87e77a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/de1fca0d0bb4/vmlinux-ca87e77a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c3417b70e0bf/Image-ca87e77a.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cb9a66...@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: slab-out-of-bounds in read_descriptors+0x23c/0x290 drivers/usb/core/sysfs.c:883
Read of size 2 at addr ffff0000d8e96aaa by task udevd/4228
CPU: 1 PID: 4228 Comm: udevd Not tainted 6.1.34-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:284 [inline]
print_report+0x174/0x4c0 mm/kasan/report.c:395
kasan_report+0xd4/0x130 mm/kasan/report.c:495
__asan_report_load2_noabort+0x2c/0x38 mm/kasan/report_generic.c:349
read_descriptors+0x23c/0x290 drivers/usb/core/sysfs.c:883
sysfs_kf_bin_read+0x19c/0x1d4 fs/sysfs/file.c:97
kernfs_file_read_iter fs/kernfs/file.c:247 [inline]
kernfs_fop_read_iter+0x3ac/0x5c8 fs/kernfs/file.c:276
call_read_iter include/linux/fs.h:2199 [inline]
new_sync_read fs/read_write.c:389 [inline]
vfs_read+0x5bc/0x8ac fs/read_write.c:470
ksys_read+0x15c/0x26c fs/read_write.c:613
__do_sys_read fs/read_write.c:623 [inline]
__se_sys_read fs/read_write.c:621 [inline]
__arm64_sys_read+0x7c/0x90 fs/read_write.c:621
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
Allocated by task 4226:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4c/0x80 mm/kasan/common.c:52
kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
____kasan_kmalloc mm/kasan/common.c:374 [inline]
__kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:383
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:955 [inline]
__kmalloc+0xd8/0x1c4 mm/slab_common.c:968
kmalloc include/linux/slab.h:558 [inline]
kzalloc include/linux/slab.h:689 [inline]
usb_get_configuration+0xd8/0x4048 drivers/usb/core/config.c:882
usb_enumerate_device drivers/usb/core/hub.c:2407 [inline]
usb_new_device+0x134/0x142c drivers/usb/core/hub.c:2545
hub_port_connect drivers/usb/core/hub.c:5355 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5499 [inline]
port_event drivers/usb/core/hub.c:5655 [inline]
hub_event+0x23dc/0x44a0 drivers/usb/core/hub.c:5737
process_one_work+0x7ac/0x1404 kernel/workqueue.c:2289
worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
The buggy address belongs to the object at ffff0000d8e96800
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 682 bytes inside of
1024-byte region [ffff0000d8e96800, ffff0000d8e96c00)
The buggy address belongs to the physical page:
page:000000003eb4bdce refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118e90
head:000000003eb4bdce order:3 compound_mapcount:0 compound_pincount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000d8e96980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff0000d8e96a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000d8e96a80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
^
ffff0000d8e96b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0000d8e96b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 17, 2023, 4:07:16 AM6/17/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 471e639e59d1 Linux 5.15.117
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17599287280000
kernel config: https://syzkaller.appspot.com/x/.config?x=eeb4064efec7aa39
dashboard link: https://syzkaller.appspot.com/bug?extid=fe3822f23612dee891a2
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15b0bcd3280000
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=145f383d280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2e7359ecba67/disk-471e639e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ef6d17e44bc3/vmlinux-471e639e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/99b68dbd7e00/Image-471e639e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
==================================================================
BUG: KASAN: slab-out-of-bounds in read_descriptors+0x23c/0x290 drivers/usb/core/sysfs.c:883
CPU: 1 PID: 3963 Comm: udevd Not tainted 5.15.117-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
Call trace:
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
print_address_description+0x7c/0x3f0 mm/kasan/report.c:248
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
__kasan_report mm/kasan/report.c:434 [inline]
kasan_report+0x174/0x1e4 mm/kasan/report.c:451
__asan_report_load2_noabort+0x44/0x50 mm/kasan/report_generic.c:307
read_descriptors+0x23c/0x290 drivers/usb/core/sysfs.c:883
sysfs_kf_bin_read+0x19c/0x1d4 fs/sysfs/file.c:100
kernfs_file_read_iter fs/kernfs/file.c:213 [inline]
kernfs_fop_read_iter+0x32c/0x50c fs/kernfs/file.c:242
call_read_iter include/linux/fs.h:2097 [inline]
new_sync_read fs/read_write.c:404 [inline]
vfs_read+0x86c/0xb10 fs/read_write.c:485
ksys_read+0x15c/0x26c fs/read_write.c:623
__do_sys_read fs/read_write.c:633 [inline]
__se_sys_read fs/read_write.c:631 [inline]
__arm64_sys_read+0x7c/0x90 fs/read_write.c:631
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Allocated by task 1528:
kasan_save_stack mm/kasan/common.c:38 [inline]
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:434 [inline]
____kasan_kmalloc+0xbc/0xfc mm/kasan/common.c:513
__kasan_kmalloc+0x10/0x1c mm/kasan/common.c:522
kasan_kmalloc include/linux/kasan.h:264 [inline]
__kmalloc+0x29c/0x4c8 mm/slub.c:4407
kmalloc include/linux/slab.h:596 [inline]
kzalloc include/linux/slab.h:721 [inline]
usb_get_configuration+0xd8/0x4048 drivers/usb/core/config.c:882
usb_enumerate_device drivers/usb/core/hub.c:2400 [inline]
usb_new_device+0x12c/0x1448 drivers/usb/core/hub.c:2538
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5648 [inline]
hub_event+0x22e4/0x48c4 drivers/usb/core/hub.c:5730
process_one_work+0x790/0x11b8 kernel/workqueue.c:2307
worker_thread+0x910/0x1034 kernel/workqueue.c:2454
kthread+0x37c/0x45c kernel/kthread.c:319
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
The buggy address belongs to the object at ffff0000ca3ab000
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 682 bytes inside of
1024-byte region [ffff0000ca3ab000, ffff0000ca3ab400)
The buggy address is located 682 bytes inside of
The buggy address belongs to the page:
page:00000000e42d6beb refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a3a8
head:00000000e42d6beb order:3 compound_mapcount:0 compound_pincount:0
flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000ca3ab180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002780
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff0000ca3ab200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff0000ca3ab280: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
^
ffff0000ca3ab300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff0000ca3ab380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010f9c4000
[0000000000000000] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3963 Comm: udevd Tainted: G B 5.15.117-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __memcpy+0x110/0x260 arch/arm64/lib/memcpy.S:158
lr : memcpy+0xc8/0xe8 mm/kasan/shadow.c:69
sp : ffff800018e27900
x29: ffff800018e27900 x28: dfff800000000000 x27: 0000000000000fdc
x26: 0000000000000020 x25: ffff0000d8e59610 x24: 000000000000525a
x23: ffff800016ee1000 x22: ffff80000d7216a4 x21: ffff0000ca1ce024
x20: 0000000000000000 x19: 0000000000000fdc x18: 1fffe0003690338e
x17: 1fffe0003690338e x16: ffff800011952524 x15: ffff80001498f100
x14: ffff0000ca1ce024 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: ffff600019439e00 x9 : 0000000000000000
x8 : 0000000000000001 x7 : 0000000000000000 x6 : ffff800008268c6c
x5 : ffff0000ca1cf000 x4 : 0000000000000fdc x3 : ffff80000d7216a4
x2 : 0000000000000fdc x1 : 0000000000000000 x0 : ffff0000ca1ce024
Call trace:
__memcpy+0x110/0x260 arch/arm64/lib/memcpy.S:154
read_descriptors+0x1bc/0x290 drivers/usb/core/sysfs.c:888
sysfs_kf_bin_read+0x19c/0x1d4 fs/sysfs/file.c:100
kernfs_file_read_iter fs/kernfs/file.c:213 [inline]
kernfs_fop_read_iter+0x32c/0x50c fs/kernfs/file.c:242
call_read_iter include/linux/fs.h:2097 [inline]
new_sync_read fs/read_write.c:404 [inline]
vfs_read+0x86c/0xb10 fs/read_write.c:485
ksys_read+0x15c/0x26c fs/read_write.c:623
__do_sys_read fs/read_write.c:633 [inline]
__se_sys_read fs/read_write.c:631 [inline]
__arm64_sys_read+0x7c/0x90 fs/read_write.c:631
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: cb01000e b4fffc2e eb0201df 540004a3 (a940342c)
---[ end trace b85945dc2a7bcdb7 ]---
----------------
Code disassembly (best guess):
0: cb01000e sub x14, x0, x1
4: b4fffc2e cbz x14, 0xffffffffffffff88
8: eb0201df cmp x14, x2
c: 540004a3 b.cc 0xa0 // b.lo, b.ul, b.last
* 10: a940342c ldp x12, x13, [x1] <-- trapping instruction
syzbot
Nov 8, 2023, 5:43:17 AM11/8/23
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
No recent activity, existing reproducers are no longer triggering the issue.
No recent activity, existing reproducers are no longer triggering the issue.
Reply all
Reply to author
Forward
0 new messages