[v5.15] Internal error in generic_ptrace_peekdata
2 views
Skip to first unread message
syzbot
Aug 20, 2025, 7:30:33 PM8/20/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c79648372d02 Linux 5.15.189
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16fb33bc580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9e47345638b85bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=13a6fe389e8e4c2a43a4
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ab49562317a/disk-c7964837.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e847ec1e38d3/vmlinux-c7964837.xz
kernel image: https://storage.googleapis.com/syzbot-assets/263158c6371c/Image-c7964837.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+13a6fe...@syzkaller.appspotmail.com
Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4199 Comm: syz.0.15 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc)
pc : generic_ptrace_peekdata+0x2c4/0x310 kernel/ptrace.c:-1
lr : sign_extend64 include/linux/bitops.h:183 [inline]
lr : __uaccess_mask_ptr arch/arm64/include/asm/uaccess.h:244 [inline]
lr : generic_ptrace_peekdata+0x2a4/0x310 kernel/ptrace.c:1347
sp : ffff80001f807960
x29: ffff80001f8079c0 x28: ffff80001f807a60 x27: ffff80001f807960
x26: 1ffff00003f00f2c x25: dfff800000000000 x24: 0000000000000001
x23: ffff0000d6e43680 x22: 0000008000000600 x21: ffff0000dcfd8000
x20: 0000000000000001 x19: 0000000080000006 x18: 0000000000000000
x17: 0000000000000002 x16: ffff8000081b3e14 x15: ffffffffffffffef
x14: 0000000000ff0100 x13: 1ffff0000282e06b x12: 0000000000080000
x11: 0000000000001f13 x10: 0000000080000006 x9 : 0000ffffffffffff
x8 : 000000000a202123 x7 : ffff800008750ed4 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : 0000000000000008 x1 : 0000000000000001 x0 : 00000000fffffff2
Call trace:
generic_ptrace_peekdata+0x2c4/0x310 kernel/ptrace.c:1347
ptrace_request+0x240/0x1d00 kernel/ptrace.c:1061
arch_ptrace+0x78/0x94 arch/arm64/kernel/ptrace.c:1794
__do_sys_ptrace kernel/ptrace.c:1328 [inline]
__se_sys_ptrace kernel/ptrace.c:1293 [inline]
__arm64_sys_ptrace+0x1d0/0x5a0 kernel/ptrace.c:1293
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: d503229f 2a1f03e0 f94013e8 f8000948 (17ffff90)
---[ end trace 1090c513883f7ee1 ]---
----------------
Code disassembly (best guess):
0: d503229f csdb
4: 2a1f03e0 mov w0, wzr
8: f94013e8 ldr x8, [sp, #32]
c: f8000948 sttr x8, [x10]
* 10: 17ffff90 b 0xfffffffffffffe50 <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c79648372d02 Linux 5.15.189
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=16fb33bc580000
kernel config: https://syzkaller.appspot.com/x/.config?x=9e47345638b85bd0
dashboard link: https://syzkaller.appspot.com/bug?extid=13a6fe389e8e4c2a43a4
compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/7ab49562317a/disk-c7964837.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e847ec1e38d3/vmlinux-c7964837.xz
kernel image: https://storage.googleapis.com/syzbot-assets/263158c6371c/Image-c7964837.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+13a6fe...@syzkaller.appspotmail.com
Internal error: Oops - BTI: 0000000036000001 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4199 Comm: syz.0.15 Not tainted 5.15.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025
pstate: 42400405 (nZcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=jc)
pc : generic_ptrace_peekdata+0x2c4/0x310 kernel/ptrace.c:-1
lr : sign_extend64 include/linux/bitops.h:183 [inline]
lr : __uaccess_mask_ptr arch/arm64/include/asm/uaccess.h:244 [inline]
lr : generic_ptrace_peekdata+0x2a4/0x310 kernel/ptrace.c:1347
sp : ffff80001f807960
x29: ffff80001f8079c0 x28: ffff80001f807a60 x27: ffff80001f807960
x26: 1ffff00003f00f2c x25: dfff800000000000 x24: 0000000000000001
x23: ffff0000d6e43680 x22: 0000008000000600 x21: ffff0000dcfd8000
x20: 0000000000000001 x19: 0000000080000006 x18: 0000000000000000
x17: 0000000000000002 x16: ffff8000081b3e14 x15: ffffffffffffffef
x14: 0000000000ff0100 x13: 1ffff0000282e06b x12: 0000000000080000
x11: 0000000000001f13 x10: 0000000080000006 x9 : 0000ffffffffffff
x8 : 000000000a202123 x7 : ffff800008750ed4 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000001
x2 : 0000000000000008 x1 : 0000000000000001 x0 : 00000000fffffff2
Call trace:
generic_ptrace_peekdata+0x2c4/0x310 kernel/ptrace.c:1347
ptrace_request+0x240/0x1d00 kernel/ptrace.c:1061
arch_ptrace+0x78/0x94 arch/arm64/kernel/ptrace.c:1794
__do_sys_ptrace kernel/ptrace.c:1328 [inline]
__se_sys_ptrace kernel/ptrace.c:1293 [inline]
__arm64_sys_ptrace+0x1d0/0x5a0 kernel/ptrace.c:1293
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x78/0x1e0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0xcc/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: d503229f 2a1f03e0 f94013e8 f8000948 (17ffff90)
---[ end trace 1090c513883f7ee1 ]---
----------------
Code disassembly (best guess):
0: d503229f csdb
4: 2a1f03e0 mov w0, wzr
8: f94013e8 ldr x8, [sp, #32]
c: f8000948 sttr x8, [x10]
* 10: 17ffff90 b 0xfffffffffffffe50 <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Nov 28, 2025, 6:30:26 PM11/28/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages