[moderation] panic: runtime error: floating point error [recovered]
0 views
Skip to first unread message
syzbot
Mar 28, 2024, 10:20:32 AMMar 28
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 443574b03387 riscv, bpf: Fix kfunc parameters incompatibil..
git tree: bpf
console output: https://syzkaller.appspot.com/x/log.txt?x=16ce1451180000
kernel config: https://syzkaller.appspot.com/x/.config?x=6fb1be60a193d440
dashboard link: https://syzkaller.appspot.com/bug?extid=d6fd279e3da1de8260c8
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [net...@vger.kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3f355021a085/disk-443574b0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/44cf4de7472a/vmlinux-443574b0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a99a36c7ad65/bzImage-443574b0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d6fd27...@syzkaller.appspotmail.com
recvmsg$kcm(r3, &(0x7f0000004a40)={&(0x7f0000001540)=@hci, 0x80, &(0x7f00000039c0)=[{&(0x7f00000015c0)=""/158, 0x9e}, {&(0x7f0000001680)=""/211, 0xd3}, {&(0x7f0000001780)=""/45, 0x2d}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000002800)=""/208, 0xd0}, {&(0x7f0000002900)=""/4096, 0x1000}, {&(0x7f0000003900)=""/45, 0x2d}, {&(0x7f0000003940)=""/82, 0x52}], 0x8, &(0x7f0000003a40)=""/4096, 0x1000}, 0x2021)
panic: runtime error: floating point error [recovered]
panic: runtime error: floating point error
target: linux/amd64, rev: 454571b6a16598f5a6e015b9fb1a04932bce7ab9, mode=1, prog:
"r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)\nr1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x20}]}, &(0x7f0000000000)='GPL\\x00'}, 0x80)\nr2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)\nbpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)=\"9e36d45cb388dd965f4e8112779a\", 0x0, 0x38a, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)\nbpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], \"\"/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x9, &(0x7f0000000340)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0xb8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0xa2, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)\nbpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r2, 0x20, &(0x7f0000000880)={&(0x7f0000000680)=\"\"/242, 0xf2, <r5=>0x0, &(0x7f0000000780)=\"\"/231, 0xe7}}, 0x10)\nr6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\\x00', 0x26e1, 0x0)\nioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040))\nperf_event_open(&(0x7f0000001300)={0x2, 0x80, 0x7f, 0xf7, 0x80, 0x7f, 0x0, 0x0, 0x31807, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0xcd3, 0x1, @perf_bp={&(0x7f0000000ac0), 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0xffffff23, 0x0, 0x9}, 0x0, 0x9, r6, 0x1)\nr7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x9, 0x0, r1, 0x4, '\\x00', 0x0, r2, 0x3, 0x3}, 0x48)\nr8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)\nbpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)\nbpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f80)={0x11, 0x12, &(0x7f0000000d00)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_val={0x18, 0x6, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_fd={0x18, 0x9, 0x1, 0x0, r6}, @generic={0xff, 0x7, 0x0, 0x0, 0xa8}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xfffffffffffffffa}], &(0x7f00000001c0)='GPL\\x00', 0x4, 0x7d, &(0x7f0000000dc0)=\"\"/125, 0x41100, 0x42, '\\x00', r3, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000e40)={0x3, 0x2, 0x9, 0x2}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000e80)=[0xffffffffffffffff, r8, r7], &(0x7f0000000ec0)=[{0x0, 0x5, 0x4, 0x8}, {0x5, 0x1, 0xb}, {0x5, 0x2, 0xd, 0xb}, {0x0, 0x5, 0xa, 0xb}, {0x3, 0x1, 0x0, 0xc}, {0x3, 0x1, 0x8, 0x1}, {0x1, 0x1, 0x6, 0x5}, {0x1, 0x5, 0xe, 0xc}, {0x2, 0x3, 0x0, 0xb}], 0x10, 0x8001}, 0x90)\nperf_event_open$cgroup(&(0x7f0000001380)={0x0, 0x80, 0x6, 0x7, 0x1f, 0x1, 0x0, 0x20, 0x80, 0x9, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f00000012c0), 0x8}, 0x1626, 0x9, 0x4, 0x8, 0x3, 0x2, 0x401, 0x0, 0x3e64, 0x0, 0xa3}, r6, 0x8, r6, 0x5)\nr9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\\x00', 0x275a, 0x0)\nioctl$SIOCSIFHWADDR(r9, 0x40305839, &(0x7f0000000540)={'\\x00', @link_local={0x1, 0x4, 0xc2, 0x5}})\nr10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000010c0)={0x1b, 0x0, 0x0, 0xe482, 0x0, r7, 0x10000, '\\x00', r3, r2, 0x5, 0x0, 0x2}, 0x48)\nbpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1c, 0x6, &(0x7f0000000940)=@raw=[@alu={0x7, 0x1, 0x2, 0xa, 0x2, 0x100, 0xfffffffffffffff0}, @generic={0xeb, 0x4, 0x2, 0x3765, 0x9a}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x2}], &(0x7f0000000980)='GPL\\x00', 0x4, 0x0, 0x0, 0x40f00, 0x51, '\\x00', r3, 0x34, r0, 0x8, &(0x7f0000001040)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001080)={0x3, 0xf, 0x5}, 0x10, r4, r0, 0x8, &(0x7f0000001140)=[r9, r10, r6, r6, r7, r7, r8], &(0x7f0000001180)=[{0x2, 0x1, 0x0, 0x3}, {0x1, 0x1, 0x1, 0x9}, {0x0, 0x1, 0x1, 0x6}, {0x5, 0x1, 0x4}, {0x2, 0x1, 0xd, 0x5}, {0x2, 0x1, 0xe}, {0x1, 0x4, 0x1, 0x5}, {0x2, 0x5, 0x0, 0x2}], 0x10, 0x8}, 0x90)\nbpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x2, 0x6, &(0x7f0000000900)=ANY=[@ANYBLOB=\"186500000a000000000000000600000055620600000000004524698f01000000186900000a00000000000019090000000fefe99ec6717329bb72\"], &(0x7f0000000100)='syzkaller\\x00', 0x5, 0x2e, &(0x7f0000000140)=\"\"/46, 0x40f00, 0x1, '\\x00', r3, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000640)={0x3, 0x0, 0x8, 0x202e5aba}, 0x10, r5, r1, 0xa, &(0x7f0000000a40)=[r6, 0xffffffffffffffff, r7], &(0x7f0000000a80)=[{0x4, 0x5, 0x4, 0x5}, {0x0, 0x2, 0xc, 0xd}, {0x1, 0x2, 0x1, 0x6}, {0x2, 0x1, 0x4, 0xc}, {0x3, 0x4, 0xb, 0x2}, {0x3, 0x4, 0x8, 0x5}, {0x3, 0x2, 0x8, 0x7}, {0x5, 0x4, 0x0, 0x2}, {0x1, 0x4, 0x2, 0xb}, {0x4, 0x3, 0x5, 0x3}], 0x10, 0xff}, 0x90)\nbpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000c00)=ANY=[@ANYBLOB=\"620ac4ff0000000071104100000000009500000000000000f5540029696b6bea870323b46267e4940dcfc7bb2a01cb2ecb1f87728bb1f2df37e69d06197b94977ba408ce883540e537f7796023ab4ca939ed676ab1702fd5395fe80b3ab023056155eb3578d73e3bcadc5027f31b7cede4da3674f06f2ba43b598fd007f755884c77213ff5602dc9c046b3401be12046383e30b4cabec4dd3c7d9177e86e9e9767da1c25e45dae43b2b54dd06aeddb9daf0b41a6af87c1de0caef016c76a98d21b151736bc27d13f4a9777221515ec5abcbd\"], &(0x7f0000000080)='GPL\\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\\x00', r3, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x90)\n"
[signal SIGFPE: floating-point exception code=0x80 addr=0x0 pc=0x411599]
goroutine 32 [running]:
github.com/google/syzkaller/prog.(*Target).Deserialize.func1()
/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:245 +0x174
panic({0xaae480?, 0x13d2e80?})
/usr/local/go/src/runtime/panic.go:914 +0x21f
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe509e0, 0xc00154b400}, {0xe579d8?, 0x186f260}, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:124 +0x325
github.com/google/syzkaller/prog.(*GroupArg).validate(0xc0002df740, 0xc00009f1d0?, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:228 +0x40c
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50ae0, 0xc0002df740}, {0xe575f0?, 0x15fc500}, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*PointerArg).validate(0xc001b6f110, 0xc000def0e0, 0xa0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:269 +0x15b
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50a20, 0xc001b6f110}, {0xe57140?, 0x14bbb40}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*GroupArg).validate(0xc0002df760, 0xc00009f1d0?, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:228 +0x40c
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50ae0, 0xc0002df760}, {0xe575f0?, 0x15f9ce0}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*PointerArg).validate(0xc001b6f140, 0xc000def0e0, 0xe0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:269 +0x15b
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50a20, 0xc001b6f140}, {0xe57140?, 0x149c440}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*validCtx).validateCall(0xc000def0e0, 0xc001503540)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:74 +0x15f
github.com/google/syzkaller/prog.(*Prog).validateWithOpts(0xc0001c6680, {0x0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:50 +0x106
github.com/google/syzkaller/prog.(*Target).Deserialize(0xc000438780, {0xc001185800, 0x174b, 0x174b}, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:260 +0x16a
main.(*FuzzerTool).deserializeInput(0xc0004360f0?, {0xc001185800, 0x174b, 0x174b})
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:411 +0x38
main.(*FuzzerTool).exchangeDataCall(0xc0004360f0, 0x1, {0xc000c61f78, 0x1, 0xae8300?})
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:353 +0x625
main.(*FuzzerTool).exchangeDataWorker(0xc0004360f0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:380 +0x79
created by main.main in goroutine 1
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:272 +0x143c
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 443574b03387 riscv, bpf: Fix kfunc parameters incompatibil..
git tree: bpf
console output: https://syzkaller.appspot.com/x/log.txt?x=16ce1451180000
kernel config: https://syzkaller.appspot.com/x/.config?x=6fb1be60a193d440
dashboard link: https://syzkaller.appspot.com/bug?extid=d6fd279e3da1de8260c8
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [net...@vger.kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3f355021a085/disk-443574b0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/44cf4de7472a/vmlinux-443574b0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a99a36c7ad65/bzImage-443574b0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d6fd27...@syzkaller.appspotmail.com
recvmsg$kcm(r3, &(0x7f0000004a40)={&(0x7f0000001540)=@hci, 0x80, &(0x7f00000039c0)=[{&(0x7f00000015c0)=""/158, 0x9e}, {&(0x7f0000001680)=""/211, 0xd3}, {&(0x7f0000001780)=""/45, 0x2d}, {&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000002800)=""/208, 0xd0}, {&(0x7f0000002900)=""/4096, 0x1000}, {&(0x7f0000003900)=""/45, 0x2d}, {&(0x7f0000003940)=""/82, 0x52}], 0x8, &(0x7f0000003a40)=""/4096, 0x1000}, 0x2021)
panic: runtime error: floating point error [recovered]
panic: runtime error: floating point error
target: linux/amd64, rev: 454571b6a16598f5a6e015b9fb1a04932bce7ab9, mode=1, prog:
"r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)\nr1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x20}]}, &(0x7f0000000000)='GPL\\x00'}, 0x80)\nr2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)\nbpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000200)=\"9e36d45cb388dd965f4e8112779a\", 0x0, 0x38a, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50)\nbpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r1, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], \"\"/16, <r3=>0x0, 0x0, 0x0, 0x0, 0x3, 0x9, &(0x7f0000000340)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0, 0xb8, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0xa2, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)\nbpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r2, 0x20, &(0x7f0000000880)={&(0x7f0000000680)=\"\"/242, 0xf2, <r5=>0x0, &(0x7f0000000780)=\"\"/231, 0xe7}}, 0x10)\nr6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\\x00', 0x26e1, 0x0)\nioctl$PERF_EVENT_IOC_PERIOD(r6, 0x4030582a, &(0x7f0000000040))\nperf_event_open(&(0x7f0000001300)={0x2, 0x80, 0x7f, 0xf7, 0x80, 0x7f, 0x0, 0x0, 0x31807, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0xcd3, 0x1, @perf_bp={&(0x7f0000000ac0), 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0xffffff23, 0x0, 0x9}, 0x0, 0x9, r6, 0x1)\nr7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x9, 0x0, r1, 0x4, '\\x00', 0x0, r2, 0x3, 0x3}, 0x48)\nr8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48)\nbpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)\nbpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000f80)={0x11, 0x12, &(0x7f0000000d00)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_val={0x18, 0x6, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @map_fd={0x18, 0x9, 0x1, 0x0, r6}, @generic={0xff, 0x7, 0x0, 0x0, 0xa8}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xfffffffffffffffa}], &(0x7f00000001c0)='GPL\\x00', 0x4, 0x7d, &(0x7f0000000dc0)=\"\"/125, 0x41100, 0x42, '\\x00', r3, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000e40)={0x3, 0x2, 0x9, 0x2}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000e80)=[0xffffffffffffffff, r8, r7], &(0x7f0000000ec0)=[{0x0, 0x5, 0x4, 0x8}, {0x5, 0x1, 0xb}, {0x5, 0x2, 0xd, 0xb}, {0x0, 0x5, 0xa, 0xb}, {0x3, 0x1, 0x0, 0xc}, {0x3, 0x1, 0x8, 0x1}, {0x1, 0x1, 0x6, 0x5}, {0x1, 0x5, 0xe, 0xc}, {0x2, 0x3, 0x0, 0xb}], 0x10, 0x8001}, 0x90)\nperf_event_open$cgroup(&(0x7f0000001380)={0x0, 0x80, 0x6, 0x7, 0x1f, 0x1, 0x0, 0x20, 0x80, 0x9, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f00000012c0), 0x8}, 0x1626, 0x9, 0x4, 0x8, 0x3, 0x2, 0x401, 0x0, 0x3e64, 0x0, 0xa3}, r6, 0x8, r6, 0x5)\nr9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\\x00', 0x275a, 0x0)\nioctl$SIOCSIFHWADDR(r9, 0x40305839, &(0x7f0000000540)={'\\x00', @link_local={0x1, 0x4, 0xc2, 0x5}})\nr10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000010c0)={0x1b, 0x0, 0x0, 0xe482, 0x0, r7, 0x10000, '\\x00', r3, r2, 0x5, 0x0, 0x2}, 0x48)\nbpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1c, 0x6, &(0x7f0000000940)=@raw=[@alu={0x7, 0x1, 0x2, 0xa, 0x2, 0x100, 0xfffffffffffffff0}, @generic={0xeb, 0x4, 0x2, 0x3765, 0x9a}, @btf_id={0x18, 0x0, 0x3, 0x0, 0x5}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x2}], &(0x7f0000000980)='GPL\\x00', 0x4, 0x0, 0x0, 0x40f00, 0x51, '\\x00', r3, 0x34, r0, 0x8, &(0x7f0000001040)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001080)={0x3, 0xf, 0x5}, 0x10, r4, r0, 0x8, &(0x7f0000001140)=[r9, r10, r6, r6, r7, r7, r8], &(0x7f0000001180)=[{0x2, 0x1, 0x0, 0x3}, {0x1, 0x1, 0x1, 0x9}, {0x0, 0x1, 0x1, 0x6}, {0x5, 0x1, 0x4}, {0x2, 0x1, 0xd, 0x5}, {0x2, 0x1, 0xe}, {0x1, 0x4, 0x1, 0x5}, {0x2, 0x5, 0x0, 0x2}], 0x10, 0x8}, 0x90)\nbpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x2, 0x6, &(0x7f0000000900)=ANY=[@ANYBLOB=\"186500000a000000000000000600000055620600000000004524698f01000000186900000a00000000000019090000000fefe99ec6717329bb72\"], &(0x7f0000000100)='syzkaller\\x00', 0x5, 0x2e, &(0x7f0000000140)=\"\"/46, 0x40f00, 0x1, '\\x00', r3, 0x11, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x1, 0x3}, 0x8, 0x10, &(0x7f0000000640)={0x3, 0x0, 0x8, 0x202e5aba}, 0x10, r5, r1, 0xa, &(0x7f0000000a40)=[r6, 0xffffffffffffffff, r7], &(0x7f0000000a80)=[{0x4, 0x5, 0x4, 0x5}, {0x0, 0x2, 0xc, 0xd}, {0x1, 0x2, 0x1, 0x6}, {0x2, 0x1, 0x4, 0xc}, {0x3, 0x4, 0xb, 0x2}, {0x3, 0x4, 0x8, 0x5}, {0x3, 0x2, 0x8, 0x7}, {0x5, 0x4, 0x0, 0x2}, {0x1, 0x4, 0x2, 0xb}, {0x4, 0x3, 0x5, 0x3}], 0x10, 0xff}, 0x90)\nbpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000c00)=ANY=[@ANYBLOB=\"620ac4ff0000000071104100000000009500000000000000f5540029696b6bea870323b46267e4940dcfc7bb2a01cb2ecb1f87728bb1f2df37e69d06197b94977ba408ce883540e537f7796023ab4ca939ed676ab1702fd5395fe80b3ab023056155eb3578d73e3bcadc5027f31b7cede4da3674f06f2ba43b598fd007f755884c77213ff5602dc9c046b3401be12046383e30b4cabec4dd3c7d9177e86e9e9767da1c25e45dae43b2b54dd06aeddb9daf0b41a6af87c1de0caef016c76a98d21b151736bc27d13f4a9777221515ec5abcbd\"], &(0x7f0000000080)='GPL\\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\\x00', r3, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x90)\n"
[signal SIGFPE: floating-point exception code=0x80 addr=0x0 pc=0x411599]
goroutine 32 [running]:
github.com/google/syzkaller/prog.(*Target).Deserialize.func1()
/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:245 +0x174
panic({0xaae480?, 0x13d2e80?})
/usr/local/go/src/runtime/panic.go:914 +0x21f
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe509e0, 0xc00154b400}, {0xe579d8?, 0x186f260}, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:124 +0x325
github.com/google/syzkaller/prog.(*GroupArg).validate(0xc0002df740, 0xc00009f1d0?, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:228 +0x40c
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50ae0, 0xc0002df740}, {0xe575f0?, 0x15fc500}, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*PointerArg).validate(0xc001b6f110, 0xc000def0e0, 0xa0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:269 +0x15b
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50a20, 0xc001b6f110}, {0xe57140?, 0x14bbb40}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*GroupArg).validate(0xc0002df760, 0xc00009f1d0?, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:228 +0x40c
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50ae0, 0xc0002df760}, {0xe575f0?, 0x15f9ce0}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*PointerArg).validate(0xc001b6f140, 0xc000def0e0, 0xe0?)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:269 +0x15b
github.com/google/syzkaller/prog.(*validCtx).validateArg(0xc000def0e0, {0xe50a20, 0xc001b6f140}, {0xe57140?, 0x149c440}, 0x0)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:125 +0x34b
github.com/google/syzkaller/prog.(*validCtx).validateCall(0xc000def0e0, 0xc001503540)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:74 +0x15f
github.com/google/syzkaller/prog.(*Prog).validateWithOpts(0xc0001c6680, {0x0?})
/syzkaller/gopath/src/github.com/google/syzkaller/prog/validation.go:50 +0x106
github.com/google/syzkaller/prog.(*Target).Deserialize(0xc000438780, {0xc001185800, 0x174b, 0x174b}, 0x1)
/syzkaller/gopath/src/github.com/google/syzkaller/prog/encoding.go:260 +0x16a
main.(*FuzzerTool).deserializeInput(0xc0004360f0?, {0xc001185800, 0x174b, 0x174b})
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:411 +0x38
main.(*FuzzerTool).exchangeDataCall(0xc0004360f0, 0x1, {0xc000c61f78, 0x1, 0xae8300?})
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:353 +0x625
main.(*FuzzerTool).exchangeDataWorker(0xc0004360f0)
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:380 +0x79
created by main.main in goroutine 1
/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:272 +0x143c
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages