syzbot

 sign-in | mailing list | source | docs
🐞 Open [1269] Subsystems 🐞 Fixed [5427] 🐞 Invalid [12860] Missing Backports [106] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

BUG: unable to handle kernel paging request in put_files_struct

Status: moderation: reported on 2024/05/29 03:37
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+72b989111b71a2d809b5@syzkaller.appspotmail.com
First crash: 31d, last: 31d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 KASAN: use-after-free Write in put_files_struct 1 898d 898d 0/1 auto-closed as invalid on 2022/05/10 01:51
linux-4.19 general protection fault in put_files_struct 1 1189d 1189d 0/1 auto-closed as invalid on 2021/07/22 09:06

Sample crash report:
Unable to handle kernel paging request at virtual address 0070000005511a80
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[0070000005511a80] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 30081 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-12220-g02c438bbfffe #0
Hardware name: linux,dummy-virt (DT)
pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : close_files fs/file.c:432 [inline]
pc : put_files_struct+0x8c/0x134 fs/file.c:452
lr : exit_files+0x40/0x54 fs/file.c:469
sp : ffff800083d8bb30
x29: ffff800083d8bb30 x28: 0000000000000001 x27: f5f00000048787e8
x26: 0000000000000000 x25: 0000000000000001 x24: f2f00000041fcdc0
x23: 0000000000000000 x22: f2f000000d6f1c80 x21: 0000000000000000
x20: f2f00000041fcdc0 x19: f5f0000004878000 x18: ffff800083d8baa8
x17: 0000000000000000 x16: 0000000000000000 x15: 0000fffffacdda78
x14: 00000000000002c5 x13: 0000000000000000 x12: ffff8000825e0028
x11: 0010000000000000 x10: ffffc1ffc0000000 x9 : 0000000000000004
x8 : 0000000000000078 x7 : f2f0000003fbebbc x6 : 0000000000000003
x5 : f5f0000004878000 x4 : fff000007f8f1fb0 x3 : 000000000005ad91
x2 : 0000000000000000 x1 : f170000005511a80 x0 : 0000000000000180
Call trace:
 close_files fs/file.c:432 [inline]
 put_files_struct+0x8c/0x134 fs/file.c:452
 exit_files+0x40/0x54 fs/file.c:469
 do_exit+0x710/0x98c kernel/exit.c:869
 do_group_exit+0x34/0x90 kernel/exit.c:1023
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:2909
 do_signal+0xf0/0x1450 arch/arm64/kernel/signal.c:1308
 do_notify_resume+0xd8/0x164 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc8/0xf8 arch/arm64/kernel/entry-common.c:713
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
Code: d503201f f9400ec1 2a1903e2 11000739 (f8625833) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	d503201f 	nop
   4:	f9400ec1 	ldr	x1, [x22, #24]
   8:	2a1903e2 	mov	w2, w25
   c:	11000739 	add	w25, w25, #0x1
* 10:	f8625833 	ldr	x19, [x1, w2, uxtw #3] <-- trapping instruction

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/25 03:25 upstream 02c438bbfffe a10a183e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte BUG: unable to handle kernel paging request in put_files_struct
* Struck through repros no longer work on HEAD.