syzbot

 sign-in | mailing list | source | docs
🐞 Open [1177] Subsystems 🐞 Fixed [5341] 🐞 Invalid [12730] Missing Backports [97] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in srcu_invoke_callbacks

Status: upstream: reported on 2024/05/21 09:11
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+dfe85a6b612e19d45a07@syzkaller.appspotmail.com
First crash: 17d, last: 4h34m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] general protection fault in srcu_invoke_callbacks 0 (1) 2024/05/21 09:11
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 BUG: unable to handle kernel paging request in srcu_invoke_callbacks 1 1019d 1019d 0/2 auto-closed as invalid on 2021/12/17 00:29
upstream KASAN: use-after-free Read in srcu_invoke_callbacks block syz error 4 862d 874d 20/26 fixed on 2022/03/08 16:11
upstream BUG: unable to handle kernel paging request in srcu_invoke_callbacks kernel 1 1659d 1658d 0/26 auto-closed as invalid on 2020/02/16 10:36

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000030: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000180-0x0000000000000187]
CPU: 0 PID: 5182 Comm: kworker/0:8 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: rcu_gp srcu_invoke_callbacks
RIP: 0010:rcu_seq_current kernel/rcu/rcu.h:138 [inline]
RIP: 0010:srcu_invoke_callbacks+0x148/0x490 kernel/rcu/srcutree.c:1733
Code: 48 8b 5c 24 20 74 08 4c 89 f7 e8 63 b0 7f 00 48 8d 83 20 ff ff ff 48 89 44 24 30 bb 80 01 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 39 b0 7f 00 48 8b 33 4c 8b 74 24
RSP: 0018:ffffc90003dbfaa0 EFLAGS: 00010016
RAX: 0000000000000030 RBX: 0000000000000180 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffe8ffffc85318
RBP: ffffc90003dbfbb0 R08: 0000000000000003 R09: fffff520007b7f30
R10: dffffc0000000000 R11: fffff520007b7f30 R12: 1ffff920007b7f60
R13: dffffc0000000000 R14: ffff8880503842f8 R15: ffffe8ffffc85300
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000140 CR3: 0000000059786000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2e/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393
 kthread+0x2f2/0x390 kernel/kthread.c:389
 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rcu_seq_current kernel/rcu/rcu.h:138 [inline]
RIP: 0010:srcu_invoke_callbacks+0x148/0x490 kernel/rcu/srcutree.c:1733
Code: 48 8b 5c 24 20 74 08 4c 89 f7 e8 63 b0 7f 00 48 8d 83 20 ff ff ff 48 89 44 24 30 bb 80 01 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 39 b0 7f 00 48 8b 33 4c 8b 74 24
RSP: 0018:ffffc90003dbfaa0 EFLAGS: 00010016
RAX: 0000000000000030 RBX: 0000000000000180 RCX: 0000000000000001
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffffe8ffffc85318
RBP: ffffc90003dbfbb0 R08: 0000000000000003 R09: fffff520007b7f30
R10: dffffc0000000000 R11: fffff520007b7f30 R12: 1ffff920007b7f60
R13: dffffc0000000000 R14: ffff8880503842f8 R15: ffffe8ffffc85300
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000140 CR3: 0000000059786000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	48 8b 5c 24 20       	mov    0x20(%rsp),%rbx
   5:	74 08                	je     0xf
   7:	4c 89 f7             	mov    %r14,%rdi
   a:	e8 63 b0 7f 00       	call   0x7fb072
   f:	48 8d 83 20 ff ff ff 	lea    -0xe0(%rbx),%rax
  16:	48 89 44 24 30       	mov    %rax,0x30(%rsp)
  1b:	bb 80 01 00 00       	mov    $0x180,%ebx
  20:	49 03 1e             	add    (%r14),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 df             	mov    %rbx,%rdi
  34:	e8 39 b0 7f 00       	call   0x7fb072
  39:	48 8b 33             	mov    (%rbx),%rsi
  3c:	4c                   	rex.WR
  3d:	8b                   	.byte 0x8b
  3e:	74 24                	je     0x64

Crashes (20):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/31 15:05 upstream 4a4be1ad3a6e 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in srcu_invoke_callbacks
2024/05/23 15:21 upstream b6394d6f7159 4c2072ee .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in srcu_invoke_callbacks
2024/05/30 14:50 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in srcu_invoke_callbacks
2024/06/03 06:30 upstream c3f38fa61af7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/29 13:27 upstream e0cce98fe279 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/29 10:39 upstream e0cce98fe279 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/29 09:58 upstream e0cce98fe279 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/27 17:28 upstream 2bfcfd584ff5 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/23 21:18 upstream c760b3725e52 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/22 00:03 upstream 2a8120d7b482 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/21 18:51 upstream 8f6a15f095a6 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/21 10:55 upstream 8f6a15f095a6 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/20 11:21 upstream eb6a9339efeb c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/19 05:50 upstream 0cc6f45cecb4 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/18 21:59 upstream 0cc6f45cecb4 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/18 04:49 upstream ff2632d7d08e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/17 20:38 upstream ff2632d7d08e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/17 12:21 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/17 08:59 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in srcu_invoke_callbacks
2024/05/17 17:06 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in srcu_invoke_callbacks
* Struck through repros no longer work on HEAD.