syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [1164] 🐞 Fixed [4299] 🐞 Invalid [9645] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes |
BUG: unable to handle page fault for address: fffffbfff34f1c2f #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 23ffe5067 P4D 23ffe5067 PUD 23ffe4067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 26284 Comm: syz-executor.2 Not tainted 5.15.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xdb/0x180 mm/kasan/generic.c:189 Code: 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 <80> 38 00 74 f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c RSP: 0018:ffffc9000f22f5f8 EFLAGS: 00010096 RAX: fffffbfff34f1c2f RBX: fffffbfff34f1c30 RCX: ffffffff815b0e9a RDX: fffffbfff34f1c30 RSI: 0000000000000008 RDI: ffffffff9a78e178 RBP: fffffbfff34f1c2f R08: 0000000000000000 R09: ffffffff9a78e17f R10: fffffbfff34f1c2f R11: 0000000000000016 R12: ffff88803ed80ac0 R13: ffff88803ed80000 R14: ffff88803ed809f8 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff34f1c2f CR3: 000000002487b000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] __lock_acquire+0x101a/0x54a0 kernel/locking/lockdep.c:4985 lock_acquire kernel/locking/lockdep.c:5625 [inline] lock_acquire+0x1ab/0x510 kernel/locking/lockdep.c:5590 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:368 [inline] lock_sock_nested+0x40/0x120 net/core/sock.c:3183 l2cap_sock_teardown_cb+0xa1/0x660 net/bluetooth/l2cap_sock.c:1528 l2cap_chan_del+0xbc/0xa80 net/bluetooth/l2cap_core.c:622 l2cap_conn_del+0x3c0/0x7b0 net/bluetooth/l2cap_core.c:1898 l2cap_disconn_cfm net/bluetooth/l2cap_core.c:8177 [inline] l2cap_disconn_cfm+0x95/0xd0 net/bluetooth/l2cap_core.c:8170 hci_disconn_cfm include/net/bluetooth/hci_core.h:1518 [inline] hci_conn_hash_flush+0x127/0x260 net/bluetooth/hci_conn.c:1608 hci_dev_do_close+0x57d/0x1130 net/bluetooth/hci_core.c:1793 hci_unregister_dev+0x1c0/0x5a0 net/bluetooth/hci_core.c:4029 vhci_release+0x70/0xe0 drivers/bluetooth/hci_vhci.c:340 __fput+0x288/0x9f0 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0xbae/0x2a30 kernel/exit.c:825 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2160 kernel/signal.c:2868 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:865 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f01057e9739 Code: Unable to access opcode bytes at RIP 0x7f01057e970f. RSP: 002b:00007f0102d60218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca RAX: fffffffffffffe00 RBX: 00007f01058edf88 RCX: 00007f01057e9739 RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f01058edf88 RBP: 00007f01058edf80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f01058edf8c R13: 00007ffc53a835ef R14: 00007f0102d60300 R15: 0000000000022000 Modules linked in: CR2: fffffbfff34f1c2f ---[ end trace 23f79cf7a13a9fe2 ]--- RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:85 [inline] RIP: 0010:memory_is_nonzero mm/kasan/generic.c:102 [inline] RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:128 [inline] RIP: 0010:memory_is_poisoned mm/kasan/generic.c:159 [inline] RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline] RIP: 0010:kasan_check_range+0xdb/0x180 mm/kasan/generic.c:189 Code: 80 38 00 74 f2 48 89 c2 b8 01 00 00 00 48 85 d2 75 56 5b 5d 41 5c c3 48 85 d2 74 5e 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 50 <80> 38 00 74 f2 eb d4 41 bc 08 00 00 00 48 89 ea 45 29 dc 4d 8d 1c RSP: 0018:ffffc9000f22f5f8 EFLAGS: 00010096 RAX: fffffbfff34f1c2f RBX: fffffbfff34f1c30 RCX: ffffffff815b0e9a RDX: fffffbfff34f1c30 RSI: 0000000000000008 RDI: ffffffff9a78e178 RBP: fffffbfff34f1c2f R08: 0000000000000000 R09: ffffffff9a78e17f R10: fffffbfff34f1c2f R11: 0000000000000016 R12: ffff88803ed80ac0 R13: ffff88803ed80000 R14: ffff88803ed809f8 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff34f1c2f CR3: 000000002487b000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 ---------------- Code disassembly (best guess): 0: 80 38 00 cmpb $0x0,(%rax) 3: 74 f2 je 0xfffffff7 5: 48 89 c2 mov %rax,%rdx 8: b8 01 00 00 00 mov $0x1,%eax d: 48 85 d2 test %rdx,%rdx 10: 75 56 jne 0x68 12: 5b pop %rbx 13: 5d pop %rbp 14: 41 5c pop %r12 16: c3 retq 17: 48 85 d2 test %rdx,%rdx 1a: 74 5e je 0x7a 1c: 48 01 ea add %rbp,%rdx 1f: eb 09 jmp 0x2a 21: 48 83 c0 01 add $0x1,%rax 25: 48 39 d0 cmp %rdx,%rax 28: 74 50 je 0x7a * 2a: 80 38 00 cmpb $0x0,(%rax) <-- trapping instruction 2d: 74 f2 je 0x21 2f: eb d4 jmp 0x5 31: 41 bc 08 00 00 00 mov $0x8,%r12d 37: 48 89 ea mov %rbp,%rdx 3a: 45 29 dc sub %r11d,%r12d 3d: 4d rex.WRB 3e: 8d .byte 0x8d 3f: 1c .byte 0x1c
| Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ci-upstream-kasan-gce-root | 2021/09/18 11:20 | upstream | 4357f03d6611 | 70b76c1d | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-kasan-gce-root | 2021/05/02 01:17 | upstream | d2b6f8a17919 | 77e2b668 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-kasan-gce-smack-root | 2021/04/20 22:24 | upstream | 7af08140979a | c0ced557 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-kasan-gce-selinux-root | 2021/01/31 14:19 | upstream | 6642d600b541 | fc9fd31e | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-qemu-upstream-386 | 2021/03/02 23:08 | upstream | 7a7fd0de4a98 | e5b64d68 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-qemu-upstream-386 | 2021/01/30 09:10 | upstream | 0e9bcda5d286 | fc9fd31e | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-this-kasan-gce | 2021/10/19 22:15 | net | 04ee2752a5a9 | 466b7db1 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-this-kasan-gce | 2021/10/12 02:11 | net | 732b74d64704 | 838e7e2c | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-this-kasan-gce | 2021/04/30 17:56 | net | bbd6f0a94813 | 77e2b668 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-this-kasan-gce | 2021/03/07 13:28 | net | 9270bbe258c8 | 75506d9c | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-this-kasan-gce | 2021/03/01 20:30 | net | 447621e373bd | 183afb6c | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/09/17 00:17 | net-next | 52583c8d8b12 | aae492f2 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/06/07 00:47 | net-next | 1a42624aecba | 500c2339 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/05/15 20:41 | net-next | 77091933e453 | 93f844de | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/04/04 16:39 | net-next | 428e68e1a85a | 6a81331a | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/04/03 01:11 | net-next | bd78980be1a6 | 6a81331a | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/04/02 13:58 | net-next | bd78980be1a6 | 6a81331a | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/03/22 17:04 | net-next | a1e6f641e307 | bea32f74 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/02/19 21:29 | net-next | 38b5133ad607 | f689d40a | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-net-kasan-gce | 2021/02/04 04:47 | net-next | 32d1bbb1d609 | 624dad51 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-linux-next-kasan-gce-root | 2021/01/27 23:32 | linux-next | bc085f8fc88f | eefc07f2 | .config | console log | report | info | BUG: unable to handle kernel paging request in lock_sock_nested | |||
| ci-upstream-kasan-gce-smack-root | 2021/08/02 13:35 | upstream | c500bee1c5b2 | 6c236867 | .config | console log | report | info | KASAN: global-out-of-bounds Read in lock_sock_nested | |||
| ci-upstream-kasan-gce-smack-root | 2021/07/13 23:42 | upstream | 40226a3d96ef | fa0594c3 | .config | console log | report | info | UBSAN: array-index-out-of-bounds in lock_sock_nested | |||
| ci-upstream-kasan-gce-selinux-root | 2021/07/06 13:25 | upstream | 3dbdb38e2869 | 6c4484eb | .config | console log | report | info | UBSAN: array-index-out-of-bounds in lock_sock_nested | |||
| ci-upstream-kasan-gce-root | 2020/08/15 06:34 | upstream | b923f1247b72 | 424dd8e7 | .config | console log | report | |||||
| ci-upstream-kasan-gce-root | 2020/08/13 00:08 | upstream | fb893de323e2 | bc15f7db | .config | console log | report | |||||
| ci-upstream-net-this-kasan-gce | 2020/09/21 12:18 | net | e1b81391421b | 9e1fa68e | .config | console log | report | info | ||||
| ci-upstream-net-this-kasan-gce | 2020/09/07 12:00 | net | 4ddcaf1ebb5e | abf9ba4f | .config | console log | report | |||||
| ci-upstream-net-this-kasan-gce | 2020/08/16 11:22 | net | 4ca0d9ac3fd8 | 424dd8e7 | .config | console log | report | |||||
| ci-upstream-net-this-kasan-gce | 2020/08/16 04:04 | net | 4ca0d9ac3fd8 | 424dd8e7 | .config | console log | report | |||||
| ci-upstream-net-this-kasan-gce | 2020/08/05 15:20 | net | ac3a0c847296 | b7129355 | .config | console log | report | |||||
| ci-upstream-net-kasan-gce | 2020/12/29 12:18 | net-next | 3db1a3fa9880 | 8259d56c | .config | console log | report | info | ||||
| ci-upstream-net-kasan-gce | 2020/11/12 21:06 | net-next | e545f8657393 | 77a55c8e | .config | console log | report | info | ||||
| ci-upstream-net-kasan-gce | 2020/09/29 22:29 | net-next | 280095713ce2 | 5abc3f1a | .config | console log | report | info | ||||
| ci-upstream-net-kasan-gce | 2020/09/22 19:41 | net-next | 92ec804f3dbf | 3e8f6c27 | .config | console log | report | info | ||||
| ci-upstream-net-kasan-gce | 2020/09/11 07:39 | net-next | 9984c0bb22dc | adfb8b4e | .config | console log | report | |||||
| ci-upstream-net-kasan-gce | 2020/09/02 07:41 | net-next | dc1a9bf2c816 | abf9ba4f | .config | console log | report | |||||
| ci-upstream-net-kasan-gce | 2020/09/01 20:10 | net-next | 10eb46679460 | d5a3ae1f | .config | console log | report | |||||
| ci-upstream-net-kasan-gce | 2020/08/16 22:40 | net-next | 7fca4dee610d | 424dd8e7 | .config | console log | report | |||||
| ci-upstream-net-kasan-gce | 2020/08/16 10:50 | net-next | 7fca4dee610d | 424dd8e7 | .config | console log | report | |||||
| ci-upstream-net-kasan-gce | 2020/08/09 21:21 | net-next | bfdd5aaa54b0 | 70301872 | .config | console log | report | |||||
| ci-upstream-net-kasan-gce | 2020/08/08 12:56 | net-next | bfdd5aaa54b0 | ff51e522 | .config | console log | report | |||||
| ci-upstream-kmsan-gce-386 | 2021/03/21 03:51 | https://github.com/google/kmsan.git master | 29ad81a1074a | 17810eae | .config | console log | report | info | KMSAN: uninit-value in lock_sock_nested |