syzbot

 sign-in | mailing list | source | docs
🐞 Open [996] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12513] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: unable to handle kernel paging request in hrtimer_nanosleep

Status: auto-closed as invalid on 2020/10/03 03:41
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+86689d581f98cdb695c3@syzkaller.appspotmail.com
First crash: 1391d, last: 1391d

Sample crash report:
BUG: unable to handle page fault for address: ffff8882186373d0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD d601067 P4D d601067 PUD d604067 PMD 167063 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7292 Comm: syz-executor.4 Not tainted 5.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:lookup_object lib/debugobjects.c:197 [inline]
RIP: 0010:__debug_object_init+0xf5/0xce0 lib/debugobjects.c:546
Code: 8c 31 c0 48 85 ed 74 46 48 ba 00 00 00 00 00 fc ff df 48 8d 7d 18 83 c0 01 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 cc 07 00 00 <4c> 3b 65 18 0f 84 61 03 00 00 48 89 e9 48 c1 e9 03 80 3c 11 00 0f
RSP: 0018:ffffc900082a7c98 EFLAGS: 00010046
RAX: 0000000000000002 RBX: 0000000000092838 RCX: 1ffff110430c6e7a
RDX: dffffc0000000000 RSI: 0000000000000282 RDI: ffff8882186373d0
RBP: ffff8882186373b8 R08: 0000000000000001 R09: 0000000000000003
R10: fffff52001054f81 R11: 0000000000000000 R12: ffffc900082a7de0
R13: 1ffff92001054fa2 R14: ffffffff8cb58980 R15: ffffffff8cb58978
FS:  000000000160d940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8882186373d0 CR3: 0000000050c39000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 hrtimer_init_sleeper_on_stack kernel/time/hrtimer.c:446 [inline]
 hrtimer_nanosleep+0x172/0x430 kernel/time/hrtimer.c:1930
 __do_sys_nanosleep kernel/time/hrtimer.c:1966 [inline]
 __se_sys_nanosleep kernel/time/hrtimer.c:1953 [inline]
 __x64_sys_nanosleep+0x1dc/0x260 kernel/time/hrtimer.c:1953
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b030
Code: Bad RIP value.
RSP: 002b:00007fff63507228 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
RAX: ffffffffffffffda RBX: 00000000000e5c5c RCX: 000000000045b030
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fff63507230
RBP: 000000000000084f R08: 0000000000000001 R09: 000000000160d940
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff63507280 R14: 00000000000e5bf4 R15: 00007fff63507290
Modules linked in:
CR2: ffff8882186373d0
BUG: unable to handle page fault for address: ffff8880008da000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD d601067 P4D d601067 PUD d602067 PMD 8d9063 PTE 0
Oops: 0002 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 7292 Comm: syz-executor.4 Not tainted 5.8.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:writeb arch/x86/include/asm/io.h:65 [inline]
RIP: 0010:vga16fb_fillrect+0x9c0/0x193b drivers/video/fbdev/vga16fb.c:923
Code: ad fd 48 63 44 24 10 45 31 f6 48 89 04 24 e8 e7 70 ad fd 31 ff 89 de 31 ed e8 5c 6d ad fd 85 db 4d 89 ec 74 22 e8 d0 70 ad fd <45> 88 34 24 83 c5 01 89 df 49 83 c4 01 89 ee e8 bc 6c ad fd 39 eb
RSP: 0018:ffffc900082a7490 EFLAGS: 00010093
RAX: 0000000000000000 RBX: 0000000000000050 RCX: ffffffff83c646a4
RDX: ffff888050c4c080 RSI: ffffffff83c64690 RDI: 0000000000000004
RBP: 0000000000000010 R08: 0000000000000001 R09: ffff8880a304359f
R10: 0000000000000050 R11: 0000000000000000 R12: ffff8880008da000
R13: ffff8880008d9ff0 R14: 0000000000000000 R15: 00000000fffe5acc
FS:  000000000160d940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880008da000 CR3: 0000000050c39000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 bit_clear_margins+0x2d5/0x4a0 drivers/video/fbdev/core/bitblit.c:232
 fbcon_clear_margins+0x1d5/0x230 drivers/video/fbdev/core/fbcon.c:1381
 fbcon_switch+0xb6e/0x16c0 drivers/video/fbdev/core/fbcon.c:2363
 redraw_screen+0x2ae/0x770 drivers/tty/vt/vt.c:1015
 fbcon_blank+0x8b1/0xbf0 drivers/video/fbdev/core/fbcon.c:2424
 do_unblank_screen+0x248/0x430 drivers/tty/vt/vt.c:4310
 bust_spinlocks+0x5b/0xe0 lib/bust_spinlocks.c:26
 oops_end+0x2b/0xf0 arch/x86/kernel/dumpstack.c:337
 no_context+0x5a2/0x9f0 arch/x86/mm/fault.c:701
 __bad_area_nosemaphore+0xa9/0x480 arch/x86/mm/fault.c:789
 do_kern_addr_fault+0x5b/0x6f arch/x86/mm/fault.c:1130
 handle_page_fault arch/x86/mm/fault.c:1363 [inline]
 exc_page_fault+0x14c/0x170 arch/x86/mm/fault.c:1418
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:565
RIP: 0010:lookup_object lib/debugobjects.c:197 [inline]
RIP: 0010:__debug_object_init+0xf5/0xce0 lib/debugobjects.c:546
Code: 8c 31 c0 48 85 ed 74 46 48 ba 00 00 00 00 00 fc ff df 48 8d 7d 18 83 c0 01 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 cc 07 00 00 <4c> 3b 65 18 0f 84 61 03 00 00 48 89 e9 48 c1 e9 03 80 3c 11 00 0f
RSP: 0018:ffffc900082a7c98 EFLAGS: 00010046
RAX: 0000000000000002 RBX: 0000000000092838 RCX: 1ffff110430c6e7a
RDX: dffffc0000000000 RSI: 0000000000000282 RDI: ffff8882186373d0
RBP: ffff8882186373b8 R08: 0000000000000001 R09: 0000000000000003
R10: fffff52001054f81 R11: 0000000000000000 R12: ffffc900082a7de0
R13: 1ffff92001054fa2 R14: ffffffff8cb58980 R15: ffffffff8cb58978
 hrtimer_init_sleeper_on_stack kernel/time/hrtimer.c:446 [inline]
 hrtimer_nanosleep+0x172/0x430 kernel/time/hrtimer.c:1930
 __do_sys_nanosleep kernel/time/hrtimer.c:1966 [inline]
 __se_sys_nanosleep kernel/time/hrtimer.c:1953 [inline]
 __x64_sys_nanosleep+0x1dc/0x260 kernel/time/hrtimer.c:1953
 do_syscall_64+0x60/0xe0 arch/x86/entry/common.c:359
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b030
Code: Bad RIP value.
RSP: 002b:00007fff63507228 EFLAGS: 00000246 ORIG_RAX: 0000000000000023
RAX: ffffffffffffffda RBX: 00000000000e5c5c RCX: 000000000045b030
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007fff63507230
RBP: 000000000000084f R08: 0000000000000001 R09: 000000000160d940
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fff63507280 R14: 00000000000e5bf4 R15: 00007fff63507290
Modules linked in:
CR2: ffff8880008da000
---[ end trace be735ccc4516f4ee ]---
RIP: 0010:lookup_object lib/debugobjects.c:197 [inline]
RIP: 0010:__debug_object_init+0xf5/0xce0 lib/debugobjects.c:546
Code: 8c 31 c0 48 85 ed 74 46 48 ba 00 00 00 00 00 fc ff df 48 8d 7d 18 83 c0 01 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 cc 07 00 00 <4c> 3b 65 18 0f 84 61 03 00 00 48 89 e9 48 c1 e9 03 80 3c 11 00 0f
RSP: 0018:ffffc900082a7c98 EFLAGS: 00010046
RAX: 0000000000000002 RBX: 0000000000092838 RCX: 1ffff110430c6e7a
RDX: dffffc0000000000 RSI: 0000000000000282 RDI: ffff8882186373d0
RBP: ffff8882186373b8 R08: 0000000000000001 R09: 0000000000000003
R10: fffff52001054f81 R11: 0000000000000000 R12: ffffc900082a7de0
R13: 1ffff92001054fa2 R14: ffffffff8cb58980 R15: ffffffff8cb58978
FS:  000000000160d940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8880008da000 CR3: 0000000050c39000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/05 03:40 upstream 7cc2a8ea1048 51095195 .config console log report ci-upstream-kasan-gce-selinux-root
* Struck through repros no longer work on HEAD.