syzbot

 sign-in | mailing list | source | docs
🐞 Open [983] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: unable to handle kernel paging request in match_subs_info

Status: fixed on 2018/01/03 02:35
Subsystems: sound
[Documentation on labels]
Reported-by: syzbot+9ac7f954144e4f6818a60fdacc3a3384b816f8d8@syzkaller.appspotmail.com
Fix commit: 7fb983b4dd56 x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
First crash: 2334d, last: 2334d

Sample crash report:
BUG: unable to handle kernel paging request at 00000000976facda
IP: addr_match sound/core/seq/seq_ports.c:468 [inline]
IP: match_subs_info+0x68/0x320 sound/core/seq/seq_ports.c:476
PGD 5e28067 P4D 5e28067 PUD 5e2a067 PMD 0 
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 6622 Comm: syz-executor6 Not tainted 4.15.0-rc2-next-20171204+ #58
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: 00000000702e389d task.stack: 00000000c90748c9
RIP: 0010:addr_match sound/core/seq/seq_ports.c:468 [inline]
RIP: 0010:match_subs_info+0x68/0x320 sound/core/seq/seq_ports.c:476
RSP: 0018:ffff8801d042f580 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8801d042f6e0 RCX: ffffffff841022a6
RDX: 0000000000000000 RSI: ffffffffffffffb0 RDI: ffff8801d042f6e0
RBP: ffff8801d042f5a0 R08: 0000000000000001 R09: 0000000000000004
R10: 0000000000000000 R11: ffffffff8748dd60 R12: ffffffffffffffb0
R13: 000000000000000f R14: dffffc0000000000 R15: ffff8801cfcff680
FS:  0000000000d11940(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffb0 CR3: 00000001c4081000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020001000 DR2: 0000000020000000
DR3: 0000000020000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 snd_seq_port_disconnect+0xb7/0x230 sound/core/seq/seq_ports.c:618
 snd_seq_ioctl_unsubscribe_port+0x212/0x2c0 sound/core/seq/seq_clientmgr.c:1492
 snd_seq_kernel_client_ctl+0x122/0x160 sound/core/seq/seq_clientmgr.c:2347
 snd_seq_oss_midi_close+0x55c/0x760 sound/core/seq/oss/seq_oss_midi.c:410
 snd_seq_oss_synth_reset+0x3aa/0x990 sound/core/seq/oss/seq_oss_synth.c:418
 snd_seq_oss_reset+0x6c/0x260 sound/core/seq/oss/seq_oss_init.c:448
 snd_seq_oss_release+0x71/0x120 sound/core/seq/oss/seq_oss_init.c:425
 odev_release+0x52/0x70 sound/core/seq/oss/seq_oss.c:153
 __fput+0x333/0x7f0 fs/file_table.c:210
 ____fput+0x15/0x20 fs/file_table.c:244
 task_work_run+0x199/0x270 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x9bb/0x1ae0 kernel/exit.c:869
 do_group_exit+0x149/0x400 kernel/exit.c:972
 SYSC_exit_group kernel/exit.c:983 [inline]
 SyS_exit_group+0x1d/0x20 kernel/exit.c:981
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x4529d9
RSP: 002b:0000000000a6fa08 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000758048 RCX: 00000000004529d9
RDX: 00000000004529d9 RSI: 00000000007655f8 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000045 R09: 0000000000000000
R10: 00000000007655f0 R11: 0000000000000202 R12: 0000000000a6f9b0
R13: 0000000000758020 R14: 00000000000001d7 R15: 000000000000001d
Code: 4c 89 e2 48 b8 00 00 00 00 00 fc ff df 44 0f b6 2b 48 c1 ea 03 0f b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 57 02 00 00 <45> 38 2c 24 74 14 45 31 ed e8 3a 19 60 fd 44 89 e8 5b 41 5c 41 
RIP: addr_match sound/core/seq/seq_ports.c:468 [inline] RSP: ffff8801d042f580
RIP: match_subs_info+0x68/0x320 sound/core/seq/seq_ports.c:476 RSP: ffff8801d042f580
CR2: ffffffffffffffb0
---[ end trace 207f9bbd84801b9d ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/12/04 05:23 linux-next 7cc61a0a562c 48359b97 .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.