syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

invalid opcode in do_syscall_64

Status: auto-closed as invalid on 2020/03/12 14:07
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+f5bd1bc594dd0a71abdc@syzkaller.appspotmail.com
First crash: 1596d, last: 1596d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 invalid opcode in do_syscall_64 1 1325d 1325d 0/1 auto-closed as invalid on 2021/01/07 18:51
linux-4.14 invalid opcode in do_syscall_64 syz error 3 788d 1306d 0/1 upstream: reported syz repro on 2020/09/28 17:19

Sample crash report:
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9105 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:prepare_exit_to_usermode arch/x86/entry/common.c:189 [inline]
RIP: 0010:syscall_return_slowpath arch/x86/entry/common.c:278 [inline]
RIP: 0010:do_syscall_64+0x432/0x790 arch/x86/entry/common.c:304
Code: 41 5c 41 5d 41 5e 5d c3 e8 4b 84 74 00 48 b8 00 00 00 00 00 fc ff df 65 4c 8b 2c 25 c0 1e 02 00 49 8d bd 94 08 00 00 48 00 07 <07> 00 00 00 07 00 00 00 00 00 00 00 00 00 83 c0 03 38 d0 7c 08 84
RSP: 0018:ffffc90001e27f20 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff8880637d02c0 RCX: ffffffff8100a63d
RDX: 0000000000000000 RSI: ffffffff8100a745 RDI: ffff8880637d0b54
RBP: ffffc90001e27f48 R08: ffff8880637d02c0 R09: ffffed100c6fa059
R10: ffffed100c6fa058 R11: ffff8880637d02c7 R12: ffffc90001e27f58
R13: ffff8880637d02c0 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000001dec940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fe3a8f5f480 CR3: 000000006376d000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 6376e067 P4D 6376e067 PUD 6376f067 PMD 0 
Oops: 0000 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 9105 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:x86_add_exclusive+0x290/0x310 arch/x86/events/core.c:383
Code: f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 6e 45 8b 3e 31 ff 44 89 fe e8 8e 01 74 00 45 85 ff 75 66 e8 04 00 74 00 83 c3 01 bf <03> 00 00 00 49 83 c6 04 89 de e8 71 01 74 00 83 fb 03 75 85 e8 e7
RSP: 0018:ffffc90001e274a8 EFLAGS: 00010007
RAX: 0000000000000000 RBX: 0000000000414000 RCX: ffffffff8100dcd4
RDX: 0000000000414000 RSI: ffffffffff600000 RDI: 0000000000000007
RBP: ffffc90001e274c0 R08: ffff8880637d02c0 R09: fffffbfff16bf69a
R10: fffffbfff16bf699 R11: ffffffff8b5fb4c9 R12: 0000000000000000
R13: ffffc90001e27588 R14: ffffc90001e27668 R15: ffffc90001e27568
FS:  0000000001dec940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000006376d000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 is_kernel include/linux/kallsyms.h:43 [inline]
 is_ksym_addr include/linux/kallsyms.h:49 [inline]
 kallsyms_lookup+0xc3/0x2d0 kernel/kallsyms.c:291
 __sprint_symbol+0xb7/0x1e0 kernel/kallsyms.c:364
 sprint_symbol+0x25/0x30 kernel/kallsyms.c:395
 symbol_string+0x16f/0x230 lib/vsprintf.c:961
 pointer+0x17b/0x740 lib/vsprintf.c:2188
 vsnprintf+0x6b6/0x19a0 lib/vsprintf.c:2578
 vscnprintf+0x2d/0x80 lib/vsprintf.c:2677
 vprintk_store+0x44/0x4a0 kernel/printk/printk.c:1917
 vprintk_emit+0x135/0x700 kernel/printk/printk.c:1978
 vprintk_default+0x28/0x30 kernel/printk/printk.c:2023
 vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:386
 printk+0xba/0xed kernel/printk/printk.c:2056
 show_ip+0x27/0x38 arch/x86/kernel/dumpstack.c:124
 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131
 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:74
 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149
 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274
 show_regs arch/x86/kernel/dumpstack.c:423 [inline]
 show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:413
 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:388
 die+0x2b/0x48 arch/x86/kernel/dumpstack.c:408
 do_trap_no_signal arch/x86/kernel/traps.c:207 [inline]
 do_trap+0x101/0x230 arch/x86/kernel/traps.c:246
 do_error_trap+0xd6/0x200 arch/x86/kernel/traps.c:273
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:prepare_exit_to_usermode arch/x86/entry/common.c:189 [inline]
RIP: 0010:syscall_return_slowpath arch/x86/entry/common.c:278 [inline]
RIP: 0010:do_syscall_64+0x432/0x790 arch/x86/entry/common.c:304
Code: 41 5c 41 5d 41 5e 5d c3 e8 4b 84 74 00 48 b8 00 00 00 00 00 fc ff df 65 4c 8b 2c 25 c0 1e 02 00 49 8d bd 94 08 00 00 48 00 07 <07> 00 00 00 07 00 00 00 00 00 00 00 00 00 83 c0 03 38 d0 7c 08 84
RSP: 0018:ffffc90001e27f20 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff8880637d02c0 RCX: ffffffff8100a63d
RDX: 0000000000000000 RSI: ffffffff8100a745 RDI: ffff8880637d0b54
RBP: ffffc90001e27f48 R08: ffff8880637d02c0 R09: ffffed100c6fa059
R10: ffffed100c6fa058 R11: ffff8880637d02c7 R12: ffffc90001e27f58
R13: ffff8880637d02c0 R14: 0000000000000000 R15: 0000000000000000
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 6376e067 P4D 6376e067 PUD 6376f067 PMD 0 
Oops: 0000 [#3] PREEMPT SMP KASAN
CPU: 0 PID: 9105 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:x86_add_exclusive+0x290/0x310 arch/x86/events/core.c:383
Code: f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 6e 45 8b 3e 31 ff 44 89 fe e8 8e 01 74 00 45 85 ff 75 66 e8 04 00 74 00 83 c3 01 bf <03> 00 00 00 49 83 c6 04 89 de e8 71 01 74 00 83 fb 03 75 85 e8 e7
RSP: 0018:ffffc90001e268d0 EFLAGS: 00010007
RAX: 0000000000000000 RBX: 0000000000414000 RCX: ffffffff8100dcd4
RDX: 0000000000414000 RSI: ffffffffff600000 RDI: 0000000000000007
RBP: ffffc90001e268e8 R08: ffff8880637d02c0 R09: ffffed1015d04b8a
R10: ffffed1015d04b89 R11: ffff8880ae825c49 R12: 0000000000000000
R13: ffffc90001e269b0 R14: ffffc90001e26a90 R15: ffffc90001e26990
FS:  0000000001dec940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000006376d000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 is_kernel include/linux/kallsyms.h:43 [inline]
 is_ksym_addr include/linux/kallsyms.h:49 [inline]
 kallsyms_lookup+0xc3/0x2d0 kernel/kallsyms.c:291
 __sprint_symbol+0xb7/0x1e0 kernel/kallsyms.c:364
 sprint_symbol+0x25/0x30 kernel/kallsyms.c:395
 symbol_string+0x16f/0x230 lib/vsprintf.c:961
 pointer+0x17b/0x740 lib/vsprintf.c:2188
 vsnprintf+0x6b6/0x19a0 lib/vsprintf.c:2578
 vscnprintf+0x2d/0x80 lib/vsprintf.c:2677
 printk_safe_log_store+0x106/0x270 kernel/printk/printk_safe.c:93
 vprintk_safe kernel/printk/printk_safe.c:346 [inline]
 vprintk_func+0x131/0x189 kernel/printk/printk_safe.c:383
 printk+0xba/0xed kernel/printk/printk.c:2056
 show_ip+0x27/0x38 arch/x86/kernel/dumpstack.c:124
 show_iret_regs+0x14/0x38 arch/x86/kernel/dumpstack.c:131
 __show_regs+0x1c/0x60 arch/x86/kernel/process_64.c:74
 show_regs_if_on_stack.constprop.0+0x39/0x3c arch/x86/kernel/dumpstack.c:149
 show_trace_log_lvl+0x25d/0x28c arch/x86/kernel/dumpstack.c:274
 show_regs arch/x86/kernel/dumpstack.c:423 [inline]
 show_regs.cold+0x1a/0x1f arch/x86/kernel/dumpstack.c:413
 __die+0x6c/0xb6 arch/x86/kernel/dumpstack.c:388
 no_context+0x329/0xa30 arch/x86/mm/fault.c:820
 __bad_area_nosemaphore+0xae/0x420 arch/x86/mm/fault.c:912
 bad_area_nosemaphore+0x2e/0x40 arch/x86/mm/fault.c:919
 do_kern_addr_fault arch/x86/mm/fault.c:1276 [inline]
 __do_page_fault+0x7bd/0xd80 arch/x86/mm/fault.c:1504
 do_page_fault+0x38/0x590 arch/x86/mm/fault.c:1530
 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203
RIP: 0010:x86_add_exclusive+0x290/0x310 arch/x86/events/core.c:383
Code: f0 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 6e 45 8b 3e 31 ff 44 89 fe e8 8e 01 74 00 45 85 ff 75 66 e8 04 00 74 00 83 c3 01 bf <03> 00 00 00 49 83 c6 04 89 de e8 71 01 74 00 83 fb 03 75 85 e8 e7
RSP: 0018:ffffc90001e274a8 EFLAGS: 00010007
RAX: 0000000000000000 RBX: 0000000000414000 RCX: ffffffff8100dcd4
RDX: 0000000000414000 RSI: ffffffffff600000 RDI: 0000000000000007
RBP: ffffc90001e274c0 R08: ffff8880637d02c0 R09: fffffbfff16bf69a
R10: fffffbfff16bf699 R11: ffffffff8b5fb4c9 R12: 0000000000000000
R13: ffffc90001e27588 R14: ffffc90001e27668 R15: ffffc90001e27568
 is_kernel include/linux/kallsyms.h:43 [inline]
 is_ksym_addr include/linux/kallsyms.h:49 [inline]
 kallsyms_lookup+0xc3/0x2d0 kernel/kallsyms.c:291
 __sprint_symbol+0xb7/0x1e0 kernel/kallsyms.c:364
 sprint_symbol+0x25/0x30 kernel/kallsyms.c:395
 symbol_string+0x16f/0x230 lib/vsprintf.c:961
 pointer+0x17b/0x740 lib/vsprintf.c:2188
 vsnprintf+0x6b6/0x19a0 lib/vsprintf.c:2578
 vscnprintf+0x2d/0x80 lib/vsprintf.c:2677
 vprintk_store+0x44/0x4a0 kernel/printk/printk.c:1917
 vprintk_emit+0x135/0x700 kernel/printk/printk.c:1978
 vprintk_default+0x28/0x30 kernel/printk/printk.c:2023
 vprintk_func
Lost 62 message(s)!

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/13 14:06 upstream ae4b064e2a61 08003f64 .config console log report ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.