syzbot

 sign-in | mailing list | source | docs
🐞 Open [70]
🐞 Fixed [22]
🐞 Invalid [333]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel paging request in srcu_invoke_callbacks (2)

Status: auto-obsoleted due to no activity on 2024/06/15 12:26
First crash: 250d, last: 250d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in srcu_invoke_callbacks kernel 30 156d 186d 0/28 auto-obsoleted due to no activity on 2024/08/29 07:09
android-54 BUG: unable to handle kernel paging request in srcu_invoke_callbacks 1 1192d 1192d 0/2 auto-closed as invalid on 2021/12/17 00:29
upstream BUG: unable to handle kernel paging request in srcu_invoke_callbacks kernel 1 1832d 1831d 0/28 auto-closed as invalid on 2020/02/16 10:36
upstream KASAN: use-after-free Read in srcu_invoke_callbacks block syz error 4 1035d 1047d 20/28 fixed on 2022/03/08 16:11

Sample crash report:
BUG: unable to handle page fault for address: ffffc90005474160
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 1f5cb8067 P4D 1f5cb8067 PUD 1f5cb9067 PMD 1e6702067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12569 Comm: kworker/0:39 Not tainted 5.4.265-syzkaller-00009-g43a5ead9254d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
Workqueue: rcu_gp srcu_invoke_callbacks
RIP: 0010:__read_once_size include/linux/compiler.h:268 [inline]
RIP: 0010:rcu_seq_current kernel/rcu/rcu.h:99 [inline]
RIP: 0010:srcu_invoke_callbacks+0xda/0x370 kernel/rcu/srcutree.c:1174
Code: 7c 24 28 e8 38 7b ff 02 4c 8d a3 50 ff ff ff 4c 89 e8 48 c1 e8 03 48 89 44 24 30 42 80 3c 30 00 74 08 4c 89 ef e8 66 c0 42 00 <49> 8b 75 00 4c 89 64 24 18 4c 89 e7 e8 f5 b2 01 00 48 89 5c 24 38
RSP: 0018:ffff8881e5c9fc60 EFLAGS: 00010046
RAX: 1ffff92000a8e82c RBX: ffff8881f6e000f8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881e5c9fbe0
RBP: ffff8881e5c9fd58 R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e00048
R13: ffffc90005474160 R14: dffffc0000000000 R15: 1ffff1103cb93f94
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90005474160 CR3: 00000001ecdba000 CR4: 00000000003426b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 process_one_work+0x765/0xd20 kernel/workqueue.c:2290
 worker_thread+0xaef/0x1470 kernel/workqueue.c:2436
 kthread+0x2da/0x360 kernel/kthread.c:288
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:354
Modules linked in:
CR2: ffffc90005474160
---[ end trace 20a89ffee9bd7cbd ]---
RIP: 0010:__read_once_size include/linux/compiler.h:268 [inline]
RIP: 0010:rcu_seq_current kernel/rcu/rcu.h:99 [inline]
RIP: 0010:srcu_invoke_callbacks+0xda/0x370 kernel/rcu/srcutree.c:1174
Code: 7c 24 28 e8 38 7b ff 02 4c 8d a3 50 ff ff ff 4c 89 e8 48 c1 e8 03 48 89 44 24 30 42 80 3c 30 00 74 08 4c 89 ef e8 66 c0 42 00 <49> 8b 75 00 4c 89 64 24 18 4c 89 e7 e8 f5 b2 01 00 48 89 5c 24 38
RSP: 0018:ffff8881e5c9fc60 EFLAGS: 00010046
RAX: 1ffff92000a8e82c RBX: ffff8881f6e000f8 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff8881e5c9fbe0
RBP: ffff8881e5c9fd58 R08: dffffc0000000000 R09: 0000000000000003
R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881f6e00048
R13: ffffc90005474160 R14: dffffc0000000000 R15: 1ffff1103cb93f94
FS:  0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90005474160 CR3: 00000001ecdba000 CR4: 00000000003426b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	24 28                	and    $0x28,%al
   2:	e8 38 7b ff 02       	call   0x2ff7b3f
   7:	4c 8d a3 50 ff ff ff 	lea    -0xb0(%rbx),%r12
   e:	4c 89 e8             	mov    %r13,%rax
  11:	48 c1 e8 03          	shr    $0x3,%rax
  15:	48 89 44 24 30       	mov    %rax,0x30(%rsp)
  1a:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1)
  1f:	74 08                	je     0x29
  21:	4c 89 ef             	mov    %r13,%rdi
  24:	e8 66 c0 42 00       	call   0x42c08f
* 29:	49 8b 75 00          	mov    0x0(%r13),%rsi <-- trapping instruction
  2d:	4c 89 64 24 18       	mov    %r12,0x18(%rsp)
  32:	4c 89 e7             	mov    %r12,%rdi
  35:	e8 f5 b2 01 00       	call   0x1b32f
  3a:	48 89 5c 24 38       	mov    %rbx,0x38(%rsp)

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/17 12:16 android12-5.4 43a5ead9254d d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-4-kasan BUG: unable to handle kernel paging request in srcu_invoke_callbacks
* Struck through repros no longer work on HEAD.