From: syzbot <syzbot+a5638594f1bc152f1200@syzkaller.appspotmail.com>
To: catalin.marinas@arm.com, keescook@chromium.org,
linux-arm-kernel@lists.infradead.org,
linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, will@kernel.org
Subject: [syzbot] [arm?] BUG: unable to handle kernel paging request in invoke_syscall
Date: Tue, 04 Jul 2023 07:01:15 -0700 [thread overview]
Message-ID: <0000000000007096ce05ffa9b7aa@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 3a8a670eeeaa Merge tag 'net-next-6.5' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1652699f280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ce7f4ca96cdf82c7
dashboard link: https://syzkaller.appspot.com/bug?extid=a5638594f1bc152f1200
compiler: aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1645c714a80000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-3a8a670e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a940531a9b86/vmlinux-3a8a670e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4f3cbae5be61/Image-3a8a670e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a5638594f1bc152f1200@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address bfff800082cebd10
Mem abort info:
ESR = 0x0000000086000004
EC = 0x21: IABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000042480000
[bfff800082cebd10] pgd=10000000bffff803, p4d=10000000bffff803, pud=10000000bfffe803, pmd=1000000043834003, pte=0068000048f30f07
Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3234 Comm: udevd Not tainted 6.4.0-syzkaller-04247-g3a8a670eeeaa #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : 0xbfff800082cebd10
lr : 0xffff800082cebd10
sp : ffff800082cf3df0
x29: ffff800082cf3df0 x28: f9ff00000705af40 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
x23: 0000000060000000 x22: 0000ffffa736068c x21: 00000000ffffffff
x20: f9ff00000705af40 x19: ffff800082cf3eb0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800082cf3c88
x14: 0000000000000000 x13: 0000000000001000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000701 x9 : 0000000600000000
x8 : 000000001dcd6500 x7 : 0000000000000027 x6 : 0000ffffef8c1df8
x5 : 0000ffffef8c1df8 x4 : 0000000000000008 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f9ff00000705af40 x0 : 0000000000000000
Call trace:
0xbfff800082cebd10
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0x44/0xe4 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x38/0xa4 arch/arm64/kernel/syscall.c:191
el0_svc+0x2c/0xb0 arch/arm64/kernel/entry-common.c:647
el0t_64_sync_handler+0xc0/0xc4 arch/arm64/kernel/entry-common.c:665
el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:591
Code: 00000002 00000000 eed50f00 041d12ac (82cebd30)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 00000002 udf #2
4: 00000000 udf #0
8: eed50f00 .inst 0xeed50f00 ; undefined
c: 041d12ac .inst 0x041d12ac ; undefined
* 10: 82cebd30 .inst 0x82cebd30 ; undefined <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+a5638594f1bc152f1200@syzkaller.appspotmail.com>
To: catalin.marinas@arm.com, keescook@chromium.org,
linux-arm-kernel@lists.infradead.org,
linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, will@kernel.org
Subject: [syzbot] [arm?] BUG: unable to handle kernel paging request in invoke_syscall
Date: Tue, 04 Jul 2023 07:01:15 -0700 [thread overview]
Message-ID: <0000000000007096ce05ffa9b7aa@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 3a8a670eeeaa Merge tag 'net-next-6.5' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1652699f280000
kernel config: https://syzkaller.appspot.com/x/.config?x=ce7f4ca96cdf82c7
dashboard link: https://syzkaller.appspot.com/bug?extid=a5638594f1bc152f1200
compiler: aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1645c714a80000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-3a8a670e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a940531a9b86/vmlinux-3a8a670e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4f3cbae5be61/Image-3a8a670e.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a5638594f1bc152f1200@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address bfff800082cebd10
Mem abort info:
ESR = 0x0000000086000004
EC = 0x21: IABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000042480000
[bfff800082cebd10] pgd=10000000bffff803, p4d=10000000bffff803, pud=10000000bfffe803, pmd=1000000043834003, pte=0068000048f30f07
Internal error: Oops: 0000000086000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3234 Comm: udevd Not tainted 6.4.0-syzkaller-04247-g3a8a670eeeaa #0
Hardware name: linux,dummy-virt (DT)
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : 0xbfff800082cebd10
lr : 0xffff800082cebd10
sp : ffff800082cf3df0
x29: ffff800082cf3df0 x28: f9ff00000705af40 x27: 0000000000000000
x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
x23: 0000000060000000 x22: 0000ffffa736068c x21: 00000000ffffffff
x20: f9ff00000705af40 x19: ffff800082cf3eb0 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800082cf3c88
x14: 0000000000000000 x13: 0000000000001000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000701 x9 : 0000000600000000
x8 : 000000001dcd6500 x7 : 0000000000000027 x6 : 0000ffffef8c1df8
x5 : 0000ffffef8c1df8 x4 : 0000000000000008 x3 : 0000000000000000
x2 : 0000000000000000 x1 : f9ff00000705af40 x0 : 0000000000000000
Call trace:
0xbfff800082cebd10
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0x44/0xe4 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x38/0xa4 arch/arm64/kernel/syscall.c:191
el0_svc+0x2c/0xb0 arch/arm64/kernel/entry-common.c:647
el0t_64_sync_handler+0xc0/0xc4 arch/arm64/kernel/entry-common.c:665
el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:591
Code: 00000002 00000000 eed50f00 041d12ac (82cebd30)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 00000002 udf #2
4: 00000000 udf #0
8: eed50f00 .inst 0xeed50f00 ; undefined
c: 041d12ac .inst 0x041d12ac ; undefined
* 10: 82cebd30 .inst 0x82cebd30 ; undefined <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2023-07-04 14:02 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-04 14:01 syzbot [this message]
2023-07-04 14:01 ` [syzbot] [arm?] BUG: unable to handle kernel paging request in invoke_syscall syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000007096ce05ffa9b7aa@google.com \
--to=syzbot+a5638594f1bc152f1200@syzkaller.appspotmail.com \
--cc=catalin.marinas@arm.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.