| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Aug 2022 19:04:25 -0700
From: syzbot <syzbot+e80c44ef751cb1889491@...kaller.appspotmail.com>
To: gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, syzkaller-bugs@...glegroups.com,
tj@...nel.org
Subject: [syzbot] upstream boot error: BUG: unable to handle kernel paging
request in kernfs_new_node
Hello,
syzbot found the following issue on:
HEAD commit: 3cc40a443a04 Merge tag 'nios2_fixes_v6.0' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1053627b080000
kernel config: https://syzkaller.appspot.com/x/.config?x=f267ed4fb258122a
dashboard link: https://syzkaller.appspot.com/bug?extid=e80c44ef751cb1889491
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e80c44ef751cb1889491@...kaller.appspotmail.com
Console: switching to colour frame buffer device 128x48
platform vkms: [drm] fb0: vkmsdrmfb frame buffer device
usbcore: registered new interface driver udl
brd: module loaded
loop: module loaded
zram: Added device: zram0
null_blk: disk nullb0 created
null_blk: module loaded
Guest personality initialized and is inactive
VMCI host device registered (name=vmci, major=10, minor=120)
Initialized host personality
usbcore: registered new interface driver rtsx_usb
usbcore: registered new interface driver viperboard
usbcore: registered new interface driver dln2
usbcore: registered new interface driver pn533_usb
nfcsim 0.2 initialized
usbcore: registered new interface driver port100
usbcore: registered new interface driver nfcmrvl
Loading iSCSI transport class v2.0-870.
scsi host0: Virtio SCSI HBA
st: Version 20160209, fixed bufsize 32768, s/g segs 256
Rounding down aligned max_sectors from 4294967295 to 4294967288
db_root: cannot open: /etc/target
slram: not enough parameters.
ftl_cs: FTL header not found.
wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information.
wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@...c4.com>. All Rights Reserved.
eql: Equalizer2002: Simon Janes (simon@....com) and David S. Miller (davem@...hat.com)
MACsec IEEE 802.1AE
tun: Universal TUN/TAP device driver, 1.6
vcan: Virtual CAN interface driver
vxcan: Virtual CAN Tunnel driver
slcan: serial line CAN interface driver
CAN device driver interface
usbcore: registered new interface driver usb_8dev
usbcore: registered new interface driver ems_usb
usbcore: registered new interface driver gs_usb
usbcore: registered new interface driver kvaser_usb
usbcore: registered new interface driver mcba_usb
usbcore: registered new interface driver peak_usb
e100: Intel(R) PRO/100 Network Driver
e100: Copyright(c) 1999-2006 Intel Corporation
e1000: Intel(R) PRO/1000 Network Driver
e1000: Copyright (c) 1999-2006 Intel Corporation.
e1000e: Intel(R) PRO/1000 Network Driver
e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
mkiss: AX.25 Multikiss, Hans Albas PE1AYX
AX.25: 6pack driver, Revision: 0.3.0
AX.25: bpqether driver version 004
PPP generic driver version 2.4.2
BUG: unable to handle page fault for address: ffffdc0000000006
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 12026067 P4D 12026067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc1-syzkaller-00017-g3cc40a443a04 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
RIP: 0010:kernfs_root fs/kernfs/kernfs-internal.h:66 [inline]
RIP: 0010:kernfs_new_node+0x3e/0x160 fs/kernfs/dir.c:655
Code: 89 44 24 04 41 89 cc 41 89 d7 49 89 f5 48 89 fb 48 bd 00 00 00 00 00 fc ff df e8 1d 26 75 ff 48 8d 7b 30 48 89 f8 48 c1 e8 03 <80> 3c 28 00 74 05 e8 c7 c4 c8 ff 4c 8b 73 30 4d 85 f6 4c 0f 44 f3
RSP: 0000:ffffc90000067a48 EFLAGS: 00010a06
RAX: 1fffe00000000006 RBX: ffff000000000000 RCX: ffff888012228000
RDX: 0000000000000000 RSI: ffffffff8b23d2c0 RDI: ffff000000000030
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000004
R10: fffffbfff19cdabd R11: 1ffffffff19cdabc R12: 0000000000000000
R13: ffffffff8b23d2c0 R14: ffff888147423e80 R15: 000000000000a1ff
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffdc0000000006 CR3: 000000000ca8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
kernfs_create_link+0x9f/0x1f0 fs/kernfs/symlink.c:39
sysfs_do_create_link_sd+0x85/0x100 fs/sysfs/symlink.c:44
device_add_class_symlinks drivers/base/core.c:3239 [inline]
device_add+0x642/0xf90 drivers/base/core.c:3465
device_create_groups_vargs drivers/base/core.c:4194 [inline]
device_create+0x252/0x2e0 drivers/base/core.c:4236
ppp_init+0xfb/0x157 drivers/net/ppp/ppp_generic.c:1410
do_one_initcall+0xbd/0x2b0 init/main.c:1296
do_initcall_level+0x168/0x218 init/main.c:1369
do_initcalls+0x4b/0x8c init/main.c:1385
kernel_init_freeable+0x43a/0x5c3 init/main.c:1611
kernel_init+0x19/0x2b0 init/main.c:1500
ret_from_fork+0x1f/0x30
</TASK>
Modules linked in:
CR2: ffffdc0000000006
---[ end trace 0000000000000000 ]---
RIP: 0010:kernfs_root fs/kernfs/kernfs-internal.h:66 [inline]
RIP: 0010:kernfs_new_node+0x3e/0x160 fs/kernfs/dir.c:655
Code: 89 44 24 04 41 89 cc 41 89 d7 49 89 f5 48 89 fb 48 bd 00 00 00 00 00 fc ff df e8 1d 26 75 ff 48 8d 7b 30 48 89 f8 48 c1 e8 03 <80> 3c 28 00 74 05 e8 c7 c4 c8 ff 4c 8b 73 30 4d 85 f6 4c 0f 44 f3
RSP: 0000:ffffc90000067a48 EFLAGS: 00010a06
RAX: 1fffe00000000006 RBX: ffff000000000000 RCX: ffff888012228000
RDX: 0000000000000000 RSI: ffffffff8b23d2c0 RDI: ffff000000000030
RBP: dffffc0000000000 R08: 0000000000000000 R09: 0000000000000004
R10: fffffbfff19cdabd R11: 1ffffffff19cdabc R12: 0000000000000000
R13: ffffffff8b23d2c0 R14: ffff888147423e80 R15: 000000000000a1ff
FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffdc0000000006 CR3: 000000000ca8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 89 44 24 04 mov %eax,0x4(%rsp)
4: 41 89 cc mov %ecx,%r12d
7: 41 89 d7 mov %edx,%r15d
a: 49 89 f5 mov %rsi,%r13
d: 48 89 fb mov %rdi,%rbx
10: 48 bd 00 00 00 00 00 movabs $0xdffffc0000000000,%rbp
17: fc ff df
1a: e8 1d 26 75 ff callq 0xff75263c
1f: 48 8d 7b 30 lea 0x30(%rbx),%rdi
23: 48 89 f8 mov %rdi,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 28 00 cmpb $0x0,(%rax,%rbp,1) <-- trapping instruction
2e: 74 05 je 0x35
30: e8 c7 c4 c8 ff callq 0xffc8c4fc
35: 4c 8b 73 30 mov 0x30(%rbx),%r14
39: 4d 85 f6 test %r14,%r14
3c: 4c 0f 44 f3 cmove %rbx,%r14
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists