On Fri, Mar 10, 2017 at 8:29 PM, 'Andrey Konovalov' via syzkaller <syzkal...@googlegroups.com> wrote: > On Fri, Mar 10, 2017 at 8:28 PM, Andrey Konovalov <andreyk...@google.com> > wrote: >> Hi, >> >> I've got the following error report while fuzzing the kernel with >> syzkaller on an arm64 board. > > This also happened on x86 a few times during fuzzing, however it > wasn't reproducible.
FWIW here are 2 crashes that we hit on x86_64 on linux-next/56b8bad5e066c23e8fa273ef5fba50bd3da2ace8: kernel BUG at kernel/rcu/srcu.c:436! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 26567 Comm: syz-executor3 Not tainted 4.11.0-rc1-next-20170308+ #2 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801cbcba4c0 task.stack: ffff8801d1258000 RIP: 0010:__synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: 0018:ffff8801d125ea00 EFLAGS: 00010287 RAX: dffffc0000000000 RBX: ffff8801d125ea90 RCX: 0000000000000000 RDX: 1ffffffff0cf68f0 RSI: 0000000000000040 RDI: ffffffff867b4788 RBP: ffff8801d125eb40 R08: ffffffff867b4780 R09: ffffffff867b4778 R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a24bd46 R13: ffffffff867b4700 R14: ffffffff85680588 R15: ffff8801d125ea90 FS: 00007f55c1334700(0000) GS:ffff8801dbf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c81cbd7200 CR3: 00000001da67d000 CR4: 00000000001426e0 Call Trace: synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:516 __mmu_notifier_release+0x373/0x6c0 mm/mmu_notifier.c:102 mmu_notifier_release include/linux/mmu_notifier.h:235 [inline] exit_mmap+0x3cc/0x490 mm/mmap.c:2941 __mmput kernel/fork.c:881 [inline] mmput+0x22b/0x6e0 kernel/fork.c:903 exit_mm kernel/exit.c:557 [inline] do_exit+0xa41/0x28f0 kernel/exit.c:865 do_group_exit+0x149/0x420 kernel/exit.c:982 get_signal+0x7e0/0x1820 kernel/signal.c:2318 do_signal+0xd2/0x2190 arch/x86/kernel/signal.c:808 exit_to_usermode_loop+0x200/0x2a0 arch/x86/entry/common.c:157 prepare_exit_to_usermode arch/x86/entry/common.c:191 [inline] syscall_return_slowpath+0x4d3/0x570 arch/x86/entry/common.c:260 entry_SYSCALL_64_fastpath+0xbc/0xbe RIP: 0033:0x44fb79 RSP: 002b:00007f55c1333b58 EFLAGS: 00000212 ORIG_RAX: 0000000000000101 RAX: 0000000000000026 RBX: 00000000007080a8 RCX: 000000000044fb79 RDX: 0000000000000000 RSI: 000000002003a000 RDI: ffffffffffffff9c RBP: 0000000000000331 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffff9c R13: 000000002003a000 R14: 0000000000000000 R15: 0000000000000000 Code: e8 e1 3e f8 ff 85 c0 0f 85 9a fd ff ff be ff ff ff ff 48 c7 c7 c0 d9 12 85 e8 c8 3e f8 ff 85 c0 0f 85 81 fd ff ff e9 12 fa ff ff <0f> 0b c6 44 24 20 00 e9 e5 fc ff ff c6 44 24 20 00 41 bf 01 00 RIP: __synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: ffff8801d125ea00 ---[ end trace c25c3b4c622f543d ]--- ------------[ cut here ]------------ QAT: Invalid ioctl kernel BUG at kernel/rcu/srcu.c:436! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 3886 Comm: kworker/u4:10 Not tainted 4.11.0-rc1-next-20170308+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events_unbound fsnotify_mark_destroy_workfn task: ffff8801c384c880 task.stack: ffff8801d9658000 RIP: 0010:__synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: 0018:ffff8801d965f250 EFLAGS: 00010287 RAX: dffffc0000000000 RBX: ffff8801d965f2e0 RCX: 0000000000000000 RDX: 1ffffffff0cf81a8 RSI: 0000000000000040 RDI: ffffffff867c0d48 RBP: ffff8801d965f390 R08: ffffffff867c0d40 R09: ffffffff867c0d38 R10: 0000000000000006 R11: 0000000000000000 R12: 1ffff1003b2cbe50 R13: ffffffff867c0cc0 R14: ffffffff85680588 R15: ffff8801d965f2e0 FS: 0000000000000000(0000) GS:ffff8801dbe00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001ddbc37000 CR3: 00000001c46e2000 CR4: 00000000001406f0 Call Trace: synchronize_srcu+0x1e/0x40 kernel/rcu/srcu.c:516 fsnotify_mark_destroy_list+0x19d/0x540 fs/notify/mark.c:539 fsnotify_mark_destroy_workfn+0xe/0x10 fs/notify/mark.c:549 process_one_work+0xbd0/0x1c10 kernel/workqueue.c:2097 worker_thread+0x223/0x1990 kernel/workqueue.c:2231 kthread+0x326/0x3f0 kernel/kthread.c:229 ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430 Code: e8 e1 3e f8 ff 85 c0 0f 85 9a fd ff ff be ff ff ff ff 48 c7 c7 c0 d9 12 85 e8 c8 3e f8 ff 85 c0 0f 85 81 fd ff ff e9 12 fa ff ff <0f> 0b c6 44 24 20 00 e9 e5 fc ff ff c6 44 24 20 00 41 bf 01 00 RIP: __synchronize_srcu+0x695/0x7f0 kernel/rcu/srcu.c:412 RSP: ffff8801d965f250 ---[ end trace 4aa6116de274db2a ]---
