-
-
Save xrivendell7/22f4cb7e2a991946919aa94ae1418f17 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TITLE: general protection fault in do_misc_fixups | |
general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI | |
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] | |
CPU: 1 PID: 8240 Comm: 477 Not tainted 6.8.0-05234-gcc9b22dfa735 #1 | |
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014 | |
RIP: 0010:do_misc_fixups+0xf58/0x5610 kernel/bpf/verifier.c:19606 | |
Code: 8d bd 08 01 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 60 32 00 00 48 8b ad 08 01 00 00 48 8d 7d 30 48 89 f8 48f | |
RSP: 0018:ffffc9000ea07538 EFLAGS: 00010216 | |
RAX: 0000000000000006 RBX: ffffc9000219e05a RCX: ffffffff81a6cf41 | |
RDX: ffff88802ee51ec0 RSI: ffffffff81a6c436 RDI: 0000000000000030 | |
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 | |
R10: 0000000000010000 R11: ffff88802e97d66c R12: 0000000000010000 | |
R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000219e058 | |
FS: 0000000015def380(0000) GS:ffff88823bc00000(0000) knlGS:0000000000000000 | |
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 | |
CR2: 0000000020000300 CR3: 000000007cac2000 CR4: 0000000000750ef0 | |
PKRU: 55555554 | |
Call Trace: | |
<TASK> | |
bpf_check+0x38a5/0xb3b0 kernel/bpf/verifier.c:21291 | |
bpf_prog_load+0xf3b/0x27e0 kernel/bpf/syscall.c:2895 | |
__sys_bpf+0xa1e/0x4f00 kernel/bpf/syscall.c:5631 | |
__do_sys_bpf kernel/bpf/syscall.c:5738 [inline] | |
__se_sys_bpf kernel/bpf/syscall.c:5736 [inline] | |
__x64_sys_bpf+0x7d/0xc0 kernel/bpf/syscall.c:5736 | |
do_syscall_x64 arch/x86/entry/common.c:52 [inline] | |
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 | |
entry_SYSCALL_64_after_hwframe+0x6d/0x75 | |
RIP: 0033:0x4313e9 | |
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 248 | |
RSP: 002b:00007ffdad3bdb08 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 | |
RAX: ffffffffffffffda RBX: 00007ffdad3bdce8 RCX: 00000000004313e9 | |
RDX: 0000000000000090 RSI: 0000000020000300 RDI: 0000000000000005 | |
RBP: 00007ffdad3bdb10 R08: 0000000000000000 R09: 00000000004a06f0 | |
R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 | |
R13: 00007ffdad3bdcd8 R14: 0000000000000001 R15: 0000000000000001 | |
</TASK> | |
Modules linked in: | |
---[ end trace 0000000000000000 ]--- | |
RIP: 0010:do_misc_fixups+0xf58/0x5610 kernel/bpf/verifier.c:19606 | |
Code: 8d bd 08 01 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 60 32 00 00 48 8b ad 08 01 00 00 48 8d 7d 30 48 89 f8 48f | |
RSP: 0018:ffffc9000ea07538 EFLAGS: 00010216 | |
RAX: 0000000000000006 RBX: ffffc9000219e05a RCX: ffffffff81a6cf41 | |
RDX: ffff88802ee51ec0 RSI: ffffffff81a6c436 RDI: 0000000000000030 | |
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 | |
R10: 0000000000010000 R11: ffff88802e97d66c R12: 0000000000010000 | |
R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000219e058 | |
FS: 0000000015def380(0000) GS:ffff88823bc00000(0000) knlGS:0000000000000000 | |
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 | |
CR2: 0000000020000300 CR3: 000000007cac2000 CR4: 0000000000750ef0 | |
PKRU: 55555554 | |
TITLE: kernel panic: Fatal exception | |
CORRUPTED: true (report format is marked as corrupted) | |
MAINTAINERS (TO): [] | |
MAINTAINERS (CC): [] | |
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] | |
CPU: 1 PID: 8240 Comm: 477 Not tainted 6.8.0-05234-gcc9b22dfa735 #1 | |
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014 | |
RIP: 0010:do_misc_fixups+0xf58/0x5610 kernel/bpf/verifier.c:19606 | |
Code: 8d bd 08 01 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 60 32 00 00 48 8b ad 08 01 00 00 48 8d 7d 30 48 89 f8 48f | |
RSP: 0018:ffffc9000ea07538 EFLAGS: 00010216 | |
RAX: 0000000000000006 RBX: ffffc9000219e05a RCX: ffffffff81a6cf41 | |
RDX: ffff88802ee51ec0 RSI: ffffffff81a6c436 RDI: 0000000000000030 | |
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 | |
R10: 0000000000010000 R11: ffff88802e97d66c R12: 0000000000010000 | |
R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000219e058 | |
FS: 0000000015def380(0000) GS:ffff88823bc00000(0000) knlGS:0000000000000000 | |
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 | |
CR2: 0000000020000300 CR3: 000000007cac2000 CR4: 0000000000750ef0 | |
PKRU: 55555554 | |
Call Trace: | |
<TASK> | |
bpf_check+0x38a5/0xb3b0 kernel/bpf/verifier.c:21291 | |
bpf_prog_load+0xf3b/0x27e0 kernel/bpf/syscall.c:2895 | |
__sys_bpf+0xa1e/0x4f00 kernel/bpf/syscall.c:5631 | |
__do_sys_bpf kernel/bpf/syscall.c:5738 [inline] | |
__se_sys_bpf kernel/bpf/syscall.c:5736 [inline] | |
__x64_sys_bpf+0x7d/0xc0 kernel/bpf/syscall.c:5736 | |
do_syscall_x64 arch/x86/entry/common.c:52 [inline] | |
do_syscall_64+0xd5/0x260 arch/x86/entry/common.c:83 | |
entry_SYSCALL_64_after_hwframe+0x6d/0x75 | |
RIP: 0033:0x4313e9 | |
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 248 | |
RSP: 002b:00007ffdad3bdb08 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 | |
RAX: ffffffffffffffda RBX: 00007ffdad3bdce8 RCX: 00000000004313e9 | |
RDX: 0000000000000090 RSI: 0000000020000300 RDI: 0000000000000005 | |
RBP: 00007ffdad3bdb10 R08: 0000000000000000 R09: 00000000004a06f0 | |
R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 | |
R13: 00007ffdad3bdcd8 R14: 0000000000000001 R15: 0000000000000001 | |
</TASK> | |
Modules linked in: | |
---[ end trace 0000000000000000 ]--- | |
RIP: 0010:do_misc_fixups+0xf58/0x5610 kernel/bpf/verifier.c:19606 | |
Code: 8d bd 08 01 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 60 32 00 00 48 8b ad 08 01 00 00 48 8d 7d 30 48 89 f8 48f | |
RSP: 0018:ffffc9000ea07538 EFLAGS: 00010216 | |
RAX: 0000000000000006 RBX: ffffc9000219e05a RCX: ffffffff81a6cf41 | |
RDX: ffff88802ee51ec0 RSI: ffffffff81a6c436 RDI: 0000000000000030 | |
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 | |
R10: 0000000000010000 R11: ffff88802e97d66c R12: 0000000000010000 | |
R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000219e058 | |
FS: 0000000015def380(0000) GS:ffff88823bc00000(0000) knlGS:0000000000000000 | |
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 | |
CR2: 0000000020000300 CR3: 000000007cac2000 CR4: 0000000000750ef0 | |
PKRU: 55555554 | |
Kernel panic - not syncing: Fatal exception | |
Kernel Offset: disabled | |
Rebooting in 86400 seconds.. | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ 413.543678][ T8244] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI | |
[ 413.546252][ T8244] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] | |
[ 413.547723][ T8244] CPU: 0 PID: 8244 Comm: 477 Not tainted 6.8.0-05230-g114b5b3b4bde #5 | |
[ 413.549221][ T8244] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014 | |
[ 413.550994][ T8244] RIP: 0010:do_misc_fixups+0xf58/0x5610 | |
[ 413.552073][ T8244] Code: 8d bd 08 01 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 60 32 00 00 48 8b ad 08 01 00 00 48 8d 7d 30 48 89 f8 48f | |
[ 413.555539][ T8244] RSP: 0018:ffffc9000e17f538 EFLAGS: 00010216 | |
[ 413.556688][ T8244] RAX: 0000000000000006 RBX: ffffc9000219e05a RCX: ffffffff81a6bda1 | |
[ 413.558131][ T8244] RDX: ffff88801f339ec0 RSI: ffffffff81a6b296 RDI: 0000000000000030 | |
[ 413.559606][ T8244] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 | |
[ 413.561027][ T8244] R10: 0000000000010000 R11: ffff8880296fd66c R12: 0000000000010000 | |
[ 413.562467][ T8244] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000219e058 | |
[ 413.563913][ T8244] FS: 0000000017f1a380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 | |
[ 413.565538][ T8244] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 | |
[ 413.566730][ T8244] CR2: 0000000020000300 CR3: 0000000020f26000 CR4: 0000000000750ef0 | |
[ 413.568167][ T8244] PKRU: 55555554 | |
[ 413.568869][ T8244] Call Trace: | |
[ 413.569513][ T8244] <TASK> | |
[ 413.570058][ T8244] ? show_regs+0x97/0xa0 | |
[ 413.570867][ T8244] ? die_addr+0x56/0xe0 | |
[ 413.571654][ T8244] ? exc_general_protection+0x155/0x230 | |
[ 413.572715][ T8244] ? asm_exc_general_protection+0x26/0x30 | |
[ 413.573792][ T8244] ? do_misc_fixups+0x1a01/0x5610 | |
[ 413.574744][ T8244] ? do_misc_fixups+0xef6/0x5610 | |
[ 413.575684][ T8244] ? do_misc_fixups+0xf58/0x5610 | |
[ 413.576630][ T8244] ? do_misc_fixups+0xef6/0x5610 | |
[ 413.577586][ T8244] ? kvfree+0x50/0x60 | |
[ 413.578371][ T8244] ? __kasan_slab_free+0x11d/0x1a0 | |
[ 413.579349][ T8244] ? kfree+0x129/0x370 | |
[ 413.580148][ T8244] ? __x64_sys_bpf+0x7d/0xc0 | |
[ 413.581034][ T8244] ? __pfx_do_misc_fixups+0x10/0x10 | |
[ 413.582047][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.583165][ T8244] ? __sanitizer_cov_trace_switch+0x54/0x90 | |
[ 413.584336][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.585458][ T8244] ? convert_ctx_accesses+0x1275/0x1860 | |
[ 413.586560][ T8244] ? __pfx_convert_ctx_accesses+0x10/0x10 | |
[ 413.587658][ T8244] ? __pfx_check_max_stack_depth_subprog+0x10/0x10 | |
[ 413.588909][ T8244] ? kvfree+0x50/0x60 | |
[ 413.589714][ T8244] bpf_check+0x38a5/0xb3b0 | |
[ 413.590651][ T8244] ? pcpu_memcg_post_alloc_hook+0x260/0x6f0 | |
[ 413.591807][ T8244] ? __pfx_bpf_check+0x10/0x10 | |
[ 413.592767][ T8244] ? find_held_lock+0x2d/0x110 | |
[ 413.593752][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.594898][ T8244] ? bpf_prog_load+0xe3c/0x27e0 | |
[ 413.595900][ T8244] ? __pfx_lock_release+0x10/0x10 | |
[ 413.596947][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.598122][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.599280][ T8244] ? __pfx___might_resched+0x10/0x10 | |
[ 413.600306][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.601402][ T8244] ? ktime_get_with_offset+0x326/0x560 | |
[ 413.602469][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.603551][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.604659][ T8244] bpf_prog_load+0xf3b/0x27e0 | |
[ 413.605595][ T8244] ? __pfx_bpf_prog_load+0x10/0x10 | |
[ 413.606583][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.607669][ T8244] ? find_held_lock+0x2d/0x110 | |
[ 413.608610][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.609786][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.610878][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.611964][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.613106][ T8244] __sys_bpf+0xa17/0x4ef0 | |
[ 413.614002][ T8244] ? __pfx___sys_bpf+0x10/0x10 | |
[ 413.614957][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.616043][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.617128][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.618211][ T8244] ? find_held_lock+0x2d/0x110 | |
[ 413.619173][ T8244] ? __pfx___up_read+0x10/0x10 | |
[ 413.620107][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.621230][ T8244] ? handle_mm_fault+0x541/0xab0 | |
[ 413.622251][ T8244] __x64_sys_bpf+0x7d/0xc0 | |
[ 413.623117][ T8244] ? srso_alias_return_thunk+0x5/0xfbef5 | |
[ 413.624208][ T8244] ? lockdep_hardirqs_on+0x7c/0x110 | |
[ 413.625212][ T8244] do_syscall_64+0xd5/0x260 | |
[ 413.626098][ T8244] entry_SYSCALL_64_after_hwframe+0x6d/0x75 | |
[ 413.627281][ T8244] RIP: 0033:0x4313e9 | |
[ 413.628081][ T8244] Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 248 | |
[ 413.631741][ T8244] RSP: 002b:00007ffe532a9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 | |
[ 413.633330][ T8244] RAX: ffffffffffffffda RBX: 00007ffe532a9e48 RCX: 00000000004313e9 | |
[ 413.634852][ T8244] RDX: 0000000000000090 RSI: 0000000020000300 RDI: 0000000000000005 | |
[ 413.636317][ T8244] RBP: 00007ffe532a9c70 R08: 0000000000000000 R09: 00000000004a06f0 | |
[ 413.637786][ T8244] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000001 | |
[ 413.639279][ T8244] R13: 00007ffe532a9e38 R14: 0000000000000001 R15: 0000000000000001 | |
[ 413.640794][ T8244] </TASK> | |
[ 413.641369][ T8244] Modules linked in: | |
[ 413.642416][ T8244] ---[ end trace 0000000000000000 ]--- | |
[ 413.643407][ T8244] RIP: 0010:do_misc_fixups+0xf58/0x5610 | |
[ 413.644475][ T8244] Code: 8d bd 08 01 00 00 48 89 f8 48 c1 e8 03 42 80 3c 28 00 0f 85 60 32 00 00 48 8b ad 08 01 00 00 48 8d 7d 30 48 89 f8 48f | |
[ 413.647788][ T8244] RSP: 0018:ffffc9000e17f538 EFLAGS: 00010216 | |
[ 413.648884][ T8244] RAX: 0000000000000006 RBX: ffffc9000219e05a RCX: ffffffff81a6bda1 | |
[ 413.650285][ T8244] RDX: ffff88801f339ec0 RSI: ffffffff81a6b296 RDI: 0000000000000030 | |
[ 413.651720][ T8244] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001 | |
[ 413.653884][ T8244] R10: 0000000000010000 R11: ffff8880296fd66c R12: 0000000000010000 | |
[ 413.655347][ T8244] R13: dffffc0000000000 R14: 0000000000000002 R15: ffffc9000219e058 | |
[ 413.656830][ T8244] FS: 0000000017f1a380(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 | |
[ 413.658486][ T8244] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 | |
[ 413.659685][ T8244] CR2: 0000000020000300 CR3: 0000000020f26000 CR4: 0000000000750ef0 | |
[ 413.661102][ T8244] PKRU: 55555554 | |
[ 413.661762][ T8244] Kernel panic - not syncing: Fatal exception | |
[ 413.663144][ T8244] Kernel Offset: disabled | |
[ 413.663944][ T8244] Rebooting in 86400 seconds.. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <endian.h> | |
#include <stdint.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <sys/syscall.h> | |
#include <sys/types.h> | |
#include <unistd.h> | |
#ifndef __NR_bpf | |
#define __NR_bpf 321 | |
#endif | |
int main(void) { | |
syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, | |
/*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); | |
syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=*/7ul, | |
/*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); | |
syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, | |
/*flags=*/0x32ul, /*fd=*/-1, /*offset=*/0ul); | |
*(uint32_t*)0x20000300 = 0x18; | |
*(uint32_t*)0x20000304 = 4; | |
*(uint64_t*)0x20000308 = 0x200000c0; | |
memcpy((void*)0x200000c0, | |
"\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xbf" | |
"\x02\x01\x00\x00\x00\x01\x00\x95", | |
25); | |
*(uint64_t*)0x20000310 = 0x20000000; | |
memcpy((void*)0x20000000, "syzkaller\000", 10); | |
*(uint32_t*)0x20000318 = 2; | |
*(uint32_t*)0x2000031c = 0; | |
*(uint64_t*)0x20000320 = 0; | |
*(uint32_t*)0x20000328 = 0; | |
*(uint32_t*)0x2000032c = 0; | |
memset((void*)0x20000330, 0, 16); | |
*(uint32_t*)0x20000340 = 0; | |
*(uint32_t*)0x20000344 = 0; | |
*(uint32_t*)0x20000348 = -1; | |
*(uint32_t*)0x2000034c = 8; | |
*(uint64_t*)0x20000350 = 0; | |
*(uint32_t*)0x20000358 = 0; | |
*(uint32_t*)0x2000035c = 0x10; | |
*(uint64_t*)0x20000360 = 0; | |
*(uint32_t*)0x20000368 = 0; | |
*(uint32_t*)0x2000036c = 0; | |
*(uint32_t*)0x20000370 = 0; | |
*(uint32_t*)0x20000374 = 0; | |
*(uint64_t*)0x20000378 = 0; | |
*(uint64_t*)0x20000380 = 0; | |
*(uint32_t*)0x20000388 = 0x10; | |
*(uint32_t*)0x2000038c = 0; | |
syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000300ul, /*size=*/0x90ul); | |
return 0; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000ffffffbf0201000000010095"], &(0x7f0000000000)='syzkaller\x00', 0x2}, 0x90) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment