drivers/hid/hid-asus.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
#syz test
there may be a read out of the bounds of rdesc.
this adds bounds checks
Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
---
drivers/hid/hid-asus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c
index 02de2bf4f790..37e6d25593c2 100644
--- a/drivers/hid/hid-asus.c
+++ b/drivers/hid/hid-asus.c
@@ -1204,8 +1204,8 @@ static __u8 *asus_report_fixup(struct hid_device *hdev, __u8 *rdesc,
}
/* match many more n-key devices */
- if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD) {
- for (int i = 0; i < *rsize + 1; i++) {
+ if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD && *rsize > 15) {
+ for (int i = 0; i < *rsize - 15; i++) {
/* offset to the count from 0x5a report part always 14 */
if (rdesc[i] == 0x85 && rdesc[i + 1] == 0x5a &&
rdesc[i + 14] == 0x95 && rdesc[i + 15] == 0x05) {
--
2.45.1On Tue, May 28, 2024 at 12:05:39AM -0500, Andrew Ballance wrote:
> #syz test
>
> there may be a read out of the bounds of rdesc.
> this adds bounds checks
>
> Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
> ---
> drivers/hid/hid-asus.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c
> index 02de2bf4f790..37e6d25593c2 100644
> --- a/drivers/hid/hid-asus.c
> +++ b/drivers/hid/hid-asus.c
> @@ -1204,8 +1204,8 @@ static __u8 *asus_report_fixup(struct hid_device *hdev, __u8 *rdesc,
> }
>
> /* match many more n-key devices */
> - if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD) {
> - for (int i = 0; i < *rsize + 1; i++) {
> + if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD && *rsize > 15) {
> + for (int i = 0; i < *rsize - 15; i++) {
Yep. This looks correct. Please resend with a complete commit message
and a fixes tag etc.
> /* offset to the count from 0x5a report part always 14 */
> if (rdesc[i] == 0x85 && rdesc[i + 1] == 0x5a &&
> rdesc[i + 14] == 0x95 && rdesc[i + 15] == 0x05) {
regards,
dan carpenter
syzbot reported a potential read out of bounds in asus_report_fixup.
this patch adds checks so that a read out of bounds will not occur
Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
Reported-by: syzbot+07762f019fd03d01f04c@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=07762f019fd03d01f04c
Fixes: 59d2f5b73921 ("HID: asus: fix more n-key report descriptors if n-key quirked")
---
drivers/hid/hid-asus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c
index 02de2bf4f790..37e6d25593c2 100644
--- a/drivers/hid/hid-asus.c
+++ b/drivers/hid/hid-asus.c
@@ -1204,8 +1204,8 @@ static __u8 *asus_report_fixup(struct hid_device *hdev, __u8 *rdesc,
}
/* match many more n-key devices */
- if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD) {
- for (int i = 0; i < *rsize + 1; i++) {
+ if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD && *rsize > 15) {
+ for (int i = 0; i < *rsize - 15; i++) {
/* offset to the count from 0x5a report part always 14 */
if (rdesc[i] == 0x85 && rdesc[i + 1] == 0x5a &&
rdesc[i + 14] == 0x95 && rdesc[i + 15] == 0x05) {
--
2.45.1On Sun, 02 Jun 2024 03:50:23 -0500, Andrew Ballance wrote:
> syzbot reported a potential read out of bounds in asus_report_fixup.
>
> this patch adds checks so that a read out of bounds will not occur
>
>
Applied to hid/hid.git (for-6.10/upstream-fixes), thanks!
[1/1] hid: asus: asus_report_fixup: fix potential read out of bounds
https://git.kernel.org/hid/hid/c/cfacaaf33cd7
Cheers,
--
Benjamin Tissoires <bentiss@kernel.org>
On Sun, Jun 02, 2024 at 03:50:23AM -0500, Andrew Ballance wrote:
> syzbot reported a potential read out of bounds in asus_report_fixup.
>
> this patch adds checks so that a read out of bounds will not occur
>
> Signed-off-by: Andrew Ballance <andrewjballance@gmail.com>
> Reported-by: syzbot+07762f019fd03d01f04c@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=07762f019fd03d01f04c
> Fixes: 59d2f5b73921 ("HID: asus: fix more n-key report descriptors if n-key quirked")
> ---
> drivers/hid/hid-asus.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/hid/hid-asus.c b/drivers/hid/hid-asus.c
> index 02de2bf4f790..37e6d25593c2 100644
> --- a/drivers/hid/hid-asus.c
> +++ b/drivers/hid/hid-asus.c
> @@ -1204,8 +1204,8 @@ static __u8 *asus_report_fixup(struct hid_device *hdev, __u8 *rdesc,
> }
>
> /* match many more n-key devices */
> - if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD) {
> - for (int i = 0; i < *rsize + 1; i++) {
> + if (drvdata->quirks & QUIRK_ROG_NKEY_KEYBOARD && *rsize > 15) {
> + for (int i = 0; i < *rsize - 15; i++) {
> /* offset to the count from 0x5a report part always 14 */
> if (rdesc[i] == 0x85 && rdesc[i + 1] == 0x5a &&
> rdesc[i + 14] == 0x95 && rdesc[i + 15] == 0x05) {
> --
> 2.45.1
>
>
Hi,
This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him
a patch that has triggered this response. He used to manually respond
to these common problems, but in order to save his sanity (he kept
writing the same thing over and over, yet to different people), I was
created. Hopefully you will not take offence and will fix the problem
in your patch and resubmit it so that it can be accepted into the Linux
kernel tree.
You are receiving this message because of the following common error(s)
as indicated below:
- This looks like a new version of a previously submitted patch, but you
did not list below the --- line any changes from the previous version.
Please read the section entitled "The canonical patch format" in the
kernel file, Documentation/process/submitting-patches.rst for what
needs to be done here to properly describe this.
If you wish to discuss this problem further, or you have questions about
how to resolve this issue, please feel free to respond to this email and
Greg will reply once he has dug out from the pending patches received
from other developers.
thanks,
greg k-h's patch email bot
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
sert=on, ref-verify=on, zoned=yes, fsverity=yes
[ 50.230614][ T1] Key type encrypted registered
[ 50.235891][ T1] AppArmor: AppArmor sha256 policy hashing enabled
[ 50.242800][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 50.249865][ T1] Loading compiled-in module X.509 certificates
[ 50.292391][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 2ef82123926fa34f508acba9911fce577bb4fe8a'
[ 50.303920][ T1] ima: Allocated hash algorithm: sha256
[ 50.310144][ T1] ima: No architecture policies found
[ 50.316925][ T1] evm: Initialising EVM extended attributes:
[ 50.322973][ T1] evm: security.selinux (disabled)
[ 50.328526][ T1] evm: security.SMACK64 (disabled)
[ 50.334013][ T1] evm: security.SMACK64EXEC (disabled)
[ 50.339602][ T1] evm: security.SMACK64TRANSMUTE (disabled)
[ 50.345640][ T1] evm: security.SMACK64MMAP (disabled)
[ 50.351386][ T1] evm: security.apparmor
[ 50.355851][ T1] evm: security.ima
[ 50.359745][ T1] evm: security.capability
[ 50.364417][ T1] evm: HMAC attrs: 0x1
[ 50.373466][ T1] PM: Magic number: 8:208:619
[ 50.379889][ T1] usb usb14-port4: hash matches
[ 50.386279][ T1] net ifb0: hash matches
[ 50.391057][ T1] tty ptye9: hash matches
[ 50.396054][ T1] tty ptybc: hash matches
[ 50.401524][ T1] printk: legacy console [netcon0] enabled
[ 50.407774][ T1] netconsole: network logging started
[ 50.414999][ T1] gtp: GTP module loaded (pdp ctx size 128 bytes)
[ 50.424381][ T1] rdma_rxe: loaded
[ 50.430039][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 50.451536][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 50.469189][ T1] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600'
[ 50.477773][ T1] clk: Disabling unused clocks
[ 50.482816][ T1] ALSA device list:
[ 50.486809][ T1] #0: Dummy 1
[ 50.490724][ T1] #1: Loopback 1
[ 50.494616][ T1] #2: Virtual MIDI Card 1
[ 50.505678][ T10] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 50.506128][ T1] md: Waiting for all devices to be available before autodetect
[ 50.517296][ T10] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 50.524217][ T1] md: If you don't use raid, use raid=noautodetect
[ 50.540178][ T1] md: Autodetecting RAID arrays.
[ 50.545383][ T1] md: autorun ...
[ 50.549388][ T1] md: ... autorun DONE.
[ 50.671837][ T1] EXT4-fs (sda1): mounted filesystem 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 ro with ordered data mode. Quota mode: none.
[ 50.685698][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 50.779387][ T1] devtmpfs: mounted
[ 51.037410][ T1] Freeing unused kernel image (initmem) memory: 37032K
[ 51.049223][ T1] Write protecting the kernel read-only data: 262144k
[ 51.096766][ T1] Freeing unused kernel image (rodata/data gap) memory: 1808K
[ 52.746982][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 52.757511][ T1] x86/mm: Checking user space page tables
[ 54.254031][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 54.263213][ T1] Failed to set sysctl parameter 'kernel.hung_task_all_cpu_backtrace=1': parameter not found
[ 54.285036][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 54.296902][ T1] Run /sbin/init as init process
[ 55.866548][ T4446] mount (4446) used greatest stack depth: 8144 bytes left
[ 55.941342][ T4447] EXT4-fs (sda1): re-mounted 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 r/w. Quota mode: none.
mount: mounting smackfs on /sys/fs/smackfs failed: No such file or directory
mount: mounting selinuxfs on /sys/fs/selinux failed: No such file or directory
[ 56.283370][ T4450] mount (4450) used greatest stack depth: 5568 bytes left
Starting syslogd: OK
Starting acpid: OK
Starting klogd: OK
Running sysctl: OK
Populating /dev using udev: [ 60.169672][ T4480] udevd[4480]: starting version 3.2.11
[ 63.755909][ T4481] udevd[4481]: starting eudev-3.2.11
[ 63.769352][ T4480] udevd (4480) used greatest stack depth: 5272 bytes left
done
Starting system message bus: done
Starting iptables: OK
Starting network: OK
Starting dhcpcd...
dhcpcd-9.4.1 starting
dev: loaded udev
DUID 00:04:c7:fd:4a:df:9d:a6:e9:60:55:7b:b4:5b:1f:77:00:5c
forked to background, child pid 4693
[ 111.458895][ T4694] 8021q: adding VLAN 0 to HW filter on device bond0
[ 111.496440][ T4694] eql: remember to turn off Van-Jacobson compression on your slave devices
[ 111.697880][ T10] cfg80211: failed to load regulatory.db
Starting sshd: [ 113.751142][ T4779] sshd (4779) used greatest stack depth: 4720 bytes left
[ 113.792885][ C0] =====================================================
[ 113.800595][ C0] BUG: KMSAN: uninit-value in receive_buf+0x25e3/0x5fd0
[ 113.807866][ C0] receive_buf+0x25e3/0x5fd0
[ 113.812660][ C0] virtnet_poll+0xd1c/0x23c0
[ 113.817511][ C0] __napi_poll+0xe7/0x980
[ 113.822060][ C0] net_rx_action+0x82a/0x1850
[ 113.827121][ C0] handle_softirqs+0x1ce/0x800
[ 113.832171][ C0] __irq_exit_rcu+0x68/0x120
[ 113.837029][ C0] irq_exit_rcu+0x12/0x20
[ 113.841544][ C0] common_interrupt+0x94/0xa0
[ 113.846507][ C0] asm_common_interrupt+0x2b/0x40
[ 113.851825][ C0] kmsan_internal_set_shadow_origin+0x76/0xe0
[ 113.858320][ C0] kmsan_internal_unpoison_memory+0x14/0x20
[ 113.864659][ C0] kmsan_unpoison_memory+0x28/0x40
[ 113.869970][ C0] prep_new_page+0x115/0x540
[ 113.874876][ C0] get_page_from_freelist+0x1578/0x15f0
[ 113.880730][ C0] __alloc_pages_noprof+0x8a7/0xe70
[ 113.886250][ C0] alloc_pages_mpol_noprof+0x299/0x990
[ 113.892181][ C0] vma_alloc_folio_noprof+0x412/0x750
[ 113.898206][ C0] handle_mm_fault+0x907c/0xe610
[ 113.903457][ C0] exc_page_fault+0x41b/0x700
[ 113.908439][ C0] asm_exc_page_fault+0x2b/0x30
[ 113.913577][ C0]
[ 113.916067][ C0] Uninit was created at:
OK[ 113.920879][ C0] __alloc_pages_noprof+0x9d6/0xe70
[ 113.926417][ C0] alloc_pages_mpol_noprof+0x299/0x990
[ 113.932200][ C0] alloc_pages_noprof+0x1bf/0x1e0
[ 113.937655][ C0] skb_page_frag_refill+0x2bf/0x7c0
[ 113.943288][ C0] virtnet_rq_alloc+0x43/0xbb0
[ 113.948380][ C0] try_fill_recv+0x3f0/0x2f50
[ 113.953224][ C0] virtnet_open+0x1cc/0xb00
[ 113.958077][ C0] __dev_open+0x546/0x6f0
[ 113.962708][ C0] __dev_change_flags+0x309/0x9a0
[ 113.968302][ C0] dev_change_flags+0x8e/0x1d0
[ 113.973240][ C0] devinet_ioctl+0x13ec/0x22c0
[ 113.978437][ C0] inet_ioctl+0x4bd/0x6d0
[ 113.983181][ C0] sock_do_ioctl+0xb7/0x540
[ 113.987928][ C0] sock_ioctl+0x727/0xd70
[ 113.992433][ C0] __se_sys_ioctl+0x261/0x450
[ 113.997393][ C0] __x64_sys_ioctl+0x96/0xe0
[ 114.002313][ C0] x64_sys_call+0x18c0/0x3b90
[ 114.007248][ C0] do_syscall_64+0xcd/0x1e0
[ 114.011927][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 114.018164][ C0]
[ 114.020697][ C0] CPU: 0 PID: 4786 Comm: rm Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5-dirty #0
[ 114.031264][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 114.041826][ C0] =====================================================
[ 114.049359][ C0] Disabling lock debugging due to kernel taint
[ 114.055708][ C0] Kernel panic - not syncing: kmsan.panic set ...
[ 114.062795][ C0] CPU: 0 PID: 4786 Comm: rm Tainted: G B 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5-dirty #0
[ 114.075000][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 114.085286][ C0] Call Trace:
[ 114.088865][ C0] <IRQ>
[ 114.091913][ C0] dump_stack_lvl+0x216/0x2d0
[ 114.096785][ C0] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 114.102924][ C0] dump_stack+0x1e/0x30
[ 114.107269][ C0] panic+0x4e2/0xcd0
[ 114.111426][ C0] ? kmsan_get_metadata+0x111/0x1d0
[ 114.116837][ C0] kmsan_report+0x2d5/0x2e0
[ 114.121549][ C0] ? kmsan_alloc_page+0x182/0x220
[ 114.126772][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.132180][ C0] ? __msan_warning+0x95/0x120
[ 114.137205][ C0] ? receive_buf+0x25e3/0x5fd0
[ 114.142074][ C0] ? virtnet_poll+0xd1c/0x23c0
[ 114.147049][ C0] ? __napi_poll+0xe7/0x980
[ 114.151760][ C0] ? net_rx_action+0x82a/0x1850
[ 114.156910][ C0] ? handle_softirqs+0x1ce/0x800
[ 114.161958][ C0] ? __irq_exit_rcu+0x68/0x120
[ 114.166911][ C0] ? irq_exit_rcu+0x12/0x20
[ 114.171601][ C0] ? common_interrupt+0x94/0xa0
[ 114.176565][ C0] ? asm_common_interrupt+0x2b/0x40
[ 114.181863][ C0] ? kmsan_internal_set_shadow_origin+0x76/0xe0
[ 114.188207][ C0] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 114.194391][ C0] ? kmsan_unpoison_memory+0x28/0x40
[ 114.199793][ C0] ? prep_new_page+0x115/0x540
[ 114.204666][ C0] ? get_page_from_freelist+0x1578/0x15f0
[ 114.210579][ C0] ? __alloc_pages_noprof+0x8a7/0xe70
[ 114.216060][ C0] ? alloc_pages_mpol_noprof+0x299/0x990
[ 114.221983][ C0] ? vma_alloc_folio_noprof+0x412/0x750
[ 114.227836][ C0] ? handle_mm_fault+0x907c/0xe610
[ 114.233178][ C0] ? exc_page_fault+0x41b/0x700
[ 114.238164][ C0] ? asm_exc_page_fault+0x2b/0x30
[ 114.243578][ C0] ? kmsan_internal_memmove_metadata+0x17b/0x230
syzkaller[ 114.250182][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.256633][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.262332][ C0] ? page_to_skb+0xdae/0x1620
[ 114.267233][ C0] __msan_warning+0x95/0x120
[ 114.272275][ C0] receive_buf+0x25e3/0x5fd0
[ 114.277094][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.282402][ C0] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 114.288519][ C0] virtnet_poll+0xd1c/0x23c0
[ 114.293235][ C0] ? __pfx_virtnet_poll+0x10/0x10
[ 114.298573][ C0] __napi_poll+0xe7/0x980
[ 114.303042][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.308529][ C0] net_rx_action+0x82a/0x1850
[ 114.313443][ C0] ? sched_clock_cpu+0x55/0x870
[ 114.318434][ C0] ? __pfx_net_rx_action+0x10/0x10
[ 114.323766][ C0] handle_softirqs+0x1ce/0x800
[ 114.328788][ C0] __irq_exit_rcu+0x68/0x120
[ 114.333488][ C0] irq_exit_rcu+0x12/0x20
[ 114.337976][ C0] common_interrupt+0x94/0xa0
[ 114.343068][ C0] </IRQ>
[ 114.346080][ C0] <TASK>
[ 114.349188][ C0] asm_common_interrupt+0x2b/0x40
[ 114.354554][ C0] RIP: 0010:kmsan_internal_set_shadow_origin+0x76/0xe0
[ 114.361736][ C0] Code: f0 83 e0 03 49 83 e6 fc 49 8d 5c 07 03 4c 89 f7 be 01 00 00 00 e8 3a 35 00 00 48 83 fb 04 72 1a 48 c1 eb 02 31 c9 44 89 2c 88 <ff> c1 48 63 c9 48 39 cb 77 f2 eb 04 84 db 75 0f 5b 41 5c 41 5d 41
[ 114.382246][ C0] RSP: 0000:ffff88812094b8b0 EFLAGS: 00000216
[ 114.388520][ C0] RAX: ffff8881212ed000 RBX: 0000000000000400 RCX: 000000000000019b
[ 114.396599][ C0] RDX: 00000001216ed000 RSI: ffff88813fff9240 RDI: ffff8881216ed000
[ 114.404856][ C0] RBP: ffff88812094b8d8 R08: ffffea000000000f R09: 0000000000000000
[ 114.413096][ C0] R10: ffff888120eed000 R11: 0000000000000004 R12: 0000000000000000
[ 114.421164][ C0] R13: 0000000000000000 R14: ffff8881216ed000 R15: 0000000000001000
[ 114.429361][ C0] kmsan_internal_unpoison_memory+0x14/0x20
[ 114.435481][ C0] kmsan_unpoison_memory+0x28/0x40
[ 114.441106][ C0] prep_new_page+0x115/0x540
[ 114.445833][ C0] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 114.451866][ C0] get_page_from_freelist+0x1578/0x15f0
[ 114.457804][ C0] __alloc_pages_noprof+0x8a7/0xe70
[ 114.463144][ C0] alloc_pages_mpol_noprof+0x299/0x990
[ 114.469050][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.474479][ C0] vma_alloc_folio_noprof+0x412/0x750
[ 114.480070][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.485509][ C0] handle_mm_fault+0x907c/0xe610
[ 114.491145][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.496501][ C0] ? kmsan_get_metadata+0x146/0x1d0
[ 114.501877][ C0] exc_page_fault+0x41b/0x700
[ 114.506694][ C0] asm_exc_page_fault+0x2b/0x30
[ 114.511959][ C0] RIP: 0033:0x7fbc8aec8b9d
[ 114.517011][ C0] Code: 8b 90 c8 01 00 00 48 81 e2 00 ff ff ff 7e 14 48 89 d1 48 89 15 94 e6 10 00 48 d1 f9 48 89 0d 92 e6 10 00 48 8b 90 d0 01 00 00 <48> 89 15 24 58 11 00 48 8b 90 d8 01 00 00 48 89 15 66 e6 10 00 48
[ 114.536844][ C0] RSP: 002b:00007fffd2152068 EFLAGS: 00010206
[ 114.543432][ C0] RAX: 00007fbc8b0dfa80 RBX: 00007fbc8ae35000 RCX: 0000000000dc0000
[ 114.551697][ C0] RDX: 00000000014a0000 RSI: 00007fbc8ae53540 RDI: 0000000000000000
[ 114.559908][ C0] RBP: 00007fffd2152170 R08: 00007fffd2150000 R09: 00007fbc8b0e0ab0
[ 114.568160][ C0] R10: 00007fbc8ae39ab8 R11: 0000000000000025 R12: 00007fbc8b0a95c0
[ 114.576260][ C0] R13: 00007fbc8b0d4eda R14: 00007fbc8afd68c8 R15: 00007fbc8ae39ab8
[ 114.584358][ C0] </TASK>
[ 114.587837][ C0] Kernel Offset: disabled
[ 114.592358][ C0] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1371669175=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at c0f1611a3
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=c0f1611a36d66bb0bb8e2f294b97fb685bfc5f9c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240517-125934'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=c0f1611a36d66bb0bb8e2f294b97fb685bfc5f9c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240517-125934'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -std=c++11 -I. -Iexecutor/_include -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"c0f1611a36d66bb0bb8e2f294b97fb685bfc5f9c\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=15a9822c980000
Tested on:
commit: 2bfcfd58 Merge tag 'pmdomain-v6.10-rc1' of git://git.k..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=54d66e52f38a45d8
dashboard link: https://syzkaller.appspot.com/bug?extid=07762f019fd03d01f04c
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1425c62c980000
© 2016 - 2026 Red Hat, Inc.