API tools faq
paste
Advertisement
zzqq0103

Untitled

zzqq0103
Mar 14th, 2024
55
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.43 KB | None | 0 0
raw download clone embed print report
  1. program crashed: BUG: unable to handle kernel paging request in corrupted
  2. extracting C reproducer
  3. testing compiled C program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:3 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  4. failed to symbolize report: failed to start scripts/get_maintainer.pl [scripts/get_maintainer.pl --git-min-percent=15 -f root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c]: fork/exec scripts/get_maintainer.pl: no such file or directory
  5. program crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space
  6. simplifying C reproducer
  7. testing compiled C program (duration=22.5s, {Threaded:false Repeat:true RepeatTimes:0 Procs:3 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  8. program did not crash
  9. testing compiled C program (duration=22.5s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  10. program did not crash
  11. testing compiled C program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  12. failed to symbolize report: failed to start scripts/get_maintainer.pl [scripts/get_maintainer.pl --git-min-percent=15 -f root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c]: fork/exec scripts/get_maintainer.pl: no such file or directory
  13. program crashed: general protection fault in mnt_drop_write
  14. testing compiled C program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  15. failed to symbolize report: failed to start scripts/get_maintainer.pl [scripts/get_maintainer.pl --git-min-percent=15 -f root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/kernel/sched/core.c]: fork/exec scripts/get_maintainer.pl: no such file or directory
  16. program crashed: general protection fault in set_task_cpu
  17. testing compiled C program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  18. program did not crash
  19. testing compiled C program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  20. failed to symbolize report: failed to start scripts/get_maintainer.pl [scripts/get_maintainer.pl --git-min-percent=15 -f root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/lib/rbtree.c]: fork/exec scripts/get_maintainer.pl: no such file or directory
  21. program crashed: general protection fault in timerqueue_del
  22. testing compiled C program (duration=22.5s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Repro:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$ext4-open-open-mount-open-sendfile-write$binfmt_script-ioctl$FS_IOC_RESVSP
  23. failed to symbolize report: failed to start scripts/get_maintainer.pl [scripts/get_maintainer.pl --git-min-percent=15 -f root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c]: fork/exec scripts/get_maintainer.pl: no such file or directory
  24. program crashed: BUG: unable to handle kernel paging request in ext4_ext_remove_space
  25. reproducing took 11m45.317637882s
  26. repro crashed as (corrupted=false):
  27. EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
  28. ext4 filesystem being mounted at /syzkaller.TPYs2I/19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
  29. BUG: unable to handle page fault for address: ffff888002cba000
  30. #PF: supervisor write access in kernel mode
  31. #PF: error_code(0x0003) - permissions violation
  32. PGD a4c01067 P4D a4c01067 PUD a4c02067 PMD 2c63063 PTE 8000000002cba121
  33. Oops: 0003 [#1] PREEMPT SMP KASAN NOPTI
  34. CPU: 2 PID: 366 Comm: syz-executor127 Not tainted 6.7.0 #2
  35. Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
  36. RIP: 0010:memmove+0x1e/0x1b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/lib/memmove_64.S:44
  37. Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 89 d1 <f3> a4 e9 26 14 1b 00 66 2e 0f 1f 84 00 00 00 00 00 48 81 fa a8 02
  38. RSP: 0018:ffff88800d84f840 EFLAGS: 00010216
  39. RAX: ffff888002c9903c RBX: ffff888002c99000 RCX: fffffffffffdf000
  40. RDX: ffffffffffffffc4 RSI: ffff888002cba00c RDI: ffff888002cba000
  41. RBP: ffff888002c99002 R08: 0000000000000001 R09: fffff94000039076
  42. R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
  43. R13: ffff88800ba37868 R14: ffff888002c99040 R15: 0000000000000004
  44. FS: 00007fefc4cb4640(0000) GS:ffff88809e900000(0000) knlGS:0000000000000000
  45. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  46. CR2: ffff888002cba000 CR3: 00000000092fc005 CR4: 0000000000770ef0
  47. PKRU: 55555554
  48. Call Trace:
  49. <TASK>
  50. ext4_ext_rm_leaf root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c:2736 [inline]
  51. ext4_ext_remove_space+0x1aae/0x36b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c:2958
  52. ext4_punch_hole+0xb8b/0xe50 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/inode.c:4019
  53. ext4_fallocate+0xb68/0x3230 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c:4707
  54. vfs_fallocate+0x361/0xae0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/open.c:324
  55. ioctl_preallocate+0x172/0x1f0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:291
  56. file_ioctl root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:334 [inline]
  57. do_vfs_ioctl+0x109e/0x13c0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:850
  58. __do_sys_ioctl root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:869 [inline]
  59. __se_sys_ioctl root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:857 [inline]
  60. __x64_sys_ioctl+0xef/0x1e0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:857
  61. do_syscall_x64 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:52 [inline]
  62. do_syscall_64+0x46/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:83
  63. entry_SYSCALL_64_after_hwframe+0x6f/0x77
  64. RIP: 0033:0x7fefc4d3263d
  65. Code: c3 e8 27 23 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
  66. RSP: 002b:00007fefc4cb4198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
  67. RAX: ffffffffffffffda RBX: 00007fefc4dc95d0 RCX: 00007fefc4d3263d
  68. RDX: 0000000020000080 RSI: 0000000040305829 RDI: 0000000000000004
  69. RBP: 00007fefc4d93598 R08: 00007ffe5e3ab7bf R09: 0000000000000000
  70. R10: 0000000000000000 R11: 0000000000000246 R12: 0031656c69662f2e
  71. R13: 6f6f6c2f7665642f R14: 000001ff7fdfd000 R15: 00007fefc4dc95d8
  72. </TASK>
  73. Modules linked in:
  74. CR2: ffff888002cba000
  75. ---[ end trace 0000000000000000 ]---
  76. BUG: unable to handle page fault for address: ffffebde001bf808
  77. RIP: 0010:memmove+0x1e/0x1b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/lib/memmove_64.S:44
  78. #PF: supervisor read access in kernel mode
  79. Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 89 d1 <f3> a4 e9 26 14 1b 00 66 2e 0f 1f 84 00 00 00 00 00 48 81 fa a8 02
  80. #PF: error_code(0x0000) - not-present page
  81. RSP: 0018:ffff88800d84f840 EFLAGS: 00010216
  82. PGD 0 P4D 0
  83.  
  84. RAX: ffff888002c9903c RBX: ffff888002c99000 RCX: fffffffffffdf000
  85.  
  86. RDX: ffffffffffffffc4 RSI: ffff888002cba00c RDI: ffff888002cba000
  87. Oops: 0000 [#2] PREEMPT SMP KASAN NOPTI
  88. RBP: ffff888002c99002 R08: 0000000000000001 R09: fffff94000039076
  89. CPU: 1 PID: 1 Comm: systemd Tainted: G D 6.7.0 #2
  90. R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
  91. Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
  92. R13: ffff88800ba37868 R14: ffff888002c99040 R15: 0000000000000004
  93. RIP: 0010:_compound_head root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/page-flags.h:247 [inline]
  94. RIP: 0010:virt_to_folio root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/mm.h:1283 [inline]
  95. RIP: 0010:virt_to_slab root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/../slab.h:213 [inline]
  96. RIP: 0010:qlink_to_cache root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/quarantine.c:131 [inline]
  97. RIP: 0010:qlist_free_all+0xaf/0x190 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/quarantine.c:184
  98. FS: 00007fefc4cb4640(0000) GS:ffff88809e900000(0000) knlGS:0000000000000000
  99. Code: 80 4c 01 c0 0f 82 f5 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 33 fc 31 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 11 fc 31 03 <48> 8b 48 08 48 89 c2 f6 c1 01 0f 85 b7 00 00 00 0f 1f 44 00 00 48
  100. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  101. RSP: 0018:ffff88800123fc68 EFLAGS: 00010286
  102. CR2: ffff888002cba000 CR3: 00000000092fc005 CR4: 0000000000770ef0
  103.  
  104. PKRU: 55555554
  105. RAX: ffffebde001bf800 RBX: 0000000006fe007a RCX: 000000000010000b
  106. note: syz-executor127[366] exited with irqs disabled
  107. RDX: 0000777f80000000 RSI: ffffea00000b2900 RDI: ffff888002ca4400
  108. RBP: 0000000000000000 R08: 0000000006fe007a R09: 000000000010000b
  109. R10: 0000000040000000 R11: 0000000000000000 R12: dffffc0000000000
  110. R13: ffff88800123fca8 R14: 0000000000000000 R15: ffff888002ca5e00
  111. FS: 00007f1338f2f900(0000) GS:ffff88809e880000(0000) knlGS:0000000000000000
  112. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  113. CR2: ffffebde001bf808 CR3: 00000000013f8004 CR4: 0000000000770ef0
  114. PKRU: 55555554
  115. Call Trace:
  116. <TASK>
  117. kasan_quarantine_reduce+0x15d/0x180 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/quarantine.c:294
  118. __kasan_slab_alloc+0x49/0x70 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/common.c:305
  119. kasan_slab_alloc root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/kasan.h:188 [inline]
  120. slab_post_alloc_hook root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slab.h:763 [inline]
  121. slab_alloc_node root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3478 [inline]
  122. slab_alloc root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3486 [inline]
  123. __kmem_cache_alloc_lru root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3493 [inline]
  124. kmem_cache_alloc+0xdc/0x270 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3502
  125. getname_flags.part.0+0x4f/0x4c0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/namei.c:140
  126. getname_flags+0x95/0xe0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/audit.h:321
  127. vfs_fstatat+0x5e/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/stat.c:298
  128. vfs_stat root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/fs.h:3111 [inline]
  129. __do_sys_newstat+0x7f/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/stat.c:436
  130. do_syscall_x64 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:52 [inline]
  131. do_syscall_64+0x46/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:83
  132. entry_SYSCALL_64_after_hwframe+0x6f/0x77
  133. RIP: 0033:0x7f13396f88e6
  134. Code: 00 00 75 05 48 83 c4 18 c3 e8 46 0c 02 00 66 0f 1f 44 00 00 41 89 f8 48 89 f7 48 89 d6 41 83 f8 01 77 29 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 c3 90 48 8b 15 79 35 0e 00 f7 d8 64 89 02
  135. RSP: 002b:00007ffcb620bbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
  136. RAX: ffffffffffffffda RBX: 000055f986c1f7e8 RCX: 00007f13396f88e6
  137. RDX: 00007ffcb620bc40 RSI: 00007ffcb620bc40 RDI: 000055f986c1e460
  138. RBP: 000055f986c1d370 R08: 0000000000000001 R09: 53297b0592226e1c
  139. R10: bf7708da564c09ec R11: 0000000000000246 R12: 00007ffcb620bc40
  140. R13: 000055f986c1e460 R14: 00007ffcb620bc00 R15: 00007ffcb620bd80
  141. </TASK>
  142. Modules linked in:
  143. CR2: ffffebde001bf808
  144. ---[ end trace 0000000000000000 ]---
  145. RIP: 0010:memmove+0x1e/0x1b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/lib/memmove_64.S:44
  146. Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 89 d1 <f3> a4 e9 26 14 1b 00 66 2e 0f 1f 84 00 00 00 00 00 48 81 fa a8 02
  147. RSP: 0018:ffff88800d84f840 EFLAGS: 00010216
  148. RAX: ffff888002c9903c RBX: ffff888002c99000 RCX: fffffffffffdf000
  149. RDX: ffffffffffffffc4 RSI: ffff888002cba00c RDI: ffff888002cba000
  150. RBP: ffff888002c99002 R08: 0000000000000001 R09: fffff94000039076
  151. R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
  152. R13: ffff88800ba37868 R14: ffff888002c99040 R15: 0000000000000004
  153. FS: 00007f1338f2f900(0000) GS:ffff88809e880000(0000) knlGS:0000000000000000
  154. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  155. CR2: ffffebde001bf808 CR3: 00000000013f8004 CR4: 0000000000770ef0
  156. PKRU: 55555554
  157. note: systemd[1] exited with irqs disabled
  158. ----------------
  159. Code disassembly (best guess):
  160. 0: 90 nop
  161. 1: 90 nop
  162. 2: 90 nop
  163. 3: 90 nop
  164. 4: 90 nop
  165. 5: 90 nop
  166. 6: 90 nop
  167. 7: 90 nop
  168. 8: 90 nop
  169. 9: 90 nop
  170. a: 90 nop
  171. b: 90 nop
  172. c: f3 0f 1e fa endbr64
  173. 10: 48 89 f8 mov %rdi,%rax
  174. 13: 48 39 fe cmp %rdi,%rsi
  175. 16: 7d 0f jge 0x27
  176. 18: 49 89 f0 mov %rsi,%r8
  177. 1b: 49 01 d0 add %rdx,%r8
  178. 1e: 49 39 f8 cmp %rdi,%r8
  179. 21: 0f 8f b5 00 00 00 jg 0xdc
  180. 27: 48 89 d1 mov %rdx,%rcx
  181. * 2a: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
  182. 2c: e9 26 14 1b 00 jmp 0x1b1457
  183. 31: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
  184. 38: 00 00 00
  185. 3b: 48 rex.W
  186. 3c: 81 .byte 0x81
  187. 3d: fa cli
  188. 3e: a8 02 test $0x2,%al
  189.  
  190. final repro crashed as (corrupted=false):
  191. EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
  192. ext4 filesystem being mounted at /syzkaller.TPYs2I/19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
  193. BUG: unable to handle page fault for address: ffff888002cba000
  194. #PF: supervisor write access in kernel mode
  195. #PF: error_code(0x0003) - permissions violation
  196. PGD a4c01067 P4D a4c01067 PUD a4c02067 PMD 2c63063 PTE 8000000002cba121
  197. Oops: 0003 [#1] PREEMPT SMP KASAN NOPTI
  198. CPU: 2 PID: 366 Comm: syz-executor127 Not tainted 6.7.0 #2
  199. Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
  200. RIP: 0010:memmove+0x1e/0x1b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/lib/memmove_64.S:44
  201. Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 89 d1 <f3> a4 e9 26 14 1b 00 66 2e 0f 1f 84 00 00 00 00 00 48 81 fa a8 02
  202. RSP: 0018:ffff88800d84f840 EFLAGS: 00010216
  203. RAX: ffff888002c9903c RBX: ffff888002c99000 RCX: fffffffffffdf000
  204. RDX: ffffffffffffffc4 RSI: ffff888002cba00c RDI: ffff888002cba000
  205. RBP: ffff888002c99002 R08: 0000000000000001 R09: fffff94000039076
  206. R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
  207. R13: ffff88800ba37868 R14: ffff888002c99040 R15: 0000000000000004
  208. FS: 00007fefc4cb4640(0000) GS:ffff88809e900000(0000) knlGS:0000000000000000
  209. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  210. CR2: ffff888002cba000 CR3: 00000000092fc005 CR4: 0000000000770ef0
  211. PKRU: 55555554
  212. Call Trace:
  213. <TASK>
  214. ext4_ext_rm_leaf root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c:2736 [inline]
  215. ext4_ext_remove_space+0x1aae/0x36b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c:2958
  216. ext4_punch_hole+0xb8b/0xe50 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/inode.c:4019
  217. ext4_fallocate+0xb68/0x3230 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ext4/extents.c:4707
  218. vfs_fallocate+0x361/0xae0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/open.c:324
  219. ioctl_preallocate+0x172/0x1f0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:291
  220. file_ioctl root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:334 [inline]
  221. do_vfs_ioctl+0x109e/0x13c0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:850
  222. __do_sys_ioctl root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:869 [inline]
  223. __se_sys_ioctl root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:857 [inline]
  224. __x64_sys_ioctl+0xef/0x1e0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/ioctl.c:857
  225. do_syscall_x64 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:52 [inline]
  226. do_syscall_64+0x46/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:83
  227. entry_SYSCALL_64_after_hwframe+0x6f/0x77
  228. RIP: 0033:0x7fefc4d3263d
  229. Code: c3 e8 27 23 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
  230. RSP: 002b:00007fefc4cb4198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
  231. RAX: ffffffffffffffda RBX: 00007fefc4dc95d0 RCX: 00007fefc4d3263d
  232. RDX: 0000000020000080 RSI: 0000000040305829 RDI: 0000000000000004
  233. RBP: 00007fefc4d93598 R08: 00007ffe5e3ab7bf R09: 0000000000000000
  234. R10: 0000000000000000 R11: 0000000000000246 R12: 0031656c69662f2e
  235. R13: 6f6f6c2f7665642f R14: 000001ff7fdfd000 R15: 00007fefc4dc95d8
  236. </TASK>
  237. Modules linked in:
  238. CR2: ffff888002cba000
  239. ---[ end trace 0000000000000000 ]---
  240. BUG: unable to handle page fault for address: ffffebde001bf808
  241. RIP: 0010:memmove+0x1e/0x1b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/lib/memmove_64.S:44
  242. #PF: supervisor read access in kernel mode
  243. Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 89 d1 <f3> a4 e9 26 14 1b 00 66 2e 0f 1f 84 00 00 00 00 00 48 81 fa a8 02
  244. #PF: error_code(0x0000) - not-present page
  245. RSP: 0018:ffff88800d84f840 EFLAGS: 00010216
  246. PGD 0 P4D 0
  247.  
  248. RAX: ffff888002c9903c RBX: ffff888002c99000 RCX: fffffffffffdf000
  249.  
  250. RDX: ffffffffffffffc4 RSI: ffff888002cba00c RDI: ffff888002cba000
  251. Oops: 0000 [#2] PREEMPT SMP KASAN NOPTI
  252. RBP: ffff888002c99002 R08: 0000000000000001 R09: fffff94000039076
  253. CPU: 1 PID: 1 Comm: systemd Tainted: G D 6.7.0 #2
  254. R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
  255. Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
  256. R13: ffff88800ba37868 R14: ffff888002c99040 R15: 0000000000000004
  257. RIP: 0010:_compound_head root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/page-flags.h:247 [inline]
  258. RIP: 0010:virt_to_folio root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/mm.h:1283 [inline]
  259. RIP: 0010:virt_to_slab root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/../slab.h:213 [inline]
  260. RIP: 0010:qlink_to_cache root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/quarantine.c:131 [inline]
  261. RIP: 0010:qlist_free_all+0xaf/0x190 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/quarantine.c:184
  262. FS: 00007fefc4cb4640(0000) GS:ffff88809e900000(0000) knlGS:0000000000000000
  263. Code: 80 4c 01 c0 0f 82 f5 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 33 fc 31 03 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 11 fc 31 03 <48> 8b 48 08 48 89 c2 f6 c1 01 0f 85 b7 00 00 00 0f 1f 44 00 00 48
  264. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  265. RSP: 0018:ffff88800123fc68 EFLAGS: 00010286
  266. CR2: ffff888002cba000 CR3: 00000000092fc005 CR4: 0000000000770ef0
  267.  
  268. PKRU: 55555554
  269. RAX: ffffebde001bf800 RBX: 0000000006fe007a RCX: 000000000010000b
  270. note: syz-executor127[366] exited with irqs disabled
  271. RDX: 0000777f80000000 RSI: ffffea00000b2900 RDI: ffff888002ca4400
  272. RBP: 0000000000000000 R08: 0000000006fe007a R09: 000000000010000b
  273. R10: 0000000040000000 R11: 0000000000000000 R12: dffffc0000000000
  274. R13: ffff88800123fca8 R14: 0000000000000000 R15: ffff888002ca5e00
  275. FS: 00007f1338f2f900(0000) GS:ffff88809e880000(0000) knlGS:0000000000000000
  276. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  277. CR2: ffffebde001bf808 CR3: 00000000013f8004 CR4: 0000000000770ef0
  278. PKRU: 55555554
  279. Call Trace:
  280. <TASK>
  281. kasan_quarantine_reduce+0x15d/0x180 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/quarantine.c:294
  282. __kasan_slab_alloc+0x49/0x70 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/kasan/common.c:305
  283. kasan_slab_alloc root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/kasan.h:188 [inline]
  284. slab_post_alloc_hook root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slab.h:763 [inline]
  285. slab_alloc_node root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3478 [inline]
  286. slab_alloc root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3486 [inline]
  287. __kmem_cache_alloc_lru root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3493 [inline]
  288. kmem_cache_alloc+0xdc/0x270 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/mm/slub.c:3502
  289. getname_flags.part.0+0x4f/0x4c0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/namei.c:140
  290. getname_flags+0x95/0xe0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/audit.h:321
  291. vfs_fstatat+0x5e/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/stat.c:298
  292. vfs_stat root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/./include/linux/fs.h:3111 [inline]
  293. __do_sys_newstat+0x7f/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/fs/stat.c:436
  294. do_syscall_x64 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:52 [inline]
  295. do_syscall_64+0x46/0xf0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/entry/common.c:83
  296. entry_SYSCALL_64_after_hwframe+0x6f/0x77
  297. RIP: 0033:0x7f13396f88e6
  298. Code: 00 00 75 05 48 83 c4 18 c3 e8 46 0c 02 00 66 0f 1f 44 00 00 41 89 f8 48 89 f7 48 89 d6 41 83 f8 01 77 29 b8 04 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 c3 90 48 8b 15 79 35 0e 00 f7 d8 64 89 02
  299. RSP: 002b:00007ffcb620bbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000004
  300. RAX: ffffffffffffffda RBX: 000055f986c1f7e8 RCX: 00007f13396f88e6
  301. RDX: 00007ffcb620bc40 RSI: 00007ffcb620bc40 RDI: 000055f986c1e460
  302. RBP: 000055f986c1d370 R08: 0000000000000001 R09: 53297b0592226e1c
  303. R10: bf7708da564c09ec R11: 0000000000000246 R12: 00007ffcb620bc40
  304. R13: 000055f986c1e460 R14: 00007ffcb620bc00 R15: 00007ffcb620bd80
  305. </TASK>
  306. Modules linked in:
  307. CR2: ffffebde001bf808
  308. ---[ end trace 0000000000000000 ]---
  309. RIP: 0010:memmove+0x1e/0x1b0 root/zhangqiang/kernel_fuzzing/zq-LLM-OS/llm-syz-environment/linux-6.7/arch/x86/lib/memmove_64.S:44
  310. Code: 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 89 d1 <f3> a4 e9 26 14 1b 00 66 2e 0f 1f 84 00 00 00 00 00 48 81 fa a8 02
  311. RSP: 0018:ffff88800d84f840 EFLAGS: 00010216
  312. RAX: ffff888002c9903c RBX: ffff888002c99000 RCX: fffffffffffdf000
  313. RDX: ffffffffffffffc4 RSI: ffff888002cba00c RDI: ffff888002cba000
  314. RBP: ffff888002c99002 R08: 0000000000000001 R09: fffff94000039076
  315. R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
  316. R13: ffff88800ba37868 R14: ffff888002c99040 R15: 0000000000000004
  317. FS: 00007f1338f2f900(0000) GS:ffff88809e880000(0000) knlGS:0000000000000000
  318. CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  319. CR2: ffffebde001bf808 CR3: 00000000013f8004 CR4: 0000000000770ef0
  320. PKRU: 55555554
  321. note: systemd[1] exited with irqs disabled
  322. ----------------
  323. Code disassembly (best guess):
  324. 0: 90 nop
  325. 1: 90 nop
  326. 2: 90 nop
  327. 3: 90 nop
  328. 4: 90 nop
  329. 5: 90 nop
  330. 6: 90 nop
  331. 7: 90 nop
  332. 8: 90 nop
  333. 9: 90 nop
  334. a: 90 nop
  335. b: 90 nop
  336. c: f3 0f 1e fa endbr64
  337. 10: 48 89 f8 mov %rdi,%rax
  338. 13: 48 39 fe cmp %rdi,%rsi
  339. 16: 7d 0f jge 0x27
  340. 18: 49 89 f0 mov %rsi,%r8
  341. 1b: 49 01 d0 add %rdx,%r8
  342. 1e: 49 39 f8 cmp %rdi,%r8
  343. 21: 0f 8f b5 00 00 00 jg 0xdc
  344. 27: 48 89 d1 mov %rdx,%rcx
  345. * 2a: f3 a4 rep movsb %ds:(%rsi),%es:(%rdi) <-- trapping instruction
  346. 2c: e9 26 14 1b 00 jmp 0x1b1457
  347. 31: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
  348. 38: 00 00 00
  349. 3b: 48 rex.W
  350. 3c: 81 .byte 0x81
  351. 3d: fa cli
  352. 3e: a8 02 test $0x2,%al
  353.  
  354.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!