From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45D55E77188 for ; Thu, 2 Jan 2025 17:19:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9F5FD6B00DD; Thu, 2 Jan 2025 12:19:22 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9A4D36B00DE; Thu, 2 Jan 2025 12:19:22 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 86CD76B00DF; Thu, 2 Jan 2025 12:19:22 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 69E2C6B00DD for ; Thu, 2 Jan 2025 12:19:22 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 122EE1601B8 for ; Thu, 2 Jan 2025 17:19:22 +0000 (UTC) X-FDA: 82963169394.20.792FE48 Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by imf04.hostedemail.com (Postfix) with ESMTP id BE82040008 for ; Thu, 2 Jan 2025 17:18:27 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=s3hDC1ff; spf=pass (imf04.hostedemail.com: domain of nogikh@google.com designates 209.85.216.53 as permitted sender) smtp.mailfrom=nogikh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1735838325; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kk1DE5HscURCf2x7Pc3USm3zizbNa5xoj7Nu7LvUbwo=; b=fPPCq68L2ZzJXc221Th0iI+h6QDEhsCNPdNS2nKhMYDx2p84OW8b2MRtOA6IdKto5ERKR1 t2AnWp5dYBMvkvdfDv6ntVddPK4jhyBu/lnutLLjoHnHQsZrQ265ZLhHLVqA4a0kTm/tbs mA2myKC9f4yl9YaOPpD94NlYksIcSA0= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=s3hDC1ff; spf=pass (imf04.hostedemail.com: domain of nogikh@google.com designates 209.85.216.53 as permitted sender) smtp.mailfrom=nogikh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1735838325; a=rsa-sha256; cv=none; b=qD0tF3hdtPOVXp9gxy/THMklQF/j03JfhxNKw9eomaclqt087oCSQ9EeKkr1S6Gj+GgIQ/ +xp/aaBHPb7COiLZvjV2Zov4EuqDaIAau3tY8jVnaZ8kHNhFUnohKG19i6d6TZVSWdwhiw eIAcwFPRu/qpodf+zL6q4zAM5TundCg= Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-2efd81c7ca4so12890438a91.2 for ; Thu, 02 Jan 2025 09:19:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1735838359; x=1736443159; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=kk1DE5HscURCf2x7Pc3USm3zizbNa5xoj7Nu7LvUbwo=; b=s3hDC1ffo/+fE6WvPyMF3BlhXmNSkprDIiOWqzHLKylfPT2J/9UDLHOpc4Xyu+h79v JKmLnoqZHPAs26xdfjihA38uK0x/tBcyCo4VtlOCy4Trt5DupU8ISaYxTwTLCY2IsxKo ATvHvnXnH/6sYMm9Y6BW1wiEAwxMlM4ujxRjVxO9JBHuQ1wJzhlH5vA/P5D1suHdXVzx xXMpKYAbmJDpoE66vIZPel8Re/n9hZ5PpakvKCoRSZJE5q+LPFSywRl6Xu6Evv5RQdnp 1unmgv+sEKOPZjltg2QuUZu5Ji+lio89wVBHITu4okWwHfYzXFhgtLLkBKQHXFA2p6Se xtZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735838359; x=1736443159; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kk1DE5HscURCf2x7Pc3USm3zizbNa5xoj7Nu7LvUbwo=; b=Eph5CyIprqHgN3RBKUz/1qFovck06/6QwAZxFqjJ53FqeXwnupcrn/KIJa40yaGTVx lV6kTo3W+t9vHkdz1L8QVWUvCWGcikTK1nB250RCV2mU1CbRfsl5j1TqV1Q4LgsshUvY lYmY4jo3lAw7K71/3yz97Gd1RsGRbhrZllbEVn+z3rfT3f62vyaWKYLEcXWG9/yjOXa3 BQx/WsHtfgjl1sqsbQLwMw99WIoSqo50Us140VqcFN5Vw6J/T8hNV2cWt6mcltUTmEPX BjJ8oB5aJJ1V66alqE+6R4JRwYgjMDw8t7Mn/We7475/kliPD4XesYlOxv5pVj9f34d0 592g== X-Forwarded-Encrypted: i=1; AJvYcCXDVch653z6lxIMW/KCT5pd9NiAPsI6cEXocGi967xEfVIV+z2QVdaiY1ybMBQnqBKRbrro1HFtSg==@kvack.org X-Gm-Message-State: AOJu0Yx4BdMhe9JvWJfq9W4pHGKdAo5YAlrT0JIk+8Zt/zRciKN9t6mQ p62bsog5DCb3waSdb2omBlr0N0Ykwa9ejxLcFUqboi8ITbgJ73A7ZwOiNQGFKdcUo9rY2m+Ft65 hwrHuNl5BqqhNyRsdNS0R51dcDGtjid4OPNvgy35sYqf3Kdq08ds0 X-Gm-Gg: ASbGncsb7iuYEf0ivSU6RS04YkfrfOVf29Dx0QXb2pqHEVWWTCwTMWGt+Vmn1IBr47t 0tkDFnE1hbkOFLliW1kYgre1WOiUjLXngjjyCbhkVmnNss9/RYqogqNg6oE/lWKe9nKO+ X-Google-Smtp-Source: AGHT+IEkluRX1Db6yxLgarIKDlX8cEUzzVXA2rGECuAHN8vpmQjd8Ow8jeBnHR4YkR3vMR4mpE7+p2WEKzDcIKGHe58= X-Received: by 2002:a17:90b:50c7:b0:2ee:45fd:34ee with SMTP id 98e67ed59e1d1-2f452eedb72mr69809050a91.37.1735838358548; Thu, 02 Jan 2025 09:19:18 -0800 (PST) MIME-Version: 1.0 References: <6774c98f.050a0220.25abdd.0991.GAE@google.com> <11dee0ef-1707-4b90-be2e-56f484642a7a@lucifer.local> In-Reply-To: <11dee0ef-1707-4b90-be2e-56f484642a7a@lucifer.local> From: Aleksandr Nogikh Date: Thu, 2 Jan 2025 18:19:06 +0100 Message-ID: Subject: Re: [syzbot] [mm?] WARNING in vma_merge_existing_range To: Lorenzo Stoakes Cc: syzbot , Liam.Howlett@oracle.com, akpm@linux-foundation.org, jannh@google.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, syzkaller-bugs@googlegroups.com, vbabka@suse.cz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam05 X-Stat-Signature: ubiq4xmdapo37d3djqz3ih536brxw6tb X-Rspamd-Queue-Id: BE82040008 X-Rspam-User: X-HE-Tag: 1735838307-591415 X-HE-Meta: U2FsdGVkX18Bsoaidbbibi3FTRG5HdhagQZ189n3LyBqNsq5qyn3JQPxZWvpARbxjmIWBlt/JjBvCuPr1lenzggFeXeT7wxew/lmNCLfIv5sH6dxShMLUyi+vQ47C0dxj5i4y8eIesYyzRVe0gQdAeQYGj++rlsFKutfO5hzoyl1tntTDZ6+1vKTBZ8WI9acjRTQSMff63bhM+ROTSFOD64/0ZCpAkC50i2APGtr4/zSHnjUtExy7nSqVv4FnHWHxz3AatXzm8Vy9IxcISt1s/5wiArdPFgf/bDfr2d34gvlRvx2m9GwEwKwxNjORx8UNBgEoS1elbEtpVkoV8eCHPqpcC/4+rrU3fQkbhm816Qc2pWiDvTtfichJ1B8dETw1w3djdUroo7wowTnNj537IwdtWHfKEdGa5Eth968pOPFpSPqllMJHkTWGfq3tB2PRYy78fdcpSGlCCbx/JaRNNWFCFFx+vGl5VHIdBMSsgOPt58kT2++NRUG09bRjxJka9IpvLqbR1MR7T2Sm2HLonzO3gutyGuDAozXHwCABTYHcwxWM8vtzwEfPpthFg9sGx9jHrwcjotZFXfdkef0ek8YbqN7ZEVSbBppw0/YKUyiVQT1hpwcUCDXx06XYY1NFVOo46CnE+ZJ1Tzhm7jiFq+oiRSlbSH4Qt4ji8wOxWr2ILoJzibVACtslWHTJfTg+RH+0gQxkL0ByS+0FTjsMrjylx2dQrB3GsovM++jeh96OgKfk02e+01T2wPMDhN5SBeTPxl6bfK8XpTP0OcVNIJi3AH8qLJGCID8KTGNYgDY360h08+mDIfLRxQZj/FoFUZqwLzf2K1DehDkyUTXWJ85Kvd8ZomUYsZIl7s7CdVVQ5tOF09dTKVT7i71Hu60dlEu8pKu96J28LaX7zjsm55hz2y9j96I5g3CDl4cdOT4KI9BQy2oqxp0xaTldxEpE0KGLO4yH2N+iTTmy6s JBCbSBop SMxzr0MlDxkQsREAv+GgeKUDHVVJfli3WEGmpNUD98PUM0ksy5GBcKezR0KBqNGMtzdISdGNu6B+tOZsRFDnDnyH+NTOhl8IOUVs7siAWP4XlBfkL6G2v/Iej2lL96PzEMqLGofhGNi3P2Q30lu2Yxu0Ch7Ba3YQ908cUoPHJx6U981gHxUntuhyfznHC8L4GPQLMw31dvsHjPkD1JUL+5FqPgS2CCG0l96B+7BLB3oczWVbBuVUj2zEKN7wtqK3rf45FBbD9LrvuNx2p6zPnJSxjHPGtag2zgOyrLa2nkD25zbTpBIlG9oZFWrQF01l5Yf/4kmN51UqhOSlkwp/mNrJJCUPtl3rto9eekHd6cMn2hFFW3yEBgIotG3TPEYPq8f9y4Y6C98Ai5k0jYeUFBSrtGDC/AALJEONRCNTFRVwmguAgyJFlECrVEb6DuHVl8j3cXNgiFAH36L8iK0kgHiTh4hm8gnckQ4yqrf/LFpM8zk0tIavhcmcnjJMsYv1+RwhMOP1mnzHBygl0LQRZ765TCk+W5w40idoxsFldyKuKE9WawQoHezo5UjM4YLLavknaY9D7Icpd+Jz7zZA7WGjOw5Sra/YjF94k2h+tqMMq84OqPW/TGF24GOaosfzdWducR2bJRcxjVhCuAxY9FNgv9J168QnloyWCde8gyH9JYch+VGYVshNKqxo7WQatY7rnmcS8rMz6B5fXJ4AwzHJuq7LxDjxsg4cHFyqSx7j4P+fAFLqme2njspC2JW5P6A/69n2k1vT5KYepUAS4KRwxFurfayKQsojY43jDcWx0ZxEEFNDHHAvg0lECdXCWhC7BVg9ptSC7XiohiLkDFXkenUD6BAVQfHGxl/xU8S/O9XEwXmU8kK7Py1dGsYSqqnUt26wit8auAPzl3xE/Z94KVbcwa/1Yomxt6sm+VXtwC7eyhkzKESLQKp6Oq0XmzExpL35RAxJs2f+1YGZ+Hyn2a98I 6n1jEl/f +78SuX7Wl0ezz6FoeYI4fwfZjSKaL2+1VGHw/LfpAHt7cQplGKgibSrbVY16x7zJmdKJag1NGZRra0W6aJ24Kw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Jan 2, 2025 at 11:26=E2=80=AFAM 'Lorenzo Stoakes' via syzkaller-bug= s wrote: > > Happy new year! Happy New Year! :) > > On Tue, Dec 31, 2024 at 08:50:23PM -0800, syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 8379578b11d5 Merge tag 'for-v6.13-rc' of git://git.kern= el... > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=3D16113018580= 000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=3Dd269ef41b92= 62400 > > dashboard link: https://syzkaller.appspot.com/bug?extid=3D46423ed8fa1f1= 148c6e4 > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for D= ebian) 2.40 > > userspace arch: i386 > > Hmmmm 32-bit? But kernel reports give 64-bit registers? So I guess 32-bit > userland, 64-bit kernel? Yes, that's a 32-bit userspace binary running on a 64-bit kernel. > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > Hmm. Racey thing? > > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/86d2e3352aff/d= isk-8379578b.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/345570cd3573/vmli= nux-8379578b.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/01da37a51505= /bzImage-8379578b.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the co= mmit: > > Reported-by: syzbot+46423ed8fa1f1148c6e4@syzkaller.appspotmail.com > > > > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > > > ------------[ cut here ]------------ > > WARNING: CPU: 1 PID: 20504 at mm/vma.c:734 vma_merge_existing_range+0x1= 145/0x16f0 mm/vma.c:734 > > It'd be nice if syzbot could actually print the code that generates the > warning :) a nice-to-have perhaps. Thanks for the suggestion! I've filed https://github.com/google/syzkaller/issues/5654 > > This is: > > VM_WARN_ON(start >=3D end); > > I suspect start =3D=3D end, because start > end would be some drastic and > god-awful bug. > > > Modules linked in: > > CPU: 1 UID: 0 PID: 20504 Comm: syz.6.5485 Not tainted 6.13.0-rc4-syzkal= ler-00069-g8379578b11d5 #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS= Google 09/13/2024 > > RIP: 0010:vma_merge_existing_range+0x1145/0x16f0 mm/vma.c:734 > > Code: e8 20 24 0f 00 4d 2b 7d 00 4d 89 ec 48 8b 7c 24 38 e9 7f 01 00 00= e8 3a bc a8 ff 90 0f 0b 90 e9 a8 f1 ff ff e8 2c bc a8 ff 90 <0f> 0b 90 e9 = 0e f2 ff ff e8 1e bc a8 ff 90 0f 0b 90 4d 85 ed 0f 85 > > Be useful to get the kernel disassembly too :) > > Best guess wranging a python script and objdump: > > 0: e8 20 24 0f 00 call 0xf2425 > 5: 4d 2b 7d 00 sub 0x0(%r13),%r15 > 9: 4d 89 ec mov %r13,%r12 > c: 48 8b 7c 24 38 mov 0x38(%rsp),%rdi > 11: e9 7f 01 00 00 jmp 0x195 > 16: e8 3a bc a8 ff call 0xffffffffffa8bc55 > 1b: 90 nop > 1c: 0f 0b ud2 > 1e: 90 nop > 1f: e9 a8 f1 ff ff jmp 0xfffffffffffff1cc > 24: e8 2c bc a8 ff call 0xffffffffffa8bc55 > 29: 90 nop > 2a: <0f> 0b ud2 <-- presumably here? This is an und= efined instruction... > 2c: 90 nop > 2d: e9 0e f2 ff ff jmp 0xfffffffffffff240 > 32: e8 1e bc a8 ff call 0xffffffffffa8bc55 > 37: 90 nop > 38: 0f 0b ud2 > 3a: 90 nop > 3b: 4d 85 ed test %r13,%r13 > 3e: 0f .byte 0xf > 3f: 85 .byte 0x85 > > Yeah this might be a mix of data and code somehow or just garbage? Not su= re > there's anything discernable there unfortunately. Syzbot also did some disassembly at the bottom of the report. I wonder what's the difference between the two "Code" fields and if there's a way to automatically select the right one for the disassembly. > > > RSP: 0018:ffffc9000ba274a0 EFLAGS: 00010293 > > RAX: ffffffff81f6b804 RBX: 0000000020c25000 RCX: ffff888060ad1e00 > > RDX: 0000000000000000 RSI: 0000000020c25000 RDI: 0000000020c25000 > > RBP: ffffc9000ba275f8 R08: ffffffff81f6aa0d R09: 00000000280000fa > > R10: ffffc9000ba27810 R11: fffff52001744f07 R12: 0000000020c25000 > > R13: ffff888069b666c8 R14: ffffc9000ba276a0 R15: ffff888068d0b1f0 > > FS: 0000000000000000(0000) GS:ffff8880b8700000(0063) knlGS:00000000f51= 16b40 > > CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 > > CR2: 00007fa9de2c0018 CR3: 000000006b562000 CR4: 00000000003526f0 > > > Call Trace: > > > > vma_modify+0x41/0x330 mm/vma.c:1514 > > Just passes through start, end (in vmg). > > > vma_modify_flags_name+0x3a6/0x430 mm/vma.c:1563 > > Just passes through start, end. > > > madvise_update_vma+0x2fe/0xc10 mm/madvise.c:159 > > Just passes through start, end. > > This means it was one of MADV_NORMAL, MADV_RANDOM, MADV_DONTFORK, > MADV_DOFORK, MADV_WIPEONFORK, MADV_KEEPONFORK, MADV_DONTDUMP, MADV_DODUMP= , > MADV_MERGEABLE, MADV_UNMERGEABLE, MADV_HUGEPAGE, MADV_NOHUGEPAGE. > > Yeah we need better error handling here, because this report is just givi= ng > us very little to go on especially for a non-repro. Will add to TODO. > > > madvise_vma_behavior mm/madvise.c:1325 [inline] > > Just passes through start, end. > > > madvise_walk_vmas mm/madvise.c:1497 [inline] > > OK here we find VMAs and walk them. > > We explicitly check for start >=3D send if start < vma->vm_start. > > I wonder if the visit() call is splitting the VMA which confuses the logi= c > here. > > s e > | | > v v > |-------------| > | | > |-------------| > > Split: > > s e > | | > v v > |--------|----| > | | | > |--------|----| > > prev =3D this VMA. > > if (prev && start < prev->vm_end) > start =3D prev->vm_end; > > So we end up with: > > > s,e > | > v > |--------|----| > | | | > |--------|----| > > tmp =3D vma->vm_end; > if (end < tmp) > tmp =3D end; > > That tmp assignment will reinstate the broken end > > And... boom. > > Let me check this out and see if I can trigger it. > > I may be missing some safeguard that prevents this... > > > > do_madvise+0x1e64/0x4d10 mm/madvise.c:1684 > > Here we explicitly check for start >=3D end: > > end =3D start + len; > if (end < start) > return -EINVAL; > > if (end =3D=3D start) > return 0; > > So overflow is accounted for also. But since this is a 64-bit kernel not > really a concern. > > > __do_sys_madvise mm/madvise.c:1700 [inline] > > __se_sys_madvise mm/madvise.c:1698 [inline] > > __ia32_sys_madvise+0xa6/0xc0 mm/madvise.c:1698 > > do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] > > __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 > > do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 > > entry_SYSENTER_compat_after_hwframe+0x84/0x8e > > RIP: 0023:0xf7fc2579 > > Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00= 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 = 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 > > RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 00000000000000db > > RAX: ffffffffffffffda RBX: 0000000020c00000 RCX: 0000000000400000 > > RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 > > RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 > > R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 > > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > > > ---------------- > > Code disassembly (best guess), 2 bytes skipped: > > 0: 10 06 adc %al,(%rsi) > > 2: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi > > 6: 10 07 adc %al,(%rdi) > > 8: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi > > c: 10 08 adc %cl,(%rax) > > e: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi > > 1e: 00 51 52 add %dl,0x52(%rcx) > > 21: 55 push %rbp > > 22: 89 e5 mov %esp,%ebp > > 24: 0f 34 sysenter > > 26: cd 80 int $0x80 > > * 28: 5d pop %rbp <-- trapping instruction > > 29: 5a pop %rdx > > 2a: 59 pop %rcx > > 2b: c3 ret > > 2c: 90 nop > > 2d: 90 nop > > 2e: 90 nop > > 2f: 90 nop > > 30: 90 nop > > 31: 90 nop > > 32: 90 nop > > 33: 90 nop > > 34: 90 nop > > 35: 90 nop > > 36: 90 nop > > 37: 90 nop > > 38: 90 nop > > 39: 90 nop > > 3a: 90 nop > > 3b: 90 nop > > 3c: 90 nop > > 3d: 90 nop > > > > > > --- > > This report is generated by a bot. It may contain errors. > > See https://goo.gl/tpsmEJ for more information about syzbot. > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > syzbot will keep track of this issue. See: > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > > If the report is already addressed, let syzbot know by replying with: > > #syz fix: exact-commit-title > > > > If you want to overwrite report's subsystems, reply with: > > #syz set subsystems: new-subsystem > > (See the list of subsystem names on the web dashboard) > > > > If the report is a duplicate of another one, reply with: > > #syz dup: exact-subject-of-another-report > > > > If you want to undo deduplication, reply with: > > #syz undup >