syzbot


general protection fault in get_task_pid

Status: fixed on 2019/07/29 13:39
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+002e636502bc4b64eb5c@syzkaller.appspotmail.com
Fix commit: 28dd29c06d0d fork: return proper negative error code
First crash: 1821d, last: 1816d
Cause bisection: introduced by (bisect log) :
commit 6fd2fe494b17bf2dec37b610d23a43a72b16923a
Author: Al Viro <viro@zeniv.linux.org.uk>
Date: Thu Jun 27 02:22:09 2019 +0000

  copy_process(): don't use ksys_close() on cleanups

Crash: general protection fault in get_task_pid (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
general protection fault in get_task_pid 3 (4) 2019/07/03 08:20
[PATCH] fork: return proper negative error code 3 (3) 2019/07/01 16:26
Last patch testing requests (1)
Created Duration User Patch Repo Result
2019/07/01 14:19 18m christian@brauner.io git://git.kernel.org/pub/scm/linux/kernel/git/brauner/linux.git fixes OK

Sample crash report:
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007ffc15fbb0ff R14: 00007ff07e47e9c0 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7990 Comm: syz-executor290 Not tainted 5.2.0-rc6+ #9
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__read_once_size include/linux/compiler.h:194 [inline]
RIP: 0010:get_task_pid+0xe1/0x210 kernel/pid.c:372
Code: 89 ff e8 62 27 5f 00 49 8b 07 44 89 f1 4c 8d bc c8 90 01 00 00 eb 0c e8 0d fe 25 00 49 81 c7 38 05 00 00 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 31 27 5f 00 4d 8b 37 e8 f9 47 12 00
RSP: 0018:ffff88808a4a7d78 EFLAGS: 00010203
RAX: 00000000000000a7 RBX: dffffc0000000000 RCX: ffff888088180600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88808a4a7d90 R08: ffffffff814fb3a8 R09: ffffed1015d66bf8
R10: ffffed1015d66bf8 R11: 1ffff11015d66bf7 R12: 0000000000041ffc
R13: 1ffff11011494fbc R14: 0000000000000000 R15: 000000000000053d
FS:  00007ff07e47e700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b5100 CR3: 0000000094df2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 _do_fork+0x1b9/0x5f0 kernel/fork.c:2360
 __do_sys_clone kernel/fork.c:2454 [inline]
 __se_sys_clone kernel/fork.c:2448 [inline]
 __x64_sys_clone+0xc1/0xd0 kernel/fork.c:2448
 do_syscall_64+0xfe/0x140 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446649
Code: e8 bc b5 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 09 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff07e47ddb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00000000006dbc28 RCX: 0000000000446649
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000041ffc
RBP: 00000000006dbc20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dbc2c
R13: 00007ffc15fbb0ff R14: 00007ff07e47e9c0 R15: 0000000000000000
Modules linked in:
---[ end trace 403a74d6aeda7e67 ]---
RIP: 0010:__read_once_size include/linux/compiler.h:194 [inline]
RIP: 0010:get_task_pid+0xe1/0x210 kernel/pid.c:372
Code: 89 ff e8 62 27 5f 00 49 8b 07 44 89 f1 4c 8d bc c8 90 01 00 00 eb 0c e8 0d fe 25 00 49 81 c7 38 05 00 00 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 31 27 5f 00 4d 8b 37 e8 f9 47 12 00
RSP: 0018:ffff88808a4a7d78 EFLAGS: 00010203
RAX: 00000000000000a7 RBX: dffffc0000000000 RCX: ffff888088180600
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88808a4a7d90 R08: ffffffff814fb3a8 R09: ffffed1015d66bf8
R10: ffffed1015d66bf8 R11: 1ffff11015d66bf7 R12: 0000000000041ffc
R13: 1ffff11011494fbc R14: 0000000000000000 R15: 000000000000053d
FS:  00007ff07e47e700(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004b5100 CR3: 0000000094df2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (24):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/29 01:30 upstream 556e2f6020bf 7509bf36 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/07/02 10:43 upstream 6fbc7275c7a9 cccc4302 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/02 09:39 upstream 6fbc7275c7a9 cccc4302 .config console log report ci-upstream-kasan-gce
2019/07/02 07:54 upstream 6fbc7275c7a9 cccc4302 .config console log report ci-upstream-kasan-gce
2019/07/02 05:36 upstream 6fbc7275c7a9 cccc4302 .config console log report ci-upstream-kasan-gce
2019/07/01 21:24 upstream 6fbc7275c7a9 907bf746 .config console log report ci-upstream-kasan-gce
2019/07/01 12:14 upstream 6fbc7275c7a9 699d6448 .config console log report ci-upstream-kasan-gce
2019/07/01 11:38 upstream 6fbc7275c7a9 699d6448 .config console log report ci-upstream-kasan-gce-root
2019/06/30 21:58 upstream 6fbc7275c7a9 699d6448 .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/30 21:42 upstream 6fbc7275c7a9 699d6448 .config console log report ci-upstream-kasan-gce
2019/06/30 12:32 upstream 728254541ebc 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/30 07:27 upstream 728254541ebc 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/30 06:50 upstream 728254541ebc 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/29 23:24 upstream 01305db842e1 7509bf36 .config console log report ci-upstream-kasan-gce
2019/06/29 20:53 upstream 01305db842e1 7509bf36 .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/29 12:35 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce
2019/06/29 10:10 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce-root
2019/06/29 07:45 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/29 06:22 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce
2019/06/29 05:04 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce-root
2019/06/29 02:29 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce
2019/06/28 23:27 upstream 556e2f6020bf 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/03 22:27 linux-next f9ca7f5a1eb9 55565fa0 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/07/01 22:26 linux-next 48a8a5f9a326 907bf746 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.