syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING: refcount bug in put_pid_ns

Status: upstream: reported C repro on 2019/04/18 07:22
Reported-by: syzbot+3436af5e4ae1032aa9da@syzkaller.appspotmail.com
First crash: 2074d, last: 1675d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: refcount bug in put_pid_ns fs syz 6 2457d 2457d 5/28 fixed on 2018/05/08 18:30
Last patch testing requests (2)
Created Duration User Patch Repo Result
2022/12/12 07:31 11m retest repro linux-4.14.y report log
2022/08/28 18:27 11m retest repro linux-4.14.y error
Fix bisection attempts (7)
Created Duration User Patch Repo Result
2020/06/20 11:33 0m bisect fix linux-4.14.y error job log
2020/05/21 11:09 23m bisect fix linux-4.14.y OK (0) job log log
2020/04/21 10:45 23m bisect fix linux-4.14.y OK (0) job log log
2020/03/22 10:20 25m bisect fix linux-4.14.y OK (0) job log log
2020/02/21 09:55 25m bisect fix linux-4.14.y OK (0) job log log
2020/01/22 09:30 24m bisect fix linux-4.14.y OK (0) job log log
2019/12/23 09:06 23m bisect fix linux-4.14.y OK (0) job log log

Sample crash report:
RBP: 00007ffe3104f1e0 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
refcount_t: underflow; use-after-free.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 7227 at lib/refcount.c:187 refcount_sub_and_test lib/refcount.c:187 [inline]
WARNING: CPU: 0 PID: 7227 at lib/refcount.c:187 refcount_sub_and_test.cold+0x18/0x22 lib/refcount.c:177
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 7227 Comm: syz-executor944 Not tainted 4.14.112 #2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x19c lib/dump_stack.c:53
 panic+0x1f2/0x438 kernel/panic.c:182
 __warn.cold+0x2f/0x34 kernel/panic.c:546
 report_bug+0x216/0x254 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:177 [inline]
 fixup_bug arch/x86/kernel/traps.c:172 [inline]
 do_error_trap+0x1bb/0x310 arch/x86/kernel/traps.c:295
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314
 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:944
RIP: 0010:refcount_sub_and_test lib/refcount.c:187 [inline]
RIP: 0010:refcount_sub_and_test.cold+0x18/0x22 lib/refcount.c:177
RSP: 0018:ffff8880a8857af8 EFLAGS: 00010286
RAX: 0000000000000026 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff866d0860 RDI: ffffed101510af55
RBP: ffff8880a8857b20 R08: 0000000000000026 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888089d414f0
R13: 0000000000000001 R14: 00000000ffffffff R15: 0000802122001ffa
 refcount_dec_and_test+0x1b/0x20 lib/refcount.c:212
 kref_put include/linux/kref.h:69 [inline]
 put_pid_ns+0x55/0x110 kernel/pid_namespace.c:203
 free_nsproxy+0x103/0x200 kernel/nsproxy.c:182
 switch_task_namespaces+0x98/0xb0 kernel/nsproxy.c:229
 exit_task_namespaces+0x18/0x20 kernel/nsproxy.c:234
 copy_process.part.0+0x3b4d/0x6950 kernel/fork.c:1961
 copy_process kernel/fork.c:1570 [inline]
 _do_fork+0x19e/0xce0 kernel/fork.c:2058
 SYSC_clone kernel/fork.c:2168 [inline]
 SyS_clone+0x37/0x50 kernel/fork.c:2162
 do_syscall_64+0x1eb/0x630 arch/x86/entry/common.c:289
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x441129
RSP: 002b:00007ffe3104f1c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441129
RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802122001ffa
RBP: 00007ffe3104f1e0 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (39):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/04/18 07:36 linux-4.14.y 58b454ebf81e b0e8efcb .config console log report syz C ci2-linux-4-14
2019/11/23 08:56 linux-4.14.y f56f3d0e65ad 598ca6c8 .config console log report ci2-linux-4-14
2019/11/23 01:25 linux-4.14.y f56f3d0e65ad 598ca6c8 .config console log report ci2-linux-4-14
2019/11/20 02:10 linux-4.14.y 775d01b65b5d 432c7650 .config console log report ci2-linux-4-14
2019/11/08 20:11 linux-4.14.y c9fda4f22428 1e35461e .config console log report ci2-linux-4-14
2019/11/02 11:20 linux-4.14.y ddef1e8e3f6e 997ccc67 .config console log report ci2-linux-4-14
2019/11/01 20:10 linux-4.14.y ddef1e8e3f6e 997ccc67 .config console log report ci2-linux-4-14
2019/10/26 15:10 linux-4.14.y b98aebd29824 25bb509e .config console log report ci2-linux-4-14
2019/10/26 07:20 linux-4.14.y b98aebd29824 413926c5 .config console log report ci2-linux-4-14
2019/10/23 11:01 linux-4.14.y b98aebd29824 d0686497 .config console log report ci2-linux-4-14
2019/10/19 04:19 linux-4.14.y b98aebd29824 8c88c9c1 .config console log report ci2-linux-4-14
2019/10/15 14:34 linux-4.14.y e132c8d7b58d b5268b89 .config console log report ci2-linux-4-14
2019/10/14 19:39 linux-4.14.y e132c8d7b58d a6aef847 .config console log report ci2-linux-4-14
2019/10/06 00:52 linux-4.14.y db1892238c55 f3f7d9c8 .config console log report ci2-linux-4-14
2019/09/08 09:17 linux-4.14.y 414510bc00a5 a60cb4cd .config console log report ci2-linux-4-14
2019/09/02 22:17 linux-4.14.y 01fd1694b93c 14544a56 .config console log report ci2-linux-4-14
2019/09/01 18:11 linux-4.14.y 01fd1694b93c bad3cce2 .config console log report ci2-linux-4-14
2019/08/31 09:13 linux-4.14.y 01fd1694b93c bcd7bcc2 .config console log report ci2-linux-4-14
2019/08/30 20:21 linux-4.14.y 01fd1694b93c 9adfa876 .config console log report ci2-linux-4-14
2019/08/25 21:13 linux-4.14.y b5260801526c d21c5d9d .config console log report ci2-linux-4-14
2019/08/17 18:12 linux-4.14.y 45f092f9e9cb 55bf8926 .config console log report ci2-linux-4-14
2019/08/15 07:04 linux-4.14.y 3ffe1e79c174 0d298d6b .config console log report ci2-linux-4-14
2019/08/15 03:08 linux-4.14.y 3ffe1e79c174 0d298d6b .config console log report ci2-linux-4-14
2019/08/15 03:04 linux-4.14.y 3ffe1e79c174 0d298d6b .config console log report ci2-linux-4-14
2019/08/14 11:59 linux-4.14.y 3ffe1e79c174 ef801a3e .config console log report ci2-linux-4-14
2019/08/14 09:49 linux-4.14.y 3ffe1e79c174 ef801a3e .config console log report ci2-linux-4-14
2019/08/04 01:24 linux-4.14.y 10d6aa565d05 6affd8e8 .config console log report ci2-linux-4-14
2019/08/03 08:39 linux-4.14.y 10d6aa565d05 6affd8e8 .config console log report ci2-linux-4-14
2019/08/01 01:33 linux-4.14.y 10d6aa565d05 c692b5bd .config console log report ci2-linux-4-14
2019/07/24 23:37 linux-4.14.y ff33472c282e 32329ceb .config console log report ci2-linux-4-14
2019/07/24 06:09 linux-4.14.y ff33472c282e de453f34 .config console log report ci2-linux-4-14
2019/06/24 09:27 linux-4.14.y a5758c531177 472f0082 .config console log report ci2-linux-4-14
2019/06/23 01:47 linux-4.14.y a5758c531177 34bf9440 .config console log report ci2-linux-4-14
2019/06/18 11:30 linux-4.14.y e861d0673eb8 e3f76baa .config console log report ci2-linux-4-14
2019/06/16 06:07 linux-4.14.y a74d0e937a3a 442206d7 .config console log report ci2-linux-4-14
2019/06/15 21:56 linux-4.14.y a74d0e937a3a 442206d7 .config console log report ci2-linux-4-14
2019/06/10 23:55 linux-4.14.y e6a95d8851f1 0159583c .config console log report ci2-linux-4-14
2019/04/22 04:34 linux-4.14.y 68d7a45eec10 b0e8efcb .config console log report ci2-linux-4-14
2019/04/18 06:21 linux-4.14.y 58b454ebf81e b0e8efcb .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.