syzbot

 sign-in | mailing list | source | docs
🐞 Open [196]
🐞 Fixed [42]
🐞 Invalid [470]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in get_work_pool

Status: public: reported C repro on 2019/04/13 00:00
Reported-by: syzbot+53b01ea766c021081d44@syzkaller.appspotmail.com
First crash: 2478d, last: 2140d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 general protection fault in get_work_pool 1 1475d 1475d 0/1 auto-closed as invalid on 2021/03/07 04:54
android-44 general protection fault in get_work_pool C 5 2280d 2051d 0/2 public: reported C repro on 2019/04/11 08:44
android-414 general protection fault in get_work_pool 4 2100d 2048d 0/1 auto-closed as invalid on 2019/08/20 09:55
upstream general protection fault in get_work_pool net C done 24 2052d 2455d 13/28 fixed on 2019/11/03 21:23
linux-4.14 general protection fault in get_work_pool C done 1 1441d 1471d 1/1 fixed on 2021/01/09 22:02
upstream general protection fault in get_work_pool (2) kvm 5 156d 156d 0/28 closed as invalid on 2024/08/16 18:24

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 5838 Comm: syz-executor629 Not tainted 4.9.122-g54068d6 #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d03e9800 task.stack: ffff8801cc6e0000
RIP: 0010:[<ffffffff811862e6>]  [<ffffffff811862e6>] get_work_pool+0xf6/0x1e0 kernel/workqueue.c:716
RSP: 0018:ffff8801cc6e7418  EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 00000000fffffe00 RCX: 0000000000000000
RDX: 000000001fffffc0 RSI: ffffffff811862ce RDI: 0000000000000046
RBP: ffff8801cc6e7430 R08: 0000000000000096 R09: 0000000000000001
R10: 0000000000000000 R11: 1ffff1003a07d41d R12: dffffc0000000000
R13: 0000000000000000 R14: ffff8801d9984500 R15: ffffffff84b5af70
FS:  0000000001e27880(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffea48e0a8c CR3: 00000001d06db000 CR4: 00000000001606f0
Stack:
 ffff8801db226000 dffffc0000000000 0000000000000000 ffff8801cc6e74a8
 ffffffff8118a4ac ffff8801d03ea0c0 0000000600000007 ffff8801d03e9800
 fffffbfff098c050 0000000000000029 ffff8801d9984680 0000004000000000
Call Trace:
 [<ffffffff8118a4ac>] __queue_work+0x14c/0xf10 kernel/workqueue.c:1401
 [<ffffffff8118beb7>] queue_work_on+0x97/0xa0 kernel/workqueue.c:1486
 [<ffffffff834fdd98>] queue_work include/linux/workqueue.h:477 [inline]
 [<ffffffff834fdd98>] schedule_work include/linux/workqueue.h:535 [inline]
 [<ffffffff834fdd98>] xfrm_policy_insert+0xa78/0xf20 net/xfrm/xfrm_policy.c:830
 [<ffffffff8352eed8>] xfrm_add_policy+0x248/0x4f0 net/xfrm/xfrm_user.c:1565
 [<ffffffff8352b647>] xfrm_user_rcv_msg+0x3c7/0x6b0 net/xfrm/xfrm_user.c:2531
 [<ffffffff831d8615>] netlink_rcv_skb+0x145/0x370 net/netlink/af_netlink.c:2365
 [<ffffffff835281ef>] xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2539
 [<ffffffff831d71c8>] netlink_unicast_kernel net/netlink/af_netlink.c:1285 [inline]
 [<ffffffff831d71c8>] netlink_unicast+0x4d8/0x6f0 net/netlink/af_netlink.c:1311
 [<ffffffff831d7b75>] netlink_sendmsg+0x795/0xc30 net/netlink/af_netlink.c:1859
 [<ffffffff8301cfcc>] sock_sendmsg_nosec net/socket.c:636 [inline]
 [<ffffffff8301cfcc>] sock_sendmsg+0xcc/0x110 net/socket.c:646
 [<ffffffff8301ea6c>] ___sys_sendmsg+0x6fc/0x840 net/socket.c:1970
 [<ffffffff83020ad9>] __sys_sendmsg+0xd9/0x190 net/socket.c:2004
 [<ffffffff83020bbd>] SYSC_sendmsg net/socket.c:2015 [inline]
 [<ffffffff83020bbd>] SyS_sendmsg+0x2d/0x50 net/socket.c:2011
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff83a00cd3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: b1 aa 1d 00 48 89 d8 5b 41 5c 41 5d 5d c3 e8 a2 aa 1d 00 48 81 e3 00 fe ff ff 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c6 00 00 00 48 8b 1b e8 78 aa 1d 00 48 89 d8 
RIP  [<ffffffff811862e6>] get_work_pool+0xf6/0x1e0 kernel/workqueue.c:716
 RSP <ffff8801cc6e7418>
---[ end trace 58f8fa4901d30e69 ]---

Crashes (24):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/20 20:54 https://android.googlesource.com/kernel/common android-4.9 54068d61e7d8 95b5c82b .config console log report syz C ci-android-49-kasan-gce-root
2019/01/12 06:55 https://android.googlesource.com/kernel/common android-4.9 9e6c14f45398 c3f3344c .config console log report ci-android-49-kasan-gce-root
2019/01/02 09:24 https://android.googlesource.com/kernel/common android-4.9 9f23a833fdcd 3d85f48c .config console log report ci-android-49-kasan-gce-root
2019/01/02 02:09 https://android.googlesource.com/kernel/common android-4.9 9f23a833fdcd 3d85f48c .config console log report ci-android-49-kasan-gce-root
2018/12/17 12:47 https://android.googlesource.com/kernel/common android-4.9 5d05bdd53c86 def91db3 .config console log report ci-android-49-kasan-gce-root
2018/12/13 07:04 https://android.googlesource.com/kernel/common android-4.9 8fe428403e30 02613a41 .config console log report ci-android-49-kasan-gce
2018/11/19 13:01 https://android.googlesource.com/kernel/common android-4.9 109a48ed2f69 adf636a8 .config console log report ci-android-49-kasan-gce-root
2018/11/17 08:18 https://android.googlesource.com/kernel/common android-4.9 109a48ed2f69 b08ee62a .config console log report ci-android-49-kasan-gce
2018/11/12 19:15 https://android.googlesource.com/kernel/common android-4.9 ba62b3018e0d 7b5f8621 .config console log report ci-android-49-kasan-gce
2018/11/12 09:10 https://android.googlesource.com/kernel/common android-4.9 ba62b3018e0d 7b5f8621 .config console log report ci-android-49-kasan-gce
2018/11/05 20:51 https://android.googlesource.com/kernel/common android-4.9 f68c8f49db5a 8bd6bd63 .config console log report ci-android-49-kasan-gce-root
2018/11/02 01:45 https://android.googlesource.com/kernel/common android-4.9 4ba3f69128be 1f38e9ae .config console log report ci-android-49-kasan-gce-root
2018/10/17 08:28 https://android.googlesource.com/kernel/common android-4.9 3917c4a8adcc 1ba7fd7e .config console log report ci-android-49-kasan-gce
2018/08/20 19:34 https://android.googlesource.com/kernel/common android-4.9 54068d61e7d8 95b5c82b .config console log report ci-android-49-kasan-gce
2018/08/11 16:32 https://android.googlesource.com/kernel/common android-4.9 9dc978d43ec7 7a88b141 .config console log report ci-android-49-kasan-gce
2018/08/10 09:44 https://android.googlesource.com/kernel/common android-4.9 92e87041ed2d 1fb62d58 .config console log report ci-android-49-kasan-gce
2018/08/08 00:34 https://android.googlesource.com/kernel/common android-4.9 47b77b8d01c4 1beb8136 .config console log report ci-android-49-kasan-gce
2018/04/24 08:04 https://android.googlesource.com/kernel/common android-4.9 142d4b530f5a e7e85d36 .config console log report ci-android-49-kasan-gce-root
2018/04/10 13:42 https://android.googlesource.com/kernel/common android-4.9 eba1ffe631bc 8e873e9d .config console log report ci-android-49-kasan-gce
2018/03/26 06:04 https://android.googlesource.com/kernel/common android-4.9 dd1e37e64645 e033c1f1 .config console log report ci-android-49-kasan-gce
2018/03/14 16:19 https://android.googlesource.com/kernel/common android-4.9 97d7f1c7c0f0 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/07 02:28 https://android.googlesource.com/kernel/common android-4.9 b324a701539e c8a18476 .config console log report ci-android-49-kasan-gce
2018/03/03 00:57 https://android.googlesource.com/kernel/common android-4.9 f67385227a42 2c6f473e .config console log report ci-android-49-kasan-gce
2018/02/08 16:43 https://android.googlesource.com/kernel/common android-4.9 20c8a0089294 9fb5ec43 .config console log report ci-android-49-kasan-gce
* Struck through repros no longer work on HEAD.