syzbot


BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker

Status: upstream: reported C repro on 2020/05/17 07:11
Reported-by: syzbot+d4e9d5a87c97669a88ec@syzkaller.appspotmail.com
First crash: 1493d, last: 645d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 KASAN: use-after-free Write in padata_serial_worker C error 9 704d 1835d 0/1 upstream: reported C repro on 2019/06/10 15:27
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2021/08/10 22:03 20m bisect fix linux-4.14.y error job log (0)
2021/07/11 21:41 22m bisect fix linux-4.14.y job log (0) log
2021/06/11 21:18 22m bisect fix linux-4.14.y job log (0) log
2021/05/12 20:52 25m bisect fix linux-4.14.y job log (0) log

Sample crash report:
audit: type=1804 audit(1605498664.442:2): pid=8012 uid=0 auid=0 ses=5 op="invalid_pcr" cause="open_writers" comm="syz-executor716" name="/root/bus" dev="sda1" ino=15707 res=1
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
BUG: unable to handle kernel NULL pointer dereference at           (null)
IP:           (null)
PGD a1b7b067 P4D a1b7b067 PUD aa629067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 3299 Comm: kworker/0:2 Not tainted 4.14.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: pencrypt padata_serial_worker
task: ffff8880aa6f0600 task.stack: ffff8880aabc8000
RIP: 0010:          (null)
RSP: 0018:ffff8880aabcfcd0 EFLAGS: 00010296
RAX: 0000000000000000 RBX: ffff8880a3888090 RCX: 1ffff11015579fa2
RDX: 1ffff1101471100a RSI: 0000000000000000 RDI: ffff8880a3888040
RBP: dffffc0000000000 R08: ffffe8ffffc27170 R09: 0000000000000002
R10: 0000000000000000 R11: ffff8880aa6f0600 R12: 0000000000000001
R13: ffff8880aabcfd10 R14: ffff8880b0f7ff00 R15: ffff8880a3888098
FS:  0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000009f028000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 padata_serial_worker+0x232/0x3e0 kernel/padata.c:307
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code:  Bad RIP value.
RIP:           (null) RSP: ffff8880aabcfcd0
CR2: 0000000000000000
---[ end trace f6b31047ff78f7a3 ]---

Crashes (40):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/11/16 03:52 linux-4.14.y 27ce4f2a6817 1bf9a662 .config console log report syz C ci2-linux-4-14
2022/09/12 16:58 linux-4.14.y 65640c873dcf f371ed7e .config console log report info [disk image] [vmlinux] ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2022/08/03 01:08 linux-4.14.y b641242202ed 1c9013ac .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2022/07/18 16:43 linux-4.14.y 424a46ea058e ff988920 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2022/07/13 23:03 linux-4.14.y 424a46ea058e 5d921b08 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2022/02/11 20:19 linux-4.14.y 8034e99d1a01 8b9ca619 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/04/12 20:52 linux-4.14.y 958e517f4e16 6a81331a .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/04/05 03:32 linux-4.14.y bd634aa64163 6a81331a .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/03/24 13:50 linux-4.14.y 670d6552eda8 607e3baf .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/03/12 18:15 linux-4.14.y c7150cd2fa8c 429d8a6b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/02/23 02:44 linux-4.14.y 29c52025152b fcc6d71b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/02/22 13:36 linux-4.14.y 29c52025152b c26fb06b .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/01/29 19:59 linux-4.14.y 2d2791fce891 fc9fd31e .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/01/29 08:15 linux-4.14.y 2d2791fce891 6593fd32 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel NULL pointer dereference in padata_serial_worker
2021/01/12 21:21 linux-4.14.y f79dc86058bc 0cdd6185 .config console log report info ci2-linux-4-14
2021/01/11 15:45 linux-4.14.y ec822b3e8bf4 2c1f2513 .config console log report info ci2-linux-4-14
2021/01/07 01:01 linux-4.14.y 1752938529c6 c104d4a3 .config console log report info ci2-linux-4-14
2021/01/06 11:53 linux-4.14.y 1752938529c6 fff20c29 .config console log report info ci2-linux-4-14
2021/01/05 20:28 linux-4.14.y 1752938529c6 a0234d98 .config console log report info ci2-linux-4-14
2020/12/31 06:32 linux-4.14.y 1752938529c6 5cc121d6 .config console log report info ci2-linux-4-14
2020/12/28 02:43 linux-4.14.y 3f2ecb86cb90 2242f77f .config console log report info ci2-linux-4-14
2020/12/02 08:47 linux-4.14.y c196b3a9c83a c42a35e9 .config console log report info ci2-linux-4-14
2020/11/25 05:44 linux-4.14.y 87335852c5d9 1a1f4bd8 .config console log report info ci2-linux-4-14
2020/11/20 04:55 linux-4.14.y 8961076ed318 0767f13f .config console log report info ci2-linux-4-14
2020/11/11 09:02 linux-4.14.y 27ce4f2a6817 cca87986 .config console log report info ci2-linux-4-14
2020/11/10 01:31 linux-4.14.y 6b6446efedb2 cba33199 .config console log report info ci2-linux-4-14
2020/11/08 18:47 linux-4.14.y 6b6446efedb2 cba33199 .config console log report info ci2-linux-4-14
2020/11/07 05:07 linux-4.14.y 6b6446efedb2 cba33199 .config console log report info ci2-linux-4-14
2020/11/05 08:58 linux-4.14.y 2b7915014161 cba33199 .config console log report info ci2-linux-4-14
2020/10/13 09:03 linux-4.14.y cbfa1702aaf6 bd69ee0d .config console log report info ci2-linux-4-14
2020/09/29 18:33 linux-4.14.y cbfa1702aaf6 5abc3f1a .config console log report info ci2-linux-4-14
2020/09/15 08:35 linux-4.14.y cbfa1702aaf6 9e681632 .config console log report info ci2-linux-4-14
2020/09/07 04:13 linux-4.14.y 2f166cdcf8a9 abf9ba4f .config console log report ci2-linux-4-14
2020/08/24 12:27 linux-4.14.y 6a24ca2506d6 67b599d1 .config console log report ci2-linux-4-14
2020/06/19 18:15 linux-4.14.y b850307b279c 123cf502 .config console log report ci2-linux-4-14
2020/06/08 12:10 linux-4.14.y c6db52a88798 7604bb03 .config console log report ci2-linux-4-14
2020/06/07 22:08 linux-4.14.y c6db52a88798 7751efd0 .config console log report ci2-linux-4-14
2020/06/07 21:54 linux-4.14.y c6db52a88798 7751efd0 .config console log report ci2-linux-4-14
2020/05/17 18:42 linux-4.14.y ab9dfda23248 37bccd4e .config console log report ci2-linux-4-14
2020/05/17 07:11 linux-4.14.y ab9dfda23248 37bccd4e .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.