syzbot


BUG: unable to handle kernel access to user memory in schedule_tail

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+e74b94fe601ab9552d69@syzkaller.appspotmail.com
Fix commit: 285a76bb2cf5 riscv: evaluate put_user() arg before enabling user access
First crash: 571d, last: 549d
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
BUG: unable to handle kernel access to user memory in sock_ioctl 155 549d 571d 0/24 closed as dup on 2021/03/18 15:18

Sample crash report:
Unable to handle kernel access to user memory without uaccess routines at virtual address 00000000085580d0
Oops [#1]
Modules linked in:
CPU: 0 PID: 3551 Comm: syz-executor.1 Not tainted 5.12.0-rc5-syzkaller-00715-ga5e13c6df0e4 #0
Hardware name: riscv-virtio,qemu (DT)
epc : schedule_tail+0x72/0xb2 kernel/sched/core.c:4262
 ra : task_pid_vnr include/linux/sched.h:1421 [inline]
 ra : schedule_tail+0x70/0xb2 kernel/sched/core.c:4262
epc : ffffffe00008f4c4 ra : ffffffe00008f4c2 sp : ffffffe00cd43ec0
 gp : ffffffe004588b08 tp : ffffffe006f617c0 t0 : 0000000000000000
 t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe00cd43ee0
 s1 : 00000000085580d0 a0 : 000000000000000b a1 : 0000000000000003
 a2 : 1ffffffc0cfa8708 a3 : ffffffe0000d30bc a4 : 710c89d92b59ec00
 a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe0001041aa
 s2 : 0000000000040000 s3 : ffffffe020bfdf00 s4 : ffffffe0057b7fe0
 s5 : 0000000000004000 s6 : ffffffe067d55ec0 s7 : ffffffe067d55910
 s8 : ffffffe067d54ed8 s9 : ffffffe067d55ec0 s10: ffffffe020bfe338
 s11: 000000a86cc2c0d0 t3 : 710c89d92b59ec00 t4 : ffffffc4041af7b2
 t5 : ffffffc4041af7ba t6 : 0000000000040000
status: 0000000000000120 badaddr: 00000000085580d0 cause: 000000000000000f
Call Trace:
[<ffffffe00008f4c4>] schedule_tail+0x72/0xb2 kernel/sched/core.c:4262
[<ffffffe000005580>] ret_from_exception+0x0/0x14
---[ end trace c1c2938c6651c311 ]---

Crashes (21843):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu2-riscv64 2021/04/02 04:47 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 04:17 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 03:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 03:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 02:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 02:27 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 01:25 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 00:55 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/02 00:22 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 23:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 23:32 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 23:05 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 22:38 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 22:12 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 21:45 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 21:13 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 20:15 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 19:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 19:13 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 18:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 18:41 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 17:40 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 17:05 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 16:39 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 16:12 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 15:45 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 15:16 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 14:50 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 14:23 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 13:59 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 13:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 13:00 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 12:34 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 12:06 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 11:40 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 11:08 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 10:44 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 10:16 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 09:48 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 09:19 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 08:50 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/04/01 08:23 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes a5e13c6df0e4 6a81331a .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/03/10 16:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0d7588ab9ef9 764067f3 .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
ci-qemu2-riscv64 2021/03/10 16:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 0d7588ab9ef9 764067f3 .config log report info BUG: unable to handle kernel access to user memory in schedule_tail
* Struck through repros no longer work on HEAD.