syzbot

 sign-in | mailing list | source | docs
🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in ___preempt_schedule

Status: auto-closed as invalid on 2020/10/15 16:20
Reported-by: syzbot+3fb7ccdd48a567f08238@syzkaller.appspotmail.com
First crash: 1408d, last: 1408d

Sample crash report:
BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: ___preempt_schedule+0x16/0x18
PGD a863a067 P4D a863a067 PUD 9ee46067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 11739 Comm: syz-executor.5 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a5cfa600 task.stack: ffff8880863c8000
RIP: 0010:___preempt_schedule+0x16/0x18
RSP: 0018:ffff8880863cfab0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000282 RCX: 0000000000000000
RDX: 1ffff11015da57e3 RSI: 1ffff11010c79f41 RDI: ffff8880aed2bf18
RBP: ffff8880863cfaf8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff11010c79f66
FS:  00007f8f472af700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000008bb82000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
 _raw_spin_unlock_irqrestore+0xaf/0xe0 kernel/locking/spinlock.c:192
 spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
 __wake_up_common_lock+0xcd/0x140 kernel/sched/wait.c:126
 wakeup_pipe_writers+0x54/0x80 fs/splice.c:459
 splice_from_pipe_next.part.0+0x1b4/0x290 fs/splice.c:562
 splice_from_pipe_next fs/splice.c:545 [inline]
 __splice_from_pipe+0xf9/0x740 fs/splice.c:624
 vmsplice_to_user+0x197/0x1c0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
BUG: unable to handle kernel paging request at 0000000000040000
IP: in_gate_area_no_mm+0x0/0x4a arch/x86/entry/vsyscall/vsyscall_64.c:333
PGD a863a067 P4D a863a067 PUD 9ee46067 PMD 0 
Oops: 0002 [#2] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 11739 Comm: syz-executor.5 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a5cfa600 task.stack: ffff8880863c8000
RIP: 0010:in_gate_area_no_mm+0x0/0x4a arch/x86/entry/vsyscall/vsyscall_64.c:333
RSP: 0018:ffff8880863cf110 EFLAGS: 00010046
RAX: 0000000000040000 RBX: 1ffff11010c79e2b RCX: ffffc90012fde000
RDX: 0000000000040000 RSI: ffffffff81536138 RDI: 000000000045ca59
RBP: 000000000045ca59 R08: ffff8880863cf240 R09: fffffbfff146817a
R10: fffffbfff1468179 R11: ffffffff8a340bcb R12: ffff8880863cf240
R13: ffff8880863cf178 R14: ffff8880863cf1b8 R15: ffff8880863cf198
FS:  00007f8f472af700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000040000 CR3: 000000008bb82000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 is_kernel kernel/kallsyms.c:74 [inline]
 is_ksym_addr kernel/kallsyms.c:80 [inline]
 kallsyms_lookup+0xa0/0x260 kernel/kallsyms.c:324
 __sprint_symbol+0x89/0x190 kernel/kallsyms.c:393
 symbol_string+0x174/0x1b0 lib/vsprintf.c:685
 pointer+0x3d4/0xa00 lib/vsprintf.c:1728
 vsnprintf+0x4ed/0x1350 lib/vsprintf.c:2185
 vscnprintf+0x29/0x60 lib/vsprintf.c:2284
 vprintk_store+0x3f/0x310 kernel/printk/printk.c:1848
 vprintk_emit+0xf9/0x600 kernel/printk/printk.c:1906
 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401
 printk+0x9e/0xbc kernel/printk/printk.c:1996
 show_iret_regs+0x1d/0x3f arch/x86/kernel/dumpstack.c:75
 __show_regs+0x18/0x50 arch/x86/kernel/process_64.c:74
 show_trace_log_lvl+0x23f/0x281 arch/x86/kernel/dumpstack.c:218
 show_regs+0x58/0xfd arch/x86/kernel/dumpstack_64.c:170
 __die+0x92/0xb8 arch/x86/kernel/dumpstack.c:330
 no_context+0x5bb/0x7c0 arch/x86/mm/fault.c:857
 __bad_area_nosemaphore+0x1f3/0x2c0 arch/x86/mm/fault.c:948
 __do_page_fault+0x842/0xb50 arch/x86/mm/fault.c:1412
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:___preempt_schedule+0x16/0x18
RSP: 0018:ffff8880863cfab0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000282 RCX: 0000000000000000
RDX: 1ffff11015da57e3 RSI: 1ffff11010c79f41 RDI: ffff8880aed2bf18
RBP: ffff8880863cfaf8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: 1ffff11010c79f66
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:161 [inline]
 _raw_spin_unlock_irqrestore+0xaf/0xe0 kernel/locking/spinlock.c:192
 spin_unlock_irqrestore include/linux/spinlock.h:372 [inline]
 __wake_up_common_lock+0xcd/0x140 kernel/sched/wait.c:126
 wakeup_pipe_writers+0x54/0x80 fs/splice.c:459
 splice_from_pipe_next.part.0+0x1b4/0x290 fs/splice.c:562
 splice_from_pipe_next fs/splice.c:545 [inline]
 __splice_from_pipe+0xf9/0x740 fs/splice.c:624
 vmsplice_to_user+0x197/0x1c0 fs/splice.c:1272
 SYSC_vmsplice fs/splice.c:1353 [inline]
 SyS_vmsplice+0x12a/0x150 fs/splice.c:1334
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
BUG: unable to handle kernel paging request at 0000000000040000
IP: in_gate_area_no_mm+0x0/0x4a arch/x86/entry/vsyscall/vsyscall_64.c:333
PGD a863a067 P4D a863a067 PUD 9ee46067 PMD 0 
Oops: 0002 [#3] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 11739 Comm: syz-executor.5 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a5cfa600 task.stack: ffff8880863c8000
RIP: 0010:in_gate_area_no_mm+0x0/0x4a arch/x86/entry/vsyscall/vsyscall_64.c:333
RSP: 0018:ffff8880863ce758 EFLAGS: 00010046
RAX: 0000000000040000 RBX: 1ffff11010c79cf4 RCX: ffffc90012fde000
RDX: 0000000000040000 RSI: ffffffff81536138 RDI: 000000000045ca59
RBP: 000000000045ca59 R08: ffff8880863ce888 R09: ffffed1015da44bd
R10: ffffed1015da44bc R11: ffff8880aed225e5 R12: ffff8880863ce888
R13: ffff8880863ce7c0 R14: ffff8880863ce800 R15: ffff8880863ce7e0
FS:  00007f8f472af700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000040000 CR3: 000000008bb82000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 is_kernel kernel/kallsyms.c:74 [inline]
 is_ksym_addr kernel/kallsyms.c:80 [inline]
 kallsyms_lookup+0xa0/0x260 kernel/kallsyms.c:324
 __sprint_symbol+0x89/0x190 kernel/kallsyms.c:393
 symbol_string+0x174/0x1b0 lib/vsprintf.c:685
 pointer+0x3d4/0xa00 lib/vsprintf.c:1728
 vsnprintf+0x4ed/0x1350 lib/vsprintf.c:2185
 vscnprintf+0x29/0x60 lib/vsprintf.c:2284
 printk_safe_log_store+0xc5/0x1a0 kernel/printk/printk_safe.c:108
 vprintk_safe kernel/printk/printk_safe.c:361 [inline]
 vprintk_func+0xfa/0x152 kernel/printk/printk_safe.c:398
 printk+0x9e/0xbc kernel/printk/printk.c:1996
 show_iret_regs+0x1d/0x3f arch/x86/kernel/dumpstack.c:75
 __show_regs+0x18/0x50 arch/x86/kernel/process_64.c:74
 show_trace_log_lvl+0x23f/0x281 arch/x86/kernel/dumpstack.c:218
 show_regs+0x58/0xfd arch/x86/kernel/dumpstack_64.c:170
 __die+0x92/0xb8 arch/x86/kernel/dumpstack.c:330
 no_context+0x5bb/0x7c0 arch/x86/mm/fault.c:857
 __bad_area_nosemaphore+0x1f3/0x2c0 arch/x86/mm/fault.c:948
 __do_page_fault+0x195/0xb50 arch/x86/mm/fault.c:1374
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:in_gate_area_no_mm+0x0/0x4a arch/x86/entry/vsyscall/vsyscall_64.c:333
RSP: 0018:ffff8880863cf110 EFLAGS: 00010046
RAX: 0000000000040000 RBX: 1ffff11010c79e2b RCX: ffffc90012fde000
RDX: 0000000000040000 RSI: ffffffff81536138 RDI: 000000000045ca59
RBP: 000000000045ca59 R08: ffff8880863cf240 R09: fffffbfff146817a
R10: fffffbfff1468179 R11: ffffffff8a340bcb R12: ffff8880863cf240
R13: ffff8880863cf178 R14: ffff8880863cf1b8 R15: ffff8880863cf198
 is_kernel kernel/kallsyms.c:74 [inline]
 is_ksym_addr kernel/kallsyms.c:80 [inline]
 kallsyms_lookup+0xa0/0x260 kernel/kallsyms.c:324
 __sprint_symbol+0x89/0x190 kernel/kallsyms.c:393
 symbol_string+0x174/0x1b0 lib/vsprintf.c:685
 pointer+0x3d4/0xa00 lib/vsprintf.c:1728
 vsnprintf+0x4ed/0x1350 lib/vsprintf.c:2185
 vscnprintf+0x29/0x60 lib/vsprintf.c:2284
 vprintk_store+0x3f/0x310 kernel/printk/printk.c:1848
 vprintk_emit+0xf9/0x600 kernel/printk/printk.c:1906
 vprintk_func+0x58/0x152 kernel/printk/printk_safe.c:401
 printk+0x9e/0xbc kernel/printk/printk.c:1996
 show_iret_regs+0x1d/0x3f arch/x86/kernel/dumpstack.c:75
 __show_regs+0x18/0x50 arch/x86/kernel/process_64.c:74
 show_trace_log_lvl+0x23f/0x281 arch/x86/kernel/dumpstack.c:218
 show_regs+0x58/0xfd arch/x86/kernel/dumpstack_64.c:170
 __die+0x92/0xb8 arch/x86/kernel/dumpstack.c:330
 no_context+0x5bb/0x7c0 arch/x86/mm/fault.c:857
 __bad_area_nosemaphore+0x1f3/0x2c0 arch/x86/mm/fault.c:948
 __do_page_fault+0x842/0xb50 arch/x86/mm/fault.c:1412
 page_fault+0x25/0x50 arch/x86/entry/entry_64.S:1123
RIP: 0010:___preempt_schedule+0x16/0x18
RSP: 0018:ffff8880863cfab0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000282 RCX: 0000000000000000

Lost 102 message(s)!

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/17 16:20 linux-4.14.y b850307b279c b6c46f43 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.