syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6009]
🐞 Invalid [14804]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in commit_creds

Status: closed as invalid on 2018/09/05 12:51
Subsystems: kernel
[Documentation on labels]
First crash: 2395d, last: 2395d

Sample crash report:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0 
Oops: 0000 [#1] SMP PTI
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 23182 Comm: blkid Not tainted 4.17.0+ #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__read_once_size include/linux/compiler.h:197 [inline]
RIP: 0010:atomic_read arch/x86/include/asm/atomic.h:31 [inline]
RIP: 0010:commit_creds+0xdf/0x1470 kernel/cred.c:438
RSP: 0018:ffff880106c0f828 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8801d1aa3b40 RCX: ffff880144f72360
RDX: ffff880144f72360 RSI: aaaaaaaaaaaab000 RDI: 0000000000000000
RBP: ffff880106c0f8f8 R08: 0000000001080020 R09: 0000000000000002
R10: 0000000000000000 R11: 000000000000002f R12: 0000000000000000
R13: ffff8801d1aa3b40 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f64b04647a0(0000) GS:ffff88021fd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000102378000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 install_exec_creds+0x80/0x1b0 fs/exec.c:1451
 load_elf_binary+0x1781/0x8fe0 fs/binfmt_elf.c:883
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 0 PID: 23187 Comm: syz-executor1 Not tainted 4.17.0+ #22
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:113
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x87b/0xab0 lib/fault-inject.c:149
 __should_failslab+0x278/0x2a0 mm/failslab.c:32
 should_failslab+0x29/0x70 mm/slab_common.c:1522
 search_binary_handler+0x2f4/0xac0 fs/exec.c:1653
 slab_pre_alloc_hook mm/slab.h:423 [inline]
 slab_alloc_node mm/slub.c:2679 [inline]
 __kmalloc_node+0x22f/0x1200 mm/slub.c:3859
 exec_binprm fs/exec.c:1695 [inline]
 do_execveat_common+0x22e4/0x2db0 fs/exec.c:1817
 do_execve fs/exec.c:1862 [inline]
 __do_sys_execve fs/exec.c:1943 [inline]
 __se_sys_execve fs/exec.c:1938 [inline]
 __x64_sys_execve+0x127/0x180 fs/exec.c:1938
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
 kmalloc_node include/linux/slab.h:554 [inline]
 kzalloc_node include/linux/slab.h:712 [inline]
 mempool_create_node+0x10b/0xc70 mm/mempool.c:189
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
RIP: 0033:0x7f64afb48207
RSP: 002b:00007ffd2d7093d8 EFLAGS: 00000206
 mempool_create+0xd4/0xf0 mm/mempool.c:179
 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f64afb48207
RDX: 00000000013e40e0 RSI: 00007ffd2d7094d0 RDI: 00007ffd2d70a4e0
 mempool_create_kmalloc_pool include/linux/mempool.h:61 [inline]
 create_fs_client fs/ceph/super.c:655 [inline]
 ceph_mount+0x11bc/0x30a0 fs/ceph/super.c:1027
RBP: 0000000000625500 R08: 0000000000001a85 R09: 0000000000001a85
R10: 0000000000000000 R11: 0000000000000206 R12: 00000000013e40e0
 mount_fs+0x29b/0x780 fs/super.c:1277
R13: 0000000000000007 R14: 00000000013dd250 R15: 0000000000000005
 vfs_kern_mount+0x222/0x990 fs/namespace.c:1037
Code: 
 do_new_mount fs/namespace.c:2518 [inline]
 do_mount+0xca5/0x4ed0 fs/namespace.c:2848
f0 
74 
12 
 ksys_mount+0x32e/0x3d0 fs/namespace.c:3064
48 
 __do_sys_mount fs/namespace.c:3078 [inline]
 __se_sys_mount fs/namespace.c:3075 [inline]
 __x64_sys_mount+0x157/0x1c0 fs/namespace.c:3075
89 
d9 
 do_syscall_64+0x15b/0x230 arch/x86/entry/common.c:287
4c 
 entry_SYSCALL_64_after_hwframe+0x63/0xe7
31 
RIP: 0033:0x455e29
e9 
RSP: 002b:00007f7699f42c68 EFLAGS: 00000246
48 
 ORIG_RAX: 00000000000000a5
f7 
RAX: ffffffffffffffda RBX: 00007f7699f436d4 RCX: 0000000000455e29
d0 
RDX: 0000000020000080 RSI: 0000000020000040 RDI: 0000000020000000
48 
RBP: 000000000072bea0 R08: 00000000200000c0 R09: 0000000000000000
21 
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000013
c8 
R13: 00000000004c248a R14: 00000000004d0058 R15: 000000000000005d
0f 84 bc 02 00 00 4c 39 eb 0f 85 cb 02 00 00 4d 85 ff 0f 85 c7 02 00 00 48 8b 7d b8 <8b> 1f e8 0a 62 8f 00 83 38 00 0f 85 c0 02 00 00 85 db 0f 8e c7 
RIP: __read_once_size include/linux/compiler.h:197 [inline] RSP: ffff880106c0f828
RIP: atomic_read arch/x86/include/asm/atomic.h:31 [inline] RSP: ffff880106c0f828
RIP: commit_creds+0xdf/0x1470 kernel/cred.c:438 RSP: ffff880106c0f828
CR2: 0000000000000000
---[ end trace 03b5e8bc6a2289b6 ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/09 06:24 https://github.com/google/kmsan.git master a00de5aa4da3 f25e5770 .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.