syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in ida_remove

Status: public: reported syz repro on 2019/04/14 08:51
Reported-by: syzbot+6b343e96df04b8d9a600@syzkaller.appspotmail.com
First crash: 1919d, last: 1919d

Sample crash report:
  cache: kmalloc-64, object size: 64, buffer size: 96, default order: 0, min order: 0
  node 0: slabs: 478, objs: 20076, free: 0
tty_init_dev: ldisc open failed, clearing slot 11
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 3032 Comm: syz-executor1 Not tainted 4.4.171+ #11
task: ffff8800babf4740 task.stack: ffff880025fd8000
RIP: 0010:[<ffffffff81aaf941>]  [<ffffffff81aaf941>] ida_remove+0x31/0x270 lib/idr.c:1013
RSP: 0018:ffff880025fdf840  EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801d8fa1100 RCX: 0000000000000000
RDX: 0000000000000002 RSI: ffffffff81aaf92c RDI: 0000000000000010
RBP: ffff880025fdf888 R08: 0000000000000000 R09: ffff8800babf5050
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8800ba5c3180 R15: ffff8801d8fa16f0
FS:  00007f62eb731700(0000) GS:ffff8801db600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001980938 CR3: 000000003f89c000 CR4: 00000000001606b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff813afaa7 0000000000000001 0000000000000010 0000000b2076937d
 ffff8801d8fa1100 0000000000000000 000000000000000b ffff8800ba5c3180
 ffff8801d8fa16f0 ffff880025fdf8a8 ffffffff8162612c 0000000000000000
Call Trace:
 [<ffffffff8162612c>] devpts_kill_index+0x2c/0x50 fs/devpts/inode.c:569
 [<ffffffff81ca3a68>] pty_unix98_shutdown+0xf8/0x170 drivers/tty/pty.c:686
 [<ffffffff81c887e9>] release_tty+0xb9/0x350 drivers/tty/tty_io.c:1699
 [<ffffffff81c8a33c>] tty_init_dev drivers/tty/tty_io.c:1575 [inline]
 [<ffffffff81c8a33c>] tty_init_dev+0x1dc/0x420 drivers/tty/tty_io.c:1515
 [<ffffffff81ca4826>] ptmx_open drivers/tty/pty.c:770 [inline]
 [<ffffffff81ca4826>] ptmx_open+0xf6/0x320 drivers/tty/pty.c:737
 [<ffffffff814a3810>] chrdev_open+0x230/0x630 fs/char_dev.c:388
 [<ffffffff8149101f>] do_dentry_open+0x38f/0xbd0 fs/open.c:749
 [<ffffffff8149480b>] vfs_open+0x10b/0x210 fs/open.c:862
 [<ffffffff814c572f>] do_last fs/namei.c:3269 [inline]
 [<ffffffff814c572f>] path_openat+0x136f/0x4470 fs/namei.c:3406
 [<ffffffff814cc401>] do_filp_open+0x1a1/0x270 fs/namei.c:3440
 [<ffffffff81495138>] do_sys_open+0x2f8/0x600 fs/open.c:1038
 [<ffffffff814954b0>] SYSC_openat fs/open.c:1065 [inline]
 [<ffffffff814954b0>] SyS_openat+0x30/0x40 fs/open.c:1059
 [<ffffffff82717c21>] entry_SYSCALL_64_fastpath+0x1e/0x9a
Code: 41 56 41 55 49 89 fd 41 54 53 48 83 ec 20 89 75 d4 e8 b4 9a 85 ff 49 8d 7d 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e e5 01 00 00 48 63 45 d4 b9 
RIP  [<ffffffff81aaf941>] ida_remove+0x31/0x270 lib/idr.c:1013
 RSP <ffff880025fdf840>
---[ end trace 0653c54fd60f8c1f ]---

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/01/23 05:16 https://android.googlesource.com/kernel/common android-4.4 24189101975d b1ff06b2 .config console log report syz ci-android-44-kasan-gce
* Struck through repros no longer work on HEAD.