syzbot

 sign-in | mailing list | source | docs
🐞 Open [1501]
Subsystems
🐞 Fixed [6533]
🐞 Invalid [16697]
Missing Backports [202]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in futex_wake

Status: closed as invalid on 2018/09/05 12:51
Subsystems: kernel
[Documentation on labels]
First crash: 2560d, last: 2560d

Sample crash report:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 8000000122c9e067 P4D 8000000122c9e067 PUD 122cd4067 PMD 0 
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 28082 Comm: syz-executor5 Not tainted 4.19.0-rc1+ #36
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:futex_wake+0x33d/0xbe0 kernel/futex.c:1538
Code: 00 4d 85 ed 74 24 e9 eb 00 00 00 66 90 e8 6b dc 13 00 49 89 dd 8b 85 68 ff ff ff 89 45 c8 4d 89 f7 4d 85 ed 0f 85 cc 00 00 00 <4d> 8b 37 4c 89 ff e8 48 d3 6e 00 49 8d 5f 20 48 8b 00 48 89 45 a0
RSP: 0018:ffff88010a3ef980 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
RDX: ffffc9000391d000 RSI: 000000000000010c RDI: 000000000000010d
RBP: ffff88010a3efa80 R08: 0000000000000000 R09: ffff88021fc39250
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f305d4da700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000122d1a000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 do_futex+0x9f6/0x6a60 kernel/futex.c:3533
 __do_sys_futex kernel/futex.c:3589 [inline]
 __se_sys_futex+0x372/0x7d0 kernel/futex.c:3557
 ? syscal[  805.882028] PANIC: double fault, error_code: 0x0
WARNING: kernel stack regs at 0000000048fe514a in syz-executor5:0 has bad 'bp' value 00000000920c2fc1
unwind stack type:5 next_sp:0000000078c78ff3 mask:0x20 graph_idx:0
00000000443bbe8c: fffffe000000a8c8 (0xfffffe000000a8c8)
00000000e1ed48ff: ffffffff810e9f5e (__save_stack_trace+0x6ae/0xaa0)
00000000af881f65: 0000000000000005 (0x5)
0000000056b734ed: fffffe0000007000 (0xfffffe0000007000)
00000000c2544310: fffffe000000b000 (0xfffffe000000b000)
000000004bf0e598: 000075fecd3e3fc8 (0x75fecd3e3fc8)
0000000099733330: 0000000000000020 (0x20)
000000000bf33f1a: ffff880132c23b00 (0xffff880132c23b00)
000000000fc3b4ac: 0000010100000000 (0x10100000000)
000000003d40de42: 0000000000000000 ...
0000000060619094: fffffe000000a798 (0xfffffe000000a798)
00000000a06c42c7: ffffffff81405417 (printk+0x77/0x1c0)
000000004bd4b6fe: fffffe000000af58 (0xfffffe000000af58)
00000000804d0e80: ffff880132c243f2 (0xffff880132c243f2)
000000009d84d927: 0000000000000002 (0x2)
00000000e89e7f14: 0000000000000002 (0x2)
00000000306ef339: ffffffff88b99d3d (vsnprintf+0x26d/0x31a0)
00000000fec7ddc4: ffffffff00000000 (0xffffffff00000000)
00000000d07a41a5: ffff88021fc858b0 (0xffff88021fc858b0)
00000000fde25988: fffffe000000a990 (0xfffffe000000a990)
000000003de9af9d: 0000000000000000 ...
00000000566059bd: ffffffff81405417 (printk+0x77/0x1c0)
00000000fd1fcdac: fffffe000000a92c (0xfffffe000000a92c)
0000000043a642e8: 0000000a00000000 (0xa00000000)
00000000264ddde0: fffffe000000a938 (0xfffffe000000a938)
00000000d0b3a488: 0000000000000000 ...
00000000125d5fb0: fffffe000000a930 (0xfffffe000000a930)
000000008a35bfc6: 0000000000000000 ...
000000006ea9ab22: fffffe000000a928 (0xfffffe000000a928)
00000000bb40d221: 0000000000000009 (0x9)
00000000acee2ba3: 0000000000000000 ...
00000000e86e0d83: 000000000000a938 (0xa938)
000000006e03b306: 0000000000000000 ...
000000004dcc37a6: fffffe000000a938 (0xfffffe000000a938)
00000000dbd6b6d3: ffff88021fc39250 (0xffff88021fc39250)
00000000d8a7d27f: 0000000000000000 ...
00000000b1b4ae28: 0000000000000001 (0x1)
000000009651592e: fffffe000000a910 (0xfffffe000000a910)
00000000560540bc: ffffffff810e9873 (save_stack_trace+0xa3/0xe0)
000000005f1ca534: fffffe000000a928 (0xfffffe000000a928)
00000000dece5a9e: 0000000000000000 ...
00000000bfbd9743: 0000d419170cba00 (0xd419170cba00)
00000000c2e07225: 0000d419170cba00 (0xd419170cba00)
0000000055bbdb3b: 0000ed41917ddd00 (0xed41917ddd00)
000000003b8c872b: 00000000f780018b (0xf780018b)
000000005f387e5c: 0000000000000001 (0x1)
00000000af884b74: fffffe000000abc8 (0xfffffe000000abc8)
000000004e6dd1ea: ffffffff81c14808 (kmsan_internal_chain_origin+0x128/0x210)
0000000019d887a4: fffffe000000aa28 (0xfffffe000000aa28)
0000000052f99b36: 000000400000000a (0x400000000a)
00000000adda05cc: fffffe000000a990 (0xfffffe000000a990)
0000000034e6d8ba: 0000000000000000 ...
00000000d115f658: 0000d419170cba01 (0xd419170cba01)
000000006b6108bb: 0000000000000000 ...
00000000e7760585: ffffffff89471202 (hswep_uncore_irp_ctrs+0xbb2/0x29e0)
000000003a4ad78f: ffff880132c24400 (0xffff880132c24400)
000000009764c99e: 0000000300000003 (0x300000003)
000000008e8fb022: fffffe000000a940 (0xfffffe000000a940)
00000000e98fdb63: fffffe0000000000 (0xfffffe0000000000)
000000007abdde37: 0000000400000004 (0x400000004)
00000000d307085a: ffff8800a4e07bd8 (0xffff8800a4e07bd8)
0000000030763d5a: 0000000000000000 ...
0000000044fff067: ffffffff81c14808 (kmsan_internal_chain_origin+0x128/0x210)
0000000057cc3815: ffffffff81c17689 (__msan_chain_origin+0x69/0xc0)
000000006afea726: ffffffff810ab66d (get_stack_info+0x8cd/0x9b0)
000000002eac376e: ffffffff811908dd (__unwind_start+0x7d/0xe0)
00000000749cc15f: ffffffff810ada53 (show_trace_log_lvl+0x2d3/0x10d0)
0000000023b0afd6: ffffffff810af4cc (show_regs+0xcc/0x100)
000000006ff73ef8: ffffffff8117f2d6 (df_debug+0x86/0xb0)
0000000057abcdc4: ffffffff8109acf2 (do_double_fault+0x302/0x410)
000000008693aed3: ffffffff88c00c8e (double_fault+0x1e/0x30)
00000000b96fe811: ffffffff81405417 (printk+0x77/0x1c0)
00000000dc4f85c4: 0000000000000000 ...
00000000281324b2: f2e000000000ab00 (0xf2e000000000ab00)
00000000555c8368: ffff880132c24400 (0xffff880132c24400)
000000007d040231: 0000000000000000 ...
00000000d832ddc9: 0000000000000046 (0x46)
0000000039917229: 0000000000000046 (0x46)
0000000084db7f68: 0000000000000401 (0x401)
0000000058267633: 0000000000000003 (0x3)
00000000e5c3191c: ffff88021fc32338 (0xffff88021fc32338)
000000002ae0a281: 0000000000000000 ...
00000000583079ee: ffff880132c24400 (0xffff880132c24400)
00000000eadb003a: fffffe000000aa58 (0xfffffe000000aa58)
00000000fe230434: ffffffff81c172c0 (__msan_metadata_ptr_for_load_8+0x10/0x20)
000000009ae4eac3: fffffe000000aaa0 (0xfffffe000000aaa0)
00000000c6ae0c26: ffffffff8177590d (irq_work_queue+0x14d/0x300)
000000007d19e41f: ffff880132c24400 (0xffff880132c24400)
00000000d494f488: 0000000000000000 ...
00000000fd280415: 0000000000000401 (0x401)
000000005cfc5061: 0000000000000000 ...
000000001256ca04: 000000000000000e (0xe)
000000007d78fcf3: 0000000000000000 ...
00000000f661c738: ffff880132c24400 (0xffff880132c24400)
000000005e397071: fffffe000000ab50 (0xfffffe000000ab50)
00000000b5054bf8: ffffffff814192ab (printk_safe_log_store+0x43b/0x4c0)
000000001117e225: 0000000000000018 (0x18)
00000000ebf3a54d: 0000000000000000 ...
0000000000ea21ed: ffffffff81c1787b (kmsan_set_origin_inline+0x6b/0x120)
000000004def5154: 00000000b220014c (0xb220014c)
00000000789ef255: ffff88021fc32330 (0xffff88021fc32330)
000000006b697470: ffff880132c24400 (0xffff880132c24400)
0000000000b91f38: ffffffff00000000 (0xffffffff00000000)
00000000a7b741b3: 0000000000000000 ...
00000000e983f767: ffffffff894711f4 (hswep_uncore_irp_ctrs+0xba4/0x29e0)
00000000878dea95: fffffe000000ac30 (0xfffffe000000ac30)
00000000c1ae59dd: 0000003000000010 (0x3000000010)
00000000718de0ef: fffffe000000acd0 (0xfffffe000000acd0)
0000000071e50a95: fffffe000000ac50 (0xfffffe000000ac50)
0000000091209f23: 0000000000000046 (0x46)
00000000abef7a65: fffffe000000ac10 (0xfffffe000000ac10)
00000000c2babc85: ffff880132c24400 (0xffff880132c24400)
000000004c4e68ca: ffff880132c23b00 (0xffff880132c23b00)
00000000a858536d: ffff880132c24400 (0xffff880132c24400)
00000000880182ba: 0000000000000000 ...
00000000dad52128: 0000000000000046 (0x46)
00000000530b7d1b: fffffe000000aba0 (0xfffffe000000aba0)
00000000652bfc57: ffffffff81c17c40 (__msan_warning+0x70/0xc0)
00000000a7f9f421: ffffffff811ccebc (get_cpu_entry_area+0xc/0x30)
0000000034c54e91: fffffe000000acf0 (0xfffffe000000acf0)
00000000cee0edc3: fffffe000000ab98 (0xfffffe000000ab98)
00000000e3385a95: ffffffff81c15530 (get_cea_origin_or_null+0x30/0x60)
00000000333fb4fd: ffffffff8a120000 (dummy_shadow_store_page+0x1000/0x1000)
00000000b68f8793: ffffffff8a11f000 (dummy_origin_load_page+0x1000/0x1000)
0000000088e6e800: fffffe000000abf8 (0xfffffe000000abf8)
0000000045e5c414: ffff880132c23b00 (0xffff880132c23b00)
00000000956302a0: 0000000000000002 (0x2)
000000005e6d6c37: fffffe000000acf0 (0xfffffe000000acf0)
00000000a6e6fb00: 00000000f780018b (0xf780018b)
000000001611fabf: 0000000000000000 ...
00000000c782f0b0: fffffe000000ac08 (0xfffffe000000ac08)
00000000e0991447: ffffffff81c17689 (__msan_chain_origin+0x69/0xc0)
000000001bfba37a: ffff880132c24400 (0xffff880132c24400)
0000000086cf5ea7: 0000000000000002 (0x2)
00000000c59f65e3: 0000000000000020 (0x20)
00000000292bc880: ffff880132c24400 (0xffff880132c24400)
0000000026bdb283: ffff88021fc85cc0 (0xffff88021fc85cc0)
00000000f5874b4a: ffffffffffffffdf (0xffffffffffffffdf)
00000000b5db4bd2: fffffe000000ac90 (0xfffffe000000ac90)
0000000094130fd0: ffffffff810ab66d (get_stack_info+0x8cd/0x9b0)
000000006b17fb2f: ffffffffffffffff (0xffffffffffffffff)
00000000445d3660: fffffe000000acf0 (0xfffffe000000acf0)
00000000d8217ebf: 0000000000000000 ...
00000000c140133b: 00000000f780018b (0xf780018b)
00000000497c5f29: fffffe0000000005 (0xfffffe0000000005)
000000004f511b23: 0000000000000000 ...
00000000dd6e4f64: fffffe000000acd0 (0xfffffe000000acd0)
0000000062f357de: 0000000000000000 ...
00000000295e3a0e: 00000000f780018b (0xf780018b)
000000000e1d0793: 0000000000000000 ...
00000000a4847930: fffffe000000acd0 (0xfffffe000000acd0)
000000000ad0a8bd: fffffe0000009140 (0xfffffe0000009140)
000000001fb0b396: fffffe000000aff0 (0xfffffe000000aff0)
00000000f3dd65c2: 000075fecd3e3fc8 (0x75fecd3e3fc8)
0000000051c8517f: ffff880132c23b00 (0xffff880132c23b00)
0000000030a1af41: fffffe000000acc0 (0xfffffe000000acc0)
0000000073a522be: ffffffff811908dd (__unwind_start+0x7d/0xe0)
0000000022851451: 0000000000000000 ...
0000000077aba382: 000075fecd3e3fc8 (0x75fecd3e3fc8)
000000005b538757: fffffe000000af58 (0xfffffe000000af58)
0000000077a64c0f: fffffe000000ae40 (0xfffffe000000ae40)
00000000973c19e6: ffffffff810ada53 (show_trace_log_lvl+0x2d3/0x10d0)
00000000cad103f9: 0000000000000005 (0x5)
00000000f865c600: fffffe0000007000 (0xfffffe0000007000)
000000003564e057: fffffe000000b000 (0xfffffe000000b000)
00000000be83525a: 000075fecd3e3fc8 (0x75fecd3e3fc8)
00000000ef838de0: 0000000000000000 ...
000000003aeb6807: ffff880132c23b00 (0xffff880132c23b00)
00000000bd8577e4: 0000010000000000 (0x10000000000)
00000000110969d8: 0000000000000000 ...
000000006e747c54: ffff880132c243f2 (0xffff880132c243f2)
00000000f0c9dd8e: fffffe000000acd0 (0xfffffe000000acd0)
00000000621b6675: fffffe000000add0 (0xfffffe000000add0)
00000000909e5515: fffffe000000ad50 (0xfffffe000000ad50)
000000005ee014ba: 000000008a11d000 (0x8a11d000)
00000000f9bca892: 0000000000000000 ...
000000005547b596: 00000000f2e00000 (0xf2e00000)
0000000035e3ffa3: f2e00000f2e00000 (0xf2e00000f2e00000)
00000000d98e6b43: 0000000000000000 ...
00000000104c01c8: ffffffff894711d0 (hswep_uncore_irp_ctrs+0xb80/0x29e0)
00000000bc8b7e0a: 0000000000000000 ...
00000000466270d4: ffffffff811ccebc (get_cpu_entry_area+0xc/0x30)
0000000059401a1a: ffff880132c23b00 (0xffff880132c23b00)
0000000056d6822a: 0000000000000000 ...
000000006a68d93e: ffffffff81c15530 (get_cea_origin_or_null+0x30/0x60)
000000008841d08e: 0000000000000000 ...
0000000009583b0a: ffffffff8a11d000 (__force_order+0xff8/0xff8)
00000000c0ea9ae0: 0000000000000000 ...
00000000ca7bf87c: fffffe000000af58 (0xfffffe000000af58)
0000000040f27cab: 0000000000000002 (0x2)
000000003edeb32d: 0000000000000000 ...
000000008f3434ef: 0000000000000002 (0x2)
0000000006171737: ffff880132c24400 (0xffff880132c24400)
0000000038027c8b: ffff880132c24400 (0xffff880132c24400)
0000000021566491: 0000000000000000 ...
00000000c691033e: ffff880132c24400 (0xffff880132c24400)
000000005b8246ef: fffffe000000afe0 (0xfffffe000000afe0)
000000002b81685c: 0000000000000000 ...
000000005384a7f3: fffffe000000af58 (0xfffffe000000af58)
00000000dd67ca2c: 0000000000000000 ...
000000002244c6af: fffffe000000ae80 (0xfffffe000000ae80)
0000000021aed9a0: ffffffff810af4cc (show_regs+0xcc/0x100)
00000000cee3b4d9: 0000000000000027 (0x27)
000000002696dbb5: ffff880132c24400 (0xffff880132c24400)
00000000892ac24f: 0000000000000000 ...
000000008ffaccc4: fffffe000000af58 (0xfffffe000000af58)
00000000fe322da9: 0000000000000000 ...
000000003c428f1b: fffffe000000aeb8 (0xfffffe000000aeb8)
00000000b3304f5c: ffffffff8117f2d6 (df_debug+0x86/0xb0)
000000004c677631: ffff880132c24400 (0xffff880132c24400)
00000000c13a502d: 0000000000000000 ...
00000000ca8bddb4: fffffe000000af58 (0xfffffe000000af58)
00000000dd048aec: 0000000000000000 ...
00000000022031aa: fffffe000000af48 (0xfffffe000000af48)
00000000eaeb9bea: ffffffff8109acf2 (do_double_fault+0x302/0x410)
00000000f5ce7152: fffffe000000af58 (0xfffffe000000af58)
00000000e9fedeaa: 0000000000000000 ...
00000000330ad3f4: 000075fecd3e3fc8 (0x75fecd3e3fc8)
000000006b7977b8: 0000000000000000 ...
00000000d5015968: fffffe000000aff0 (0xfffffe000000aff0)
00000000ce358d44: 0000000000000000 ...
00000000e5509568: ffff880132c23b00 (0xffff880132c23b00)
0000000033263346: 0000000000000000 ...
00000000c13eb2c6: 0000000000000001 (0x1)
0000000041a7f59a: 0000000000000000 ...
00000000ee726238: 0000000122d1a000 (0x122d1a000)
00000000e9a115ba: 0000000000000000 ...
00000000e560bacd: fffffe000000af59 (0xfffffe000000af59)
000000002e516225: ffffffff88c00c8e (double_fault+0x1e/0x30)
0000000048fe514a: ffff880132c24400 (0xffff880132c24400)
0000000004c32a7f: ffff880132c250c8 (0xffff880132c250c8)
00000000a4c6f1c8: 000075fecd3e3fc8 (0x75fecd3e3fc8)
00000000a517ac7f: ffffc9000391d000 (0xffffc9000391d000)
00000000784c1b30: fffffe0000009140 (0xfffffe0000009140)
0000000000fedcac: fffffe0000009090 (0xfffffe0000009090)
00000000dc6975a0: ffffffff88b45a70 (search_extable+0x110/0x110)
00000000521063cb: 0000000000000000 ...
000000005e81f571: 0000000000000002 (0x2)
00000000b8971b7c: 0000000000480020 (0x480020)
0000000002ba48bf: ffff880132c25098 (0xffff880132c25098)
000000000541c736: 0000000000000001 (0x1)
00000000cdbb5db7: ffff880132c250c8 (0xffff880132c250c8)
00000000c9bfed97: ffff880132c24a40 (0xffff880132c24a40)
00000000ce07dd90: 000075fecd3e3fc8 (0x75fecd3e3fc8)
0000000079d363e7: ffffffffffffffff (0xffffffffffffffff)
000000002a9c66d2: ffffffff81405417 (printk+0x77/0x1c0)
000000007f9b2120: 0000000000000010 (0x10)
00000000ffc18e42: 0000000000010012 (0x10012)
000000002c689ca0: 000075fecd3e3fc8 (0x75fecd3e3fc8)
00000000fc63e17c: 0000000000000018 (0x18)
WARNING: kernel stack frame pointer at 00000000190eb5e0 in syz-executor5:0 has bad value 0000000001b89aba
PANIC: double fault, error_code: 0x0
CPU: 0 PID: 0 Comm: syz-executor5 Not tainted 4.19.0-rc1+ #36
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:printk+0x77/0x1c0 kernel/printk/printk.c:2006
Code: 48 89 43 08 49 8b 87 80 0c 00 00 48 89 43 10 48 8d 50 30 48 89 13 49 89 e5 4c 8d 70 37 49 83 e6 f8 4d 29 f5 4c 89 ec 4c 89 ef <e8> 64 0c 7c 07 49 89 e4 4d 29 f4 4c 89 e4 4c 89 e7 48 8b 73 08 48
RSP: 0018:000075fecd3e3fc8 EFLAGS: 00010012
RAX: ffff880132c25098 RBX: fffffe0000009090 RCX: 0000000000000001
RDX: ffff880132c250c8 RSI: ffff880132c24a40 RDI: 000075fecd3e3fc8
RBP: fffffe0000009140 R08: 0000000000480020 R09: 0000000000000002
R10: 0000000000000000 R11: ffffffff88b45a70 R12: ffffc9000391d000
R13: 000075fecd3e3fc8 R14: ffff880132c250c8 R15: ffff880132c24400
FS:  00007f305d4da700(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000075fecd3e3fb8 CR3: 0000000122d1a000 CR4: 00000000001406f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/29 04:07 https://github.com/google/kmsan.git master 2dca2cbde67a b771b17e .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.