general protection fault in smc_tx_prepared_sends
8 views
Skip to first unread message
syzbot
Jun 24, 2018, 12:19:03 AM6/24/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 5424ea27390f netns: get more entropy from net_hash_mix()
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=128da088400000
kernel config: https://syzkaller.appspot.com/x/.config?x=befbcd7305e41bb0
dashboard link: https://syzkaller.appspot.com/bug?extid=faaee297fb2235dc339e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ak...@linux-foundation.org gre...@linuxfoundation.org
hmcla...@fb.com j...@perches.com kste...@linuxfoundation.org
linux-...@vger.kernel.org linu...@kvack.org mho...@suse.com
tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+faaee2...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kasan: GPF could be caused by NULL-ptr deref or user memory access
CPU: 1 PID: 22578 Comm: syz-executor6 Not tainted 4.18.0-rc1+ #87
general protection fault: 0000 [#1] SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
CPU: 0 PID: 22583 Comm: syz-executor5 Not tainted 4.18.0-rc1+ #87
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
Code: 48
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149
89
f8 48
c1
e8 03
80
3c 10
00
0f 85
11 02
00
00
48
b8
00 00
00
00 00
fc
ff
df
4d
8b
76 38
49 8d
7e 20
48 89
__should_failslab+0x124/0x180 mm/failslab.c:32
fa 48
should_failslab+0x9/0x14 mm/slab_common.c:1553
c1 ea
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3299 [inline]
kmem_cache_alloc_node_trace+0x5a/0x770 mm/slab.c:3661
03
__do_kmalloc_node mm/slab.c:3681 [inline]
__kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3696
<0f> b6
__kmalloc_reserve.isra.40+0x3a/0xe0 net/core/skbuff.c:137
04 02
__alloc_skb+0x155/0x790 net/core/skbuff.c:205
84
c0
74
08
3c 03
0f
8e
de
alloc_skb include/linux/skbuff.h:987 [inline]
alloc_skb_with_frags+0x13f/0x770 net/core/skbuff.c:5266
01
00
00 41
sock_alloc_send_pskb+0x89b/0xb10 net/core/sock.c:2095
8b 46 20
49
8d
RSP: 0018:ffff8801a8ce7568 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff1003519ceaf RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff1003519cebb RDI: 0000000000000020
RBP: ffff8801a8ce7740 R08: ffffed003519cebc R09: ffffed003519cebb
R10: ffffed003519cebb R11: ffff8801a8ce75df R12: ffff8801a8ce7718
R13: ffff8801a8ce75d8 R14: 0000000000000000 R15: ffff8801a8ce7598
FS: 00007f1b932f0700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2112
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000705414 CR3: 00000001c56b7000 CR4: 00000000001406f0
__ip6_append_data.isra.47+0x2134/0x3a20 net/ipv6/ip6_output.c:1420
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
smc_ioctl+0xb11/0xd00 net/smc/af_smc.c:1515
sock_do_ioctl+0xe4/0x3e0 net/socket.c:973
ip6_make_skb+0x397/0x600 net/ipv6/ip6_output.c:1776
sock_ioctl+0x30d/0x680 net/socket.c:1097
udpv6_sendmsg+0x2c90/0x35f0 net/ipv6/udp.c:1376
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798
ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
__do_sys_ioctl fs/ioctl.c:708 [inline]
__se_sys_ioctl fs/ioctl.c:706 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
sock_sendmsg_nosec net/socket.c:645 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:655
sock_write_iter+0x362/0x5c0 net/socket.c:924
call_write_iter include/linux/fs.h:1795 [inline]
do_iter_readv_writev+0x897/0xa90 fs/read_write.c:680
entry_SYSCALL_64_after_hwframe+0x49/0xbe
do_iter_write+0x185/0x5f0 fs/read_write.c:959
RIP: 0033:0x455a99
Code:
1d
vfs_writev+0x1f1/0x360 fs/read_write.c:1004
ba
fb
ff c3
66
2e 0f
1f 84
00
00 00
00
do_writev+0x11a/0x310 fs/read_write.c:1039
00
66
__do_sys_writev fs/read_write.c:1112 [inline]
__se_sys_writev fs/read_write.c:1109 [inline]
__x64_sys_writev+0x75/0xb0 fs/read_write.c:1109
90
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
48
89
f8 48
89
f7 48
89
entry_SYSCALL_64_after_hwframe+0x49/0xbe
d6
RIP: 0033:0x455a99
48 89
Code:
ca
1d
4d
ba fb
89
ff
c2
c3
4d
66
89 c8
2e
4c
0f
8b
1f
4c
84
24 08
00
0f
00
05
00 00
<48>
00
3d
66 90
01 f0
48
ff
89
ff
f8
0f
48
83
89
eb
f7
b9
48 89
fb
d6
ff c3
48 89
66
ca
2e
4d
0f 1f
89 c2
84
4d
00
89
00
c8
00
4c
00
8b 4c
24
RSP: 002b:00007f1b932efc68 EFLAGS: 00000246
08 0f
ORIG_RAX: 0000000000000010
05
RAX: ffffffffffffffda RBX: 00007f1b932f06d4 RCX: 0000000000455a99
<48>
RDX: 00000000200000c0 RSI: 000000000000894b RDI: 0000000000000016
3d 01
RBP: 000000000072bf48 R08: 0000000000000000 R09: 0000000000000000
f0 ff
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004bfad1 R14: 00000000004cec88 R15: 0000000000000001
ff 0f
Modules linked in:
83
eb
Dumping ftrace buffer:
b9
(ftrace buffer empty)
fb ff
---[ end trace 0cdc902a3f8c13ae ]---
c3 66 2e 0f 1f
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
84 00 00 00 00
Code:
RSP: 002b:00007f26d1062c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007f26d10636d4 RCX: 0000000000455a99
48
RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
89
R13: 00000000004c06f3 R14: 00000000004d3e60 R15: 0000000000000001
kernel msg: ebtables bug: please report to author: Entries_size never zero
f8 48 c1 e8 03 80 3c 10 00 0f 85 11 02 00 00 48 b8 00 00 00 00 00 fc ff df
4d 8b 76 38 49 8d 7e 20 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c
03 0f 8e de 01 00 00 41 8b 46 20 49 8d
RSP: 0018:ffff8801a8ce7568 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff1003519ceaf RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff1003519cebb RDI: 0000000000000020
RBP: ffff8801a8ce7740 R08: ffffed003519cebc R09: ffffed003519cebb
R10: ffffed003519cebb R11: ffff8801a8ce75df R12: ffff8801a8ce7718
R13: ffff8801a8ce75d8 R14: 0000000000000000 R15: ffff8801a8ce7598
FS: 00007f1b932f0700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000705414 CR3: 00000001c56b7000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 5424ea27390f netns: get more entropy from net_hash_mix()
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=128da088400000
kernel config: https://syzkaller.appspot.com/x/.config?x=befbcd7305e41bb0
dashboard link: https://syzkaller.appspot.com/bug?extid=faaee297fb2235dc339e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [ak...@linux-foundation.org gre...@linuxfoundation.org
hmcla...@fb.com j...@perches.com kste...@linuxfoundation.org
linux-...@vger.kernel.org linu...@kvack.org mho...@suse.com
tg...@linutronix.de]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+faaee2...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
kasan: GPF could be caused by NULL-ptr deref or user memory access
CPU: 1 PID: 22578 Comm: syz-executor6 Not tainted 4.18.0-rc1+ #87
general protection fault: 0000 [#1] SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
CPU: 0 PID: 22583 Comm: syz-executor5 Not tainted 4.18.0-rc1+ #87
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
Code: 48
fail_dump lib/fault-inject.c:51 [inline]
should_fail.cold.4+0xa/0x1a lib/fault-inject.c:149
89
f8 48
c1
e8 03
80
3c 10
00
0f 85
11 02
00
00
48
b8
00 00
00
00 00
fc
ff
df
4d
8b
76 38
49 8d
7e 20
48 89
__should_failslab+0x124/0x180 mm/failslab.c:32
fa 48
should_failslab+0x9/0x14 mm/slab_common.c:1553
c1 ea
slab_pre_alloc_hook mm/slab.h:423 [inline]
slab_alloc_node mm/slab.c:3299 [inline]
kmem_cache_alloc_node_trace+0x5a/0x770 mm/slab.c:3661
03
__do_kmalloc_node mm/slab.c:3681 [inline]
__kmalloc_node_track_caller+0x33/0x70 mm/slab.c:3696
<0f> b6
__kmalloc_reserve.isra.40+0x3a/0xe0 net/core/skbuff.c:137
04 02
__alloc_skb+0x155/0x790 net/core/skbuff.c:205
84
c0
74
08
3c 03
0f
8e
de
alloc_skb include/linux/skbuff.h:987 [inline]
alloc_skb_with_frags+0x13f/0x770 net/core/skbuff.c:5266
01
00
00 41
sock_alloc_send_pskb+0x89b/0xb10 net/core/sock.c:2095
8b 46 20
49
8d
RSP: 0018:ffff8801a8ce7568 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff1003519ceaf RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff1003519cebb RDI: 0000000000000020
RBP: ffff8801a8ce7740 R08: ffffed003519cebc R09: ffffed003519cebb
R10: ffffed003519cebb R11: ffff8801a8ce75df R12: ffff8801a8ce7718
R13: ffff8801a8ce75d8 R14: 0000000000000000 R15: ffff8801a8ce7598
FS: 00007f1b932f0700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
sock_alloc_send_skb+0x32/0x40 net/core/sock.c:2112
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000705414 CR3: 00000001c56b7000 CR4: 00000000001406f0
__ip6_append_data.isra.47+0x2134/0x3a20 net/ipv6/ip6_output.c:1420
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
smc_ioctl+0xb11/0xd00 net/smc/af_smc.c:1515
sock_do_ioctl+0xe4/0x3e0 net/socket.c:973
ip6_make_skb+0x397/0x600 net/ipv6/ip6_output.c:1776
sock_ioctl+0x30d/0x680 net/socket.c:1097
udpv6_sendmsg+0x2c90/0x35f0 net/ipv6/udp.c:1376
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
inet_sendmsg+0x1a1/0x690 net/ipv4/af_inet.c:798
ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
__do_sys_ioctl fs/ioctl.c:708 [inline]
__se_sys_ioctl fs/ioctl.c:706 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
sock_sendmsg_nosec net/socket.c:645 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:655
sock_write_iter+0x362/0x5c0 net/socket.c:924
call_write_iter include/linux/fs.h:1795 [inline]
do_iter_readv_writev+0x897/0xa90 fs/read_write.c:680
entry_SYSCALL_64_after_hwframe+0x49/0xbe
do_iter_write+0x185/0x5f0 fs/read_write.c:959
RIP: 0033:0x455a99
Code:
1d
vfs_writev+0x1f1/0x360 fs/read_write.c:1004
ba
fb
ff c3
66
2e 0f
1f 84
00
00 00
00
do_writev+0x11a/0x310 fs/read_write.c:1039
00
66
__do_sys_writev fs/read_write.c:1112 [inline]
__se_sys_writev fs/read_write.c:1109 [inline]
__x64_sys_writev+0x75/0xb0 fs/read_write.c:1109
90
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
48
89
f8 48
89
f7 48
89
entry_SYSCALL_64_after_hwframe+0x49/0xbe
d6
RIP: 0033:0x455a99
48 89
Code:
ca
1d
4d
ba fb
89
ff
c2
c3
4d
66
89 c8
2e
4c
0f
8b
1f
4c
84
24 08
00
0f
00
05
00 00
<48>
00
3d
66 90
01 f0
48
ff
89
ff
f8
0f
48
83
89
eb
f7
b9
48 89
fb
d6
ff c3
48 89
66
ca
2e
4d
0f 1f
89 c2
84
4d
00
89
00
c8
00
4c
00
8b 4c
24
RSP: 002b:00007f1b932efc68 EFLAGS: 00000246
08 0f
ORIG_RAX: 0000000000000010
05
RAX: ffffffffffffffda RBX: 00007f1b932f06d4 RCX: 0000000000455a99
<48>
RDX: 00000000200000c0 RSI: 000000000000894b RDI: 0000000000000016
3d 01
RBP: 000000000072bf48 R08: 0000000000000000 R09: 0000000000000000
f0 ff
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004bfad1 R14: 00000000004cec88 R15: 0000000000000001
ff 0f
Modules linked in:
83
eb
Dumping ftrace buffer:
b9
(ftrace buffer empty)
fb ff
---[ end trace 0cdc902a3f8c13ae ]---
c3 66 2e 0f 1f
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
84 00 00 00 00
Code:
RSP: 002b:00007f26d1062c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 00007f26d10636d4 RCX: 0000000000455a99
48
RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000013
RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015
89
R13: 00000000004c06f3 R14: 00000000004d3e60 R15: 0000000000000001
kernel msg: ebtables bug: please report to author: Entries_size never zero
f8 48 c1 e8 03 80 3c 10 00 0f 85 11 02 00 00 48 b8 00 00 00 00 00 fc ff df
4d 8b 76 38 49 8d 7e 20 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c
03 0f 8e de 01 00 00 41 8b 46 20 49 8d
RSP: 0018:ffff8801a8ce7568 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff1003519ceaf RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff1003519cebb RDI: 0000000000000020
RBP: ffff8801a8ce7740 R08: ffffed003519cebc R09: ffffed003519cebb
R10: ffffed003519cebb R11: ffff8801a8ce75df R12: ffff8801a8ce7718
R13: ffff8801a8ce75d8 R14: 0000000000000000 R15: ffff8801a8ce7598
FS: 00007f1b932f0700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000705414 CR3: 00000001c56b7000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
Aug 2, 2018, 8:37:02 AM8/2/18
to syzkaller-upst...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 6b4703768268 Merge branch 'fixes' of git://git.armlinux.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d53fc2400000
kernel config: https://syzkaller.appspot.com/x/.config?x=2dc0cd7c2eefb46f
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1775828c400000
CC: [da...@davemloft.net linux-...@vger.kernel.org
linux...@vger.kernel.org net...@vger.kernel.org ubr...@linux.ibm.com]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+faaee2...@syzkaller.appspotmail.com
8021q: adding VLAN 0 to HW filter on device team0
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending
cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending
cookies. Check SNMP counters.
kasan: CONFIG_KASAN_INLINE enabled
RAX: dffffc0000000000 RBX: 1ffff10039088eae RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff10039088eba RDI: 0000000000000020
RBP: ffff8801c8447738 R08: ffffed0039088ebb R09: ffffed0039088eba
R10: ffffed0039088eba R11: ffff8801c84475d7 R12: ffff8801c8447710
R13: ffff8801c84475d0 R14: 0000000000000000 R15: ffff8801c8447590
FS: 00007fada0c46700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending
cookies. Check SNMP counters.
cookies. Check SNMP counters.
Call Trace:
kasan: CONFIG_KASAN_INLINE enabled
smc_ioctl+0x36c/0xd90 net/smc/af_smc.c:1565
sock_ioctl+0x30d/0x680 net/socket.c:1094
RIP: 0033:0x446a09
Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 3b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fada0c45db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000446a09
RDX: 0000000020000140 RSI: 000000000000894b RDI: 0000000000000004
RBP: 00000000006dcc30 R08: 00007fada0c46700 R09: 0000000000000000
R10: 00007fada0c46700 R11: 0000000000000246 R12: 00000000006dcc3c
R13: 00007ffdba80e09f R14: 00007fada0c469c0 R15: 00000000006dcc30
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
general protection fault: 0000 [#2] SMP KASAN
---[ end trace 7a16431e05ebb360 ]---
CPU: 1 PID: 6317 Comm: syz-executor186 Tainted: G D
4.18.0-rc7+ #173
Code:
11 02 00 00
f8
48 b8 00 00
48
df 4d 8b 76
e8
48 89 fa 48
80
c1 ea 03 <0f>
3c
b6 04 02 84
10
49 8d
RSP: 0018:ffff8801c4c0f560 EFLAGS: 00010202
11
RAX: dffffc0000000000 RBX: 1ffff10038981eae RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff10038981eba RDI: 0000000000000020
RBP: ffff8801c4c0f738 R08: ffffed0038981ebb R09: ffffed0038981eba
02
R10: ffffed0038981eba R11: ffff8801c4c0f5d7 R12: ffff8801c4c0f710
R13: ffff8801c4c0f5d0 R14: 0000000000000000 R15: ffff8801c4c0f590
FS: 00007fada0c46700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
00
fc
sock_do_ioctl+0xe4/0x3e0 net/socket.c:970
ff
df
4d
8b
sock_ioctl+0x30d/0x680 net/socket.c:1094
76
38
8d
7e
20
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
89
fa
48
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446a09
c1
Code: e8 4c
ea
e7 ff ff 48
03
83 c4 18 c3 0f
<0f>
1f 80 00 00
b6
00 00 48 89
04
f8 48 89 f7
02
48 89 d6 48 89
84
ca 4d 89 c2
c0
4d 89 c8 4c 8b
74
4c 24 08 0f
08
05 <48> 3d 01
3c
f0 ff ff 0f
03
83 3b 08 fc
0f
ff c3 66 2e
8e
00 00
RSP: 002b:00007fada0c45db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01
RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000446a09
RDX: 0000000020000140 RSI: 000000000000894b RDI: 0000000000000004
RBP: 00000000006dcc30 R08: 00007fada0c46700 R09: 0000000000000000
00
R10: 00007fada0c46700 R11: 0000000000000246 R12: 00000000006dcc3c
R13: 00007ffdba80e09f R14: 00007fada0c469c0 R15: 00000000006dcc30
Modules linked in:
00
Dumping ftrace buffer:
(ftrace buffer empty)
41
---[ end trace 7a16431e05ebb361 ]---
8b
Code:
49 8d
48
RSP: 0018:ffff8801c8447560 EFLAGS: 00010202
89
RAX: dffffc0000000000 RBX: 1ffff10039088eae RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff10039088eba RDI: 0000000000000020
f8
RBP: ffff8801c8447738 R08: ffffed0039088ebb R09: ffffed0039088eba
R10: ffffed0039088eba R11: ffff8801c84475d7 R12: ffff8801c8447710
48
R13: ffff8801c84475d0 R14: 0000000000000000 R15: ffff8801c8447590
FS: 00007fada0c46700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
c1
e8
HEAD commit: 6b4703768268 Merge branch 'fixes' of git://git.armlinux.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=14d53fc2400000
kernel config: https://syzkaller.appspot.com/x/.config?x=2dc0cd7c2eefb46f
dashboard link: https://syzkaller.appspot.com/bug?extid=faaee297fb2235dc339e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=119fea72400000
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1775828c400000
CC: [da...@davemloft.net linux-...@vger.kernel.org
linux...@vger.kernel.org net...@vger.kernel.org ubr...@linux.ibm.com]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+faaee2...@syzkaller.appspotmail.com
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending
cookies. Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending
cookies. Check SNMP counters.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 6281 Comm: syz-executor186 Not tainted 4.18.0-rc7+ #173
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
Code: 48 89 f8 48 c1 e8 03 80 3c 10 00 0f 85 11 02 00 00 48 b8 00 00 00 00
Google 01/01/2011
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
00 fc ff df 4d 8b 76 38 49 8d 7e 20 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84
c0 74 08 3c 03 0f 8e de 01 00 00 41 8b 46 20 49 8d
RSP: 0018:ffff8801c8447560 EFLAGS: 00010202
c0 74 08 3c 03 0f 8e de 01 00 00 41 8b 46 20 49 8d
RAX: dffffc0000000000 RBX: 1ffff10039088eae RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff10039088eba RDI: 0000000000000020
RBP: ffff8801c8447738 R08: ffffed0039088ebb R09: ffffed0039088eba
R10: ffffed0039088eba R11: ffff8801c84475d7 R12: ffff8801c8447710
R13: ffff8801c84475d0 R14: 0000000000000000 R15: ffff8801c8447590
FS: 00007fada0c46700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending
cookies. Check SNMP counters.
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdba80dc7c CR3: 00000001ae829000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
cookies. Check SNMP counters.
Call Trace:
kasan: CONFIG_KASAN_INLINE enabled
smc_ioctl+0x36c/0xd90 net/smc/af_smc.c:1565
kasan: GPF could be caused by NULL-ptr deref or user memory access
sock_do_ioctl+0xe4/0x3e0 net/socket.c:970
sock_ioctl+0x30d/0x680 net/socket.c:1094
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
__do_sys_ioctl fs/ioctl.c:708 [inline]
__se_sys_ioctl fs/ioctl.c:706 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
__do_sys_ioctl fs/ioctl.c:708 [inline]
__se_sys_ioctl fs/ioctl.c:706 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
RIP: 0033:0x446a09
Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 3b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fada0c45db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000446a09
RDX: 0000000020000140 RSI: 000000000000894b RDI: 0000000000000004
RBP: 00000000006dcc30 R08: 00007fada0c46700 R09: 0000000000000000
R10: 00007fada0c46700 R11: 0000000000000246 R12: 00000000006dcc3c
R13: 00007ffdba80e09f R14: 00007fada0c469c0 R15: 00000000006dcc30
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
general protection fault: 0000 [#2] SMP KASAN
---[ end trace 7a16431e05ebb360 ]---
CPU: 1 PID: 6317 Comm: syz-executor186 Tainted: G D
4.18.0-rc7+ #173
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
Code: 48 89 f8
Google 01/01/2011
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
Code:
48 c1 e8 03 80
48
3c 10 00 0f 85
89
11 02 00 00
f8
48 b8 00 00
48
00 00 00 fc ff
c1
df 4d 8b 76
e8
38 49 8d 7e 20
03
48 89 fa 48
80
c1 ea 03 <0f>
3c
b6 04 02 84
10
c0 74 08 3c 03
00
0f 8e de 01 00
0f
00 41 8b 46 20
85
49 8d
RSP: 0018:ffff8801c4c0f560 EFLAGS: 00010202
11
RAX: dffffc0000000000 RBX: 1ffff10038981eae RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff10038981eba RDI: 0000000000000020
RBP: ffff8801c4c0f738 R08: ffffed0038981ebb R09: ffffed0038981eba
02
R10: ffffed0038981eba R11: ffff8801c4c0f5d7 R12: ffff8801c4c0f710
R13: ffff8801c4c0f5d0 R14: 0000000000000000 R15: ffff8801c4c0f590
FS: 00007fada0c46700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
00
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f723479f9d4 CR3: 00000001b24d0000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
00
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
00
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
48
b8
00
00
00
00
00
smc_ioctl+0x36c/0xd90 net/smc/af_smc.c:1565
b8
00
00
00
00
00
fc
sock_do_ioctl+0xe4/0x3e0 net/socket.c:970
ff
df
4d
8b
sock_ioctl+0x30d/0x680 net/socket.c:1094
76
38
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
49
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
8d
7e
20
ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
__do_sys_ioctl fs/ioctl.c:708 [inline]
__se_sys_ioctl fs/ioctl.c:706 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
48
__do_sys_ioctl fs/ioctl.c:708 [inline]
__se_sys_ioctl fs/ioctl.c:706 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
89
fa
48
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446a09
c1
Code: e8 4c
ea
e7 ff ff 48
03
83 c4 18 c3 0f
<0f>
1f 80 00 00
b6
00 00 48 89
04
f8 48 89 f7
02
48 89 d6 48 89
84
ca 4d 89 c2
c0
4d 89 c8 4c 8b
74
4c 24 08 0f
08
05 <48> 3d 01
3c
f0 ff ff 0f
03
83 3b 08 fc
0f
ff c3 66 2e
8e
0f 1f 84 00 00
de
00 00
RSP: 002b:00007fada0c45db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01
RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000446a09
RDX: 0000000020000140 RSI: 000000000000894b RDI: 0000000000000004
RBP: 00000000006dcc30 R08: 00007fada0c46700 R09: 0000000000000000
00
R10: 00007fada0c46700 R11: 0000000000000246 R12: 00000000006dcc3c
R13: 00007ffdba80e09f R14: 00007fada0c469c0 R15: 00000000006dcc30
Modules linked in:
00
Dumping ftrace buffer:
(ftrace buffer empty)
41
---[ end trace 7a16431e05ebb361 ]---
8b
RIP: 0010:smc_tx_prepared_sends+0x2c3/0x550 net/smc/smc_tx.h:27
46 20
Code:
49 8d
48
RSP: 0018:ffff8801c8447560 EFLAGS: 00010202
89
RAX: dffffc0000000000 RBX: 1ffff10039088eae RCX: dffffc0000000000
RDX: 0000000000000004 RSI: 1ffff10039088eba RDI: 0000000000000020
f8
RBP: ffff8801c8447738 R08: ffffed0039088ebb R09: ffffed0039088eba
R10: ffffed0039088eba R11: ffff8801c84475d7 R12: ffff8801c8447710
48
R13: ffff8801c84475d0 R14: 0000000000000000 R15: ffff8801c8447590
FS: 00007fada0c46700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
c1
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdba80dc7c CR3: 00000001ae829000 CR4: 00000000001406f0
e8
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
03
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Dmitry Vyukov
Aug 2, 2018, 8:47:17 AM8/2/18
to syzbot, 'Dmitry Vyukov' via syzkaller-upstream-moderation
#syz upstream
--
You received this message because you are subscribed to the Google Groups "syzkaller-upstream-moderation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-upstream-m...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-upstream-moderation/00000000000061371a0572731182%40google.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages