syzbot

 sign-in | mailing list | source | docs
🐞 Open [979] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in bpf_tcp_close

Status: fixed on 2018/07/09 18:05
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+0ce137753c78f7b6acc1@syzkaller.appspotmail.com
Fix commit: e9db4ef6bf4c bpf: sockhash fix omitted bucket lock in sock_close 54fedb42c653 bpf: sockmap, fix smap_list_map_remove when psock is in many maps
First crash: 2158d, last: 2111d
Discussions (6)
Title Replies (including bot) Last reply
general protection fault in bpf_tcp_close 3 (5) 2018/07/06 10:02
[bpf PATCH v5 0/4] BPF fixes for sockhash 6 (6) 2018/06/30 23:58
[bpf PATCH v4 0/4] BPF fixes for sockhash 8 (8) 2018/06/29 14:41
[bpf PATCH v3 0/4] BPF fixes for sockhash 8 (8) 2018/06/23 07:45
[bpf PATCH v2 0/6] BPF fixes for sockhash 19 (19) 2018/06/20 22:15
[bpf PATCH 0/6] BPF fixes for sockhash 10 (10) 2018/06/14 16:47
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in bpf_tcp_close (2) bpf C done 26 2064d 2108d 13/26 fixed on 2019/10/21 12:29

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 15727 Comm: syz-executor948 Not tainted 4.18.0-rc3+ #47
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:free_start_sg kernel/bpf/sockmap.c:586 [inline]
RIP: 0010:bpf_tcp_close+0x2bf/0x1050 kernel/bpf/sockmap.c:330
Code: 
------------[ cut here ]------------
Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected to SLAB object 'TCPv6' (offset 1392, size 64)!
WARNING: CPU: 0 PID: 15727 at mm/usercopy.c:81 usercopy_warn+0xf5/0x120 mm/usercopy.c:76
Kernel panic - not syncing: panic_on_warn set ...

Shutting down cpus with NMI
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (421):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/06 21:06 bpf-next 6fcf9b1d4d6c 9636bc93 .config console log report syz C ci-upstream-bpf-next-kasan-gce
2018/07/06 10:01 bpf-next 6fcf9b1d4d6c 18403e65 .config console log report syz C ci-upstream-bpf-next-kasan-gce
2018/06/15 18:06 upstream 4c5e8fc62d6a 27c5f59f .config console log report ci-upstream-kasan-gce-root
2018/07/09 00:34 bpf-next d90c936fb318 f25e5770 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/04 06:28 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/04 03:22 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/04 01:59 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 22:30 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 20:48 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 18:54 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 18:01 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 16:20 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 14:49 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 13:37 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 12:01 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 10:51 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 09:20 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 07:33 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 05:34 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 03:27 bpf-next 0b9e3d543f9f 317fc8ea .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/03 01:28 bpf-next 0b9e3d543f9f 574780b0 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 23:52 bpf-next 0b9e3d543f9f 574780b0 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 20:57 bpf-next 0b9e3d543f9f 574780b0 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 19:35 bpf-next 0b9e3d543f9f 574780b0 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 18:09 bpf-next 0b9e3d543f9f 574780b0 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 16:40 bpf-next 0b9e3d543f9f 574780b0 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 16:12 bpf-next 0b9e3d543f9f 574780b0 .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 14:06 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 11:38 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 10:16 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 08:38 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 07:26 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 05:24 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 03:57 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 02:25 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 01:24 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/02 00:30 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/01 22:47 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/01 20:18 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/01 17:38 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/01 15:19 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/07/01 14:04 bpf-next 0b9e3d543f9f dba0b50e .config console log report ci-upstream-bpf-next-kasan-gce
2018/05/22 18:17 bpf-next fd0bfa8d6e04 f48c20b8 .config console log report ci-upstream-bpf-next-kasan-gce
* Struck through repros no longer work on HEAD.