| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported |
|---|---|---|---|---|---|---|
| general protection fault in tls_write_space net | syz | 33 | 1710d | 1720d |
syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [983] ≡ Subsystems 🐞 Fixed [5236] 🐞 Invalid [12500] ⬇ Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| KASAN: slab-out-of-bounds Read in tls_write_space | 1 (3) | 2019/08/19 21:22 |
| Reminder: 17 open syzbot bugs in "net/tls" subsystem | 1 (1) | 2019/06/25 05:50 |
random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. ================================================================== BUG: KASAN: slab-out-of-bounds in __swab64p include/uapi/linux/swab.h:192 [inline] BUG: KASAN: slab-out-of-bounds in __be64_to_cpup include/uapi/linux/byteorder/little_endian.h:74 [inline] BUG: KASAN: slab-out-of-bounds in is_tx_ready include/net/tls.h:354 [inline] BUG: KASAN: slab-out-of-bounds in tls_write_space+0x29d/0x2d0 net/tls/tls_main.c:236 Read of size 8 at addr ffff8801bc3c9ff0 by task ksoftirqd/1/18 CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.19.0-rc4+ #227 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433 __swab64p include/uapi/linux/swab.h:192 [inline] __be64_to_cpup include/uapi/linux/byteorder/little_endian.h:74 [inline] is_tx_ready include/net/tls.h:354 [inline] tls_write_space+0x29d/0x2d0 net/tls/tls_main.c:236 tcp_new_space net/ipv4/tcp_input.c:5154 [inline] tcp_check_space+0x53f/0x920 net/ipv4/tcp_input.c:5165 tcp_data_snd_check net/ipv4/tcp_input.c:5175 [inline] tcp_rcv_established+0xde8/0x2120 net/ipv4/tcp_input.c:5656 tcp_v6_do_rcv+0x4b3/0x13c0 net/ipv6/tcp_ipv6.c:1326 tcp_v6_rcv+0x2f7a/0x38a0 net/ipv6/tcp_ipv6.c:1555 ip6_input_finish+0x3fc/0x1aa0 net/ipv6/ip6_input.c:384 NF_HOOK include/linux/netfilter.h:287 [inline] ip6_input+0xe9/0x600 net/ipv6/ip6_input.c:427 dst_input include/net/dst.h:450 [inline] ip6_rcv_finish+0x17a/0x330 net/ipv6/ip6_input.c:76 NF_HOOK include/linux/netfilter.h:287 [inline] ipv6_rcv+0x113/0x640 net/ipv6/ip6_input.c:272 __netif_receive_skb_one_core+0x14d/0x200 net/core/dev.c:4894 __netif_receive_skb+0x2c/0x1e0 net/core/dev.c:5004 process_backlog+0x217/0x760 net/core/dev.c:5808 napi_poll net/core/dev.c:6228 [inline] net_rx_action+0x7c5/0x1950 net/core/dev.c:6294 __do_softirq+0x30b/0xad8 kernel/softirq.c:292 run_ksoftirqd+0x94/0x100 kernel/softirq.c:653 smpboot_thread_fn+0x68b/0xa00 kernel/smpboot.c:164 kthread+0x35a/0x420 kernel/kthread.c:246 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413 Allocated by task 3559: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x152/0x750 mm/slab.c:3620 kmalloc include/linux/slab.h:513 [inline] kzalloc include/linux/slab.h:707 [inline] kernfs_fop_open+0x358/0xf90 fs/kernfs/file.c:648 do_dentry_open+0x499/0x1250 fs/open.c:771 vfs_open+0xa0/0xd0 fs/open.c:880 do_last fs/namei.c:3418 [inline] path_openat+0x12bf/0x5160 fs/namei.c:3534 do_filp_open+0x255/0x380 fs/namei.c:3564 do_sys_open+0x568/0x700 fs/open.c:1063 __do_sys_open fs/open.c:1081 [inline] __se_sys_open fs/open.c:1076 [inline] __x64_sys_open+0x7e/0xc0 fs/open.c:1076 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 3559: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kfree+0xcf/0x230 mm/slab.c:3813 kernfs_fop_release+0x12b/0x1a0 fs/kernfs/file.c:783 __fput+0x385/0xa30 fs/file_table.c:278 ____fput+0x15/0x20 fs/file_table.c:309 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113 tracehook_notify_resume include/linux/tracehook.h:193 [inline] exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline] syscall_return_slowpath arch/x86/entry/common.c:268 [inline] do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8801bc3c9c80 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 368 bytes to the right of 512-byte region [ffff8801bc3c9c80, ffff8801bc3c9e80) The buggy address belongs to the page: page:ffffea0006f0f240 count:1 mapcount:0 mapping:ffff8801da800940 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffffea0006ee1408 ffffea0007619c08 ffff8801da800940 raw: 0000000000000000 ffff8801bc3c9000 0000000100000006 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8801bc3c9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801bc3c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff8801bc3c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8801bc3ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8801bc3ca080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2018/09/22 18:58 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | syz | C | ci-upstream-net-kasan-gce | |||
| 2018/09/25 10:39 | net-next-old | 7ff2ea0bbfb1 | 0e7547d7 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/25 07:23 | net-next-old | 7ff2ea0bbfb1 | 0e7547d7 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/25 05:24 | net-next-old | 7ff2ea0bbfb1 | 0e7547d7 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/25 02:40 | net-next-old | 7ff2ea0bbfb1 | 0e7547d7 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/25 00:56 | net-next-old | 7ff2ea0bbfb1 | 0e7547d7 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/24 16:32 | net-next-old | 12ba7e104552 | 2f485cdf | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/24 11:35 | net-next-old | 12ba7e104552 | 2f485cdf | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/24 09:07 | net-next-old | 12ba7e104552 | e029c3e0 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/24 05:52 | net-next-old | 12ba7e104552 | 28d9ac76 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/24 04:28 | net-next-old | 12ba7e104552 | 28d9ac76 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/24 01:27 | net-next-old | 12ba7e104552 | 28d9ac76 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 21:20 | net-next-old | 12ba7e104552 | 28d9ac76 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 20:10 | net-next-old | 12ba7e104552 | 28d9ac76 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 19:02 | net-next-old | 739d0def85ca | 28d9ac76 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 16:13 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 16:07 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 15:29 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 14:50 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 13:27 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 13:26 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 13:21 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 12:57 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 12:32 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 10:28 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 09:44 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 08:59 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 07:48 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 06:29 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 03:27 | net-next-old | 739d0def85ca | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 00:34 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 00:28 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 00:27 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/23 00:00 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 23:55 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 23:30 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 23:18 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 22:49 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 22:39 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 22:09 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 20:02 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 19:37 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/22 09:50 | net-next-old | bd4d08daeb95 | 37079712 | .config | console log | report | ci-upstream-net-kasan-gce | |||||
| 2018/09/24 23:26 | linux-next | dad486875956 | 0e7547d7 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2018/09/24 18:05 | linux-next | dad486875956 | 2f485cdf | .config | console log | report | ci-upstream-linux-next-kasan-gce-root | |||||
| 2018/09/24 07:57 | linux-next | dad486875956 | 28d9ac76 | .config | console log | report | ci-upstream-linux-next-kasan-gce-root |