syzbot

 sign-in | mailing list | source | docs
🐞 Open [1646]
Subsystems
🐞 Fixed [6010]
🐞 Invalid [14806]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in smc_ioctl (3)

Status: fixed on 2018/08/28 17:48
Subsystems: net s390
[Documentation on labels]
Reported-by: syzbot+19557374321ca3710990@syzkaller.appspotmail.com
Fix commit: 7311d665ca68 net/smc: move sock lock in smc_ioctl()
First crash: 2366d, last: 2364d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net 0/3] net/smc: fixes 2018-08-08 5 (5) 2018/08/09 02:14
general protection fault in smc_ioctl (3) 0 (1) 2018/08/08 07:39
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in smc_ioctl (2) net s390 C 43 2366d 2389d 8/28 fixed on 2018/08/07 13:43
upstream general protection fault in smc_ioctl net s390 C 5214 2417d 2447d 8/28 fixed on 2018/07/09 18:05

Sample crash report:
8021q: adding VLAN 0 to HW filter on device team0
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 6311 Comm: syz-executor178 Not tainted 4.18.0-rc8+ #180
kasan: CONFIG_KASAN_INLINE enabled
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:smc_ioctl+0x84c/0xd90 net/smc/af_smc.c:1582
Code: 48 
kasan: GPF could be caused by NULL-ptr deref or user memory access
c1 e9 03 80 3c 11 00 0f 85 e8 04 00 00 4c 8b bb a0 04 00 00 48 ba 00 00 00 00 00 fc ff df 49 8d 7f 20 48 89 f9 48 c1 e9 03 <0f> b6 14 11 84 d2 74 09 80 fa 03 0f 8e 55 04 00 00 49 8d 7e 02 41 
RSP: 0018:ffff8801c67df748 EFLAGS: 00010202
RAX: ffff8801c67df7c8 RBX: ffff8801c6e010c0 RCX: 0000000000000004
RDX: dffffc0000000000 RSI: 1ffff10038cfbef9 RDI: 0000000000000020
RBP: ffff8801c67df9b0 R08: ffffed0038cfbefa R09: ffffed0038cfbef9
R10: ffffed0038cfbef9 R11: ffff8801c67df7cf R12: 1ffff10038cfbeed
R13: 0000000020000100 R14: ffff8801c67df788 R15: 0000000000000000
FS:  00007fc2afbf3700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffc277a0a4c CR3: 00000001d88d5000 CR4: 00000000001406e0
Call Trace:
 sock_do_ioctl+0xe4/0x3e0 net/socket.c:970
 sock_ioctl+0x30d/0x680 net/socket.c:1094
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x447099
Code: e8 ac e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 bb 02 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007fc2afbf2db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000447099
RDX: 0000000020000100 RSI: 0000000000008905 RDI: 0000000000000004
RBP: 00000000006dcc30 R08: 00007fc2afbf3700 R09: 0000000000000000
R10: 00007fc2afbf3700 R11: 0000000000000246 R12: 00000000006dcc3c
R13: 00007ffc277a0e6f R14: 00007fc2afbf39c0 R15: 00000000006dcc30
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
general protection fault: 0000 [#2] SMP KASAN
---[ end trace 495d5cd34aa46053 ]---
CPU: 0 PID: 6315 Comm: syz-executor178 Tainted: G      D           4.18.0-rc8+ #180
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:smc_ioctl+0x84c/0xd90 net/smc/af_smc.c:1582
RIP: 0010:smc_ioctl+0x84c/0xd90 net/smc/af_smc.c:1582
Code: 48 c1 e9 03 80 3c 11 
Code: 
00 0f 85 e8 04 
48 
00 00 4c 8b bb a0 04 
c1 
00 00 48 ba 00 00 00 
e9 
00 00 fc ff df 49 8d 
03 
7f 20 48 89 f9 48 c1 
80 
e9 03 <0f> b6 14 11 84 
3c 
d2 74 09 80 fa 03 0f 
11 
8e 55 04 00 00 49 8d 
00 
7e 02 41 
RSP: 0018:ffff8801c6f4f748 EFLAGS: 00010202
0f 
RAX: ffff8801c6f4f7c8 RBX: ffff8801ba9db100 RCX: 0000000000000004
RDX: dffffc0000000000 RSI: 1ffff10038de9ef9 RDI: 0000000000000020
RBP: ffff8801c6f4f9b0 R08: ffffed0038de9efa R09: ffffed0038de9ef9
R10: ffffed0038de9ef9 R11: ffff8801c6f4f7cf R12: 1ffff10038de9eed
85 
R13: 0000000020000100 R14: ffff8801c6f4f788 R15: 0000000000000000
FS:  00007fc2afbf3700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
e8 
CR2: 0000000000619570 CR3: 00000001cba2e000 CR4: 00000000001406f0
Call Trace:
04 
00 
 sock_do_ioctl+0xe4/0x3e0 net/socket.c:970
00 
4c 
8b 
 sock_ioctl+0x30d/0x680 net/socket.c:1094
bb 
a0 
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:684
04 
00 
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701
00 
 __do_sys_ioctl fs/ioctl.c:708 [inline]
 __se_sys_ioctl fs/ioctl.c:706 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:706
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
48 
ba 
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
00 
RIP: 0033:0x447099
Code: e8 
00 
ac e7 ff ff 48 83 c4 
00 
18 c3 0f 1f 80 00 00 
00 
00 00 48 89 f8 48 89 f7 
00 
48 89 d6 48 89 ca 4d 
fc 
89 c2 4d 89 c8 4c 8b 
ff 
4c 24 08 0f 05 <48> 3d 
df 
01 f0 ff ff 0f 83 bb 02 fc 
49 
ff c3 66 2e 0f 1f 84 00 
8d 
00 00 00 
RSP: 002b:00007fc2afbf2db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
7f 
RAX: ffffffffffffffda RBX: 00000000006dcc38 RCX: 0000000000447099
RDX: 0000000020000100 RSI: 0000000000008905 RDI: 0000000000000004
RBP: 00000000006dcc30 R08: 00007fc2afbf3700 R09: 0000000000000000
R10: 00007fc2afbf3700 R11: 0000000000000246 R12: 00000000006dcc3c
20 
R13: 00007ffc277a0e6f R14: 00007fc2afbf39c0 R15: 00000000006dcc30
Modules linked in:
48 
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 495d5cd34aa46054 ]---
89 
RIP: 0010:smc_ioctl+0x84c/0xd90 net/smc/af_smc.c:1582
f9 
Code: 48 
48 
c1 
c1 
e9 
e9 
03 80 
03 
3c 
<0f> 
11 00 
b6 
0f 
14 
85 
11 
e8 
84 
04 
d2 
00 
74 
00 
09 80 
4c 
fa 03 
8b 
0f 
bb 
8e 
a0 04 
55 
00 
04 
00 48 
00 
ba 
00 
00 
49 
00 00 
8d 
00 00 
7e 
fc 
02 
ff df 49 
41 
8d 
7f 
RSP: 0018:ffff8801c67df748 EFLAGS: 00010202
20 
48 
RAX: ffff8801c67df7c8 RBX: ffff8801c6e010c0 RCX: 0000000000000004
89 
RDX: dffffc0000000000 RSI: 1ffff10038cfbef9 RDI: 0000000000000020
f9 
RBP: ffff8801c67df9b0 R08: ffffed0038cfbefa R09: ffffed0038cfbef9
48 
R10: ffffed0038cfbef9 R11: ffff8801c67df7cf R12: 1ffff10038cfbeed
c1 
R13: 0000000020000100 R14: ffff8801c67df788 R15: 0000000000000000
e9 03 
FS:  00007fc2afbf3700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
<0f> 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
b6 
CR2: 00007ffc277a0a4c CR3: 00000001d88d5000 CR4: 00000000001406e0
14

Crashes (15):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/08 12:38 upstream 1236568ee3cb ddeb9f8d .config console log report syz C ci-upstream-kasan-gce
2018/08/08 10:37 upstream 1236568ee3cb ddeb9f8d .config console log report syz C ci-upstream-kasan-gce-root
2018/08/08 06:45 net-old 455f05ecd2b2 1beb8136 .config console log report syz C ci-upstream-net-this-kasan-gce
2018/08/08 06:36 net-next-old e93dd8a1ac31 1beb8136 .config console log report syz C ci-upstream-net-kasan-gce
2018/08/08 06:16 linux-next 2b769bb85b48 1beb8136 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2018/08/08 06:43 upstream 1236568ee3cb 1beb8136 .config console log report syz ci-upstream-kasan-gce-386
2018/08/09 05:52 upstream fedb8da96355 2eeda842 .config console log report ci-upstream-kasan-gce
2018/08/08 22:27 upstream fedb8da96355 2eeda842 .config console log report ci-upstream-kasan-gce
2018/08/09 16:50 net-next-old 82b94f5d6891 1fb62d58 .config console log report ci-upstream-net-kasan-gce
2018/08/08 16:55 net-next-old e93dd8a1ac31 ddeb9f8d .config console log report ci-upstream-net-kasan-gce
2018/08/08 12:23 net-next-old e93dd8a1ac31 ddeb9f8d .config console log report ci-upstream-net-kasan-gce
2018/08/08 06:20 net-next-old e93dd8a1ac31 1beb8136 .config console log report ci-upstream-net-kasan-gce
2018/08/08 04:19 net-next-old c5d99d2b35da 1beb8136 .config console log report ci-upstream-net-kasan-gce
2018/08/09 07:15 linux-next 6b522b734da2 2eeda842 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/08 04:48 linux-next 2b769bb85b48 1beb8136 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.