syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in rdma_resolve_route

Status: upstream: reported C repro on 2019/10/06 23:21
Reported-by: syzbot+69226cc89d87fd4f8f40@syzkaller.appspotmail.com
First crash: 1874d, last: 915d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in rdma_resolve_route rdma 3 2409d 2409d 0/28 auto-closed as invalid on 2019/02/22 10:34
linux-6.1 KASAN: use-after-free Read in rdma_resolve_route 1 426d 426d 0/3 auto-obsoleted due to no activity on 2024/01/01 19:36
upstream KASAN: slab-use-after-free Read in rdma_resolve_route rdma 1 278d 274d 0/28 auto-obsoleted due to no activity on 2024/05/05 10:09
Last patch testing requests (7)
Created Duration User Patch Repo Result
2023/02/28 09:32 9m retest repro linux-4.14.y report log
2023/02/28 08:32 10m retest repro linux-4.14.y report log
2023/02/28 07:32 10m retest repro linux-4.14.y report log
2022/11/09 08:30 10m retest repro linux-4.14.y report log
2022/11/09 07:30 10m retest repro linux-4.14.y report log
2022/11/09 06:30 11m retest repro linux-4.14.y report log
2020/04/03 18:57 18m jgg@mellanox.com git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git for-next error
Fix bisection attempts (25)
Created Duration User Patch Repo Result
2022/03/31 08:28 12m bisect fix linux-4.14.y error job log
2022/02/18 18:24 26m bisect fix linux-4.14.y OK (0) job log log
2022/01/19 17:58 26m bisect fix linux-4.14.y OK (0) job log log
2021/12/20 17:32 26m bisect fix linux-4.14.y OK (0) job log log
2021/11/20 16:48 25m bisect fix linux-4.14.y OK (0) job log log
2021/10/21 16:18 27m bisect fix linux-4.14.y OK (0) job log log
2021/09/21 15:54 24m bisect fix linux-4.14.y OK (0) job log log
2021/08/22 08:15 29m bisect fix linux-4.14.y OK (0) job log log
2021/07/23 06:50 24m bisect fix linux-4.14.y OK (0) job log log
2021/06/23 06:16 19m bisect fix linux-4.14.y OK (0) job log log
2021/05/24 05:52 24m bisect fix linux-4.14.y OK (0) job log log
2021/04/23 20:34 21m bisect fix linux-4.14.y OK (0) job log log
2021/03/22 06:36 21m bisect fix linux-4.14.y OK (0) job log log
2021/02/20 05:25 20m bisect fix linux-4.14.y OK (0) job log log
2021/02/17 18:16 18m bisect fix linux-4.14.y error job log
2021/02/03 04:36 1m bisect fix linux-4.14.y error job log
2021/01/04 04:14 22m bisect fix linux-4.14.y OK (0) job log log
2020/12/04 23:35 24m bisect fix linux-4.14.y OK (0) job log log
2020/11/04 22:32 23m bisect fix linux-4.14.y OK (0) job log log
2020/10/05 22:07 24m bisect fix linux-4.14.y OK (0) job log log
2020/09/05 21:38 28m bisect fix linux-4.14.y OK (0) job log log
2020/08/06 21:10 27m bisect fix linux-4.14.y OK (0) job log log
2020/06/10 16:39 26m bisect fix linux-4.14.y OK (0) job log log
2020/05/11 16:12 26m bisect fix linux-4.14.y OK (0) job log log
2020/04/11 15:48 23m bisect fix linux-4.14.y OK (0) job log log

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 10960 Comm: syz-executor148 Not tainted 4.14.280-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a4df0680 task.stack: ffff88808f930000
RIP: 0010:rdma_cap_ib_sa include/rdma/ib_verbs.h:2682 [inline]
RIP: 0010:rdma_resolve_route+0x1cf/0x2e70 drivers/infiniband/core/cma.c:2687
RSP: 0018:ffff88808f937a50 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000029 RSI: 0000000000000001 RDI: 0000000000000148
RBP: ffff88808f937c10 R08: ffffffff8b9bba00 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000282
R13: ffff8880a51bb680 R14: 0000000000000000 R15: 0000000000000000
FS:  0000555555775300(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2f21cd9150 CR3: 00000000a535c000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ucma_resolve_route+0xb2/0x120 drivers/infiniband/core/ucma.c:740
 ucma_write+0x206/0x2c0 drivers/infiniband/core/ucma.c:1672
 __vfs_write+0xe4/0x630 fs/read_write.c:480
 vfs_write+0x17f/0x4d0 fs/read_write.c:544
 SYSC_write fs/read_write.c:590 [inline]
 SyS_write+0xf2/0x210 fs/read_write.c:582
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f2f21c61b69
RSP: 002b:00007ffed2361548 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f2f21c61b69
RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000003
RBP: 0000000000000000 R08: 000000000000000d R09: 000000000000000d
R10: 000000000000000d R11: 0000000000000246 R12: 00007ffed2361560
R13: 00000000000f4240 R14: 000000000000861a R15: 00007ffed2361554
Code: df 48 c1 ea 03 80 3c 02 00 0f 85 31 26 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 7d 00 49 8d bf 48 01 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 01 26 00 00 48 b8 00 00 00 00 00 fc ff df 45 
RIP: rdma_cap_ib_sa include/rdma/ib_verbs.h:2682 [inline] RSP: ffff88808f937a50
RIP: rdma_resolve_route+0x1cf/0x2e70 drivers/infiniband/core/cma.c:2687 RSP: ffff88808f937a50
---[ end trace 3bac86a8a4f741e8 ]---
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	48 c1 ea 03          	shr    $0x3,%rdx
   4:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   8:	0f 85 31 26 00 00    	jne    0x263f
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	4d 8b 7d 00          	mov    0x0(%r13),%r15
  1c:	49 8d bf 48 01 00 00 	lea    0x148(%r15),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 01 26 00 00    	jne    0x2635
  34:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3b:	fc ff df
  3e:	45                   	rex.RB

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/05/22 18:11 linux-4.14.y dffb5c6ff09c 7268fa62 .config console log report syz C ci2-linux-4-14 general protection fault in rdma_resolve_route
2019/10/24 04:52 linux-4.14.y b98aebd29824 b602d64b .config console log report syz C ci2-linux-4-14
2019/10/06 22:59 linux-4.14.y db1892238c55 f3f7d9c8 .config console log report syz C ci2-linux-4-14
2022/05/22 17:13 linux-4.14.y dffb5c6ff09c 7268fa62 .config console log report info ci2-linux-4-14 general protection fault in rdma_resolve_route
2022/05/15 17:21 linux-4.14.y 569d1abf9402 744a39e2 .config console log report info ci2-linux-4-14 general protection fault in rdma_resolve_route
2022/03/01 07:47 linux-4.14.y fa33f9094f36 45a13a73 .config console log report info ci2-linux-4-14 general protection fault in rdma_resolve_route
2021/03/24 19:49 linux-4.14.y 670d6552eda8 607e3baf .config console log report info ci2-linux-4-14 general protection fault in rdma_resolve_route
2020/07/07 21:10 linux-4.14.y b850307b279c 08fc4ef1 .config console log report ci2-linux-4-14
2019/10/06 22:20 linux-4.14.y db1892238c55 f3f7d9c8 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.