syzbot


general protection fault in rdma_listen (2)

Status: fixed on 2020/05/10 10:41
Subsystems: rdma
[Documentation on labels]
Reported-by: syzbot+6b46b135602a3f3ac99e@syzkaller.appspotmail.com
Fix commit: 7c11910783a1 RDMA/ucma: Put a lock around every call to the rdma_cm layer
First crash: 1934d, last: 1422d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel NULL pointer dereference in rdma_listen (log)
Repro: syz .config
  
Discussions (11)
Title Replies (including bot) Last reply
[PATCH 4.19 00/54] 4.19.115-rc1 review 70 (70) 2020/05/27 20:33
[PATCH AUTOSEL 5.4 001/108] net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware 111 (111) 2020/04/17 17:18
[PATCH AUTOSEL 5.6 001/149] net: hns3: drop the WQ_MEM_RECLAIM flag when allocating WQ 152 (152) 2020/04/17 17:06
[PATCH 5.6 00/38] 5.6.4-rc1 review 44 (44) 2020/04/14 10:36
[PATCH 5.5 00/44] 5.5.17-rc1 review 48 (48) 2020/04/14 10:36
[PATCH 5.4 00/41] 5.4.32-rc1 review 45 (45) 2020/04/14 10:36
[PATCH AUTOSEL 5.5 001/121] net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware 122 (122) 2020/04/12 01:16
[PATCH AUTOSEL 4.19 01/66] net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware 67 (67) 2020/04/12 01:16
Reminder: 11 open syzbot bugs in RDMA subsystem 1 (1) 2019/07/24 01:48
Reminder: 11 open syzbot bugs in RDMA subsystem 1 (1) 2019/06/25 05:48
general protection fault in rdma_listen (2) 2 (4) 2019/04/09 17:18
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 general protection fault in rdma_listen (2) 7 1411d 1431d 0/1 auto-closed as invalid on 2020/08/11 01:18
linux-4.19 general protection fault in rdma_listen 1 1712d 1712d 0/1 auto-closed as invalid on 2019/10/25 08:41
upstream general protection fault in rdma_listen rdma C 36 2165d 2177d 0/26 closed as dup on 2018/03/22 15:25
linux-4.14 BUG: corrupted list in rdma_listen (2) C error 21 542d 1302d 0/1 upstream: reported C repro on 2020/07/30 18:22
linux-4.14 general protection fault in rdma_listen 7 1364d 1451d 0/1 auto-closed as invalid on 2020/09/26 15:09
Fix bisection attempts (5)
Created Duration User Patch Repo Result
2020/01/27 21:44 20m bisect fix upstream job log (0) log
2019/12/18 16:23 18m bisect fix upstream job log (0) log
2019/11/04 19:40 20m bisect fix upstream job log (0) log
2019/10/05 19:18 21m bisect fix upstream job log (0) log
2019/08/19 06:35 20m bisect fix upstream job log (0) log

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 6506 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #117
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:cma_bind_listen drivers/infiniband/core/cma.c:3355 [inline]
RIP: 0010:rdma_listen+0x357/0x990 drivers/infiniband/core/cma.c:3469
Code: 4c 8b ab c8 01 00 00 31 f6 48 c7 c7 e0 3b db 89 e8 4e e9 25 02 48 b8 00 00 00 00 00 fc ff df 49 8d 7d 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 64 05 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffff8881b79bf970 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8881ae7b35c0 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000008
RBP: ffff8881b79bfa10 R08: fffffbfff13b6785 R09: fffffbfff13b6784
R10: ffff8881b79bf960 R11: ffffffff89db3c23 R12: 1ffff11036f37f31
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8881c5ec6800
FS:  00007f93cda84700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000126cfd0 CR3: 00000001ccd24000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ucma_listen+0x1a4/0x260 drivers/infiniband/core/ucma.c:1100
 ucma_write+0x365/0x460 drivers/infiniband/core/ucma.c:1689
 __vfs_write+0x119/0x9f0 fs/read_write.c:485
 vfs_write+0x1fc/0x560 fs/read_write.c:549
 ksys_write+0x101/0x260 fs/read_write.c:598
 __do_sys_write fs/read_write.c:610 [inline]
 __se_sys_write fs/read_write.c:607 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:607
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457569
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f93cda83c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569
RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000005
RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f93cda846d4
R13: 00000000004c571f R14: 00000000004d9360 R15: 00000000ffffffff
Modules linked in:
---[ end trace e9a895fef682ba60 ]---
RIP: 0010:cma_bind_listen drivers/infiniband/core/cma.c:3355 [inline]
RIP: 0010:rdma_listen+0x357/0x990 drivers/infiniband/core/cma.c:3469
Code: 4c 8b ab c8 01 00 00 31 f6 48 c7 c7 e0 3b db 89 e8 4e e9 25 02 48 b8 00 00 00 00 00 fc ff df 49 8d 7d 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 64 05 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffff8881b79bf970 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8881ae7b35c0 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000008
RBP: ffff8881b79bfa10 R08: fffffbfff13b6785 R09: fffffbfff13b6784
R10: ffff8881b79bf960 R11: ffffffff89db3c23 R12: 1ffff11036f37f31
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8881c5ec6800
FS:  00007f93cda84700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000126cfd0 CR3: 00000001ccd24000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (104):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/11/17 12:22 upstream 1ce80e0fe98e b08ee62a .config console log report syz ci-upstream-kasan-gce-smack-root
2018/11/16 18:12 upstream da5322e65940 f5e275d1 .config console log report syz ci-upstream-kasan-gce-selinux-root
2018/11/16 18:08 upstream da5322e65940 f5e275d1 .config console log report syz ci-upstream-kasan-gce-root
2018/11/16 17:43 upstream da5322e65940 f5e275d1 .config console log report syz ci-upstream-kasan-gce
2018/11/16 18:15 upstream da5322e65940 f5e275d1 .config console log report syz ci-upstream-kasan-gce-386
2020/03/11 05:32 linux-next 770fbb32d34e 35f53e45 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2018/11/16 18:10 linux-next 442b8cea2477 f5e275d1 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2020/04/02 02:15 upstream 1a323ea5356e a34e2c33 .config console log report ci-upstream-kasan-gce-root
2020/03/05 06:46 upstream 63623fd44972 c88c7b75 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/01 03:06 upstream 63623fd44972 c88c7b75 .config console log report ci-upstream-kasan-gce-selinux-root
2020/02/29 14:18 upstream f8788d86ab28 59b57593 .config console log report ci-upstream-kasan-gce-smack-root
2020/02/25 06:24 upstream f8788d86ab28 59b57593 .config console log report ci-upstream-kasan-gce-selinux-root
2020/02/14 20:11 upstream b19e8c684703 5d7b90f1 .config console log report ci-upstream-kasan-gce-selinux-root
2019/08/26 05:13 upstream a55aa89aab90 d21c5d9d .config console log report ci-upstream-kasan-gce
2019/04/04 18:38 upstream 145f47c7381d 6a475fff .config console log report ci-upstream-kasan-gce-root
2019/03/27 19:59 upstream 14c741de9386 4e668495 .config console log report ci-upstream-kasan-gce
2019/03/15 11:43 upstream f261c4e529da bab43553 .config console log report ci-upstream-kasan-gce
2019/03/12 20:55 upstream ea295481b6e3 a71bfb62 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/28 23:15 upstream 7d762d69145a 09aeeba4 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/20 16:12 upstream 40e196a906d9 c95f0707 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/17 10:54 upstream 64c0133eb88a f42dee6d .config console log report ci-upstream-kasan-gce
2019/02/16 18:57 upstream 5ded5871030e f42dee6d .config console log report ci-upstream-kasan-gce-root
2019/02/16 07:43 upstream 5ded5871030e f42dee6d .config console log report ci-upstream-kasan-gce
2019/02/14 01:44 upstream 1f947a7a011f 0a49c954 .config console log report ci-upstream-kasan-gce
2019/02/13 10:09 upstream 57902dc0670c 1eedba36 .config console log report ci-upstream-kasan-gce
2019/02/13 08:41 upstream 57902dc0670c 1eedba36 .config console log report ci-upstream-kasan-gce
2019/02/11 17:21 upstream d13937116f1e 73f5f452 .config console log report ci-upstream-kasan-gce
2019/02/10 10:41 upstream e8b50608f666 b4f792e4 .config console log report ci-upstream-kasan-gce-smack-root
2019/02/06 05:39 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce
2019/02/03 17:57 upstream 12491ed354d2 c198d5dd .config console log report ci-upstream-kasan-gce
2019/02/02 17:37 upstream cd984a5be215 c198d5dd .config console log report ci-upstream-kasan-gce-root
2019/02/01 03:19 upstream 9f789567142c 0e8ea0a3 .config console log report ci-upstream-kasan-gce-smack-root
2019/01/31 17:24 upstream af0c9af1b3f6 0e8ea0a3 .config console log report ci-upstream-kasan-gce-root
2019/01/29 18:26 upstream 4aa9fc2a435a aa432daf .config console log report ci-upstream-kasan-gce-root
2018/11/07 04:21 upstream 8053e5b93eca 8bd6bd63 .config console log report ci-upstream-kasan-gce-smack-root
2020/03/04 19:52 upstream 63623fd44972 c88c7b75 .config console log report ci-upstream-kasan-gce-386
2020/02/27 00:06 upstream f8788d86ab28 59b57593 .config console log report ci-upstream-kasan-gce-386
2019/09/05 19:18 upstream 3b47fd5ca9ea 040fda58 .config console log report ci-upstream-kasan-gce-386
2019/04/04 08:56 upstream 8ed86627f715 d6fc4177 .config console log report ci-upstream-kasan-gce-386
2019/04/01 15:20 upstream 79a3aaa7b82e ccf2355a .config console log report ci-upstream-kasan-gce-386
2019/03/29 03:40 upstream 8c7ae38d1ce1 14c58f8d .config console log report ci-upstream-kasan-gce-386
2019/03/26 06:31 upstream 8c2ffd917477 55684ce1 .config console log report ci-upstream-kasan-gce-386
2019/02/25 17:56 upstream 5908e6b738e3 a70141bf .config console log report ci-upstream-kasan-gce-386
2019/02/25 05:10 upstream c3619a482e15 7a06e792 .config console log report ci-upstream-kasan-gce-386
2019/02/21 18:49 upstream f6163d67cc31 3133098b .config console log report ci-upstream-kasan-gce-386
2019/02/16 17:49 upstream 5ded5871030e f42dee6d .config console log report ci-upstream-kasan-gce-386
2019/02/11 05:12 upstream df3865f8f568 b4f792e4 .config console log report ci-upstream-kasan-gce-386
2019/02/10 05:06 upstream e8b50608f666 b4f792e4 .config console log report ci-upstream-kasan-gce-386
2019/02/07 22:35 upstream b0314565da2b aa4feb03 .config console log report ci-upstream-kasan-gce-386
2019/02/05 13:00 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce-386
2019/02/05 06:15 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce-386
2019/02/03 07:18 upstream 12491ed354d2 c198d5dd .config console log report ci-upstream-kasan-gce-386
2019/01/29 23:42 upstream 4aa9fc2a435a aa432daf .config console log report ci-upstream-kasan-gce-386
2020/03/16 14:57 linux-next 770fbb32d34e 749688d2 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/06 02:03 linux-next 1ff540338564 d672172c .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/02 22:23 linux-next dc4c89997735 c198d5dd .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.