syzbot

 sign-in | mailing list | source | docs
🐞 Open [977] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in rose_send_frame

Status: fixed on 2021/03/10 01:49
Reported-by: syzbot+7078ae989d857fe17988@syzkaller.appspotmail.com
Fix commit: 3b3fd068c56e rose: Fix Null pointer dereference in rose_send_frame()
First crash: 1925d, last: 1245d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: BUG: unable to handle kernel NULL pointer dereference in ax25cmp (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 3b3fd068c56e3fbea30090859216a368398e39bf
Author: Anmol Karn <anmol.karan123@gmail.com>
Date: Thu Nov 19 19:10:43 2020 +0000

  rose: Fix Null pointer dereference in rose_send_frame()

  
Discussions (3)
Title Replies (including bot) Last reply
general protection fault in rose_send_frame 1 (6) 2020/12/21 09:22
Reminder: 3 open syzbot bugs in "net/rose" subsystem 1 (1) 2019/07/24 02:39
Reminder: 3 open syzbot bugs in "net/rose" subsystem 1 (1) 2019/06/27 03:47
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 general protection fault in rose_send_frame C done 5 1247d 1824d 1/1 fixed on 2020/12/23 11:20
upstream general protection fault in rose_send_frame (2) hams 7 533d 557d 22/26 fixed on 2023/02/24 13:50
linux-4.14 general protection fault in rose_send_frame C inconclusive 6 1365d 1817d 0/1 upstream: reported C repro on 2019/04/28 12:17
Last patch testing requests (4)
Created Duration User Patch Repo Result
2020/11/19 12:40 17m anmol.karan123@gmail.com patch upstream OK
2020/11/19 11:19 17m anmol.karan123@gmail.com patch upstream OK
2020/10/30 08:52 18m anmol.karan123@gmail.com patch upstream OK
2020/08/28 10:36 17m yepeilin.cs@gmail.com patch upstream OK
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2020/12/20 09:36 3h50m bisect fix upstream job log (1)
2020/11/20 02:14 23m bisect fix upstream job log (0) log
2020/10/21 01:48 25m bisect fix upstream job log (0) log
2020/01/14 13:40 20m bisect fix upstream job log (0) log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000006a: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000350-0x0000000000000357]
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rose_send_frame+0x1dd/0x2f0 net/rose/rose_link.c:101
Code: 48 c1 ea 03 80 3c 02 00 0f 85 06 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 20 48 8d bd 50 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ea 00 00 00 4c 8b bd 50 03 00 00 e9 77 fe ff ff
RSP: 0018:ffffc90000007b18 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff8880995ff400 RCX: ffffffff870f52a3
RDX: 000000000000006a RSI: ffffffff870f5412 RDI: 0000000000000350
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff8880995ff8e3
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880995ff400
R13: 0000000000000078 R14: ffff88809dbfc980 R15: 0000000000000010
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000190 CR3: 0000000093430000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 rose_transmit_clear_request+0x1d5/0x290 net/rose/rose_link.c:255
 rose_rx_call_request+0x4bd/0x1978 net/rose/af_rose.c:998
 rose_loopback_timer+0x15d/0x470 net/rose/rose_loopback.c:100
 call_timer_fn+0x1ac/0x760 kernel/time/timer.c:1415
 expire_timers kernel/time/timer.c:1460 [inline]
 __run_timers.part.0+0x54c/0xa20 kernel/time/timer.c:1784
 __run_timers kernel/time/timer.c:1756 [inline]
 run_timer_softirq+0xae/0x1a0 kernel/time/timer.c:1797
 __do_softirq+0x34c/0xa60 kernel/softirq.c:292
 asm_call_on_stack+0xf/0x20 arch/x86/entry/entry_64.S:711
 </IRQ>
 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline]
 run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline]
 do_softirq_own_stack+0x111/0x170 arch/x86/kernel/irq_64.c:77
 invoke_softirq kernel/softirq.c:387 [inline]
 __irq_exit_rcu kernel/softirq.c:417 [inline]
 irq_exit_rcu+0x229/0x270 kernel/softirq.c:429
 sysvec_apic_timer_interrupt+0x54/0x120 arch/x86/kernel/apic/apic.c:1091
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:585
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
Code: ff 4c 89 ef e8 33 c9 ca f9 e9 8e fe ff ff 48 89 df e8 26 c9 ca f9 eb 8a cc cc cc cc e9 07 00 00 00 0f 00 2d 74 5f 60 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 5f 60 00 f4 c3 cc cc 55 53 e8 29
RSP: 0018:ffffffff89a07c70 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff89a86580 RSI: ffffffff87e85c48 RDI: ffffffff87e85c1e
RBP: ffff88821ae59864 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88821ae59864
R13: 1ffffffff1340f98 R14: ffff88821ae59865 R15: 0000000000000001
 arch_safe_halt arch/x86/include/asm/paravirt.h:150 [inline]
 acpi_safe_halt+0x8d/0x110 drivers/acpi/processor_idle.c:111
 acpi_idle_do_entry+0x15c/0x1b0 drivers/acpi/processor_idle.c:525
 acpi_idle_enter+0x3f9/0xab0 drivers/acpi/processor_idle.c:651
 cpuidle_enter_state+0xff/0x960 drivers/cpuidle/cpuidle.c:235
 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:346
 call_cpuidle kernel/sched/idle.c:126 [inline]
 cpuidle_idle_call kernel/sched/idle.c:214 [inline]
 do_idle+0x431/0x6d0 kernel/sched/idle.c:276
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:372
 start_kernel+0x9cb/0xa06 init/main.c:1043
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Modules linked in:
---[ end trace 279b9ab81f278f55 ]---
RIP: 0010:rose_send_frame+0x1dd/0x2f0 net/rose/rose_link.c:101
Code: 48 c1 ea 03 80 3c 02 00 0f 85 06 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 20 48 8d bd 50 03 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ea 00 00 00 4c 8b bd 50 03 00 00 e9 77 fe ff ff
RSP: 0018:ffffc90000007b18 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff8880995ff400 RCX: ffffffff870f52a3
RDX: 000000000000006a RSI: ffffffff870f5412 RDI: 0000000000000350
RBP: 0000000000000000 R08: 0000000000000001 R09: ffff8880995ff8e3
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880995ff400
R13: 0000000000000078 R14: ffff88809dbfc980 R15: 0000000000000010
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000190 CR3: 0000000093430000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (664):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/26 05:46 upstream 23ee3e4e5bd2 1f7cc1ca .config console log report syz C ci-upstream-kasan-gce-root
2020/07/25 18:10 upstream 68845a55c31b 1f7cc1ca .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/08/09 15:38 upstream b678c568c561 ede31a9b .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/08/09 15:13 upstream b678c568c561 ede31a9b .config console log report syz C ci-upstream-kasan-gce-root
2019/07/21 04:13 upstream c6dd78fcb8ee 1656845f .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/07/21 03:52 upstream c6dd78fcb8ee 1656845f .config console log report syz C ci-upstream-kasan-gce-root
2019/04/28 12:57 upstream 037904a22bf8 b617407b .config console log report syz C ci-upstream-kasan-gce-root
2019/04/28 09:46 upstream 037904a22bf8 b617407b .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/04/28 09:45 upstream 037904a22bf8 b617407b .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/03/28 08:42 upstream 1a9df9e29c2a f94f56fe .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/03/04 03:43 upstream 1c163f4c7b3f 1c0e457a .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/03/03 19:32 upstream c027c7cf1577 1c0e457a .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/03/03 18:29 upstream c027c7cf1577 1c0e457a .config console log report syz C ci-upstream-kasan-gce-root
2019/02/24 00:03 upstream e60b5f79bd75 7a06e792 .config console log report syz C ci-upstream-kasan-gce-root
2019/02/22 18:50 upstream 8a61716ff2ab 6a5fcca4 .config console log report syz C ci-upstream-kasan-gce-root
2020/07/21 22:34 net-old 6ef9dcb78046 21f1765e .config console log report syz C ci-upstream-net-this-kasan-gce
2019/08/09 14:43 net-old 8c25d0887a8b ede31a9b .config console log report syz C ci-upstream-net-this-kasan-gce
2019/07/21 03:47 net-old 89099d855bf0 1656845f .config console log report syz C ci-upstream-net-this-kasan-gce
2019/04/28 09:55 net-old b2a20fd0725e b617407b .config console log report syz C ci-upstream-net-this-kasan-gce
2019/02/22 18:51 net-old 6321aa197547 6a5fcca4 .config console log report syz C ci-upstream-net-this-kasan-gce
2020/07/22 00:04 net-next-old 71d4364abdc5 21f1765e .config console log report syz C ci-upstream-net-kasan-gce
2019/08/09 15:20 net-next-old fcc32a21655e ede31a9b .config console log report syz C ci-upstream-net-kasan-gce
2019/07/21 03:11 net-next-old 31cc088a4f5d 1656845f .config console log report syz C ci-upstream-net-kasan-gce
2019/04/28 09:24 net-next-old 7cb523d4fec7 b617407b .config console log report syz C ci-upstream-net-kasan-gce
2019/03/28 02:26 net-next-old 5133a4a800fd 4e668495 .config console log report syz C ci-upstream-net-kasan-gce
2019/03/03 18:02 net-next-old d5fa9c55e5f3 1c0e457a .config console log report syz C ci-upstream-net-kasan-gce
2019/02/22 18:25 net-next-old 7a25c6c0aac8 6a5fcca4 .config console log report syz C ci-upstream-net-kasan-gce
2020/07/25 17:14 linux-next 26027945c94a 1f7cc1ca .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/08/09 16:31 linux-next 87b983f55b8c ede31a9b .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/21 04:02 linux-next 6d21a41b7b1f 1656845f .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/28 09:46 linux-next 3ddfa8af5dc9 b617407b .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/02/22 18:50 linux-next 94a47529a645 6a5fcca4 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/07 23:00 upstream 3b0468914708 c34fde03 .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/04/07 23:00 upstream 3b0468914708 c34fde03 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/04/07 22:58 upstream 3b0468914708 c34fde03 .config console log report syz ci-upstream-kasan-gce-root
2019/02/24 00:19 upstream e60b5f79bd75 7a06e792 .config console log report syz ci-upstream-kasan-gce-smack-root
2019/02/23 23:55 upstream e60b5f79bd75 7a06e792 .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/02/06 01:03 upstream 8834f5600cf3 d672172c .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/02/05 10:31 upstream 8834f5600cf3 d672172c .config console log report syz ci-upstream-kasan-gce-smack-root
2019/04/08 07:11 net-old b959ecf8f953 c34fde03 .config console log report syz ci-upstream-net-this-kasan-gce
2019/03/28 05:06 net-old 1a9df9e29c2a f94f56fe .config console log report syz ci-upstream-net-this-kasan-gce
2019/02/23 23:11 net-old 61a65d32fe91 7a06e792 .config console log report syz ci-upstream-net-this-kasan-gce
2019/02/05 09:56 net-old 0429f237ce08 d672172c .config console log report syz ci-upstream-net-this-kasan-gce
2019/04/07 22:07 net-next-old f1054c65bca6 c34fde03 .config console log report syz ci-upstream-net-kasan-gce
2019/02/23 19:27 net-next-old e59d790959b4 18107ce0 .config console log report syz ci-upstream-net-kasan-gce
2019/02/04 05:42 net-next-old 9fb20801dab4 c198d5dd .config console log report syz ci-upstream-net-kasan-gce
2019/02/23 22:46 linux-next 94a47529a645 7a06e792 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/02/05 09:55 linux-next 1ff540338564 d672172c .config console log report syz ci-upstream-linux-next-kasan-gce-root
2020/09/21 01:24 net-old f13d783a184e 9564d2e9 .config console log report info ci-upstream-net-this-kasan-gce
2020/08/25 18:59 net-old b274e47d9e3f 344da168 .config console log report ci-upstream-net-this-kasan-gce
2020/08/14 16:38 net-old a1d21081a60d 424dd8e7 .config console log report ci-upstream-net-this-kasan-gce
2020/08/14 04:45 net-old 9643609423c7 54ce1ed6 .config console log report ci-upstream-net-this-kasan-gce
2020/08/12 10:56 net-old 633f5b6bca9b bb3e5fe6 .config console log report ci-upstream-net-this-kasan-gce
2020/08/07 17:52 net-old 8912fd6a61d7 cb436c69 .config console log report ci-upstream-net-this-kasan-gce
2020/07/13 04:15 net-old 1df0d8960499 9ebcc5b1 .config console log report ci-upstream-net-this-kasan-gce
2020/07/03 19:00 net-old e4b9a72d76a4 bed10395 .config console log report ci-upstream-net-this-kasan-gce
2020/06/07 19:21 net-old 4e2905adac9f 2c2b926c .config console log report ci-upstream-net-this-kasan-gce
2020/06/06 19:40 net-old 7f89cc07d22a e6b89e4e .config console log report ci-upstream-net-this-kasan-gce
2020/05/18 08:53 net-old e3f2d5579c0b 37bccd4e .config console log report ci-upstream-net-this-kasan-gce
2020/05/03 11:22 net-old dc30b4059f6e 5457883a .config console log report ci-upstream-net-this-kasan-gce
2020/04/21 09:54 net-old bdbe05b381ec 98a9f9e6 .config console log report ci-upstream-net-this-kasan-gce
2020/08/29 00:01 net-next-old 0baf01942d3d d5a3ae1f .config console log report ci-upstream-net-kasan-gce
2020/08/09 02:33 net-next-old bfdd5aaa54b0 f721e4a0 .config console log report ci-upstream-net-kasan-gce
2020/08/08 19:49 net-next-old bfdd5aaa54b0 f721e4a0 .config console log report ci-upstream-net-kasan-gce
2020/08/01 18:48 net-next-old 8f3f330da28e d895b3be .config console log report ci-upstream-net-kasan-gce
2020/08/01 02:22 net-next-old bd69058f50d5 d895b3be .config console log report ci-upstream-net-kasan-gce
2020/07/31 08:49 net-next-old 41d707b7332f 8df85ed9 .config console log report ci-upstream-net-kasan-gce
2020/07/30 00:55 net-next-old 41d707b7332f 233283a1 .config console log report ci-upstream-net-kasan-gce
2020/07/24 11:20 net-next-old 1b6687e31a2d 554af388 .config console log report ci-upstream-net-kasan-gce
2020/07/24 09:40 net-next-old 7fc3b978a897 70c104a1 .config console log report ci-upstream-net-kasan-gce
2020/07/20 21:25 net-next-old 7dce80c2a526 4285ffa3 .config console log report ci-upstream-net-kasan-gce
2020/07/20 10:02 net-next-old 7dce80c2a526 9c812472 .config console log report ci-upstream-net-kasan-gce
2020/07/14 09:48 net-next-old 2be53e0e4690 ce4c95b3 .config console log report ci-upstream-net-kasan-gce
2020/07/11 03:35 net-next-old a594920f8747 18d18b59 .config console log report ci-upstream-net-kasan-gce
2020/07/09 02:23 net-next-old e80a07b244dd bc238812 .config console log report ci-upstream-net-kasan-gce
2020/06/28 21:30 net-next-old b08866f42a87 a2cdad9d .config console log report ci-upstream-net-kasan-gce
2020/06/17 01:04 net-next-old cb8e59cc8720 559fbe2d .config console log report ci-upstream-net-kasan-gce
2020/06/03 05:08 net-next-old e8224bfe7729 f3ba1b5b .config console log report ci-upstream-net-kasan-gce
2020/06/01 17:21 net-next-old 1806c13dc253 a0331e89 .config console log report ci-upstream-net-kasan-gce
2020/05/31 18:08 net-next-old 39884604b116 a0331e89 .config console log report ci-upstream-net-kasan-gce
2020/05/18 02:02 net-next-old dbfe7d74376e 37bccd4e .config console log report ci-upstream-net-kasan-gce
2020/05/16 23:49 net-next-old 6f42a2930565 37bccd4e .config console log report ci-upstream-net-kasan-gce
2020/05/13 06:02 net-next-old 51fa960d3b51 a44eb8f7 .config console log report ci-upstream-net-kasan-gce
2020/05/07 06:45 net-next-old 2f8649900b7d 4618eb2d .config console log report ci-upstream-net-kasan-gce
2020/05/05 01:16 net-next-old bf6dba76d278 9941337c .config console log report ci-upstream-net-kasan-gce
2020/05/03 23:48 net-next-old ee1bd483cc06 58ae5e18 .config console log report ci-upstream-net-kasan-gce
2020/05/03 20:40 net-next-old ee1bd483cc06 58ae5e18 .config console log report ci-upstream-net-kasan-gce
2020/04/20 02:37 net-next-old 0fde6e3b55a1 9f7c6d12 .config console log report ci-upstream-net-kasan-gce
2020/04/17 17:10 net-next-old 2fcd80144b93 18397578 .config console log report ci-upstream-net-kasan-gce
2020/04/01 23:31 net-next-old 1a323ea5356e a34e2c33 .config console log report ci-upstream-net-kasan-gce
2020/04/01 21:16 net-next-old 1a323ea5356e a34e2c33 .config console log report ci-upstream-net-kasan-gce
2020/03/15 18:38 net-next-old 0c907754ae9d 749688d2 .config console log report ci-upstream-net-kasan-gce
2020/03/15 04:35 net-next-old 94229d45239b 749688d2 .config console log report ci-upstream-net-kasan-gce
2019/01/10 09:29 net-next-old b71acb0e3721 45c0c1b1 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.