general protection fault in tls_push

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in tls_push_sg net				12	2021d	2130d	11/26	fixed on 2019/02/26 22:09
linux-4.19	general protection fault in tls_push_sg				3	1633d	1733d	0/1	auto-closed as invalid on 2020/02/27 15:41

kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8067 Comm: syz-executor191 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:compound_head include/linux/page-flags.h:142 [inline] RIP: 0010:put_page include/linux/mm.h:951 [inline] RIP: 0010:tls_push_sg+0x219/0x7c0 net/tls/tls_main.c:134 Code: 89 04 24 4c 89 e7 e8 86 be 69 fa 49 39 ec 75 ab e8 6c bd 69 fa 49 8d 7e 08 48 b9 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 <80> 3c 08 00 0f 85 b3 04 00 00 49 8b 5e 08 31 ff 48 89 dd 83 e5 01 RSP: 0018:ffff888095f7fa70 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffffff86f8c804 RDI: 0000000000000008 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000006 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88809ea9c040 FS: 00005555571ee300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 00000000a9163000 CR4: 00000000003406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tls_push_record+0xb4e/0x1370 net/tls/tls_sw.c:245 tls_handle_open_record net/tls/tls_main.c:156 [inline] tls_sk_proto_close+0x8cf/0xc20 net/tls/tls_main.c:271 inet_release+0xd7/0x1e0 net/ipv4/af_inet.c:427 inet6_release+0x4c/0x70 net/ipv6/af_inet6.c:472 __sock_release+0xcd/0x2a0 net/socket.c:599 sock_close+0x15/0x20 net/socket.c:1214 __fput+0x2ce/0x890 fs/file_table.c:278 task_work_run+0x148/0x1c0 kernel/task_work.c:113 exit_task_work include/linux/task_work.h:22 [inline] do_exit+0xbf3/0x2be0 kernel/exit.c:870 do_group_exit+0x125/0x310 kernel/exit.c:967 __do_sys_exit_group kernel/exit.c:978 [inline] __se_sys_exit_group kernel/exit.c:976 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7f67b6eeae29 Code: Bad RIP value. RSP: 002b:00007ffc50c0dd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f67b6f5e270 RCX: 00007f67b6eeae29 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffffffffffffffc0 R09: 0000000000000000 R10: 0000000000000028 R11: 0000000000000246 R12: 00007f67b6f5e270 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 Modules linked in: ---[ end trace 3573dbef9a90c10f ]--- RIP: 0010:__read_once_size include/linux/compiler.h:263 [inline] RIP: 0010:compound_head include/linux/page-flags.h:142 [inline] RIP: 0010:put_page include/linux/mm.h:951 [inline] RIP: 0010:tls_push_sg+0x219/0x7c0 net/tls/tls_main.c:134 Code: 89 04 24 4c 89 e7 e8 86 be 69 fa 49 39 ec 75 ab e8 6c bd 69 fa 49 8d 7e 08 48 b9 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 <80> 3c 08 00 0f 85 b3 04 00 00 49 8b 5e 08 31 ff 48 89 dd 83 e5 01 RSP: 0018:ffff888095f7fa70 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffffff86f8c804 RDI: 0000000000000008 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000006 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88809ea9c040 FS: 00005555571ee300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffdd762fff8 CR3: 0000000009e6d000 CR4: 00000000003406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 89 04 24 mov %eax,(%rsp) 3: 4c 89 e7 mov %r12,%rdi 6: e8 86 be 69 fa callq 0xfa69be91 b: 49 39 ec cmp %rbp,%r12 e: 75 ab jne 0xffffffbb 10: e8 6c bd 69 fa callq 0xfa69bd81 15: 49 8d 7e 08 lea 0x8(%r14),%rdi 19: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 20: fc ff df 23: 48 89 f8 mov %rdi,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction 2e: 0f 85 b3 04 00 00 jne 0x4e7 34: 49 8b 5e 08 mov 0x8(%r14),%rbx 38: 31 ff xor %edi,%edi 3a: 48 89 dd mov %rbx,%rbp 3d: 83 e5 01 and $0x1,%ebp

Crashes (6):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Manager	Title
2022/07/10 17:04	linux-4.19.y	3f8a27f9e27b	b5765a15	.config	console log	report	syz	C		ci2-linux-4-19	general protection fault in tls_push_sg
2022/03/25 15:42	linux-4.19.y	3f8a27f9e27b	89bc8608	.config	console log	report	syz	C		ci2-linux-4-19	general protection fault in tls_push_sg
2022/07/10 16:48	linux-4.19.y	3f8a27f9e27b	b5765a15	.config	console log	report			info	ci2-linux-4-19	general protection fault in tls_push_sg
2022/05/30 17:39	linux-4.19.y	3f8a27f9e27b	af70c3a9	.config	console log	report			info	ci2-linux-4-19	general protection fault in tls_push_sg
2022/03/25 15:25	linux-4.19.y	3f8a27f9e27b	89bc8608	.config	console log	report			info	ci2-linux-4-19	general protection fault in tls_push_sg
2022/03/21 10:19	linux-4.19.y	3f8a27f9e27b	e2d91b1d	.config	console log	report			info	ci2-linux-4-19	general protection fault in tls_push_sg

Crashes (6):

Assets (help?)