syzbot


general protection fault in __tipc_sendstream

Status: fixed on 2020/07/17 17:58
Subsystems: tipc
[Documentation on labels]
Reported-by: syzbot+8eac6d030e7807c21d32@syzkaller.appspotmail.com
Fix commit: 4c21daae3dbc tipc: Fix NULL pointer dereference in __tipc_sendstream() 5e9eeccc58f3 tipc: fix NULL pointer dereference in streaming
First crash: 1659d, last: 1628d
Cause bisection: introduced by (bisect log) :
commit 0a3e060f340dbe232ffa290c40f879b7f7db595b
Author: Tuong Lien <tuong.t.lien@dektech.com.au>
Date: Tue May 26 09:38:38 2020 +0000

  tipc: add test for Nagle algorithm effectiveness

Crash: general protection fault in __tipc_sendstream (log)
Repro: C syz .config
  
Discussions (6)
Title Replies (including bot) Last reply
[net-next] tipc: fix NULL pointer dereference in streaming 5 (5) 2020/07/21 12:26
[PATCH 5.7 000/112] 5.7.8-rc1 review 121 (121) 2020/07/09 09:29
[PATCH 5.6 000/161] 5.6.19-rc1 review 164 (164) 2020/06/16 17:11
[PATCH 5.7 000/163] 5.7.3-rc1 review 164 (164) 2020/06/16 15:35
[PATCH net-next] tipc: Fix NULL pointer dereference in __tipc_sendstream() 3 (3) 2020/06/01 22:35
general protection fault in __tipc_sendstream 0 (1) 2020/05/27 19:34

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf]
CPU: 1 PID: 7060 Comm: syz-executor394 Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__tipc_sendstream+0xbde/0x11f0 net/tipc/socket.c:1591
Code: 00 00 00 00 48 39 5c 24 28 48 0f 44 d8 e8 fa 3e db f9 48 b8 00 00 00 00 00 fc ff df 48 8d bb c8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 04 00 00 48 8b 9b c8 00 00 00 48 b8 00 00 00
RSP: 0018:ffffc90003ef7818 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8797fd9d
RDX: 0000000000000019 RSI: ffffffff8797fde6 RDI: 00000000000000c8
RBP: ffff888099848040 R08: ffff88809a5f6440 R09: fffffbfff1860b4c
R10: ffffffff8c305a5f R11: fffffbfff1860b4b R12: ffff88809984857e
R13: 0000000000000000 R14: ffff888086aa4000 R15: 0000000000000000
FS:  00000000009b4880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000140 CR3: 00000000a7fdf000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tipc_sendstream+0x4c/0x70 net/tipc/socket.c:1533
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x32f/0x810 net/socket.c:2352
 ___sys_sendmsg+0x100/0x170 net/socket.c:2406
 __sys_sendmmsg+0x195/0x480 net/socket.c:2496
 __do_sys_sendmmsg net/socket.c:2525 [inline]
 __se_sys_sendmmsg net/socket.c:2522 [inline]
 __x64_sys_sendmmsg+0x99/0x100 net/socket.c:2522
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x440199
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffe74856df8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440199
RDX: 0492492492492619 RSI: 0000000020003240 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401a20
R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 0d2e71066c248d44 ]---
RIP: 0010:__tipc_sendstream+0xbde/0x11f0 net/tipc/socket.c:1591
Code: 00 00 00 00 48 39 5c 24 28 48 0f 44 d8 e8 fa 3e db f9 48 b8 00 00 00 00 00 fc ff df 48 8d bb c8 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e2 04 00 00 48 8b 9b c8 00 00 00 48 b8 00 00 00
RSP: 0018:ffffc90003ef7818 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8797fd9d
RDX: 0000000000000019 RSI: ffffffff8797fde6 RDI: 00000000000000c8
RBP: ffff888099848040 R08: ffff88809a5f6440 R09: fffffbfff1860b4c
R10: ffffffff8c305a5f R11: fffffbfff1860b4b R12: ffff88809984857e
R13: 0000000000000000 R14: ffff888086aa4000 R15: 0000000000000000
FS:  00000000009b4880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000140 CR3: 00000000a7fdf000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (444):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/27 00:35 net-next-old fb8ddaa91539 9072c126 .config console log report syz C ci-upstream-net-kasan-gce
2020/06/05 04:42 linux-next e7b08814b16b 6720fdef .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/06/02 02:53 net-next-old 1806c13dc253 a0331e89 .config console log report ci-upstream-net-kasan-gce
2020/05/26 23:27 net-next-old fb8ddaa91539 9072c126 .config console log report ci-upstream-net-kasan-gce
2020/06/27 03:02 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/27 01:52 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/27 00:21 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/26 22:25 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/26 15:57 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/26 11:53 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/26 10:26 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/26 08:36 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/26 05:42 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/26 04:23 linux-next e7b08814b16b aea82c00 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/25 08:05 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/25 04:05 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 23:44 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 19:50 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 15:06 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 09:09 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 07:44 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 05:04 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 03:56 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/24 03:28 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/23 23:31 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/23 22:03 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/23 20:55 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/23 20:54 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/23 15:16 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/23 14:15 linux-next e7b08814b16b 54566aff .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/22 02:44 linux-next e7b08814b16b 4f2acff9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/22 00:24 linux-next e7b08814b16b 4f2acff9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/21 23:18 linux-next e7b08814b16b 4f2acff9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/21 20:13 linux-next e7b08814b16b 4f2acff9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/21 19:06 linux-next e7b08814b16b 4f2acff9 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/20 07:40 linux-next e7b08814b16b 81abc331 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/19 20:04 linux-next e7b08814b16b 81abc331 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/19 16:45 linux-next e7b08814b16b bc258b50 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/19 15:28 linux-next e7b08814b16b bc258b50 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/19 13:15 linux-next e7b08814b16b bc258b50 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/19 11:01 linux-next e7b08814b16b bc258b50 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/18 23:43 linux-next e7b08814b16b d45a4d69 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/18 13:41 linux-next e7b08814b16b d45a4d69 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/18 02:38 linux-next e7b08814b16b b9f3810b .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/17 22:37 linux-next e7b08814b16b b9f3810b .config console log report ci-upstream-linux-next-kasan-gce-root
2020/06/17 07:17 linux-next e7b08814b16b b9f3810b .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.