syzbot


kernel BUG at include/linux/scatterlist.h:LINE!

Status: fixed on 2019/12/13 00:31
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+df0d4ec12332661dd1f9@syzkaller.appspotmail.com
Fix commit: d10523d0b3d7 net/tls: free the record on encryption error
First crash: 1854d, last: 1660d
Cause bisection: introduced by (bisect log) :
commit f295b3ae9f5927e084bd5decdff82390e3471801
Author: Vakul Garg <vakul.garg@nxp.com>
Date: Wed Mar 20 02:03:36 2019 +0000

  net/tls: Add support of AES128-CCM based ciphers

Crash: kernel BUG at include/linux/scatterlist.h:LINE! (log)
Repro: C syz .config
  
Duplicate bugs (1)
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
kernel BUG at ./include/linux/scatterlist.h:LINE! net C done 23 1682d 1825d 0/27 closed as dup on 2019/11/19 04:50
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 5.4 00/46] 5.4.2-stable review 58 (58) 2019/12/06 13:05
[PATCH 5.3 000/135] 5.3.15-stable review 140 (140) 2019/12/04 19:13
[PATCH net 0/8] net: tls: fix scatter-gather list issues 12 (12) 2019/11/29 06:44
[RFC net] net/tls: clear SG markings on encryption error 6 (6) 2019/11/25 19:58
kernel BUG at include/linux/scatterlist.h:LINE! 3 (4) 2019/11/19 20:30
Reminder: 6 active syzbot reports in "net/tls" subsystem 1 (1) 2019/08/16 04:18
Reminder: 17 open syzbot bugs in "net/tls" subsystem 1 (1) 2019/06/25 05:50
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 kernel BUG at include/linux/scatterlist.h:LINE! C done inconclusive 22 1486d 1679d 0/1 upstream: reported C repro on 2019/11/13 05:58

Sample crash report:
------------[ cut here ]------------
kernel BUG at include/linux/scatterlist.h:97!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8868 Comm: syz-executor428 Not tainted 5.2.0-rc1+ #21
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:sg_assign_page include/linux/scatterlist.h:97 [inline]
RIP: 0010:sg_set_page include/linux/scatterlist.h:119 [inline]
RIP: 0010:sk_msg_page_add include/linux/skmsg.h:246 [inline]
RIP: 0010:tls_sw_do_sendpage net/tls/tls_sw.c:1171 [inline]
RIP: 0010:tls_sw_sendpage+0xd63/0xf50 net/tls/tls_sw.c:1230
Code: c6 c0 38 0d 88 4c 89 ef e8 aa 4c 89 fb 0f 0b e8 73 38 61 fb 4d 8d 6c 24 ff e9 92 f8 ff ff e8 64 38 61 fb 0f 0b e8 5d 38 61 fb <0f> 0b 45 31 ed e9 bc fe ff ff e8 4e 38 61 fb 83 85 c4 fe ff ff 01
RSP: 0018:ffff888091caf8f8 EFLAGS: 00010293
RAX: ffff8880a659e640 RBX: dffffc0000000000 RCX: ffffffff860f65b3
RDX: 0000000000000000 RSI: ffffffff860f6c13 RDI: 0000000000000007
RBP: ffff888091cafa48 R08: ffff8880a659e640 R09: fffff940004cac97
R10: fffff940004cac96 R11: ffffea00026564b7 R12: 0000000000000004
R13: 0000000000000001 R14: ffff8880a44f4e88 R15: ffff8880a57a6d00
FS:  000055555579e880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000009b335000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 inet_sendpage+0x168/0x630 net/ipv4/af_inet.c:819
 kernel_sendpage+0x92/0xf0 net/socket.c:3648
 sock_sendpage+0x8b/0xc0 net/socket.c:946
 pipe_to_sendpage+0x296/0x360 fs/splice.c:448
 splice_from_pipe_feed fs/splice.c:499 [inline]
 __splice_from_pipe+0x38c/0x7d0 fs/splice.c:623
 splice_from_pipe+0x108/0x170 fs/splice.c:658
 generic_splice_sendpage+0x3c/0x50 fs/splice.c:828
 do_splice_from fs/splice.c:847 [inline]
 do_splice+0x708/0x1410 fs/splice.c:1154
 __do_sys_splice fs/splice.c:1424 [inline]
 __se_sys_splice fs/splice.c:1404 [inline]
 __x64_sys_splice+0x2c6/0x330 fs/splice.c:1404
 do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4413e9

Crashes (307):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/05/22 04:13 net-old af8f3fb7fb07 13427bd9 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/05/22 04:17 net-next-old f49aa1de9836 13427bd9 .config console log report syz C ci-upstream-net-kasan-gce
2019/11/21 18:46 upstream c74386d50fba 8098ea0f .config console log report ci-upstream-kasan-gce-root
2019/11/19 12:33 upstream af42d3466bdc 5bc70212 .config console log report ci-upstream-kasan-gce-root
2019/11/10 22:49 upstream 00aff6836241 dc438b91 .config console log report ci-upstream-kasan-gce
2019/11/09 09:00 upstream 6737e7634951 dc438b91 .config console log report ci-upstream-kasan-gce-selinux-root
2019/11/04 10:52 upstream a99d8080aaf3 b35fad31 .config console log report ci-upstream-kasan-gce
2019/11/01 02:41 upstream e472c64aa4fa a41ca8fa .config console log report ci-upstream-kasan-gce-root
2019/10/31 21:15 upstream e472c64aa4fa a41ca8fa .config console log report ci-upstream-kasan-gce
2019/10/28 10:05 upstream d6d5df1db6e9 25bb509e .config console log report ci-upstream-kasan-gce-root
2019/10/27 02:24 upstream f877bee5ea0b 25bb509e .config console log report ci-upstream-kasan-gce
2019/10/24 22:36 upstream f116b96685a0 d01bb02a .config console log report ci-upstream-kasan-gce-selinux-root
2019/10/16 05:21 upstream 3b1f00aceb7a d4ea592f .config console log report ci-upstream-kasan-gce
2019/10/14 03:30 upstream da94001239cc 2f661ec4 .config console log report ci-upstream-kasan-gce
2019/10/13 04:36 upstream 48acba989ed5 426631dd .config console log report ci-upstream-kasan-gce
2019/10/11 06:24 upstream fb20da6af705 1a3bad90 .config console log report ci-upstream-kasan-gce
2019/10/09 04:18 upstream eda57a0e4299 b1ebbfef .config console log report ci-upstream-kasan-gce-root
2019/10/05 14:26 upstream b145b0eb2031 f3f7d9c8 .config console log report ci-upstream-kasan-gce
2019/10/05 04:28 upstream b145b0eb2031 f3f7d9c8 .config console log report ci-upstream-kasan-gce-selinux-root
2019/06/16 05:29 upstream e01e060fe00d 442206d7 .config console log report ci-upstream-kasan-gce-smack-root
2019/11/25 14:19 net-old 312434617cb1 371caf77 .config console log report ci-upstream-net-this-kasan-gce
2019/11/24 08:48 net-old 34c36f4564b8 598ca6c8 .config console log report ci-upstream-net-this-kasan-gce
2019/11/10 09:30 net-old dd3d792def0d dc438b91 .config console log report ci-upstream-net-this-kasan-gce
2019/11/01 08:46 net-old 6d6f0383b697 a41ca8fa .config console log report ci-upstream-net-this-kasan-gce
2019/11/01 00:33 net-old 3da09663209d a41ca8fa .config console log report ci-upstream-net-this-kasan-gce
2019/10/27 07:52 net-old 45f338069941 25bb509e .config console log report ci-upstream-net-this-kasan-gce
2019/10/21 03:52 net-old 531e93d11470 8c88c9c1 .config console log report ci-upstream-net-this-kasan-gce
2019/10/15 09:28 net-old 8c16b55bbf84 05ad7292 .config console log report ci-upstream-net-this-kasan-gce
2019/10/14 05:15 net-old c23936fad79e 2f661ec4 .config console log report ci-upstream-net-this-kasan-gce
2019/10/05 11:45 net-old db9b2e0af605 f3f7d9c8 .config console log report ci-upstream-net-this-kasan-gce
2019/12/02 09:59 net-next-old 81b6b96475ac f879db37 .config console log report ci-upstream-net-kasan-gce
2019/12/01 00:22 net-next-old 81b6b96475ac a76bf83f .config console log report ci-upstream-net-kasan-gce
2019/11/22 17:13 net-next-old 13baf667fa8e 598ca6c8 .config console log report ci-upstream-net-kasan-gce
2019/11/21 04:19 net-next-old 1f12177b322d 8098ea0f .config console log report ci-upstream-net-kasan-gce
2019/11/20 08:34 net-next-old 272630feb4c0 f4b7ed07 .config console log report ci-upstream-net-kasan-gce
2019/11/19 11:32 net-next-old c4154cffa390 5bc70212 .config console log report ci-upstream-net-kasan-gce
2019/11/18 13:58 net-next-old 19b7e21c55c8 1daed50a .config console log report ci-upstream-net-kasan-gce
2019/11/13 16:02 net-next-old e0580b50d9d4 048f2d49 .config console log report ci-upstream-net-kasan-gce
2019/11/12 11:30 net-next-old 228200179213 048f2d49 .config console log report ci-upstream-net-kasan-gce
2019/11/10 01:22 net-next-old 92da362c07d4 dc438b91 .config console log report ci-upstream-net-kasan-gce
2019/11/05 13:55 net-next-old 56c1291ee48b 0f3ec414 .config console log report ci-upstream-net-kasan-gce
2019/11/03 23:06 net-next-old ae8a76fb8b5d c9610487 .config console log report ci-upstream-net-kasan-gce
2019/11/03 05:07 net-next-old c23fcbbc6aa4 a41ca8fa .config console log report ci-upstream-net-kasan-gce
2019/10/28 01:18 net-next-old 5b7fe93db008 25bb509e .config console log report ci-upstream-net-kasan-gce
2019/10/26 20:20 net-next-old 0629d2456ae3 25bb509e .config console log report ci-upstream-net-kasan-gce
2019/10/25 02:33 net-next-old fb8d1d7e3d34 d01bb02a .config console log report ci-upstream-net-kasan-gce
2019/10/19 09:24 net-next-old ebcd670d05d5 8c88c9c1 .config console log report ci-upstream-net-kasan-gce
2019/10/13 23:07 net-next-old c208bdb93788 2f661ec4 .config console log report ci-upstream-net-kasan-gce
2019/10/06 18:34 net-next-old fbe3d0c77c83 f3f7d9c8 .config console log report ci-upstream-net-kasan-gce
2019/11/11 00:58 linux-next 5591cf003452 dc438b91 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/10/20 22:32 linux-next c4b9850b3676 8c88c9c1 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/10/19 05:09 linux-next c4b9850b3676 8c88c9c1 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.