syzbot


BUG: unable to handle kernel NULL pointer dereference in rds_bind

Status: fixed on 2019/10/15 23:40
Subsystems: rds
[Documentation on labels]
Reported-by: syzbot+fae39afd2101a17ec624@syzkaller.appspotmail.com
Fix commit: 05733434ee9a net/rds: Check laddr_check before calling it
First crash: 1848d, last: 1832d
Cause bisection: introduced by (bisect log) :
commit b9a1e627405d68d475a3c1f35e685ccfb5bbe668
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date: Thu Jul 4 00:21:13 2019 +0000

  hsr: implement dellink to clean up resources

Crash: general protection fault in send_hsr_supervision_frame (log)
Repro: C syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 5.3 000/344] 5.3.4-stable review 360 (360) 2019/11/11 06:01
[PATCH net] net/rds: Check laddr_check before calling it 9 (9) 2019/09/27 10:12
BUG: unable to handle kernel NULL pointer dereference in rds_bind 2 (3) 2019/09/16 17:57

Sample crash report:
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 8ec3c067 P4D 8ec3c067 PUD a2d08067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8675 Comm: syz-executor969 Not tainted 5.3.0+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffff888096b07cd8 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffff89b3adc0 RCX: ffffffff86bd6a59
RDX: 0000000000000000 RSI: ffff888096b07d40 RDI: ffffffff89990040
RBP: ffff888096b07da8 R08: ffff88809c473c58 R09: fffffbfff14ef142
R10: fffffbfff14ef141 R11: ffffffff8a778a0f R12: ffff88809c473780
R13: ffffffff89990040 R14: 0000000000000000 R15: ffff888096b07d40
FS:  000055555688d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000000948d2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rds_bind+0x423/0x800 net/rds/bind.c:247
 __sys_bind+0x239/0x290 net/socket.c:1647
 __do_sys_bind net/socket.c:1658 [inline]
 __se_sys_bind net/socket.c:1656 [inline]
 __x64_sys_bind+0x73/0xb0 net/socket.c:1656
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4412b9
Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdecc56718 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004412b9
RDX: 0000000000000010 RSI: 0000000020000200 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000402030
R13: 00000000004020c0 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
CR2: 0000000000000000

Crashes (51):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/09/19 19:23 upstream b41dae061bbd eb940044 .config console log report syz C ci-upstream-kasan-gce-root
2019/09/18 15:22 upstream 35f7a9526615 c2dcd700 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/09/18 11:26 upstream 7f2444d38f6b 03e0d245 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/09/18 05:51 upstream 7f2444d38f6b 03e0d245 .config console log report syz C ci-upstream-kasan-gce
2019/09/17 08:56 upstream cef7298262e9 51ca0454 .config console log report syz C ci-upstream-kasan-gce-386
2019/09/14 04:47 net-old 8f6617badcc9 32d59357 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/09/12 12:30 net-old f4b752a6b270 f4e53c10 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/09/18 04:11 net-next-old 1bab8d4c488b 03e0d245 .config console log report syz C ci-upstream-net-kasan-gce
2019/09/23 15:43 linux-next b5b3bd898ba9 1e9788a0 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/09/25 20:54 upstream f41def397161 a3355dba .config console log report ci-upstream-kasan-gce-root
2019/09/25 14:44 upstream 351c8a09b00b e38a6630 .config console log report ci-upstream-kasan-gce-root
2019/09/23 10:00 upstream 619e17cf75dd d96e88f3 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/21 08:26 upstream f97c81dc6ca5 d96e88f3 .config console log report ci-upstream-kasan-gce-root
2019/09/21 02:14 upstream f97c81dc6ca5 d96e88f3 .config console log report ci-upstream-kasan-gce
2019/09/19 05:30 upstream d013cc800a2a 46c0be24 .config console log report ci-upstream-kasan-gce
2019/09/19 02:03 upstream d013cc800a2a 46c0be24 .config console log report ci-upstream-kasan-gce
2019/09/17 10:07 upstream cef7298262e9 51ca0454 .config console log report ci-upstream-kasan-gce-root
2019/09/17 09:09 upstream cef7298262e9 51ca0454 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/16 23:09 upstream 4d856f72c10e cb936299 .config console log report ci-upstream-kasan-gce
2019/09/16 01:56 upstream 1609d7604b84 32d59357 .config console log report ci-upstream-kasan-gce
2019/09/16 00:13 upstream 1609d7604b84 32d59357 .config console log report ci-upstream-kasan-gce
2019/09/15 19:13 upstream 1609d7604b84 32d59357 .config console log report ci-upstream-kasan-gce-root
2019/09/15 18:15 upstream 1609d7604b84 32d59357 .config console log report ci-upstream-kasan-gce
2019/09/15 07:47 upstream 1609d7604b84 32d59357 .config console log report ci-upstream-kasan-gce-smack-root
2019/09/15 06:37 upstream 1609d7604b84 32d59357 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/27 22:49 net-old 2b6fd3ea438c d8074e0b .config console log report ci-upstream-net-this-kasan-gce
2019/09/27 00:47 net-old ca7a03c41753 2f1548bc .config console log report ci-upstream-net-this-kasan-gce
2019/09/25 17:49 net-old 9f5c44cf61a7 a3355dba .config console log report ci-upstream-net-this-kasan-gce
2019/09/22 04:31 net-old 7b09c2d052db d96e88f3 .config console log report ci-upstream-net-this-kasan-gce
2019/09/20 02:52 net-old 280ceaed79f1 4d3ae0b7 .config console log report ci-upstream-net-this-kasan-gce
2019/09/13 19:17 net-old 8f6617badcc9 40fa42bc .config console log report ci-upstream-net-this-kasan-gce
2019/09/12 11:37 net-old f4b752a6b270 f4e53c10 .config console log report ci-upstream-net-this-kasan-gce
2019/09/27 21:05 net-next-old b41dae061bbd d8074e0b .config console log report ci-upstream-net-kasan-gce
2019/09/27 15:01 net-next-old b41dae061bbd d8074e0b .config console log report ci-upstream-net-kasan-gce
2019/09/27 05:06 net-next-old b41dae061bbd 2f1548bc .config console log report ci-upstream-net-kasan-gce
2019/09/26 03:12 net-next-old b41dae061bbd a3355dba .config console log report ci-upstream-net-kasan-gce
2019/09/25 22:43 net-next-old b41dae061bbd a3355dba .config console log report ci-upstream-net-kasan-gce
2019/09/25 06:54 net-next-old b41dae061bbd e38a6630 .config console log report ci-upstream-net-kasan-gce
2019/09/24 22:39 net-next-old b41dae061bbd 0942eab8 .config console log report ci-upstream-net-kasan-gce
2019/09/23 11:29 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/23 10:54 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/22 19:28 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/21 20:01 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/21 16:56 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/21 07:26 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/20 17:35 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/20 17:35 net-next-old b41dae061bbd d96e88f3 .config console log report ci-upstream-net-kasan-gce
2019/09/18 08:56 net-next-old 1bab8d4c488b 03e0d245 .config console log report ci-upstream-net-kasan-gce
2019/09/18 05:58 net-next-old 1bab8d4c488b 03e0d245 .config console log report ci-upstream-net-kasan-gce
2019/09/22 12:32 linux-next b5b3bd898ba9 d96e88f3 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/19 20:35 linux-next eb2f12732f67 eb940044 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.