syzbot


general protection fault in tls_sk_proto_close

Status: fixed on 2019/08/27 17:15
Reported-by: syzbot+fb2a31b9c0676ea410e3@syzkaller.appspotmail.com
Fix commit: 5d92e631b8be net/tls: partially revert fix transition through disconnect with close
First crash: 1927d, last: 1893d
Cause bisection: the cause commit could be any of (bisect log):
  1243a51f6c05 tcp, ulp: remove ulp bits from sockmap
  604326b41a6f bpf, sockmap: convert to generic sk_msg interface
  
Discussions (1)
Title Replies (including bot) Last reply
general protection fault in tls_sk_proto_close 0 (1) 2019/07/26 09:28
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in tls_sk_proto_close (2) net syz error 246 1874d 1892d 13/28 fixed on 2019/10/09 10:54
linux-4.19 general protection fault in tls_sk_proto_close C error 2 1134d 1341d 0/1 upstream: reported C repro on 2021/03/01 13:43
upstream general protection fault in tls_sk_proto_close (3) net C done 276 865d 1264d 22/28 fixed on 2023/02/24 13:50

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 10600 Comm: syz-executor.5 Not tainted 5.3.0-rc5+ #118
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tls_sk_proto_close+0xe5/0x990 net/tls/tls_main.c:298
Code: 0f 85 3f 08 00 00 49 8b 84 24 c0 02 00 00 4d 8d 75 14 4c 89 f2 48 c1 ea 03 48 89 85 50 ff ff ff 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 02 4c 89 f2 83 e2 07 38 d0 7f 08 84 c0 0f 85 2e 06 00 00
RSP: 0018:ffff88809a407b90 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff862c98db
RDX: 0000000000000002 RSI: ffffffff862c9639 RDI: ffff8880a79a6f40
RBP: ffff88809a407c48 R08: ffff888099bd44c0 R09: ffffed1014f34da2
R10: ffffed1014f34da1 R11: ffff8880a79a6d0b R12: ffff8880a79a6c80
R13: 0000000000000000 R14: 0000000000000014 R15: 0000000000000001
FS:  0000555556a9d940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000780000 CR3: 000000009fd25000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tls_sk_proto_close+0x35b/0x990 net/tls/tls_main.c:321
 tcp_bpf_close+0x17c/0x390 net/ipv4/tcp_bpf.c:582
 inet_release+0xed/0x200 net/ipv4/af_inet.c:427
 inet6_release+0x53/0x80 net/ipv6/af_inet6.c:470
 __sock_release+0xce/0x280 net/socket.c:590
 sock_close+0x1e/0x30 net/socket.c:1268
 __fput+0x2ff/0x890 fs/file_table.c:280
 ____fput+0x16/0x20 fs/file_table.c:313
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x5a9/0x6a0 arch/x86/entry/common.c:299
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x413511
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffe9c57deb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000413511
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
RBP: 0000000000000001 R08: ffffffffffffffff R09: ffffffffffffffff
R10: 00007ffe9c57df90 R11: 0000000000000293 R12: 000000000075c9a0
R13: 000000000075c9a0 R14: 0000000000761178 R15: ffffffffffffffff
Modules linked in:
---[ end trace 6d40d9a378838e67 ]---
RIP: 0010:tls_sk_proto_close+0xe5/0x990 net/tls/tls_main.c:298
Code: 0f 85 3f 08 00 00 49 8b 84 24 c0 02 00 00 4d 8d 75 14 4c 89 f2 48 c1 ea 03 48 89 85 50 ff ff ff 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 02 4c 89 f2 83 e2 07 38 d0 7f 08 84 c0 0f 85 2e 06 00 00
RSP: 0018:ffff88809a407b90 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff862c98db
RDX: 0000000000000002 RSI: ffffffff862c9639 RDI: ffff8880a79a6f40
RBP: ffff88809a407c48 R08: ffff888099bd44c0 R09: ffffed1014f34da2
R10: ffffed1014f34da1 R11: ffff8880a79a6d0b R12: ffff8880a79a6c80
R13: 0000000000000000 R14: 0000000000000014 R15: 0000000000000001
FS:  0000555556a9d940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000070f158 CR3: 000000009fd25000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (260):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/08/20 17:16 upstream 5f97cbe22b76 cfc9868f .config console log report syz ci-upstream-kasan-gce-root
2019/08/16 11:08 upstream a69e90512d9d 8fd428a1 .config console log report syz ci-upstream-kasan-gce-root
2019/08/10 06:40 upstream 7f20fd23377a acb51638 .config console log report syz ci-upstream-kasan-gce-root
2019/08/10 03:14 upstream 7f20fd23377a acb51638 .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/08/20 07:07 net-old cfef46d692ef ee12860b .config console log report syz ci-upstream-net-this-kasan-gce
2019/08/16 08:02 net-old 2aafdf5a5786 8fd428a1 .config console log report syz ci-upstream-net-this-kasan-gce
2019/08/20 04:17 net-next-old 20e79a0a2cfd ee12860b .config console log report syz ci-upstream-net-kasan-gce
2019/08/14 02:21 net-next-old 53f6f391786e ef801a3e .config console log report syz ci-upstream-net-kasan-gce
2019/08/09 23:34 net-next-old fcc32a21655e ede31a9b .config console log report syz ci-upstream-net-kasan-gce
2019/08/07 17:02 net-next-old 13dfb3fa4943 cdde7486 .config console log report syz ci-upstream-net-kasan-gce
2019/08/06 07:13 linux-next b1645c0cbd48 6affd8e8 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/08/01 04:30 linux-next ce96e791d6a7 c692b5bd .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/31 09:01 linux-next 70f4b4ac1655 7c7ded69 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/31 08:10 linux-next 70f4b4ac1655 7c7ded69 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/30 03:57 linux-next 0d8b3265d9a6 f67095ee .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/25 01:18 linux-next 9e6dfe8045f8 32329ceb .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/08/27 05:47 upstream a55aa89aab90 d21c5d9d .config console log report ci-upstream-kasan-gce-smack-root
2019/08/27 03:14 upstream a55aa89aab90 d21c5d9d .config console log report ci-upstream-kasan-gce-root
2019/08/26 20:56 upstream a55aa89aab90 d21c5d9d .config console log report ci-upstream-kasan-gce-root
2019/08/22 21:06 upstream bb7ba8069de9 d003d6d0 .config console log report ci-upstream-kasan-gce-selinux-root
2019/08/22 05:54 upstream bb7ba8069de9 984250d5 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/21 13:18 upstream 15d90b242290 4ea67ff8 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/27 15:48 net-old f53a7ad18959 d21c5d9d .config console log report ci-upstream-net-this-kasan-gce
2019/08/27 11:59 net-old f53a7ad18959 d21c5d9d .config console log report ci-upstream-net-this-kasan-gce
2019/08/27 08:02 net-old f53a7ad18959 d21c5d9d .config console log report ci-upstream-net-this-kasan-gce
2019/08/26 10:42 net-old f53a7ad18959 d21c5d9d .config console log report ci-upstream-net-this-kasan-gce
2019/08/25 19:41 net-old e0e6d0628225 d21c5d9d .config console log report ci-upstream-net-this-kasan-gce
2019/08/24 16:17 net-old 211c46245215 78ded196 .config console log report ci-upstream-net-this-kasan-gce
2019/08/23 02:54 net-old cc07db5a5b10 d003d6d0 .config console log report ci-upstream-net-this-kasan-gce
2019/08/22 14:41 net-old aad12c239418 984250d5 .config console log report ci-upstream-net-this-kasan-gce
2019/08/22 03:07 net-old aad12c239418 984250d5 .config console log report ci-upstream-net-this-kasan-gce
2019/08/21 16:06 net-old a1c4cd67840e 4ea67ff8 .config console log report ci-upstream-net-this-kasan-gce
2019/08/20 23:47 net-old 1edfb8ed6cc1 cfc9868f .config console log report ci-upstream-net-this-kasan-gce
2019/08/20 01:27 net-old cfef46d692ef ee12860b .config console log report ci-upstream-net-this-kasan-gce
2019/08/18 22:59 net-old 4a4d2d372fb9 55bf8926 .config console log report ci-upstream-net-this-kasan-gce
2019/08/27 10:15 net-next-old 3c95e5013b7f d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/27 04:15 net-next-old 3c95e5013b7f d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/26 19:24 net-next-old 0846e1616f0f d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/26 08:43 net-next-old 0846e1616f0f d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/26 02:59 net-next-old c1236979b4d2 d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/26 01:48 net-next-old c1236979b4d2 d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/25 13:46 net-next-old f3acd33d840d d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/25 04:13 net-next-old f3acd33d840d d21c5d9d .config console log report ci-upstream-net-kasan-gce
2019/08/24 19:43 net-next-old d4ed7463d02a 78ded196 .config console log report ci-upstream-net-kasan-gce
2019/08/24 12:18 net-next-old d4ed7463d02a 78ded196 .config console log report ci-upstream-net-kasan-gce
2019/08/24 04:45 net-next-old 87cade2997c9 78ded196 .config console log report ci-upstream-net-kasan-gce
2019/08/23 12:45 net-next-old 6d24e1414005 ca6f3cfa .config console log report ci-upstream-net-kasan-gce
2019/08/23 00:51 net-next-old fed07ef3b072 d003d6d0 .config console log report ci-upstream-net-kasan-gce
2019/08/22 23:07 net-next-old fed07ef3b072 d003d6d0 .config console log report ci-upstream-net-kasan-gce
2019/08/21 20:16 net-next-old ac2eb56e7504 4ea67ff8 .config console log report ci-upstream-net-kasan-gce
2019/08/21 11:51 net-next-old ac2eb56e7504 4ea67ff8 .config console log report ci-upstream-net-kasan-gce
2019/08/21 03:11 net-next-old 932630fa9028 cfc9868f .config console log report ci-upstream-net-kasan-gce
2019/08/20 19:49 net-next-old 932630fa9028 cfc9868f .config console log report ci-upstream-net-kasan-gce
2019/08/20 14:49 net-next-old 932630fa9028 cfc9868f .config console log report ci-upstream-net-kasan-gce
2019/08/20 07:04 net-next-old 20e79a0a2cfd ee12860b .config console log report ci-upstream-net-kasan-gce
2019/08/19 22:04 net-next-old 20e79a0a2cfd ee12860b .config console log report ci-upstream-net-kasan-gce
2019/08/19 19:45 net-next-old 20e79a0a2cfd ee12860b .config console log report ci-upstream-net-kasan-gce
2019/08/19 14:39 net-next-old 10086b345385 b8ceabfc .config console log report ci-upstream-net-kasan-gce
2019/08/19 13:31 net-next-old 10086b345385 b8ceabfc .config console log report ci-upstream-net-kasan-gce
2019/08/19 11:17 net-next-old 10086b345385 b8ceabfc .config console log report ci-upstream-net-kasan-gce
2019/08/19 07:05 net-next-old 10086b345385 b8ceabfc .config console log report ci-upstream-net-kasan-gce
2019/08/19 00:08 net-next-old 10086b345385 55bf8926 .config console log report ci-upstream-net-kasan-gce
2019/08/18 20:20 net-next-old d83d508b74c4 55bf8926 .config console log report ci-upstream-net-kasan-gce
2019/08/18 18:23 net-next-old d83d508b74c4 55bf8926 .config console log report ci-upstream-net-kasan-gce
2019/08/22 12:35 linux-next a34a6117538e 984250d5 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.