syzbot

 sign-in | mailing list | source | docs
🐞 Open [988] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12507] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in do_tcp_getsockopt

Status: fixed on 2018/08/07 13:43
Subsystems: net
[Documentation on labels]
Fix commit: 6508b6781be0 tcp: cleanup copied_seq and urg_data in tcp_disconnect
First crash: 2119d, last: 2107d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in do_tcp_getsockopt (2) net C done 1 1498d 1498d 15/26 fixed on 2020/05/10 10:42

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 4567 Comm: syz-executor355 Not tainted 4.18.0-rc3+ #135
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tcp_zerocopy_receive net/ipv4/tcp.c:1796 [inline]
RIP: 0010:do_tcp_getsockopt.isra.43+0x2f9d/0x3c10 net/ipv4/tcp.c:3521
Code: 3c 03 0f 8e 46 08 00 00 89 9d 10 fd ff ff e8 ea b9 15 fb 49 8d be 80 00 00 00 be ff ff 37 00 48 89 f8 48 c1 e6 2a 48 c1 e8 03 <0f> b6 04 30 84 c0 74 08 3c 03 0f 8e cd 06 00 00 48 8b 85 50 fc ff 
RSP: 0018:ffff8801ce7f7860 EFLAGS: 00010202
RAX: 0000000000000010 RBX: 0000000000000000 RCX: ffffffff8666514d
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000080
RBP: ffff8801ce7f7c60 R08: ffff8801d8e5c400 R09: ffffed0038d77507
R10: ffffed0038d77507 R11: ffff8801c6bba83f R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801ce7f79b0
FS:  000000000168d880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005000 CR3: 00000001d8e92000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tcp_getsockopt+0xc1/0xe0 net/ipv4/tcp.c:3547
 sock_common_getsockopt+0x9a/0xe0 net/core/sock.c:2999
 __sys_getsockopt+0x1ad/0x390 net/socket.c:1948
 __do_sys_getsockopt net/socket.c:1959 [inline]
 __se_sys_getsockopt net/socket.c:1956 [inline]
 __x64_sys_getsockopt+0xbe/0x150 net/socket.c:1956
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440279
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007ffd8006ea18 EFLAGS: 00000217 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440279
RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 0000000020000040 R09: 0000000000000080
R10: 0000000020000000 R11: 0000000000000217 R12: 0000000000401b00
R13: 0000000000401b90 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 8eb7b4e3bf25acb4 ]---
RIP: 0010:tcp_zerocopy_receive net/ipv4/tcp.c:1796 [inline]
RIP: 0010:do_tcp_getsockopt.isra.43+0x2f9d/0x3c10 net/ipv4/tcp.c:3521
Code: 3c 03 0f 8e 46 08 00 00 89 9d 10 fd ff ff e8 ea b9 15 fb 49 8d be 80 00 00 00 be ff ff 37 00 48 89 f8 48 c1 e6 2a 48 c1 e8 03 <0f> b6 04 30 84 c0 74 08 3c 03 0f 8e cd 06 00 00 48 8b 85 50 fc ff 
RSP: 0018:ffff8801ce7f7860 EFLAGS: 00010202
RAX: 0000000000000010 RBX: 0000000000000000 RCX: ffffffff8666514d
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 0000000000000080
RBP: ffff8801ce7f7c60 R08: ffff8801d8e5c400 R09: ffffed0038d77507
R10: ffffed0038d77507 R11: ffff8801c6bba83f R12: 0000000000001000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801ce7f79b0
FS:  000000000168d880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005000 CR3: 00000001d8e92000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/07 21:04 upstream 624434af256a ab89aea9 .config console log report syz C ci-upstream-kasan-gce-root
2018/07/07 21:03 upstream 624434af256a ab89aea9 .config console log report syz C ci-upstream-kasan-gce
2018/07/07 20:27 net-old 843789f6dd6a ab89aea9 .config console log report syz C ci-upstream-net-this-kasan-gce
2018/07/07 20:55 net-next-old 005c1c0eac82 ab89aea9 .config console log report syz C ci-upstream-net-kasan-gce
2018/07/08 05:10 linux-next 526674536360 c9a7a4dc .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2018/07/14 04:18 upstream 9d2e34897d8d 92a49505 .config console log report ci-upstream-kasan-gce
2018/07/07 18:51 net-old 843789f6dd6a ab89aea9 .config console log report ci-upstream-net-this-kasan-gce
2018/07/19 19:13 net-next-old 3bc950c34b28 49f35839 .config console log report ci-upstream-net-kasan-gce
2018/07/15 09:13 net-next-old 2aa4a3378ad0 92a49505 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.