syzbot


general protection fault in scatterwalk_map_and_copy

Status: auto-closed as invalid on 2019/12/31 12:29
Reported-by: syzbot+b4fe4bd679770c7dc441@syzkaller.appspotmail.com
First crash: 1026d, last: 1026d

Sample crash report:
 SYSC_sendfile64 fs/read_write.c:1502 [inline]
 SyS_sendfile64+0x102/0x110 fs/read_write.c:1488
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x459879
CPU: 1 PID: 23711 Comm: syz-executor.3 Not tainted 4.14.141 #37
RSP: 002b:00007f0e97312c78 EFLAGS: 00000246
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ORIG_RAX: 0000000000000028
task: ffff888062514340 task.stack: ffff888048c60000
RAX: ffffffffffffffda RBX: 00007f0e97312c90 RCX: 0000000000459879
RIP: 0010:scatterwalk_start include/crypto/scatterwalk.h:86 [inline]
RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline]
RIP: 0010:scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline]
RIP: 0010:scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RSP: 0018:ffff888048c67648 EFLAGS: 00010202
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000040d09 R11: 0000000000000246 R12: 00007f0e973136d4
RAX: dffffc0000000000 RBX: 0000000000001000 RCX: ffffc9001433f000
R13: 00000000004c7065 R14: 00000000004dc6d0 R15: 0000000000000006
RDX: 0000000000000002 RSI: ffffffff82d55709 RDI: ffff88806462f5a8
RBP: ffff888048c676b8 R08: ffffed100c8ae7da R09: 0000000000000002
R10: ffffed100c8ae7d9 R11: ffff888064573ecc R12: 0000000000001000
R13: 0000000000000000 R14: ffff888048c67710 R15: 0000000000003000
FS:  00007fda0ba05700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b31f27000 CR3: 00000000a52fa000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
CPU: 0 PID: 23707 Comm: syz-executor.2 Not tainted 4.14.141 #37
Call Trace:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 scatterwalk_map_and_copy crypto/scatterwalk.c:72 [inline]
 scatterwalk_map_and_copy+0x12f/0x1d0 crypto/scatterwalk.c:60
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x197 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10f/0x159 lib/fault-inject.c:149
 should_failslab+0xdb/0x130 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3376 [inline]
 kmem_cache_alloc+0x47/0x780 mm/slab.c:3550
 gcmaes_encrypt.constprop.0+0x1d2/0xb90 arch/x86/crypto/aesni-intel_glue.c:778
 skb_clone+0x129/0x320 net/core/skbuff.c:1282
 __skb_tstamp_tx+0x35f/0x640 net/core/skbuff.c:4367
 generic_gcmaes_encrypt+0xf4/0x130 arch/x86/crypto/aesni-intel_glue.c:1111
 __dev_queue_xmit+0x181f/0x25e0 net/core/dev.c:3460
 crypto_aead_encrypt include/crypto/aead.h:330 [inline]
 gcmaes_wrapper_encrypt+0xef/0x150 arch/x86/crypto/aesni-intel_glue.c:945
 crypto_aead_encrypt include/crypto/aead.h:330 [inline]
 tls_do_encryption net/tls/tls_sw.c:234 [inline]
 tls_push_record+0x906/0x1210 net/tls/tls_sw.c:270
 tls_sw_sendpage+0x434/0xb50 net/tls/tls_sw.c:617
 dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
 inet_sendpage+0x157/0x580 net/ipv4/af_inet.c:779
 packet_snd net/packet/af_packet.c:2993 [inline]
 packet_sendmsg+0x1de0/0x5a70 net/packet/af_packet.c:3018
 kernel_sendpage+0x92/0xf0 net/socket.c:3406
 sock_sendpage+0x8b/0xc0 net/socket.c:871
 pipe_to_sendpage+0x242/0x340 fs/splice.c:451
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 splice_from_pipe_feed fs/splice.c:502 [inline]
 __splice_from_pipe+0x348/0x780 fs/splice.c:626
 ___sys_sendmsg+0x349/0x840 net/socket.c:2062
 splice_from_pipe+0xf0/0x150 fs/splice.c:661
 generic_splice_sendpage+0x3c/0x50 fs/splice.c:832
 do_splice_from fs/splice.c:851 [inline]
 do_splice fs/splice.c:1147 [inline]
 SYSC_splice fs/splice.c:1402 [inline]
 SyS_splice+0xd92/0x1430 fs/splice.c:1382
 __sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
 SYSC_sendmmsg net/socket.c:2183 [inline]
 SyS_sendmmsg+0x35/0x60 net/socket.c:2178
RIP: 0033:0x459879
RSP: 002b:00007fda0ba04c78 EFLAGS: 00000246
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000459879
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RBP: 000000000075bf20 R08: 0000000100000000 R09: 0000000000000000
RIP: 0033:0x459879
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fda0ba056d4
RSP: 002b:00007feaaa924c78 EFLAGS: 00000246
R13: 00000000004c907b R14: 00000000004df4f0 R15: 00000000ffffffff
 ORIG_RAX: 0000000000000133
Code: 
RAX: ffffffffffffffda RBX: 00007feaaa924c90 RCX: 0000000000459879
RDX: 000000000400004e RSI: 0000000020000d00 RDI: 0000000000000005
00 
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
00 
R10: 0000000000000000 R11: 0000000000000246 R12: 00007feaaa9256d4
fc 
R13: 00000000004c706e R14: 00000000004dc6e8 R15: 0000000000000006
ff df 80 3c 02 00 0f 85 37 01 00 00 49 8d 45 10 4d 89 2e 48 89 c2 48 89 45 c0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 7d 01 00 00 48 b8 00 00 00 
RIP: scatterwalk_start include/crypto/scatterwalk.h:86 [inline] RSP: ffff888048c67648
RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:111 [inline] RSP: ffff888048c67648
RIP: scatterwalk_pagedone include/crypto/scatterwalk.h:95 [inline] RSP: ffff888048c67648
RIP: scatterwalk_copychunks+0x4d6/0x6b0 crypto/scatterwalk.c:55 RSP: ffff888048c67648
kobject: 'loop4' (ffff8880a4a577e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a4a577e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
---[ end trace e72752ec8a61adb8 ]---

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2019/09/02 12:28 linux-4.14.y 01fd1694b93c db7c31ca .config log report