syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in pppol2tp_connect

Status: auto-closed as invalid on 2019/02/22 13:19
First crash: 2153d, last: 2086d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in pppol2tp_connect net C 1025 2241d 2290d 4/26 fixed on 2018/03/06 13:29
android-44 general protection fault in pppol2tp_connect syz 10 2072d 1838d 0/2 public: reported syz repro on 2019/04/14 00:02

Sample crash report:
binder: undelivered TRANSACTION_ERROR: 29201
binder: 15144:15146 BC_CLEAR_DEATH_NOTIFICATION invalid ref 3
binder: 15144:15146 got reply transaction with no transaction stack
binder: 15144:15146 transaction failed 29201/-71, size 0-0 line 2921
binder: undelivered TRANSACTION_ERROR: 29201
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 15117 Comm: syz-executor2 Not tainted 4.9.118-g47b77b8 #72
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d3031800 task.stack: ffff8801afab8000
RIP: 0010:[<ffffffff836c8557>]  [<ffffffff836c8557>] __read_once_size include/linux/compiler.h:243 [inline]
RIP: 0010:[<ffffffff836c8557>]  [<ffffffff836c8557>] sk_dst_get include/net/sock.h:1695 [inline]
RIP: 0010:[<ffffffff836c8557>]  [<ffffffff836c8557>] pppol2tp_connect+0x857/0x18f0 net/l2tp/l2tp_ppp.c:746
RSP: 0018:ffff8801afabfb70  EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801cfd38000 RCX: ffffc90005d08000
RDX: 000000000000003b RSI: ffffffff836c853f RDI: 00000000000001d8
RBP: ffff8801afabfd20 R08: ffff8801d3032110 R09: 0000000000000001
R10: ffff8801d3031800 R11: 1ffff1003a60641d R12: ffff8801cd162a80
R13: 0000000000000000 R14: ffff8801cfd39680 R15: 0000000000000000
FS:  00007f3d47735700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2a7624000 CR3: 000000018bbc7000 CR4: 00000000001606f0
Stack:
 ffffffff836c84e0 0000000300000020 ffff8801afabfc78 ffff8801cfd38198
 ffff8801cd162e50 ffff8801cd162a92 1ffff10035f57f77 ffff8801cfd39800
 ffff8801cd162ab0 0000000041b58ab3 ffffffff84429e18 ffffffff836c7d00
Call Trace:
 [<ffffffff83019958>] SYSC_connect+0x1b8/0x300 net/socket.c:1563
 [<ffffffff8301c224>] SyS_connect+0x24/0x30 net/socket.c:1544
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff839fca93>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: fd 80 3d b0 3a 58 01 00 0f 84 3e 0b 00 00 e8 71 65 c9 fd 49 8d bd d8 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 1a 0d 00 00 4d 8b b5 d8 01 00 00 e8 83 39 bb 
RIP  [<ffffffff836c8557>] __read_once_size include/linux/compiler.h:243 [inline]
RIP  [<ffffffff836c8557>] sk_dst_get include/net/sock.h:1695 [inline]
RIP  [<ffffffff836c8557>] pppol2tp_connect+0x857/0x18f0 net/l2tp/l2tp_ppp.c:746
 RSP <ffff8801afabfb70>
---[ end trace 1bc463b373b0896b ]---

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/08 15:22 https://android.googlesource.com/kernel/common android-4.9 47b77b8d01c4 ddeb9f8d .config console log report ci-android-49-kasan-gce
2018/06/02 05:52 https://android.googlesource.com/kernel/common android-4.9 d7e64f8022e4 2f93b54f .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.