syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: unable to handle kernel paging request in xfrm_hash_rebuild

Status: public: reported C repro on 2019/04/14 00:00
Reported-by: syzbot+7713b4cdb89b723d4557@syzkaller.appspotmail.com
First crash: 2247d, last: 2247d

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read, 111 bits of entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 117 bits of entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 123 bits of entropy available)
IPVS: Creating netns size=2552 id=1
BUG: unable to handle kernel paging request at ffffed00c86eb8d0
IP: [<ffffffff832a520b>] xfrm_hash_rebuild+0x47b/0xa80 net/xfrm/xfrm_policy.c:633
PGD 21ff6a067 PUD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 1771 Comm: kworker/0:2 Not tainted 4.4.119-g024f962 #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events xfrm_hash_rebuild
task: ffff8800b73fe000 task.stack: ffff8800b6800000
RIP: 0010:[<ffffffff832a520b>]  [<ffffffff832a520b>] xfrm_hash_rebuild+0x47b/0xa80 net/xfrm/xfrm_policy.c:633
RSP: 0018:ffff8800b6807bb8  EFLAGS: 00010a02
RAX: 1ffff100c86eb8d0 RBX: dffffc0000000000 RCX: ffffffff832a31e2
RDX: 0000000000000000 RSI: ffff8800bb2d8000 RDI: ffff8800bb2d9680
RBP: ffff8800b6807c40 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 1ffff10016d00f3e R12: ffff8800bba44c80
R13: ffff88064375c680 R14: ffff8800bb2d96b8 R15: 0000000000000002
FS:  0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed00c86eb8d0 CR3: 00000000bb136000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff8117fd37 ffff8800bb2d9758 ffffed001765b2c9 ffff8800bb2d964c
 ffff8800bb2d99f8 ffff8800bb2d9618 ffff8800bb2d9780 80ff8801db21eb40
 ffff8800bb2d95f8 ffff8800bb2d8000 0000000000000200 ffff8800bb2d96b8
Call Trace:
 [<ffffffff8117fd37>] process_one_work+0x7d7/0x16e0 kernel/workqueue.c:2064
 [<ffffffff81180d19>] worker_thread+0xd9/0xfc0 kernel/workqueue.c:2196
 [<ffffffff81190788>] kthread+0x268/0x300 kernel/kthread.c:211
 [<ffffffff83773a45>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:506
Code: 7c 08 84 d2 0f 85 ca 05 00 00 48 8b 7d c0 49 8d b4 24 f4 00 00 00 41 0f b7 94 24 74 02 00 00 e8 ec de ff ff 49 89 c5 48 c1 e8 03 <80> 3c 18 00 0f 85 e2 05 00 00 49 8b 55 00 49 8d 44 24 08 48 89 
RIP  [<ffffffff832a520b>] xfrm_hash_rebuild+0x47b/0xa80 net/xfrm/xfrm_policy.c:633
 RSP <ffff8800b6807bb8>
CR2: ffffed00c86eb8d0
---[ end trace 53b80935cac87515 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/03/01 13:40 https://android.googlesource.com/kernel/common android-4.4 024f962d4b24 c4089507 .config console log report syz C ci-android-44-kasan-gce
2018/03/01 13:19 https://android.googlesource.com/kernel/common android-4.4 024f962d4b24 c4089507 .config console log report ci-android-44-kasan-gce
* Struck through repros no longer work on HEAD.