syzbot


general protection fault in l2tp_xmit_skb

Status: auto-closed as invalid on 2019/02/25 11:49
First crash: 2088d, last: 2058d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in l2tp_xmit_skb net 1 1609d 1607d 0/26 auto-closed as invalid on 2020/02/18 21:56

Sample crash report:
ODEBUG: object ffff8801db207ce8 is NOT on stack ffffffff84600000, but annotated
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 14387 Comm: syz-executor5 Not tainted 4.9.124-g09eb2ba #31
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff880198930000 task.stack: ffff880198d80000
RIP: 0010:[<ffffffff81238dcb>]  [<ffffffff81238dcb>] __lock_acquire+0xa1b/0x4070 kernel/locking/lockdep.c:3224
RSP: 0018:ffff880198d876a0  EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000014 RSI: 0000000000000000 RDI: 00000000000000a0
RBP: ffff880198d87848 R08: 0000000000000001 R09: 0000000000000000
R10: ffff880198930000 R11: 0000000000000001 R12: 0000000000000001
R13: 0000000000000000 R14: 00000000000000a0 R15: 0000000000000000
FS:  00007f08a0ecb700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000001702076 CR3: 00000001d3772000 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 0000000000000000 0000000000000000 0000000000000000 0000000000000286
 ffffffffffffff10 ffffffff83a010ff 0000000000000010 0000000000000286
 0000000000000286 ffff880198d87708 ffffffff83a010e5 000000000008e4c0
Call Trace:
 [<ffffffff8123ce90>] lock_acquire+0x130/0x3e0 kernel/locking/lockdep.c:3756
 [<ffffffff83a00d96>] __raw_spin_lock include/linux/spinlock_api_smp.h:144 [inline]
 [<ffffffff83a00d96>] _raw_spin_lock+0x36/0x50 kernel/locking/spinlock.c:151
 [<ffffffff836c3a2b>] spin_lock include/linux/spinlock.h:302 [inline]
 [<ffffffff836c3a2b>] l2tp_xmit_skb+0x38b/0xf30 net/l2tp/l2tp_core.c:1233
 [<ffffffff836cf8b0>] pppol2tp_sendmsg+0x4e0/0x790 net/l2tp/l2tp_ppp.c:339
 [<ffffffff8301e0ac>] sock_sendmsg_nosec net/socket.c:648 [inline]
 [<ffffffff8301e0ac>] sock_sendmsg+0xcc/0x110 net/socket.c:658
 [<ffffffff8301f8ca>] ___sys_sendmsg+0x47a/0x840 net/socket.c:1982
 [<ffffffff83021e31>] __sys_sendmmsg+0x161/0x3d0 net/socket.c:2072
 [<ffffffff830220d5>] SYSC_sendmmsg net/socket.c:2103 [inline]
 [<ffffffff830220d5>] SyS_sendmmsg+0x35/0x60 net/socket.c:2098
 [<ffffffff81006316>] do_syscall_64+0x1a6/0x490 arch/x86/entry/common.c:282
 [<ffffffff83a019d3>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 25 28 00 00 00 0f 85 17 27 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 51 27 00 00 49 81 3e 60 ac e9 84 0f 84 08 f7 
RIP  [<ffffffff81238dcb>] __lock_acquire+0xa1b/0x4070 kernel/locking/lockdep.c:3224
 RSP <ffff880198d876a0>
---[ end trace 80c45dcf4172afbe ]---

Crashes (12):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/29 11:47 https://android.googlesource.com/kernel/common android-4.9 09eb2ba5ed0c 53ff8784 .config console log report ci-android-49-kasan-gce-root
2018/08/23 18:54 https://android.googlesource.com/kernel/common android-4.9 7fa8c15e72a4 95b5c82b .config console log report ci-android-49-kasan-gce
2018/08/19 12:56 https://android.googlesource.com/kernel/common android-4.9 54068d61e7d8 2dc4378f .config console log report ci-android-49-kasan-gce
2018/08/14 17:14 https://android.googlesource.com/kernel/common android-4.9 9dc978d43ec7 5084a625 .config console log report ci-android-49-kasan-gce
2018/08/12 21:55 https://android.googlesource.com/kernel/common android-4.9 9dc978d43ec7 7a88b141 .config console log report ci-android-49-kasan-gce
2018/08/09 23:56 https://android.googlesource.com/kernel/common android-4.9 92e87041ed2d 1fb62d58 .config console log report ci-android-49-kasan-gce
2018/08/07 13:19 https://android.googlesource.com/kernel/common android-4.9 47b77b8d01c4 1beb8136 .config console log report ci-android-49-kasan-gce-root
2018/08/05 11:55 https://android.googlesource.com/kernel/common android-4.9 8b21e85d919c 1beb8136 .config console log report ci-android-49-kasan-gce-root
2018/08/04 00:58 https://android.googlesource.com/kernel/common android-4.9 8b21e85d919c df7f6947 .config console log report ci-android-49-kasan-gce-root
2018/08/03 11:11 https://android.googlesource.com/kernel/common android-4.9 8b21e85d919c cc4f6d0a .config console log report ci-android-49-kasan-gce-root
2018/07/31 16:43 https://android.googlesource.com/kernel/common android-4.9 90e7a9002952 1a381291 .config console log report ci-android-49-kasan-gce-root
2018/07/30 07:45 https://android.googlesource.com/kernel/common android-4.9 990559158c7b 1a381291 .config console log report ci-android-49-kasan-gce-root
* Struck through repros no longer work on HEAD.