syzbot


general protection fault in j1939_sk_sendmsg

Status: upstream: reported syz repro on 2019/11/05 20:02
Reported-by: syzbot+7044ea77452b6f92b4fd@syzkaller.appspotmail.com
First crash: 1063d, last: 1051d

Cause bisection: introduced by (bisect log) :
commit 9d71dd0c70099914fcd063135da3c580865e924c
Author: The j1939 authors <linux-can@vger.kernel.org>
Date: Mon Oct 8 09:48:36 2018 +0000

  can: add support of SAE J1939 protocol

Crash: general protection fault in j1939_sk_sendmsg (log)
Repro: syz .config

Fix bisection: failed (bisect log)
Patch testing requests:
Created Duration User Patch Repo Result
2022/09/10 13:27 15m upstream OK log
2022/09/10 10:27 15m upstream OK log
2022/09/10 07:27 15m upstream report log
2022/09/10 03:27 15m upstream OK log
2022/09/08 15:27 16m upstream OK log
2022/09/08 10:27 16m upstream OK log
2022/09/08 07:27 16m upstream OK log
2022/09/06 17:27 15m upstream OK log
2022/09/06 14:27 15m upstream OK log
2022/09/06 10:27 15m upstream OK log
2022/09/06 06:27 16m upstream OK log
2022/09/05 13:27 16m upstream OK log
2022/09/05 09:27 16m upstream OK log
2022/09/03 14:27 15m net-next OK log
2022/09/03 10:27 15m net-next OK log
2022/09/02 09:27 13m upstream OK log
2022/09/02 06:27 13m net OK log
2022/09/02 01:27 13m net OK log
2022/09/01 22:27 14m net OK log
2022/09/01 19:27 14m net OK log
2022/09/01 15:27 14m net OK log
2020/09/29 19:09 16m anant.thazhemadam@gmail.com upstream OK

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1098 Comm: syz-executor.0 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:j1939_sk_send_loop net/can/j1939/socket.c:988 [inline]
RIP: 0010:j1939_sk_sendmsg+0x6d6/0x1450 net/can/j1939/socket.c:1105
Code: e8 bf f3 f3 fa 48 8b 8d 50 ff ff ff b8 f9 06 00 00 48 81 f9 f9 06 00 00 48 0f 46 c1 48 89 85 60 ff ff ff 48 8b 85 20 ff ff ff <80> 38 00 0f 85 fa 0a 00 00 48 8b 85 40 ff ff ff 48 8b 58 48 48 8b
RSP: 0018:ffff888092307a28 EFLAGS: 00010297
RAX: dffffc0000000009 RBX: 00000000000001f3 RCX: 00000000000001f3
RDX: 0000000000000000 RSI: ffffffff867f3121 RDI: 0000000000000007
RBP: ffff888092307b40 R08: ffff88809d3560c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880a53bc510 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f3aa7aa8700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2855f64000 CR3: 00000000a9a2f000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a219
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3aa7aa7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a219
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3aa7aa86d4
R13: 00000000004c804e R14: 00000000004de4d0 R15: 00000000ffffffff
Modules linked in:
---[ end trace b9d9b67571908ef8 ]---
RIP: 0010:j1939_sk_send_loop net/can/j1939/socket.c:988 [inline]
RIP: 0010:j1939_sk_sendmsg+0x6d6/0x1450 net/can/j1939/socket.c:1105
Code: e8 bf f3 f3 fa 48 8b 8d 50 ff ff ff b8 f9 06 00 00 48 81 f9 f9 06 00 00 48 0f 46 c1 48 89 85 60 ff ff ff 48 8b 85 20 ff ff ff <80> 38 00 0f 85 fa 0a 00 00 48 8b 85 40 ff ff ff 48 8b 58 48 48 8b
RSP: 0018:ffff888092307a28 EFLAGS: 00010297
RAX: dffffc0000000009 RBX: 00000000000001f3 RCX: 00000000000001f3
RDX: 0000000000000000 RSI: ffffffff867f3121 RDI: 0000000000000007
RBP: ffff888092307b40 R08: ffff88809d3560c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880a53bc510 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f3aa7aa8700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2855f64000 CR3: 00000000a9a2f000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (31):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2019/11/10 21:13 upstream 00aff6836241 dc438b91 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/17 01:34 upstream 6c9594bdd474 d5696d51 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/13 18:44 upstream 0e3f1ad80fc8 048f2d49 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/12 11:51 upstream de620fb99ef2 048f2d49 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/12 03:27 upstream 31f4f5b495a6 048f2d49 .config log report syz
ci-upstream-kasan-gce-root 2019/11/11 14:41 upstream 9805a68371ce dc438b91 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/11 14:37 upstream 9805a68371ce dc438b91 .config log report syz
ci-upstream-kasan-gce 2019/11/11 12:39 upstream 9805a68371ce dc438b91 .config log report syz
ci-upstream-kasan-gce-selinux-root 2019/11/10 18:31 upstream 00aff6836241 dc438b91 .config log report syz
ci-upstream-kasan-gce 2019/11/10 15:17 upstream 00aff6836241 dc438b91 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/11/09 13:30 upstream 6737e7634951 dc438b91 .config log report syz
ci-upstream-kasan-gce-root 2019/11/07 10:50 upstream 4dd58158254c d797d201 .config log report syz
ci-upstream-kasan-gce-root 2019/11/05 20:19 upstream a99d8080aaf3 0f3ec414 .config log report syz
ci-upstream-kasan-gce-386 2019/11/11 12:56 upstream 9805a68371ce dc438b91 .config log report syz
ci-upstream-net-this-kasan-gce 2019/11/11 12:46 net dd3d792def0d dc438b91 .config log report syz
ci-upstream-net-this-kasan-gce 2019/11/10 19:35 net dd3d792def0d dc438b91 .config log report syz
ci-upstream-net-this-kasan-gce 2019/11/10 19:11 net dd3d792def0d dc438b91 .config log report syz
ci-upstream-net-this-kasan-gce 2019/11/06 11:10 net fc564e09237f bc2c6e45 .config log report syz
ci-upstream-net-this-kasan-gce 2019/11/05 19:49 net 3d1e5039f5f8 0f3ec414 .config log report syz
ci-upstream-net-kasan-gce 2019/11/11 12:47 net-next 7941af9b38fa dc438b91 .config log report syz
ci-upstream-net-kasan-gce 2019/11/05 22:29 net-next 56c1291ee48b 0f3ec414 .config log report syz
ci-upstream-kasan-gce-root 2019/11/17 03:35 upstream 6c9594bdd474 d5696d51 .config log report
ci-upstream-kasan-gce 2019/11/17 03:31 upstream 6c9594bdd474 d5696d51 .config log report
ci-upstream-net-this-kasan-gce 2019/11/11 21:24 net dd3d792def0d 048f2d49 .config log report
ci-upstream-net-this-kasan-gce 2019/11/11 11:20 net dd3d792def0d dc438b91 .config log report
ci-upstream-net-this-kasan-gce 2019/11/10 14:02 net dd3d792def0d dc438b91 .config log report
ci-upstream-net-this-kasan-gce 2019/11/06 09:19 net fc564e09237f bc2c6e45 .config log report
ci-upstream-net-kasan-gce 2019/11/15 20:04 net-next a98cdaf73e32 cdac920b .config log report
ci-upstream-net-kasan-gce 2019/11/10 13:57 net-next 14684b93019a dc438b91 .config log report
ci-upstream-net-kasan-gce 2019/11/05 18:42 net-next 56c1291ee48b 0f3ec414 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/10 13:59 linux-next 5591cf003452 dc438b91 .config log report
* Struck through repros no longer work on HEAD.