syzbot


general protection fault in skb_put

Status: auto-obsoleted due to no activity on 2022/09/23 14:24
Subsystems: bluetooth
[Documentation on labels]
Reported-by: syzbot+65788f9af9d54844389e@syzkaller.appspotmail.com
First crash: 1870d, last: 1288d
Cause bisection: introduced by (bisect log) :
commit 97faec531460c949d7120672b8c77e2f41f8d6d7
Author: James Smart <jsmart2021@gmail.com>
Date: Thu Sep 13 23:17:38 2018 +0000

  nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device

Crash: general protection fault in corrupted (log)
Repro: C syz .config
  
Fix bisection: failed (error log, bisect log)
  
Discussions (4)
Title Replies (including bot) Last reply
Reminder: 29 open syzbot bugs in bluetooth subsystem 1 (1) 2019/07/24 01:41
Reminder: 29 open syzbot bugs in bluetooth subsystem 1 (1) 2019/07/09 19:07
Reminder: 27 open syzbot bugs in bluetooth subsystem 1 (1) 2019/06/24 05:14
general protection fault in skb_put 4 (6) 2019/03/12 17:46
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in skb_put C error 70 1041d 1793d 0/1 upstream: reported C repro on 2019/04/22 01:02
linux-4.19 general protection fault in skb_put C error 32 914d 1792d 0/1 upstream: reported C repro on 2019/04/23 05:25
Last patch testing requests (7)
Created Duration User Patch Repo Result
2022/09/23 12:30 16m retest repro upstream OK log
2022/09/22 03:29 16m retest repro linux-next OK log
2022/09/22 01:29 20m retest repro linux-next OK log
2022/09/21 22:29 19m retest repro linux-next OK log
2022/09/20 21:29 16m retest repro upstream OK log
2022/09/20 17:29 18m retest repro upstream OK log
2022/09/20 14:29 19m retest repro upstream OK log

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9530 Comm: syz-executor453 Not tainted 5.2.0+ #62
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:skb_put+0x35/0x1d0 /net/core/skbuff.c:1861
Code: 89 f5 41 54 49 89 fc 53 4d 8d b4 24 b8 00 00 00 48 83 ec 08 e8 2c 5d e2 fb 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 4c
RSP: 0018:ffff88808267f9d8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff88808267fb98 RCX: dffffc0000000000
RDX: 0000000000000017 RSI: ffffffff85902404 RDI: 0000000000000000
RBP: ffff88808267fa08 R08: ffff8880937c4440 R09: ffffed10147f5581
R10: ffffed10147f5580 R11: ffff8880a3faac07 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000000000b8 R15: ffff8880a3faac00
FS:  0000555556b6b940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006dbe70 CR3: 00000000a8094000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 skb_put_data /./include/linux/skbuff.h:2213 [inline]
 h5_unslip_one_byte /drivers/bluetooth/hci_h5.c:521 [inline]
 h5_recv+0x3c2/0x500 /drivers/bluetooth/hci_h5.c:557
 hci_uart_tty_receive+0x279/0x790 /drivers/bluetooth/hci_ldisc.c:600
 tiocsti /drivers/tty/tty_io.c:2197 [inline]
 tty_ioctl+0x949/0x14f0 /drivers/tty/tty_io.c:2573
 vfs_ioctl /fs/ioctl.c:46 [inline]
 file_ioctl /fs/ioctl.c:509 [inline]
 do_vfs_ioctl+0xdb6/0x13e0 /fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 /fs/ioctl.c:713
 __do_sys_ioctl /fs/ioctl.c:720 [inline]
 __se_sys_ioctl /fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 /fs/ioctl.c:718
 do_syscall_64+0xfd/0x6a0 /arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x444959
Code: e8 0c 0c 03 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff24d334f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000444959
RDX: 0000000020000080 RSI: 0000000000005412 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00000000000101aa R09: 0000000000000003
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000068
R13: 0000000000405760 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 8f7fed2544749562 ]---
RIP: 0010:skb_put+0x35/0x1d0 /net/core/skbuff.c:1861
Code: 89 f5 41 54 49 89 fc 53 4d 8d b4 24 b8 00 00 00 48 83 ec 08 e8 2c 5d e2 fb 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 4c 89 f0 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 4c
RSP: 0018:ffff88808267f9d8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff88808267fb98 RCX: dffffc0000000000
RDX: 0000000000000017 RSI: ffffffff85902404 RDI: 0000000000000000
RBP: ffff88808267fa08 R08: ffff8880937c4440 R09: ffffed10147f5581
R10: ffffed10147f5580 R11: ffff8880a3faac07 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000000000b8 R15: ffff8880a3faac00
FS:  0000555556b6b940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006dbe70 CR3: 00000000a8094000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (43):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/20 05:06 upstream 3bfe1fc46794 1656845f .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/04/22 18:17 upstream 085b7755808a 0a77c33c .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/06/10 15:00 linux-next 3f310e51ceb1 0159583c .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/02/04 07:20 linux-next dc4c89997735 c198d5dd .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/04/26 13:21 upstream b2768df24ec4 99b258dd .config console log report syz ci-upstream-kasan-gce-selinux-root
2020/04/24 19:13 upstream b4f633221f0a 03d97a1b .config console log report syz ci-upstream-kasan-gce-root
2020/04/27 08:08 linux-next ac935d227366 0ce7569e .config console log report syz ci-upstream-linux-next-kasan-gce-root
2020/09/08 03:15 upstream f4d51dffc6c0 abf9ba4f .config console log report ci-upstream-kasan-gce-root
2020/07/13 20:38 upstream 11ba468877bb f90ec899 .config console log report ci-upstream-kasan-gce-root
2020/07/06 13:20 upstream 7cc2a8ea1048 51095195 .config console log report ci-upstream-kasan-gce-root
2020/04/17 04:42 upstream 9786cab67457 c743fcb3 .config console log report ci-upstream-kasan-gce-root
2020/04/09 11:26 upstream ae46d2aa6a7f a8c6a3f8 .config console log report ci-upstream-kasan-gce-smack-root
2020/03/03 08:24 upstream 63623fd44972 c88c7b75 .config console log report ci-upstream-kasan-gce-root
2020/02/14 21:47 upstream b19e8c684703 5d7b90f1 .config console log report ci-upstream-kasan-gce-selinux-root
2020/01/21 21:14 upstream d96d875ef5dd 8eda0b95 .config console log report ci-upstream-kasan-gce-root
2020/01/21 20:34 upstream d96d875ef5dd 8eda0b95 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/09 08:00 upstream e42617b825f8 1508f453 .config console log report ci-upstream-kasan-gce-root
2019/09/14 23:37 upstream a7f89616b737 32d59357 .config console log report ci-upstream-kasan-gce-root
2019/09/14 23:35 upstream a7f89616b737 32d59357 .config console log report ci-upstream-kasan-gce-smack-root
2019/08/22 15:15 upstream bb7ba8069de9 984250d5 .config console log report ci-upstream-kasan-gce-root
2019/06/27 04:25 upstream 249155c20f9b 7509bf36 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/21 21:46 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/17 18:51 upstream 9e0babf2c06c 442206d7 .config console log report ci-upstream-kasan-gce-smack-root
2019/06/16 14:27 upstream e01e060fe00d 442206d7 .config console log report ci-upstream-kasan-gce-smack-root
2019/04/30 17:07 upstream 83a50840e72a 20f16bef .config console log report ci-upstream-kasan-gce-root
2019/04/28 16:09 upstream 037904a22bf8 b617407b .config console log report ci-upstream-kasan-gce-selinux-root
2019/04/27 03:30 upstream d0473f978e61 b617407b .config console log report ci-upstream-kasan-gce-smack-root
2019/04/24 04:11 upstream 7142eaa58b49 4d3d6a50 .config console log report ci-upstream-kasan-gce-smack-root
2019/04/21 09:35 upstream 9e5de623a0cb b0e8efcb .config console log report ci-upstream-kasan-gce-smack-root
2019/04/18 20:35 upstream e53f31bffe1d b0e8efcb .config console log report ci-upstream-kasan-gce-smack-root
2019/03/25 21:27 upstream 8c2ffd917477 2c86e0a5 .config console log report ci-upstream-kasan-gce-selinux-root
2019/03/24 22:36 upstream 1bdd3dbfff7a acbc5b7d .config console log report ci-upstream-kasan-gce-selinux-root
2019/03/21 00:16 upstream babf09c3837f a664c187 .config console log report ci-upstream-kasan-gce-smack-root
2019/03/15 22:41 upstream f261c4e529da bab43553 .config console log report ci-upstream-kasan-gce-root
2019/03/09 12:19 upstream 3601fe43e816 12365b99 .config console log report ci-upstream-kasan-gce-root
2019/03/09 10:35 upstream 3601fe43e816 12365b99 .config console log report ci-upstream-kasan-gce-selinux-root
2020/03/11 07:52 linux-next 770fbb32d34e 35f53e45 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/03/03 07:49 linux-next c99b17ac0399 c88c7b75 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/29 15:56 linux-next 7ddd09fc4b74 af6b8ef8 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/10/19 12:33 linux-next c4b9850b3676 8c88c9c1 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/04/15 19:21 linux-next f9221a7a1014 505ab413 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/04 04:05 linux-next dc4c89997735 c198d5dd .config console log report ci-upstream-linux-next-kasan-gce-root
2019/02/04 02:16 linux-next dc4c89997735 c198d5dd .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.