syzbot

 sign-in | mailing list | source | docs
🐞 Open [196] 🐞 Fixed [42] 🐞 Invalid [470] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in sg_remove_scat

Status: fixed on 2018/09/29 16:06
Fix commit: 6505dd1f7f55 scsi: sg: don't return bogus Sg_requests
First crash: 2393d, last: 2210d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-44 general protection fault in sg_remove_scat C 19 2202d 1833d 0/2 public: reported C repro on 2019/04/13 00:00

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 3705 Comm: syzkaller656390 Not tainted 4.9.91-gcc88c05 #69
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801c0bc6000 task.stack: ffff8801c0710000
RIP: 0010:[<ffffffff8266928b>]  [<ffffffff8266928b>] sg_remove_scat.isra.19+0x17b/0x2d0 drivers/scsi/sg.c:1941
RSP: 0018:ffff8801c0717ad0  EFLAGS: 00010202
RAX: 1ffff1003794f02d RBX: ffff8801bca78158 RCX: 0000000000000002
RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffff8801bca5421c
RBP: ffff8801c0717b20 R08: 0000000000000000 R09: ffffed00385afc59
R10: 0000000000000005 R11: ffffed00385afc58 R12: 0000000000000002
R13: 0000000000000010 R14: 0000000000000000 R15: dffffc0000000000
FS:  00007fd2e3ec2700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2e3e7fe78 CR3: 00000001c2794000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801bca78170 ffffed003794f02b ffffed003794f02e ffff8801bca78168
 ffff8801bca54200 ffff8801bca78140 0000000000000000 0000000000000000
 0000000000000000 ffff8801bca78238 ffff8801c0717b60 ffffffff82669686
Call Trace:
 [<ffffffff82669686>] sg_finish_rem_req+0x2a6/0x320 drivers/scsi/sg.c:1829
 [<ffffffff8266b572>] sg_read+0xa22/0x1470 drivers/scsi/sg.c:526
 [<ffffffff8156b603>] __vfs_read+0x103/0x670 fs/read_write.c:449
 [<ffffffff8156f51e>] vfs_read+0x11e/0x380 fs/read_write.c:472
 [<ffffffff81573219>] SYSC_read fs/read_write.c:588 [inline]
 [<ffffffff81573219>] SyS_read+0xd9/0x1b0 fs/read_write.c:581
 [<ffffffff81006504>] do_syscall_64+0x1a4/0x490 arch/x86/entry/common.c:282
 [<ffffffff838b8493>] entry_SYSCALL_64_after_swapgs+0x5d/0xdb
Code: 45 b8 eb 3e e8 c7 13 d0 fe 48 8b 45 c8 48 c1 e8 03 42 80 3c 38 00 0f 85 3a 01 00 00 4c 8b 73 10 4b 8d 14 2e 48 89 d1 48 c1 e9 03 <42> 80 3c 39 00 0f 85 0b 01 00 00 48 8b 12 49 83 c5 08 48 85 d2 
RIP  [<ffffffff8266928b>] sg_remove_scat.isra.19+0x17b/0x2d0 drivers/scsi/sg.c:1941
 RSP <ffff8801c0717ad0>
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#2] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 3704 Comm: syzkaller656390 Tainted: G      D         4.9.91-gcc88c05 #69
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801c0deb000 task.stack: ffff8801c0b88000
RIP: 0010:[<ffffffff8266928b>]  [<ffffffff8266928b>] sg_remove_scat.isra.19+0x17b/0x2d0 drivers/scsi/sg.c:1941
RSP: 0018:ffff8801c0b8fad0  EFLAGS: 00010202
RAX: 1ffff1003855786d RBX: ffff8801c2abc358 RCX: 0000000000000001
RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff8801bb80001c
RBP: ffff8801c0b8fb20 R08: 0000000000000000 R09: ffffed00385afd19
R10: 0000000000000005 R11: ffffed00385afd18 R12: 0000000000000001
R13: 0000000000000008 R14: 0000000000000000 R15: dffffc0000000000
FS:  00007fd2e3ec2700(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2e3e7fe78 CR3: 00000001c75f2000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801c2abc370 ffffed003855786b ffffed003855786e ffff8801c2abc368
 ffff8801bb800000 ffff8801c2abc340 0000000000000000 0000000000000000
 0000000000000000 ffff8801c2abc438 ffff8801c0b8fb60 ffffffff82669686
Call Trace:
 [<ffffffff82669686>] sg_finish_rem_req+0x2a6/0x320 drivers/scsi/sg.c:1829
 [<ffffffff8266b572>] sg_read+0xa22/0x1470 drivers/scsi/sg.c:526
---[ end trace 82959de78380eb66 ]---

Crashes (279):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/03/31 09:41 https://android.googlesource.com/kernel/common android-4.9 cc88c05eca31 8fbce0e4 .config console log report syz C ci-android-49-kasan-gce
2018/03/24 14:44 https://android.googlesource.com/kernel/common android-4.9 e34e3186e9e3 2e9d9054 .config console log report syz C ci-android-49-kasan-gce
2018/03/23 05:13 https://android.googlesource.com/kernel/common android-4.9 f361eb39cdbf 2e9d9054 .config console log report syz C ci-android-49-kasan-gce
2018/03/11 20:27 https://android.googlesource.com/kernel/common android-4.9 a2904940bde8 36d1c454 .config console log report syz C ci-android-49-kasan-gce
2018/01/01 06:47 https://android.googlesource.com/kernel/common android-4.9 f3f3457d4582 00193447 .config console log report syz C ci-android-49-kasan-gce-386
2018/01/01 00:55 https://android.googlesource.com/kernel/common android-4.9 f3f3457d4582 00193447 .config console log report syz ci-android-49-kasan-gce
2017/10/17 03:35 https://android.googlesource.com/kernel/common android-4.9 5c73594e214f b69d27d1 .config console log report syz ci-android-49-kasan-gce
2017/10/13 20:55 https://android.googlesource.com/kernel/common android-4.9 ed0b958299be c26ea367 .config console log report syz ci-android-49-kasan-gce
2017/10/12 00:06 https://android.googlesource.com/kernel/common android-4.9 34e23dee72dd c26ea367 .config console log report syz ci-android-49-kasan-gce
2017/10/07 14:20 https://android.googlesource.com/kernel/common android-4.9 2b3a26c86b93 c26ea367 .config console log report syz ci-android-49-kasan-gce
2017/10/05 15:50 https://android.googlesource.com/kernel/common android-4.9 3217cccb8161 c26ea367 .config console log report syz ci-android-49-kasan-gce
2017/10/03 17:38 https://android.googlesource.com/kernel/common android-4.9 291d96822913 c26ea367 .config console log report syz ci-android-49-kasan-gce
2017/09/30 01:56 https://android.googlesource.com/kernel/common android-4.9 9b2b08179641 c26ea367 .config console log report syz ci-android-49-kasan-gce
2018/03/31 09:56 https://android.googlesource.com/kernel/common android-4.9 cc88c05eca31 8fbce0e4 .config console log report syz ci-android-49-kasan-gce-386
2018/03/27 08:11 https://android.googlesource.com/kernel/common android-4.9 dd1e37e64645 0ca7878b .config console log report syz ci-android-49-kasan-gce-386
2018/03/24 14:18 https://android.googlesource.com/kernel/common android-4.9 e34e3186e9e3 2e9d9054 .config console log report syz ci-android-49-kasan-gce-386
2018/03/11 20:12 https://android.googlesource.com/kernel/common android-4.9 a2904940bde8 36d1c454 .config console log report syz ci-android-49-kasan-gce-386
2018/03/01 02:52 https://android.googlesource.com/kernel/common android-4.9 6e463bb69c99 05b5a32c .config console log report syz ci-android-49-kasan-gce-386
2018/03/30 00:10 https://android.googlesource.com/kernel/common android-4.9 bb94f9d8f542 d47f0ed6 .config console log report ci-android-49-kasan-gce
2018/03/28 02:05 https://android.googlesource.com/kernel/common android-4.9 dd1e37e64645 bf5e585c .config console log report ci-android-49-kasan-gce
2018/03/27 16:03 https://android.googlesource.com/kernel/common android-4.9 dd1e37e64645 bf5e585c .config console log report ci-android-49-kasan-gce
2018/03/26 06:57 https://android.googlesource.com/kernel/common android-4.9 dd1e37e64645 e033c1f1 .config console log report ci-android-49-kasan-gce
2018/03/25 11:54 https://android.googlesource.com/kernel/common android-4.9 dd1e37e64645 e033c1f1 .config console log report ci-android-49-kasan-gce
2018/03/23 23:25 https://android.googlesource.com/kernel/common android-4.9 ebc27895e954 2e9d9054 .config console log report ci-android-49-kasan-gce
2018/03/22 05:53 https://android.googlesource.com/kernel/common android-4.9 71df7bbae4d8 95c88d7a .config console log report ci-android-49-kasan-gce
2018/03/22 04:20 https://android.googlesource.com/kernel/common android-4.9 71df7bbae4d8 95c88d7a .config console log report ci-android-49-kasan-gce
2018/03/18 05:28 https://android.googlesource.com/kernel/common android-4.9 fc8bd0f6ffec 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/18 03:22 https://android.googlesource.com/kernel/common android-4.9 fc8bd0f6ffec 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/17 14:59 https://android.googlesource.com/kernel/common android-4.9 fc8bd0f6ffec 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/17 10:07 https://android.googlesource.com/kernel/common android-4.9 fc8bd0f6ffec 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/16 06:48 https://android.googlesource.com/kernel/common android-4.9 d6f27745679a 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/15 20:54 https://android.googlesource.com/kernel/common android-4.9 3a3a0844ac38 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/14 00:16 https://android.googlesource.com/kernel/common android-4.9 97d7f1c7c0f0 08dacaa0 .config console log report ci-android-49-kasan-gce
2018/03/11 17:59 https://android.googlesource.com/kernel/common android-4.9 a2904940bde8 36d1c454 .config console log report ci-android-49-kasan-gce
2018/03/09 21:41 https://android.googlesource.com/kernel/common android-4.9 00db063b0f88 36d1c454 .config console log report ci-android-49-kasan-gce
2018/03/06 01:52 https://android.googlesource.com/kernel/common android-4.9 b324a701539e aef0b792 .config console log report ci-android-49-kasan-gce
2018/03/04 13:35 https://android.googlesource.com/kernel/common android-4.9 e0b05e693a9d 2c6f473e .config console log report ci-android-49-kasan-gce
2018/03/02 08:40 https://android.googlesource.com/kernel/common android-4.9 4c4262aa50dc 2c6f473e .config console log report ci-android-49-kasan-gce
2018/02/24 13:06 https://android.googlesource.com/kernel/common android-4.9 a92bb8d6eac3 5c1e0207 .config console log report ci-android-49-kasan-gce
2018/02/21 23:56 https://android.googlesource.com/kernel/common android-4.9 7ec482be026a 04cbdbd1 .config console log report ci-android-49-kasan-gce
2018/02/19 10:38 https://android.googlesource.com/kernel/common android-4.9 cdfc8df1d262 833f78c7 .config console log report ci-android-49-kasan-gce
2018/02/19 00:52 https://android.googlesource.com/kernel/common android-4.9 cdfc8df1d262 833f78c7 .config console log report ci-android-49-kasan-gce
2018/02/17 23:05 https://android.googlesource.com/kernel/common android-4.9 cdfc8df1d262 833f78c7 .config console log report ci-android-49-kasan-gce
2018/02/17 09:05 https://android.googlesource.com/kernel/common android-4.9 a25ea24f7b7d c8b3f7c1 .config console log report ci-android-49-kasan-gce
2018/02/17 03:55 https://android.googlesource.com/kernel/common android-4.9 a25ea24f7b7d c8b3f7c1 .config console log report ci-android-49-kasan-gce
2018/02/17 02:15 https://android.googlesource.com/kernel/common android-4.9 a25ea24f7b7d c8b3f7c1 .config console log report ci-android-49-kasan-gce
2018/02/17 01:26 https://android.googlesource.com/kernel/common android-4.9 a25ea24f7b7d c8b3f7c1 .config console log report ci-android-49-kasan-gce
2018/02/16 20:57 https://android.googlesource.com/kernel/common android-4.9 a25ea24f7b7d c8b3f7c1 .config console log report ci-android-49-kasan-gce
2018/02/12 17:37 https://android.googlesource.com/kernel/common android-4.9 8a174b4749d3 88bc17df .config console log report ci-android-49-kasan-gce
2018/02/12 12:04 https://android.googlesource.com/kernel/common android-4.9 8a174b4749d3 88bc17df .config console log report ci-android-49-kasan-gce
2018/02/12 11:10 https://android.googlesource.com/kernel/common android-4.9 8a174b4749d3 88bc17df .config console log report ci-android-49-kasan-gce
2018/02/10 20:19 https://android.googlesource.com/kernel/common android-4.9 8a174b4749d3 e67d44e0 .config console log report ci-android-49-kasan-gce
2018/02/10 13:28 https://android.googlesource.com/kernel/common android-4.9 8a174b4749d3 e67d44e0 .config console log report ci-android-49-kasan-gce
2018/02/09 18:00 https://android.googlesource.com/kernel/common android-4.9 20c8a0089294 9fb5ec43 .config console log report ci-android-49-kasan-gce
2018/02/09 08:25 https://android.googlesource.com/kernel/common android-4.9 20c8a0089294 9fb5ec43 .config console log report ci-android-49-kasan-gce
2018/02/09 05:07 https://android.googlesource.com/kernel/common android-4.9 20c8a0089294 9fb5ec43 .config console log report ci-android-49-kasan-gce
2018/03/28 23:34 https://android.googlesource.com/kernel/common android-4.9 dd1e37e64645 bf5e585c .config console log report ci-android-49-kasan-gce-386
2018/03/24 20:34 https://android.googlesource.com/kernel/common android-4.9 f152ce1be2ab 2e9d9054 .config console log report ci-android-49-kasan-gce-386
2018/03/19 18:36 https://android.googlesource.com/kernel/common android-4.9 bb52bba67e35 7e7d7ed2 .config console log report ci-android-49-kasan-gce-386
2018/03/17 11:42 https://android.googlesource.com/kernel/common android-4.9 fc8bd0f6ffec 08dacaa0 .config console log report ci-android-49-kasan-gce-386
2018/03/16 14:16 https://android.googlesource.com/kernel/common android-4.9 fc8bd0f6ffec 08dacaa0 .config console log report ci-android-49-kasan-gce-386
2018/03/11 01:17 https://android.googlesource.com/kernel/common android-4.9 00db063b0f88 36d1c454 .config console log report ci-android-49-kasan-gce-386
2018/03/10 01:49 https://android.googlesource.com/kernel/common android-4.9 00db063b0f88 36d1c454 .config console log report ci-android-49-kasan-gce-386
2018/03/06 09:11 https://android.googlesource.com/kernel/common android-4.9 b324a701539e aef0b792 .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.