syzbot


kernel BUG at include/linux/mm.h:LINE! (2)

Status: fixed on 2019/02/26 22:09
Reported-by: syzbot+3225ce21c0e9929bb9cf@syzkaller.appspotmail.com
Fix commit: d829e9c4112b tls: convert to generic sk_msg interface
First crash: 1699d, last: 1435d
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at include/linux/mm.h:LINE! (3) C 14 1435d 1434d 0/24 closed as invalid on 2019/02/27 20:54
linux-4.19 kernel BUG at include/linux/mm.h:LINE! C error 308 83d 1385d 0/1 upstream: reported C repro on 2019/04/17 12:33
upstream kernel BUG at include/linux/mm.h:LINE! syz 68 1699d 1736d 6/24 fixed on 2018/06/07 13:52
upstream kernel BUG at include/linux/mm.h:LINE! (5) C done done 129 1359d 1429d 16/24 fixed on 2020/01/08 01:07
upstream kernel BUG at include/linux/mm.h:LINE! (6) C error error 98 103d 1017d 0/24 upstream: reported C repro on 2020/04/19 15:28
linux-4.14 kernel BUG at include/linux/mm.h:LINE! 1 1148d 1148d 0/1 auto-closed as invalid on 2020/04/08 20:20
upstream kernel BUG at include/linux/mm.h:LINE! (4) 2 1432d 1431d 0/24 closed as invalid on 2019/03/02 20:05

Sample crash report:
flags: 0x2fffc0000000000()
raw: 02fffc0000000000 0000000000000000 0000000000000000 00000000ffffff80
raw: ffffea0006b29220 ffff88021fffac18 0000000000000003 0000000000000000
page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) <= 0)
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:853!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4545 Comm: syz-executor492 Not tainted 4.17.0-rc7+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:get_page include/linux/mm.h:853 [inline]
RIP: 0010:do_tcp_sendpages+0x1879/0x1e60 net/ipv4/tcp.c:1002
RSP: 0018:ffff8801c2a06f88 EFLAGS: 00010203
RAX: 0000000000000000 RBX: ffff8801d972d580 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff81a66c25 RDI: ffffed0038540de0
RBP: ffff8801c2a071e8 R08: ffff8801b11d2480 R09: 0000000000000006
R10: ffff8801b11d2480 R11: 0000000000000000 R12: 000000000000301d
R13: ffffea0006b2621c R14: ffff8801ae5a6040 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020008000 CR3: 0000000008c6a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tls_push_sg+0x25b/0x860 net/tls/tls_main.c:126
 tls_push_record+0xae5/0x13e0 net/tls/tls_sw.c:266
 tls_sw_push_pending_record+0x22/0x30 net/tls/tls_sw.c:276
 tls_handle_open_record net/tls/tls_main.c:164 [inline]
 tls_sk_proto_close+0x734/0xad0 net/tls/tls_main.c:264
 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:427
 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:459
 sock_release+0x96/0x1b0 net/socket.c:594
 sock_close+0x16/0x20 net/socket.c:1149
 __fput+0x34d/0x890 fs/file_table.c:209
 ____fput+0x15/0x20 fs/file_table.c:243
 task_work_run+0x1e4/0x290 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x1aee/0x2730 kernel/exit.c:865
 do_group_exit+0x16f/0x430 kernel/exit.c:968
 __do_sys_exit_group kernel/exit.c:979 [inline]
 __se_sys_exit_group kernel/exit.c:977 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:977
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43f368
RSP: 002b:00007ffd03500578 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f368
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004bf448 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006d1180 R14: 0000000000000000 R15: 0000000000000000
Code: ff ff 41 89 86 cc 08 00 00 e8 e4 07 05 00 e9 2c eb ff ff e8 ca 4b 27 fb 48 8b bd b8 fd ff ff 48 c7 c6 40 0c 54 88 e8 77 72 54 fb <0f> 0b 48 89 85 b8 fd ff ff e8 a9 4b 27 fb 48 8b 85 b8 fd ff ff 
RIP: get_page include/linux/mm.h:853 [inline] RSP: ffff8801c2a06f88
RIP: do_tcp_sendpages+0x1879/0x1e60 net/ipv4/tcp.c:1002 RSP: ffff8801c2a06f88
---[ end trace 500a6e4fab99629c ]---

Crashes (1009):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-net-kasan-gce 2018/06/08 00:36 net-next 7170e6045a6a 645e75f8 .config console log report syz C
ci-upstream-linux-next-kasan-gce-root 2019/02/22 20:39 linux-next 94a47529a645 6a5fcca4 .config console log report syz C
ci-upstream-linux-next-kasan-gce-root 2019/02/13 09:49 linux-next c4f3ef3eb53f 1eedba36 .config console log report syz C
ci-upstream-kasan-gce-smack-root 2019/02/06 21:53 upstream 8834f5600cf3 d25487bc .config console log report
ci-upstream-kasan-gce-root 2018/12/05 17:37 upstream 0072a0c14d5b ac6c0578 .config console log report
ci-upstream-kasan-gce-selinux-root 2018/10/07 21:25 upstream fb1c592cf4c9 8b311eaf .config console log report
ci-upstream-kasan-gce 2018/09/04 08:55 upstream 60c1f89241d4 a4718693 .config console log report
ci-upstream-kasan-gce-386 2018/10/23 01:57 upstream 84df9525b0c2 ecb386fe .config console log report
ci-upstream-net-this-kasan-gce 2018/09/24 15:35 net d26ed6b0e5e2 2f485cdf .config console log report
ci-upstream-net-kasan-gce 2018/09/18 14:33 net-next cf7d97e1e54d 7f125108 .config console log report
ci-upstream-net-kasan-gce 2018/06/07 23:07 net-next 7170e6045a6a 645e75f8 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 22:00 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 18:19 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 16:24 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 13:38 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 12:01 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 11:17 linux-next 8e7f81e2ebc4 a36ecd98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 09:51 linux-next 8e7f81e2ebc4 8022bafd .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 05:22 linux-next 2b46440ea715 8022bafd .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/26 02:30 linux-next 2b46440ea715 8022bafd .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/25 21:20 linux-next 2b46440ea715 8022bafd .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/25 14:59 linux-next 2b46440ea715 a70141bf .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/25 13:24 linux-next 2b46440ea715 a70141bf .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/25 11:41 linux-next 2b46440ea715 a70141bf .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/25 07:57 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/25 06:27 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/25 03:25 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 22:29 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 20:20 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 16:28 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 15:24 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 06:06 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 03:08 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 01:56 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/24 00:48 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/23 20:59 linux-next 94a47529a645 7a06e792 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/23 18:27 linux-next 94a47529a645 18107ce0 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/23 16:26 linux-next 94a47529a645 18107ce0 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/23 15:20 linux-next 94a47529a645 18107ce0 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/23 15:07 linux-next 94a47529a645 18107ce0 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/23 11:41 linux-next 94a47529a645 18107ce0 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/23 07:56 linux-next 94a47529a645 18107ce0 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 23:00 linux-next 94a47529a645 6a5fcca4 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 12:16 linux-next 94a47529a645 6a5fcca4 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 10:54 linux-next 94a47529a645 7ff74a98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 09:26 linux-next 94a47529a645 7ff74a98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 09:05 linux-next 94a47529a645 7ff74a98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 05:06 linux-next 550f4769c7c4 7ff74a98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 03:17 linux-next 550f4769c7c4 7ff74a98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/22 01:14 linux-next 550f4769c7c4 7ff74a98 .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/21 17:54 linux-next 550f4769c7c4 3133098b .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/21 16:38 linux-next 550f4769c7c4 3133098b .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/21 14:34 linux-next 550f4769c7c4 3133098b .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/21 13:49 linux-next 550f4769c7c4 3133098b .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/21 12:48 linux-next 550f4769c7c4 3133098b .config console log report
ci-upstream-linux-next-kasan-gce-root 2019/02/21 11:34 linux-next 550f4769c7c4 3133098b .config console log report
* Struck through repros no longer work on HEAD.