syzbot

 sign-in | mailing list | source | docs
🐞 Open [978] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12473] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in tcp_sk_exit

Status: closed as invalid on 2018/09/05 11:21
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+fe060728040f2935968f@syzkaller.appspotmail.com
First crash: 2085d, last: 2081d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-5-10 general protection fault in tcp_sk_exit 1 741d 741d 0/2 auto-closed as invalid on 2022/07/07 14:15
android-5-10 general protection fault in tcp_sk_exit (2) 1 642d 642d 0/2 auto-obsoleted due to no activity on 2022/10/15 01:07

Sample crash report:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
kasan: GPF could be caused by NULL-ptr deref or user memory access
 dump_header+0x27b/0xf64 mm/oom_kill.c:432
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 16877 Comm: syz-executor6 Not tainted 4.18.0-rc8+ #180
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tcp_sk_exit+0x5a/0x230 net/ipv4/tcp_ipv4.c:2496
Code: 
03 
80 
3c 
02 
00 
0f 
85 
d0 
01 
00 
00 
49 
 oom_kill_process.cold.25+0x10/0x10bc mm/oom_kill.c:867
8b 
9d 
08 
09 
00 
00 
48 
b8 
00 
00 
00 
00 
00 
fc 
ff 
df 
48 
8d 
 out_of_memory+0xa8a/0x14d0 mm/oom_kill.c:1081
bb 
90 
00 
00 
 mem_cgroup_out_of_memory+0x15e/0x210 mm/memcontrol.c:1212
00 
48 
89 
 mem_cgroup_oom_synchronize+0x713/0x940 mm/memcontrol.c:1557
fa 
48 c1 
ea 
 pagefault_out_of_memory+0xc8/0x197 mm/oom_kill.c:1107
03 
<80> 
3c 02 
 mm_fault_error+0x1de/0x380 arch/x86/mm/fault.c:1024
00 
 __do_page_fault+0xd25/0xe50 arch/x86/mm/fault.c:1424
0f 
85 
9d 
01 
00 
 do_page_fault+0xf6/0x8c0 arch/x86/mm/fault.c:1471
00 
48 
8b 
bb 
90 
00 
00 
00 
bb 
ff 
ff 
 page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1160
ff 
RIP: 0033:0x40e4cf
ff 
Code: 
0f 
RSP: 0018:ffff880197227620 EFLAGS: 00010206
84 
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004c3b000
c8 
RDX: 0000000000000012 RSI: ffffffff858461a9 RDI: 0000000000000090
02 
RBP: ffff880197227668 R08: ffff880196638580 R09: ffffed003b6046d6
00 
R10: ffffed003b6046d6 R11: ffff8801db0236b3 R12: 0000000000000001
00 
R13: ffff8801d99a5840 R14: ffffed0032e44ed8 R15: ffff880197227740
48 83 
FS:  00007f073fa0f700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
bd 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
78 
CR2: 000000000171ae80 CR3: 00000001c3007000 CR4: 00000000001406f0
ff 
Call Trace:
ff ff 
 tcp_sk_init+0xdc6/0x12b0 net/ipv4/tcp_ipv4.c:2601
00 
0f 
84 
f9 
04 
00 
 ops_init+0x101/0x560 net/core/net_namespace.c:128
00 
48 
 setup_net+0x3d9/0x980 net/core/net_namespace.c:313
8b 
95 
68 
ff 
ff ff 
44 
89 
95 
38 
 copy_net_ns+0x2b8/0x4d0 net/core/net_namespace.c:436
ff 
ff 
ff 
4c 
 create_new_namespaces+0x6ad/0x900 kernel/nsproxy.c:107
8d 
ac 
10 
00 
 unshare_nsproxy_namespaces+0xc3/0x1f0 kernel/nsproxy.c:206
f7 
 ksys_unshare+0x723/0xfb0 kernel/fork.c:2442
ff 
ff 
<49> 
89 
85 
90 
06 
00 
00 
49 
8d 
85 
10 
 __do_sys_unshare kernel/fork.c:2510 [inline]
 __se_sys_unshare kernel/fork.c:2508 [inline]
 __x64_sys_unshare+0x31/0x40 kernel/fork.c:2508
03 
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
00 
00 
49 89 
95 
98 
06 
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
00 
RIP: 0033:0x456cb9
00 
Code: 
41 
fd 
b4 
RSP: 002b:0000000000a3fb30 EFLAGS: 00010206
fb 
ff 
RAX: 00007f073f98c000 RBX: 0000000000020000 RCX: 0000000000456d0a
c3 
RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
66 
RBP: 0000000000a3fc10 R08: ffffffffffffffff R09: 0000000000000000
2e 
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a3fd00
0f 
R13: 00007f073f9ac700 R14: 0000000000000001 R15: 0000000000000003
1f 
Task in 
84 00 00 00 00 00 66 90 48 89 f8 48 
/ile0
89 
 killed as a result of limit of 
f7 48 89 d6 48 89 
/ile0
ca 
4d 89 c2 4d 89 c8 4c 8b 4c 
memory: usage 116kB, limit 0kB, failcnt 1682
24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 
memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
b4 fb ff c3 66 2e 0f 1f 84 
kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
00 00 00 00 
RSP: 002b:00007f073fa0ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00007f073fa0f6d4 RCX: 0000000000456cb9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000060040200
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
Memory cgroup stats for 
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d63c0 R14: 00000000004c9acf R15: 0000000000000000
Modules linked in:
/ile0
:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 90a9201946be3ac0 ]---
 cache:8KB
RIP: 0010:tcp_sk_exit+0x5a/0x230 net/ipv4/tcp_ipv4.c:2496
 rss:0KB
Code: 
 rss_huge:0KB
03 
 shmem:0KB
80 
 mapped_file:0KB
3c 
 dirty:132KB
02 
 writeback:0KB
00 
 swap:0KB
0f 
 inactive_anon:0KB
85 
 active_anon:0KB
d0 
 inactive_file:0KB
01 
 active_file:0KB
00 
 unevictable:0KB
00 
49 
[ pid ]   uid  tgid total_vm      rss pgtables_bytes swapents oom_score_adj name
8b 
[16817]     0 16817    17684     8731   139264        0             0 syz-executor6
9d 08 09 
Memory cgroup out of memory: Kill process 16817 (syz-executor6) score 8765000 or sacrifice child
00 
Killed process 16817 (syz-executor6) total-vm:70736kB, anon-rss:2156kB, file-rss:32768kB, shmem-rss:0kB
00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 90 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 9d 01 00 00 48 8b bb 90 00 00 00 bb ff ff ff ff 
RSP: 0018:ffff880197227620 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90004c3b000
RDX: 0000000000000012 RSI: ffffffff858461a9 RDI: 0000000000000090
RBP: ffff880197227668 R08: ffff880196638580 R09: ffffed003b6046d6
oom_reaper: reaped process 16817 (syz-executor6), now anon-rss:0kB, file-rss:32780kB, shmem-rss:0kB
R10: ffffed003b6046d6 R11: ffff8801db0236b3 R12: 0000000000000001
R13: ffff8801d99a5840 R14: ffffed0032e44ed8 R15: ffff880197227740
FS:  00007f073fa0f700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000171ae80 CR3: 00000001c3007000 CR4: 00000000001406f0

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/07 09:12 upstream 1236568ee3cb 1beb8136 .config console log report ci-upstream-kasan-gce
2018/08/07 00:22 upstream 1ffaddd029c8 1beb8136 .config console log report ci-upstream-kasan-gce
2018/08/03 21:07 upstream 0585df468e8f cc4f6d0a .config console log report ci-upstream-kasan-gce
2018/08/03 20:40 upstream 0585df468e8f cc4f6d0a .config console log report ci-upstream-kasan-gce-root
* Struck through repros no longer work on HEAD.