syzbot

 sign-in | mailing list | source | docs
🐞 Open [977] Subsystems 🐞 Fixed [5208] 🐞 Invalid [12460] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: null-ptr-deref Write in rdma_resolve_addr

Status: fixed on 2018/03/23 18:14
Subsystems: rdma
[Documentation on labels]
Reported-by: syzbot+1d8c43206853b369d00c@syzkaller.appspotmail.com
Fix commit: 2975d5de6428 RDMA/ucma: Check AF family prior resolving address
First crash: 2230d, last: 2219d
Duplicate bugs (10)
duplicates (10):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
general protection fault in rdma_resolve_addr rdma C 41 2218d 2231d 0/26 closed as dup on 2018/03/22 15:25
KASAN: use-after-free Read in __list_del_entry_valid (3) rdma C 15 2220d 2233d 22/26 closed as dup on 2018/03/22 15:31
general protection fault in rdma_destroy_id rdma C 43 2219d 2232d 0/26 closed as dup on 2018/03/22 15:23
general protection fault in cma_comp_exch rdma C 3 2219d 2219d 0/26 closed as dup on 2018/03/22 09:09
general protection fault in rdma_disconnect rdma C 3 2232d 2232d 0/26 closed as dup on 2018/03/22 15:24
KASAN: stack-out-of-bounds Read in rdma_resolve_addr rdma C 3 2210d 2230d 0/26 closed as dup on 2018/07/04 20:07
general protection fault in rdma_listen rdma C 36 2219d 2231d 0/26 closed as dup on 2018/03/22 15:25
KASAN: use-after-free Read in __list_add_valid (4) rdma C 61 2216d 2231d 0/26 closed as dup on 2018/03/22 15:30
KASAN: stack-out-of-bounds Read in rdma_bind_addr rdma C 10 2216d 2230d 0/26 closed as dup on 2018/03/22 15:26
general protection fault in rdma_reject rdma C 7 2222d 2231d 0/26 closed as dup on 2018/03/22 15:25
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 3.16 000/410] 3.16.57-rc1 review 426 (426) 2018/11/12 17:42
[PATCH 4.4 00/72] 4.4.127-stable review 83 (83) 2018/05/17 08:56
[PATCH 4.9 000/102] 4.9.93-stable review 111 (111) 2018/04/12 16:56
[PATCH 4.15 00/72] 4.15.16-stable review 78 (78) 2018/04/07 06:10
[PATCH 4.14 00/67] 4.14.33-stable review 71 (71) 2018/04/06 22:10
KASAN: null-ptr-deref Write in rdma_resolve_addr 0 (2) 2018/03/14 04:39

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in memcpy include/linux/string.h:345 [inline]
BUG: KASAN: null-ptr-deref in rdma_resolve_addr+0x12e/0x26c0 drivers/infiniband/core/cma.c:2920
Write of size 28 at addr 00000000000000a0 by task syzkaller326171/7671

CPU: 0 PID: 7671 Comm: syzkaller326171 Not tainted 4.16.0-rc5+ #352
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 kasan_report_error mm/kasan/report.c:352 [inline]
 kasan_report+0x140/0x360 mm/kasan/report.c:412
 check_memory_region_inline mm/kasan/kasan.c:260 [inline]
 check_memory_region+0x137/0x190 mm/kasan/kasan.c:267
 memcpy+0x37/0x50 mm/kasan/kasan.c:303
 memcpy include/linux/string.h:345 [inline]
 rdma_resolve_addr+0x12e/0x26c0 drivers/infiniband/core/cma.c:2920
 ucma_resolve_ip+0x142/0x1f0 drivers/infiniband/core/ucma.c:677
 ucma_write+0x2d6/0x3d0 drivers/infiniband/core/ucma.c:1633
 __vfs_write+0xef/0x970 fs/read_write.c:480
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x446b29
RSP: 002b:00007f72069e1da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006e29fc RCX: 0000000000446b29
RDX: 000000000000002e RSI: 0000000020000c40 RDI: 0000000000000004
RBP: 00000000006e29f8 R08: 00007f72069e2700 R09: 0000000000000000
R10: 00007f72069e2700 R11: 0000000000000246 R12: 006d635f616d6472
R13: 2f646e6162696e69 R14: 666e692f7665642f R15: 0000000000000004
==================================================================
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 7671 Comm: syzkaller326171 Tainted: G    B            4.16.0-rc5+ #352
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x24d lib/dump_stack.c:53
 panic+0x1e4/0x41c kernel/panic.c:183
 kasan_end_report+0x50/0x50 mm/kasan/report.c:180
 kasan_report_error mm/kasan/report.c:359 [inline]
 kasan_report+0x149/0x360 mm/kasan/report.c:412
 check_memory_region_inline mm/kasan/kasan.c:260 [inline]
 check_memory_region+0x137/0x190 mm/kasan/kasan.c:267
 memcpy+0x37/0x50 mm/kasan/kasan.c:303
 memcpy include/linux/string.h:345 [inline]
 rdma_resolve_addr+0x12e/0x26c0 drivers/infiniband/core/cma.c:2920
 ucma_resolve_ip+0x142/0x1f0 drivers/infiniband/core/ucma.c:677
 ucma_write+0x2d6/0x3d0 drivers/infiniband/core/ucma.c:1633
 __vfs_write+0xef/0x970 fs/read_write.c:480
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x446b29
RSP: 002b:00007f72069e1da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006e29fc RCX: 0000000000446b29
RDX: 000000000000002e RSI: 0000000020000c40 RDI: 0000000000000004
RBP: 00000000006e29f8 R08: 00007f72069e2700 R09: 0000000000000000
R10: 00007f72069e2700 R11: 0000000000000246 R12: 006d635f616d6472
R13: 2f646e6162696e69 R14: 666e692f7665642f R15: 0000000000000004
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (66):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/03/14 04:38 upstream fc6eabbbf8ef 08dacaa0 .config console log report syz C ci-upstream-kasan-gce
2018/03/20 07:44 upstream 1b5f3ba415fe 7e7d7ed2 .config console log report syz ci-upstream-kasan-gce-386
2018/03/13 00:28 upstream fc6eabbbf8ef f505ca4b .config console log report syz ci-upstream-kasan-gce-386
2018/03/12 13:27 upstream 0c8efd610b58 f505ca4b .config console log report syz ci-upstream-kasan-gce-386
2018/03/11 09:39 upstream 3266b5bd97ea 36d1c454 .config console log report syz ci-upstream-kasan-gce-386
2018/03/10 11:01 upstream cdb06e9d8f52 36d1c454 .config console log report syz ci-upstream-kasan-gce-386
2018/03/09 21:47 upstream 719ea86151f3 36d1c454 .config console log report syz ci-upstream-kasan-gce-386
2018/03/20 11:56 upstream 1b5f3ba415fe 72c33b66 .config console log report ci-upstream-kasan-gce
2018/03/20 10:34 upstream 1b5f3ba415fe 7e7d7ed2 .config console log report ci-upstream-kasan-gce
2018/03/20 06:34 upstream 1b5f3ba415fe 7e7d7ed2 .config console log report ci-upstream-kasan-gce
2018/03/19 15:25 upstream c698ca527893 7e7d7ed2 .config console log report ci-upstream-kasan-gce
2018/03/19 08:00 upstream 9e1909b9da04 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/19 02:48 upstream 9e1909b9da04 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/18 10:58 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/18 00:25 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/17 19:00 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/17 15:54 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/17 14:04 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/17 08:06 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/17 05:20 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 22:59 upstream df09348f78dc 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 18:04 upstream df09348f78dc 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 16:59 upstream df09348f78dc 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 16:02 upstream df09348f78dc 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 11:31 upstream df09348f78dc 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 09:52 upstream e2c15aff5f35 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 06:34 upstream e2c15aff5f35 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/16 01:49 upstream e2c15aff5f35 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/15 20:36 upstream 0aa3fdb8b3a6 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/15 19:48 upstream 0aa3fdb8b3a6 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/15 18:02 upstream 0aa3fdb8b3a6 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/15 06:55 upstream 3032f8c504d2 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/14 23:38 upstream 3032f8c504d2 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/14 22:56 upstream 3032f8c504d2 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/14 13:50 upstream fc6eabbbf8ef 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/14 04:21 upstream fc6eabbbf8ef 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/13 04:08 upstream fc6eabbbf8ef f505ca4b .config console log report ci-upstream-kasan-gce
2018/03/13 03:23 upstream fc6eabbbf8ef f505ca4b .config console log report ci-upstream-kasan-gce
2018/03/12 10:59 upstream 0c8efd610b58 f505ca4b .config console log report ci-upstream-kasan-gce
2018/03/11 10:57 upstream 3266b5bd97ea 36d1c454 .config console log report ci-upstream-kasan-gce
2018/03/11 09:01 upstream 3266b5bd97ea 36d1c454 .config console log report ci-upstream-kasan-gce
2018/03/10 09:49 upstream cdb06e9d8f52 36d1c454 .config console log report ci-upstream-kasan-gce
2018/03/20 20:58 upstream 1b5f3ba415fe 72c33b66 .config console log report ci-upstream-kasan-gce-386
2018/03/20 18:56 upstream 1b5f3ba415fe 72c33b66 .config console log report ci-upstream-kasan-gce-386
2018/03/19 16:36 upstream c698ca527893 7e7d7ed2 .config console log report ci-upstream-kasan-gce-386
2018/03/19 05:26 upstream 9e1909b9da04 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/18 21:53 upstream 9e1909b9da04 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/18 14:08 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/18 06:09 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/17 07:19 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/17 03:16 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/17 00:31 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/16 17:20 upstream df09348f78dc 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/14 17:44 upstream fc6eabbbf8ef 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/13 10:00 upstream fc6eabbbf8ef 08dacaa0 .config console log report ci-upstream-kasan-gce-386
2018/03/13 00:11 upstream fc6eabbbf8ef f505ca4b .config console log report ci-upstream-kasan-gce-386
2018/03/12 03:32 upstream abeb75218aeb 36d1c454 .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.