syzbot

 sign-in | mailing list | source | docs
🐞 Open [142] 🐞 Fixed [16] 🐞 Invalid [163] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in selinux_sk_getsecid

Status: auto-closed as invalid on 2019/02/22 15:29
First crash: 2290d, last: 2290d

Sample crash report:
dst_release: dst:ffff8800b4dd6dc0 refcnt:-1
kasan: CONFIG_KASAN_INLINE enabled[  177.516717] netlink: 8 bytes leftover after parsing attributes in process `syz-executor5'.
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 8767 Comm: syz-executor7 Not tainted 4.4.111-gc2f631b #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8800b81ec740 task.stack: ffff8801d54e8000
RIP: 0010:[<ffffffff81b4e2b1>]  [<ffffffff81b4e2b1>] selinux_sk_getsecid+0x61/0x110 security/selinux/hooks.c:4636
RSP: 0018:ffff8801d54ef8e0  EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801d4afe278 RCX: ffffffff81b4e270
RDX: 0000000000000002 RSI: ffffc90001cd7000 RDI: 0000000000000010
RBP: ffff8801d54ef8f0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 1ffff1003aa9def2 R12: 0000000000000000
R13: ffff8801d4afe278 R14: ffff8801d4afddc0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8801db300000(0063) knlGS:00000000f6f9eb40
CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
CR2: 0000000020e6c000 CR3: 00000001d2f96000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffffffff843e3a80 dffffc0000000000 ffff8801d54ef920 ffffffff81b40359
 ffff8801d4afddc0 ffff8801d4c2ddc0 ffff8801d4afe268 ffff8801d4c2de18
 ffff8801d54ef9a0 ffffffff830f5964 ffffffff830f46cf 0000000000000022
Call Trace:
 [<ffffffff81b40359>] security_sk_classify_flow+0x59/0xa0 security/security.c:1303
 [<ffffffff830f5964>] ip_route_output_ports include/net/route.h:159 [inline]
 [<ffffffff830f5964>] ip_queue_xmit+0x12d4/0x16c0 net/ipv4/ip_output.c:417
 [<ffffffff8345a7b8>] l2tp_xmit_core net/l2tp/l2tp_core.c:1087 [inline]
 [<ffffffff8345a7b8>] l2tp_xmit_skb+0x9e8/0xea0 net/l2tp/l2tp_core.c:1179
 [<ffffffff834674e4>] pppol2tp_sendmsg+0x584/0x7f0 net/l2tp/l2tp_ppp.c:355
 [<ffffffff82deda2a>] sock_sendmsg_nosec net/socket.c:625 [inline]
 [<ffffffff82deda2a>] sock_sendmsg+0xca/0x110 net/socket.c:635
 [<ffffffff82def601>] ___sys_sendmsg+0x6c1/0x7c0 net/socket.c:1962
 [<ffffffff82df1653>] __sys_sendmsg+0xd3/0x190 net/socket.c:1996
 [<ffffffff82edb7ba>] C_SYSC_sendmsg net/compat.c:720 [inline]
 [<ffffffff82edb7ba>] compat_SyS_sendmsg+0x2a/0x40 net/compat.c:718
 [<ffffffff81006d84>] do_syscall_32_irqs_on arch/x86/entry/common.c:390 [inline]
 [<ffffffff81006d84>] do_fast_syscall_32+0x314/0x890 arch/x86/entry/common.c:457
 [<ffffffff837772aa>] sysenter_flags_fixed+0xd/0x17
Code: c1 ea 03 80 3c 02 00 0f 85 b8 00 00 00 4d 8b a4 24 f8 03 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 10 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 04 3c 03 7e 73 48 89 da 45 8b 64 24 10 48 
RIP  [<ffffffff81b4e2b1>] selinux_sk_getsecid+0x61/0x110 security/selinux/hooks.c:4636
 RSP <ffff8801d54ef8e0>
---[ end trace 82c23951e7c3f7aa ]---
Kernel panic - not syncing: Fatal exception in interrupt
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/01/16 20:58 https://android.googlesource.com/kernel/common android-4.4 c2f631bf4969 a46e5318 .config console log report ci-android-44-kasan-gce-386
* Struck through repros no longer work on HEAD.