From: Jakub Kicinski <kuba@kernel.org>
To: syzbot <syzbot+c5ce866a8d30f4be0651@syzkaller.appspotmail.com>
Cc: bpf@vger.kernel.org, davem@davemloft.net, edumazet@google.com,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
pabeni@redhat.com, syzkaller-bugs@googlegroups.com,
Jon Maloy <jmaloy@redhat.com>, Ying Xue <ying.xue@windriver.com>,
tipc-discussion@lists.sourceforge.net
Subject: Re: [syzbot] general protection fault in kernel_accept (5)
Date: Tue, 27 Sep 2022 07:14:49 -0700 [thread overview]
Message-ID: <20220927071449.67a2b0a0@kernel.org> (raw)
In-Reply-To: <0000000000006d989105e9a4b916@google.com>
Adding TIPC
On Tue, 27 Sep 2022 01:49:38 -0700 syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: bf682942cd26 Merge tag 'scsi-fixes' of git://git.kernel.or..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=117fc3ac880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=7db7ad17eb14cb7
> dashboard link: https://syzkaller.appspot.com/bug?extid=c5ce866a8d30f4be0651
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c5ce866a8d30f4be0651@syzkaller.appspotmail.com
>
> general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
> CPU: 3 PID: 12841 Comm: kworker/u16:2 Not tainted 6.0.0-rc6-syzkaller-00210-gbf682942cd26 #0
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
> Workqueue: tipc_rcv tipc_topsrv_accept
> RIP: 0010:kernel_accept+0x22d/0x350 net/socket.c:3487
> Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d 7b 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ee 00 00 00 48 8b 7b 08 e8 a0 36 1c fa e8 8b ff
> RSP: 0018:ffffc9000494fc28 EFLAGS: 00010202
> RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
> RDX: 0000000000000001 RSI: ffffffff874c37b2 RDI: 0000000000000008
> RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000449 R12: 0000000000000000
> R13: ffff888027a7b980 R14: ffff888028bc08e0 R15: 1ffff92000929f90
> FS: 0000000000000000(0000) GS:ffff88802cb00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007fa6e1a8c920 CR3: 000000004bba0000 CR4: 0000000000150ee0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <TASK>
> tipc_topsrv_accept+0x197/0x280 net/tipc/topsrv.c:460
> process_one_work+0x991/0x1610 kernel/workqueue.c:2289
> worker_thread+0x665/0x1080 kernel/workqueue.c:2436
> kthread+0x2e4/0x3a0 kernel/kthread.c:376
> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
> </TASK>
> Modules linked in:
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:kernel_accept+0x22d/0x350 net/socket.c:3487
> Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e3 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d 7b 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ee 00 00 00 48 8b 7b 08 e8 a0 36 1c fa e8 8b ff
> RSP: 0018:ffffc9000494fc28 EFLAGS: 00010202
> RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
> RDX: 0000000000000001 RSI: ffffffff874c37b2 RDI: 0000000000000008
> RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000449 R12: 0000000000000000
> R13: ffff888027a7b980 R14: ffff888028bc08e0 R15: 1ffff92000929f90
> FS: 0000000000000000(0000) GS:ffff88802ca00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 000000c0154d8000 CR3: 000000006fb4b000 CR4: 0000000000150ee0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> ----------------
> Code disassembly (best guess):
> 0: 48 89 fa mov %rdi,%rdx
> 3: 48 c1 ea 03 shr $0x3,%rdx
> 7: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
> b: 0f 85 e3 00 00 00 jne 0xf4
> 11: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
> 18: fc ff df
> 1b: 48 8b 5b 20 mov 0x20(%rbx),%rbx
> 1f: 48 8d 7b 08 lea 0x8(%rbx),%rdi
> 23: 48 89 fa mov %rdi,%rdx
> 26: 48 c1 ea 03 shr $0x3,%rdx
> * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
> 2e: 0f 85 ee 00 00 00 jne 0x122
> 34: 48 8b 7b 08 mov 0x8(%rbx),%rdi
> 38: e8 a0 36 1c fa callq 0xfa1c36dd
> 3d: e8 .byte 0xe8
> 3e: 8b ff mov %edi,%edi
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next prev parent reply other threads:[~2022-09-27 14:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-27 8:49 [syzbot] general protection fault in kernel_accept (5) syzbot
2022-09-27 14:14 ` Jakub Kicinski [this message]
2022-10-17 21:50 ` Xin Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220927071449.67a2b0a0@kernel.org \
--to=kuba@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jmaloy@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzbot+c5ce866a8d30f4be0651@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.