| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <698a91c2.050a0220.3b3015.0084.GAE@google.com> Date: Mon, 09 Feb 2026 18:02:42 -0800 From: syzbot <syzbot+96046021045ffe6d7709@...kaller.appspotmail.com> To: allison.henderson@...cle.com Cc: allison.henderson@...cle.com, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [rds?] general protection fault in rds_tcp_accept_one > #syz test: git@...hub.com:allisonhenderson/rds_work.git syzbug_f9db6ff27b9bfdcfeca unknown command "test:\u00a0git@...hub.com:allisonhenderson/rds_work.git" > > On Mon, 2026-02-09 at 07:41 -0800, syzbot wrote: >> Hello, >> >> syzbot found the following issue on: >> >> HEAD commit: 9845cf73f7db Add linux-next specific files for 20260205 >> git tree: linux-next >> console output: https://urldefense.com/v3/__https://syzkaller.appspot.com/x/log.txt?x=10ec4a5a580000__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4ONYVS2j$ >> kernel config: https://urldefense.com/v3/__https://syzkaller.appspot.com/x/.config?x=ac78ce3b6729749e__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4NL_GIpI$ >> dashboard link: https://urldefense.com/v3/__https://syzkaller.appspot.com/bug?extid=96046021045ffe6d7709__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4MCjo-m3$ >> compiler: Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8 >> syz repro: https://urldefense.com/v3/__https://syzkaller.appspot.com/x/repro.syz?x=122acb22580000__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4GW8gg30$ >> C reproducer: https://urldefense.com/v3/__https://syzkaller.appspot.com/x/repro.c?x=149fc7fa580000__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4D5oQKmF$ >> >> Downloadable assets: >> disk image: https://urldefense.com/v3/__https://storage.googleapis.com/syzbot-assets/9f30334a2431/disk-9845cf73.raw.xz__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4OnpjEj3$ >> vmlinux: https://urldefense.com/v3/__https://storage.googleapis.com/syzbot-assets/0d58741a15a6/vmlinux-9845cf73.xz__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4MX_62da$ >> kernel image: https://urldefense.com/v3/__https://storage.googleapis.com/syzbot-assets/62204da1452c/bzImage-9845cf73.xz__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4OvQrNJd$ >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: >> Reported-by: syzbot+96046021045ffe6d7709@...kaller.appspotmail.com >> >> netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 >> Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI >> KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] >> CPU: 1 UID: 0 PID: 3485 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 >> Workqueue: krdsd rds_tcp_accept_worker >> RIP: 0010:rds_tcp_accept_one+0xa5b/0xd70 net/rds/tcp_listen.c:319 >> Code: 00 00 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 63 a9 2f f7 48 8b 1b 48 83 c3 12 49 89 de 49 c1 ee 03 <43> 0f b6 04 2e 84 c0 0f 85 53 02 00 00 44 0f b6 2b bf 08 00 00 00 >> RSP: 0018:ffffc9000b64f9a0 EFLAGS: 00010202 >> RAX: 1ffff1100dacb173 RBX: 0000000000000012 RCX: 0000000000000000 >> RDX: 0000000000000006 RSI: ffffffff8e006fa9 RDI: 00000000ffffffff >> RBP: ffffc9000b64fb18 R08: ffffffff903342b7 R09: 1ffffffff2066856 >> R10: dffffc0000000000 R11: fffffbfff2066857 R12: ffff88803286c000 >> R13: dffffc0000000000 R14: 0000000000000002 R15: 1ffff920016c9f3c >> FS: 0000000000000000(0000) GS:ffff888125115000(0000) knlGS:0000000000000000 >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> CR2: 00007f30359456b8 CR3: 00000000320ee000 CR4: 00000000003526f0 >> Call Trace: >> <TASK> >> rds_tcp_accept_worker+0x1d/0x70 net/rds/tcp.c:524 >> process_one_work+0x949/0x1650 kernel/workqueue.c:3279 >> process_scheduled_works kernel/workqueue.c:3362 [inline] >> worker_thread+0xb46/0x1140 kernel/workqueue.c:3443 >> kthread+0x388/0x470 kernel/kthread.c:467 >> ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158 >> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 >> </TASK> >> Modules linked in: >> ---[ end trace 0000000000000000 ]--- >> RIP: 0010:rds_tcp_accept_one+0xa5b/0xd70 net/rds/tcp_listen.c:319 >> Code: 00 00 48 83 c3 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 63 a9 2f f7 48 8b 1b 48 83 c3 12 49 89 de 49 c1 ee 03 <43> 0f b6 04 2e 84 c0 0f 85 53 02 00 00 44 0f b6 2b bf 08 00 00 00 >> RSP: 0018:ffffc9000b64f9a0 EFLAGS: 00010202 >> RAX: 1ffff1100dacb173 RBX: 0000000000000012 RCX: 0000000000000000 >> RDX: 0000000000000006 RSI: ffffffff8e006fa9 RDI: 00000000ffffffff >> RBP: ffffc9000b64fb18 R08: ffffffff903342b7 R09: 1ffffffff2066856 >> R10: dffffc0000000000 R11: fffffbfff2066857 R12: ffff88803286c000 >> R13: dffffc0000000000 R14: 0000000000000002 R15: 1ffff920016c9f3c >> FS: 0000000000000000(0000) GS:ffff888125115000(0000) knlGS:0000000000000000 >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> CR2: 00007f303594da08 CR3: 000000000e74c000 CR4: 00000000003526f0 >> ---------------- >> Code disassembly (best guess): >> 0: 00 00 add %al,(%rax) >> 2: 48 83 c3 18 add $0x18,%rbx >> 6: 48 89 d8 mov %rbx,%rax >> 9: 48 c1 e8 03 shr $0x3,%rax >> d: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) >> 12: 74 08 je 0x1c >> 14: 48 89 df mov %rbx,%rdi >> 17: e8 63 a9 2f f7 call 0xf72fa97f >> 1c: 48 8b 1b mov (%rbx),%rbx >> 1f: 48 83 c3 12 add $0x12,%rbx >> 23: 49 89 de mov %rbx,%r14 >> 26: 49 c1 ee 03 shr $0x3,%r14 >> * 2a: 43 0f b6 04 2e movzbl (%r14,%r13,1),%eax <-- trapping instruction >> 2f: 84 c0 test %al,%al >> 31: 0f 85 53 02 00 00 jne 0x28a >> 37: 44 0f b6 2b movzbl (%rbx),%r13d >> 3b: bf 08 00 00 00 mov $0x8,%edi >> >> >> --- >> This report is generated by a bot. It may contain errors. >> See https://urldefense.com/v3/__https://goo.gl/tpsmEJ__;!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4Ko4o2Xm$ for more information about syzbot. >> syzbot engineers can be reached at syzkaller@...glegroups.com. >> >> syzbot will keep track of this issue. See: >> https://urldefense.com/v3/__https://goo.gl/tpsmEJ*status__;Iw!!ACWV5N9M2RV99hQ!K_RGm2D82-xIWkLzauTj3sBwaawib22UgF_b8fgxnoaxBHyflpW7ZtPngueJO7Nq3URYRRJKnpBDOWMXYm8yacLC6gvYGl89kv9Z4AUXdFJu$ for how to communicate with syzbot. >> >> If the report is already addressed, let syzbot know by replying with: >> #syz fix: exact-commit-title >> >> If you want syzbot to run the reproducer, reply with: >> #syz test: git://repo/address.git branch-or-commit-hash >> If you attach or paste a git patch, syzbot will apply it before testing. >> >> If you want to overwrite report's subsystems, reply with: >> #syz set subsystems: new-subsystem >> (See the list of subsystem names on the web dashboard) >> >> If the report is a duplicate of another one, reply with: >> #syz dup: exact-subject-of-another-report >> >> If you want to undo deduplication, reply with: >> #syz undup >
Powered by blists - more mailing lists