lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 11 Jul 2018 12:49:03 -0700 From: syzbot <syzbot+e3132895630f957306bc@...kaller.appspotmail.com> To: davem@...emloft.net, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com Subject: general protection fault in kernel_accept Hello, syzbot found the following crash on: HEAD commit: 0026129c8629 rhashtable: add restart routine in rhashtable.. git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=105660c8400000 kernel config: https://syzkaller.appspot.com/x/.config?x=b88de6eac8694da6 dashboard link: https://syzkaller.appspot.com/bug?extid=e3132895630f957306bc compiler: gcc (GCC) 8.0.1 20180413 (experimental) syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16f58ac2400000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11023efc400000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+e3132895630f957306bc@...kaller.appspotmail.com kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN CPU: 1 PID: 7406 Comm: kworker/1:106 Not tainted 4.18.0-rc3+ #5 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events smc_tcp_listen_work RIP: 0010:kernel_accept+0x34/0x310 net/socket.c:3243 Code: d6 41 55 49 89 fd 41 54 49 89 f4 53 48 83 ec 08 e8 21 51 8e fb 49 8d 7d 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4a 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b RSP: 0018:ffff8801b6aaf5a8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff8801ac82d0c0 RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffffffff85edbaaf RDI: 0000000000000020 RBP: ffff8801b6aaf5d8 R08: ffff8801af0fc8b8 R09: 0000000000000006 R10: ffff8801af0fc080 R11: 0000000000000000 R12: ffff8801b6aaf688 R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801b6aaf708 FS: 0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000006cf138 CR3: 00000001abf14000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: smc_clcsock_accept net/smc/af_smc.c:701 [inline] smc_tcp_listen_work+0x222/0xef0 net/smc/af_smc.c:1114 process_one_work+0xc73/0x1ba0 kernel/workqueue.c:2153 worker_thread+0x189/0x13c0 kernel/workqueue.c:2296 kthread+0x345/0x410 kernel/kthread.c:240 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) ---[ end trace b294fcf0c2e6ce5f ]--- RIP: 0010:kernel_accept+0x34/0x310 net/socket.c:3243 Code: d6 41 55 49 89 fd 41 54 49 89 f4 53 48 83 ec 08 e8 21 51 8e fb 49 8d 7d 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 4a 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b RSP: 0018:ffff8801b6aaf5a8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: ffff8801ac82d0c0 RCX: 0000000000000000 RDX: 0000000000000004 RSI: ffffffff85edbaaf RDI: 0000000000000020 RBP: ffff8801b6aaf5d8 R08: ffff8801af0fc8b8 R09: 0000000000000006 R10: ffff8801af0fc080 R11: 0000000000000000 R12: ffff8801b6aaf688 R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801b6aaf708 FS: 0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000006cf138 CR3: 0000000008e6a000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@...glegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot. syzbot can test patches for this bug, for details see: https://goo.gl/tpsmEJ#testing-patches
Powered by blists - more mailing lists