lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 11 Jul 2018 12:49:03 -0700
From:   syzbot <syzbot+e3132895630f957306bc@...kaller.appspotmail.com>
To:     davem@...emloft.net, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: general protection fault in kernel_accept

Hello,

syzbot found the following crash on:

HEAD commit:    0026129c8629 rhashtable: add restart routine in rhashtable..
git tree:       net
console output: https://syzkaller.appspot.com/x/log.txt?x=105660c8400000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b88de6eac8694da6
dashboard link: https://syzkaller.appspot.com/bug?extid=e3132895630f957306bc
compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16f58ac2400000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11023efc400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+e3132895630f957306bc@...kaller.appspotmail.com

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 7406 Comm: kworker/1:106 Not tainted 4.18.0-rc3+ #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Workqueue: events smc_tcp_listen_work
RIP: 0010:kernel_accept+0x34/0x310 net/socket.c:3243
Code: d6 41 55 49 89 fd 41 54 49 89 f4 53 48 83 ec 08 e8 21 51 8e fb 49 8d  
7d 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f  
85 4a 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b
RSP: 0018:ffff8801b6aaf5a8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801ac82d0c0 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffffffff85edbaaf RDI: 0000000000000020
RBP: ffff8801b6aaf5d8 R08: ffff8801af0fc8b8 R09: 0000000000000006
R10: ffff8801af0fc080 R11: 0000000000000000 R12: ffff8801b6aaf688
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801b6aaf708
FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cf138 CR3: 00000001abf14000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
  smc_clcsock_accept net/smc/af_smc.c:701 [inline]
  smc_tcp_listen_work+0x222/0xef0 net/smc/af_smc.c:1114
  process_one_work+0xc73/0x1ba0 kernel/workqueue.c:2153
  worker_thread+0x189/0x13c0 kernel/workqueue.c:2296
  kthread+0x345/0x410 kernel/kthread.c:240
  ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Modules linked in:
Dumping ftrace buffer:
    (ftrace buffer empty)
---[ end trace b294fcf0c2e6ce5f ]---
RIP: 0010:kernel_accept+0x34/0x310 net/socket.c:3243
Code: d6 41 55 49 89 fd 41 54 49 89 f4 53 48 83 ec 08 e8 21 51 8e fb 49 8d  
7d 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f  
85 4a 02 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b
RSP: 0018:ffff8801b6aaf5a8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8801ac82d0c0 RCX: 0000000000000000
RDX: 0000000000000004 RSI: ffffffff85edbaaf RDI: 0000000000000020
RBP: ffff8801b6aaf5d8 R08: ffff8801af0fc8b8 R09: 0000000000000006
R10: ffff8801af0fc080 R11: 0000000000000000 R12: ffff8801b6aaf688
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801b6aaf708
FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006cf138 CR3: 0000000008e6a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists