lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <2962f9c2-e69d-f2cf-fa34-f68f00abbfd9@linux.ibm.com>
Date:   Thu, 11 Jul 2019 12:17:16 +0200
From:   Karsten Graul <kgraul@...ux.ibm.com>
To:     syzbot <syzbot+2e9616288940d15a6476@...kaller.appspotmail.com>,
        davem@...emloft.net, Ursula Braun <ubraun@...ux.ibm.com>,
        netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: general protection fault in inet_accept

#syz fix: net/smc: propagate file from SMC to TCP socket

On 11/07/2018 21:57, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    0026129c8629 rhashtable: add restart routine in rhashtable..
> git tree:       net
> console output: https://syzkaller.appspot.com/x/log.txt?x=10ed430c400000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=b88de6eac8694da6
> dashboard link: https://syzkaller.appspot.com/bug?extid=2e9616288940d15a6476
> compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
> 
> Unfortunately, I don't have any reproducer for this crash yet.
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+2e9616288940d15a6476@...kaller.appspotmail.com
> 
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] SMP KASAN
> CPU: 1 PID: 27 Comm: kworker/1:1 Not tainted 4.18.0-rc3+ #5
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Workqueue: events smc_tcp_listen_work
> RIP: 0010:inet_accept+0xf2/0x9f0 net/ipv4/af_inet.c:734
> Code: 84 d2 74 09 80 fa 03 0f 8e 93 07 00 00 48 8d 78 28 41 c7 46 80 ea ff ff ff 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 94 07 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b
> RSP: 0018:ffff8801d94574b0 EFLAGS: 00010206
> RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000005
> RDX: dffffc0000000000 RSI: ffffffff86751b46 RDI: 0000000000000028
> RBP: ffff8801d9457598 R08: ffff8801d9448700 R09: ffffed00367a0f6f
> R10: ffffed00367a0f6f R11: ffff8801b3d07b7b R12: ffff8801b3d07ac0
> R13: ffff8801d94574f0 R14: ffff8801d9457570 R15: 0000000000000000
> FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000001b30220000 CR3: 00000001d711f000 CR4: 00000000001406e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  kernel_accept+0x136/0x310 net/socket.c:3251
>  smc_clcsock_accept net/smc/af_smc.c:701 [inline]
>  smc_tcp_listen_work+0x222/0xef0 net/smc/af_smc.c:1114
>  process_one_work+0xc73/0x1ba0 kernel/workqueue.c:2153
>  worker_thread+0x189/0x13c0 kernel/workqueue.c:2296
>  kthread+0x345/0x410 kernel/kthread.c:240
>  ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
> Modules linked in:
> Dumping ftrace buffer:
>    (ftrace buffer empty)
> ---[ end trace 0d34e5471cc130cb ]---
> RIP: 0010:inet_accept+0xf2/0x9f0 net/ipv4/af_inet.c:734
> Code: 84 d2 74 09 80 fa 03 0f 8e 93 07 00 00 48 8d 78 28 41 c7 46 80 ea ff ff ff 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 94 07 00 00 48 b9 00 00 00 00 00 fc ff df 48 8b
> RSP: 0018:ffff8801d94574b0 EFLAGS: 00010206
> RAX: 0000000000000000 RBX: dffffc0000000000 RCX: 0000000000000005
> RDX: dffffc0000000000 RSI: ffffffff86751b46 RDI: 0000000000000028
> RBP: ffff8801d9457598 R08: ffff8801d9448700 R09: ffffed00367a0f6f
> R10: ffffed00367a0f6f R11: ffff8801b3d07b7b R12: ffff8801b3d07ac0
> R13: ffff8801d94574f0 R14: ffff8801d9457570 R15: 0000000000000000
> FS:  0000000000000000(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000001b30220000 CR3: 0000000008e6a000 CR4: 00000000001406e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> 
> 
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
> 
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot.
> 
> 
> 

-- 
Karsten

(I'm a dude)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ