NULL pointer dereference in tcp_splice_read
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
A NULL pointer dereference was discovered in “tcp_splice_read”. The problem was originally found by syzbot, https:/
on Ubuntu 18.04.6 LTS with Linux 4.15.0-163-generic. It is reproduced on Ubuntu 18.04.6 LTS with Linux Ubuntu-
The bug reproducer is built from https:/
There are steps to reproduce in the Docker container:
-------
docker pull ubuntu
docker run -ti ubuntu bash
apt update
apt install gcc wget
wget https:/
gcc ./506214c97a1af
./506214c97a1af
The kernel crash contains as a result:
-------
root@2d6b356e15
BUG: unable to handle kernel NULL pointer dereference at 0000000000000041
IP: tcp_splice_
PGD 8000000133bd3067 P4D 8000000133bd3067 PUD 12e34b067 PMD 0
Oops: 0000 [#1] SMP PTI
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in: smc veth xt_conntrack ipt_MASQUERADE nf_nat_
sysimgblt aesni_intel fb_sys_fops aes_x86_64 crypto_simd glue_helper cryptd psmouse drm floppy e1000 virtio_blk pata_acpi i2c_piix4
CPU: 1 PID: 4601 Comm: 506214c97a1af18 Not tainted 4.15.0-163-generic #171-Ubuntu
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:tcp_
RSP: 0018:ffffb50cc3
RAX: 0000000000000000 RBX: ffff9079f86952c0 RCX: 0000000000010000
RDX: 0000000000000000 RSI: 00000000fffffe01 RDI: ffffffff95e523a0
RBP: ffffb50cc381fe20 R08: 0000000000000002 R09: ffffffffc096e2c0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff9079f1af7c40
R13: ffffffffffffffe3 R14: ffff9079edeebbd8 R15: 0000000000010000
FS: 0000000001a5688
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000041 CR3: 00000001309b2001 CR4: 0000000000360ee0
Call Trace:
smc_splice_
sock_splice_
do_splice_
SyS_splice+
do_syscall_
entry_
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-
ProcVersionSign
Uname: Linux 4.15.0-163-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Dec 7 15:27 seq
crw-rw---- 1 root audio 116, 33 Dec 7 15:27 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay': 'aplay'
ApportVersion: 2.20.9-0ubuntu7.27
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord': 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
Date: Tue Dec 7 15:28:46 2021
InstallationDate: Installed on 2021-11-29 (7 days ago)
InstallationMedia: Ubuntu-Server 18.04.6 LTS "Bionic Beaver" - Release amd64 (20210915)
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig': 'iwconfig'
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:
ProcEnviron:
TERM=vt220
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 bochsdrmfb
ProcKernelCmdLine: BOOT_IMAGE=
RelatedPackageV
linux-
linux-
linux-firmware 1.173.20
RfKill: Error: [Errno 2] No such file or directory: 'rfkill': 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: 1.13.0-1ubuntu1.1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.
dmi.modalias: dmi:bvnSeaBIOS:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.
dmi.sys.vendor: QEMU
information type: | Private Security → Public Security |
This change was made by a bot.