syzbot


general protection fault in send_hsr_supervision_frame

Status: fixed on 2019/08/05 13:45
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+097ef84cdc95843fbaa8@syzkaller.appspotmail.com
Fix commit: 311633b60406 hsr: switch ->dellink() to ->ndo_uninit()
First crash: 1920d, last: 1911d
Cause bisection: introduced by (bisect log) :
commit b9a1e627405d68d475a3c1f35e685ccfb5bbe668
Author: Cong Wang <xiyou.wangcong@gmail.com>
Date: Thu Jul 4 00:21:13 2019 +0000

  hsr: implement dellink to clean up resources

Crash: general protection fault in send_hsr_supervision_frame (log)
Repro: syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[Patch net] hsr: switch ->dellink() to ->ndo_uninit() 2 (2) 2019/07/11 21:38
general protection fault in send_hsr_supervision_frame 0 (1) 2019/07/08 07:17
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in send_hsr_supervision_frame (2) 1 1402d 1402d 0/1 auto-closed as invalid on 2021/04/04 18:15
linux-4.14 general protection fault in send_hsr_supervision_frame 1 1667d 1667d 0/1 auto-closed as invalid on 2020/07/13 17:14
upstream general protection fault in send_hsr_supervision_frame (2) net 4 27d 27d 0/28 closed as dup on 2024/09/11 08:34

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8964 Comm: syz-executor534 Not tainted 5.2.0-rc6+ #76
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:send_hsr_supervision_frame+0x38/0xf20 net/hsr/hsr_device.c:255
Code: 89 fd 41 54 53 48 83 ec 50 89 75 bc e8 81 d2 5c fa 49 8d 45 10 48 89 c2 48 89 45 d0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 dc 0c 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffff8880ae809c50 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff871403d7
RDX: 0000000000000002 RSI: ffffffff8713f08f RDI: 0000000000000000
RBP: ffff8880ae809cc8 R08: ffff88809b9d0080 R09: ffffed1015d06c70
R10: ffffed1015d06c6f R11: ffff8880ae83637b R12: ffff8880a0344ac0
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS:  00007f8a87f19700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8a87f18e78 CR3: 000000009d387000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 hsr_announce+0x12f/0x3b0 net/hsr/hsr_device.c:339
 call_timer_fn+0x193/0x720 kernel/time/timer.c:1322
 expire_timers kernel/time/timer.c:1366 [inline]
 __run_timers kernel/time/timer.c:1685 [inline]
 __run_timers kernel/time/timer.c:1653 [inline]
 run_timer_softirq+0x66f/0x1740 kernel/time/timer.c:1698
 __do_softirq+0x25c/0x94c kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1068
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:806
 </IRQ>
RIP: 0010:__sanitizer_cov_trace_pc+0x26/0x50 kernel/kcov.c:102
Code: 90 90 90 90 55 48 89 e5 48 8b 75 08 65 48 8b 04 25 c0 fd 01 00 65 8b 15 60 3a 91 7e 81 e2 00 01 1f 00 75 2b 8b 90 e0 12 00 00 <83> fa 02 75 20 48 8b 88 e8 12 00 00 8b 80 e4 12 00 00 48 8b 11 48
RSP: 0018:ffff88809bc9f488 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: ffff88809b9d0080 RBX: ffff88809bc9f5a0 RCX: ffff88809b9d0900
RDX: 0000000000000000 RSI: ffffffff81f41268 RDI: ffff88809b9d00a4
RBP: ffff88809bc9f488 R08: ffff88809b9d0080 R09: ffffed1015d06c70
R10: ffffed1015d06c6f R11: ffff8880ae83637b R12: ffff888091a72830
R13: 0000000000000002 R14: ffff88809a70aa40 R15: 0000000000007fff
 trace_ext4_mark_inode_dirty include/trace/events/ext4.h:249 [inline]
 ext4_mark_inode_dirty+0x118/0x940 fs/ext4/inode.c:6039
 ext4_dirty_inode+0x8f/0xc0 fs/ext4/inode.c:6079
 __mark_inode_dirty+0x915/0x1280 fs/fs-writeback.c:2161
 mark_inode_dirty_sync include/linux/fs.h:2142 [inline]
 dquot_free_space include/linux/quotaops.h:373 [inline]
 dquot_free_block include/linux/quotaops.h:383 [inline]
 ext4_mb_new_blocks+0x1cb6/0x3c10 fs/ext4/mballoc.c:4582
 ext4_ext_map_blocks+0x2b83/0x5250 fs/ext4/extents.c:4414
 ext4_map_blocks+0x8c5/0x18e0 fs/ext4/inode.c:640
 ext4_alloc_file_blocks+0x287/0xac0 fs/ext4/extents.c:4603
 ext4_fallocate+0x8ba/0x2060 fs/ext4/extents.c:4888
 vfs_fallocate+0x4aa/0xa50 fs/open.c:309
 ioctl_preallocate+0x197/0x210 fs/ioctl.c:490
 file_ioctl fs/ioctl.c:506 [inline]
 do_vfs_ioctl+0x1170/0x1380 fs/ioctl.c:696
 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
 __do_sys_ioctl fs/ioctl.c:720 [inline]
 __se_sys_ioctl fs/ioctl.c:718 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
 do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4481f9
Code: e8 3c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 06 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f8a87f18d98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000006dec38 RCX: 00000000004481f9
RDX: 0000000020000040 RSI: 0000000040305828 RDI: 0000000000000003
RBP: 00000000006dec30 R08: 00007f8a87f19700 R09: 0000000000000000
R10: 00007f8a87f19700 R11: 0000000000000246 R12: 00000000006dec3c
R13: f4a25a5f72695f65 R14: 6761000000000000 R15: 00046c7465677568
Modules linked in:
---[ end trace 1501c3d3ce428e1b ]---
RIP: 0010:send_hsr_supervision_frame+0x38/0xf20 net/hsr/hsr_device.c:255
Code: 89 fd 41 54 53 48 83 ec 50 89 75 bc e8 81 d2 5c fa 49 8d 45 10 48 89 c2 48 89 45 d0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 dc 0c 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b
RSP: 0018:ffff8880ae809c50 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff871403d7
RDX: 0000000000000002 RSI: ffffffff8713f08f RDI: 0000000000000000
RBP: ffff8880ae809cc8 R08: ffff88809b9d0080 R09: ffffed1015d06c70
R10: ffffed1015d06c6f R11: ffff8880ae83637b R12: ffff8880a0344ac0
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS:  00007f8a87f19700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8a87f18e78 CR3: 000000009d387000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1395):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/07/07 13:21 net-old 537de0c8ca2b f62e1e85 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/07/07 00:49 net-old 537de0c8ca2b f62e1e85 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/07/11 08:23 linux-next a77f5c70e3d2 ff7bf04c .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/10 22:48 linux-next a77f5c70e3d2 ff7bf04c .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/10 03:25 linux-next 4608a726c668 f62e1e85 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/07/11 01:57 net-old e858faf556d4 ff7bf04c .config console log report syz ci-upstream-net-this-kasan-gce
2019/07/06 20:49 net-old 537de0c8ca2b f62e1e85 .config console log report syz ci-upstream-net-this-kasan-gce
2019/07/10 10:22 linux-next 4608a726c668 f62e1e85 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/09 21:41 linux-next 4608a726c668 f62e1e85 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/08 20:34 linux-next d58b5ab90ee7 f62e1e85 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/08 18:10 linux-next d58b5ab90ee7 f62e1e85 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2019/07/14 09:22 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-root
2019/07/14 08:20 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-selinux-root
2019/07/14 06:06 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-selinux-root
2019/07/14 04:21 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/14 04:14 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-root
2019/07/14 02:43 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-selinux-root
2019/07/13 21:30 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-root
2019/07/13 20:50 upstream a2d79c7174ae e6fb0f13 .config console log report ci-upstream-kasan-gce-selinux-root
2019/07/13 16:14 upstream 964a4eacef67 e6fb0f13 .config console log report ci-upstream-kasan-gce-smack-root
2019/07/12 11:03 net-old a131c2bf1656 baa5258a .config console log report ci-upstream-net-this-kasan-gce
2019/07/06 08:38 net-old 537de0c8ca2b f62e1e85 .config console log report ci-upstream-net-this-kasan-gce
2019/07/15 20:39 bpf-next a131c2bf1656 139ac68a .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 19:28 bpf-next a131c2bf1656 139ac68a .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 16:11 bpf-next a131c2bf1656 139ac68a .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 14:04 bpf-next a131c2bf1656 139ac68a .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 12:51 bpf-next a131c2bf1656 139ac68a .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 12:23 bpf-next a131c2bf1656 139ac68a .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 12:09 bpf-next a131c2bf1656 a827bf70 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 11:05 bpf-next a131c2bf1656 a827bf70 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 09:33 bpf-next a131c2bf1656 a827bf70 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 07:12 bpf-next a131c2bf1656 a827bf70 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 05:24 bpf-next a131c2bf1656 a827bf70 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 03:33 bpf-next a131c2bf1656 a827bf70 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 03:11 bpf-next a131c2bf1656 a827bf70 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 02:27 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/15 01:11 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 23:53 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 22:43 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 21:42 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 19:49 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 17:51 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 17:15 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 15:22 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 15:13 bpf-next a131c2bf1656 2bbe2f05 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 14:13 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 14:04 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 12:46 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 11:43 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 11:00 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 09:39 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 07:09 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 05:30 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 01:39 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/14 00:02 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/13 23:52 net-next-old a131c2bf1656 e6fb0f13 .config console log report ci-upstream-net-kasan-gce
2019/07/13 22:40 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/13 20:41 net-next-old a131c2bf1656 e6fb0f13 .config console log report ci-upstream-net-kasan-gce
2019/07/13 19:09 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/13 18:01 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/13 16:49 net-next-old a131c2bf1656 e6fb0f13 .config console log report ci-upstream-net-kasan-gce
2019/07/13 15:00 bpf-next a131c2bf1656 e6fb0f13 .config console log report ci-upstream-bpf-next-kasan-gce
2019/07/12 01:29 linux-next 1481057642d5 baa5258a .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.