| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [net?] general protection fault in ip6_pol_route (3) | 3 (7) | 2025/02/07 12:24 |
syzbot |
sign-in | mailing list | source | docs |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] [net?] general protection fault in ip6_pol_route (3) | 3 (7) | 2025/02/07 12:24 |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KASAN: use-after-free Read in ip6_pol_route (2) net | C | done | unreliable | 9 | 1062d | 1498d | 0/28 | auto-obsoleted due to no activity on 2022/09/19 15:39 |
| upstream | general protection fault in ip6_pol_route (2) net | 15 | 275d | 282d | 0/28 | auto-obsoleted due to no activity on 2024/08/28 04:33 | |||
| upstream | general protection fault in ip6_pol_route net | 73 | 283d | 321d | 26/28 | fixed on 2024/06/18 11:11 | |||
| linux-5.15 | KASAN: use-after-free Read in ip6_pol_route | 1 | 367d | 367d | 0/3 | auto-obsoleted due to no activity on 2024/07/04 16:14 | |||
| upstream | Internal error in ip6_pol_route net | 2 | 503d | 527d | 0/28 | auto-obsoleted due to no activity on 2024/02/18 23:43 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2025/02/07 12:10 | 12m | hdanton@sina.com | patch | upstream | error |
| 2025/02/06 11:24 | 0m | hdanton@sina.com | patch | upstream | error |
| 2025/02/05 11:34 | 12m | hdanton@sina.com | patch | upstream | error |
| 2025/01/07 14:54 | 13m | retest repro | upstream | report log | |
| 2024/12/12 02:47 | 13m | retest repro | upstream | report log | |
| 2024/10/17 12:22 | 20m | edumazet@google.com | upstream | report log | |
| 2024/10/09 04:20 | 16m | retest repro | upstream | report log |
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000013: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000098-0x000000000000009f] CPU: 0 UID: 0 PID: 975 Comm: kworker/0:2 Not tainted 6.14.0-rc3-syzkaller-00096-ge9a8cac0bf89 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker RIP: 0010:rt6_get_pcpu_route net/ipv6/route.c:1411 [inline] RIP: 0010:ip6_pol_route+0x4d1/0x15d0 net/ipv6/route.c:2264 Code: 8a f7 48 8b 03 65 4c 8b 30 31 ff 4c 89 f6 e8 76 56 25 f7 4d 85 f6 0f 84 da 00 00 00 49 8d 9e 98 00 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 12 0f 00 00 44 8b 3b 31 ff 44 89 fe e8 RSP: 0018:ffffc90000006ec0 EFLAGS: 00010202 RAX: 0000000000000013 RBX: 0000000000000099 RCX: ffff88802648bc00 RDX: 0000000000000100 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc90000007010 R08: ffffffff8a9c689a R09: ffff8880325513c0 R10: dffffc0000000000 R11: fffffbfff20777cf R12: ffffc90000006f90 R13: 1ffff92000000df2 R14: 0000000000000001 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa178d704e0 CR3: 000000002a762000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> pol_lookup_func include/net/ip6_fib.h:616 [inline] fib6_rule_lookup+0x58c/0x790 net/ipv6/fib6_rules.c:119 ip6_route_input_lookup net/ipv6/route.c:2300 [inline] ip6_route_input+0x859/0xd90 net/ipv6/route.c:2596 ip6_list_rcv_finish net/ipv6/ip6_input.c:130 [inline] ip6_sublist_rcv+0x72c/0xec0 net/ipv6/ip6_input.c:319 ipv6_list_rcv+0x42d/0x480 net/ipv6/ip6_input.c:353 __netif_receive_skb_list_ptype net/core/dev.c:5871 [inline] __netif_receive_skb_list_core+0x755/0x980 net/core/dev.c:5918 __netif_receive_skb_list net/core/dev.c:5970 [inline] netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:6061 gro_normal_list include/net/gro.h:515 [inline] napi_complete_done+0x2b5/0x870 net/core/dev.c:6428 wg_packet_rx_poll+0x24ad/0x2540 drivers/net/wireguard/receive.c:488 __napi_poll+0xcb/0x490 net/core/dev.c:7106 napi_poll net/core/dev.c:7175 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:7297 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 do_softirq+0x11b/0x1e0 kernel/softirq.c:462 </IRQ> <TASK> __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:389 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline] wg_packet_decrypt_worker+0xcde/0xd80 drivers/net/wireguard/receive.c:499 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xabe/0x18e0 kernel/workqueue.c:3317 worker_thread+0x870/0xd30 kernel/workqueue.c:3398 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:rt6_get_pcpu_route net/ipv6/route.c:1411 [inline] RIP: 0010:ip6_pol_route+0x4d1/0x15d0 net/ipv6/route.c:2264 Code: 8a f7 48 8b 03 65 4c 8b 30 31 ff 4c 89 f6 e8 76 56 25 f7 4d 85 f6 0f 84 da 00 00 00 49 8d 9e 98 00 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 12 0f 00 00 44 8b 3b 31 ff 44 89 fe e8 RSP: 0018:ffffc90000006ec0 EFLAGS: 00010202 RAX: 0000000000000013 RBX: 0000000000000099 RCX: ffff88802648bc00 RDX: 0000000000000100 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffc90000007010 R08: ffffffff8a9c689a R09: ffff8880325513c0 R10: dffffc0000000000 R11: fffffbfff20777cf R12: ffffc90000006f90 R13: 1ffff92000000df2 R14: 0000000000000001 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa178d704e0 CR3: 000000002a762000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 8a f7 mov %bh,%dh 2: 48 8b 03 mov (%rbx),%rax 5: 65 4c 8b 30 mov %gs:(%rax),%r14 9: 31 ff xor %edi,%edi b: 4c 89 f6 mov %r14,%rsi e: e8 76 56 25 f7 call 0xf7255689 13: 4d 85 f6 test %r14,%r14 16: 0f 84 da 00 00 00 je 0xf6 1c: 49 8d 9e 98 00 00 00 lea 0x98(%r14),%rbx 23: 48 89 d8 mov %rbx,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 42 0f b6 04 38 movzbl (%rax,%r15,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 0f 85 12 0f 00 00 jne 0xf49 37: 44 8b 3b mov (%rbx),%r15d 3a: 31 ff xor %edi,%edi 3c: 44 89 fe mov %r15d,%esi 3f: e8 .byte 0xe8
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/02/20 22:29 | upstream | e9a8cac0bf89 | 0808a665 | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-upstream-fs | general protection fault in ip6_pol_route | ||
| 2025/03/23 00:59 | upstream | 183601b78a9b | c6512ef7 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] | ci-snapshot-upstream-root | general protection fault in ip6_pol_route | ||
| 2025/03/21 17:24 | upstream | b3ee1e460951 | 62330552 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2 (clean fs)] [mounted in repro #3 (clean fs)] | ci-snapshot-upstream-root | general protection fault in ip6_pol_route | ||
| 2025/03/21 10:11 | upstream | b3ee1e460951 | 62330552 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] | ci-snapshot-upstream-root | general protection fault in ip6_pol_route | ||
| 2025/03/13 11:40 | upstream | b7f94fcf5546 | 44be8b44 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] | ci-snapshot-upstream-root | general protection fault in ip6_pol_route | ||
| 2025/03/12 09:51 | upstream | 0b46b049d6ec | ee70e6db | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] | ci-snapshot-upstream-root | general protection fault in ip6_pol_route | ||
| 2024/11/13 17:15 | upstream | f1b785f4c787 | 4dfba277 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] | ci-snapshot-upstream-root | general protection fault in ip6_pol_route | ||
| 2024/09/25 04:13 | upstream | 68e5c7d4cefb | 349a68c4 | .config | console log | report | syz / log | [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] | ci-snapshot-upstream-root | general protection fault in ip6_pol_route | ||
| 2025/03/07 00:12 | upstream | 848e07631744 | 831e3629 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | general protection fault in ip6_pol_route | ||
| 2025/03/03 23:58 | upstream | 99fa936e8e4f | c3901742 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | general protection fault in ip6_pol_route | ||
| 2025/03/03 10:04 | upstream | 7eb172143d55 | c3901742 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | general protection fault in ip6_pol_route | ||
| 2025/02/13 11:24 | upstream | 4dc1d1bec898 | b27c2402 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | general protection fault in ip6_pol_route | ||
| 2025/01/20 11:55 | upstream | ffd294d346d1 | f2cb035c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | general protection fault in ip6_pol_route | ||
| 2024/12/24 14:41 | upstream | f07044dd0df0 | 444551c4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | general protection fault in ip6_pol_route | ||
| 2024/11/26 22:40 | upstream | 7eef7e306d3c | e9a9a9f2 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | general protection fault in ip6_pol_route | ||
| 2024/10/24 07:07 | upstream | c2ee9f594da8 | 15fa2979 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | general protection fault in ip6_pol_route | ||
| 2024/10/22 22:52 | upstream | c2ee9f594da8 | 15fa2979 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | general protection fault in ip6_pol_route | ||
| 2024/11/28 02:42 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 7b1d1d4cfac0 | 5df23865 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | BUG: unable to handle kernel paging request in ip6_pol_route |