syzbot

 sign-in | mailing list | source | docs
🐞 Open [969] Subsystems 🐞 Fixed [4558] 🐞 Invalid [10510] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in hidraw_release

Status: upstream: reported C repro on 2022/01/04 07:49
Labels: input (incorrect?)
Reported-by: syzbot+953a33deaf38c66a915e@syzkaller.appspotmail.com
First crash: 518d, last: 3d22h

Cause bisection: introduced by (bisect log) :
commit e4b8954074f6d0db01c8c97d338a67f9389c042f
Author: Eric Dumazet <edumazet@google.com>
Date: Tue Dec 7 01:30:37 2021 +0000

  netlink: add net device refcount tracker to struct ethnl_req_info

Crash: WARNING in free_netdev (log)
Repro: C syz .config
Discussions (6)
Title Replies (including bot) Last reply
[syzbot] Monthly input report (May 2023) 0 (1) 2023/05/05 21:40
[syzbot] Monthly input report 0 (1) 2023/04/04 14:19
Re: [syzbot] general protection fault in hidraw_release 1 (1) 2022/03/23 16:23
Re: [syzbot] general protection fault in hidraw_release 1 (1) 2022/02/03 09:05
Re: [syzbot] general protection fault in hidraw_release 1 (1) 2022/02/03 06:09
[syzbot] general protection fault in hidraw_release 0 (3) 2022/02/02 10:17
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-6-1 KASAN: null-ptr-deref Write in hidraw_release 1 9d02h 9d01h 0/2 premoderation: reported on 2023/05/24 14:21
Last patch testing requests (2)
Created Duration User Patch Repo Result
2022/02/04 05:47 11m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ 9f7fb8de5d9b OK
2022/02/03 10:22 11m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ 9f7fb8de5d9b report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2022/06/13 15:30 26m bisect fix upstream job log (0) log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]
CPU: 1 PID: 6394 Comm: syz-executor250 Not tainted 6.2.0-syzkaller-08237-ga5c95ca18a98 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
RIP: 0010:__lock_acquire+0xd80/0x5d40 kernel/locking/lockdep.c:4926
Code: 53 0f 41 be 01 00 00 00 0f 86 8e 00 00 00 89 05 a6 9e 53 0f e9 83 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c5 32 00 00 48 81 3b a0 66 0f 90 0f 84 52 f3 ff
RSP: 0018:ffffc9000587faf0 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000088 RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88802cfd6200 R14: 0000000000000000 R15: 0000000000000001
FS:  00005555561e3400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555561e46e8 CR3: 000000002286f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5669 [inline]
 lock_acquire+0x1e3/0x670 kernel/locking/lockdep.c:5634
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162
 hidraw_release+0xcd/0x4c0 drivers/hid/hidraw.c:352
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 ptrace_notify+0x118/0x140 kernel/signal.c:2354
 ptrace_report_syscall include/linux/ptrace.h:411 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]
 syscall_exit_work kernel/entry/common.c:251 [inline]
 syscall_exit_to_user_mode_prepare+0x129/0x290 kernel/entry/common.c:278
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0xd/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5253c9a1cb
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44
RSP: 002b:00007ffdffc69630 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f5253c9a1cb
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000004
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffdffc69690 R11: 0000000000000293 R12: 0000000000016532
R13: 00007f5253d623ec R14: 00007ffdffc69690 R15: 00007f5253d623e0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xd80/0x5d40 kernel/locking/lockdep.c:4926
Code: 53 0f 41 be 01 00 00 00 0f 86 8e 00 00 00 89 05 a6 9e 53 0f e9 83 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c5 32 00 00 48 81 3b a0 66 0f 90 0f 84 52 f3 ff
RSP: 0018:ffffc9000587faf0 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000088 RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88802cfd6200 R14: 0000000000000000 R15: 0000000000000001
FS:  00005555561e3400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555561e46e8 CR3: 000000002286f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	53                   	push   %rbx
   1:	0f 41 be 01 00 00 00 	cmovno 0x1(%rsi),%edi
   8:	0f 86 8e 00 00 00    	jbe    0x9c
   e:	89 05 a6 9e 53 0f    	mov    %eax,0xf539ea6(%rip)        # 0xf539eba
  14:	e9 83 00 00 00       	jmpq   0x9c
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 da             	mov    %rbx,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 c5 32 00 00    	jne    0x32f9
  34:	48 81 3b a0 66 0f 90 	cmpq   $0xffffffff900f66a0,(%rbx)
  3b:	0f                   	.byte 0xf
  3c:	84 52 f3             	test   %dl,-0xd(%rdx)
  3f:	ff                   	.byte 0xff

Crashes (92):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Manager Title
2023/02/24 06:40 upstream a5c95ca18a98 9e2ebb3c .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in hidraw_release
2022/06/22 08:10 upstream ca1fdab7fd27 0fc5c330 .config strace log report syz C ci-upstream-kasan-gce-smack-root general protection fault in hidraw_release
2022/10/11 10:38 upstream 55be6084c8e0 2b253ced .config console log report syz C [disk image] [vmlinux] ci-upstream-kasan-gce-386 general protection fault in hidraw_release
2022/02/02 11:36 upstream 9f7fb8de5d9b 4ebb2798 .config console log report syz C ci-upstream-kasan-gce-386 general protection fault in hidraw_release
2022/02/02 13:33 upstream 9f7fb8de5d9b 4ebb2798 .config console log report syz C ci-upstream-kasan-gce KASAN: use-after-free Read in hidraw_release
2022/02/02 07:18 upstream 9f7fb8de5d9b 4ebb2798 .config console log report syz C ci-upstream-kasan-gce-selinux-root KASAN: use-after-free Read in hidraw_release
2023/01/04 05:15 upstream 69b41ac87e4a 1dac8c7a .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hidraw_release
2022/05/12 01:03 upstream feb9c5e19e91 beb0b407 .config console log report syz ci-upstream-kasan-gce-root general protection fault in hidraw_release
2022/10/11 09:24 linux-next aaa11ce2ffc8 2b253ced .config console log report syz [disk image] [vmlinux] ci-upstream-linux-next-kasan-gce-root general protection fault in hidraw_release
2023/05/29 17:55 upstream 8b817fded42d cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hidraw_release
2023/05/28 13:52 upstream 416839029e38 cf184559 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in hidraw_release
2023/05/21 01:18 upstream 0dd2a6fb1e34 4bce1a3e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/05/16 11:11 upstream f1fcbaa18b28 71b00cfb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/05/13 19:51 upstream d4d58949a6ea 2b9ba477 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hidraw_release
2023/04/20 02:20 upstream 789b4a41c247 a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/04/18 06:33 upstream 6a8f57ae2eb0 436577a9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/04/13 14:02 upstream de4664485abb 3cfcaa1b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/04/13 03:44 upstream 0bcc40255504 82d5e53e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/03/27 02:56 upstream 0ec57cfa721f fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/03/26 12:54 upstream da8e7da11e4b fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hidraw_release
2023/03/18 07:22 upstream 8d3c682a5e3d 7939252e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hidraw_release
2023/02/18 03:54 upstream dbeed98d89ea 3e7039f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in hidraw_release
2023/02/08 03:56 upstream 513c1a3d3f19 15c3d445 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/02/07 17:30 upstream 05ecb680708a 15c3d445 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/01/18 18:47 upstream c1649ec55708 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2022/12/21 00:49 upstream b6bb9676f216 d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hidraw_release
2022/12/20 06:14 upstream 6feb57c2fd7c c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2022/12/10 11:17 upstream 3ecc37918c80 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in hidraw_release
2022/11/12 13:29 upstream f5020a08b2b3 3ead01ad .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in hidraw_release
2022/11/03 09:54 upstream b229b6ca5abb 7a2ebf95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in hidraw_release
2022/10/25 04:57 upstream 247f34f7b803 ff2fe65d .config console log report info [disk image] [vmlinux] ci-upstream-kasan-gce general protection fault in hidraw_release
2023/05/19 03:04 upstream 2d1bcbc6cd70 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in hidraw_release
2023/04/28 23:19 upstream 22b8cc3e78f5 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in hidraw_release
2023/04/20 08:25 upstream 789b4a41c247 a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in hidraw_release
2023/04/06 13:58 upstream 99ddf2254feb 08707520 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in hidraw_release
2022/12/12 07:39 upstream 830b3c68c1fb 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in hidraw_release
2023/05/18 13:16 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a4422ff22142 3bb7af1d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/05/15 12:19 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a4422ff22142 c4d362e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/05/12 02:18 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 986866c3dfb0 adb9a3cd .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/05/06 21:09 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 33afd4b76393 90c93c40 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/05/02 23:45 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 33afd4b76393 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/05/02 04:03 linux-next 92e815cf07ed 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hidraw_release
2023/04/23 00:21 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8f40fc080813 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/04/21 20:54 linux-next d3e1ee0e67e7 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hidraw_release
2023/04/20 04:59 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ced7c981f382 a219f34e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/04/17 15:54 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8e86652e3e71 c6ec7083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/04/17 08:41 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8e86652e3e71 c6ec7083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/04/12 08:01 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 8e86652e3e71 1a1596b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/03/28 18:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 97318d6427f6 fc067f05 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/03/27 15:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 97318d6427f6 f8f96aa9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/02/08 14:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 88e054e8df1d fc9c934e .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/01/31 05:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c52c9acc415e b68fb8d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/01/25 05:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9e6f4c8b880b 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/01/21 06:33 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing dd2f003e4e85 cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-usb general protection fault in hidraw_release
2023/01/09 09:52 linux-next 543b9b2fe10b 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hidraw_release
2022/12/24 00:03 linux-next e45fb347b630 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hidraw_release
2022/12/13 16:11 linux-next 39ab32797f07 e660de91 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in hidraw_release
2021/12/31 03:40 linux-next ea586a076e8a 36bd2e48 .config console log report info ci-upstream-linux-next-kasan-gce-root general protection fault in hidraw_release
2022/04/05 06:02 upstream 312310928417 5915c2cb .config console log report info ci-upstream-kasan-gce-selinux-root KASAN: use-after-free Read in hidraw_release
* Struck through repros no longer work on HEAD.