syzbot


general protection fault in dst_dev_put (2)

Status: fixed on 2019/07/10 21:40
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+9d4c12bfd45a58738d0a@syzkaller.appspotmail.com
Fix commit: c3bcde026684 tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
First crash: 2037d, last: 1833d
Cause bisection: introduced by (bisect log) :
commit 52dfae5c85a4c1078e9f1d5e8947d4a25f73dd81
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 22 19:42:52 2018 +0000

  tipc: obtain node identity from interface by default

Crash: inconsistent lock state in rhashtable_walk_enter (log)
Repro: C syz .config
  
Discussions (7)
Title Replies (including bot) Last reply
[PATCH 4.14 00/43] 4.14.132-stable review 57 (57) 2019/08/03 07:11
[PATCH 4.9 000/102] 4.9.185-stable review 108 (108) 2019/07/10 06:11
[PATCH 4.19 00/72] 4.19.57-stable review 84 (84) 2019/07/04 05:29
[PATCH 5.1 00/55] 5.1.16-stable review 69 (69) 2019/07/04 05:27
[PATCH net 0/3] net: fix quite a few dst_cache crashes reported by syzbot 5 (5) 2019/06/19 00:49
general protection fault in fib6_purge_rt 7 (10) 2019/03/21 13:55
general protection fault in dst_dev_put (2) 2 (4) 2019/03/20 16:36
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in dst_dev_put (6) net 40 866d 1272d 0/27 auto-closed as invalid on 2022/06/10 11:20
linux-4.19 general protection fault in dst_dev_put 1 573d 573d 0/1 auto-obsoleted due to no activity on 2023/03/30 13:18
linux-4.14 general protection fault in dst_dev_put 1 501d 501d 0/1 upstream: reported on 2023/02/09 17:01
upstream general protection fault in dst_dev_put (5) net 4 1368d 1393d 0/27 auto-closed as invalid on 2020/12/25 06:24
upstream general protection fault in dst_dev_put (4) net 1 1513d 1513d 0/27 closed as invalid on 2020/05/28 16:43
upstream general protection fault in dst_dev_put (3) net 1 1714d 1714d 0/27 auto-closed as invalid on 2020/01/14 01:13
upstream general protection fault in dst_dev_put net 1 2384d 2380d 0/27 closed as invalid on 2018/02/13 19:55

Sample crash report:
Own node identity ac1414aa, cluster identity 4711
New replicast peer: 172.20.20.187
Enabled bearer <udp:syz1>, priority 10
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.0.0-rc5+ #62
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dst_dev_put+0x24/0x290 net/core/dst.c:168
Code: ff ff 90 90 90 90 55 48 89 e5 41 56 41 55 41 54 53 48 89 fb e8 ed 8a fa fb 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 8d 7b 3a 4c 8b 23 48 b8 00 00 00
RSP: 0018:ffff8880ae907d70 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 00000000000001f8 RCX: 1ffffffff12b94c7
RDX: 000000000000003f RSI: ffffffff85755033 RDI: 00000000000001f8
RBP: ffff8880ae907d90 R08: ffff8880a989c340 R09: ffff8880a989cbe0
R10: ffff8880a989cbc0 R11: 0000000000000001 R12: 0000000000000001
R13: 0000607f5142cc78 R14: dffffc0000000000 R15: 0000607f5142cc78
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006e0000 CR3: 000000008ed01000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 rt_fibinfo_free_cpus net/ipv4/fib_semantics.c:200 [inline]
 free_fib_info_rcu+0x2f4/0x4a0 net/ipv4/fib_semantics.c:217
 __rcu_reclaim kernel/rcu/rcu.h:240 [inline]
 rcu_do_batch kernel/rcu/tree.c:2452 [inline]
 invoke_rcu_callbacks kernel/rcu/tree.c:2773 [inline]
 rcu_process_callbacks+0x928/0x1390 kernel/rcu/tree.c:2754
 __do_softirq+0x266/0x95a kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
 </IRQ>
RIP: 0010:native_safe_halt+0x2/0x10 arch/x86/include/asm/irqflags.h:58
Code: ff ff ff 48 89 c7 48 89 45 d8 e8 a9 1c a4 fa 48 8b 45 d8 e9 ce fe ff ff 48 89 df e8 98 1c a4 fa eb 82 90 90 90 90 90 90 fb f4 <c3> 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 f4 c3 90 90 90 90 90 90
RSP: 0018:ffff8880a98afd78 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff1125041 RBX: ffff8880a989c340 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffff8880a989cbbc
RBP: ffff8880a98afda8 R08: ffff8880a989c340 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: ffffffff889281f8 R14: 0000000000000001 R15: 0000000000000000
 arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:555
 default_idle_call+0x36/0x90 kernel/sched/idle.c:93
 cpuidle_idle_call kernel/sched/idle.c:153 [inline]
 do_idle+0x386/0x570 kernel/sched/idle.c:262
 cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:353
 start_secondary+0x404/0x5c0 arch/x86/kernel/smpboot.c:271
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243
Modules linked in:
---[ end trace 77cdfe7677dc9ec3 ]---
RIP: 0010:dst_dev_put+0x24/0x290 net/core/dst.c:168
Code: ff ff 90 90 90 90 55 48 89 e5 41 56 41 55 41 54 53 48 89 fb e8 ed 8a fa fb 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 e3 01 00 00 48 8d 7b 3a 4c 8b 23 48 b8 00 00 00
RSP: 0018:ffff8880ae907d70 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 00000000000001f8 RCX: 1ffffffff12b94c7
RDX: 000000000000003f RSI: ffffffff85755033 RDI: 00000000000001f8
RBP: ffff8880ae907d90 R08: ffff8880a989c340 R09: ffff8880a989cbe0
R10: ffff8880a989cbc0 R11: 0000000000000001 R12: 0000000000000001
R13: 0000607f5142cc78 R14: dffffc0000000000 R15: 0000607f5142cc78
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006e0000 CR3: 000000008ed01000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (442):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/02/08 22:17 upstream 74e96711e337 fa6c7b70 .config console log report syz C ci-upstream-kasan-gce
2019/01/29 12:48 upstream 4aa9fc2a435a aa432daf .config console log report syz C ci-upstream-kasan-gce
2018/12/11 22:12 upstream f5d582777bcb 7795ae03 .config console log report syz C ci-upstream-kasan-gce
2018/12/11 20:03 upstream f5d582777bcb 7795ae03 .config console log report syz C ci-upstream-kasan-gce-386
2018/12/11 15:17 net-old 290974d43478 7795ae03 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/05/02 10:15 upstream 459e3a21535a 7516d9fa .config console log report ci-upstream-kasan-gce
2019/04/25 06:50 upstream cd8dead0c394 8e3c52b1 .config console log report ci-upstream-kasan-gce-selinux-root
2019/04/13 17:36 upstream 6d0a598489ca c402d8f1 .config console log report ci-upstream-kasan-gce-root
2019/03/31 00:58 upstream 922c010cf236 0c624d4d .config console log report ci-upstream-kasan-gce-smack-root
2019/06/06 22:45 upstream 01047631df81 698773cb .config console log report ci-upstream-kasan-gce-386
2019/06/19 04:22 net-old 29f785ff76b6 e3f76baa .config console log report ci-upstream-net-this-kasan-gce
2019/06/18 18:56 net-old 29f785ff76b6 e3f76baa .config console log report ci-upstream-net-this-kasan-gce
2019/06/18 06:54 net-old 6be8e297f9bc 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/18 02:49 net-old 6be8e297f9bc 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/17 01:55 net-old d4d5d8e83c96 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/16 08:56 net-old ef7bfa84725d 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/16 07:31 net-old ef7bfa84725d 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/15 01:18 net-old 385097a36757 442206d7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/14 04:24 net-old b8003cef2e63 a139f92f .config console log report ci-upstream-net-this-kasan-gce
2019/06/14 02:33 net-old b8003cef2e63 a139f92f .config console log report ci-upstream-net-this-kasan-gce
2019/06/13 15:47 net-old b8003cef2e63 3f4e812b .config console log report ci-upstream-net-this-kasan-gce
2019/06/13 02:36 net-old ec66854c832c 794a1ad7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/12 10:18 net-old 93c65f83f25b 794a1ad7 .config console log report ci-upstream-net-this-kasan-gce
2019/06/12 03:55 net-old 93c65f83f25b ea2f4006 .config console log report ci-upstream-net-this-kasan-gce
2019/06/09 18:30 net-old 38e406f600a2 0159583c .config console log report ci-upstream-net-this-kasan-gce
2019/06/09 15:17 net-old 38e406f600a2 0159583c .config console log report ci-upstream-net-this-kasan-gce
2019/06/08 13:01 net-old 38e406f600a2 cf9c3a50 .config console log report ci-upstream-net-this-kasan-gce
2019/06/16 04:13 net-next-old 930cfe0f129d 442206d7 .config console log report ci-upstream-net-kasan-gce
2019/06/16 03:08 net-next-old 930cfe0f129d 442206d7 .config console log report ci-upstream-net-kasan-gce
2019/06/15 23:15 net-next-old 930cfe0f129d 442206d7 .config console log report ci-upstream-net-kasan-gce
2019/06/15 20:15 net-next-old 877cd9ffbc9c 442206d7 .config console log report ci-upstream-net-kasan-gce
2019/06/15 18:11 net-next-old 877cd9ffbc9c 442206d7 .config console log report ci-upstream-net-kasan-gce
2019/06/14 06:18 net-next-old 514fcaac371e 998ccc76 .config console log report ci-upstream-net-kasan-gce
2019/06/13 09:52 net-next-old a842fe1425cb 3f4e812b .config console log report ci-upstream-net-kasan-gce
2019/06/13 00:57 net-next-old 7a096d579e8e 794a1ad7 .config console log report ci-upstream-net-kasan-gce
2019/06/12 17:32 net-next-old 7a096d579e8e 794a1ad7 .config console log report ci-upstream-net-kasan-gce
2019/06/12 07:46 net-next-old 758a0a4d60ab ea2f4006 .config console log report ci-upstream-net-kasan-gce
2019/06/11 17:13 net-next-old 48debfd736d5 5b5826d0 .config console log report ci-upstream-net-kasan-gce
2019/06/11 07:13 net-next-old 48debfd736d5 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/11 04:47 net-next-old a248384e6420 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/10 17:56 net-next-old a248384e6420 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/10 10:16 net-next-old ad3a9ee0b623 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/10 04:59 net-next-old 900d96e418dc 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/10 00:28 net-next-old 900d96e418dc 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/09 20:53 net-next-old 900d96e418dc 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/09 12:39 net-next-old 8d94a8733c94 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/09 08:17 net-next-old 8d94a8733c94 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/09 05:34 net-next-old 8d94a8733c94 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/09 02:24 net-next-old 8d94a8733c94 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/08 22:08 net-next-old a6cdeeb16bff 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/08 19:18 net-next-old a6cdeeb16bff 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/08 14:10 net-next-old a6cdeeb16bff 0159583c .config console log report ci-upstream-net-kasan-gce
2019/06/08 11:13 net-next-old a6cdeeb16bff cf9c3a50 .config console log report ci-upstream-net-kasan-gce
2019/06/04 15:36 bpf-next 6685699e4ef5 e41a20c5 .config console log report ci-upstream-bpf-next-kasan-gce
2019/04/21 07:35 linux-next 3f018f4a019a b0e8efcb .config console log report ci-upstream-linux-next-kasan-gce-root
2018/11/27 13:50 linux-next 442b8cea2477 4b6d14f2 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.