syzbot


general protection fault in process_one_work

Status: fixed on 2019/11/23 02:56
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+9ed8f68ab30761f3678e@syzkaller.appspotmail.com
Fix commit: 6d6f0383b697 netdevsim: Fix use-after-free during device dismantle
First crash: 1868d, last: 1865d
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net] netdevsim: Fix use-after-free during device dismantle 3 (3) 2019/10/31 19:36
general protection fault in process_one_work 4 (5) 2019/10/31 16:25
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: kernel-infoleak in copyout (2) net C 6723 547d 1716d 22/28 fixed on 2023/06/08 14:41
upstream general protection fault in process_one_work (2) kernel 1 1236d 1232d 0/28 auto-closed as invalid on 2021/09/17 12:34

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
bridge0: port 1(bridge_slave_0) entered blocking state
bridge0: port 1(bridge_slave_0) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8773 Comm: kworker/1:4 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:nsim_dev_trap_report_work+0xc4/0xaf0 drivers/net/netdevsim/dev.c:409
Code: 89 45 d0 0f 84 8b 07 00 00 49 bc 00 00 00 00 00 fc ff df e8 7e 02 ef fc 48 8b 45 d0 48 05 68 01 00 00 48 89 45 90 48 c1 e8 03 <42> 80 3c 20 00 0f 85 b1 09 00 00 48 8b 45 d0 48 8b 98 68 01 00 00
RSP: 0018:ffff88806d42fc90 EFLAGS: 00010a06
RAX: 1bd5a0000000004d RBX: 0000000000000000 RCX: ffffffff84841992
RDX: 0000000000000000 RSI: ffffffff84841922 RDI: 0000000000000001
RBP: ffff88806d42fd30 R08: ffff88806d4242c0 R09: ffffed100dad5809
R10: ffffed100dad5808 R11: ffff88806d6ac047 R12: dffffc0000000000
R13: ffff88806d6ac040 R14: ffff8880a84fdc00 R15: ffff8880ae934500
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c42506b000 CR3: 0000000069f37000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 process_one_work+0x9af/0x1740 kernel/workqueue.c:2269
 worker_thread+0x98/0xe40 kernel/workqueue.c:2415
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace 332f32baf0600823 ]---
RIP: 0010:nsim_dev_trap_report_work+0xc4/0xaf0 drivers/net/netdevsim/dev.c:409
Code: 89 45 d0 0f 84 8b 07 00 00 49 bc 00 00 00 00 00 fc ff df e8 7e 02 ef fc 48 8b 45 d0 48 05 68 01 00 00 48 89 45 90 48 c1 e8 03 <42> 80 3c 20 00 0f 85 b1 09 00 00 48 8b 45 d0 48 8b 98 68 01 00 00
RSP: 0018:ffff88806d42fc90 EFLAGS: 00010a06
RAX: 1bd5a0000000004d RBX: 0000000000000000 RCX: ffffffff84841992
RDX: 0000000000000000 RSI: ffffffff84841922 RDI: 0000000000000001
RBP: ffff88806d42fd30 R08: ffff88806d4242c0 R09: ffffed100dad5809
R10: ffffed100dad5808 R11: ffff88806d6ac047 R12: dffffc0000000000
R13: ffff88806d6ac040 R14: ffff8880a84fdc00 R15: ffff8880ae934500
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c42506b000 CR3: 0000000069f37000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/29 08:33 bpf-next d3a3aa0c59e8 5ea87a66 .config console log report ci-upstream-bpf-next-kasan-gce
2019/10/25 23:37 bpf-next 382072916044 c2e837da .config console log report ci-upstream-bpf-next-kasan-gce
* Struck through repros no longer work on HEAD.