syzbot


general protection fault in hsr_check_carrier_and_operstate

Status: upstream: reported C repro on 2020/01/08 22:43
Reported-by: syzbot+d63f588a6f64054e7d5b@syzkaller.appspotmail.com
First crash: 1618d, last: 493d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 general protection fault in hsr_check_carrier_and_operstate C error 13 522d 1618d 0/1 upstream: reported C repro on 2020/01/09 01:05
Last patch testing requests (1)
Created Duration User Patch Repo Result
2022/09/20 13:29 11m retest repro linux-4.14.y report log
Fix bisection attempts (23)
Created Duration User Patch Repo Result
2022/02/25 15:07 0m bisect fix linux-4.14.y error job log (0)
2022/01/26 14:41 25m bisect fix linux-4.14.y job log (0) log
2021/12/27 14:12 27m bisect fix linux-4.14.y job log (0) log
2021/11/27 13:05 26m bisect fix linux-4.14.y job log (0) log
2021/10/28 12:32 33m bisect fix linux-4.14.y job log (0) log
2021/09/24 00:21 31m bisect fix linux-4.14.y job log (0) log
2021/08/24 20:02 28m bisect fix linux-4.14.y job log (0) log
2021/07/25 19:28 27m bisect fix linux-4.14.y job log (0) log
2021/06/25 18:52 21m bisect fix linux-4.14.y job log (0) log
2021/05/26 18:15 32m bisect fix linux-4.14.y job log (0) log
2021/04/26 17:46 28m bisect fix linux-4.14.y job log (0) log
2021/03/27 16:38 22m bisect fix linux-4.14.y job log (0) log
2021/02/25 15:48 24m bisect fix linux-4.14.y job log (0) log
2021/01/26 15:23 24m bisect fix linux-4.14.y job log (0) log
2020/12/27 14:56 26m bisect fix linux-4.14.y job log (0) log
2020/11/27 14:20 24m bisect fix linux-4.14.y job log (0) log
2020/10/28 13:43 37m bisect fix linux-4.14.y job log (0) log
2020/09/28 13:05 38m bisect fix linux-4.14.y job log (0) log
2020/08/29 09:53 41m bisect fix linux-4.14.y job log (0) log
2020/05/14 04:55 26m bisect fix linux-4.14.y job log (0) log
2020/04/14 04:27 24m bisect fix linux-4.14.y job log (0) log
2020/03/15 04:00 26m bisect fix linux-4.14.y job log (0) log
2020/02/14 03:35 25m bisect fix linux-4.14.y job log (0) log

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
device syz_tun entered promiscuous mode
device batadv_slave_0 entered promiscuous mode
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 8209 Comm: syz-executor406 Not tainted 4.14.300-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
task: ffff8880afe58240 task.stack: ffff8880afc28000
RIP: 0010:hsr_check_carrier_and_operstate+0x3f/0x710 net/hsr/hsr_device.c:116
RSP: 0018:ffff8880afc2f0d0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880a1b585c0 RCX: 0000000000000001
RDX: 0000000000000002 RSI: 0000000000000004 RDI: ffff88809d672ca0
RBP: ffff888094b66cc0 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: ffff8880afe58240 R12: 0000000000000001
R13: ffff888094b66cc0 R14: 0000000000000000 R15: 0000000000000004
FS:  00007ff27a37d700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff27a37d718 CR3: 00000000abafe000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 hsr_netdev_notify+0x201/0x8b0 net/hsr/hsr_main.c:51
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 netdev_state_change net/core/dev.c:1314 [inline]
 netdev_state_change+0xca/0xf0 net/core/dev.c:1308
 do_setlink+0x2508/0x2bf0 net/core/rtnetlink.c:2280
 rtnl_group_changelink net/core/rtnetlink.c:2512 [inline]
 rtnl_newlink+0xc9d/0x1830 net/core/rtnetlink.c:2668
 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4322
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2454
 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
Code: 59 fa be 04 00 00 00 48 89 ef e8 0d b0 ff ff 49 89 c6 48 83 c0 10 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 67 06 00 00 48 b8 00 00 00 00 00 fc ff df 49 
RIP: hsr_check_carrier_and_operstate+0x3f/0x710 net/hsr/hsr_device.c:116 RSP: ffff8880afc2f0d0
---[ end trace a73c399d470ba580 ]---
----------------
Code disassembly (best guess):
   0:	59                   	pop    %rcx
   1:	fa                   	cli
   2:	be 04 00 00 00       	mov    $0x4,%esi
   7:	48 89 ef             	mov    %rbp,%rdi
   a:	e8 0d b0 ff ff       	callq  0xffffb01c
   f:	49 89 c6             	mov    %rax,%r14
  12:	48 83 c0 10          	add    $0x10,%rax
  16:	48 89 c2             	mov    %rax,%rdx
  19:	48 89 04 24          	mov    %rax,(%rsp)
  1d:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  24:	fc ff df
  27:	48 c1 ea 03          	shr    $0x3,%rdx
* 2b:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2f:	0f 85 67 06 00 00    	jne    0x69c
  35:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3c:	fc ff df
  3f:	49                   	rex.WB

Crashes (11):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/26 09:41 linux-4.14.y 179ef7fe8677 f4470a7b .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in hsr_check_carrier_and_operstate
2020/01/08 23:55 linux-4.14.y 84f5ad468100 ddc3e859 .config console log report syz C ci2-linux-4-14
2023/02/06 15:58 linux-4.14.y a8ad60f2af58 0a9c11b6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 general protection fault in hsr_check_carrier_and_operstate
2020/07/29 09:11 linux-4.14.y e5a54aa2d312 19a8de55 .config console log report ci2-linux-4-14
2020/07/24 16:42 linux-4.14.y 69b94dd6dcd1 554af388 .config console log report ci2-linux-4-14
2020/07/23 13:43 linux-4.14.y 69b94dd6dcd1 340ea530 .config console log report ci2-linux-4-14
2020/07/15 03:14 linux-4.14.y b850307b279c ada108d0 .config console log report ci2-linux-4-14
2020/07/06 06:05 linux-4.14.y b850307b279c 22f87567 .config console log report ci2-linux-4-14
2020/06/12 22:36 linux-4.14.y b850307b279c 3036d6fd .config console log report ci2-linux-4-14
2020/01/15 03:34 linux-4.14.y c04fc6fa5c96 fa12bd3c .config console log report ci2-linux-4-14
2020/01/08 22:42 linux-4.14.y 84f5ad468100 ddc3e859 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.