syzbot

 sign-in | mailing list | source | docs
🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in llc_ui_bind

Status: upstream: reported C repro on 2022/03/28 09:51
Reported-by: syzbot+d71f70b2ad08d37dee4c@syzkaller.appspotmail.com
First crash: 749d, last: 607d
Fix bisection the fix commit could be any of (bisect log):
  af1af6ebca0e Linux 4.14.274
  5df8b4735177 Linux 4.14.293
   
Fix bisection attempts (5)
Created Duration User Patch Repo Result
2022/09/17 05:35 19m bisect fix linux-4.14.y job log (2)
2022/08/18 03:30 29m bisect fix linux-4.14.y job log (0) log
2022/07/19 03:03 26m bisect fix linux-4.14.y job log (0) log
2022/06/19 02:26 21m bisect fix linux-4.14.y job log (0) log
2022/05/20 01:57 29m bisect fix linux-4.14.y job log (0) log

Sample crash report:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7951 Comm: syz-executor102 Not tainted 4.14.274-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888097ecc4c0 task.stack: ffff8880b3ae8000
RIP: 0010:dev_put include/linux/netdevice.h:3381 [inline]
RIP: 0010:llc_ui_bind+0x5ba/0xa40 net/llc/af_llc.c:427
RSP: 0018:ffff8880b3aefd40 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffffffff127a4bc
RDX: 00000000000000a8 RSI: ffff888097eccd48 RDI: 0000000000000540
RBP: ffff8880b3aefe30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000001 R12: ffff8880947f0ac0
R13: 1ffff1101675dfab R14: 0000000000000000 R15: 00000000ffffffea
FS:  00005555563a6300(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f843e849018 CR3: 00000000ab60c000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 SYSC_bind net/socket.c:1489 [inline]
 SyS_bind+0x174/0x1f0 net/socket.c:1475
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f3de773cfa9
RSP: 002b:00007fff38e8a1a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3de773cfa9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007f3de7700f90 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3de7701020
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Code: 4e 04 0f 88 8f 29 51 01 0f 84 b3 01 00 00 e8 1e 8f 84 fb 48 8d bb 40 05 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 0a 04 00 00 4c 89 e7 48 8b 83 40 05 00 00 65 
RIP: dev_put include/linux/netdevice.h:3381 [inline] RSP: ffff8880b3aefd40
RIP: llc_ui_bind+0x5ba/0xa40 net/llc/af_llc.c:427 RSP: ffff8880b3aefd40
---[ end trace 50fe0e8df312a5ed ]---
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	0f 88 8f 29 51 01    	js     0x1512995
   6:	0f 84 b3 01 00 00    	je     0x1bf
   c:	e8 1e 8f 84 fb       	callq  0xfb848f2f
  11:	48 8d bb 40 05 00 00 	lea    0x540(%rbx),%rdi
  18:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1f:	fc ff df
  22:	48 89 fa             	mov    %rdi,%rdx
  25:	48 c1 ea 03          	shr    $0x3,%rdx
* 29:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2d:	0f 85 0a 04 00 00    	jne    0x43d
  33:	4c 89 e7             	mov    %r12,%rdi
  36:	48 8b 83 40 05 00 00 	mov    0x540(%rbx),%rax
  3d:	65                   	gs

Crashes (1122):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/03/28 18:47 linux-4.14.y af1af6ebca0e 89bc8608 .config console log report syz C ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/20 01:05 linux-4.14.y 74766a973637 33fc6ed6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/20 00:30 linux-4.14.y 74766a973637 33fc6ed6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 21:52 linux-4.14.y 74766a973637 33fc6ed6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 20:45 linux-4.14.y 74766a973637 33fc6ed6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 09:42 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 08:59 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 07:08 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 06:06 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 05:00 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 03:11 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/19 01:03 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 21:47 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 20:23 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 19:01 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 16:49 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 15:37 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 14:36 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 13:27 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 12:24 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 11:16 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 10:14 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 08:15 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 07:17 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 06:17 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 03:48 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/18 02:15 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 23:53 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 22:15 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 21:15 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 18:05 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 16:24 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 15:22 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 13:44 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 12:33 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 12:09 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 09:58 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 08:56 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 07:32 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 07:31 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 04:37 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 03:33 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/04/17 00:53 linux-4.14.y 74766a973637 8bcc32a6 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
2022/03/28 09:50 linux-4.14.y af1af6ebca0e 89bc8608 .config console log report info ci2-linux-4-14 general protection fault in llc_ui_bind
* Struck through repros no longer work on HEAD.