syzbot


general protection fault in ip6t_do_table

Status: fixed on 2018/02/26 20:04
Subsystems: netfilter
[Documentation on labels]
Reported-by: syzbot+e783f671527912cd9403@syzkaller.appspotmail.com
Fix commit: 57ebd808a97d netfilter: add back stackpointer size checks
First crash: 2328d, last: 2301d
Duplicate bugs (1)
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
general protection fault in ipt_do_table netfilter C 21 2300d 2312d 0/28 closed as dup on 2018/02/12 16:31
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 4.4 00/63] 4.4.122-stable review 79 (79) 2018/04/06 07:51
[PATCH 4.9 00/86] 4.9.88-stable review 97 (97) 2018/03/22 17:47
[PATCH 4.15 000/146] 4.15.10-stable review 160 (160) 2018/03/15 10:19
[PATCH 4.14 000/140] 4.14.27-stable review 150 (150) 2018/03/14 18:26
[PATCH 00/19] Netfilter fixes for net 21 (21) 2018/02/21 19:56
[PATCH nf RFC] netfilter: x_tables: only allow jumps to user-defined chains 2 (2) 2018/02/14 20:04
[PATCH nf] netfilter: add back stackpointer size checks 2 (2) 2018/02/14 19:51
general protection fault in ip6t_do_table 1 (2) 2018/01/28 21:55
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 general protection fault in ip6t_do_table 1 1427d 1427d 0/1 auto-closed as invalid on 2020/11/13 03:53
upstream general protection fault in ip6t_do_table (2) netfilter 1 1401d 1400d 0/28 auto-closed as invalid on 2020/12/09 07:53

Sample crash report:
xt_connbytes: Forcing CT accounting to be enabled
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 23 Comm: kworker/1:1 Not tainted 4.16.0-rc2+ #323
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
RIP: 0010:ip6t_do_table+0x132d/0x1a30 net/ipv6/netfilter/ip6_tables.c:355
RSP: 0018:ffff8801d9856d48 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8801b3b26f60 RCX: ffffffff84dc31c1
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8801b3b26e4e
RBP: ffff8801d9856f90 R08: 0000000000000000 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001
R13: 0000000000000000 R14: dffffc0000000000 R15: ffff8801b3b26dc0
FS:  0000000000000000(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002037c000 CR3: 0000000006a22006 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ip6table_filter_hook+0x65/0x80 net/ipv6/netfilter/ip6table_filter.c:41
 nf_hook_entry_hookfn include/linux/netfilter.h:120 [inline]
 nf_hook_slow+0xba/0x1a0 net/netfilter/core.c:483
 nf_hook.constprop.27+0x3f6/0x830 include/linux/netfilter.h:243
 NF_HOOK include/linux/netfilter.h:286 [inline]
 ndisc_send_skb+0xa51/0x1370 net/ipv6/ndisc.c:491
 ndisc_send_ns+0x38a/0x870 net/ipv6/ndisc.c:633
 addrconf_dad_work+0xb9e/0x1320 net/ipv6/addrconf.c:4008
 process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113
 worker_thread+0x223/0x1990 kernel/workqueue.c:2247
 kthread+0x33c/0x400 kernel/kthread.c:238
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:407
Code: 41 f6 87 83 00 00 00 04 75 37 e8 0f da 94 fc 8b 85 14 fe ff ff 48 8b b5 50 fe ff ff 4c 8d 2c c6 44 8d 60 01 4c 89 e8 48 c1 e8 03 <42> 80 3c 30 00 0f 85 26 03 00 00 4d 89 7d 00 44 89 a5 14 fe ff 
RIP: ip6t_do_table+0x132d/0x1a30 net/ipv6/netfilter/ip6_tables.c:355 RSP: ffff8801d9856d48
---[ end trace 0a46702840bc94bb ]---
kasan: CONFIG_KASAN_INLINE enabled
Kernel panic - not syncing: Fatal exception in interrupt
kasan: GPF could be caused by NULL-ptr deref or user memory access
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (8077):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/02/21 04:45 upstream af3e79d29555 04cbdbd1 .config console log report syz C ci-upstream-kasan-gce
2018/02/11 21:29 upstream d48fcbd864a0 4e9b726d .config console log report syz C ci-upstream-kasan-gce
2018/02/09 21:56 upstream f9f1e414128e 2b6b214c .config console log report syz C ci-upstream-kasan-gce
2018/02/06 21:48 upstream e237f98a9c13 66c15deb .config console log report syz C ci-upstream-kasan-gce
2018/02/06 19:08 upstream e237f98a9c13 66c15deb .config console log report syz C ci-upstream-kasan-gce
2018/02/06 16:25 upstream e237f98a9c13 66c15deb .config console log report syz C ci-upstream-kasan-gce
2018/01/27 18:33 upstream c4e0ca7fa241 08146b1a .config console log report syz C ci-upstream-kasan-gce
2018/01/27 18:19 upstream c4e0ca7fa241 08146b1a .config console log report syz C ci-upstream-kasan-gce
2018/02/21 04:44 net-next-old 5eeba397392a 04cbdbd1 .config console log report syz C ci-upstream-net-kasan-gce
2018/02/11 22:43 net-next-old 9a61df9e5f74 4e9b726d .config console log report syz C ci-upstream-net-kasan-gce
2018/02/09 21:02 net-next-old 617aebe6a97e 2b6b214c .config console log report syz C ci-upstream-net-kasan-gce
2018/02/07 06:55 net-next-old 617aebe6a97e 66c15deb .config console log report syz C ci-upstream-net-kasan-gce
2018/02/06 21:19 net-next-old 617aebe6a97e 66c15deb .config console log report syz C ci-upstream-net-kasan-gce
2018/02/06 18:52 net-next-old 617aebe6a97e 66c15deb .config console log report syz C ci-upstream-net-kasan-gce
2018/02/06 15:45 net-next-old 617aebe6a97e 66c15deb .config console log report syz C ci-upstream-net-kasan-gce
2018/01/28 02:40 net-next-old 6bb46bc57c8e 08146b1a .config console log report syz C ci-upstream-net-kasan-gce
2018/01/27 17:18 net-next-old 6bb46bc57c8e 08146b1a .config console log report syz C ci-upstream-net-kasan-gce
2018/02/23 07:12 upstream af3e79d29555 8d8e2494 .config console log report ci-upstream-kasan-gce
2018/02/22 04:33 upstream af3e79d29555 04cbdbd1 .config console log report ci-upstream-kasan-gce
2018/02/21 02:27 upstream af3e79d29555 04cbdbd1 .config console log report ci-upstream-kasan-gce
2018/02/19 14:50 upstream 91ab883eb213 833f78c7 .config console log report ci-upstream-kasan-gce
2018/02/14 00:20 upstream 61f14c015f5b 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/13 02:40 upstream 178e834c47b0 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/12 17:19 upstream 7928b2cbe55b 88bc17df .config console log report ci-upstream-kasan-gce
2018/01/29 07:03 upstream 24b1cccf9229 08d47756 .config console log report ci-upstream-kasan-gce
2018/02/23 11:50 net-next-old 46182452cf5a 33464158 .config console log report ci-upstream-net-kasan-gce
2018/02/21 08:53 net-next-old 5eeba397392a 04cbdbd1 .config console log report ci-upstream-net-kasan-gce
2018/02/20 13:28 net-next-old f5c0c6f4299f 5abac192 .config console log report ci-upstream-net-kasan-gce
2018/02/19 22:09 net-next-old 607ea03221ff c1f526e3 .config console log report ci-upstream-net-kasan-gce
2018/02/18 10:28 net-next-old 1ec010e70593 833f78c7 .config console log report ci-upstream-net-kasan-gce
2018/02/17 04:16 net-next-old 65bd449c32c2 c8b3f7c1 .config console log report ci-upstream-net-kasan-gce
2018/02/16 15:36 net-next-old 35ed663f5f4f c8b3f7c1 .config console log report ci-upstream-net-kasan-gce
2018/02/16 14:00 net-next-old 35ed663f5f4f c8b3f7c1 .config console log report ci-upstream-net-kasan-gce
2018/02/13 15:19 net-next-old cf19e5e2054f 88bc17df .config console log report ci-upstream-net-kasan-gce
2018/02/11 04:06 net-next-old 9a61df9e5f74 4e9b726d .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:53 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:53 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:52 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:46 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:46 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:39 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:38 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:38 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:36 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:35 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:33 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:33 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:31 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:27 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:24 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:21 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:19 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:19 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:18 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:18 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:17 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
2018/01/30 15:16 net-next-old 91e6dd828425 a899be78 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.