syzbot

 sign-in | mailing list | source | docs
🐞 Open [712]
🐞 Fixed [297]
🐞 Invalid [838]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in rb_insert_color

Status: auto-closed as invalid on 2020/09/15 00:51
Reported-by: syzbot+1a82b51b179cce2b7a1f@syzkaller.appspotmail.com
First crash: 1674d, last: 1661d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in rb_insert_color (2) net 1 1555d 1555d 0/28 auto-closed as invalid on 2020/10/30 19:33
upstream general protection fault in rb_insert_color fbdev 1 1736d 1736d 0/28 auto-closed as invalid on 2020/06/02 02:21

Sample crash report:
IPVS: ftp: loaded support on port[0] = 21
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 1344 Comm: syz-executor.1 Not tainted 4.19.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__rb_insert lib/rbtree.c:131 [inline]
RIP: 0010:rb_insert_color+0x6d/0xb60 lib/rbtree.c:452
Code: 48 89 e8 48 c1 e8 03 42 80 3c 28 00 0f 85 e9 06 00 00 48 8b 5d 00 f6 c3 01 0f 85 9b 01 00 00 4c 8d 7b 08 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 b1 06 00 00 4c 8b 73 08 49 39 ee 0f 84 87 01
RSP: 0018:ffff8880920c7900 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81c90d50
RDX: 1ffff11012478303 RSI: ffff8880a7bf7ca8 RDI: ffff8880923c1818
RBP: ffff8880001131f8 R08: ffff8880464761c0 R09: ffffed1014f7ef89
R10: ffffed1014f7ef88 R11: ffff8880a7bf7c47 R12: ffff8880923c1818
R13: dffffc0000000000 R14: ffff8880923c17e0 R15: 0000000000000008
FS:  000000000130a940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4fadf75710 CR3: 0000000089961000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kernfs_link_sibling+0x2bd/0x420 fs/kernfs/dir.c:369
 kernfs_add_one+0x227/0x4d0 fs/kernfs/dir.c:789
 kernfs_create_link+0x1ae/0x240 fs/kernfs/symlink.c:50
 sysfs_do_create_link_sd.isra.0+0x8b/0x130 fs/sysfs/symlink.c:43
 sysfs_do_create_link fs/sysfs/symlink.c:79 [inline]
 sysfs_create_link+0x61/0xc0 fs/sysfs/symlink.c:91
 device_add_class_symlinks drivers/base/core.c:1918 [inline]
 device_add+0x78a/0x1660 drivers/base/core.c:2120
 netdev_register_kobject+0x180/0x3b0 net/core/net-sysfs.c:1765
 register_netdevice+0x7f7/0xf50 net/core/dev.c:8710
 register_netdev+0x2d/0x50 net/core/dev.c:8832
 sit_init_net+0x37b/0xa50 net/ipv6/sit.c:1867
 ops_init+0xaf/0x410 net/core/net_namespace.c:129
 setup_net+0x2c2/0x6f0 net/core/net_namespace.c:315
 copy_net_ns+0x1d9/0x331 net/core/net_namespace.c:438
 create_new_namespaces+0x3fb/0x7c0 kernel/nsproxy.c:107
 unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:206
 ksys_unshare+0x439/0x8d0 kernel/fork.c:2530
 __do_sys_unshare kernel/fork.c:2598 [inline]
 __se_sys_unshare kernel/fork.c:2596 [inline]
 __x64_sys_unshare+0x2d/0x40 kernel/fork.c:2596
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45f4f7
Code: 00 00 00 b8 63 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 10 01 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff9b1f1b08 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045f4f7
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000005
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000418590
R13: 00007fff9b1f1d78 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 60b99c80be34ecec ]---
RIP: 0010:__rb_insert lib/rbtree.c:131 [inline]
RIP: 0010:rb_insert_color+0x6d/0xb60 lib/rbtree.c:452
Code: 48 89 e8 48 c1 e8 03 42 80 3c 28 00 0f 85 e9 06 00 00 48 8b 5d 00 f6 c3 01 0f 85 9b 01 00 00 4c 8d 7b 08 4c 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 b1 06 00 00 4c 8b 73 08 49 39 ee 0f 84 87 01
RSP: 0018:ffff8880920c7900 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81c90d50
RDX: 1ffff11012478303 RSI: ffff8880a7bf7ca8 RDI: ffff8880923c1818
RBP: ffff8880001131f8 R08: ffff8880464761c0 R09: ffffed1014f7ef89
R10: ffffed1014f7ef88 R11: ffff8880a7bf7c47 R12: ffff8880923c1818
R13: dffffc0000000000 R14: ffff8880923c17e0 R15: 0000000000000008
FS:  000000000130a940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4fadf75710 CR3: 0000000089961000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/05/18 00:50 linux-4.19.y 258f0cf7ac3b 37bccd4e .config console log report ci2-linux-4-19
2020/05/04 18:03 linux-4.19.y fdc072324f3c 58ae5e18 .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.