syzbot

 sign-in | mailing list | source | docs
🐞 Open [1659]
Subsystems
🐞 Fixed [5984]
🐞 Invalid [14726]
Missing Backports [131]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in team_port_del

Status: closed as invalid on 2025/01/15 12:19
Subsystems: net
[Documentation on labels]
First crash: 34d, last: 34d

Sample crash report:
veth1_vlan: left promiscuous mode
veth0_vlan: left promiscuous mode
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
CPU: 1 UID: 0 PID: 5032 Comm: kworker/u8:8 Not tainted 6.13.0-rc3-syzkaller-00026-g59dbb9d81adf #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
Workqueue: netns cleanup_net
RIP: 0010:__team_option_inst_mark_removed_port drivers/net/team/team_core.c:243 [inline]
RIP: 0010:team_port_del+0x4c1/0x820 drivers/net/team/team_core.c:1364
Code: fb 4c 89 f0 48 c1 e8 03 80 3c 28 00 0f 85 63 02 00 00 4d 8b 36 4d 39 ee 74 6e e8 7a fe 61 fb 49 8d 7e 30 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 2d 02 00 00 49 3b 5e 30 75 c2 e8 5a fe 61 fb 49
RSP: 0018:ffffc900100777c8 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff88802d41b600 RCX: ffffffff86375005
RDX: ffff888034b3da00 RSI: ffffffff86375076 RDI: 0000000000000030
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000001
R10: 000000000000003c R11: 0000000000000000 R12: ffff88803531cd80
R13: ffff88803531ced0 R14: 0000000000000000 R15: ffff88803531c000
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b3051fffc CR3: 000000004d114000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 team_del_slave+0x3c/0x1b0 drivers/net/team/team_core.c:1992
 team_device_event+0xd0/0x770 drivers/net/team/team_core.c:2984
 notifier_call_chain+0xb7/0x410 kernel/notifier.c:85
 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1996
 call_netdevice_notifiers_extack net/core/dev.c:2034 [inline]
 call_netdevice_notifiers net/core/dev.c:2048 [inline]
 unregister_netdevice_many_notify+0x8d5/0x1e60 net/core/dev.c:11526
 unregister_netdevice_many net/core/dev.c:11590 [inline]
 default_device_exit_batch+0x740/0x9c0 net/core/dev.c:12073
 ops_exit_list+0x128/0x180 net/core/net_namespace.c:177
 cleanup_net+0x5b7/0xbd0 net/core/net_namespace.c:648
 process_one_work+0x958/0x1b30 kernel/workqueue.c:3229
 process_scheduled_works kernel/workqueue.c:3310 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3391
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__team_option_inst_mark_removed_port drivers/net/team/team_core.c:243 [inline]
RIP: 0010:team_port_del+0x4c1/0x820 drivers/net/team/team_core.c:1364
Code: fb 4c 89 f0 48 c1 e8 03 80 3c 28 00 0f 85 63 02 00 00 4d 8b 36 4d 39 ee 74 6e e8 7a fe 61 fb 49 8d 7e 30 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 2d 02 00 00 49 3b 5e 30 75 c2 e8 5a fe 61 fb 49
RSP: 0018:ffffc900100777c8 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff88802d41b600 RCX: ffffffff86375005
RDX: ffff888034b3da00 RSI: ffffffff86375076 RDI: 0000000000000030
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000001
R10: 000000000000003c R11: 0000000000000000 R12: ffff88803531cd80
R13: ffff88803531ced0 R14: 0000000000000000 R15: ffff88803531c000
FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd5fb13f5c CR3: 0000000079464000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	fb                   	sti
   1:	4c 89 f0             	mov    %r14,%rax
   4:	48 c1 e8 03          	shr    $0x3,%rax
   8:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1)
   c:	0f 85 63 02 00 00    	jne    0x275
  12:	4d 8b 36             	mov    (%r14),%r14
  15:	4d 39 ee             	cmp    %r13,%r14
  18:	74 6e                	je     0x88
  1a:	e8 7a fe 61 fb       	call   0xfb61fe99
  1f:	49 8d 7e 30          	lea    0x30(%r14),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1) <-- trapping instruction
  2e:	0f 85 2d 02 00 00    	jne    0x261
  34:	49 3b 5e 30          	cmp    0x30(%r14),%rbx
  38:	75 c2                	jne    0xfffffffc
  3a:	e8 5a fe 61 fb       	call   0xfb61fe99
  3f:	49                   	rex.WB

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/17 17:42 upstream 59dbb9d81adf a0626d3a .config console log report info [disk image] [vmlinux] [kernel image] ci-qemu-gce-upstream-auto general protection fault in team_port_del
* Struck through repros no longer work on HEAD.