syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in free_netdev

Status: fixed on 2020/09/01 18:34
Reported-by: syzbot+4fd6ac432e87be87c935@syzkaller.appspotmail.com
Fix commit: abcf95e000b4 ip6_gre: fix null-ptr-deref in ip6gre_init_net()
First crash: 1385d, last: 1355d
Fix bisection: fixed by (bisect log) :
commit abcf95e000b4d469baa33df3565d4a235ecd164a
Author: Wei Yongjun <weiyongjun1@huawei.com>
Date: Mon Jul 13 15:59:50 2020 +0000

  ip6_gre: fix null-ptr-deref in ip6gre_init_net()

  
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in free_netdev net C error done 3605 1360d 1395d 15/26 fixed on 2020/10/01 20:48
upstream general protection fault in free_netdev (2) net 1 1028d 1028d 0/26 auto-closed as invalid on 2021/09/20 23:14

Sample crash report:
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 23670 Comm: syz-executor242 Not tainted 4.19.134-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:netif_free_tx_queues net/core/dev.c:8568 [inline]
RIP: 0010:free_netdev+0x41/0x410 net/core/dev.c:9227
Code: d2 be 0a 24 00 00 48 c7 c7 40 9c 2a 88 e8 27 da 91 fb 48 8d bb 00 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 86 03 00 00 48 8b bb 00 04 00 00 e8 b9 18 d8 fb
RSP: 0018:ffff888084a8fc28 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000080 RSI: 00000000ffffffff RDI: 0000000000000400
RBP: ffff8880869994c0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000000 R12: 00000000fffffff4
R13: ffff8880869998d0 R14: ffff888084563680 R15: ffff8880a3f81e08
FS:  00007f3142ec1700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004adf30 CR3: 000000009a9a7000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ip6gre_init_net+0x54b/0x620 net/ipv6/ip6_gre.c:1613
 ops_init+0xb3/0x410 net/core/net_namespace.c:129
 setup_net+0x2c2/0x720 net/core/net_namespace.c:315
 copy_net_ns+0x1f7/0x335 net/core/net_namespace.c:438
 create_new_namespaces+0x3f6/0x7b0 kernel/nsproxy.c:107
 unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:206
 ksys_unshare+0x36c/0x9a0 kernel/fork.c:2530
 __do_sys_unshare kernel/fork.c:2598 [inline]
 __se_sys_unshare kernel/fork.c:2596 [inline]
 __x64_sys_unshare+0x2d/0x40 kernel/fork.c:2596
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x448c79
Code: e8 ac e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f3142ec0ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
RAX: ffffffffffffffda RBX: 00000000006e4a08 RCX: 0000000000448c79
RDX: 0000000000448c79 RSI: 00000000000f4240 RDI: 0000000040000000
RBP: 00000000006e4a00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e4a0c
R13: 00007ffcbdb1128f R14: 00007f3142ec19c0 R15: 00000000006e4a0c
Modules linked in:
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
---[ end trace fa046f5025f44923 ]---
RIP: 0010:netif_free_tx_queues net/core/dev.c:8568 [inline]
RIP: 0010:free_netdev+0x41/0x410 net/core/dev.c:9227
Code: d2 be 0a 24 00 00 48 c7 c7 40 9c 2a 88 e8 27 da 91 fb 48 8d bb 00 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 86 03 00 00 48 8b bb 00 04 00 00 e8 b9 18 d8 fb
RSP: 0018:ffff888084a8fc28 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000080 RSI: 00000000ffffffff RDI: 0000000000000400
RBP: ffff8880869994c0 R08: 0000000000000001 R09: 0000000000000000
IPVS: ftp: loaded support on port[0] = 21
R10: 0000000000000005 R11: 0000000000000000 R12: 00000000fffffff4
R13: ffff8880869998d0 R14: ffff888084563680 R15: ffff8880a3f81e08
FS:  00007f3142ec1700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
IPVS: ftp: loaded support on port[0] = 21
IPVS: ftp: loaded support on port[0] = 21
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004adf30 CR3: 000000009a9a7000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (99):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/07/28 12:24 linux-4.19.y 20b3a3dfdf6c cb93dc6a .config console log report syz C ci2-linux-4-19
2020/07/12 13:05 linux-4.19.y dce0f88600e4 115e1930 .config console log report syz C ci2-linux-4-19
2020/07/05 16:03 linux-4.19.y 399849e4654e 22f87567 .config console log report syz C ci2-linux-4-19
2020/07/21 13:40 linux-4.19.y 17a87580a885 d88894e6 .config console log report syz ci2-linux-4-19
2020/07/16 02:30 linux-4.19.y dce0f88600e4 ada108d0 .config console log report syz ci2-linux-4-19
2020/07/15 04:46 linux-4.19.y dce0f88600e4 ada108d0 .config console log report syz ci2-linux-4-19
2020/07/05 10:14 linux-4.19.y 399849e4654e 24d7f505 .config console log report syz ci2-linux-4-19
2020/07/04 23:39 linux-4.19.y 399849e4654e 4f739670 .config console log report syz ci2-linux-4-19
2020/07/03 17:24 linux-4.19.y 399849e4654e 6e569755 .config console log report syz ci2-linux-4-19
2020/07/03 04:33 linux-4.19.y 399849e4654e f30c14bf .config console log report syz ci2-linux-4-19
2020/07/31 14:54 linux-4.19.y 205a42ce2861 8df85ed9 .config console log report ci2-linux-4-19
2020/07/31 11:58 linux-4.19.y 205a42ce2861 8df85ed9 .config console log report ci2-linux-4-19
2020/07/31 02:21 linux-4.19.y 205a42ce2861 8df85ed9 .config console log report ci2-linux-4-19
2020/07/30 04:59 linux-4.19.y 205a42ce2861 233283a1 .config console log report ci2-linux-4-19
2020/07/29 20:03 linux-4.19.y 205a42ce2861 233283a1 .config console log report ci2-linux-4-19
2020/07/27 02:10 linux-4.19.y 20b3a3dfdf6c 51265195 .config console log report ci2-linux-4-19
2020/07/26 16:04 linux-4.19.y 20b3a3dfdf6c 51265195 .config console log report ci2-linux-4-19
2020/07/26 11:23 linux-4.19.y 20b3a3dfdf6c 51265195 .config console log report ci2-linux-4-19
2020/07/25 17:30 linux-4.19.y 20b3a3dfdf6c 1f7cc1ca .config console log report ci2-linux-4-19
2020/07/24 18:10 linux-4.19.y 20b3a3dfdf6c 554af388 .config console log report ci2-linux-4-19
2020/07/24 11:30 linux-4.19.y 20b3a3dfdf6c 554af388 .config console log report ci2-linux-4-19
2020/07/24 10:25 linux-4.19.y 20b3a3dfdf6c 70c104a1 .config console log report ci2-linux-4-19
2020/07/24 09:09 linux-4.19.y 20b3a3dfdf6c 70c104a1 .config console log report ci2-linux-4-19
2020/07/23 17:43 linux-4.19.y 20b3a3dfdf6c 70c104a1 .config console log report ci2-linux-4-19
2020/07/23 12:20 linux-4.19.y 20b3a3dfdf6c 340ea530 .config console log report ci2-linux-4-19
2020/07/23 00:51 linux-4.19.y 20b3a3dfdf6c 128cd85f .config console log report ci2-linux-4-19
2020/07/22 23:22 linux-4.19.y 20b3a3dfdf6c 128cd85f .config console log report ci2-linux-4-19
2020/07/22 05:08 linux-4.19.y 17a87580a885 21f1765e .config console log report ci2-linux-4-19
2020/07/22 02:31 linux-4.19.y 17a87580a885 21f1765e .config console log report ci2-linux-4-19
2020/07/21 22:38 linux-4.19.y 17a87580a885 e562dd8a .config console log report ci2-linux-4-19
2020/07/21 13:20 linux-4.19.y 17a87580a885 d88894e6 .config console log report ci2-linux-4-19
2020/07/20 21:58 linux-4.19.y 17a87580a885 8caeeeb7 .config console log report ci2-linux-4-19
2020/07/20 07:53 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/20 05:23 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/20 00:32 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/19 22:50 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/19 17:52 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/19 05:15 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/19 02:12 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/18 00:46 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/17 16:03 linux-4.19.y 17a87580a885 9c812472 .config console log report ci2-linux-4-19
2020/07/17 06:22 linux-4.19.y 17a87580a885 54b3c45e .config console log report ci2-linux-4-19
2020/07/16 22:58 linux-4.19.y 17a87580a885 54b3c45e .config console log report ci2-linux-4-19
2020/07/16 14:56 linux-4.19.y 17a87580a885 b090c643 .config console log report ci2-linux-4-19
2020/07/16 06:20 linux-4.19.y dce0f88600e4 ada108d0 .config console log report ci2-linux-4-19
2020/07/15 20:14 linux-4.19.y dce0f88600e4 ada108d0 .config console log report ci2-linux-4-19
2020/07/15 16:59 linux-4.19.y dce0f88600e4 ada108d0 .config console log report ci2-linux-4-19
2020/07/15 03:34 linux-4.19.y dce0f88600e4 ada108d0 .config console log report ci2-linux-4-19
2020/07/14 23:26 linux-4.19.y dce0f88600e4 ada108d0 .config console log report ci2-linux-4-19
2020/07/14 17:44 linux-4.19.y dce0f88600e4 6f458026 .config console log report ci2-linux-4-19
2020/07/14 08:58 linux-4.19.y dce0f88600e4 ce4c95b3 .config console log report ci2-linux-4-19
2020/07/14 04:36 linux-4.19.y dce0f88600e4 ce4c95b3 .config console log report ci2-linux-4-19
2020/07/13 21:49 linux-4.19.y dce0f88600e4 ce4c95b3 .config console log report ci2-linux-4-19
2020/07/13 20:31 linux-4.19.y dce0f88600e4 ce4c95b3 .config console log report ci2-linux-4-19
2020/07/13 10:39 linux-4.19.y dce0f88600e4 f90ec899 .config console log report ci2-linux-4-19
2020/07/12 16:36 linux-4.19.y dce0f88600e4 115e1930 .config console log report ci2-linux-4-19
2020/07/12 03:39 linux-4.19.y dce0f88600e4 7ba05d2d .config console log report ci2-linux-4-19
2020/07/12 01:14 linux-4.19.y dce0f88600e4 7ba05d2d .config console log report ci2-linux-4-19
2020/07/11 19:31 linux-4.19.y dce0f88600e4 7ba05d2d .config console log report ci2-linux-4-19
2020/07/11 13:11 linux-4.19.y dce0f88600e4 7ba05d2d .config console log report ci2-linux-4-19
2020/07/10 09:40 linux-4.19.y dce0f88600e4 56d01184 .config console log report ci2-linux-4-19
2020/07/10 04:48 linux-4.19.y dce0f88600e4 edf162e8 .config console log report ci2-linux-4-19
2020/07/09 14:38 linux-4.19.y dce0f88600e4 bc238812 .config console log report ci2-linux-4-19
2020/07/09 09:45 linux-4.19.y dce0f88600e4 bc238812 .config console log report ci2-linux-4-19
2020/07/09 08:49 linux-4.19.y dce0f88600e4 bc238812 .config console log report ci2-linux-4-19
2020/07/09 02:40 linux-4.19.y 399849e4654e 9f9845eb .config console log report ci2-linux-4-19
2020/07/02 00:37 linux-4.19.y 399849e4654e bed10395 .config console log report ci2-linux-4-19
2020/07/01 23:08 linux-4.19.y 399849e4654e bed10395 .config console log report ci2-linux-4-19
2020/07/01 19:08 linux-4.19.y 399849e4654e 39acb39d .config console log report ci2-linux-4-19
2020/07/01 15:45 linux-4.19.y 399849e4654e 39acb39d .config console log report ci2-linux-4-19
2020/07/01 10:57 linux-4.19.y 399849e4654e 090d8f7b .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.