general protection fault in qfq_reset

Kernel	Title	Count	Last	Reported	Patched	Status
linux-4.14	general protection fault in qfq_reset_qdisc (2)	2	1118d	1195d	0/1	auto-closed as invalid on 2021/07/26 19:48
upstream	KASAN: slab-use-after-free Read in qfq_reset_qdisc net	3	264d	306d	0/26	closed as invalid on 2023/09/21 09:36
upstream	general protection fault in qfq_reset_qdisc (3) net	2	60d	111d	0/26	closed as invalid on 2024/03/12 16:19
upstream	general protection fault in qfq_reset_qdisc (2) net	1	187d	187d	0/26	closed as invalid on 2023/12/05 18:14
linux-4.14	general protection fault in qfq_reset_qdisc	1	1526d	1526d	0/1	auto-closed as invalid on 2020/06/13 20:08
upstream	KASAN: use-after-free Read in qfq_reset_qdisc net	1	823d	823d	0/26	closed as invalid on 2022/02/17 02:00
linux-4.19	KASAN: use-after-free Read in qfq_reset_qdisc	2	1533d	1543d	0/1	auto-closed as invalid on 2020/06/06 11:35
linux-4.14	KASAN: use-after-free Read in qfq_reset_qdisc	6	1326d	1639d	0/1	auto-closed as invalid on 2020/12/30 04:03
linux-4.19	KASAN: use-after-free Read in qfq_reset_qdisc (2)	1	1361d	1361d	0/1	auto-closed as invalid on 2020/11/25 14:56
linux-4.19	KASAN: use-after-free Read in qfq_reset_qdisc (3)	1	1230d	1230d	0/1	auto-closed as invalid on 2021/04/05 19:15

general protection fault, probably for non-canonical address 0xdffffc000000001d: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000000e8-0x00000000000000ef] CPU: 1 PID: 56 Comm: kworker/u4:4 Not tainted 5.18.0-syzkaller-11817-g8171acb8bc9b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net RIP: 0010:qfq_reset_qdisc+0x14d/0x4d0 net/sched/sch_qfq.c:1455 Code: f5 f9 4c 8d 73 50 4c 89 f0 48 c1 e8 03 80 3c 28 00 0f 85 70 02 00 00 4c 8b 63 50 49 8d bc 24 e8 00 00 00 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 64 02 00 00 45 8b ac 24 e8 00 RSP: 0018:ffffc900013f78f8 EFLAGS: 00010206 RAX: 000000000000001d RBX: ffff88807a7e9300 RCX: 0000000000000000 RDX: ffff8880176ae1c0 RSI: ffffffff8783d9e5 RDI: 00000000000000e9 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000004 R11: 0000000000000001 R12: 0000000000000001 R13: ffff8880742d49d8 R14: ffff88807a7e9350 R15: ffff8880709d8000 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f159a36a9ee CR3: 000000000ba8e000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> qdisc_reset+0xdb/0x6e0 net/sched/sch_generic.c:1026 qdisc_destroy+0x91/0x4f0 net/sched/sch_generic.c:1064 qdisc_put+0xcd/0xe0 net/sched/sch_generic.c:1086 dev_shutdown+0x2b5/0x520 net/sched/sch_generic.c:1473 unregister_netdevice_many+0x7d3/0x1890 net/core/dev.c:10825 default_device_exit_batch+0x449/0x590 net/core/dev.c:11328 ops_exit_list+0x125/0x170 net/core/net_namespace.c:167 cleanup_net+0x4ea/0xb00 net/core/net_namespace.c:594 process_one_work+0x996/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e9/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:qfq_reset_qdisc+0x14d/0x4d0 net/sched/sch_qfq.c:1455 Code: f5 f9 4c 8d 73 50 4c 89 f0 48 c1 e8 03 80 3c 28 00 0f 85 70 02 00 00 4c 8b 63 50 49 8d bc 24 e8 00 00 00 48 89 f8 48 c1 e8 03 <0f> b6 04 28 84 c0 74 08 3c 03 0f 8e 64 02 00 00 45 8b ac 24 e8 00 RSP: 0018:ffffc900013f78f8 EFLAGS: 00010206 RAX: 000000000000001d RBX: ffff88807a7e9300 RCX: 0000000000000000 RDX: ffff8880176ae1c0 RSI: ffffffff8783d9e5 RDI: 00000000000000e9 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000004 R11: 0000000000000001 R12: 0000000000000001 R13: ffff8880742d49d8 R14: ffff88807a7e9350 R15: ffff8880709d8000 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f159a36a9ee CR3: 000000007ea74000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: f5 cmc 1: f9 stc 2: 4c 8d 73 50 lea 0x50(%rbx),%r14 6: 4c 89 f0 mov %r14,%rax 9: 48 c1 e8 03 shr $0x3,%rax d: 80 3c 28 00 cmpb $0x0,(%rax,%rbp,1) 11: 0f 85 70 02 00 00 jne 0x287 17: 4c 8b 63 50 mov 0x50(%rbx),%r12 1b: 49 8d bc 24 e8 00 00 lea 0xe8(%r12),%rdi 22: 00 23: 48 89 f8 mov %rdi,%rax 26: 48 c1 e8 03 shr $0x3,%rax * 2a: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 74 08 je 0x3a 32: 3c 03 cmp $0x3,%al 34: 0f 8e 64 02 00 00 jle 0x29e 3a: 45 rex.RB 3b: 8b .byte 0x8b 3c: ac lods %ds:(%rsi),%al 3d: 24 e8 and $0xe8,%al

Crashes (5):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	VM info	Manager	Title
2022/06/02 06:10	upstream	8171acb8bc9b	b4bc6a3d	.config	console log	report	info	ci-upstream-kasan-gce-selinux-root	general protection fault in qfq_reset_qdisc
2022/08/13 05:55	net-next-old	7ebfc85e2cd7	8dfcaa3d	.config	console log	report	info	ci-upstream-net-kasan-gce	general protection fault in qfq_reset_qdisc
2022/07/01 21:35	net-next-old	087b79854b9b	1434eec0	.config	console log	report	info	ci-upstream-net-kasan-gce	general protection fault in qfq_reset_qdisc
2022/07/04 05:49	net-next-old	d0bf1fe6454e	1434eec0	.config	console log	report	info	ci-upstream-net-kasan-gce	KASAN: use-after-free Read in qfq_reset_qdisc
2022/06/19 21:05	net-next-old	9776fe0f424b	8f633d84	.config	console log	report	info	ci-upstream-net-kasan-gce	KASAN: use-after-free Read in qfq_reset_qdisc

Crashes (5):

Assets (help?)