syzbot

 sign-in | mailing list | source | docs
🐞 Open [985] Subsystems 🐞 Fixed [5238] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in rt_cache_valid

Status: fixed on 2019/07/10 21:40
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+0290d2290a607e035ba1@syzkaller.appspotmail.com
Fix commit: c3bcde026684 tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
First crash: 1934d, last: 1768d
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 4.14 00/43] 4.14.132-stable review 57 (57) 2019/08/03 07:11
[PATCH 4.9 000/102] 4.9.185-stable review 108 (108) 2019/07/10 06:11
[PATCH 4.19 00/72] 4.19.57-stable review 84 (84) 2019/07/04 05:29
[PATCH 5.1 00/55] 5.1.16-stable review 69 (69) 2019/07/04 05:27
[PATCH net 0/3] net: fix quite a few dst_cache crashes reported by syzbot 5 (5) 2019/06/19 00:49
general protection fault in rt_cache_valid 0 (1) 2019/02/16 07:01

Sample crash report:
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 22532 Comm: syz-executor.1 Not tainted 5.2.0-rc5+ #31
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rt_cache_valid+0x33/0x190 net/ipv4/route.c:1556
Code: 31 e4 53 48 89 fb e8 dc ab 8a fb 48 85 db 74 4f e8 d2 ab 8a fb 48 8d 7b 3a 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 07
RSP: 0018:ffff8880ae908de8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000bd0 RCX: ffffffff85e77b21
RDX: 0000000000000181 RSI: ffffffff85e6155e RDI: 0000000000000c0a
RBP: ffff8880ae908e00 R08: ffff88809fa2a100 R09: ffffed1015d26c70
R10: ffffed1015d26c6f R11: ffff8880ae93637b R12: 0000000000000000
R13: ffff88809a3304e8 R14: ffff888099b2e930 R15: ffff88809afcbd40
FS:  00007f6052655700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32c23000 CR3: 00000000a5c17000 CR4: 00000000001426e0
Call Trace:
 <IRQ>
 __mkroute_output net/ipv4/route.c:2332 [inline]
 ip_route_output_key_hash_rcu+0x819/0x2d50 net/ipv4/route.c:2564
 ip_route_output_key_hash+0x1ef/0x360 net/ipv4/route.c:2393
 __ip_route_output_key include/net/route.h:125 [inline]
 ip_route_output_flow+0x28/0xc0 net/ipv4/route.c:2651
 ip_route_output_key include/net/route.h:135 [inline]
 sctp_v4_get_dst+0x467/0x1260 net/sctp/protocol.c:435
 sctp_transport_route+0x12d/0x360 net/sctp/transport.c:297
 sctp_assoc_add_peer+0x53e/0xfc0 net/sctp/associola.c:663
 sctp_process_param net/sctp/sm_make_chunk.c:2522 [inline]
 sctp_process_init+0x273c/0x2e10 net/sctp/sm_make_chunk.c:2343
 sctp_sf_do_5_1B_init+0x8ba/0xe50 net/sctp/sm_statefuns.c:401
 sctp_do_sm+0x121/0x5190 net/sctp/sm_sideeffect.c:1152
 sctp_endpoint_bh_rcv+0x451/0x950 net/sctp/endpointola.c:443
 sctp_inq_push+0x1e4/0x280 net/sctp/inqueue.c:80
 sctp_rcv+0x282e/0x35e0 net/sctp/input.c:256
 sctp6_rcv+0x17/0x30 net/sctp/ipv6.c:1049
 ip6_protocol_deliver_rcu+0x2fe/0x16c0 net/ipv6/ip6_input.c:397
 ip6_input_finish+0x84/0x170 net/ipv6/ip6_input.c:438
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_input+0xe4/0x3f0 net/ipv6/ip6_input.c:447
 dst_input include/net/dst.h:439 [inline]
 ip6_rcv_finish+0x1de/0x310 net/ipv6/ip6_input.c:76
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ipv6_rcv+0x10e/0x420 net/ipv6/ip6_input.c:272
 __netif_receive_skb_one_core+0x113/0x1a0 net/core/dev.c:5009
 __netif_receive_skb+0x2c/0x1d0 net/core/dev.c:5123
 process_backlog+0x206/0x750 net/core/dev.c:5934
 napi_poll net/core/dev.c:6357 [inline]
 net_rx_action+0x4f5/0x1070 net/core/dev.c:6423
 __do_softirq+0x25c/0x94c kernel/softirq.c:292
 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1040
 </IRQ>
 do_softirq.part.0+0x11a/0x170 kernel/softirq.c:337
 do_softirq kernel/softirq.c:329 [inline]
 __local_bh_enable_ip+0x211/0x270 kernel/softirq.c:189
 local_bh_enable include/linux/bottom_half.h:32 [inline]
 rcu_read_unlock_bh include/linux/rcupdate.h:682 [inline]
 ip6_finish_output2+0x10a0/0x2550 net/ipv6/ip6_output.c:117
 ip6_finish_output+0x56d/0xc20 net/ipv6/ip6_output.c:150
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0x235/0x7f0 net/ipv6/ip6_output.c:167
 dst_output include/net/dst.h:433 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 NF_HOOK include/linux/netfilter.h:299 [inline]
 ip6_xmit+0xe35/0x20b0 net/ipv6/ip6_output.c:271
 sctp_v6_xmit+0x313/0x660 net/sctp/ipv6.c:217
 sctp_packet_transmit+0x1bb8/0x36e0 net/sctp/output.c:626
 sctp_packet_singleton net/sctp/outqueue.c:772 [inline]
 sctp_outq_flush_ctrl.constprop.0+0x73c/0xd30 net/sctp/outqueue.c:903
 sctp_outq_flush+0xe8/0x2780 net/sctp/outqueue.c:1185
 sctp_outq_uncork+0x6c/0x80 net/sctp/outqueue.c:757
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1781 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1184 [inline]
 sctp_do_sm+0x504/0x5190 net/sctp/sm_sideeffect.c:1155
 sctp_primitive_ASSOCIATE+0x9d/0xd0 net/sctp/primitive.c:73
 __sctp_connect+0x8c3/0xcd0 net/sctp/socket.c:1211
 __sctp_setsockopt_connectx+0x133/0x1a0 net/sctp/socket.c:1334
 sctp_setsockopt_connectx_old net/sctp/socket.c:1350 [inline]
 sctp_setsockopt net/sctp/socket.c:4644 [inline]
 sctp_setsockopt+0x22c0/0x6d10 net/sctp/socket.c:4608
 sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3129
 __sys_setsockopt+0x17a/0x280 net/socket.c:2072
 __do_sys_setsockopt net/socket.c:2083 [inline]
 __se_sys_setsockopt net/socket.c:2080 [inline]
 __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2080
 do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4592c9
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6052654c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004592c9
RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000006
RBP: 000000000075c118 R08: 000000000000001c R09: 0000000000000000
R10: 000000002055bfe4 R11: 0000000000000246 R12: 00007f60526556d4
R13: 00000000004ced98 R14: 00000000004dd4f0 R15: 00000000ffffffff
Modules linked in:
---[ end trace 55670e5e2eeb408c ]---
RIP: 0010:rt_cache_valid+0x33/0x190 net/ipv4/route.c:1556
Code: 31 e4 53 48 89 fb e8 dc ab 8a fb 48 85 db 74 4f e8 d2 ab 8a fb 48 8d 7b 3a 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 07
RSP: 0018:ffff8880ae908de8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000bd0 RCX: ffffffff85e77b21
RDX: 0000000000000181 RSI: ffffffff85e6155e RDI: 0000000000000c0a
RBP: ffff8880ae908e00 R08: ffff88809fa2a100 R09: ffffed1015d26c70
R10: ffffed1015d26c6f R11: ffff8880ae93637b R12: 0000000000000000
R13: ffff88809a3304e8 R14: ffff888099b2e930 R15: ffff88809afcbd40
FS:  00007f6052655700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32c23000 CR3: 00000000a5c17000 CR4: 00000000001426e0

Crashes (24):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/23 04:03 upstream abf02e2964b3 34bf9440 .config console log report ci-upstream-kasan-gce-selinux-root
2019/02/18 20:15 upstream 301e361072e5 59f36113 .config console log report ci-upstream-kasan-gce-386
2019/06/02 06:40 net-old e8d67fa5696e 53c81ea5 .config console log report ci-upstream-net-this-kasan-gce
2019/05/26 21:38 net-old 334031219a84 85c57315 .config console log report ci-upstream-net-this-kasan-gce
2019/05/02 02:56 net-old d2f0c961148f 7516d9fa .config console log report ci-upstream-net-this-kasan-gce
2019/04/30 04:33 net-old 6c0afef5fb0c b617407b .config console log report ci-upstream-net-this-kasan-gce
2019/04/23 21:44 net-old d04830531d0c 4d3d6a50 .config console log report ci-upstream-net-this-kasan-gce
2019/04/15 19:15 net-old 732488018281 505ab413 .config console log report ci-upstream-net-this-kasan-gce
2019/03/25 18:59 net-old 526949e877f4 2c86e0a5 .config console log report ci-upstream-net-this-kasan-gce
2019/03/22 03:07 net-old 33872d79f5d1 dce6e62f .config console log report ci-upstream-net-this-kasan-gce
2019/03/20 21:20 net-old 398f0132c147 a664c187 .config console log report ci-upstream-net-this-kasan-gce
2019/03/17 18:43 net-old 517ccc2aa50d ba18afea .config console log report ci-upstream-net-this-kasan-gce
2019/06/07 20:28 net-next-old 96524ea4be04 ce9107d0 .config console log report ci-upstream-net-kasan-gce
2019/05/24 19:20 net-next-old dfb569f2b96e 0dadcd9d .config console log report ci-upstream-net-kasan-gce
2019/04/15 03:20 net-next-old 0ed1d3ddedb9 505ab413 .config console log report ci-upstream-net-kasan-gce
2019/03/27 01:36 net-next-old be67101fbf27 55684ce1 .config console log report ci-upstream-net-kasan-gce
2019/03/26 04:26 net-next-old 68cc2999f692 55684ce1 .config console log report ci-upstream-net-kasan-gce
2019/03/17 02:04 net-next-old 3b319ee220a8 bab43553 .config console log report ci-upstream-net-kasan-gce
2019/03/12 07:35 net-next-old d9862cfbe209 12365b99 .config console log report ci-upstream-net-kasan-gce
2019/02/16 02:22 net-next-old 3313da8188cc f42dee6d .config console log report ci-upstream-net-kasan-gce
2019/02/03 20:51 net-next-old 682a789516d3 c198d5dd .config console log report ci-upstream-net-kasan-gce
2019/02/02 12:41 net-next-old d6b0a01faa6a c198d5dd .config console log report ci-upstream-net-kasan-gce
2019/01/31 12:44 net-next-old 630afc7734ba aa432daf .config console log report ci-upstream-net-kasan-gce
2019/01/08 17:18 net-next-old b71acb0e3721 37dd2683 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.