syzbot

 sign-in | mailing list | source | docs
🐞 Open [1651]
Subsystems
🐞 Fixed [6000]
🐞 Invalid [14793]
Missing Backports [135]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in gro_cells_destroy (3)

Status: closed as invalid on 2024/08/26 16:08
Subsystems: net
[Documentation on labels]
First crash: 243d, last: 180d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in gro_cells_destroy net 62 2045d 2209d 0/28 auto-closed as invalid on 2019/10/25 08:37
upstream general protection fault in gro_cells_destroy (4) net 3 136d 141d 0/28 closed as invalid on 2024/10/14 08:46
upstream general protection fault in gro_cells_destroy (2) net 2 1109d 1126d 20/28 fixed on 2022/03/08 16:11
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (5) net 2 2067d 2073d 0/28 closed as invalid on 2019/06/15 03:25
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (3) net 3 2134d 2151d 11/28 fixed on 2019/03/28 12:00
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (4) net 1 2102d 2102d 0/28 closed as invalid on 2019/05/15 23:07
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (2) net 2 2195d 2207d 0/28 closed as invalid on 2019/02/06 03:52
upstream BUG: unable to handle kernel paging request in gro_cells_destroy net 5 2337d 2395d 0/28 closed as invalid on 2018/09/05 12:51

Sample crash report:
bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
bond0 (unregistering): Released all slaves
Oops: general protection fault, probably for non-canonical address 0xf01ffbfd1fdfa34d: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0x80ffffe8fefd1a68-0x80ffffe8fefd1a6f]
CPU: 1 UID: 0 PID: 64 Comm: kworker/u32:3 Not tainted 6.11.0-rc1-syzkaller-00046-gc91a7dee0555 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: netns cleanup_net
RIP: 0010:__skb_unlink include/linux/skbuff.h:2418 [inline]
RIP: 0010:__skb_dequeue include/linux/skbuff.h:2434 [inline]
RIP: 0010:__skb_queue_purge_reason include/linux/skbuff.h:3288 [inline]
RIP: 0010:__skb_queue_purge include/linux/skbuff.h:3294 [inline]
RIP: 0010:gro_cells_destroy net/core/gro_cells.c:118 [inline]
RIP: 0010:gro_cells_destroy+0x1a9/0x4d0 net/core/gro_cells.c:106
Code: e8 03 80 3c 28 00 0f 85 71 02 00 00 48 8d 7a 08 49 8b 47 08 49 c7 07 00 00 00 00 48 89 f9 49 c7 47 08 00 00 00 00 48 c1 e9 03 <80> 3c 29 00 0f 85 2b 02 00 00 48 89 c1 48 89 42 08 48 c1 e9 03 80
RSP: 0018:ffffc90000d17a50 EFLAGS: 00010a06
RAX: ffffffe8fefd1a60 RBX: ffffe8fefd1a6060 RCX: 101ffffd1fdfa34d
RDX: 80ffffe8fefd1a60 RSI: ffffffff89043b68 RDI: 80ffffe8fefd1a68
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000008
R10: 0000000000000008 R11: 0000000000000000 R12: fffff91fdfa34c0e
R13: 0000000000000001 R14: ffffe8fefd1a6070 R15: ffffe8fefd1a6061
FS:  0000000000000000(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf176e2650 CR3: 000000003fb9c000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ip6gre_dev_free+0x19/0x30 net/ipv6/ip6_gre.c:1444
 netdev_run_todo+0x760/0x12d0 net/core/dev.c:10753
 cleanup_net+0x591/0xbf0 net/core/net_namespace.c:636
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf20 kernel/workqueue.c:3390
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__skb_unlink include/linux/skbuff.h:2418 [inline]
RIP: 0010:__skb_dequeue include/linux/skbuff.h:2434 [inline]
RIP: 0010:__skb_queue_purge_reason include/linux/skbuff.h:3288 [inline]
RIP: 0010:__skb_queue_purge include/linux/skbuff.h:3294 [inline]
RIP: 0010:gro_cells_destroy net/core/gro_cells.c:118 [inline]
RIP: 0010:gro_cells_destroy+0x1a9/0x4d0 net/core/gro_cells.c:106
Code: e8 03 80 3c 28 00 0f 85 71 02 00 00 48 8d 7a 08 49 8b 47 08 49 c7 07 00 00 00 00 48 89 f9 49 c7 47 08 00 00 00 00 48 c1 e9 03 <80> 3c 29 00 0f 85 2b 02 00 00 48 89 c1 48 89 42 08 48 c1 e9 03 80
RSP: 0018:ffffc90000d17a50 EFLAGS: 00010a06
RAX: ffffffe8fefd1a60 RBX: ffffe8fefd1a6060 RCX: 101ffffd1fdfa34d
RDX: 80ffffe8fefd1a60 RSI: ffffffff89043b68 RDI: 80ffffe8fefd1a68
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000008
R10: 0000000000000008 R11: 0000000000000000 R12: fffff91fdfa34c0e
R13: 0000000000000001 R14: ffffe8fefd1a6070 R15: ffffe8fefd1a6061
FS:  0000000000000000(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fbf176e2650 CR3: 000000000db7c000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e8 03 80 3c 28       	call   0x283c8008
   5:	00 0f                	add    %cl,(%rdi)
   7:	85 71 02             	test   %esi,0x2(%rcx)
   a:	00 00                	add    %al,(%rax)
   c:	48 8d 7a 08          	lea    0x8(%rdx),%rdi
  10:	49 8b 47 08          	mov    0x8(%r15),%rax
  14:	49 c7 07 00 00 00 00 	movq   $0x0,(%r15)
  1b:	48 89 f9             	mov    %rdi,%rcx
  1e:	49 c7 47 08 00 00 00 	movq   $0x0,0x8(%r15)
  25:	00
  26:	48 c1 e9 03          	shr    $0x3,%rcx
* 2a:	80 3c 29 00          	cmpb   $0x0,(%rcx,%rbp,1) <-- trapping instruction
  2e:	0f 85 2b 02 00 00    	jne    0x25f
  34:	48 89 c1             	mov    %rax,%rcx
  37:	48 89 42 08          	mov    %rax,0x8(%rdx)
  3b:	48 c1 e9 03          	shr    $0x3,%rcx
  3f:	80                   	.byte 0x80

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/31 11:10 upstream c91a7dee0555 6fde257d .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in gro_cells_destroy
2024/06/17 07:18 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in gro_cells_destroy
2024/05/29 12:58 upstream e0cce98fe279 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in gro_cells_destroy
2024/07/10 05:43 upstream 34afb82a3c67 bc144f9a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 BUG: unable to handle kernel paging request in gro_cells_destroy
* Struck through repros no longer work on HEAD.