syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in hrtimer_active

Status: fixed on 2017/11/28 03:36
Subsystems: kernel
[Documentation on labels]
Fix commit: aec72f3392b1 net-tun: fix panics at dismantle time
First crash: 2403d, last: 2359d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in hrtimer_active (3) kernel syz done error 34 815d 1119d 20/26 fixed on 2022/03/08 16:11
upstream general protection fault in hrtimer_active (5) kernel C error 22 438d 442d 22/26 fixed on 2023/06/08 14:41
upstream general protection fault in hrtimer_active (4) kernel 7 644d 754d 0/26 auto-obsoleted due to no activity on 2022/10/20 15:45
upstream KASAN: null-ptr-deref Read in hrtimer_active kernel 7 157d 295d 0/26 closed as invalid on 2024/01/16 13:47
upstream general protection fault in hrtimer_active (2) kernel C 10612 2245d 2250d 4/26 fixed on 2018/03/06 13:29
linux-4.19 general protection fault in hrtimer_active C error 66 947d 1691d 0/1 upstream: reported C repro on 2019/09/09 21:23

Sample crash report:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 2995 Comm: syzkaller758499 Not tainted 4.14.0-rc5-mm1+ #20
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801d1e70180 task.stack: ffff8801c05e0000
RIP: 0010:__read_once_size include/linux/compiler.h:276 [inline]
RIP: 0010:hrtimer_active+0x211/0x410 kernel/time/hrtimer.c:1142
RSP: 0018:ffff8801c05e73f0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 1ffff100380bceab RCX: ffffffff815ef93f
RDX: 0000000000000000 RSI: ffffffff85b377a0 RDI: ffff8801d1f38ea0
RBP: ffff8801c05e7530 R08: ffffffff83f9f367 R09: 0000000000000004
R10: ffff8801c05e7898 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffffed00380bce89 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020511fd8 CR3: 0000000005a22000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 hrtimer_try_to_cancel+0x91/0x5c0 kernel/time/hrtimer.c:1006
 hrtimer_cancel+0x22/0x40 kernel/time/hrtimer.c:1032
 napi_disable+0x87/0xa0 net/core/dev.c:5552
 tun_napi_disable drivers/net/tun.c:290 [inline]
 __tun_detach+0xe26/0x1570 drivers/net/tun.c:617
 tun_detach drivers/net/tun.c:664 [inline]
 tun_chr_close+0x44/0x60 drivers/net/tun.c:2835
 __fput+0x327/0x7e0 fs/file_table.c:210
 ____fput+0x15/0x20 fs/file_table.c:244
 task_work_run+0x199/0x270 kernel/task_work.c:112
 exit_task_work include/linux/task_work.h:21 [inline]
 do_exit+0x9b5/0x1ad0 kernel/exit.c:869
 do_group_exit+0x149/0x400 kernel/exit.c:972
 SYSC_exit_group kernel/exit.c:983 [inline]
 SyS_exit_group+0x1d/0x20 kernel/exit.c:981
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x442aa8
RSP: 002b:00007ffdcb6208d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442aa8
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 0000000000000082 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 0000000000000000 R11: 0000000000000246 R12: 74656e2f7665642f
R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000
Code: c6 00 00 48 8b 85 d8 fe ff ff 48 c1 e8 03 42 80 3c 38 00 0f 85 f2 01 00 00 48 8b 85 e8 fe ff ff 4c 8b 60 30 4c 89 e0 48 c1 e8 03 <42> 80 3c 38 00 0f 85 c8 01 00 00 48 8b 85 f0 fe ff ff 49 8b 1c 
RIP: __read_once_size include/linux/compiler.h:276 [inline] RSP: ffff8801c05e73f0
RIP: hrtimer_active+0x211/0x410 kernel/time/hrtimer.c:1142 RSP: ffff8801c05e73f0
---[ end trace 16d64b9edc71d4d0 ]---

Crashes (669):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/11/02 00:47 mmots 0f611fb6dcc0 e0a2b195 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/11/02 00:36 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/11/02 00:32 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/28 12:02 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/28 02:36 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/27 05:15 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/25 12:55 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/19 22:36 mmots 3ac81ebcbbb3 355f57c5 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/10/19 22:36 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/15 12:38 mmots 4eb4a4191fe5 441d64d9 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/10/15 12:38 linux-next 49827b977a2e 441d64d9 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/05 16:34 mmots fb686cb13e51 c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/10/05 16:34 linux-next 1418b852174a c26ea367 .config console log report syz C ci-upstream-next-kasan-gce
2017/09/27 07:33 linux-next 045c5205823f c26ea367 .config console log report syz C ci-upstream-next-kasan-gce
2017/11/02 09:30 mmots 0f611fb6dcc0 e0a2b195 .config console log report ci-upstream-mmots-kasan-gce
2017/10/31 12:21 linux-next 36ef71cae353 e511d9f8 .config console log report ci-upstream-next-kasan-gce
2017/10/27 15:18 linux-next 36ef71cae353 e511d9f8 .config console log report ci-upstream-next-kasan-gce
2017/10/24 21:16 linux-next 36ef71cae353 e511d9f8 .config console log report skylake-linux-next-kasan-qemu
2017/10/24 07:53 mmots 0f611fb6dcc0 e0a2b195 .config console log report ci-upstream-mmots-kasan-gce
2017/10/22 13:55 mmots 0f611fb6dcc0 e0a2b195 .config console log report ci-upstream-mmots-kasan-gce
2017/10/22 13:14 mmots 0f611fb6dcc0 e0a2b195 .config console log report ci-upstream-mmots-kasan-gce
2017/10/18 17:07 mmots 3ac81ebcbbb3 355f57c5 .config console log report ci-upstream-mmots-kasan-gce
2017/10/16 09:38 mmots 4eb4a4191fe5 441d64d9 .config console log report ci-upstream-mmots-kasan-gce
2017/10/16 05:44 mmots 4eb4a4191fe5 441d64d9 .config console log report ci-upstream-mmots-kasan-gce
2017/10/16 04:40 mmots 4eb4a4191fe5 441d64d9 .config console log report ci-upstream-mmots-kasan-gce
2017/10/16 04:39 linux-next 49827b977a2e 441d64d9 .config console log report ci-upstream-next-kasan-gce
2017/10/15 08:48 linux-next 49827b977a2e 441d64d9 .config console log report ci-upstream-next-kasan-gce
2017/10/15 08:47 mmots 4eb4a4191fe5 441d64d9 .config console log report ci-upstream-mmots-kasan-gce
2017/10/14 13:33 linux-next 49827b977a2e 441d64d9 .config console log report ci-upstream-next-kasan-gce
2017/10/11 19:13 linux-next 49827b977a2e 441d64d9 .config console log report ci-upstream-next-kasan-gce
2017/10/09 22:30 mmots fb686cb13e51 c26ea367 .config console log report ci-upstream-mmots-kasan-gce
2017/10/04 20:37 mmots af6dd9aabb86 c26ea367 .config console log report ci-upstream-mmots-kasan-gce
2017/09/28 01:16 linux-next 045c5205823f c26ea367 .config console log report ci-upstream-next-kasan-gce
2017/09/27 06:58 linux-next 045c5205823f c26ea367 .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.