syzbot

 sign-in | mailing list | source | docs
🐞 Open [981] Subsystems 🐞 Fixed [5235] 🐞 Invalid [12495] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

general protection fault in batadv_iv_ogm_schedule_buff

Status: fixed on 2020/04/15 17:19
Subsystems: batman
[Documentation on labels]
Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com
Fix commit: 8e8ce08198de batman-adv: Don't schedule OGM for disabled interface
First crash: 1613d, last: 1506d
Discussions (13)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 5.4 01/73] cgroup-v1: cgroup_pidlist_next should update position index 80 (80) 2020/04/08 09:48
[PATCH 4.4 00/93] 4.4.217-rc1 review 100 (100) 2020/03/21 07:12
[PATCH 4.9 00/90] 4.9.217-rc1 review 94 (94) 2020/03/21 00:48
[PATCH 4.14 00/99] 4.14.174-rc1 review 103 (103) 2020/03/21 00:44
[PATCH 4.19 00/89] 4.19.111-rc1 review 97 (97) 2020/03/19 10:04
[PATCH AUTOSEL 4.9 01/15] batman-adv: Don't schedule OGM for disabled interface 15 (15) 2020/03/18 20:56
[PATCH AUTOSEL 4.14 01/28] cgroup-v1: cgroup_pidlist_next should update position index 28 (28) 2020/03/18 20:55
[PATCH AUTOSEL 4.19 01/37] cgroup-v1: cgroup_pidlist_next should update position index 37 (37) 2020/03/18 20:55
[PATCH AUTOSEL 5.5 01/84] cgroup-v1: cgroup_pidlist_next should update position index 8 (8) 2020/03/18 20:52
[PATCH 5.5 000/151] 5.5.10-rc1 review 158 (158) 2020/03/18 10:00
[PATCH 5.4 000/123] 5.4.26-rc1 review 127 (127) 2020/03/18 00:04
[PATCH 0/1] pull request for net: batman-adv 2020-03-06 3 (3) 2020/03/10 02:25
general protection fault in batadv_iv_ogm_schedule_buff 0 (1) 2020/02/16 10:49
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 general protection fault in batadv_iv_ogm_schedule_buff (2) 2 911d 954d 0/1 auto-closed as invalid on 2022/02/23 03:02
linux-4.14 general protection fault in batadv_iv_ogm_schedule_buff 1 1467d 1467d 1/1 fixed on 2020/07/08 19:03
linux-4.14 general protection fault in batadv_iv_ogm_schedule_buff (2) 1 1385d 1385d 0/1 auto-closed as invalid on 2020/11/06 04:28
linux-4.19 general protection fault in batadv_iv_ogm_schedule_buff 6 1498d 1554d 1/1 fixed on 2020/07/08 18:45
linux-4.14 general protection fault in batadv_iv_ogm_schedule_buff (3) 1 1152d 1152d 0/1 auto-closed as invalid on 2021/06/27 06:13
upstream general protection fault in batadv_iv_ogm_schedule_buff (2) batman 4 1302d 1386d 0/26 auto-closed as invalid on 2021/01/27 07:05

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 0 PID: 31046 Comm: kworker/u4:3 Not tainted 5.6.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
RIP: 0010:batadv_iv_ogm_schedule_buff+0x3f4/0x12d0 net/batman-adv/bat_iv_ogm.c:814
Code: c1 ea 03 80 3c 02 00 0f 85 e5 0d 00 00 4d 8b a7 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 16 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b8
RSP: 0018:ffffc90001c97bb8 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11008277979
RDX: 0000000000000002 RSI: ffffffff87cc2d18 RDI: 0000000000000016
RBP: ffffc90001c97ca8 R08: 0000000000000004 R09: ffff8880413bcbd0
R10: fffffbfff154b530 R11: ffffffff8aa5a987 R12: 0000000000000000
R13: 0000000000000001 R14: ffffc90001c97c40 R15: ffff88808f885800
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004ef1f0 CR3: 000000009a63d000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:865 [inline]
 batadv_iv_ogm_schedule net/batman-adv/bat_iv_ogm.c:858 [inline]
 batadv_iv_send_outstanding_bat_ogm_packet+0x5da/0x7c0 net/batman-adv/bat_iv_ogm.c:1718
 process_one_work+0xa05/0x17a0 kernel/workqueue.c:2264
 worker_thread+0x98/0xe40 kernel/workqueue.c:2410
 kthread+0x361/0x430 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace 9515447b0733621d ]---
RIP: 0010:batadv_iv_ogm_schedule_buff+0x3f4/0x12d0 net/batman-adv/bat_iv_ogm.c:814
Code: c1 ea 03 80 3c 02 00 0f 85 e5 0d 00 00 4d 8b a7 88 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 16 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 b8
RSP: 0018:ffffc90001c97bb8 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11008277979
RDX: 0000000000000002 RSI: ffffffff87cc2d18 RDI: 0000000000000016
RBP: ffffc90001c97ca8 R08: 0000000000000004 R09: ffff8880413bcbd0
R10: fffffbfff154b530 R11: ffffffff8aa5a987 R12: 0000000000000000
R13: 0000000000000001 R14: ffffc90001c97c40 R15: ffff88808f885800
FS:  0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004ef1f0 CR3: 000000008f8f9000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (24):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/02/20 16:15 upstream ca7e1fd1026c 81230308 .config console log report ci-upstream-kasan-gce-root
2020/02/18 19:45 upstream b1da3acc781c 012fbc32 .config console log report ci-upstream-kasan-gce-root
2020/02/15 02:15 upstream 2019fc96af22 5d7b90f1 .config console log report ci-upstream-kasan-gce-root
2020/01/28 14:00 upstream b0be0eff1a5a 56cd6c9b .config console log report ci-upstream-kasan-gce
2020/01/27 05:22 upstream a45ea48e2bcd dd56146d .config console log report ci-upstream-kasan-gce-root
2020/01/19 20:34 upstream 8f8972a3127f 0342f8c7 .config console log report ci-upstream-kasan-gce
2020/01/15 10:29 upstream 95e20af9fb9c fa12bd3c .config console log report ci-upstream-kasan-gce-root
2020/01/14 13:01 upstream b3a987b0264d 32881205 .config console log report ci-upstream-kasan-gce-root
2020/01/10 21:35 upstream e69ec487b2c7 4de4e9f0 .config console log report ci-upstream-kasan-gce
2020/03/10 01:06 net-old 661388f9b000 35f53e45 .config console log report ci-upstream-net-this-kasan-gce
2020/03/06 06:18 bpf 542bf38f11d1 c88c7b75 .config console log report ci-upstream-bpf-kasan-gce
2020/02/13 17:22 net-old b9287f2ac321 c5ed587f .config console log report ci-upstream-net-this-kasan-gce
2020/01/27 14:35 net-old 2821e26f3a0a dd56146d .config console log report ci-upstream-net-this-kasan-gce
2020/03/05 07:28 net-next-old 3b3e808cd883 c88c7b75 .config console log report ci-upstream-net-kasan-gce
2020/02/29 19:21 net-next-old c3e042f54107 59b57593 .config console log report ci-upstream-net-kasan-gce
2020/02/18 11:46 bpf-next 92df9f8a745e 1ce142dc .config console log report ci-upstream-bpf-next-kasan-gce
2020/02/15 12:57 bpf-next 2019fc96af22 5d7b90f1 .config console log report ci-upstream-bpf-next-kasan-gce
2020/02/04 22:00 bpf-next b3a608222336 93e5e335 .config console log report ci-upstream-bpf-next-kasan-gce
2020/02/03 05:30 net-next-old 9f68e3655aae 93e5e335 .config console log report ci-upstream-net-kasan-gce
2020/02/01 01:14 bpf-next b3a608222336 c30117b2 .config console log report ci-upstream-bpf-next-kasan-gce
2020/01/22 03:59 net-next-old 4f2c17e0f332 8eda0b95 .config console log report ci-upstream-net-kasan-gce
2020/01/29 20:23 linux-next 2747d5fdab78 5ed23f9a .config console log report ci-upstream-linux-next-kasan-gce-root
2020/01/22 18:34 linux-next 2747d5fdab78 8eda0b95 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/11/23 08:47 linux-next b9d3d0140506 598ca6c8 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.