syzbot

 sign-in | mailing list | source | docs
🐞 Open [1583]
Subsystems
🐞 Fixed [6167]
🐞 Invalid [15458]
Missing Backports [174]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in gro_cells_destroy (4)

Status: closed as invalid on 2024/10/14 08:46
Subsystems: net
[Documentation on labels]
First crash: 212d, last: 207d
Similar bugs (9)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in gro_cells_destroy net 62 2116d 2280d 0/28 auto-closed as invalid on 2019/10/25 08:37
upstream general protection fault in gro_cells_destroy (3) net 4 251d 314d 0/28 closed as invalid on 2024/08/26 16:08
upstream general protection fault in gro_cells_destroy (2) net 2 1180d 1196d 20/28 fixed on 2022/03/08 16:11
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (6) net 2 36d 36d 0/28 closed as invalid on 2025/03/30 10:14
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (5) net 2 2138d 2144d 0/28 closed as invalid on 2019/06/15 03:25
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (3) net 3 2205d 2221d 11/28 fixed on 2019/03/28 12:00
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (4) net 1 2172d 2172d 0/28 closed as invalid on 2019/05/15 23:07
upstream BUG: unable to handle kernel paging request in gro_cells_destroy (2) net 2 2266d 2278d 0/28 closed as invalid on 2019/02/06 03:52
upstream BUG: unable to handle kernel paging request in gro_cells_destroy net 5 2408d 2466d 0/28 closed as invalid on 2018/09/05 12:51

Sample crash report:
bond0 (unregistering): Released all slaves
Oops: general protection fault, probably for non-canonical address 0xf41ffbfd1fdf8f02: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: maybe wild-memory-access in range [0xa0ffffe8fefc7810-0xa0ffffe8fefc7817]
CPU: 3 UID: 0 PID: 1138 Comm: kworker/u32:9 Not tainted 6.11.0-rc7-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Workqueue: netns cleanup_net
RIP: 0010:__skb_unlink include/linux/skbuff.h:2418 [inline]
RIP: 0010:__skb_dequeue include/linux/skbuff.h:2434 [inline]
RIP: 0010:__skb_queue_purge_reason include/linux/skbuff.h:3288 [inline]
RIP: 0010:__skb_queue_purge include/linux/skbuff.h:3294 [inline]
RIP: 0010:gro_cells_destroy net/core/gro_cells.c:118 [inline]
RIP: 0010:gro_cells_destroy+0x1a9/0x4d0 net/core/gro_cells.c:106
Code: e8 03 80 3c 28 00 0f 85 71 02 00 00 48 8d 7a 08 49 8b 47 08 49 c7 07 00 00 00 00 48 89 f9 49 c7 47 08 00 00 00 00 48 c1 e9 03 <80> 3c 29 00 0f 85 2b 02 00 00 48 89 c1 48 89 42 08 48 c1 e9 03 80
RSP: 0018:ffffc90005f97a50 EFLAGS: 00010a02
RAX: ffffffe8fefc7808 RBX: ffffe8fefc780880 RCX: 141ffffd1fdf8f02
RDX: a0ffffe8fefc7808 RSI: ffffffff8909cac8 RDI: a0ffffe8fefc7810
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000008
R10: 0000000000000008 R11: 0000000000000000 R12: fffff91fdf8f0112
R13: 0000000000000001 R14: ffffe8fefc780890 R15: ffffe8fefc780881
FS:  0000000000000000(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002e80 CR3: 00000000242c0000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ip6gre_dev_free+0x19/0x30 net/ipv6/ip6_gre.c:1444
 netdev_run_todo+0x760/0x12d0 net/core/dev.c:10762
 cleanup_net+0x591/0xbb0 net/core/net_namespace.c:636
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xed0 kernel/workqueue.c:3389
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__skb_unlink include/linux/skbuff.h:2418 [inline]
RIP: 0010:__skb_dequeue include/linux/skbuff.h:2434 [inline]
RIP: 0010:__skb_queue_purge_reason include/linux/skbuff.h:3288 [inline]
RIP: 0010:__skb_queue_purge include/linux/skbuff.h:3294 [inline]
RIP: 0010:gro_cells_destroy net/core/gro_cells.c:118 [inline]
RIP: 0010:gro_cells_destroy+0x1a9/0x4d0 net/core/gro_cells.c:106
Code: e8 03 80 3c 28 00 0f 85 71 02 00 00 48 8d 7a 08 49 8b 47 08 49 c7 07 00 00 00 00 48 89 f9 49 c7 47 08 00 00 00 00 48 c1 e9 03 <80> 3c 29 00 0f 85 2b 02 00 00 48 89 c1 48 89 42 08 48 c1 e9 03 80
RSP: 0018:ffffc90005f97a50 EFLAGS: 00010a02
RAX: ffffffe8fefc7808 RBX: ffffe8fefc780880 RCX: 141ffffd1fdf8f02
RDX: a0ffffe8fefc7808 RSI: ffffffff8909cac8 RDI: a0ffffe8fefc7810
RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000008
R10: 0000000000000008 R11: 0000000000000000 R12: fffff91fdf8f0112
R13: 0000000000000001 R14: ffffe8fefc780890 R15: ffffe8fefc780881
FS:  0000000000000000(0000) GS:ffff88806a700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000560f7020f048 CR3: 0000000030122000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e8 03 80 3c 28       	call   0x283c8008
   5:	00 0f                	add    %cl,(%rdi)
   7:	85 71 02             	test   %esi,0x2(%rcx)
   a:	00 00                	add    %al,(%rax)
   c:	48 8d 7a 08          	lea    0x8(%rdx),%rdi
  10:	49 8b 47 08          	mov    0x8(%r15),%rax
  14:	49 c7 07 00 00 00 00 	movq   $0x0,(%r15)
  1b:	48 89 f9             	mov    %rdi,%rcx
  1e:	49 c7 47 08 00 00 00 	movq   $0x0,0x8(%r15)
  25:	00
  26:	48 c1 e9 03          	shr    $0x3,%rcx
* 2a:	80 3c 29 00          	cmpb   $0x0,(%rcx,%rbp,1) <-- trapping instruction
  2e:	0f 85 2b 02 00 00    	jne    0x25f
  34:	48 89 c1             	mov    %rax,%rcx
  37:	48 89 42 08          	mov    %rax,0x8(%rdx)
  3b:	48 c1 e9 03          	shr    $0x3,%rcx
  3f:	80                   	.byte 0x80

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/09 09:28 upstream da3ea35007d0 9750182a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in gro_cells_destroy
2024/09/08 15:52 upstream d1f2d51b711a 9750182a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in gro_cells_destroy
2024/09/13 18:45 upstream 196145c606d0 b58f933c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-mte BUG: unable to handle kernel paging request in gro_cells_destroy
* Struck through repros no longer work on HEAD.