syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

general protection fault in genl_rcv

Status: auto-obsoleted due to no activity on 2023/01/05 09:34
Reported-by: syzbot+bfffc0cf4311e49c741b@syzkaller.appspotmail.com
First crash: 808d, last: 808d

Sample crash report:
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail.cold+0x10a/0x149 lib/fault-inject.c:149
kasan: CONFIG_KASAN_INLINE enabled
 should_failslab+0xd6/0x130 mm/failslab.c:32
kasan: GPF could be caused by NULL-ptr deref or user memory access
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc_node mm/slab.c:3297 [inline]
 kmem_cache_alloc_node+0x263/0x410 mm/slab.c:3640
general protection fault: 0000 [#1] PREEMPT SMP KASAN
 __alloc_skb+0x5c/0x510 net/core/skbuff.c:193
Modules linked in:
 alloc_skb include/linux/skbuff.h:980 [inline]
 kobject_uevent_env+0x882/0xf30 lib/kobject_uevent.c:480
CPU: 1 PID: 7192 Comm: systemd-udevd Not tainted 4.14.292-syzkaller #0
 nbd_size_clear drivers/block/nbd.c:267 [inline]
 nbd_config_put+0x50a/0x6c0 drivers/block/nbd.c:1147
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022
task: ffff8880aac1c540 task.stack: ffff88809a2a0000
 nbd_genl_connect+0xcb9/0x13e0 drivers/block/nbd.c:1901
RIP: 0010:__lock_acquire+0x1cc/0x3f20 kernel/locking/lockdep.c:3369
RSP: 0018:ffff88809a2a7938 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000022 RSI: 0000000000000000 RDI: 0000000000000110
 genl_family_rcv_msg+0x572/0xb20 net/netlink/genetlink.c:600
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: ffff8880aac1c540 R12: 0000000000000110
R13: 0000000000000000 R14: 0000000000000001 R15: ffffffff8becddc0
FS:  00007f10edfdc8c0(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
 genl_rcv_msg+0xaf/0x140 net/netlink/genetlink.c:625
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2454
CR2: 00007f002a129000 CR3: 0000000092125000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:636
 netlink_unicast_kernel net/netlink/af_netlink.c:1296 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1322
 netlink_sendmsg+0x648/0xbc0 net/netlink/af_netlink.c:1893
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 nbd_disconnect_and_put+0xc3/0x140 drivers/block/nbd.c:1917
 nbd_release+0x123/0x150 drivers/block/nbd.c:1448
 __blkdev_put+0x5aa/0x800 fs/block_dev.c:1803
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 blkdev_close+0x86/0xb0 fs/block_dev.c:1875
 __fput+0x25f/0x7a0 fs/file_table.c:210
 task_work_run+0x11f/0x190 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:191 [inline]
 exit_to_usermode_loop+0x1ad/0x200 arch/x86/entry/common.c:164
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:270 [inline]
 do_syscall_64+0x4a3/0x640 arch/x86/entry/common.c:297
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
RIP: 0033:0x7f10ed122270
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RSP: 002b:00007ffe1c88b128 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RIP: 0033:0x7f1f57bd7279
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f10ed122270
RSP: 002b:00007f1f5654c168 EFLAGS: 00000246
RDX: 000000000aba9500 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f10edfdc710 R08: 000000000000004a R09: 0000000000000008
 ORIG_RAX: 000000000000002e
R10: 0000562cd64a58f8 R11: 0000000000000246 R12: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f1f57ce9f80 RCX: 00007f1f57bd7279
R13: 0000562cd64a8070 R14: 0000000000000003 R15: 000000000000000e
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000005
Code: 
RBP: 00007f1f5654c1d0 R08: 0000000000000000 R09: 0000000000000000
18 
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
00 
R13: 00007ffe1cc9b59f R14: 00007f1f5654c300 R15: 0000000000022000
00 00 00 48 81 c4 80 01 00 00 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 67 2a 00 00 49 81 3c 24 e0 97 2f 8b 0f 84 5f 
RIP: __lock_acquire+0x1cc/0x3f20 kernel/locking/lockdep.c:3369 RSP: ffff88809a2a7938
nbd: must specify at least one socket
---[ end trace 9418e77600ab763a ]---
netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/09/07 09:33 linux-4.14.y 65640c873dcf 5fc30c37 .config console log report info [disk image] [vmlinux] ci2-linux-4-14 general protection fault in genl_rcv
* Struck through repros no longer work on HEAD.