general protection fault in l3mdev_master_ifindex_rcu

Status: auto-closed as invalid on 2020/12/30 11:41
First crash: 728d, last: 674d

Sample crash report:
md: could not open unknown-block(5,0).
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
sctp: [Deprecated]: syz-executor.3 (pid 13790) Use of int in max_burst socket option.
Use struct sctp_assoc_value instead
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: ipv6_addrconf addrconf_dad_work
task: ffff8880a9a5e640 task.stack: ffff8880a9a70000
md: md_import_device returned -6
RIP: 0010:netif_is_l3_master include/linux/netdevice.h:4225 [inline]
RIP: 0010:l3mdev_master_ifindex_rcu+0x32/0x120 net/l3mdev/l3mdev.c:28
RSP: 0018:ffff8880a9a77128 EFLAGS: 00010207
RAX: dffffc0000000000 RBX: 0000000706ffffb0 RCX: 1ffff1101534bde7
RDX: 00000000e0e00039 RSI: ffff8880a9a5efe0 RDI: 00000007070001cc
RBP: 0000000706ffffb0 R08: ffffffff8a0a2b50 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880a9a771c8 R14: ffff888082f542c0 R15: ffff888082f54438
FS:  0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020762000 CR3: 0000000007c6a000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ipv6_dev_get_saddr+0x43b/0x9c0 net/ipv6/addrconf.c:1732
 ip6_route_get_saddr include/net/ip6_route.h:111 [inline]
 ip6_dst_lookup_tail+0x107c/0x16c0 net/ipv6/ip6_output.c:977
 ip6_dst_lookup_flow+0x7c/0x190 net/ipv6/ip6_output.c:1098
 geneve_get_v6_dst+0x3a6/0x800 drivers/net/geneve.c:799
 geneve6_xmit_skb drivers/net/geneve.c:877 [inline]
 geneve_xmit+0x373/0x2720 drivers/net/geneve.c:930
 __netdev_start_xmit include/linux/netdevice.h:4039 [inline]
 netdev_start_xmit include/linux/netdevice.h:4048 [inline]
 xmit_one net/core/dev.c:3005 [inline]
 dev_hard_start_xmit+0x188/0x890 net/core/dev.c:3021
 __dev_queue_xmit+0x1d7f/0x2480 net/core/dev.c:3521
 neigh_resolve_output+0x4e5/0x870 net/core/neighbour.c:1369
 neigh_output include/net/neighbour.h:500 [inline]
 ip6_finish_output2+0xf48/0x1f10 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x60c/0xaf0 net/ipv6/ip6_output.c:154
 NF_HOOK_COND include/linux/netfilter.h:239 [inline]
 ip6_output+0x1c5/0x660 net/ipv6/ip6_output.c:171
 dst_output include/net/dst.h:470 [inline]
 NF_HOOK include/linux/netfilter.h:250 [inline]
 ndisc_send_skb+0x82a/0x1390 net/ipv6/ndisc.c:483
 ndisc_send_ns+0x4ca/0x7c0 net/ipv6/ndisc.c:625
 addrconf_dad_work+0x96f/0xef0 net/ipv6/addrconf.c:4004
 process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: e8 74 9b 0e fb 48 85 ed 0f 84 92 00 00 00 e8 66 9b 0e fb 48 8d bd 1c 02 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 
RIP: netif_is_l3_master include/linux/netdevice.h:4225 [inline] RSP: ffff8880a9a77128
RIP: l3mdev_master_ifindex_rcu+0x32/0x120 net/l3mdev/l3mdev.c:28 RSP: ffff8880a9a77128
---[ end trace d0658eea515833bd ]---

Crashes (2):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/09/01 11:40 linux-4.14.y d7e78d08fa77 d5a3ae1f .config log report
ci2-linux-4-14 2020/07/09 04:55 linux-4.14.y b850307b279c 9f9845eb .config log report