general protection fault in cbs

general protection fault in cbs_destroy
Status: upstream: reported C repro on 2019/09/08 06:08
Reported-by: syzbot+3a8d6a998cbb73bcf337@syzkaller.appspotmail.com
First crash: 874d, last: 852d

Cause bisection: introduced by (bisect log) :
commit e0a7683d30e91e30ee6cf96314ae58a0314a095e
Author: Leandro Dorileo <leandro.maciel.dorileo@intel.com>
Date: Mon Apr 8 17:12:18 2019 +0000

net/sched: cbs: fix port_rate miscalculation

Crash: general protection fault in cbs_destroy (log)
Repro: C syz .config

Fix bisection: failed (bisect log)

similar bugs (1):
Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	general protection fault in cbs_destroy	C			2213	2h31m	731d	0/1	upstream: reported C repro on 2020/01/27 15:08

Sample crash report:

IPVS: ftp: loaded support on port[0] = 21
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9829 Comm: syz-executor938 Not tainted 5.3.0-rc8+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__list_del_entry_valid+0x85/0xf5 lib/list_debug.c:51
Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d
RSP: 0018:ffff88809689f450 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff8880921f9680 RCX: ffffffff8159c28a
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880921f99e8
RBP: ffff88809689f468 R08: 0000000000000004 R09: ffffed1012d13e7d
R10: ffffed1012d13e7c R11: 0000000000000003 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880921f99e0 R15: ffff8880921f9940
FS:  0000555556e2b880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200001c0 CR3: 00000000a1971000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __list_del_entry include/linux/list.h:131 [inline]
 list_del include/linux/list.h:139 [inline]
 cbs_destroy+0x7d/0x2a0 net/sched/sch_cbs.c:435
 qdisc_create+0xbc6/0x1210 net/sched/sch_api.c:1285
 tc_modify_qdisc+0x524/0x1c50 net/sched/sch_api.c:1652
 rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:5223
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440c69
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 10 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffd9e3e6f88 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004a23f0 RCX: 0000000000440c69
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 0000000120080522 R09: 0000000120080522
R10: 0000000120080522 R11: 0000000000000246 R12: 0000000000402170
R13: 0000000000402200 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 58f5f8ce23e586ff ]---
RIP: 0010:__list_del_entry_valid+0x85/0xf5 lib/list_debug.c:51
Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d
RSP: 0018:ffff88809689f450 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff8880921f9680 RCX: ffffffff8159c28a
RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff8880921f99e8
RBP: ffff88809689f468 R08: 0000000000000004 R09: ffffed1012d13e7d
R10: ffffed1012d13e7c R11: 0000000000000003 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8880921f99e0 R15: ffff8880921f9940
FS:  0000555556e2b880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200001c0 CR3: 00000000a1971000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (700):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro
ci-upstream-kasan-gce-root	2019/09/15 22:48	upstream	1609d7604b84	32d59357	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/15 13:10	upstream	1609d7604b84	32d59357	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2019/09/15 02:39	upstream	1609d7604b84	32d59357	.config	log	report	syz	C
ci-upstream-kasan-gce-selinux-root	2019/09/15 02:21	upstream	1609d7604b84	32d59357	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/07 09:32	upstream	1e3778cb223e	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/07 09:00	upstream	1e3778cb223e	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/07 08:31	upstream	1e3778cb223e	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/07 06:52	upstream	1e3778cb223e	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/07 06:21	upstream	1e3778cb223e	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/07 03:36	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/07 03:06	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2019/09/07 02:50	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2019/09/07 02:23	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2019/09/07 01:56	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2019/09/07 01:29	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2019/09/07 01:10	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-root	2019/09/07 01:03	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-smack-root	2019/09/06 13:38	upstream	3b47fd5ca9ea	040fda58	.config	log	report	syz	C
ci-upstream-kasan-gce-386	2019/09/14 22:56	upstream	a7f89616b737	32d59357	.config	log	report	syz	C
ci-upstream-kasan-gce-386	2019/09/07 02:34	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-386	2019/09/07 02:04	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce-386	2019/09/07 01:29	upstream	044597100037	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2019/09/07 14:21	net	0c04eb72d332	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2019/09/07 13:56	net	0c04eb72d332	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2019/09/07 13:31	net	0c04eb72d332	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2019/09/07 13:04	net	0c04eb72d332	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2019/09/07 06:40	net	74346c434cd2	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2019/09/07 06:13	net	74346c434cd2	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2019/09/07 09:37	net-next	1e46c09ec100	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2019/09/07 09:09	net-next	1e46c09ec100	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2019/09/07 08:42	net-next	1e46c09ec100	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2019/09/07 08:13	net-next	1e46c09ec100	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2019/09/07 06:30	net-next	1e46c09ec100	a60cb4cd	.config	log	report	syz	C
ci-upstream-net-kasan-gce	2019/09/07 06:02	net-next	1e46c09ec100	a60cb4cd	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/09/07 17:51	linux-next	6d028043b55e	a60cb4cd	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/09/07 17:26	linux-next	6d028043b55e	a60cb4cd	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/09/07 16:59	linux-next	6d028043b55e	a60cb4cd	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/09/07 16:34	linux-next	6d028043b55e	a60cb4cd	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/09/07 02:41	linux-next	6d028043b55e	a60cb4cd	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/09/07 02:14	linux-next	6d028043b55e	a60cb4cd	.config	log	report	syz	C
ci-upstream-linux-next-kasan-gce-root	2019/09/07 01:48	linux-next	6d028043b55e	a60cb4cd	.config	log	report	syz	C
ci-upstream-kasan-gce	2019/09/29 03:53	upstream	f1f2f614d535	eb6b9855	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/29 02:26	upstream	f1f2f614d535	eb6b9855	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/28 03:54	upstream	8f744bdee4fe	d8074e0b	.config	log	report
ci-upstream-kasan-gce-root	2019/09/27 20:46	upstream	da05b5ea12c1	d8074e0b	.config	log	report
ci-upstream-kasan-gce	2019/09/27 18:06	upstream	da05b5ea12c1	d8074e0b	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/27 03:49	upstream	cbafe18c7102	2f1548bc	.config	log	report
ci-upstream-kasan-gce-root	2019/09/27 03:11	upstream	cbafe18c7102	2f1548bc	.config	log	report
ci-upstream-kasan-gce-root	2019/09/26 16:56	upstream	f41def397161	24d405a3	.config	log	report
ci-upstream-kasan-gce-root	2019/09/26 15:20	upstream	f41def397161	24d405a3	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/26 12:17	upstream	f41def397161	24d405a3	.config	log	report
ci-upstream-kasan-gce	2019/09/26 11:01	upstream	f41def397161	24d405a3	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/26 08:48	upstream	f41def397161	24d405a3	.config	log	report
ci-upstream-kasan-gce-root	2019/09/25 12:20	upstream	351c8a09b00b	e38a6630	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/25 09:12	upstream	351c8a09b00b	e38a6630	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/25 06:26	upstream	351c8a09b00b	e38a6630	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/24 23:35	upstream	4c07e2ddab5b	0942eab8	.config	log	report
ci-upstream-kasan-gce-selinux-root	2019/09/24 11:05	upstream	e94f8ccde471	c68252d2	.config	log	report
ci-upstream-kasan-gce	2019/09/24 09:58	upstream	e94f8ccde471	c68252d2	.config	log	report
ci-upstream-kasan-gce-smack-root	2019/09/24 03:45	upstream	e94f8ccde471	c68252d2	.config	log	report
ci-upstream-kasan-gce-386	2019/09/28 05:02	upstream	8f744bdee4fe	d8074e0b	.config	log	report
ci-upstream-kasan-gce-386	2019/09/27 04:58	upstream	cbafe18c7102	2f1548bc	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/26 00:36	net	9f5c44cf61a7	a3355dba	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/25 06:13	net	5aafeb74b5bb	e38a6630	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/24 20:51	net	5aafeb74b5bb	0942eab8	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/24 16:55	net	5aafeb74b5bb	0942eab8	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/24 14:30	net	34b4688425d9	0942eab8	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/24 07:22	net	34b4688425d9	c68252d2	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/23 17:14	net	34b4688425d9	1e9788a0	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/23 12:23	net	34b4688425d9	d96e88f3	.config	log	report
ci-upstream-net-this-kasan-gce	2019/09/23 02:54	net	24ccb0ab95bf	d96e88f3	.config	log	report
ci-upstream-net-kasan-gce	2019/09/28 18:02	net-next	b41dae061bbd	eb6b9855	.config	log	report
ci-upstream-net-kasan-gce	2019/09/28 12:42	net-next	b41dae061bbd	eb6b9855	.config	log	report
ci-upstream-net-kasan-gce	2019/09/28 11:15	net-next	b41dae061bbd	d8074e0b	.config	log	report
ci-upstream-net-kasan-gce	2019/09/28 09:22	net-next	b41dae061bbd	d8074e0b	.config	log	report
ci-upstream-net-kasan-gce	2019/09/28 07:39	net-next	b41dae061bbd	d8074e0b	.config	log	report
ci-upstream-net-kasan-gce	2019/09/28 06:12	net-next	b41dae061bbd	d8074e0b	.config	log	report
ci-upstream-net-kasan-gce	2019/09/27 22:28	net-next	b41dae061bbd	d8074e0b	.config	log	report
ci-upstream-net-kasan-gce	2019/09/27 10:20	net-next	b41dae061bbd	2f1548bc	.config	log	report
ci-upstream-net-kasan-gce	2019/09/27 06:17	net-next	b41dae061bbd	2f1548bc	.config	log	report
ci-upstream-net-kasan-gce	2019/09/26 23:30	net-next	b41dae061bbd	2f1548bc	.config	log	report
ci-upstream-net-kasan-gce	2019/09/26 14:03	net-next	b41dae061bbd	24d405a3	.config	log	report
ci-upstream-net-kasan-gce	2019/09/26 02:25	net-next	b41dae061bbd	a3355dba	.config	log	report
ci-upstream-net-kasan-gce	2019/09/25 23:19	net-next	b41dae061bbd	a3355dba	.config	log	report
ci-upstream-net-kasan-gce	2019/09/25 10:18	net-next	b41dae061bbd	e38a6630	.config	log	report
ci-upstream-net-kasan-gce	2019/09/24 13:28	net-next	b41dae061bbd	c68252d2	.config	log	report
ci-upstream-net-kasan-gce	2019/09/24 00:57	net-next	b41dae061bbd	1e9788a0	.config	log	report
ci-upstream-net-kasan-gce	2019/09/23 22:20	net-next	b41dae061bbd	1e9788a0	.config	log	report
ci-upstream-net-kasan-gce	2019/09/23 09:27	net-next	b41dae061bbd	d96e88f3	.config	log	report
ci-upstream-net-kasan-gce	2019/09/23 08:18	net-next	b41dae061bbd	d96e88f3	.config	log	report
ci-upstream-net-kasan-gce	2019/09/23 06:07	net-next	b41dae061bbd	d96e88f3	.config	log	report
ci-upstream-net-kasan-gce	2019/09/23 01:29	net-next	b41dae061bbd	d96e88f3	.config	log	report
ci-upstream-net-kasan-gce	2019/09/23 00:02	net-next	b41dae061bbd	d96e88f3	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/09/25 11:19	linux-next	9e88347dedd8	e38a6630	.config	log	report