syzbot


general protection fault in ip6_pol_route

Status: fixed on 2024/06/18 11:11
Subsystems: net
[Documentation on labels]
Fix commit: b01e1c030770 ipv6: fix possible race in __fib6_drop_pcpu_from()
First crash: 212d, last: 174d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: use-after-free Read in ip6_pol_route (2) net C done unreliable 9 953d 1388d 0/28 auto-obsoleted due to no activity on 2022/09/19 15:39
upstream general protection fault in ip6_pol_route (2) net 15 166d 173d 0/28 auto-obsoleted due to no activity on 2024/08/28 04:33
linux-5.15 KASAN: use-after-free Read in ip6_pol_route 1 257d 257d 0/3 auto-obsoleted due to no activity on 2024/07/04 16:14
upstream Internal error in ip6_pol_route net 2 394d 417d 0/28 auto-obsoleted due to no activity on 2024/02/18 23:43

Sample crash report:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000013: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000098-0x000000000000009f]
CPU: 0 PID: 1148 Comm: kworker/0:3 Not tainted 6.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker
RIP: 0010:rt6_get_pcpu_route net/ipv6/route.c:1407 [inline]
RIP: 0010:ip6_pol_route+0x3bc/0x1150 net/ipv6/route.c:2262
Code: f7 48 85 ed 0f 84 52 03 00 00 e8 4f 16 fc f7 48 8d bd 98 00 00 00 49 89 ec 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a3 08 00 00 8b 85 98 00 00 00
RSP: 0018:ffffc900000072e8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880120d1cc0 RCX: ffffffff8991be93
RDX: 0000000000000013 RSI: ffffffff8991bea1 RDI: 000000000000009b
RBP: 0000000000000003 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000003 R12: 0000000000000003
R13: 1ffff92000000e61 R14: 0000000000000080 R15: ffffc90000007368
FS:  0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efe3e408108 CR3: 0000000061fc2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <IRQ>
 pol_lookup_func include/net/ip6_fib.h:616 [inline]
 fib6_rule_lookup+0x536/0x720 net/ipv6/fib6_rules.c:116
 ip6_route_input_lookup net/ipv6/route.c:2298 [inline]
 ip6_route_input+0x663/0xc10 net/ipv6/route.c:2594
 ip6_rcv_finish_core.constprop.0+0x1a0/0x5d0 net/ipv6/ip6_input.c:66
 ip6_list_rcv_finish.constprop.0+0x213/0xb50 net/ipv6/ip6_input.c:131
 ip6_sublist_rcv net/ipv6/ip6_input.c:320 [inline]
 ipv6_list_rcv+0x33d/0x450 net/ipv6/ip6_input.c:355
 __netif_receive_skb_list_ptype net/core/dev.c:5667 [inline]
 __netif_receive_skb_list_core+0x558/0x950 net/core/dev.c:5715
 __netif_receive_skb_list net/core/dev.c:5767 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5859
 gro_normal_list include/net/gro.h:515 [inline]
 gro_normal_list include/net/gro.h:511 [inline]
 napi_complete_done+0x23f/0x9a0 net/core/dev.c:6202
 wg_packet_rx_poll+0xd57/0x21d0 drivers/net/wireguard/receive.c:488
 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6721
 napi_poll net/core/dev.c:6790 [inline]
 net_rx_action+0x9b6/0xf10 net/core/dev.c:6906
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 do_softirq kernel/softirq.c:455 [inline]
 do_softirq+0xb2/0xf0 kernel/softirq.c:442
 </IRQ>
 <TASK>
 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:382
 spin_unlock_bh include/linux/spinlock.h:396 [inline]
 ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]
 wg_packet_decrypt_worker+0x35d/0x530 drivers/net/wireguard/receive.c:499
 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rt6_get_pcpu_route net/ipv6/route.c:1407 [inline]
RIP: 0010:ip6_pol_route+0x3bc/0x1150 net/ipv6/route.c:2262
Code: f7 48 85 ed 0f 84 52 03 00 00 e8 4f 16 fc f7 48 8d bd 98 00 00 00 49 89 ec 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a3 08 00 00 8b 85 98 00 00 00
RSP: 0018:ffffc900000072e8 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff8880120d1cc0 RCX: ffffffff8991be93
RDX: 0000000000000013 RSI: ffffffff8991bea1 RDI: 000000000000009b
RBP: 0000000000000003 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000003 R11: 0000000000000003 R12: 0000000000000003
R13: 1ffff92000000e61 R14: 0000000000000080 R15: ffffc90000007368
FS:  0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007efe3e408108 CR3: 0000000061fc2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	f7 48 85 ed 0f 84 52 	testl  $0x52840fed,-0x7b(%rax)
   7:	03 00                	add    (%rax),%eax
   9:	00 e8                	add    %ch,%al
   b:	4f 16                	rex.WRXB (bad)
   d:	fc                   	cld
   e:	f7 48 8d bd 98 00 00 	testl  $0x98bd,-0x73(%rax)
  15:	00 49 89             	add    %cl,-0x77(%rcx)
  18:	ec                   	in     (%dx),%al
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax <-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	74 08                	je     0x3a
  32:	3c 03                	cmp    $0x3,%al
  34:	0f 8e a3 08 00 00    	jle    0x8dd
  3a:	8b 85 98 00 00 00    	mov    0x98(%rbp),%eax

Crashes (73):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/27 09:25 upstream 1613e604df0c a10a183e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in ip6_pol_route
2024/06/18 03:16 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/17 23:19 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/17 21:57 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/17 10:58 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/16 17:04 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/16 05:49 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/16 03:46 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/15 22:35 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/15 21:06 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/15 15:27 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/15 12:31 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/15 06:04 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/15 05:52 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/14 08:50 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/14 04:46 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/13 20:34 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/13 00:47 upstream cea2a26553ac c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/12 06:07 upstream 2ef5971ff345 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/11 22:37 upstream 83a7eefedc9b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/10 11:59 upstream 83a7eefedc9b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/07 22:50 upstream 96e09b8f8166 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/05 08:00 upstream 32f88d65f01b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/05 00:28 upstream 32f88d65f01b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/04 21:59 upstream 32f88d65f01b c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/04 17:12 upstream 2ab795141095 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/04 10:44 upstream 2ab795141095 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/04 02:38 upstream f06ce441457d c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/03 18:50 upstream f06ce441457d c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/03 10:44 upstream c3f38fa61af7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/03 05:33 upstream c3f38fa61af7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/02 15:01 upstream 83814698cf48 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/02 07:35 upstream ec9eeb89e60d c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/06/01 08:06 upstream d8ec19857b09 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/31 08:10 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/31 06:44 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/31 06:40 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/31 01:49 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/30 22:58 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/30 16:45 upstream 4a4be1ad3a6e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/28 21:55 upstream e0cce98fe279 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/27 23:34 upstream 2bfcfd584ff5 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/26 22:38 upstream c13320499ba0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/26 22:28 upstream c13320499ba0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/26 22:21 upstream c13320499ba0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/26 20:54 upstream c13320499ba0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/26 12:51 upstream c13320499ba0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/26 02:39 upstream 54f71b0369c9 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/26 02:14 upstream 54f71b0369c9 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/25 18:22 upstream 56fb6f92854f c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/25 02:10 upstream 02c438bbfffe c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/24 13:10 upstream 6d69b6c12fce c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/24 10:17 upstream 6d69b6c12fce c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/24 09:33 upstream 6d69b6c12fce c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/24 00:04 upstream c760b3725e52 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/23 20:07 upstream c760b3725e52 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/22 21:06 upstream 29c73fc794c8 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/21 10:17 upstream 8f6a15f095a6 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/20 23:06 upstream 6e51b4b5bbc0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/20 22:54 upstream 6e51b4b5bbc0 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/20 14:04 upstream eb6a9339efeb c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/20 06:17 upstream eb6a9339efeb c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/20 00:13 upstream eb6a9339efeb c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/19 12:40 upstream 0450d2083be6 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/18 14:49 upstream 4b377b4868ef c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/17 20:17 upstream ff2632d7d08e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/17 11:23 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/12 09:59 upstream cf87f46fd34d 9026e142 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/11 02:20 upstream f4345f05c0df 9026e142 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in ip6_pol_route
2024/05/16 12:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in ip6_pol_route
* Struck through repros no longer work on HEAD.