syzbot


general protection fault in fib6_purge_rt

Status: fixed on 2019/04/10 16:37
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+a25307ad099309f1c2b9@syzkaller.appspotmail.com
Fix commit: 9926cb5f8b0f tipc: change to check tipc_own_id to return in tipc_net_stop
First crash: 1932d, last: 1815d
Cause bisection: introduced by (bisect log) :
commit 52dfae5c85a4c1078e9f1d5e8947d4a25f73dd81
Author: Jon Maloy <jon.maloy@ericsson.com>
Date: Thu Mar 22 19:42:52 2018 +0000

  tipc: obtain node identity from interface by default

Crash: inconsistent lock state in rhashtable_walk_enter (log)
Repro: C syz .config
  
Discussions (6)
Title Replies (including bot) Last reply
inconsistent lock state in icmp_send 2 (5) 2020/11/11 14:02
WARNING: locking bug in icmp_send 2 (4) 2019/05/09 13:01
[PATCH 5.0 000/146] 5.0.6-stable review 155 (155) 2019/04/03 08:56
[PATCH 4.19 000/134] 4.19.33-stable review 140 (140) 2019/04/02 23:34
[PATCH net] tipc: change to check tipc_own_id to return in tipc_net_stop 4 (4) 2019/03/26 18:21
general protection fault in fib6_purge_rt 7 (10) 2019/03/21 13:55
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in fib6_purge_rt (2) net 36 1753d 1800d 0/26 auto-closed as invalid on 2019/10/25 08:50

Sample crash report:
Started in network mode
Own node identity ac1414aa, cluster identity 4711
New replicast peer: 172.20.20.187
Enabled bearer <udp:syz1>, priority 10
Enabling of bearer <udp:syz1> rejected, already enabled
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7821 Comm: syz-executor772 Not tainted 5.0.0-next-20190306 #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:fib6_drop_pcpu_from net/ipv6/ip6_fib.c:924 [inline]
RIP: 0010:fib6_purge_rt+0x4b3/0x670 net/ipv6/ip6_fib.c:960
Code: 0f b6 35 5a f6 44 03 31 ff 44 89 f6 e8 a6 1c 5b fb 45 84 f6 0f 84 b3 00 00 00 e8 58 1b 5b fb 49 8d 7f 70 48 89 f8 48 c1 e8 03 <80> 3c 18 00 0f 85 64 01 00 00 48 89 f8 4d 8b 77 70 48 c1 e8 03 80
RSP: 0018:ffff8880a5a26e98 EFLAGS: 00010202
RAX: 000000000000000e RBX: dffffc0000000000 RCX: ffffffff861579a9
RDX: 0000000000000000 RSI: ffffffff861578d8 RDI: 0000000000000071
RBP: ffff8880a5a26ef0 R08: ffff88808f9a6300 R09: ffffed101406c2f6
R10: ffffed101406c2f5 R11: ffff8880a03617af R12: 0000000000000000
R13: ffff8880a0361780 R14: 0000000000000001 R15: 0000000000000001
FS:  00007fe8383f8700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005612a363f110 CR3: 0000000093362000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 fib6_del_route net/ipv6/ip6_fib.c:1813 [inline]
 fib6_del+0xac2/0x10a0 net/ipv6/ip6_fib.c:1844
 fib6_clean_node+0x3a8/0x590 net/ipv6/ip6_fib.c:2006
 fib6_walk_continue+0x495/0x900 net/ipv6/ip6_fib.c:1928
 fib6_walk+0x9d/0x100 net/ipv6/ip6_fib.c:1976
 fib6_clean_tree+0xe0/0x120 net/ipv6/ip6_fib.c:2055
 __fib6_clean_all+0x118/0x2a0 net/ipv6/ip6_fib.c:2071
 fib6_clean_all+0x2b/0x40 net/ipv6/ip6_fib.c:2082
 rt6_sync_down_dev+0x134/0x150 net/ipv6/route.c:4051
 rt6_disable_ip+0x27/0x5f0 net/ipv6/route.c:4056
 addrconf_ifdown+0xa2/0x1220 net/ipv6/addrconf.c:3705
 addrconf_notify+0x19a/0x2260 net/ipv6/addrconf.c:3630
 notifier_call_chain+0xc7/0x240 kernel/notifier.c:93
 __raw_notifier_call_chain kernel/notifier.c:394 [inline]
 raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:401
 call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1739
 call_netdevice_notifiers_extack net/core/dev.c:1751 [inline]
 call_netdevice_notifiers net/core/dev.c:1765 [inline]
 dev_close_many+0x33f/0x6f0 net/core/dev.c:1508
 rollback_registered_many+0x43b/0xfd0 net/core/dev.c:8161
 rollback_registered+0x109/0x1d0 net/core/dev.c:8226
 unregister_netdevice_queue net/core/dev.c:9273 [inline]
 unregister_netdevice_queue+0x1ee/0x2c0 net/core/dev.c:9266
 unregister_netdevice include/linux/netdevice.h:2655 [inline]
 __tun_detach+0xd5b/0x1000 drivers/net/tun.c:727
 tun_detach drivers/net/tun.c:744 [inline]
 tun_chr_close+0xe0/0x180 drivers/net/tun.c:3435
 __fput+0x2e5/0x8d0 fs/file_table.c:278
 ____fput+0x16/0x20 fs/file_table.c:309
 task_work_run+0x14a/0x1c0 kernel/task_work.c:113
 exit_task_work include/linux/task_work.h:22 [inline]
 do_exit+0x90a/0x2fa0 kernel/exit.c:876
 do_group_exit+0x135/0x370 kernel/exit.c:980
 get_signal+0x399/0x1d50 kernel/signal.c:2577
 do_signal+0x87/0x1940 arch/x86/kernel/signal.c:816
 exit_to_usermode_loop+0x244/0x2c0 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x52d/0x610 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44bca9
Code: 5b 65 73 63 61 70 65 20 63 6f 6e 74 72 6f 6c 2d 63 68 61 72 61 63 74 65 72 73 5d 20 00 5b 64 72 6f 70 20 63 6f 6e 74 72 6f 6c <2d> 63 68 61 72 61 63 74 65 72 73 5d 20 00 5b 73 6c 61 73 68 65 73
RSP: 002b:00007fe8383f7cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 00000000006dec48 RCX: 000000000044bca9
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dec48
RBP: 00000000006dec40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dec4c
R13: 00007ffd4d27000f R14: 00007fe8383f89c0 R15: 000000000000002d
Modules linked in:
---[ end trace 9a88786341e68810 ]---
RIP: 0010:fib6_drop_pcpu_from net/ipv6/ip6_fib.c:924 [inline]
RIP: 0010:fib6_purge_rt+0x4b3/0x670 net/ipv6/ip6_fib.c:960
Code: 0f b6 35 5a f6 44 03 31 ff 44 89 f6 e8 a6 1c 5b fb 45 84 f6 0f 84 b3 00 00 00 e8 58 1b 5b fb 49 8d 7f 70 48 89 f8 48 c1 e8 03 <80> 3c 18 00 0f 85 64 01 00 00 48 89 f8 4d 8b 77 70 48 c1 e8 03 80
RSP: 0018:ffff8880a5a26e98 EFLAGS: 00010202
RAX: 000000000000000e RBX: dffffc0000000000 RCX: ffffffff861579a9
RDX: 0000000000000000 RSI: ffffffff861578d8 RDI: 0000000000000071
RBP: ffff8880a5a26ef0 R08: ffff88808f9a6300 R09: ffffed101406c2f6
R10: ffffed101406c2f5 R11: ffff8880a03617af R12: 0000000000000000
R13: ffff8880a0361780 R14: 0000000000000001 R15: 0000000000000001
FS:  00007fe8383f8700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005612a363f110 CR3: 0000000093362000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (60):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/03/12 18:48 linux-next cf08baa29613 a71bfb62 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/04/01 21:13 upstream 5e7a8ca31926 a9ca43d4 .config console log report ci-upstream-kasan-gce-smack-root
2019/03/04 01:48 upstream 1c163f4c7b3f 1c0e457a .config console log report ci-upstream-kasan-gce
2019/03/01 12:17 upstream 7d762d69145a 8a4b3a6b .config console log report ci-upstream-kasan-gce-smack-root
2019/03/01 08:28 upstream 7d762d69145a 8a4b3a6b .config console log report ci-upstream-kasan-gce
2019/02/25 09:15 upstream 5908e6b738e3 a70141bf .config console log report ci-upstream-kasan-gce-smack-root
2019/02/24 13:35 upstream e60b5f79bd75 7a06e792 .config console log report ci-upstream-kasan-gce-root
2019/02/17 19:03 upstream 8d33316d5205 3e98cc30 .config console log report ci-upstream-kasan-gce
2019/02/16 22:38 upstream 5ded5871030e f42dee6d .config console log report ci-upstream-kasan-gce
2019/02/09 19:30 upstream 46c291e277f9 d75f7686 .config console log report ci-upstream-kasan-gce
2019/02/05 00:27 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce
2019/02/04 12:12 upstream 8834f5600cf3 d672172c .config console log report ci-upstream-kasan-gce
2019/01/29 06:54 upstream 4aa9fc2a435a aa432daf .config console log report ci-upstream-kasan-gce
2019/01/28 03:11 upstream 983542434e6b c73f090a .config console log report ci-upstream-kasan-gce
2019/01/17 06:46 upstream 47bfa6d9dc8c c2faf9b2 .config console log report ci-upstream-kasan-gce-selinux-root
2019/01/07 01:37 upstream 574823bfab82 ee332608 .config console log report ci-upstream-kasan-gce-selinux-root
2019/01/05 22:22 upstream f1c2f8857c5a 53be0a37 .config console log report ci-upstream-kasan-gce-root
2019/03/06 01:25 upstream 63bdf4284c38 16559f86 .config console log report ci-upstream-kasan-gce-386
2019/03/02 21:01 upstream c93d9218ea56 1c0e457a .config console log report ci-upstream-kasan-gce-386
2019/02/21 23:42 upstream 8a61716ff2ab 7ff74a98 .config console log report ci-upstream-kasan-gce-386
2019/01/13 20:09 upstream e1706720408e c3f3344c .config console log report ci-upstream-kasan-gce-386
2019/04/08 20:29 net-old 5055376a3b44 0dfb0452 .config console log report ci-upstream-net-this-kasan-gce
2019/04/06 01:31 net-old 7f46774c6480 fa763482 .config console log report ci-upstream-net-this-kasan-gce
2019/03/30 17:03 net-old 4d31c4fa3f9e c35ee0ea .config console log report ci-upstream-net-this-kasan-gce
2019/03/26 10:01 net-old 27602e2c44da 55684ce1 .config console log report ci-upstream-net-this-kasan-gce
2019/03/25 12:12 net-old 526949e877f4 2c86e0a5 .config console log report ci-upstream-net-this-kasan-gce
2019/03/24 20:07 net-old 526949e877f4 acbc5b7d .config console log report ci-upstream-net-this-kasan-gce
2019/03/17 21:07 net-old 517ccc2aa50d ba18afea .config console log report ci-upstream-net-this-kasan-gce
2019/03/17 17:29 net-old 517ccc2aa50d ba18afea .config console log report ci-upstream-net-this-kasan-gce
2019/03/17 09:12 net-old 9180bb4f0460 bab43553 .config console log report ci-upstream-net-this-kasan-gce
2019/03/10 01:56 net-old 1f5d861f7fef 12365b99 .config console log report ci-upstream-net-this-kasan-gce
2019/03/10 00:20 net-old 1f5d861f7fef 12365b99 .config console log report ci-upstream-net-this-kasan-gce
2019/03/08 17:07 net-old 1e027960edfa 12365b99 .config console log report ci-upstream-net-this-kasan-gce
2019/03/08 14:00 net-old 1e027960edfa 12365b99 .config console log report ci-upstream-net-this-kasan-gce
2019/03/07 04:53 net-old a10674bf2406 18215b8d .config console log report ci-upstream-net-this-kasan-gce
2019/02/10 17:47 net-old ccc8ca9b90ac b4f792e4 .config console log report ci-upstream-net-this-kasan-gce
2018/12/12 15:51 net-old ee28b30cbbe0 c3b10a5d .config console log report ci-upstream-net-this-kasan-gce
2019/04/01 19:21 net-next-old f5d547676ca0 a9ca43d4 .config console log report ci-upstream-net-kasan-gce
2019/03/29 01:04 net-next-old eda3d1b02284 14c58f8d .config console log report ci-upstream-net-kasan-gce
2019/03/26 23:45 net-next-old be67101fbf27 55684ce1 .config console log report ci-upstream-net-kasan-gce
2019/03/25 08:34 net-next-old 68cc2999f692 2c86e0a5 .config console log report ci-upstream-net-kasan-gce
2019/03/24 07:34 net-next-old 3b0f31f2b8c9 a2cef203 .config console log report ci-upstream-net-kasan-gce
2019/03/19 21:58 net-next-old 310974faccda e4549234 .config console log report ci-upstream-net-kasan-gce
2019/03/16 17:41 net-next-old 3b319ee220a8 bab43553 .config console log report ci-upstream-net-kasan-gce
2019/03/09 20:13 net-next-old d9862cfbe209 12365b99 .config console log report ci-upstream-net-kasan-gce
2019/03/07 19:09 net-next-old d9862cfbe209 8c085c5e .config console log report ci-upstream-net-kasan-gce
2019/03/07 06:33 net-next-old d9862cfbe209 18215b8d .config console log report ci-upstream-net-kasan-gce
2019/03/06 01:53 net-next-old d9862cfbe209 16559f86 .config console log report ci-upstream-net-kasan-gce
2019/03/02 23:51 net-next-old cf29576fee60 1c0e457a .config console log report ci-upstream-net-kasan-gce
2019/02/28 02:47 net-next-old 1d9978757d38 34ec456b .config console log report ci-upstream-net-kasan-gce
2019/02/26 08:19 net-next-old ace4a267e89f 8022bafd .config console log report ci-upstream-net-kasan-gce
2019/02/23 11:41 net-next-old e59d790959b4 18107ce0 .config console log report ci-upstream-net-kasan-gce
2019/02/17 17:24 net-next-old f186a82b10dc 3e98cc30 .config console log report ci-upstream-net-kasan-gce
2019/02/14 15:01 net-next-old d4b242a7884f 6a46f448 .config console log report ci-upstream-net-kasan-gce
2019/02/09 01:27 net-next-old 998a8a8387ff fa6c7b70 .config console log report ci-upstream-net-kasan-gce
2019/02/02 10:35 net-next-old d6b0a01faa6a c198d5dd .config console log report ci-upstream-net-kasan-gce
2019/01/23 10:15 net-next-old 33a0efa4baec 7cf3249c .config console log report ci-upstream-net-kasan-gce
2019/01/23 05:43 net-next-old 1435d9970378 b1ff06b2 .config console log report ci-upstream-net-kasan-gce
2019/01/11 09:26 net-next-old b71acb0e3721 80dde172 .config console log report ci-upstream-net-kasan-gce
2019/01/07 20:42 net-next-old b71acb0e3721 69d69aa9 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.