syzbot


general protection fault in hidraw_release

Status: upstream: reported C repro on 2022/01/04 07:49
Subsystems: input (incorrect?)
Reported-by: syzbot+953a33deaf38c66a915e@syzkaller.appspotmail.com
First crash: 454d, last: 1d20h

Cause bisection: introduced by (bisect log) :
commit e4b8954074f6d0db01c8c97d338a67f9389c042f
Author: Eric Dumazet <edumazet@google.com>
Date: Tue Dec 7 01:30:37 2021 +0000

  netlink: add net device refcount tracker to struct ethnl_req_info

Crash: WARNING in free_netdev (log)
Repro: C syz .config
Last patch testing requests:
Created Duration User Patch Repo Result
2022/02/04 05:47 11m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ 9f7fb8de5d9b OK
2022/02/03 10:22 11m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ 9f7fb8de5d9b report log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f]
CPU: 1 PID: 6394 Comm: syz-executor250 Not tainted 6.2.0-syzkaller-08237-ga5c95ca18a98 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023
RIP: 0010:__lock_acquire+0xd80/0x5d40 kernel/locking/lockdep.c:4926
Code: 53 0f 41 be 01 00 00 00 0f 86 8e 00 00 00 89 05 a6 9e 53 0f e9 83 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c5 32 00 00 48 81 3b a0 66 0f 90 0f 84 52 f3 ff
RSP: 0018:ffffc9000587faf0 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000088 RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88802cfd6200 R14: 0000000000000000 R15: 0000000000000001
FS:  00005555561e3400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555561e46e8 CR3: 000000002286f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire kernel/locking/lockdep.c:5669 [inline]
 lock_acquire+0x1e3/0x670 kernel/locking/lockdep.c:5634
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162
 hidraw_release+0xcd/0x4c0 drivers/hid/hidraw.c:352
 __fput+0x27c/0xa90 fs/file_table.c:321
 task_work_run+0x16f/0x270 kernel/task_work.c:179
 ptrace_notify+0x118/0x140 kernel/signal.c:2354
 ptrace_report_syscall include/linux/ptrace.h:411 [inline]
 ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]
 syscall_exit_work kernel/entry/common.c:251 [inline]
 syscall_exit_to_user_mode_prepare+0x129/0x290 kernel/entry/common.c:278
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0xd/0x50 kernel/entry/common.c:296
 do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f5253c9a1cb
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 03 fd ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 41 fd ff ff 8b 44
RSP: 002b:00007ffdffc69630 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f5253c9a1cb
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000004
RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffdffc69690 R11: 0000000000000293 R12: 0000000000016532
R13: 00007f5253d623ec R14: 00007ffdffc69690 R15: 00007f5253d623e0
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0xd80/0x5d40 kernel/locking/lockdep.c:4926
Code: 53 0f 41 be 01 00 00 00 0f 86 8e 00 00 00 89 05 a6 9e 53 0f e9 83 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 c5 32 00 00 48 81 3b a0 66 0f 90 0f 84 52 f3 ff
RSP: 0018:ffffc9000587faf0 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 0000000000000088 RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88802cfd6200 R14: 0000000000000000 R15: 0000000000000001
FS:  00005555561e3400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005555561e46e8 CR3: 000000002286f000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	53                   	push   %rbx
   1:	0f 41 be 01 00 00 00 	cmovno 0x1(%rsi),%edi
   8:	0f 86 8e 00 00 00    	jbe    0x9c
   e:	89 05 a6 9e 53 0f    	mov    %eax,0xf539ea6(%rip)        # 0xf539eba
  14:	e9 83 00 00 00       	jmpq   0x9c
  19:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  20:	fc ff df
  23:	48 89 da             	mov    %rbx,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 c5 32 00 00    	jne    0x32f9
  34:	48 81 3b a0 66 0f 90 	cmpq   $0xffffffff900f66a0,(%rbx)
  3b:	0f                   	.byte 0xf
  3c:	84 52 f3             	test   %dl,-0xd(%rdx)
  3f:	ff                   	.byte 0xff

Fix bisection attempts:
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-386 2022/06/13 15:56 upstream b13baccc3850 4ebb2798 .config console log report syz C
* Struck through repros no longer work on HEAD.
Crashes (67):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci-upstream-kasan-gce-selinux-root 2023/02/24 06:40 upstream a5c95ca18a98 9e2ebb3c .config strace log report syz C [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-smack-root 2022/06/22 08:10 upstream ca1fdab7fd27 0fc5c330 .config strace log report syz C general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/10/11 10:38 upstream 55be6084c8e0 2b253ced .config console log report syz C [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/02/02 11:36 upstream 9f7fb8de5d9b 4ebb2798 .config console log report syz C general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/02/02 13:33 upstream 9f7fb8de5d9b 4ebb2798 .config console log report syz C KASAN: use-after-free Read in hidraw_release
ci-upstream-kasan-gce-selinux-root 2022/02/02 07:18 upstream 9f7fb8de5d9b 4ebb2798 .config console log report syz C KASAN: use-after-free Read in hidraw_release
ci-upstream-kasan-gce-smack-root 2023/01/04 05:15 upstream 69b41ac87e4a 1dac8c7a .config console log report syz [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-root 2022/05/12 01:03 upstream feb9c5e19e91 beb0b407 .config console log report syz general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/10/11 09:24 linux-next aaa11ce2ffc8 2b253ced .config console log report syz [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-kasan-gce 2023/03/27 02:56 upstream 0ec57cfa721f fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-root 2023/03/26 12:54 upstream da8e7da11e4b fbf0499a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-root 2023/03/18 07:22 upstream 8d3c682a5e3d 7939252e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-root 2023/02/18 03:54 upstream dbeed98d89ea 3e7039f4 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce 2023/02/08 03:56 upstream 513c1a3d3f19 15c3d445 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce 2023/02/07 17:30 upstream 05ecb680708a 15c3d445 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce 2023/01/18 18:47 upstream c1649ec55708 42660d9e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-smack-root 2022/12/21 00:49 upstream b6bb9676f216 d3e76707 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/12/20 06:14 upstream 6feb57c2fd7c c52b2efb .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-smack-root 2022/12/10 11:17 upstream 3ecc37918c80 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-selinux-root 2022/11/12 13:29 upstream f5020a08b2b3 3ead01ad .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/11/03 09:54 upstream b229b6ca5abb 7a2ebf95 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/10/25 04:57 upstream 247f34f7b803 ff2fe65d .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-kasan-gce-smack-root 2022/10/19 02:03 upstream 55be6084c8e0 b31320fc .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-kasan-gce-selinux-root 2022/10/16 16:45 upstream 55be6084c8e0 67cb024c .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-kasan-gce-selinux-root 2022/09/04 20:04 upstream 7726d4c3e60b 28811d0a .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-kasan-gce-root 2022/08/15 13:16 upstream 7ebfc85e2cd7 8dfcaa3d .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/08/12 03:23 upstream 7ebfc85e2cd7 787ed7e0 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/07/25 21:59 upstream e0dccc3b76fb 664c519c .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/05/09 07:34 upstream c5eb0a61238d e60b1103 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/05/08 21:52 upstream 379c72654524 e60b1103 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/05/07 19:53 upstream 30c8e80f7932 e60b1103 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/05/04 06:25 upstream 107c948d1d3e dc9e5259 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-selinux-root 2022/05/02 21:48 upstream 9050ba3a61a4 2df221f6 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-smack-root 2022/04/16 02:00 upstream 59250f8a7f3a 8bcc32a6 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-smack-root 2022/04/10 16:13 upstream 1862a69c9174 e22c3da3 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/03/01 02:40 upstream 7e57714cd0ad 45a13a73 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-selinux-root 2022/02/02 02:14 upstream 9f7fb8de5d9b 4ebb2798 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce 2022/01/29 04:07 upstream df0001545b27 495e00c5 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-smack-root 2022/01/23 05:38 upstream 1c52283265a4 214351e1 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/12/12 07:39 upstream 830b3c68c1fb 67be1ae7 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/10/11 03:36 upstream 55be6084c8e0 2b253ced .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/09/15 22:01 upstream 3245cb65fd91 dd9a85ff .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/05/14 09:14 upstream ec7f49619d8e 744a39e2 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/05/08 05:40 upstream 30c8e80f7932 e60b1103 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/05/04 23:28 upstream a7391ad35724 dc9e5259 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/05/04 21:02 upstream a7391ad35724 dc9e5259 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/05/02 12:11 upstream 672c0c517342 2df221f6 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-386 2022/03/09 22:45 upstream e7e19defa575 9e8eaa75 .config console log report info general protection fault in hidraw_release
ci2-upstream-usb 2023/03/28 18:31 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 97318d6427f6 fc067f05 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci2-upstream-usb 2023/03/27 15:13 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 97318d6427f6 f8f96aa9 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci2-upstream-usb 2023/02/08 14:55 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 88e054e8df1d fc9c934e .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci2-upstream-usb 2023/01/31 05:53 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing c52c9acc415e b68fb8d6 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci2-upstream-usb 2023/01/25 05:05 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing 9e6f4c8b880b 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci2-upstream-usb 2023/01/21 06:33 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing dd2f003e4e85 cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2023/01/09 09:52 linux-next 543b9b2fe10b 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/12/24 00:03 linux-next e45fb347b630 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/12/13 16:11 linux-next 39ab32797f07 e660de91 .config console log report info [disk image] [vmlinux] [kernel image] general protection fault in hidraw_release
ci2-upstream-usb 2022/10/23 12:50 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a6afa4199d3d 23bf86af .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci2-upstream-usb 2022/10/20 18:11 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing a6afa4199d3d b31320fc .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/10/12 20:13 linux-next aaa11ce2ffc8 89b5a509 .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/10/11 08:59 linux-next aaa11ce2ffc8 2b253ced .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci2-upstream-usb 2022/08/30 06:20 https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing ffcf9c5700e4 4a380809 .config console log report info [disk image] [vmlinux] general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/07/06 07:44 linux-next cb71b93c2dc3 bff65f44 .config console log report info general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/01/15 06:05 linux-next bd8d9cef2a79 723cfaf0 .config console log report info general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2022/01/13 15:38 linux-next 27c9d5b3c24a 44d1319a .config console log report info general protection fault in hidraw_release
ci-upstream-linux-next-kasan-gce-root 2021/12/31 03:40 linux-next ea586a076e8a 36bd2e48 .config console log report info general protection fault in hidraw_release
ci-upstream-kasan-gce-selinux-root 2022/04/05 06:02 upstream 312310928417 5915c2cb .config console log report info KASAN: use-after-free Read in hidraw_release
* Struck through repros no longer work on HEAD.