kernel BUG at net/core/dev.c:NUM!

kernel BUG at net/core/dev.c:NUM!
Status: fixed on 2021/03/10 01:49
Reported-by: syzbot+2393580080a2da190f04@syzkaller.appspotmail.com
Fix commit: 47e4bb147a96 net: sit: unregister_netdevice on newlink's error path
First crash: 329d, last: 324d

Cause bisection: introduced by (bisect log) :
commit c269a24ce057abfc31130960e96ab197ef6ab196
Author: Jakub Kicinski <kuba@kernel.org>
Date: Wed Jan 6 18:40:06 2021 +0000

net: make free_netdev() more lenient with unregistering devices

Crash: kernel BUG at net/core/dev.c:NUM! (log)
Repro: C syz .config

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2021/01/13 19:41	15m	kuba@kernel.org		git://git.kernel.org/pub/scm/linux/kernel/git/kuba/linux.git sit-fix	OK

Sample crash report:

------------[ cut here ]------------
kernel BUG at net/core/dev.c:10661!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8459 Comm: syz-executor375 Not tainted 5.11.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:free_netdev+0x4b3/0x5e0 net/core/dev.c:10661
Code: c0 01 38 d0 7c 08 84 d2 0f 85 1a 01 00 00 0f b7 83 32 02 00 00 48 29 c3 48 89 df e8 d7 77 ac fa e9 47 ff ff ff e8 3d 1e 80 fa <0f> 0b e8 36 1e 80 fa 0f b6 2d 39 e1 e8 05 31 ff 89 ee e8 a6 24 80
RSP: 0018:ffffc9000163f1a0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88802814a000 RCX: 0000000000000000
RDX: ffff888021678000 RSI: ffffffff86f25763 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff86f25683 R11: 0000000000000003 R12: ffff888028149ef8
R13: ffff88802814a058 R14: dffffc0000000000 R15: ffff888028149ef8
FS:  00000000010bf880(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ade220a6d8 CR3: 0000000012719000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __rtnl_newlink+0x1484/0x16e0 net/core/rtnetlink.c:3447
 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2345
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2399
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2432
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4404b9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff3e934f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404b9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000014 R09: 00000000004002c8
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401cc0
R13: 0000000000401d50 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace ec4d68ff94a95202 ]---
RIP: 0010:free_netdev+0x4b3/0x5e0 net/core/dev.c:10661
Code: c0 01 38 d0 7c 08 84 d2 0f 85 1a 01 00 00 0f b7 83 32 02 00 00 48 29 c3 48 89 df e8 d7 77 ac fa e9 47 ff ff ff e8 3d 1e 80 fa <0f> 0b e8 36 1e 80 fa 0f b6 2d 39 e1 e8 05 31 ff 89 ee e8 a6 24 80
RSP: 0018:ffffc9000163f1a0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88802814a000 RCX: 0000000000000000
RDX: ffff888021678000 RSI: ffffffff86f25763 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff86f25683 R11: 0000000000000003 R12: ffff888028149ef8
R13: ffff88802814a058 R14: dffffc0000000000 R15: ffff888028149ef8
FS:  00000000010bf880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd33803e118 CR3: 0000000012719000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (35):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info
ci-upstream-net-this-kasan-gce	2021/01/09 12:06	net	c49243e88982	a6c52263	.config	log	report	syz	C
ci-upstream-net-this-kasan-gce	2021/01/14 05:43	net	a95d25dd7b94	269d24e8	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/13 03:11	net	1ee527a79fa6	0cdd6185	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/12 16:55	net	1ee527a79fa6	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/12 07:18	net	938288349ca8	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/11 21:58	net	f97844f9c518	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/11 08:34	net	f97844f9c518	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/11 04:35	net	f97844f9c518	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/10 21:33	net	f97844f9c518	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/10 18:00	net	f97844f9c518	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/10 02:42	net	c49243e88982	2c1f2513	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/09 14:49	net	c49243e88982	a6c52263	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/09 11:03	net	c49243e88982	a6c52263	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/09 10:55	net	c49243e88982	a6c52263	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/09 10:49	net	c49243e88982	a6c52263	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/09 10:40	net	c49243e88982	a6c52263	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/09 10:22	net	c49243e88982	a6c52263	.config	log	report			info
ci-upstream-net-this-kasan-gce	2021/01/09 10:21	net	c49243e88982	a6c52263	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/14 22:09	linux-next	9152a993930d	65a7a854	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/14 04:57	linux-next	aa515cdce7a1	269d24e8	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/13 00:39	linux-next	df869cab4b35	0cdd6185	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/13 00:39	linux-next	df869cab4b35	0cdd6185	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/13 00:39	linux-next	df869cab4b35	0cdd6185	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 10:06	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 09:13	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 09:10	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 09:06	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 08:46	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 08:16	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 07:51	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 07:49	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 07:11	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 05:59	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 05:53	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info
ci-upstream-linux-next-kasan-gce-root	2021/01/11 05:40	linux-next	ef8b014ee4a1	2c1f2513	.config	log	report			info