syzbot


kernel BUG at net/core/dev.c:NUM!

Status: fixed on 2021/03/10 01:49
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+2393580080a2da190f04@syzkaller.appspotmail.com
Fix commit: 47e4bb147a96 net: sit: unregister_netdevice on newlink's error path
First crash: 1165d, last: 1159d
Cause bisection: introduced by (bisect log) :
commit c269a24ce057abfc31130960e96ab197ef6ab196
Author: Jakub Kicinski <kuba@kernel.org>
Date: Wed Jan 6 18:40:06 2021 +0000

  net: make free_netdev() more lenient with unregistering devices

Crash: kernel BUG at net/core/dev.c:NUM! (log)
Repro: C syz .config
  
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 4.14 00/50] 4.14.217-rc1 review 62 (62) 2021/03/10 18:50
[PATCH 5.10 00/43] 5.10.10-rc1 review 53 (53) 2021/01/23 15:07
[PATCH 5.4 00/33] 5.4.92-rc1 review 40 (40) 2021/01/23 14:57
[PATCH 4.19 00/22] 4.19.170-rc1 review 28 (28) 2021/01/23 14:36
[PATCH 4.4 00/31] 4.4.253-rc1 review 33 (33) 2021/01/23 00:25
[PATCH 4.9 00/35] 4.9.253-rc1 review 37 (37) 2021/01/23 00:25
[PATCH net] net: sit: unregister_netdevice on newlink's error path 3 (3) 2021/01/14 18:27
kernel BUG at net/core/dev.c:NUM! 1 (3) 2021/01/14 00:47
Last patch testing requests (1)
Created Duration User Patch Repo Result
2021/01/13 19:41 15m kuba@kernel.org git://git.kernel.org/pub/scm/linux/kernel/git/kuba/linux.git sit-fix OK

Sample crash report:
------------[ cut here ]------------
kernel BUG at net/core/dev.c:10661!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8459 Comm: syz-executor375 Not tainted 5.11.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:free_netdev+0x4b3/0x5e0 net/core/dev.c:10661
Code: c0 01 38 d0 7c 08 84 d2 0f 85 1a 01 00 00 0f b7 83 32 02 00 00 48 29 c3 48 89 df e8 d7 77 ac fa e9 47 ff ff ff e8 3d 1e 80 fa <0f> 0b e8 36 1e 80 fa 0f b6 2d 39 e1 e8 05 31 ff 89 ee e8 a6 24 80
RSP: 0018:ffffc9000163f1a0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88802814a000 RCX: 0000000000000000
RDX: ffff888021678000 RSI: ffffffff86f25763 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff86f25683 R11: 0000000000000003 R12: ffff888028149ef8
R13: ffff88802814a058 R14: dffffc0000000000 R15: ffff888028149ef8
FS:  00000000010bf880(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ade220a6d8 CR3: 0000000012719000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 __rtnl_newlink+0x1484/0x16e0 net/core/rtnetlink.c:3447
 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2494
 netlink_unicast_kernel net/netlink/af_netlink.c:1304 [inline]
 netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1330
 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1919
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2345
 ___sys_sendmsg+0xf3/0x170 net/socket.c:2399
 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2432
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4404b9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff3e934f98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404b9
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000014 R09: 00000000004002c8
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000401cc0
R13: 0000000000401d50 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace ec4d68ff94a95202 ]---
RIP: 0010:free_netdev+0x4b3/0x5e0 net/core/dev.c:10661
Code: c0 01 38 d0 7c 08 84 d2 0f 85 1a 01 00 00 0f b7 83 32 02 00 00 48 29 c3 48 89 df e8 d7 77 ac fa e9 47 ff ff ff e8 3d 1e 80 fa <0f> 0b e8 36 1e 80 fa 0f b6 2d 39 e1 e8 05 31 ff 89 ee e8 a6 24 80
RSP: 0018:ffffc9000163f1a0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88802814a000 RCX: 0000000000000000
RDX: ffff888021678000 RSI: ffffffff86f25763 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff86f25683 R11: 0000000000000003 R12: ffff888028149ef8
R13: ffff88802814a058 R14: dffffc0000000000 R15: ffff888028149ef8
FS:  00000000010bf880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd33803e118 CR3: 0000000012719000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/01/09 12:06 net-old c49243e88982 a6c52263 .config console log report syz C ci-upstream-net-this-kasan-gce
2021/01/14 05:43 net-old a95d25dd7b94 269d24e8 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/13 03:11 net-old 1ee527a79fa6 0cdd6185 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/12 16:55 net-old 1ee527a79fa6 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/12 07:18 net-old 938288349ca8 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/11 21:58 net-old f97844f9c518 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/11 08:34 net-old f97844f9c518 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/11 04:35 net-old f97844f9c518 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/10 21:33 net-old f97844f9c518 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/10 18:00 net-old f97844f9c518 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/10 02:42 net-old c49243e88982 2c1f2513 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 14:49 net-old c49243e88982 a6c52263 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 11:03 net-old c49243e88982 a6c52263 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 10:55 net-old c49243e88982 a6c52263 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 10:49 net-old c49243e88982 a6c52263 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 10:40 net-old c49243e88982 a6c52263 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 10:22 net-old c49243e88982 a6c52263 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/09 10:21 net-old c49243e88982 a6c52263 .config console log report info ci-upstream-net-this-kasan-gce
2021/01/14 22:09 linux-next 9152a993930d 65a7a854 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/14 04:57 linux-next aa515cdce7a1 269d24e8 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/13 00:39 linux-next df869cab4b35 0cdd6185 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/13 00:39 linux-next df869cab4b35 0cdd6185 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/13 00:39 linux-next df869cab4b35 0cdd6185 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 10:06 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 09:13 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 09:10 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 09:06 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 08:46 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 08:16 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 07:51 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 07:49 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 07:11 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 05:59 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 05:53 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
2021/01/11 05:40 linux-next ef8b014ee4a1 2c1f2513 .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.