general protection fault in ipt_init_target
6 views
Skip to first unread message
syzbot
Jan 11, 2020, 7:39:11 PM1/11/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b0cdffaa Linux 4.14.163
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1234a021e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=19269c071a1fe30
dashboard link: https://syzkaller.appspot.com/bug?extid=5fb4662e78dab211badc
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5fb466...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 11900 Comm: syz-executor.5 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8880963022c0 task.stack: ffff88804f470000
RIP: 0010:ipt_init_target+0xa9/0x290 net/sched/act_ipt.c:46
RSP: 0018:ffff88804f477108 EFLAGS: 00010202
RAX: 0000000000000005 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000007 RSI: ffffffff85300b36 RDI: 000000000000002f
RBP: ffff88804f477248 R08: 1ffff11012ee77e0 R09: ffffed1012ee77e1
R10: ffffed1012ee77e0 R11: ffff88809773bf06 R12: 0000000000000010
R13: 1ffff11009e8ee24 R14: ffff88804f477220 R15: ffff888055898180
FS: 00007effb90a1700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa464e0e178 CR3: 00000000992ac000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__tcf_ipt_init+0x48c/0xb50 net/sched/act_ipt.c:168
tcf_xt_init+0x4e/0x60 net/sched/act_ipt.c:210
tcf_action_init_1+0x53c/0xaa0 net/sched/act_api.c:682
tcf_action_init+0x2ab/0x480 net/sched/act_api.c:751
tcf_action_add net/sched/act_api.c:1079 [inline]
tc_ctl_action+0x30a/0x548 net/sched/act_api.c:1131
rtnetlink_rcv_msg+0x3da/0xb70 net/core/rtnetlink.c:4306
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4318
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007effb90a0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007effb90a16d4
R13: 00000000004ca9fe R14: 00000000004e3e78 R15: 00000000ffffffff
Code: f3 f3 f3 e8 4a 18 2d fc 31 c0 b9 0e 00 00 00 48 8d bd 48 ff ff ff f3
48 ab 49 8d 7c 24 1f 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 18
38 d0 7f 08 84 c0 0f 85 90 01 00 00 41 0f b6 54 24
RIP: ipt_init_target+0xa9/0x290 net/sched/act_ipt.c:46 RSP: ffff88804f477108
---[ end trace f47f3ee88fd192b8 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: b0cdffaa Linux 4.14.163
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1234a021e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=19269c071a1fe30
dashboard link: https://syzkaller.appspot.com/bug?extid=5fb4662e78dab211badc
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5fb466...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 11900 Comm: syz-executor.5 Not tainted 4.14.163-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8880963022c0 task.stack: ffff88804f470000
RIP: 0010:ipt_init_target+0xa9/0x290 net/sched/act_ipt.c:46
RSP: 0018:ffff88804f477108 EFLAGS: 00010202
RAX: 0000000000000005 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000007 RSI: ffffffff85300b36 RDI: 000000000000002f
RBP: ffff88804f477248 R08: 1ffff11012ee77e0 R09: ffffed1012ee77e1
R10: ffffed1012ee77e0 R11: ffff88809773bf06 R12: 0000000000000010
R13: 1ffff11009e8ee24 R14: ffff88804f477220 R15: ffff888055898180
FS: 00007effb90a1700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa464e0e178 CR3: 00000000992ac000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__tcf_ipt_init+0x48c/0xb50 net/sched/act_ipt.c:168
tcf_xt_init+0x4e/0x60 net/sched/act_ipt.c:210
tcf_action_init_1+0x53c/0xaa0 net/sched/act_api.c:682
tcf_action_init+0x2ab/0x480 net/sched/act_api.c:751
tcf_action_add net/sched/act_api.c:1079 [inline]
tc_ctl_action+0x30a/0x548 net/sched/act_api.c:1131
rtnetlink_rcv_msg+0x3da/0xb70 net/core/rtnetlink.c:4306
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4318
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45af49
RSP: 002b:00007effb90a0c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007effb90a16d4
R13: 00000000004ca9fe R14: 00000000004e3e78 R15: 00000000ffffffff
Code: f3 f3 f3 e8 4a 18 2d fc 31 c0 b9 0e 00 00 00 48 8d bd 48 ff ff ff f3
48 ab 49 8d 7c 24 1f 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 18
38 d0 7f 08 84 c0 0f 85 90 01 00 00 41 0f b6 54 24
RIP: ipt_init_target+0xa9/0x290 net/sched/act_ipt.c:46 RSP: ffff88804f477108
---[ end trace f47f3ee88fd192b8 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 11, 2020, 8:00:10 PM1/11/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: b0cdffaa Linux 4.14.163
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1534a021e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1569bc85e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5fb466...@syzkaller.appspotmail.com
device veth1_vlan entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
RBP: ffff88809ff6f248 R08: 1ffff11014a47590 R09: ffffed1014a47591
R10: ffffed1014a47590 R11: ffff8880a523ac86 R12: 0000000000000010
R13: 1ffff11013fede24 R14: ffff88809ff6f220 R15: ffff88807cabc040
FS: 00007fc9a32f7700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
RSP: 002b:00007fc9a32f6d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dec28 RCX: 0000000000448009
R10: 0000000000000006 R11: 0000000000000246 R12: 00000000006dec2c
R13: 0000000000000000 R14: 0000000000000000 R15: 0000656c676e616d
---[ end trace 936d6b12a27e10a8 ]---
HEAD commit: b0cdffaa Linux 4.14.163
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=19269c071a1fe30
dashboard link: https://syzkaller.appspot.com/bug?extid=5fb4662e78dab211badc
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1673c8d1e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=5fb4662e78dab211badc
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1569bc85e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5fb466...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 7288 Comm: syz-executor458 Not tainted 4.14.163-syzkaller #0
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff888075b1e5c0 task.stack: ffff88809ff68000
Google 01/01/2011
RIP: 0010:ipt_init_target+0xa9/0x290 net/sched/act_ipt.c:46
RSP: 0018:ffff88809ff6f108 EFLAGS: 00010202
RAX: 0000000000000005 RBX: dffffc0000000000 RCX: 0000000000000000
RDX: 0000000000000007 RSI: 0000000000000010 RDI: 000000000000002f
RBP: ffff88809ff6f248 R08: 1ffff11014a47590 R09: ffffed1014a47591
R10: ffffed1014a47590 R11: ffff8880a523ac86 R12: 0000000000000010
R13: 1ffff11013fede24 R14: ffff88809ff6f220 R15: ffff88807cabc040
FS: 00007fc9a32f7700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000344 CR3: 0000000091eab000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__tcf_ipt_init+0x48c/0xb50 net/sched/act_ipt.c:168
tcf_xt_init+0x4e/0x60 net/sched/act_ipt.c:210
tcf_action_init_1+0x53c/0xaa0 net/sched/act_api.c:682
tcf_action_init+0x2ab/0x480 net/sched/act_api.c:751
tcf_action_add net/sched/act_api.c:1079 [inline]
tc_ctl_action+0x30a/0x548 net/sched/act_api.c:1131
rtnetlink_rcv_msg+0x3da/0xb70 net/core/rtnetlink.c:4306
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4318
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x448009
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__tcf_ipt_init+0x48c/0xb50 net/sched/act_ipt.c:168
tcf_xt_init+0x4e/0x60 net/sched/act_ipt.c:210
tcf_action_init_1+0x53c/0xaa0 net/sched/act_api.c:682
tcf_action_init+0x2ab/0x480 net/sched/act_api.c:751
tcf_action_add net/sched/act_api.c:1079 [inline]
tc_ctl_action+0x30a/0x548 net/sched/act_api.c:1131
rtnetlink_rcv_msg+0x3da/0xb70 net/core/rtnetlink.c:4306
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4318
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RSP: 002b:00007fc9a32f6d98 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dec28 RCX: 0000000000448009
RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003
RBP: 00000000006dec20 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000006 R11: 0000000000000246 R12: 00000000006dec2c
R13: 0000000000000000 R14: 0000000000000000 R15: 0000656c676e616d
Code: f3 f3 f3 e8 4a 18 2d fc 31 c0 b9 0e 00 00 00 48 8d bd 48 ff ff ff f3
48 ab 49 8d 7c 24 1f 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 18
38 d0 7f 08 84 c0 0f 85 90 01 00 00 41 0f b6 54 24
RIP: ipt_init_target+0xa9/0x290 net/sched/act_ipt.c:46 RSP: ffff88809ff6f108
48 ab 49 8d 7c 24 1f 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 18
38 d0 7f 08 84 c0 0f 85 90 01 00 00 41 0f b6 54 24
---[ end trace 936d6b12a27e10a8 ]---
Reply all
Reply to author
Forward
0 new messages