general protection fault in hsr_netdev_notify (2)
5 views
Skip to first unread message
syzbot
Sep 19, 2020, 5:45:16 AM9/19/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: cbfa1702 Linux 4.14.198
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1787ce73900000
kernel config: https://syzkaller.appspot.com/x/.config?x=3990958d85b55e59
dashboard link: https://syzkaller.appspot.com/bug?extid=8bb157b3b4a040dacf6b
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8bb157...@syzkaller.appspotmail.com
bond0 (unregistering): Releasing backup interface bond_slave_0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7655 Comm: kworker/u4:5 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
task: ffff8880912de300 task.stack: ffff8880a93d0000
RIP: 0010:hsr_netdev_notify+0x2e1/0x8b0 net/hsr/hsr_main.c:65
RSP: 0018:ffff8880a93d76e0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88808a2c43c0 RCX: 0000000000000001
RDX: 0000000000000002 RSI: 00000000ffffffff RDI: ffff88808f29faa0
RBP: 0000000000000000 R08: ffff8880912de690 R09: 0000000000000004
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805a9b7650
R13: ffff88805a9b7640 R14: 0000000000000002 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe9e6d9c20 CR3: 00000000869b8000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
call_netdevice_notifiers+0x79/0xa0 net/core/dev.c:1683
__bond_release_one+0x10bd/0x1550 drivers/net/bonding/bond_main.c:1937
bond_slave_netdev_event drivers/net/bonding/bond_main.c:3108 [inline]
bond_netdev_event+0x8ff/0xad0 drivers/net/bonding/bond_main.c:3206
notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
call_netdevice_notifiers net/core/dev.c:1683 [inline]
rollback_registered_many+0x70b/0xb30 net/core/dev.c:7203
unregister_netdevice_many.part.0+0x18/0x2e0 net/core/dev.c:8285
unregister_netdevice_many net/core/dev.c:8284 [inline]
default_device_exit_batch+0x2d8/0x380 net/core/dev.c:8746
ops_exit_list+0xf9/0x150 net/core/net_namespace.c:145
cleanup_net+0x3b3/0x840 net/core/net_namespace.c:484
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 03 0f 8e d9 04 00 00 83 7d 20 04 75 b5 e8 c8 73 0e fb 48 8d 45 10 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 68 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c
RIP: hsr_netdev_notify+0x2e1/0x8b0 net/hsr/hsr_main.c:65 RSP: ffff8880a93d76e0
---[ end trace 150b0ee185af1ffa ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: cbfa1702 Linux 4.14.198
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1787ce73900000
kernel config: https://syzkaller.appspot.com/x/.config?x=3990958d85b55e59
dashboard link: https://syzkaller.appspot.com/bug?extid=8bb157b3b4a040dacf6b
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8bb157...@syzkaller.appspotmail.com
bond0 (unregistering): Releasing backup interface bond_slave_0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7655 Comm: kworker/u4:5 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
task: ffff8880912de300 task.stack: ffff8880a93d0000
RIP: 0010:hsr_netdev_notify+0x2e1/0x8b0 net/hsr/hsr_main.c:65
RSP: 0018:ffff8880a93d76e0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88808a2c43c0 RCX: 0000000000000001
RDX: 0000000000000002 RSI: 00000000ffffffff RDI: ffff88808f29faa0
RBP: 0000000000000000 R08: ffff8880912de690 R09: 0000000000000004
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805a9b7650
R13: ffff88805a9b7640 R14: 0000000000000002 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe9e6d9c20 CR3: 00000000869b8000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
call_netdevice_notifiers+0x79/0xa0 net/core/dev.c:1683
__bond_release_one+0x10bd/0x1550 drivers/net/bonding/bond_main.c:1937
bond_slave_netdev_event drivers/net/bonding/bond_main.c:3108 [inline]
bond_netdev_event+0x8ff/0xad0 drivers/net/bonding/bond_main.c:3206
notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
call_netdevice_notifiers net/core/dev.c:1683 [inline]
rollback_registered_many+0x70b/0xb30 net/core/dev.c:7203
unregister_netdevice_many.part.0+0x18/0x2e0 net/core/dev.c:8285
unregister_netdevice_many net/core/dev.c:8284 [inline]
default_device_exit_batch+0x2d8/0x380 net/core/dev.c:8746
ops_exit_list+0xf9/0x150 net/core/net_namespace.c:145
cleanup_net+0x3b3/0x840 net/core/net_namespace.c:484
process_one_work+0x793/0x14a0 kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 kernel/workqueue.c:2250
kthread+0x30d/0x420 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: 03 0f 8e d9 04 00 00 83 7d 20 04 75 b5 e8 c8 73 0e fb 48 8d 45 10 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 68 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c
RIP: hsr_netdev_notify+0x2e1/0x8b0 net/hsr/hsr_main.c:65 RSP: ffff8880a93d76e0
---[ end trace 150b0ee185af1ffa ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 15, 2021, 12:38:17 AM2/15/21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 2c8a3fce Linux 4.14.218
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13a84ed2d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=80e596b8b0902d96
dashboard link: https://syzkaller.appspot.com/bug?extid=8bb157b3b4a040dacf6b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d82260d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=160af288d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8bb157...@syzkaller.appspotmail.com
bond0 (unregistering): Releasing backup interface bond_slave_1
device bond_slave_1 left promiscuous mode
RIP: 0010:hsr_netdev_notify+0x2e1/0x8b0 syzkaller/managers/linux-4-14/kernel/net/hsr/hsr_main.c:65
RSP: 0018:ffff8880b57576f0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888099a90000 RCX: 0000000000000001
RDX: 0000000000000002 RSI: 00000000ffffffff RDI: ffff8880a2583020
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004
R10: 0000000000000000 R11: ffff8880b574a4c0 R12: ffff8880921c5010
R13: ffff8880921c5000 R14: 0000000000000001 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
call_netdevice_notifiers_info syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1667 [inline]
call_netdevice_notifiers+0x79/0xa0 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1683
__bond_release_one+0x1007/0x14c0 syzkaller/managers/linux-4-14/kernel/drivers/net/bonding/bond_main.c:1963
bond_slave_netdev_event syzkaller/managers/linux-4-14/kernel/drivers/net/bonding/bond_main.c:3134 [inline]
bond_netdev_event+0x9ee/0xbd0 syzkaller/managers/linux-4-14/kernel/drivers/net/bonding/bond_main.c:3232
notifier_call_chain+0x108/0x1a0 syzkaller/managers/linux-4-14/kernel/kernel/notifier.c:93
call_netdevice_notifiers_info syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1667 [inline]
call_netdevice_notifiers syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1683 [inline]
rollback_registered_many+0x765/0xba0 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:7203
unregister_netdevice_many.part.0+0x18/0x2e0 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:8285
unregister_netdevice_many syzkaller/managers/linux-4-14/kernel/net/core/dev.c:8284 [inline]
default_device_exit_batch+0x2d8/0x380 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:8746
ops_exit_list+0xf9/0x150 syzkaller/managers/linux-4-14/kernel/net/core/net_namespace.c:145
cleanup_net+0x3b3/0x840 syzkaller/managers/linux-4-14/kernel/net/core/net_namespace.c:484
process_one_work+0x793/0x14a0 syzkaller/managers/linux-4-14/kernel/kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 syzkaller/managers/linux-4-14/kernel/kernel/workqueue.c:2250
kthread+0x30d/0x420 syzkaller/managers/linux-4-14/kernel/kernel/kthread.c:232
ret_from_fork+0x24/0x30 syzkaller/managers/linux-4-14/kernel/arch/x86/entry/entry_64.S:404
Code: 03 0f 8e d9 04 00 00 83 7d 20 04 75 b5 e8 38 24 5d fa 48 8d 45 10 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 68 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c
RIP: hsr_netdev_notify+0x2e1/0x8b0 syzkaller/managers/linux-4-14/kernel/net/hsr/hsr_main.c:65 RSP: ffff8880b57576f0
---[ end trace 8ac9bea838b4fe83 ]---
HEAD commit: 2c8a3fce Linux 4.14.218
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13a84ed2d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=80e596b8b0902d96
dashboard link: https://syzkaller.appspot.com/bug?extid=8bb157b3b4a040dacf6b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11d82260d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=160af288d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8bb157...@syzkaller.appspotmail.com
device bond_slave_1 left promiscuous mode
bond0 (unregistering): Releasing backup interface bond_slave_0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 46 Comm: kworker/u4:2 Not tainted 4.14.218-syzkaller #0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
task: ffff8880b574a4c0 task.stack: ffff8880b5750000
Workqueue: netns cleanup_net
RIP: 0010:hsr_netdev_notify+0x2e1/0x8b0 syzkaller/managers/linux-4-14/kernel/net/hsr/hsr_main.c:65
RSP: 0018:ffff8880b57576f0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888099a90000 RCX: 0000000000000001
RDX: 0000000000000002 RSI: 00000000ffffffff RDI: ffff8880a2583020
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004
R10: 0000000000000000 R11: ffff8880b574a4c0 R12: ffff8880921c5010
R13: ffff8880921c5000 R14: 0000000000000001 R15: dffffc0000000000
FS: 0000000000000000(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcf9d54fe8 CR3: 00000000b025d000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
notifier_call_chain+0x108/0x1a0 syzkaller/managers/linux-4-14/kernel/kernel/notifier.c:93
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
call_netdevice_notifiers_info syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1667 [inline]
call_netdevice_notifiers+0x79/0xa0 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1683
__bond_release_one+0x1007/0x14c0 syzkaller/managers/linux-4-14/kernel/drivers/net/bonding/bond_main.c:1963
bond_slave_netdev_event syzkaller/managers/linux-4-14/kernel/drivers/net/bonding/bond_main.c:3134 [inline]
bond_netdev_event+0x9ee/0xbd0 syzkaller/managers/linux-4-14/kernel/drivers/net/bonding/bond_main.c:3232
notifier_call_chain+0x108/0x1a0 syzkaller/managers/linux-4-14/kernel/kernel/notifier.c:93
call_netdevice_notifiers_info syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1667 [inline]
call_netdevice_notifiers syzkaller/managers/linux-4-14/kernel/net/core/dev.c:1683 [inline]
rollback_registered_many+0x765/0xba0 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:7203
unregister_netdevice_many.part.0+0x18/0x2e0 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:8285
unregister_netdevice_many syzkaller/managers/linux-4-14/kernel/net/core/dev.c:8284 [inline]
default_device_exit_batch+0x2d8/0x380 syzkaller/managers/linux-4-14/kernel/net/core/dev.c:8746
ops_exit_list+0xf9/0x150 syzkaller/managers/linux-4-14/kernel/net/core/net_namespace.c:145
cleanup_net+0x3b3/0x840 syzkaller/managers/linux-4-14/kernel/net/core/net_namespace.c:484
process_one_work+0x793/0x14a0 syzkaller/managers/linux-4-14/kernel/kernel/workqueue.c:2116
worker_thread+0x5cc/0xff0 syzkaller/managers/linux-4-14/kernel/kernel/workqueue.c:2250
kthread+0x30d/0x420 syzkaller/managers/linux-4-14/kernel/kernel/kthread.c:232
ret_from_fork+0x24/0x30 syzkaller/managers/linux-4-14/kernel/arch/x86/entry/entry_64.S:404
Code: 03 0f 8e d9 04 00 00 83 7d 20 04 75 b5 e8 38 24 5d fa 48 8d 45 10 48 89 c2 48 89 04 24 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 68 05 00 00 48 b8 00 00 00 00 00 fc ff df 4c
RIP: hsr_netdev_notify+0x2e1/0x8b0 syzkaller/managers/linux-4-14/kernel/net/hsr/hsr_main.c:65 RSP: ffff8880b57576f0
---[ end trace 8ac9bea838b4fe83 ]---
Reply all
Reply to author
Forward
0 new messages