general protection fault in qdisc_class_hash_grow
4 views
Skip to first unread message
syzbot
Jul 13, 2020, 1:27:20 PM7/13/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b850307b Linux 4.14.184
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14f6f6bd100000
kernel config: https://syzkaller.appspot.com/x/.config?x=ddc0f08dd6b981c5
dashboard link: https://syzkaller.appspot.com/bug?extid=10b9e7f72617c53bd86a
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+10b9e7...@syzkaller.appspotmail.com
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 573 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88805d316380 task.stack: ffff88804b188000
RIP: 0010:qdisc_class_hash_grow+0x20d/0x500 net/sched/sch_api.c:653
RSP: 0018:ffff88804b18f5e0 EFLAGS: 00010207
RAX: 000000001fffffff RBX: dffffc0000000000 RCX: ffffc9000b535000
RDX: 0000000000013d98 RSI: ffffffff850c7592 RDI: ffff8880a8b26910
RBP: 00000000ffffffff R08: 00000000000029f0 R09: ffffffff89e6a900
R10: ffff88805d316c30 R11: ffff88805d316380 R12: 00000000ffffffff
R13: ffff88809ffa6cc8 R14: ffff8880360b6080 R15: 00000000fffffff7
FS: 00007faffe44f700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET)
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000517800 CR3: 00000000a1084000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
qfq_change_class+0xa81/0x107a net/sched/sch_qfq.c:503
tc_ctl_tclass+0x3e2/0xa00 net/sched/sch_api.c:1848
ptrace attach of "/root/syz-executor.1"[591] was attempted by "/root/syz-executor.1"[592]
rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x64a/0xbb0 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45cba9
RSP: 002b:00007faffe44ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000503840 RCX: 000000000045cba9
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a6d R14: 00000000004cd49c R15: 00007faffe44f6d4
Code: 48 85 ed 0f 84 eb 00 00 00 e8 60 30 4e fc 49 89 ef 49 83 ef 08 0f 84 d9 00 00 00 e8 4e 30 4e fc 4d 8d 67 08 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 0f 85 f1 01 00 00 4c 89 f8 49 8b 6f 08 48 c1 e8 03
RIP: qdisc_class_hash_grow+0x20d/0x500 net/sched/sch_api.c:653 RSP: ffff88804b18f5e0
---[ end trace 2f55fb84e6a45df0 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: b850307b Linux 4.14.184
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14f6f6bd100000
kernel config: https://syzkaller.appspot.com/x/.config?x=ddc0f08dd6b981c5
dashboard link: https://syzkaller.appspot.com/bug?extid=10b9e7f72617c53bd86a
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+10b9e7...@syzkaller.appspotmail.com
netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 573 Comm: syz-executor.4 Not tainted 4.14.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88805d316380 task.stack: ffff88804b188000
RIP: 0010:qdisc_class_hash_grow+0x20d/0x500 net/sched/sch_api.c:653
RSP: 0018:ffff88804b18f5e0 EFLAGS: 00010207
RAX: 000000001fffffff RBX: dffffc0000000000 RCX: ffffc9000b535000
RDX: 0000000000013d98 RSI: ffffffff850c7592 RDI: ffff8880a8b26910
RBP: 00000000ffffffff R08: 00000000000029f0 R09: ffffffff89e6a900
R10: ffff88805d316c30 R11: ffff88805d316380 R12: 00000000ffffffff
R13: ffff88809ffa6cc8 R14: ffff8880360b6080 R15: 00000000fffffff7
FS: 00007faffe44f700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET)
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000517800 CR3: 00000000a1084000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
qfq_change_class+0xa81/0x107a net/sched/sch_qfq.c:503
tc_ctl_tclass+0x3e2/0xa00 net/sched/sch_api.c:1848
ptrace attach of "/root/syz-executor.1"[591] was attempted by "/root/syz-executor.1"[592]
rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x64a/0xbb0 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45cba9
RSP: 002b:00007faffe44ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000503840 RCX: 000000000045cba9
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000a6d R14: 00000000004cd49c R15: 00007faffe44f6d4
Code: 48 85 ed 0f 84 eb 00 00 00 e8 60 30 4e fc 49 89 ef 49 83 ef 08 0f 84 d9 00 00 00 e8 4e 30 4e fc 4d 8d 67 08 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 0f 85 f1 01 00 00 4c 89 f8 49 8b 6f 08 48 c1 e8 03
RIP: qdisc_class_hash_grow+0x20d/0x500 net/sched/sch_api.c:653 RSP: ffff88804b18f5e0
---[ end trace 2f55fb84e6a45df0 ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 10, 2020, 12:27:15 PM11/10/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages