general protection fault in inet_gifconf (2)
4 views
Skip to first unread message
syzbot
Sep 9, 2021, 1:06:24 AM9/9/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: b172b44fcb17 Linux 4.19.206
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1284a10d300000
kernel config: https://syzkaller.appspot.com/x/.config?x=b9ba3521ce0be3cd
dashboard link: https://syzkaller.appspot.com/bug?extid=2a3a70059bd37e9b5c7d
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a3a70...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 2338 Comm: syz-executor.1 Not tainted 4.19.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__in_dev_get_rtnl include/linux/inetdevice.h:237 [inline]
RIP: 0010:inet_gifconf+0xdd/0x380 net/ipv4/devinet.c:1212
Code: d9 d6 7d fa 45 84 e4 0f 84 42 02 00 00 e8 9b d5 7d fa 48 8d bb 38 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 7f 02 00 00 89 ee bf 28 00 00 00 48 8b 9b 38 03
RSP: 0018:ffff88822b45fa30 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffffffffffb0 RCX: ffffc90007e35000
RDX: 000000000000005d RSI: ffffffff86e4bd25 RDI: 00000000000002e8
RBP: 0000000000000028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: 00000000000008c0 R14: 00000000004379e0 R15: ffffffffffffffb0
FS: 00007f9f240e7700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005400c8 CR3: 000000009eb56000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
dev_ifconf+0xdb/0x230 net/core/dev_ioctl.c:80
sock_do_ioctl+0x228/0x300 net/socket.c:1029
sock_ioctl+0x2ef/0x5d0 net/socket.c:1135
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9f240e7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
RDX: 0000000000400308 RSI: 0000000000008912 RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe8245beaf R14: 00007f9f240e7300 R15: 0000000000022000
Modules linked in:
---[ end trace 4e8cbf62595ef3df ]---
RIP: 0010:__in_dev_get_rtnl include/linux/inetdevice.h:237 [inline]
RIP: 0010:inet_gifconf+0xdd/0x380 net/ipv4/devinet.c:1212
Code: d9 d6 7d fa 45 84 e4 0f 84 42 02 00 00 e8 9b d5 7d fa 48 8d bb 38 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 7f 02 00 00 89 ee bf 28 00 00 00 48 8b 9b 38 03
RSP: 0018:ffff88822b45fa30 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffffffffffb0 RCX: ffffc90007e35000
RDX: 000000000000005d RSI: ffffffff86e4bd25 RDI: 00000000000002e8
RBP: 0000000000000028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: 00000000000008c0 R14: 00000000004379e0 R15: ffffffffffffffb0
FS: 00007f9f240e7700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f302b560000 CR3: 000000009eb56000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 2 bytes skipped:
0: 7d fa jge 0xfffffffc
2: 45 84 e4 test %r12b,%r12b
5: 0f 84 42 02 00 00 je 0x24d
b: e8 9b d5 7d fa callq 0xfa7dd5ab
10: 48 8d bb 38 03 00 00 lea 0x338(%rbx),%rdi
17: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1e: fc ff df
21: 48 89 fa mov %rdi,%rdx
24: 48 c1 ea 03 shr $0x3,%rdx
* 28: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2c: 0f 85 7f 02 00 00 jne 0x2b1
32: 89 ee mov %ebp,%esi
34: bf 28 00 00 00 mov $0x28,%edi
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 9b fwait
3c: 38 03 cmp %al,(%rbx)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: b172b44fcb17 Linux 4.19.206
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1284a10d300000
kernel config: https://syzkaller.appspot.com/x/.config?x=b9ba3521ce0be3cd
dashboard link: https://syzkaller.appspot.com/bug?extid=2a3a70059bd37e9b5c7d
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2a3a70...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 2338 Comm: syz-executor.1 Not tainted 4.19.206-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__in_dev_get_rtnl include/linux/inetdevice.h:237 [inline]
RIP: 0010:inet_gifconf+0xdd/0x380 net/ipv4/devinet.c:1212
Code: d9 d6 7d fa 45 84 e4 0f 84 42 02 00 00 e8 9b d5 7d fa 48 8d bb 38 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 7f 02 00 00 89 ee bf 28 00 00 00 48 8b 9b 38 03
RSP: 0018:ffff88822b45fa30 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffffffffffb0 RCX: ffffc90007e35000
RDX: 000000000000005d RSI: ffffffff86e4bd25 RDI: 00000000000002e8
RBP: 0000000000000028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: 00000000000008c0 R14: 00000000004379e0 R15: ffffffffffffffb0
FS: 00007f9f240e7700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000005400c8 CR3: 000000009eb56000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
dev_ifconf+0xdb/0x230 net/core/dev_ioctl.c:80
sock_do_ioctl+0x228/0x300 net/socket.c:1029
sock_ioctl+0x2ef/0x5d0 net/socket.c:1135
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f9f240e7188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9
RDX: 0000000000400308 RSI: 0000000000008912 RDI: 0000000000000004
RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffe8245beaf R14: 00007f9f240e7300 R15: 0000000000022000
Modules linked in:
---[ end trace 4e8cbf62595ef3df ]---
RIP: 0010:__in_dev_get_rtnl include/linux/inetdevice.h:237 [inline]
RIP: 0010:inet_gifconf+0xdd/0x380 net/ipv4/devinet.c:1212
Code: d9 d6 7d fa 45 84 e4 0f 84 42 02 00 00 e8 9b d5 7d fa 48 8d bb 38 03 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 7f 02 00 00 89 ee bf 28 00 00 00 48 8b 9b 38 03
RSP: 0018:ffff88822b45fa30 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffffffffffffffb0 RCX: ffffc90007e35000
RDX: 000000000000005d RSI: ffffffff86e4bd25 RDI: 00000000000002e8
RBP: 0000000000000028 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
R13: 00000000000008c0 R14: 00000000004379e0 R15: ffffffffffffffb0
FS: 00007f9f240e7700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f302b560000 CR3: 000000009eb56000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 2 bytes skipped:
0: 7d fa jge 0xfffffffc
2: 45 84 e4 test %r12b,%r12b
5: 0f 84 42 02 00 00 je 0x24d
b: e8 9b d5 7d fa callq 0xfa7dd5ab
10: 48 8d bb 38 03 00 00 lea 0x338(%rbx),%rdi
17: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1e: fc ff df
21: 48 89 fa mov %rdi,%rdx
24: 48 c1 ea 03 shr $0x3,%rdx
* 28: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2c: 0f 85 7f 02 00 00 jne 0x2b1
32: 89 ee mov %ebp,%esi
34: bf 28 00 00 00 mov $0x28,%edi
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 9b fwait
3c: 38 03 cmp %al,(%rbx)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 7, 2022, 12:06:22 AM1/7/22
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages