general protection fault in qdisc_destroy
13 views
Skip to first unread message
syzbot
Sep 10, 2019, 9:23:08 PM9/10/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: ee809c7e Linux 4.19.72
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=103493c1600000
kernel config: https://syzkaller.appspot.com/x/.config?x=ad6c5c98f4231da9
dashboard link: https://syzkaller.appspot.com/bug?extid=f18f2615be0576f2bf69
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14acf6f6600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124fe895600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f18f26...@syzkaller.appspotmail.com
RBP: 00007ffdfc0c6ca0 R08: 0000000000000001 R09: 0000000120080522
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7624 Comm: syz-executor185 Not tainted 4.19.72 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:qdisc_destroy+0x2f/0x690 net/sched/sch_generic.c:948
Code: 57 41 56 41 55 41 54 49 89 fc 53 48 83 ec 28 e8 27 6d ed fb 49 8d 7c
24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84
c0 74 08 3c 03 0f 8e d5 04 00 00 41 8b 5c 24 10 31
RSP: 0018:ffff8880955f7448 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88807ff3e900 RCX: ffffffff857ef0ba
RDX: 0000000000000002 RSI: ffffffff857de969 RDI: 0000000000000010
RBP: ffff8880955f7498 R08: ffff8880964a2280 R09: ffff8880964a2b20
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88807ff3e900 R14: ffff88808a83e400 R15: ffff88807ff3e93c
FS: 000000000127c880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdfc0c6c70 CR3: 00000000a0949000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
sfb_destroy+0x61/0x80 net/sched/sch_sfb.c:472
qdisc_create+0xaa6/0x1230 net/sched/sch_api.c:1203
tc_modify_qdisc+0x51b/0x1bdc net/sched/sch_api.c:1570
rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:4747
netlink_rcv_skb+0x17d/0x460 net/netlink/af_netlink.c:2454
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4765
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x537/0x720 net/netlink/af_netlink.c:1343
netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:632
___sys_sendmsg+0x803/0x920 net/socket.c:2115
__sys_sendmsg+0x105/0x1d0 net/socket.c:2153
__do_sys_sendmsg net/socket.c:2162 [inline]
__se_sys_sendmsg net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4416d9
Code: e8 9c ae 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdfc0c6c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004416d9
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 00007ffdfc0c6ca0 R08: 0000000000000001 R09: 0000000120080522
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 82073fda8f6c8478 ]---
RIP: 0010:qdisc_destroy+0x2f/0x690 net/sched/sch_generic.c:948
Code: 57 41 56 41 55 41 54 49 89 fc 53 48 83 ec 28 e8 27 6d ed fb 49 8d 7c
24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84
c0 74 08 3c 03 0f 8e d5 04 00 00 41 8b 5c 24 10 31
RSP: 0018:ffff8880955f7448 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88807ff3e900 RCX: ffffffff857ef0ba
RDX: 0000000000000002 RSI: ffffffff857de969 RDI: 0000000000000010
RBP: ffff8880955f7498 R08: ffff8880964a2280 R09: ffff8880964a2b20
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88807ff3e900 R14: ffff88808a83e400 R15: ffff88807ff3e93c
FS: 000000000127c880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdfc0c6c70 CR3: 00000000a0949000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: ee809c7e Linux 4.19.72
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=103493c1600000
kernel config: https://syzkaller.appspot.com/x/.config?x=ad6c5c98f4231da9
dashboard link: https://syzkaller.appspot.com/bug?extid=f18f2615be0576f2bf69
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14acf6f6600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124fe895600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f18f26...@syzkaller.appspotmail.com
RBP: 00007ffdfc0c6ca0 R08: 0000000000000001 R09: 0000000120080522
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 7624 Comm: syz-executor185 Not tainted 4.19.72 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:qdisc_destroy+0x2f/0x690 net/sched/sch_generic.c:948
Code: 57 41 56 41 55 41 54 49 89 fc 53 48 83 ec 28 e8 27 6d ed fb 49 8d 7c
24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84
c0 74 08 3c 03 0f 8e d5 04 00 00 41 8b 5c 24 10 31
RSP: 0018:ffff8880955f7448 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88807ff3e900 RCX: ffffffff857ef0ba
RDX: 0000000000000002 RSI: ffffffff857de969 RDI: 0000000000000010
RBP: ffff8880955f7498 R08: ffff8880964a2280 R09: ffff8880964a2b20
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88807ff3e900 R14: ffff88808a83e400 R15: ffff88807ff3e93c
FS: 000000000127c880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdfc0c6c70 CR3: 00000000a0949000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
sfb_destroy+0x61/0x80 net/sched/sch_sfb.c:472
qdisc_create+0xaa6/0x1230 net/sched/sch_api.c:1203
tc_modify_qdisc+0x51b/0x1bdc net/sched/sch_api.c:1570
rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:4747
netlink_rcv_skb+0x17d/0x460 net/netlink/af_netlink.c:2454
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4765
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x537/0x720 net/netlink/af_netlink.c:1343
netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xd7/0x130 net/socket.c:632
___sys_sendmsg+0x803/0x920 net/socket.c:2115
__sys_sendmsg+0x105/0x1d0 net/socket.c:2153
__do_sys_sendmsg net/socket.c:2162 [inline]
__se_sys_sendmsg net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2160
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4416d9
Code: e8 9c ae 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 3b 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdfc0c6c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004416d9
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 00007ffdfc0c6ca0 R08: 0000000000000001 R09: 0000000120080522
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 82073fda8f6c8478 ]---
RIP: 0010:qdisc_destroy+0x2f/0x690 net/sched/sch_generic.c:948
Code: 57 41 56 41 55 41 54 49 89 fc 53 48 83 ec 28 e8 27 6d ed fb 49 8d 7c
24 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84
c0 74 08 3c 03 0f 8e d5 04 00 00 41 8b 5c 24 10 31
RSP: 0018:ffff8880955f7448 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff88807ff3e900 RCX: ffffffff857ef0ba
RDX: 0000000000000002 RSI: ffffffff857de969 RDI: 0000000000000010
RBP: ffff8880955f7498 R08: ffff8880964a2280 R09: ffff8880964a2b20
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88807ff3e900 R14: ffff88808a83e400 R15: ffff88807ff3e93c
FS: 000000000127c880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffdfc0c6c70 CR3: 00000000a0949000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Sep 16, 2019, 1:29:07 AM9/16/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e2cd24b6 Linux 4.14.143
syzbot found the following crash on:
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1148c845600000
kernel config: https://syzkaller.appspot.com/x/.config?x=dcb6107bcdc0039
dashboard link: https://syzkaller.appspot.com/bug?extid=3cf1f0cc076c816106a2
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
R13: 00000000004c77fb R14: 00000000004dd098 R15: 0000000000000009
kasan: CONFIG_KASAN_INLINE enabled
protocol 88fb is buggy, dev hsr_slave_0
kasan: GPF could be caused by NULL-ptr deref or user memory access
protocol 88fb is buggy, dev hsr_slave_1
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 19136 Comm: syz-executor.0 Not tainted 4.14.143 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff8880619fc380 task.stack: ffff888058560000
Google 01/01/2011
RIP: 0010:qdisc_destroy+0x26/0x320 net/sched/sch_generic.c:708
RSP: 0018:ffff888058567590 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90007026000
RDX: 0000000000000002 RSI: ffffffff84e2ed11 RDI: 0000000000000010
RBP: ffff8880585675a8 R08: ffff8880619fc380 R09: ffff8880619fcc20
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805f7d6980
R13: ffffffff84eae9b0 R14: 00000000fffffff4 R15: ffff88809a7195e4
FS: 00007f0cd127e700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000960004 CR3: 00000000569e0000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
sfb_destroy+0x61/0x80 net/sched/sch_sfb.c:471
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
qdisc_create+0x9e0/0xe60 net/sched/sch_api.c:1113
tc_modify_qdisc+0x494/0x1270 net/sched/sch_api.c:1434
rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4598e9
RSP: 002b:00007f0cd127dc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f0cd127dc90 RCX: 00000000004598e9
RDX: 0000000000000000 RSI: 0000000020009200 RDI: 0000000000000005
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0cd127e6d4
R13: 00000000004c77fb R14: 00000000004dd098 R15: 0000000000000009
Code: 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 89 fb e8 5f f5 79 fc 48
8d 7b 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02
84 c0 74 08 3c 03 0f 8e 70 02 00 00 f6 43 10 01 74
RIP: qdisc_destroy+0x26/0x320 net/sched/sch_generic.c:708 RSP:
ffff888058567590
---[ end trace 818ee70c61fb3e5a ]---
syzbot
Sep 20, 2019, 9:00:06 AM9/20/19
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: b10ab5e2 Linux 4.14.145
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12a6a6ad600000
kernel config: https://syzkaller.appspot.com/x/.config?x=c6745c57c2bc7f87
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1168fcb1600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3cf1f0...@syzkaller.appspotmail.com
RBP: 00007ffe42bc60a0 R08: 0000000000000001 R09: 00000000bb1414ac
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11011a6d934
RDX: 0000000000000002 RSI: ffff88808d36c980 RDI: 0000000000000010
RBP: ffff88809bdaf5a8 R08: ffff88808d36c100 R09: ffff88808d36c9a0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888089f7a0c0
R13: ffffffff84eaeb60 R14: 00000000fffffff4 R15: ffff888094ac7ce4
FS: 0000000001462880(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
RSP: 002b:00007ffe42bc6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441669
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 00007ffe42bc60a0 R08: 0000000000000001 R09: 00000000bb1414ac
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000
Code: 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 89 fb e8 2f f4 79 fc 48
---[ end trace 47d4e85bb3c07596 ]---
HEAD commit: b10ab5e2 Linux 4.14.145
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12a6a6ad600000
kernel config: https://syzkaller.appspot.com/x/.config?x=c6745c57c2bc7f87
dashboard link: https://syzkaller.appspot.com/bug?extid=3cf1f0cc076c816106a2
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=177968e9600000
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1168fcb1600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+3cf1f0...@syzkaller.appspotmail.com
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 6795 Comm: syz-executor191 Not tainted 4.14.145 #0
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88808d36c100 task.stack: ffff88809bda8000
Google 01/01/2011
RIP: 0010:qdisc_destroy+0x26/0x320 net/sched/sch_generic.c:708
RSP: 0018:ffff88809bdaf590 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 1ffff11011a6d934
RDX: 0000000000000002 RSI: ffff88808d36c980 RDI: 0000000000000010
RBP: ffff88809bdaf5a8 R08: ffff88808d36c100 R09: ffff88808d36c9a0
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888089f7a0c0
R13: ffffffff84eaeb60 R14: 00000000fffffff4 R15: ffff888094ac7ce4
FS: 0000000001462880(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a5760000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
sfb_destroy+0x61/0x80 net/sched/sch_sfb.c:471
qdisc_create+0x9e0/0xe60 net/sched/sch_api.c:1113
tc_modify_qdisc+0x494/0x1270 net/sched/sch_api.c:1434
rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x441669
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
sfb_destroy+0x61/0x80 net/sched/sch_sfb.c:471
qdisc_create+0x9e0/0xe60 net/sched/sch_api.c:1113
tc_modify_qdisc+0x494/0x1270 net/sched/sch_api.c:1434
rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x45d/0x640 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RSP: 002b:00007ffe42bc6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441669
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 00007ffe42bc60a0 R08: 0000000000000001 R09: 00000000bb1414ac
R10: 0000000000000000 R11: 0000000000000246 R12: ffffffffffffffff
R13: 0000000000000006 R14: 0000000000000000 R15: 0000000000000000
Code: 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 89 fb e8 2f f4 79 fc 48
8d 7b 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02
84 c0 74 08 3c 03 0f 8e 70 02 00 00 f6 43 10 01 74
RIP: qdisc_destroy+0x26/0x320 net/sched/sch_generic.c:708 RSP:
ffff88809bdaf590
84 c0 74 08 3c 03 0f 8e 70 02 00 00 f6 43 10 01 74
RIP: qdisc_destroy+0x26/0x320 net/sched/sch_generic.c:708 RSP:
---[ end trace 47d4e85bb3c07596 ]---
syzbot
Dec 8, 2019, 5:53:02 AM12/8/19
to syzkaller...@googlegroups.com
syzbot suspects this bug was fixed by commit:
commit e0f600b69df33b5ef69c2821ac69fafa96baab98
Author: Cong Wang <xiyou.w...@gmail.com>
Date: Thu Sep 12 17:22:30 2019 +0000
net_sched: let qdisc_put() accept NULL pointer
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12b5bb7ae00000
start commit: b10ab5e2 Linux 4.14.145
git tree: linux-4.14.y
#syz fix: net_sched: let qdisc_put() accept NULL pointer
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit e0f600b69df33b5ef69c2821ac69fafa96baab98
Author: Cong Wang <xiyou.w...@gmail.com>
Date: Thu Sep 12 17:22:30 2019 +0000
net_sched: let qdisc_put() accept NULL pointer
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=12b5bb7ae00000
start commit: b10ab5e2 Linux 4.14.145
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=c6745c57c2bc7f87
dashboard link: https://syzkaller.appspot.com/bug?extid=3cf1f0cc076c816106a2
dashboard link: https://syzkaller.appspot.com/bug?extid=3cf1f0cc076c816106a2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=177968e9600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1168fcb1600000
If the result looks correct, please mark the bug fixed by replying with:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1168fcb1600000
#syz fix: net_sched: let qdisc_put() accept NULL pointer
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Dec 8, 2019, 10:01:02 AM12/8/19
to syzkaller...@googlegroups.com
syzbot suspects this bug was fixed by commit:
commit 7a1bad565cebfbf6956f9bb36dba734a48fa31d4
Author: Cong Wang <xiyou.w...@gmail.com>
Date: Thu Sep 12 17:22:30 2019 +0000
net_sched: let qdisc_put() accept NULL pointer
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1486e59ce00000
Date: Thu Sep 12 17:22:30 2019 +0000
net_sched: let qdisc_put() accept NULL pointer
start commit: ee809c7e Linux 4.19.72
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=ad6c5c98f4231da9
dashboard link: https://syzkaller.appspot.com/bug?extid=f18f2615be0576f2bf69
dashboard link: https://syzkaller.appspot.com/bug?extid=f18f2615be0576f2bf69
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14acf6f6600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124fe895600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124fe895600000
Reply all
Reply to author
Forward
0 new messages