INFO: suspicious RCU usage in xfrm4_rcv_encap
4 views
Skip to first unread message
syzbot
Apr 12, 2019, 8:00:53 PM4/12/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: a5fc6659 Merge 4.4.147 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=167c13e2400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9404302f0450302a
dashboard link: https://syzkaller.appspot.com/bug?extid=231c883d06b77d8dbd9f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=173ede06400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166b989a400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+231c88...@syzkaller.appspotmail.com
===============================
[ INFO: suspicious RCU usage. ]
4.4.147-ga5fc665 #80 Not tainted
-------------------------------
net/ipv4/xfrm4_protocol.c:80 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
no locks held by syz-executor170/7452.
stack backtrace:
CPU: 0 PID: 7452 Comm: syz-executor170 Not tainted 4.4.147-ga5fc665 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 bab0e37a634fe800 ffff8801ca3277a0 ffffffff81e12a4d
ffff8801cefb6000 0000000000000000 0000000000000001 ffffffff83f25700
0000000000000002 ffff8801ca3277d0 ffffffff814108b7 ffffffff8497e6c0
Call Trace:
[<ffffffff81e12a4d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81e12a4d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff814108b7>] lockdep_rcu_suspicious.cold.47+0x110/0x141
kernel/locking/lockdep.c:4305
[<ffffffff833c49fa>] xfrm4_rcv_encap+0x30a/0x370
net/ipv4/xfrm4_protocol.c:80
[<ffffffff833c2f2e>] xfrm4_udp_encap_rcv+0x4de/0x720
net/ipv4/xfrm4_input.c:148
[<ffffffff832d9868>] udp_queue_rcv_skb+0xb38/0x1580 net/ipv4/udp.c:1547
[<ffffffff82f30e0b>] sk_backlog_rcv include/net/sock.h:871 [inline]
[<ffffffff82f30e0b>] __release_sock net/core/sock.c:2023 [inline]
[<ffffffff82f30e0b>] release_sock+0x17b/0x500 net/core/sock.c:2473
[<ffffffff832d6ae2>] udp_sendmsg+0x1152/0x1c70 net/ipv4/udp.c:1107
[<ffffffff83306c83>] inet_sendmsg+0x203/0x4d0 net/ipv4/af_inet.c:755
[<ffffffff82f2391c>] sock_sendmsg_nosec net/socket.c:626 [inline]
[<ffffffff82f2391c>] sock_sendmsg+0xcc/0x110 net/socket.c:636
[<ffffffff82f23b83>] sock_write_iter+0x223/0x3b0 net/socket.c:835
[<ffffffff8151f3cd>] new_sync_write fs/read_write.c:478 [inline]
[<ffffffff8151f3cd>] __vfs_write+0x30d/0x3f0 fs/read_write.c:491
[<ffffffff81520fb1>] vfs_write+0x191/0x4e0 fs/read_write.c:538
[<ffffffff815235b9>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff815235b9>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
[<ffffffff838c8c65>] entry_SYSCALL_64_fastpath+0x22/0x9e
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: a5fc6659 Merge 4.4.147 into android-4.4
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=167c13e2400000
kernel config: https://syzkaller.appspot.com/x/.config?x=9404302f0450302a
dashboard link: https://syzkaller.appspot.com/bug?extid=231c883d06b77d8dbd9f
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=173ede06400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166b989a400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+231c88...@syzkaller.appspotmail.com
===============================
[ INFO: suspicious RCU usage. ]
4.4.147-ga5fc665 #80 Not tainted
-------------------------------
net/ipv4/xfrm4_protocol.c:80 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
no locks held by syz-executor170/7452.
stack backtrace:
CPU: 0 PID: 7452 Comm: syz-executor170 Not tainted 4.4.147-ga5fc665 #80
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 bab0e37a634fe800 ffff8801ca3277a0 ffffffff81e12a4d
ffff8801cefb6000 0000000000000000 0000000000000001 ffffffff83f25700
0000000000000002 ffff8801ca3277d0 ffffffff814108b7 ffffffff8497e6c0
Call Trace:
[<ffffffff81e12a4d>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81e12a4d>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff814108b7>] lockdep_rcu_suspicious.cold.47+0x110/0x141
kernel/locking/lockdep.c:4305
[<ffffffff833c49fa>] xfrm4_rcv_encap+0x30a/0x370
net/ipv4/xfrm4_protocol.c:80
[<ffffffff833c2f2e>] xfrm4_udp_encap_rcv+0x4de/0x720
net/ipv4/xfrm4_input.c:148
[<ffffffff832d9868>] udp_queue_rcv_skb+0xb38/0x1580 net/ipv4/udp.c:1547
[<ffffffff82f30e0b>] sk_backlog_rcv include/net/sock.h:871 [inline]
[<ffffffff82f30e0b>] __release_sock net/core/sock.c:2023 [inline]
[<ffffffff82f30e0b>] release_sock+0x17b/0x500 net/core/sock.c:2473
[<ffffffff832d6ae2>] udp_sendmsg+0x1152/0x1c70 net/ipv4/udp.c:1107
[<ffffffff83306c83>] inet_sendmsg+0x203/0x4d0 net/ipv4/af_inet.c:755
[<ffffffff82f2391c>] sock_sendmsg_nosec net/socket.c:626 [inline]
[<ffffffff82f2391c>] sock_sendmsg+0xcc/0x110 net/socket.c:636
[<ffffffff82f23b83>] sock_write_iter+0x223/0x3b0 net/socket.c:835
[<ffffffff8151f3cd>] new_sync_write fs/read_write.c:478 [inline]
[<ffffffff8151f3cd>] __vfs_write+0x30d/0x3f0 fs/read_write.c:491
[<ffffffff81520fb1>] vfs_write+0x191/0x4e0 fs/read_write.c:538
[<ffffffff815235b9>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff815235b9>] SyS_write+0xd9/0x1c0 fs/read_write.c:577
[<ffffffff838c8c65>] entry_SYSCALL_64_fastpath+0x22/0x9e
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages