syzbot
unread,Jun 25, 2024, 12:51:27 PM (4 days ago) Jun 25Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to and...@kernel.org, a...@kernel.org, big...@linutronix.de, b...@vger.kernel.org, dan...@iogearbox.net, da...@davemloft.net, dsa...@kernel.org, edd...@gmail.com, edum...@google.com, hao...@google.com, john.fa...@gmail.com, jo...@kernel.org, kps...@kernel.org, ku...@kernel.org, linux-...@vger.kernel.org, marti...@linux.dev, net...@vger.kernel.org, pab...@redhat.com, s...@fomichev.me, s...@google.com, so...@kernel.org, syzkall...@googlegroups.com, yongho...@linux.dev
Hello,
syzbot found the following issue on:
HEAD commit: bf2468f9afba Merge branch 'locking-introduce-nested-bh-loc..
git tree: net-next
console+strace:
https://syzkaller.appspot.com/x/log.txt?x=13cb0aea980000
kernel config:
https://syzkaller.appspot.com/x/.config?x=e78fc116033e0ab7
dashboard link:
https://syzkaller.appspot.com/bug?extid=608a2acde8c5a101d07d
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=12eaa3ea980000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=15eff72e980000
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/f3b564f7e07c/disk-bf2468f9.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/cd47135279ed/vmlinux-bf2468f9.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/ccb81d174cf6/bzImage-bf2468f9.xz
The issue was bisected to:
commit d1542d4ae4dfdc47c9b3205ebe849ed23af213dd
Author: Sebastian Andrzej Siewior <
big...@linutronix.de>
Date: Thu Jun 20 13:22:02 2024 +0000
seg6: Use nested-BH locking for seg6_bpf_srh_states.
bisection log:
https://syzkaller.appspot.com/x/bisect.txt?x=10311e2a980000
final oops:
https://syzkaller.appspot.com/x/report.txt?x=12311e2a980000
console output:
https://syzkaller.appspot.com/x/log.txt?x=14311e2a980000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+608a2a...@syzkaller.appspotmail.com
Fixes: d1542d4ae4df ("seg6: Use nested-BH locking for seg6_bpf_srh_states.")
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5091 at net/core/filter.c:6579 ____bpf_lwt_seg6_adjust_srh net/core/filter.c:6579 [inline]
WARNING: CPU: 0 PID: 5091 at net/core/filter.c:6579 bpf_lwt_seg6_adjust_srh+0x877/0xb30 net/core/filter.c:6568
Modules linked in:
CPU: 0 PID: 5091 Comm: syz-executor570 Not tainted 6.10.0-rc4-syzkaller-00891-gbf2468f9afba #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:____bpf_lwt_seg6_adjust_srh net/core/filter.c:6579 [inline]
RIP: 0010:bpf_lwt_seg6_adjust_srh+0x877/0xb30 net/core/filter.c:6568
Code: bf 80 33 f8 eb 05 e8 b8 80 33 f8 48 c7 c0 f2 ff ff ff e9 d1 fc ff ff e8 a7 80 33 f8 48 63 c3 e9 c4 fc ff ff e8 9a 80 33 f8 90 <0f> 0b 90 4d 85 f6 0f 85 0e f9 ff ff e9 46 fa ff ff e8 83 80 33 f8
RSP: 0018:ffffc900034a77a0 EFLAGS: 00010293
RAX: ffffffff8962a486 RBX: 0000000000000000 RCX: ffff888017fdda00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900034a78d8 R08: ffffffff89629d8b R09: 1ffffffff1f5b52d
R10: dffffc0000000000 R11: ffffffffa00007d0 R12: 0000000000000000
R13: ffff8880b943d060 R14: 0000000000000000 R15: dffffc0000000000
FS: 000055555b006380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000564def260000 CR3: 00000000775ec000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bpf_prog_2088341bddeddc1d+0x40/0x42
bpf_dispatcher_nop_func include/linux/bpf.h:1243 [inline]
__bpf_prog_run include/linux/filter.h:691 [inline]
bpf_prog_run include/linux/filter.h:698 [inline]
bpf_test_run+0x4f0/0xa90 net/bpf/test_run.c:432
bpf_prog_test_run_skb+0xafa/0x13b0 net/bpf/test_run.c:1081
bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4313
__sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5728
__do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5815
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f541c355529
Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffca122c488 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007ffca122c658 RCX: 00007f541c355529
RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a
RBP: 00007f541c3c8610 R08: 0000000000000000 R09: 00007ffca122c658
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007ffca122c648 R14: 0000000000000001 R15: 0000000000000001
</TASK>
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see:
https://goo.gl/tpsmEJ#bisection
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup