WARNING: suspicious RCU usage in xfrm_alloc_userspi
18 views
Skip to first unread message
syzbot
Mar 19, 2019, 12:02:08 PM3/19/19
to da...@davemloft.net, her...@gondor.apana.org.au, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: b9998194 Add linux-next specific files for 20190318
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17a2e24d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=59cd5d43b5df6955
dashboard link: https://syzkaller.appspot.com/bug?extid=59752237f7ab21c3f3c3
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e70cb3200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17292127200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+597522...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
5.1.0-rc1-next-20190318 #5 Not tainted
-----------------------------
net/xfrm/xfrm_user.c:1080 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor085/7946:
#0: 00000000a55031b5 (&net->xfrm.xfrm_cfg_mutex){+.+.}, at:
xfrm_netlink_rcv+0x61/0x90 net/xfrm/xfrm_user.c:2691
stack backtrace:
CPU: 0 PID: 7946 Comm: syz-executor085 Not tainted 5.1.0-rc1-next-20190318
#5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5162
xfrm_nlmsg_unicast net/xfrm/xfrm_user.c:1080 [inline]
xfrm_alloc_userspi+0x7d5/0xa80 net/xfrm/xfrm_user.c:1356
xfrm_user_rcv_msg+0x458/0x770 net/xfrm/xfrm_user.c:2684
netlink_rcv_skb+0x17a/0x460 net/netlink/af_netlink.c:2485
xfrm_netlink_rcv+0x70/0x90 net/xfrm/xfrm_user.c:2692
netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
netlink_unicast+0x536/0x720 net/netlink/af_netlink.c:1336
netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1925
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xdd/0x130 net/socket.c:661
___sys_sendmsg+0x806/0x930 net/socket.c:2260
__sys_sendmsg+0x105/0x1d0 net/socket.c:2298
__do_sys_sendmsg net/socket.c:2307 [inline]
__se_sys_sendmsg net/socket.c:2305 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2305
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440499
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffcf12caf08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440499
RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000040
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: b9998194 Add linux-next specific files for 20190318
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17a2e24d200000
kernel config: https://syzkaller.appspot.com/x/.config?x=59cd5d43b5df6955
dashboard link: https://syzkaller.appspot.com/bug?extid=59752237f7ab21c3f3c3
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e70cb3200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17292127200000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+597522...@syzkaller.appspotmail.com
=============================
WARNING: suspicious RCU usage
5.1.0-rc1-next-20190318 #5 Not tainted
-----------------------------
net/xfrm/xfrm_user.c:1080 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor085/7946:
#0: 00000000a55031b5 (&net->xfrm.xfrm_cfg_mutex){+.+.}, at:
xfrm_netlink_rcv+0x61/0x90 net/xfrm/xfrm_user.c:2691
stack backtrace:
CPU: 0 PID: 7946 Comm: syz-executor085 Not tainted 5.1.0-rc1-next-20190318
#5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5162
xfrm_nlmsg_unicast net/xfrm/xfrm_user.c:1080 [inline]
xfrm_alloc_userspi+0x7d5/0xa80 net/xfrm/xfrm_user.c:1356
xfrm_user_rcv_msg+0x458/0x770 net/xfrm/xfrm_user.c:2684
netlink_rcv_skb+0x17a/0x460 net/netlink/af_netlink.c:2485
xfrm_netlink_rcv+0x70/0x90 net/xfrm/xfrm_user.c:2692
netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
netlink_unicast+0x536/0x720 net/netlink/af_netlink.c:1336
netlink_sendmsg+0x8ae/0xd70 net/netlink/af_netlink.c:1925
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xdd/0x130 net/socket.c:661
___sys_sendmsg+0x806/0x930 net/socket.c:2260
__sys_sendmsg+0x105/0x1d0 net/socket.c:2298
__do_sys_sendmsg net/socket.c:2307 [inline]
__se_sys_sendmsg net/socket.c:2305 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2305
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440499
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffcf12caf08 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440499
RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000040
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Eric Dumazet
Mar 19, 2019, 12:23:50 PM3/19/19
to syzbot, da...@davemloft.net, her...@gondor.apana.org.au, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com, Su Yanjun
CC Su Yanjun
syzbot
Mar 19, 2019, 4:59:01 PM3/19/19
to da...@davemloft.net, eric.d...@gmail.com, f...@strlen.de, her...@gondor.apana.org.au, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, suyj...@cn.fujitsu.com, syzkall...@googlegroups.com
syzbot has bisected this bug to:
commit f10e0010fae8174dc20bdc872bcaa85baa925cb7
Author: Su Yanjun <suyj...@cn.fujitsu.com>
Date: Thu Mar 7 01:54:08 2019 +0000
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1644ec8b200000
start commit: f10e0010 net: xfrm: Add '_rcu' tag for rcu protected point..
git tree: linux-next
final crash: https://syzkaller.appspot.com/x/report.txt?x=1544ec8b200000
console output: https://syzkaller.appspot.com/x/log.txt?x=1144ec8b200000
Fixes: f10e0010 ("net: xfrm: Add '_rcu' tag for rcu protected pointer in
netns_xfrm")
commit f10e0010fae8174dc20bdc872bcaa85baa925cb7
Author: Su Yanjun <suyj...@cn.fujitsu.com>
Date: Thu Mar 7 01:54:08 2019 +0000
net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1644ec8b200000
start commit: f10e0010 net: xfrm: Add '_rcu' tag for rcu protected point..
git tree: linux-next
final crash: https://syzkaller.appspot.com/x/report.txt?x=1544ec8b200000
console output: https://syzkaller.appspot.com/x/log.txt?x=1144ec8b200000
kernel config: https://syzkaller.appspot.com/x/.config?x=59cd5d43b5df6955
dashboard link: https://syzkaller.appspot.com/bug?extid=59752237f7ab21c3f3c3
dashboard link: https://syzkaller.appspot.com/bug?extid=59752237f7ab21c3f3c3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e70cb3200000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17292127200000
Reported-by: syzbot+597522...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17292127200000
Fixes: f10e0010 ("net: xfrm: Add '_rcu' tag for rcu protected pointer in
netns_xfrm")
Su Yanjun <suyj.fnst@cn.fujitsu.com>
Mar 19, 2019, 8:55:28 PM3/19/19
to Eric Dumazet, syzbot, da...@davemloft.net, her...@gondor.apana.org.au, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com
Thanks
Eric Biggers
Mar 20, 2019, 1:14:50 PM3/20/19
to syzbot, Dmitry Vyukov, syzkall...@googlegroups.com
On Tue, Mar 19, 2019 at 01:59:00PM -0700, syzbot wrote:
>
> Reported-by: syzbot+597522...@syzkaller.appspotmail.com
> Fixes: f10e0010 ("net: xfrm: Add '_rcu' tag for rcu protected pointer in
> netns_xfrm")
Dmitry, can you fix the format of the Fixes: line? It is supposed to contain 12
>
> Reported-by: syzbot+597522...@syzkaller.appspotmail.com
> Fixes: f10e0010 ("net: xfrm: Add '_rcu' tag for rcu protected pointer in
> netns_xfrm")
characters from the commit hash, and be one line.
Fixes: f10e0010fae8 ("net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm")
- Eric
Dmitry Vyukov
Mar 21, 2019, 4:38:48 AM3/21/19
to Eric Biggers, syzbot, syzkaller-bugs
hash is fixed by:
https://github.com/google/syzkaller/commit/f6094a8c64442f7933534128c20f03b726cfed5d
I don't think we do anything with line splits. syzbot should mail it
all in 1 line. I think what happened is that you received this email
from some other source too and that second email contained line split
and then your email client replaced the first version with the second
version of the email. I am not sure what we can do with this...
Eric Biggers
Mar 21, 2019, 9:21:52 AM3/21/19
to Dmitry Vyukov, syzbot, syzkaller-bugs
- Eric
Dmitry Vyukov
Mar 21, 2019, 9:28:57 AM3/21/19
to Eric Biggers, syzbot, syzkaller-bugs
Reply all
Reply to author
Forward
0 new messages