syzbot


WARNING: suspicious RCU usage in ctrl_cmd_new_lookup

Status: fixed on 2020/11/16 12:12
Subsystems: arm-msm net
[Documentation on labels]
Reported-by: syzbot+3025b9294f8cb0ede850@syzkaller.appspotmail.com
Fix commit: a7809ff90ce6 net: qrtr: ns: Protect radix_tree_deref_slot() using rcu read locks
First crash: 1423d, last: 1334d
Cause bisection: introduced by (bisect log) :
commit e42671084361302141a09284fde9bbc14fdd16bf
Author: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Date: Thu May 7 12:53:06 2020 +0000

  net: qrtr: Do not depend on ARCH_QCOM

Crash: WARNING: suspicious RCU usage in ctrl_cmd_new_lookup (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit a7809ff90ce6c48598d3c4ab54eb599bec1e9c42
Author: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Date: Sat Sep 26 16:56:25 2020 +0000

  net: qrtr: ns: Protect radix_tree_deref_slot() using rcu read locks

  
Discussions (2)
Title Replies (including bot) Last reply
WARNING: suspicious RCU usage in ctrl_cmd_new_lookup 1 (4) 2020/11/11 11:49
[PATCH] net: qrtr: Reintroduce ARCH_QCOM as a dependency for QRTR 2 (2) 2020/09/08 23:40
Last patch testing requests (3)
Created Duration User Patch Repo Result
2020/09/08 20:07 10m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2020/09/08 20:04 16m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
2020/09/08 20:04 18m anant.thazhemadam@gmail.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2020/10/22 08:55 3h43m bisect fix upstream job log (1)
2020/08/28 04:10 17m bisect fix upstream job log (0) log
2020/07/28 16:41 17m bisect fix upstream job log (0) log

Sample crash report:
=============================
WARNING: suspicious RCU usage
5.7.0-syzkaller #0 Not tainted
-----------------------------
include/linux/radix-tree.h:176 suspicious rcu_dereference_check() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by kworker/u4:0/7:
 #0: ffff88821b0bd138 ((wq_completion)qrtr_ns_handler){+.+.}-{0:0}, at: __write_once_size include/linux/compiler.h:279 [inline]
 #0: ffff88821b0bd138 ((wq_completion)qrtr_ns_handler){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff88821b0bd138 ((wq_completion)qrtr_ns_handler){+.+.}-{0:0}, at: atomic64_set include/asm-generic/atomic-instrumented.h:855 [inline]
 #0: ffff88821b0bd138 ((wq_completion)qrtr_ns_handler){+.+.}-{0:0}, at: atomic_long_set include/asm-generic/atomic-long.h:40 [inline]
 #0: ffff88821b0bd138 ((wq_completion)qrtr_ns_handler){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:615 [inline]
 #0: ffff88821b0bd138 ((wq_completion)qrtr_ns_handler){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:642 [inline]
 #0: ffff88821b0bd138 ((wq_completion)qrtr_ns_handler){+.+.}-{0:0}, at: process_one_work+0x844/0x16a0 kernel/workqueue.c:2239
 #1: ffffc90000cdfdc0 ((work_completion)(&qrtr_ns.work)){+.+.}-{0:0}, at: process_one_work+0x878/0x16a0 kernel/workqueue.c:2243

stack backtrace:
CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: qrtr_ns_handler qrtr_ns_worker
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 radix_tree_deref_slot include/linux/radix-tree.h:176 [inline]
 radix_tree_deref_slot include/linux/radix-tree.h:174 [inline]
 ctrl_cmd_new_lookup+0x6eb/0x7e0 net/qrtr/ns.c:558
 qrtr_ns_worker+0x5a1/0x153a net/qrtr/ns.c:674
 process_one_work+0x965/0x16a0 kernel/workqueue.c:2268

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/06/25 03:57 upstream 7ae77150d94d 54566aff .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/06/25 03:47 upstream 7ae77150d94d 54566aff .config console log report syz C ci-upstream-kasan-gce-root
2020/06/25 03:14 upstream 7ae77150d94d 54566aff .config console log report syz C ci-upstream-kasan-gce
2020/06/25 03:55 upstream 7ae77150d94d 54566aff .config console log report syz C ci-upstream-kasan-gce-386
2020/06/25 03:45 linux-next e7b08814b16b 54566aff .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/07/29 03:32 upstream 6ba1b005ffc3 cb93dc6a .config console log report ci-upstream-kasan-gce
2020/06/27 16:31 upstream 1590a2e1c681 ffec44b5 .config console log report ci-upstream-kasan-gce
2020/06/25 02:44 upstream 7ae77150d94d 54566aff .config console log report ci-upstream-kasan-gce
2020/09/03 19:02 upstream e28f0104343d abf9ba4f .config console log report ci-qemu-upstream-386
2020/09/22 08:55 linux-next b10b8ad86211 9e1fa68e .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.