syzbot


BUG: sleeping function called from invalid context in tcf_chain0_head_change_cb_del

Status: fixed on 2019/10/15 23:40
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+ac54455281db908c581e@syzkaller.appspotmail.com
Fix commit: e3ae1f96accd net: sched: sch_sfb: don't call qdisc_put() while holding tree lock
First crash: 1535d, last: 1520d
Cause bisection: introduced by (bisect log) :
commit c266f64dbfa2a970a13b0574246c0ddfec492365
Author: Vlad Buslov <vladbu@mellanox.com>
Date: Mon Feb 11 08:55:32 2019 +0000

  net: sched: protect block state with mutex

Crash: BUG: sleeping function called from invalid context in __tcf_block_put (log)
Repro: C syz .config
  
Discussions (6)
Title Replies (including bot) Last reply
[PATCH 5.3 000/163] 5.3.9-stable review 174 (174) 2019/11/06 10:49
[PATCH AUTOSEL 5.3 01/33] net: ipv6: fix listify ip6_rcv_finish in case of forwarding 35 (35) 2019/10/25 15:49
[PATCH net v3 0/3] Fix Qdisc destroy issues caused by adding fine-grained locking to filter API 6 (6) 2019/09/27 10:15
[PATCH net v2 0/3] Fix Qdisc destroy issues caused by adding fine-grained locking to filter API 9 (9) 2019/09/20 16:53
[PATCH net 0/3] Fix Qdisc destroy issues caused by adding fine-grained locking to filter API 9 (9) 2019/09/19 19:13
BUG: sleeping function called from invalid context in tcf_chain0_head_change_cb_del 4 (5) 2019/09/17 19:57

Sample crash report:
BUG: sleeping function called from invalid context at kernel/locking/mutex.c:935
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 9170, name: syz-executor845
2 locks held by syz-executor845/9170:
 #0: ffffffff899a12a0 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0: ffffffff899a12a0 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40a/0xb00 net/core/rtnetlink.c:5220
 #1: ffff8880a0d3f740 (&(&sch->q.lock)->rlock){+...}, at: spin_lock_bh include/linux/spinlock.h:343 [inline]
 #1: ffff8880a0d3f740 (&(&sch->q.lock)->rlock){+...}, at: sch_tree_lock include/net/sch_generic.h:544 [inline]
 #1: ffff8880a0d3f740 (&(&sch->q.lock)->rlock){+...}, at: sfb_change+0x257/0xe90 net/sched/sch_sfb.c:519
Preemption disabled at:
[<ffffffff85c6e0a7>] spin_lock_bh include/linux/spinlock.h:343 [inline]
[<ffffffff85c6e0a7>] sch_tree_lock include/net/sch_generic.h:544 [inline]
[<ffffffff85c6e0a7>] sfb_change+0x257/0xe90 net/sched/sch_sfb.c:519
CPU: 1 PID: 9170 Comm: syz-executor845 Not tainted 5.3.0+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 ___might_sleep.cold+0x1fb/0x23e kernel/sched/core.c:6807
 __might_sleep+0x95/0x190 kernel/sched/core.c:6760
 __mutex_lock_common kernel/locking/mutex.c:935 [inline]
 __mutex_lock+0xc5/0x13c0 kernel/locking/mutex.c:1103
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118
 tcf_chain0_head_change_cb_del.isra.0+0x34/0x3e0 net/sched/cls_api.c:774
 tcf_block_put_ext.part.0+0x2a/0x80 net/sched/cls_api.c:1345
 tcf_block_put_ext net/sched/cls_api.c:1343 [inline]
 tcf_block_put+0xbf/0x110 net/sched/cls_api.c:1358
 sfb_destroy+0x37/0x80 net/sched/sch_sfb.c:467
 qdisc_destroy+0x11f/0x630 net/sched/sch_generic.c:968
 qdisc_put+0x85/0xa0 net/sched/sch_generic.c:995
 sfb_change+0x3d8/0xe90 net/sched/sch_sfb.c:522
 qdisc_change net/sched/sch_api.c:1321 [inline]
 tc_modify_qdisc+0xfcf/0x1c50 net/sched/sch_api.c:1623
 rtnetlink_rcv_msg+0x463/0xb00 net/core/rtnetlink.c:5223
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:5241
 netlink_unicast_kernel net/netlink/af_netlink.c:1302 [inline]
 netlink_unicast+0x531/0x710 net/netlink/af_netlink.c:1328
 netlink_sendmsg+0x8a5/0xd60 net/netlink/af_netlink.c:1917
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446519
Code: e8 1c ba 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab 0e fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f62937ecdb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006dbc68 RCX: 0000000000446519
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000006
RBP: 00000000006dbc60 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000006dbc6c
R13: 00007ffe074cdc2f R14: 00007f62937ed9c0 R15: 0000000000000000

Crashes (187):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/09/24 22:43 upstream 4c07e2ddab5b 0942eab8 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/09/24 11:37 upstream e94f8ccde471 c68252d2 .config console log report syz C ci-upstream-kasan-gce-root
2019/09/23 08:26 upstream 619e17cf75dd d96e88f3 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/09/21 23:14 upstream 227c3e9eb5cf d96e88f3 .config console log report syz C ci-upstream-kasan-gce
2019/09/16 00:48 upstream 1609d7604b84 32d59357 .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/09/21 04:26 upstream f97c81dc6ca5 d96e88f3 .config console log report syz C ci-upstream-kasan-gce-386
2019/09/28 11:08 linux-next bb2aee77c82d d8074e0b .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/09/29 07:01 upstream f1f2f614d535 eb6b9855 .config console log report ci-upstream-kasan-gce-root
2019/09/29 04:50 upstream f1f2f614d535 eb6b9855 .config console log report ci-upstream-kasan-gce-smack-root
2019/09/28 22:12 upstream f1f2f614d535 eb6b9855 .config console log report ci-upstream-kasan-gce
2019/09/28 20:22 upstream f1f2f614d535 eb6b9855 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/28 12:11 upstream 8f744bdee4fe d8074e0b .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/28 09:24 upstream 8f744bdee4fe d8074e0b .config console log report ci-upstream-kasan-gce-root
2019/09/28 08:02 upstream 8f744bdee4fe d8074e0b .config console log report ci-upstream-kasan-gce-smack-root
2019/09/27 11:10 upstream da05b5ea12c1 2f1548bc .config console log report ci-upstream-kasan-gce
2019/09/27 01:57 upstream cbafe18c7102 2f1548bc .config console log report ci-upstream-kasan-gce
2019/09/27 01:55 upstream cbafe18c7102 2f1548bc .config console log report ci-upstream-kasan-gce-smack-root
2019/09/26 13:47 upstream f41def397161 24d405a3 .config console log report ci-upstream-kasan-gce-smack-root
2019/09/26 10:29 upstream f41def397161 24d405a3 .config console log report ci-upstream-kasan-gce-root
2019/09/26 05:49 upstream f41def397161 24d405a3 .config console log report ci-upstream-kasan-gce-root
2019/09/25 14:57 upstream 351c8a09b00b e38a6630 .config console log report ci-upstream-kasan-gce
2019/09/25 13:18 upstream 351c8a09b00b e38a6630 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/25 11:31 upstream 351c8a09b00b e38a6630 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/24 13:38 upstream e94f8ccde471 c68252d2 .config console log report ci-upstream-kasan-gce
2019/09/24 09:04 upstream e94f8ccde471 c68252d2 .config console log report ci-upstream-kasan-gce
2019/09/24 07:43 upstream e94f8ccde471 c68252d2 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/24 05:45 upstream e94f8ccde471 c68252d2 .config console log report ci-upstream-kasan-gce-root
2019/09/24 00:34 upstream 3c6a6910a81e 1e9788a0 .config console log report ci-upstream-kasan-gce
2019/09/23 18:08 upstream 3c6a6910a81e 1e9788a0 .config console log report ci-upstream-kasan-gce-root
2019/09/23 16:41 upstream 619e17cf75dd 1e9788a0 .config console log report ci-upstream-kasan-gce
2019/09/23 06:37 upstream 619e17cf75dd d96e88f3 .config console log report ci-upstream-kasan-gce-root
2019/09/23 04:33 upstream f7c3bf8fa7e5 d96e88f3 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/22 15:36 upstream f7c3bf8fa7e5 d96e88f3 .config console log report ci-upstream-kasan-gce-smack-root
2019/09/22 12:49 upstream f7c3bf8fa7e5 d96e88f3 .config console log report ci-upstream-kasan-gce-smack-root
2019/09/22 07:51 upstream 227c3e9eb5cf d96e88f3 .config console log report ci-upstream-kasan-gce-selinux-root
2019/09/22 06:25 upstream 227c3e9eb5cf d96e88f3 .config console log report ci-upstream-kasan-gce-root
2019/09/22 01:47 upstream 227c3e9eb5cf d96e88f3 .config console log report ci-upstream-kasan-gce-root
2019/09/21 22:11 upstream 227c3e9eb5cf d96e88f3 .config console log report ci-upstream-kasan-gce-root
2019/09/21 20:43 upstream 227c3e9eb5cf d96e88f3 .config console log report ci-upstream-kasan-gce-smack-root
2019/09/21 19:13 upstream 227c3e9eb5cf d96e88f3 .config console log report ci-upstream-kasan-gce-root
2019/09/21 16:46 upstream f97c81dc6ca5 d96e88f3 .config console log report ci-upstream-kasan-gce-root
2019/09/21 14:42 upstream f97c81dc6ca5 d96e88f3 .config console log report ci-upstream-kasan-gce
2019/09/15 23:29 upstream 1609d7604b84 32d59357 .config console log report ci-upstream-kasan-gce-smack-root
2019/09/23 12:33 net-old 34b4688425d9 d96e88f3 .config console log report ci-upstream-net-this-kasan-gce
2019/09/28 16:54 net-next-old b41dae061bbd eb6b9855 .config console log report ci-upstream-net-kasan-gce
2019/09/30 03:02 linux-next bb2aee77c82d c1ad5441 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/29 01:07 linux-next bb2aee77c82d eb6b9855 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/28 23:29 linux-next bb2aee77c82d eb6b9855 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/26 17:18 linux-next d47175169c28 24d405a3 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/25 18:59 linux-next 9e88347dedd8 a3355dba .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/25 07:22 linux-next 9e88347dedd8 e38a6630 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/25 01:19 linux-next 9e88347dedd8 0942eab8 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/23 00:29 linux-next b5b3bd898ba9 d96e88f3 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/22 23:12 linux-next b5b3bd898ba9 d96e88f3 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/22 21:25 linux-next b5b3bd898ba9 d96e88f3 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/09/22 18:59 linux-next b5b3bd898ba9 d96e88f3 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.