syzbot


suspicious RCU usage at ./include/linux/rcupdate.h:LINE (2)

Status: fixed on 2018/01/22 13:19
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+ca425f44816d749e8eb49755567a75ee48cf4a30@syzkaller.appspotmail.com
Fix commit: 2f10a61cee8f xfrm: fix rcu usage in xfrm_get_type_offload
First crash: 2469d, last: 2338d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 4.14 000/159] 4.14.22-stable review 164 (164) 2018/02/24 17:57
[PATCH 05/11] xfrm: fix rcu usage in xfrm_get_type_offload 1 (1) 2018/01/11 11:37
[PATCH ipsec] xfrm: fix rcu usage in xfrm_get_type_offload 2 (2) 2017/12/31 16:09
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream suspicious RCU usage at ./include/linux/rcupdate.h:LINE (4) perf C 7264 2322d 2326d 4/27 fixed on 2018/02/12 17:26
upstream suspicious RCU usage at ./include/linux/rcupdate.h:LINE (3) bpf C 5087 2328d 2337d 4/27 fixed on 2018/02/01 04:00
upstream suspicious RCU usage at ./include/linux/rcupdate.h:LINE 1 2485d 2485d 0/27 closed as invalid on 2017/08/27 08:48

Sample crash report:
audit: type=1400 audit(1514793026.648:7): avc:  denied  { map } for  pid=3496 comm="syzkaller466182" path="/root/syzkaller466182713" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1

=============================
WARNING: suspicious RCU usage
4.15.0-rc6+ #245 Not tainted
-----------------------------
./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by syzkaller466182/3496:
 #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000c0aba7b0>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598
 #1:  (rcu_read_lock){....}, at: [<00000000c5557572>] xfrm_state_get_afinfo+0x62/0x280 net/xfrm/xfrm_state.c:2150

stack backtrace:
CPU: 0 PID: 3496 Comm: syzkaller466182 Not tainted 4.15.0-rc6+ #245
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4585
 rcu_preempt_sleep_check include/linux/rcupdate.h:301 [inline]
 ___might_sleep+0x385/0x470 kernel/sched/core.c:6025
 __might_sleep+0x95/0x190 kernel/sched/core.c:6013
 slab_pre_alloc_hook mm/slab.h:419 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc_trace+0x298/0x750 mm/slab.c:3608
 kmalloc include/linux/slab.h:499 [inline]
 call_modprobe kernel/kmod.c:80 [inline]
 __request_module+0x2e1/0xc20 kernel/kmod.c:171
 xfrm_get_type_offload net/xfrm/xfrm_state.c:317 [inline]
 __xfrm_init_state+0xa61/0xdd0 net/xfrm/xfrm_state.c:2250
 xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline]
 xfrm_add_sa+0x1a09/0x33e0 net/xfrm/xfrm_user.c:646
 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2408
 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
 netlink_unicast_kernel net/netlink/af_netlink.c:1275 [inline]
 netlink_unicast+0x4ee/0x700 net/netlink/af_netlink.c:1301
 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1864
 sock_sendmsg_nosec net/socket.c:636 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:646
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2026
 __sys_sendmsg+0xe5/0x210 net/socket.c:2060
 SYSC_sendmsg net/socket.c:2071 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2067
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x440059
RSP: 002b:00007ffdaa1844a8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440059
RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004019c0
R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
BUG: sleeping function called from invalid context at mm/slab.h:419
in_atomic(): 1, irqs_disabled(): 0, pid: 3496, name: syzkaller466182
2 locks held by syzkaller466182/3496:
 #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000c0aba7b0>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598
 #1:  (rcu_read_lock){....}, at: [<00000000c5557572>] xfrm_state_get_afinfo+0x62/0x280 net/xfrm/xfrm_state.c:2150
CPU: 0 PID: 3496 Comm: syzkaller466182 Not tainted 4.15.0-rc6+ #245
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 ___might_sleep+0x2b2/0x470 kernel/sched/core.c:6060
 __might_sleep+0x95/0x190 kernel/sched/core.c:6013
 slab_pre_alloc_hook mm/slab.h:419 [inline]
 slab_alloc mm/slab.c:3368 [inline]
 kmem_cache_alloc_trace+0x298/0x750 mm/slab.c:3608
 kmalloc include/linux/slab.h:499 [inline]
 call_modprobe kernel/kmod.c:80 [inline]
 __request_module+0x2e1/0xc20 kernel/kmod.c:171
 xfrm_get_type_offload net/xfrm/xfrm_state.c:317 [inline]
 __xfrm_init_state+0xa61/0xdd0 net/xfrm/xfrm_state.c:2250
 xfrm_state_construct net/xfrm/xfrm_user.c:590 [inline]
 xfrm_add_sa+0x1a09/0x33e0 net/xfrm/xfrm_user.c:646
 xfrm_user_rcv_msg+0x422/0x860 net/xfrm/xfrm_user.c:2591
 netlink_rcv_skb+0x224/0x470 net/netlink/af_netlink.c:2408
 xfrm_netlink_rcv+0x6f/0x90 net/xfrm/xfrm_user.c:2599
 netlink_unicast_kernel net/netlink/af_netlink.c:1275 [inline]
 netlink_unicast+0x4ee/0x700 net/netlink/af_netlink.c:1301
 netlink_sendmsg+0xa4a/0xe60 net/netlink/af_netlink.c:1864
 sock_sendmsg_nosec net/socket.c:636 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:646
 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2026
 __sys_sendmsg+0xe5/0x210 net/socket.c:2060
 SYSC_sendmsg net/socket.c:2071 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2067
 entry_SYSCALL_64_fastpath+0x23/0x9a
RIP: 0033:0x440059
RSP: 002b:00007ffdaa1844a8 EFLAGS: 00000203 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000440059
RDX: 0000000000000000 RSI: 0000000020004000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000203 R12: 00000000004019c0
R13: 0000000000401a50 R14: 0000000000000000 R15: 0000000000000000
BUG: scheduling while atomic: syzkaller466182/3496/0x00000002
2 locks held by syzkaller466182/3496:
 #0:  (&net->xfrm.xfrm_cfg_mutex){+.+.}, at: [<00000000c0aba7b0>] xfrm_netlink_rcv+0x60/0x90 net/xfrm/xfrm_user.c:2598
 #1:  (rcu_read_lock){....}, at: [<00000000c5557572>] xfrm_state_get_afinfo+0x62/0x280 net/xfrm/xfrm_state.c:2150
Modules linked in:

Crashes (174):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/01/01 07:52 upstream 30a7acd57389 00193447 .config console log report syz C ci-upstream-kasan-gce
2018/01/01 11:10 net-next-old 6bb8824732f6 00193447 .config console log report syz C ci-upstream-net-kasan-gce
2017/12/31 12:53 net-next-old 6bb8824732f6 00193447 .config console log report syz C ci-upstream-net-kasan-gce
2018/01/01 04:41 linux-next 0e08c463db38 00193447 .config console log report syz C ci-upstream-next-kasan-gce
2018/01/01 02:05 mmots 37759fa6d0fa 00193447 .config console log report syz C ci-upstream-mmots-kasan-gce
2018/01/21 10:33 upstream 24b61240471a fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/21 04:11 upstream 24b61240471a fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 18:54 upstream 8dd903d2cf7b fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/15 14:25 upstream a8750ddca918 66d492a6 .config console log report ci-upstream-kasan-gce
2018/01/15 06:45 upstream 9443c168505d 66d492a6 .config console log report ci-upstream-kasan-gce
2018/01/14 12:44 upstream 2c1cfa499018 c9e7aeae .config console log report ci-upstream-kasan-gce
2018/01/12 19:42 upstream 1545dec46db3 9dc808a6 .config console log report ci-upstream-kasan-gce
2018/01/11 22:26 upstream 5f615b97cdea 9dc808a6 .config console log report ci-upstream-kasan-gce
2018/01/11 00:56 upstream 5f615b97cdea 02a19b64 .config console log report ci-upstream-kasan-gce
2018/01/09 13:51 upstream ef7f8cec80a0 11dc42f6 .config console log report ci-upstream-kasan-gce
2018/01/09 13:35 upstream d32da5841b0f 11dc42f6 .config console log report ci-upstream-kasan-gce
2018/01/20 07:54 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce-386
2018/01/15 18:54 net-next-old 564737f981fb 66d492a6 .config console log report ci-upstream-net-kasan-gce
2018/01/15 09:39 net-next-old 564737f981fb 66d492a6 .config console log report ci-upstream-net-kasan-gce
2018/01/15 02:39 net-next-old 1988c7957881 66d492a6 .config console log report ci-upstream-net-kasan-gce
2018/01/15 00:42 net-next-old 1988c7957881 66d492a6 .config console log report ci-upstream-net-kasan-gce
2018/01/14 13:50 net-next-old 6bd39bc3da0f c9e7aeae .config console log report ci-upstream-net-kasan-gce
2018/01/14 12:52 net-next-old 6bd39bc3da0f c9e7aeae .config console log report ci-upstream-net-kasan-gce
2018/01/14 07:27 net-next-old 6bd39bc3da0f c9e7aeae .config console log report ci-upstream-net-kasan-gce
2018/01/14 07:12 net-next-old 6bd39bc3da0f c9e7aeae .config console log report ci-upstream-net-kasan-gce
2018/01/13 18:40 net-next-old 6bd39bc3da0f c9e7aeae .config console log report ci-upstream-net-kasan-gce
2018/01/13 15:15 net-next-old 6bd39bc3da0f c9e7aeae .config console log report ci-upstream-net-kasan-gce
2018/01/13 04:29 net-next-old 6bd39bc3da0f 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/13 00:06 net-next-old 19d28fbd306e 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/12 19:41 net-next-old 19d28fbd306e 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/12 13:11 net-next-old 8c2e6c904fd8 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/12 06:22 net-next-old 8c2e6c904fd8 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/12 06:03 net-next-old 8c2e6c904fd8 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/12 03:54 net-next-old 8c2e6c904fd8 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/11 21:08 net-next-old c5e62a24278a 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/11 20:15 net-next-old c5e62a24278a 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/11 17:57 net-next-old c5e62a24278a 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/11 12:49 net-next-old c5e62a24278a 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/11 12:27 net-next-old c5e62a24278a 9dc808a6 .config console log report ci-upstream-net-kasan-gce
2018/01/11 01:25 net-next-old e2b3b35eb989 02a19b64 .config console log report ci-upstream-net-kasan-gce
2018/01/10 22:29 net-next-old e2b3b35eb989 02a19b64 .config console log report ci-upstream-net-kasan-gce
2018/01/10 21:44 net-next-old e2b3b35eb989 02a19b64 .config console log report ci-upstream-net-kasan-gce
2018/01/10 21:20 net-next-old e2b3b35eb989 02a19b64 .config console log report ci-upstream-net-kasan-gce
2018/01/10 10:00 net-next-old 61ad64080e03 02a19b64 .config console log report ci-upstream-net-kasan-gce
2018/01/10 03:50 net-next-old 61ad64080e03 1f60c828 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.