syzbot


suspicious RCU usage at kernel/rcu/tree_plugin.h:LINE

Status: auto-closed as invalid on 2019/02/22 12:36
First crash: 2279d, last: 2268d

Sample crash report:
===============================
[ INFO: suspicious RCU usage. ]
4.9.79-g71f1469 #25 Not tainted
-------------------------------
binder: 8515:8529 ioctl 541b 202c3ffc returned -22
kernel/rcu/tree_plugin.h:672 Illegal synchronize_rcu() in RCU read-side critical section!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 0
2 locks held by sshd/4059:
 #0:  (rcu_read_lock){......}, at: [<ffffffff81bd963d>] INIT_LIST_HEAD include/linux/list.h:28 [inline]
 #0:  (rcu_read_lock){......}, at: [<ffffffff81bd963d>] avc_compute_av+0xad/0x640 security/selinux/avc.c:975
IPv4: Oversized IP packet from 127.0.0.1
binder: 8516:8535 ioctl 541b 202c3ffc returned -22
 #1:  (rcu_callback){......}, at: [<ffffffff812932a7>] __rcu_reclaim kernel/rcu/rcu.h:108 [inline]
 #1:  (rcu_callback){......}, at: [<ffffffff812932a7>] rcu_do_batch kernel/rcu/tree.c:2789 [inline]
 #1:  (rcu_callback){......}, at: [<ffffffff812932a7>] invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
 #1:  (rcu_callback){......}, at: [<ffffffff812932a7>] __rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
 #1:  (rcu_callback){......}, at: [<ffffffff812932a7>] rcu_process_callbacks+0x977/0x1300 kernel/rcu/tree.c:3037

stack backtrace:
CPU: 1 PID: 4059 Comm: sshd Not tainted 4.9.79-g71f1469 #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 ffff8801db307d50 ffffffff81d94829 ffff8801d67bb000 0000000000000000
 0000000000000002 ffffffff83a6d440 ffff8801cb61c158 ffff8801db307d80
 ffffffff81238379 ffff8801cb61c000 ffff8801d4a5aa48 ffff8801d4a5a248
Call Trace:
 <IRQ> [   43.838831]  [<ffffffff81d94829>] __dump_stack lib/dump_stack.c:15 [inline]
 <IRQ> [   43.838831]  [<ffffffff81d94829>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
 [<ffffffff81238379>] lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4455
 [<ffffffff8128fb78>] synchronize_rcu+0x68/0x90 kernel/rcu/tree_plugin.h:669
 [<ffffffff83584545>] __l2tp_session_unhash+0x3d5/0x550 net/l2tp/l2tp_core.c:1792
 [<ffffffff835848a7>] l2tp_tunnel_closeall+0x1e7/0x3a0 net/l2tp/l2tp_core.c:1364
 [<ffffffff835851ce>] l2tp_tunnel_destruct+0x30e/0x5a0 net/l2tp/l2tp_core.c:1324
 [<ffffffff82ee5033>] __sk_destruct+0x53/0x570 net/core/sock.c:1428
 [<ffffffff812931c8>] __rcu_reclaim kernel/rcu/rcu.h:118 [inline]
 [<ffffffff812931c8>] rcu_do_batch kernel/rcu/tree.c:2789 [inline]
 [<ffffffff812931c8>] invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
 [<ffffffff812931c8>] __rcu_process_callbacks kernel/rcu/tree.c:3020 [inline]
 [<ffffffff812931c8>] rcu_process_callbacks+0x898/0x1300 kernel/rcu/tree.c:3037
 [<ffffffff838ba0c6>] __do_softirq+0x206/0x951 kernel/softirq.c:284
 [<ffffffff81146be5>] invoke_softirq kernel/softirq.c:364 [inline]
 [<ffffffff81146be5>] irq_exit+0x165/0x190 kernel/softirq.c:405
 [<ffffffff838b8cdb>] exiting_irq arch/x86/include/asm/apic.h:659 [inline]
 [<ffffffff838b8cdb>] smp_apic_timer_interrupt+0x7b/0xa0 arch/x86/kernel/apic/apic.c:960
 [<ffffffff838b4f60>] apic_timer_interrupt+0xa0/0xb0 arch/x86/entry/entry_64.S:752
 <EOI> 
 [<ffffffff81bd888a>] spin_unlock_irqrestore include/linux/spinlock.h:362 [inline]
 [<ffffffff81bd888a>] avc_reclaim_node security/selinux/avc.c:543 [inline]
 [<ffffffff81bd888a>] avc_alloc_node+0x27a/0x3e0 security/selinux/avc.c:561
 [<ffffffff81bd9712>] avc_insert security/selinux/avc.c:672 [inline]
 [<ffffffff81bd9712>] avc_compute_av+0x182/0x640 security/selinux/avc.c:978
 [<ffffffff81bdb838>] avc_has_perm_noaudit security/selinux/avc.c:1114 [inline]
 [<ffffffff81bdb838>] avc_has_perm+0x378/0x4f0 security/selinux/avc.c:1148
 [<ffffffff81bddfa8>] inode_has_perm security/selinux/hooks.c:1720 [inline]
 [<ffffffff81bddfa8>] file_has_perm+0x278/0x440 security/selinux/hooks.c:1810
 [<ffffffff81becabc>] selinux_revalidate_file_permission security/selinux/hooks.c:3378 [inline]
 [<ffffffff81becabc>] selinux_file_permission+0x31c/0x460 security/selinux/hooks.c:3399
 [<ffffffff81bd2f8d>] security_file_permission+0x7d/0x1e0 security/security.c:778
 [<ffffffff8156f97e>] rw_verify_area+0xde/0x2b0 fs/read_write.c:427
 [<ffffffff8156fc42>] vfs_read+0xf2/0x380 fs/read_write.c:471
 [<ffffffff81573999>] SYSC_read fs/read_write.c:591 [inline]
 [<ffffffff81573999>] SyS_read+0xd9/0x1b0 fs/read_write.c:584
 [<ffffffff838b346e>] entry_SYSCALL_64_fastpath+0x29/0xe8
ODEBUG: object is not on stack, but annotated
------------[ cut here ]------------
WARNING: CPU: 1 PID: 4059 at lib/debugobjects.c:300 debug_object_is_on_stack lib/debugobjects.c:300 [inline]
WARNING: CPU: 1 PID: 4059 at lib/debugobjects.c:300 __debug_object_init+0x526/0xc40 lib/debugobjects.c:326

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/02/01 16:14 https://android.googlesource.com/kernel/common android-4.9 71f146972231 67bd3383 .config console log report ci-android-49-kasan-gce
2018/01/24 19:08 https://android.googlesource.com/kernel/common android-4.9 e9dabe69deb8 866f1102 .config console log report ci-android-49-kasan-gce
2018/01/22 14:46 https://android.googlesource.com/kernel/common android-4.9 e12a9c4458ff 228e3d95 .config console log report ci-android-49-kasan-gce
2018/01/28 09:13 https://android.googlesource.com/kernel/common android-4.9 68d447c0a37b 08d47756 .config console log report ci-android-49-kasan-gce-386
* Struck through repros no longer work on HEAD.