syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING: suspicious RCU usage (3)

Status: fixed on 2017/12/21 04:38
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+73a7bec1bc0f4fc0512a246334081f8c671762a8@syzkaller.appspotmail.com
Fix commit: ecaaab564978 crypto: salsa20 - fix blkcipher_walk API usage
First crash: 2345d, last: 2340d
Duplicate bugs (5)
duplicates (5):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
BUG: sleeping function called from invalid context at arch/x86/mm/fault.c:LINE crypto 11 2320d 2339d 0/26 closed as dup on 2017/11/30 20:41
kernel BUG at ./include/linux/mm.h:LINE! (2) crypto 27 2323d 2341d 0/26 closed as dup on 2017/11/29 05:00
suspicious RCU usage at ./include/linux/mm.h:LINE crypto 89 2325d 2341d 0/26 closed as dup on 2017/11/29 05:00
BUG: unable to handle kernel NULL pointer dereference in kfree crypto 28 2327d 2340d 0/26 closed as dup on 2017/11/29 19:46
suspicious RCU usage at ./include/trace/events/kmem.h:LINE crypto C 7891 2322d 2341d 0/26 closed as dup on 2017/11/29 04:59
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING: suspicious RCU usage 1 2444d 2444d 0/26 closed as invalid on 2017/08/17 16:34
upstream WARNING: suspicious RCU usage (5) C done 1 683d 679d 20/26 fixed on 2022/06/24 08:21
upstream WARNING: suspicious RCU usage (4) bpf trace C done 1 2064d 2062d 13/26 fixed on 2019/10/04 12:05

Sample crash report:
=============================
WARNING: suspicious RCU usage
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 27142 Comm: syz-executor1 Not tainted 4.14.0+ #192
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3371 [inline]
 __do_kmalloc mm/slab.c:3709 [inline]
 __kmalloc+0x63/0x760 mm/slab.c:3720
 kmalloc include/linux/slab.h:504 [inline]
 sock_kmalloc+0x112/0x190 net/core/sock.c:1979
 af_alg_alloc_areq+0x74/0x2f0 crypto/af_alg.c:1088
 _skcipher_recvmsg crypto/algif_skcipher.c:76 [inline]
 skcipher_recvmsg+0x6dd/0xf30 crypto/algif_skcipher.c:164
 sock_recvmsg_nosec net/socket.c:805 [inline]
 sock_recvmsg+0xc9/0x110 net/socket.c:812
 ___sys_recvmsg+0x29b/0x630 net/socket.c:2207
 __sys_recvmsg+0xe2/0x210 net/socket.c:2252
 SYSC_recvmsg net/socket.c:2264 [inline]
 SyS_recvmsg+0x2d/0x50 net/socket.c:2259
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007fd62e5dabe8 EFLAGS: 00000212 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000000 RSI: 0000000020008000 RDI: 0000000000000014
RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b757e
R13: 00007fd62e5dab58 R14: 00000000004b758e R15: 0000000000000000
FAULT_INJECTION: forcing a failure.
name failslab, interval 1, probability 0, space 0, times 0
CPU: 1 PID: 27153 Comm: syz-executor1 Not tainted 4.14.0+ #192
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 fail_dump lib/fault-inject.c:51 [inline]
 should_fail+0x8c0/0xa40 lib/fault-inject.c:149
 should_failslab+0xec/0x120 mm/failslab.c:32
 slab_pre_alloc_hook mm/slab.h:421 [inline]
 slab_alloc mm/slab.c:3371 [inline]
 __do_kmalloc mm/slab.c:3709 [inline]
 __kmalloc+0x63/0x760 mm/slab.c:3720
 kmalloc include/linux/slab.h:504 [inline]
 sock_kmalloc+0x112/0x190 net/core/sock.c:1979
 _skcipher_recvmsg crypto/algif_skcipher.c:104 [inline]
 skcipher_recvmsg+0x1e6/0xf30 crypto/algif_skcipher.c:164
 sock_recvmsg_nosec net/socket.c:805 [inline]
 sock_recvmsg+0xc9/0x110 net/socket.c:812
 ___sys_recvmsg+0x29b/0x630 net/socket.c:2207
 __sys_recvmsg+0xe2/0x210 net/socket.c:2252
 SYSC_recvmsg net/socket.c:2264 [inline]
 SyS_recvmsg+0x2d/0x50 net/socket.c:2259
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007fd62e5dabe8 EFLAGS: 00000212 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000000 RSI: 0000000020008000 RDI: 0000000000000014
RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b757e
R13: 00007fd62e5dab58 R14: 00000000004b758e R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 27153 Comm: syz-executor1 Not tainted 4.14.0+ #192
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801c90e0040 task.stack: ffff8801cd848000
RIP: 0010:compound_head include/linux/page-flags.h:147 [inline]
RIP: 0010:put_page include/linux/mm.h:849 [inline]
RIP: 0010:af_alg_free_areq_sgls+0x5d1/0xab0 crypto/af_alg.c:678
RSP: 0018:ffff8801cd84f7f8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffffffff8239b91a
RDX: 000000000000bf30 RSI: ffffc900036ec000 RDI: 0000000000000000
RBP: ffff8801cd84f9f0 R08: 1ffff10039b09e7f R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8801d6520300 R15: ffffed0039b09f31
FS:  00007fd62e5db700(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004d3ee4 CR3: 00000001d389f000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 _skcipher_recvmsg crypto/algif_skcipher.c:150 [inline]
 skcipher_recvmsg+0x897/0xf30 crypto/algif_skcipher.c:164
 sock_recvmsg_nosec net/socket.c:805 [inline]
 sock_recvmsg+0xc9/0x110 net/socket.c:812
 ___sys_recvmsg+0x29b/0x630 net/socket.c:2207
 __sys_recvmsg+0xe2/0x210 net/socket.c:2252
 SYSC_recvmsg net/socket.c:2264 [inline]
 SyS_recvmsg+0x2d/0x50 net/socket.c:2259
 entry_SYSCALL_64_fastpath+0x1f/0x96
RIP: 0033:0x452879
RSP: 002b:00007fd62e5dabe8 EFLAGS: 00000212 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
RDX: 0000000000000000 RSI: 0000000020008000 RDI: 0000000000000014
RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000004b757e
R13: 00007fd62e5dab58 R14: 00000000004b758e R15: 0000000000000000
Code: 00 00 48 8d 45 98 48 bb 00 00 00 00 00 fc ff df 48 89 85 48 fe ff ff 48 c1 e8 03 4c 8d 3c 18 e8 c6 39 36 ff 4c 89 e0 48 c1 e8 03 <80> 3c 18 00 0f 85 4b 03 00 00 49 8b 04 24 48 83 e0 fc 48 89 85 
RIP: compound_head include/linux/page-flags.h:147 [inline] RSP: ffff8801cd84f7f8
RIP: put_page include/linux/mm.h:849 [inline] RSP: ffff8801cd84f7f8
RIP: af_alg_free_areq_sgls+0x5d1/0xab0 crypto/af_alg.c:678 RSP: ffff8801cd84f7f8
---[ end trace 33b781ea746d789e ]---

Crashes (16):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/11/24 17:03 net-next-old 1d3b78bbc6e9 deb5f6ae .config console log report ci-upstream-kasan-gce
2017/11/27 06:51 net-next-old 1d3b78bbc6e9 deb5f6ae .config console log report ci-upstream-kasan-gce-386
2017/11/26 20:28 upstream 844056fd74eb 4bd70f88 .config console log report ci-upstream-kasan-gce-386
2017/11/26 19:38 upstream 844056fd74eb 4bd70f88 .config console log report ci-upstream-kasan-gce-386
2017/11/26 09:27 net-next-old 1d3b78bbc6e9 deb5f6ae .config console log report ci-upstream-kasan-gce-386
2017/11/25 22:51 net-next-old 1d3b78bbc6e9 deb5f6ae .config console log report ci-upstream-kasan-gce-386
2017/11/25 02:28 net-next-old 1d3b78bbc6e9 deb5f6ae .config console log report ci-upstream-kasan-gce-386
2017/11/25 01:39 net-next-old 1d3b78bbc6e9 deb5f6ae .config console log report ci-upstream-kasan-gce-386
2017/11/29 09:05 net-next-old 1d3b78bbc6e9 29b0fd90 .config console log report ci-upstream-net-kasan-gce
2017/11/29 05:46 net-next-old 1d3b78bbc6e9 29b0fd90 .config console log report ci-upstream-net-kasan-gce
2017/11/27 20:26 net-next-old 1d3b78bbc6e9 29b0fd90 .config console log report ci-upstream-net-kasan-gce
2017/11/27 16:37 net-next-old 1d3b78bbc6e9 29b0fd90 .config console log report ci-upstream-net-kasan-gce
2017/11/29 13:55 mmots a4f586bceda4 34f2c233 .config console log report ci-upstream-mmots-kasan-gce
2017/11/29 00:09 mmots dbf9f9124937 1808de66 .config console log report ci-upstream-mmots-kasan-gce
2017/11/28 01:45 linux-next b0a84f19a516 afba0b55 .config console log report ci-upstream-next-kasan-gce
2017/11/26 08:58 linux-next 6fc478f80f68 4bd70f88 .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.