syzbot

 sign-in | mailing list | source | docs
🐞 Open [954] 🐞 Fixed [4015] 🐞 Invalid [8893] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

BUG: assuming atomic context at net/core/flow_dissector.c:LINE

Status: fixed on 2019/06/14 18:22
Reported-by: syzbot+@syzkaller.appspotmail.com
Fix commit: b1c17a9a3538 flow_dissector: disable preemption around BPF calls
First crash: 1234d, last: 1230d

Sample crash report:
BUG: assuming atomic context at net/core/flow_dissector.c:737
in_atomic(): 0, irqs_disabled(): 0, pid: 7674, name: syz-executor.3
2 locks held by syz-executor.3/7674:
 #0: 00000000363cac26 (&tfile->napi_mutex){+.+.}, at: tun_get_user+0x168e/0x3ff0 drivers/net/tun.c:1850
 #1: 0000000009291175 (rcu_read_lock){....}, at: __skb_flow_dissect+0x1e1/0x4bb0 net/core/flow_dissector.c:822
CPU: 1 PID: 7674 Comm: syz-executor.3 Not tainted 5.1.0+ #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 __cant_sleep kernel/sched/core.c:6165 [inline]
 __cant_sleep.cold+0xa3/0xbb kernel/sched/core.c:6142
 bpf_flow_dissect+0xfe/0x390 net/core/flow_dissector.c:737
 __skb_flow_dissect+0x362/0x4bb0 net/core/flow_dissector.c:853
 skb_flow_dissect_flow_keys_basic include/linux/skbuff.h:1322 [inline]
 skb_probe_transport_header include/linux/skbuff.h:2500 [inline]
 skb_probe_transport_header include/linux/skbuff.h:2493 [inline]
 tun_get_user+0x2cfe/0x3ff0 drivers/net/tun.c:1940
 tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:2037
 call_write_iter include/linux/fs.h:1872 [inline]
 do_iter_readv_writev+0x5fd/0x900 fs/read_write.c:693
 do_iter_write fs/read_write.c:970 [inline]
 do_iter_write+0x184/0x610 fs/read_write.c:951
 vfs_writev+0x1b3/0x2f0 fs/read_write.c:1015
 do_writev+0x15b/0x330 fs/read_write.c:1058
 __do_sys_writev fs/read_write.c:1131 [inline]
 __se_sys_writev fs/read_write.c:1128 [inline]
 __x64_sys_writev+0x75/0xb0 fs/read_write.c:1128
 do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458c61
Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 e4 b9 fb ff c3 48 83 ec 08 e8 1a 2d 00 00 48 89 04 24 b8 14 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 63 2d 00 00 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007f6914c37ba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000014
RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000458c61
RDX: 0000000000000001 RSI: 00007f6914c37c00 RDI: 00000000000000f0
RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00007f6914c386d4
R13: 00000000004c77d2 R14: 00000000004dd9d0 R15: 00000000ffffffff

Crashes (19):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-kasan-gce 2019/05/13 03:56 net-next b970afcfcabd 5f302c04 .config log report syz
ci-upstream-net-kasan-gce 2019/05/12 20:11 net-next b970afcfcabd 5f302c04 .config log report syz
ci-upstream-kasan-gce-root 2019/05/13 07:30 upstream d7a02fa0a8f9 16ab1e89 .config log report
ci-upstream-kasan-gce-smack-root 2019/05/13 02:44 upstream d7a02fa0a8f9 5f302c04 .config log report
ci-upstream-kasan-gce-root 2019/05/13 02:41 upstream 47782361aca2 5f302c04 .config log report
ci-upstream-kasan-gce-root 2019/05/10 22:38 upstream b970afcfcabd cfeec859 .config log report
ci-upstream-bpf-kasan-gce 2019/05/15 09:14 bpf e2f7fc0ac695 bd4e3ac7 .config log report
ci-upstream-bpf-kasan-gce 2019/05/14 05:08 bpf e2f7fc0ac695 7c305b44 .config log report
ci-upstream-bpf-kasan-gce 2019/05/13 02:37 bpf 6b1d90b7b35b 5f302c04 .config log report
ci-upstream-bpf-kasan-gce 2019/05/12 22:42 bpf a5e4bff6105d 5f302c04 .config log report
ci-upstream-net-this-kasan-gce 2019/05/12 07:29 net 8f779443b440 c017728b .config log report
ci-upstream-bpf-kasan-gce 2019/05/10 22:38 bpf 3ef4641fbf87 cfeec859 .config log report
ci-upstream-bpf-next-kasan-gce 2019/05/13 02:36 bpf-next 80f232121b69 5f302c04 .config log report
ci-upstream-net-kasan-gce 2019/05/13 02:36 net-next b970afcfcabd 5f302c04 .config log report
ci-upstream-net-kasan-gce 2019/05/12 19:02 net-next b970afcfcabd 5f302c04 .config log report
ci-upstream-bpf-next-kasan-gce 2019/05/11 16:55 bpf-next 80f232121b69 46caad94 .config log report
ci-upstream-net-kasan-gce 2019/05/10 22:34 net-next b970afcfcabd cfeec859 .config log report
ci-upstream-bpf-next-kasan-gce 2019/05/10 22:32 bpf-next 80f232121b69 cfeec859 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/05/13 02:42 linux-next a802303934b3 5f302c04 .config log report
* Struck through repros no longer work on HEAD.