From: "Paul E. McKenney" <paulmck@linux.ibm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Stefano Brivio <sbrivio@redhat.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
Arjan van de Ven <arjan@linux.intel.com>,
syzbot <syzbot+43f6755d1c2e62743468@syzkaller.appspotmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Josh Triplett <josh@joshtriplett.org>,
LKML <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@kernel.org>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
netdev <netdev@vger.kernel.org>
Subject: Re: WARNING in __rcu_read_unlock
Date: Mon, 17 Dec 2018 11:56:22 -0800 [thread overview]
Message-ID: <20181217195622.GM4170@linux.ibm.com> (raw)
In-Reply-To: <CACT4Y+ZU3F=AyyuNyVia7gT22Z71JKM-K4uap0J-iumF=NjH9A@mail.gmail.com>
On Mon, Dec 17, 2018 at 07:45:58PM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 17, 2018 at 12:29 PM Paul E. McKenney <paulmck@linux.ibm.com> wrote:
> > Any chance of a bisection?
>
> Better later then never. Bisection also needs testing :)
Well, it looks like it did pass the test, arriving at the same commit
that Eric called out. ;-)
Thanx, Paul
> syz-bisect -config bisect.cfg -crash dda626cdbd87eafe9a755acbbe102e2b6096b256
> searching for guilty commit starting from 2aa55dccf83d
> building syzkaller on 7624ddd6
> testing commit 2aa55dccf83d7ca9f1da59ae005426c44fbeb890 with gcc (GCC) 8.1.0
> run #0: crashed: KASAN: slab-out-of-bounds in tick_sched_handle
> run #1: crashed: KASAN: slab-out-of-bounds in tick_sched_handle
> run #2: crashed: BUG: Bad page map
> run #3: crashed: BUG: Bad page map
> run #4: crashed: PANIC: double fault in __udp4_lib_err
> run #5: crashed: general protection fault in __bfs
> run #6: crashed: KASAN: stack-out-of-bounds Read in __handle_mm_fault
> run #7: crashed: no output from test machine
> testing release v4.19
> testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect start 2aa55dccf83d v4.19
> Bisecting: 7955 revisions left to test after this (roughly 13 steps)
> [f8cab69be0a8a756a7409f6d2bd1e6e96ce46482] Merge tag
> 'linux-kselftest-4.20-rc1' of
> git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
> testing commit f8cab69be0a8a756a7409f6d2bd1e6e96ce46482 with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good f8cab69be0a8a756a7409f6d2bd1e6e96ce46482
> Bisecting: 3957 revisions left to test after this (roughly 12 steps)
> [b3491d8430dd25f0a4e00c33d60da22a9bd9d052] Merge tag 'media/v4.20-2'
> of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
> testing commit b3491d8430dd25f0a4e00c33d60da22a9bd9d052 with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good b3491d8430dd25f0a4e00c33d60da22a9bd9d052
> Bisecting: 1978 revisions left to test after this (roughly 11 steps)
> [40df309e4166c69600968c93846aa0b1821e83f0] octeontx2-af: Support to
> enable/disable default MCAM entries
> testing commit 40df309e4166c69600968c93846aa0b1821e83f0 with gcc (GCC) 8.1.0
> run #0: crashed: general protection fault in __bfs
> run #1: crashed: KASAN: stack-out-of-bounds Read in copy_page_range
> run #2: crashed: general protection fault in __bfs
> run #3: crashed: KASAN: slab-out-of-bounds Read in vma_compute_subtree_gap
> run #4: crashed: general protection fault in corrupted
> run #5: crashed: general protection fault in corrupted
> run #6: crashed: BUG: unable to handle kernel paging request in corrupted
> run #7: crashed: KASAN: stack-out-of-bounds Read in inet6_fill_ifla6_attrs
> # git bisect bad 40df309e4166c69600968c93846aa0b1821e83f0
> Bisecting: 989 revisions left to test after this (roughly 10 steps)
> [a13511dfa836c8305a737436eed3ba9a8e74a826] Merge
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
> testing commit a13511dfa836c8305a737436eed3ba9a8e74a826 with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good a13511dfa836c8305a737436eed3ba9a8e74a826
> Bisecting: 521 revisions left to test after this (roughly 9 steps)
> [9ff01193a20d391e8dbce4403dd5ef87c7eaaca6] Linux 4.20-rc3
> testing commit 9ff01193a20d391e8dbce4403dd5ef87c7eaaca6 with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good 9ff01193a20d391e8dbce4403dd5ef87c7eaaca6
> Bisecting: 260 revisions left to test after this (roughly 8 steps)
> [47e3e53ceadc568c038e457661d836f2259ed774] ice: Destroy scheduler tree
> in reset path
> testing commit 47e3e53ceadc568c038e457661d836f2259ed774 with gcc (GCC) 8.1.0
> run #0: crashed: KASAN: slab-out-of-bounds Read in tick_sched_handle
> run #1: crashed: KASAN: stack-out-of-bounds in __fget_light
> run #2: crashed: BUG: unable to handle kernel paging request in corrupted
> run #3: crashed: KASAN: stack-out-of-bounds in anon_vma_interval_tree_remove
> run #4: crashed: general protection fault in __udp4_lib_err
> run #5: crashed: KASAN: stack-out-of-bounds Read in free_pgd_range
> run #6: crashed: general protection fault in change_protection
> run #7: crashed: INFO: trying to register non-static key in corrupted
> # git bisect bad 47e3e53ceadc568c038e457661d836f2259ed774
> Bisecting: 129 revisions left to test after this (roughly 7 steps)
> [52358cb5a310990ea5069f986bdab3620e01181f] Merge branch 's390-qeth-next'
> testing commit 52358cb5a310990ea5069f986bdab3620e01181f with gcc (GCC) 8.1.0
> run #0: crashed: BUG: unable to handle kernel paging request in corrupted
> run #1: crashed: general protection fault in vma_interval_tree_insert
> run #2: crashed: KASAN: stack-out-of-bounds Read in __call_rcu
> run #3: crashed: BUG: unable to handle kernel paging request in corrupted
> run #4: crashed: general protection fault in __bfs
> run #5: crashed: BUG: unable to handle kernel paging request in
> __cgroup_account_cputime_field
> run #6: crashed: WARNING in anon_vma_interval_tree_verify
> run #7: crashed: general protection fault in rb_first
> # git bisect bad 52358cb5a310990ea5069f986bdab3620e01181f
> Bisecting: 65 revisions left to test after this (roughly 6 steps)
> [2e7ad56aa54778de863998579fc6b5ff52838571] net/wan/fsl_ucc_hdlc: add BQL support
> testing commit 2e7ad56aa54778de863998579fc6b5ff52838571 with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good 2e7ad56aa54778de863998579fc6b5ff52838571
> Bisecting: 32 revisions left to test after this (roughly 5 steps)
> [b592843c6723a850be70bf9618578082f3b73851] net: sched: add an offload
> dump helper
> testing commit b592843c6723a850be70bf9618578082f3b73851 with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good b592843c6723a850be70bf9618578082f3b73851
> Bisecting: 16 revisions left to test after this (roughly 4 steps)
> [a07966447f39fe43e37d05c9bfc92b1493267a59] geneve: ICMP error lookup handler
> testing commit a07966447f39fe43e37d05c9bfc92b1493267a59 with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good a07966447f39fe43e37d05c9bfc92b1493267a59
> Bisecting: 8 revisions left to test after this (roughly 3 steps)
> [04087d9a89bef97998c71c21e3ecfca0cc7c52f3] openvswitch: remove BUG_ON
> from get_dpdev
> testing commit 04087d9a89bef97998c71c21e3ecfca0cc7c52f3 with gcc (GCC) 8.1.0
> run #0: crashed: WARNING: kernel stack regs has bad 'bp' value
> run #1: crashed: BUG: unable to handle kernel paging request in corrupted
> run #2: crashed: general protection fault in corrupted
> run #3: crashed: general protection fault in __bfs
> run #4: crashed: general protection fault in corrupted
> run #5: crashed: general protection fault in rb_insert_color
> run #6: crashed: BUG: corrupted list in __pagevec_lru_add_fn
> run #7: crashed: general protection fault in validate_mm
> # git bisect bad 04087d9a89bef97998c71c21e3ecfca0cc7c52f3
> Bisecting: 3 revisions left to test after this (roughly 2 steps)
> [e7cc082455cb49ea937a3ec4ab3d001b0b5f137b] udp: Support for error
> handlers of tunnels with arbitrary destination port
> testing commit e7cc082455cb49ea937a3ec4ab3d001b0b5f137b with gcc (GCC) 8.1.0
> all runs: OK
> # git bisect good e7cc082455cb49ea937a3ec4ab3d001b0b5f137b
> Bisecting: 1 revision left to test after this (roughly 1 step)
> [56fd865f46b894681dd7e7f83761243add7a71a3] selftests: pmtu: Introduce
> FoU and GUE PMTU exceptions tests
> testing commit 56fd865f46b894681dd7e7f83761243add7a71a3 with gcc (GCC) 8.1.0
> run #0: crashed: WARNING in unlink_anon_vmas
> run #1: crashed: BUG: unable to handle kernel NULL pointer dereference
> in corrupted
> run #2: crashed: BUG: unable to handle kernel NULL pointer dereference
> in corrupted
> run #3: crashed: KASAN: stack-out-of-bounds Read in update_min_vruntime
> run #4: crashed: BUG: unable to handle kernel paging request in corrupted
> run #5: crashed: PANIC: double fault in corrupted
> run #6: crashed: WARNING in unlink_anon_vmas
> run #7: crashed: WARNING in unlink_anon_vmas
> # git bisect bad 56fd865f46b894681dd7e7f83761243add7a71a3
> Bisecting: 0 revisions left to test after this (roughly 0 steps)
> [b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e] fou, fou6: ICMP error
> handlers for FoU and GUE
> testing commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e with gcc (GCC) 8.1.0
> run #0: crashed: kernel BUG at include/linux/swapops.h:LINE!
> run #1: crashed: general protection fault in __bfs
> run #2: crashed: INFO: trying to register non-static key in corrupted
> run #3: crashed: lost connection to test machine
> run #4: crashed: BUG: unable to handle kernel NULL pointer dereference
> in corrupted
> run #5: crashed: kernel BUG at include/linux/swapops.h:LINE!
> run #6: crashed: no output from test machine
> run #7: crashed: lost connection to test machine
> # git bisect bad b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
> b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e is the first bad commit
> commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
> Author: Stefano Brivio <sbrivio@redhat.com>
> Date: Thu Nov 8 12:19:23 2018 +0100
>
> fou, fou6: ICMP error handlers for FoU and GUE
>
> As the destination port in FoU and GUE receiving sockets doesn't
> necessarily match the remote destination port, we can't associate errors
> to the encapsulating tunnels with a socket lookup -- we need to blindly
> try them instead. This means we don't even know if we are handling errors
> for FoU or GUE without digging into the packets.
>
> Hence, implement a single handler for both, one for IPv4 and one for IPv6,
> that will check whether the packet that generated the ICMP error used a
> direct IP encapsulation or if it had a GUE header, and send the error to
> the matching protocol handler, if any.
>
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
> Signed-off-by: David S. Miller <davem@davemloft.net>
>
> :040000 040000 cabdcb7779c24a357486aae139cb31cdd625bc53
> 6bc9db712d9698330234b7c8c934dcfc71cfb657 M net
> revisions tested: 16, total time: 3h25m25.893971693s (build:
> 1h23m29.053198068s, test: 1h59m23.409063298s)
> first bad commit: b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e fou, fou6:
> ICMP error handlers for FoU and GUE
> cc: ["sbrivio@redhat.com" "sd@queasysnail.net"]
>
prev parent reply other threads:[~2018-12-17 19:56 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-15 12:41 WARNING in __rcu_read_unlock syzbot
2018-12-16 19:04 ` Paul E. McKenney
2018-12-17 9:44 ` Dmitry Vyukov
2018-12-17 11:29 ` Paul E. McKenney
2018-12-17 13:07 ` Dmitry Vyukov
2018-12-17 14:14 ` Arjan van de Ven
2018-12-17 14:40 ` Dmitry Vyukov
2018-12-17 14:49 ` Paul E. McKenney
2018-12-17 14:57 ` Eric Dumazet
2018-12-17 14:59 ` Stefano Brivio
2018-12-17 15:11 ` Dmitry Vyukov
2018-12-17 15:24 ` Stefano Brivio
2018-12-17 15:53 ` Dmitry Vyukov
2018-12-17 23:18 ` Stefano Brivio
2018-12-18 8:49 ` Dmitry Vyukov
2018-12-18 12:40 ` Stefano Brivio
2018-12-18 13:26 ` Dmitry Vyukov
2018-12-18 14:02 ` Paul E. McKenney
2018-12-18 14:12 ` Stefano Brivio
2018-12-18 16:05 ` Dmitry Vyukov
2018-12-19 4:12 ` Cong Wang
2018-12-17 18:21 ` Stefano Brivio
2018-12-17 18:45 ` Dmitry Vyukov
2018-12-17 19:56 ` Paul E. McKenney [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181217195622.GM4170@linux.ibm.com \
--to=paulmck@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=arjan@linux.intel.com \
--cc=dvyukov@google.com \
--cc=eric.dumazet@gmail.com \
--cc=josh@joshtriplett.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sbrivio@redhat.com \
--cc=syzbot+43f6755d1c2e62743468@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.