From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0B77BC4167B
	for <linux-kernel@archiver.kernel.org>; Fri, 25 Nov 2022 10:22:49 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230070AbiKYKWq (ORCPT <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 25 Nov 2022 05:22:46 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48528 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230195AbiKYKWg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 25 Nov 2022 05:22:36 -0500
Received: from mail-oa1-x36.google.com (mail-oa1-x36.google.com [IPv6:2001:4860:4864:20::36])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 31019BCB0
        for <linux-kernel@vger.kernel.org>; Fri, 25 Nov 2022 02:22:32 -0800 (PST)
Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-14286d5ebc3so4673543fac.3
        for <linux-kernel@vger.kernel.org>; Fri, 25 Nov 2022 02:22:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=dFk4/TyXFVH4omq0MKPCZJW7VRN5MWFd1VLeZHQ4myQ=;
        b=O13X7eQnbmmZ5OZqc1v+Nq5wiHmRFlOakztg4v4kVKzbkp9A2YhxSxn700wHfwQgHj
         jtL4ZvMsa4P4eCx3kHERQVZdyN5zMzG56fIXBLxVYZQ4xAUnftJ8E2hMwey7QHEHYTBy
         wp9WzqOq0Gq/2vaXu/AjhjkkuOFzNZ1N/QzaxJ4OEbwT0srBV76yrEy8VyGdoNUgoBlZ
         UAj99FE9mas+xMxsdohu26gc/ZjZ2KrH/RfUmuZznSQM71QlIJCwRGw9Cc54yyF3L140
         9OyC6ojt8/4ZJ28HRhAXVPwy3kxFwYw3Sp6rS36NcIB8kLmQbASBByv40OmbsOI0KC6F
         AfVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=dFk4/TyXFVH4omq0MKPCZJW7VRN5MWFd1VLeZHQ4myQ=;
        b=ckHD2NTt7A4nEtDVdr49sGARoKHqKfaDhvt7aaax1nALFmk2IfbWh2Lx7LJMACoedU
         VqHsx3De+RK44+FbjeJW8AifBiPzbynO6h6Y0iCD+BXOIgu1uhTUv46bBuyFBtYKfaih
         c0zokTYa7MahfxbF5AV99ZxynURJ98FRlAFP/UdtZbb/COUNSugzE9WD+utKmEkTL4H1
         TAvMx6cVu/Gqv29ejE5lG997y0PXBKG8NmTBJZE5qUJEPdBorT2l2RZdyxpuKQhV1TwF
         eWOIPOHybyN5mJxW44HIreVGPGMA1rL0R0MzIc76xWfPHkDg9nmwDpdN6I3HOmvvWSh3
         2hhw==
X-Gm-Message-State: ANoB5pmBpnkNucwcgsJ6cbmXZNHwrcLwtAWQjt/qTLNWj41tGDQ+od29
        qN1Z35rIs5l4CJS8qO74uoGjJLlSMbMaDMssvZ/2Lw==
X-Google-Smtp-Source: AA0mqf4iZUnbBKSrM1flPegAiAXqzZPEmIYY3e6KEyG/6IvzCjm2R7eG2INLEOUcWbubEOlM2BPZ3p+zihoAbed/kJI=
X-Received: by 2002:a05:6870:b689:b0:13c:7d1c:5108 with SMTP id
 cy9-20020a056870b68900b0013c7d1c5108mr11030408oab.282.1669371751235; Fri, 25
 Nov 2022 02:22:31 -0800 (PST)
MIME-Version: 1.0
References: <000000000000706e6f05edfb4ce0@google.com> <Y3uULqIZ31at0aIX@hog>
 <20221121171513.GB704954@gauss3.secunet.de> <Y3vwpcJcUgqn22Fw@hog> <20221122062657.GE704954@gauss3.secunet.de>
In-Reply-To: <20221122062657.GE704954@gauss3.secunet.de>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Fri, 25 Nov 2022 11:22:20 +0100
Message-ID: <CACT4Y+b4xCFFjNKQ51q_JsvbkVNFpG3YBnK4iarcD+u0-Nsobg@mail.gmail.com>
Subject: Re: [syzbot] linux-next test error: general protection fault in xfrm_policy_lookup_bytype
To:     Steffen Klassert <steffen.klassert@secunet.com>
Cc:     Sabrina Dubroca <sd@queasysnail.net>,
        syzbot <syzbot+bfb2bee01b9c01fff864@syzkaller.appspotmail.com>,
        davem@davemloft.net, edumazet@google.com,
        herbert@gondor.apana.org.au, kuba@kernel.org,
        linux-kernel@vger.kernel.org, linux-next@vger.kernel.org,
        netdev@vger.kernel.org, pabeni@redhat.com, sfr@canb.auug.org.au,
        syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 22 Nov 2022 at 07:27, Steffen Klassert
<steffen.klassert@secunet.com> wrote:
>
> On Mon, Nov 21, 2022 at 10:41:57PM +0100, Sabrina Dubroca wrote:
> > 2022-11-21, 18:15:13 +0100, Steffen Klassert wrote:
> > > On Mon, Nov 21, 2022 at 04:07:26PM +0100, Sabrina Dubroca wrote:
> > > > 2022-11-21, 05:47:38 -0800, syzbot wrote:
> > > > > Hello,
> > > > >
> > > > > syzbot found the following issue on:
> > > > >
> > > > > HEAD commit:    e4cd8d3ff7f9 Add linux-next specific files for 20221121
> > > > > git tree:       linux-next
> > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=1472370d880000
> > > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=a0ebedc6917bacc1
> > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=bfb2bee01b9c01fff864
> > > > > compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> > > > >
> > > > > Downloadable assets:
> > > > > disk image: https://storage.googleapis.com/syzbot-assets/b59eb967701d/disk-e4cd8d3f.raw.xz
> > > > > vmlinux: https://storage.googleapis.com/syzbot-assets/37a7b43e6e84/vmlinux-e4cd8d3f.xz
> > > > > kernel image: https://storage.googleapis.com/syzbot-assets/ebfb0438e6a2/bzImage-e4cd8d3f.xz
> > > > >
> > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > > > Reported-by: syzbot+bfb2bee01b9c01fff864@syzkaller.appspotmail.com
> > > > >
> > > > > general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN
> > > > > KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf]
> > > > > CPU: 0 PID: 5295 Comm: kworker/0:3 Not tainted 6.1.0-rc5-next-20221121-syzkaller #0
> > > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
> > > > > Workqueue: ipv6_addrconf addrconf_dad_work
> > > > > RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 net/xfrm/xfrm_policy.c:2139
> > > >
> > > > That's the printk at the end of the function, when
> > > > xfrm_policy_lookup_bytype returns NULL. It seems to have snuck into
> > > > commit c39f95aaf6d1 ("xfrm: Fix oops in __xfrm_state_delete()"), we
> > > > can just remove it:
> > > >
> > > > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> > > > index 3a203c59a11b..e392d8d05e0c 100644
> > > > --- a/net/xfrm/xfrm_policy.c
> > > > +++ b/net/xfrm/xfrm_policy.c
> > > > @@ -2135,9 +2135,6 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
> > > >  fail:
> > > >   rcu_read_unlock();
> > > >
> > > > - if (!IS_ERR(ret))
> > > > -         printk("xfrm_policy_lookup_bytype: policy if_id %d, wanted if_id  %d\n", ret->if_id, if_id);
> > > > -
> > > >   return ret;
> > >
> > > Hm, this was not in the original patch. Maybe my tree was not
> > > clean when I applied it. Do you want to send a patch, or should
> > > I just remove it?
> >
> > Go ahead, I guess it's more convenient for you.
>
> I just did a forced push to remove that hunk.

Let's tell syzbot about the fix, so that it reports similarly looking
crashes in future:

#syz fix: xfrm: Fix oops in __xfrm_state_delete()