From: Paul Moore <paul@paul-moore.com> To: Eric Paris <eparis@redhat.com> Cc: syzbot <syzbot+9a5e789e4725b9ef1316@syzkaller.appspotmail.com>, a@unstable.cc, b.a.t.m.a.n@lists.open-mesh.org, dan.carpenter@oracle.com, davem@davemloft.net, fzago@cray.com, gregkh@linuxfoundation.org, john.hammond@intel.com, linux-audit@redhat.com, linux-kernel@vger.kernel.org, mareklindner@neomailbox.ch, netdev@vger.kernel.org, sw@simonwunderlich.de, syzkaller-bugs@googlegroups.com Subject: Re: kernel panic: audit: backlog limit exceeded Date: Mon, 24 Feb 2020 17:46:50 -0500 [thread overview] Message-ID: <CAHC9VhQnbdJprbdTa_XcgUJaiwhzbnGMWJqHczU54UMk0AFCtw@mail.gmail.com> (raw) In-Reply-To: <17916d0509978e14d9a5e9eb52d760fa57460542.camel@redhat.com> On Mon, Feb 24, 2020 at 5:43 PM Eric Paris <eparis@redhat.com> wrote: > https://syzkaller.appspot.com/x/repro.syz?x=151b1109e00000 (the > reproducer listed) looks like it is literally fuzzing the AUDIT_SET. > Which seems like this is working as designed if it is setting the > failure mode to 2. So it is, good catch :) I saw the panic and instinctively chalked that up to a mistaken config, not expecting that it was what was being tested. > On Mon, 2020-02-24 at 17:38 -0500, Paul Moore wrote: > > On Mon, Feb 24, 2020 at 3:18 AM syzbot > > <syzbot+9a5e789e4725b9ef1316@syzkaller.appspotmail.com> wrote: > > > Hello, > > > > > > syzbot found the following crash on: > > > > > > HEAD commit: 36a44bcd Merge branch 'bnxt_en-shutdown-and-kexec- > > > kdump-re.. > > > git tree: net > > > console output: > > > https://syzkaller.appspot.com/x/log.txt?x=148bfdd9e00000 > > > kernel config: > > > https://syzkaller.appspot.com/x/.config?x=768cc3d3e277cc16 > > > dashboard link: > > > https://syzkaller.appspot.com/bug?extid=9a5e789e4725b9ef1316 > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > syz repro: > > > https://syzkaller.appspot.com/x/repro.syz?x=151b1109e00000 > > > C reproducer: > > > https://syzkaller.appspot.com/x/repro.c?x=128bfdd9e00000 > > > > > > The bug was bisected to: > > > > > > commit 0c1b9970ddd4cc41002321c3877e7f91aacb896d > > > Author: Dan Carpenter <dan.carpenter@oracle.com> > > > Date: Fri Jul 28 14:42:27 2017 +0000 > > > > > > staging: lustre: lustre: Off by two in lmv_fid2path() > > > > > > bisection log: > > > https://syzkaller.appspot.com/x/bisect.txt?x=17e6c3e9e00000 > > > final crash: > > > https://syzkaller.appspot.com/x/report.txt?x=1416c3e9e00000 > > > console output: > > > https://syzkaller.appspot.com/x/log.txt?x=1016c3e9e00000 > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the > > > commit: > > > Reported-by: syzbot+9a5e789e4725b9ef1316@syzkaller.appspotmail.com > > > Fixes: 0c1b9970ddd4 ("staging: lustre: lustre: Off by two in > > > lmv_fid2path()") > > > > > > audit: audit_backlog=13 > audit_backlog_limit=7 > > > audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=7 > > > Kernel panic - not syncing: audit: backlog limit exceeded > > > CPU: 1 PID: 9913 Comm: syz-executor024 Not tainted 5.6.0-rc1- > > > syzkaller #0 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, > > > BIOS Google 01/01/2011 > > > Call Trace: > > > __dump_stack lib/dump_stack.c:77 [inline] > > > dump_stack+0x197/0x210 lib/dump_stack.c:118 > > > panic+0x2e3/0x75c kernel/panic.c:221 > > > audit_panic.cold+0x32/0x32 kernel/audit.c:307 > > > audit_log_lost kernel/audit.c:377 [inline] > > > audit_log_lost+0x8b/0x180 kernel/audit.c:349 > > > audit_log_start kernel/audit.c:1788 [inline] > > > audit_log_start+0x70e/0x7c0 kernel/audit.c:1745 > > > audit_log+0x95/0x120 kernel/audit.c:2345 > > > xt_replace_table+0x61d/0x830 net/netfilter/x_tables.c:1413 > > > __do_replace+0x1da/0x950 net/ipv6/netfilter/ip6_tables.c:1084 > > > do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline] > > > do_ip6t_set_ctl+0x33a/0x4c8 net/ipv6/netfilter/ip6_tables.c:1681 > > > nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] > > > nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115 > > > ipv6_setsockopt net/ipv6/ipv6_sockglue.c:949 [inline] > > > ipv6_setsockopt+0x147/0x180 net/ipv6/ipv6_sockglue.c:933 > > > tcp_setsockopt net/ipv4/tcp.c:3165 [inline] > > > tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159 > > > sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149 > > > __sys_setsockopt+0x261/0x4c0 net/socket.c:2130 > > > __do_sys_setsockopt net/socket.c:2146 [inline] > > > __se_sys_setsockopt net/socket.c:2143 [inline] > > > __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143 > > > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > > > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > > RIP: 0033:0x44720a > > > Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1a e0 > > > fb ff c3 66 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 > > > <48> 3d 01 f0 ff ff 0f 83 fa df fb ff c3 66 0f 1f 84 00 00 00 00 00 > > > RSP: 002b:00007ffd032dec78 EFLAGS: 00000286 ORIG_RAX: > > > 0000000000000036 > > > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000044720a > > > RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 > > > RBP: 00007ffd032deda0 R08: 00000000000003b8 R09: 0000000000004000 > > > R10: 00000000006d7b40 R11: 0000000000000286 R12: 00007ffd032deca0 > > > R13: 00000000006d9d60 R14: 0000000000000029 R15: 00000000006d7ba0 > > > Kernel Offset: disabled > > > Rebooting in 86400 seconds.. > > > > > > > > > --- > > > This bug is generated by a bot. It may contain errors. > > > See https://goo.gl/tpsmEJ for more information about syzbot. > > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > > > syzbot will keep track of this bug report. See: > > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > For information about bisection process see: > > > https://goo.gl/tpsmEJ#bisection > > > syzbot can test patches for this bug, for details see: > > > https://goo.gl/tpsmEJ#testing-patches > > > > Similar to syzbot report 72461ac44b36c98f58e5, see my comments there. > > > -- paul moore www.paul-moore.com
WARNING: multiple messages have this Message-ID (diff)
From: Paul Moore <paul@paul-moore.com> To: Eric Paris <eparis@redhat.com> Cc: mareklindner@neomailbox.ch, sw@simonwunderlich.de, gregkh@linuxfoundation.org, a@unstable.cc, linux-kernel@vger.kernel.org, davem@davemloft.net, syzkaller-bugs@googlegroups.com, b.a.t.m.a.n@diktynna.open-mesh.org, linux-audit@redhat.com, netdev@vger.kernel.org, john.hammond@intel.com, fzago@cray.com, syzbot <syzbot+9a5e789e4725b9ef1316@syzkaller.appspotmail.com>, dan.carpenter@oracle.com Subject: Re: kernel panic: audit: backlog limit exceeded Date: Mon, 24 Feb 2020 17:46:50 -0500 [thread overview] Message-ID: <CAHC9VhQnbdJprbdTa_XcgUJaiwhzbnGMWJqHczU54UMk0AFCtw@mail.gmail.com> (raw) Message-ID: <20200224224650.iOm_SaZYWwGDSGTRjJBcQhdnhm3yEIGb8AJXxdX0V3g@z> (raw) In-Reply-To: <17916d0509978e14d9a5e9eb52d760fa57460542.camel@redhat.com> On Mon, Feb 24, 2020 at 5:43 PM Eric Paris <eparis@redhat.com> wrote: > https://syzkaller.appspot.com/x/repro.syz?x=151b1109e00000 (the > reproducer listed) looks like it is literally fuzzing the AUDIT_SET. > Which seems like this is working as designed if it is setting the > failure mode to 2. So it is, good catch :) I saw the panic and instinctively chalked that up to a mistaken config, not expecting that it was what was being tested. > On Mon, 2020-02-24 at 17:38 -0500, Paul Moore wrote: > > On Mon, Feb 24, 2020 at 3:18 AM syzbot > > <syzbot+9a5e789e4725b9ef1316@syzkaller.appspotmail.com> wrote: > > > Hello, > > > > > > syzbot found the following crash on: > > > > > > HEAD commit: 36a44bcd Merge branch 'bnxt_en-shutdown-and-kexec- > > > kdump-re.. > > > git tree: net > > > console output: > > > https://syzkaller.appspot.com/x/log.txt?x=148bfdd9e00000 > > > kernel config: > > > https://syzkaller.appspot.com/x/.config?x=768cc3d3e277cc16 > > > dashboard link: > > > https://syzkaller.appspot.com/bug?extid=9a5e789e4725b9ef1316 > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > syz repro: > > > https://syzkaller.appspot.com/x/repro.syz?x=151b1109e00000 > > > C reproducer: > > > https://syzkaller.appspot.com/x/repro.c?x=128bfdd9e00000 > > > > > > The bug was bisected to: > > > > > > commit 0c1b9970ddd4cc41002321c3877e7f91aacb896d > > > Author: Dan Carpenter <dan.carpenter@oracle.com> > > > Date: Fri Jul 28 14:42:27 2017 +0000 > > > > > > staging: lustre: lustre: Off by two in lmv_fid2path() > > > > > > bisection log: > > > https://syzkaller.appspot.com/x/bisect.txt?x=17e6c3e9e00000 > > > final crash: > > > https://syzkaller.appspot.com/x/report.txt?x=1416c3e9e00000 > > > console output: > > > https://syzkaller.appspot.com/x/log.txt?x=1016c3e9e00000 > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the > > > commit: > > > Reported-by: syzbot+9a5e789e4725b9ef1316@syzkaller.appspotmail.com > > > Fixes: 0c1b9970ddd4 ("staging: lustre: lustre: Off by two in > > > lmv_fid2path()") > > > > > > audit: audit_backlog=13 > audit_backlog_limit=7 > > > audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=7 > > > Kernel panic - not syncing: audit: backlog limit exceeded > > > CPU: 1 PID: 9913 Comm: syz-executor024 Not tainted 5.6.0-rc1- > > > syzkaller #0 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, > > > BIOS Google 01/01/2011 > > > Call Trace: > > > __dump_stack lib/dump_stack.c:77 [inline] > > > dump_stack+0x197/0x210 lib/dump_stack.c:118 > > > panic+0x2e3/0x75c kernel/panic.c:221 > > > audit_panic.cold+0x32/0x32 kernel/audit.c:307 > > > audit_log_lost kernel/audit.c:377 [inline] > > > audit_log_lost+0x8b/0x180 kernel/audit.c:349 > > > audit_log_start kernel/audit.c:1788 [inline] > > > audit_log_start+0x70e/0x7c0 kernel/audit.c:1745 > > > audit_log+0x95/0x120 kernel/audit.c:2345 > > > xt_replace_table+0x61d/0x830 net/netfilter/x_tables.c:1413 > > > __do_replace+0x1da/0x950 net/ipv6/netfilter/ip6_tables.c:1084 > > > do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline] > > > do_ip6t_set_ctl+0x33a/0x4c8 net/ipv6/netfilter/ip6_tables.c:1681 > > > nf_sockopt net/netfilter/nf_sockopt.c:106 [inline] > > > nf_setsockopt+0x77/0xd0 net/netfilter/nf_sockopt.c:115 > > > ipv6_setsockopt net/ipv6/ipv6_sockglue.c:949 [inline] > > > ipv6_setsockopt+0x147/0x180 net/ipv6/ipv6_sockglue.c:933 > > > tcp_setsockopt net/ipv4/tcp.c:3165 [inline] > > > tcp_setsockopt+0x8f/0xe0 net/ipv4/tcp.c:3159 > > > sock_common_setsockopt+0x94/0xd0 net/core/sock.c:3149 > > > __sys_setsockopt+0x261/0x4c0 net/socket.c:2130 > > > __do_sys_setsockopt net/socket.c:2146 [inline] > > > __se_sys_setsockopt net/socket.c:2143 [inline] > > > __x64_sys_setsockopt+0xbe/0x150 net/socket.c:2143 > > > do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 > > > entry_SYSCALL_64_after_hwframe+0x49/0xbe > > > RIP: 0033:0x44720a > > > Code: 49 89 ca b8 37 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1a e0 > > > fb ff c3 66 0f 1f 84 00 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 > > > <48> 3d 01 f0 ff ff 0f 83 fa df fb ff c3 66 0f 1f 84 00 00 00 00 00 > > > RSP: 002b:00007ffd032dec78 EFLAGS: 00000286 ORIG_RAX: > > > 0000000000000036 > > > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000044720a > > > RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 > > > RBP: 00007ffd032deda0 R08: 00000000000003b8 R09: 0000000000004000 > > > R10: 00000000006d7b40 R11: 0000000000000286 R12: 00007ffd032deca0 > > > R13: 00000000006d9d60 R14: 0000000000000029 R15: 00000000006d7ba0 > > > Kernel Offset: disabled > > > Rebooting in 86400 seconds.. > > > > > > > > > --- > > > This bug is generated by a bot. It may contain errors. > > > See https://goo.gl/tpsmEJ for more information about syzbot. > > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > > > syzbot will keep track of this bug report. See: > > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > For information about bisection process see: > > > https://goo.gl/tpsmEJ#bisection > > > syzbot can test patches for this bug, for details see: > > > https://goo.gl/tpsmEJ#testing-patches > > > > Similar to syzbot report 72461ac44b36c98f58e5, see my comments there. > > > -- paul moore www.paul-moore.com -- Linux-audit mailing list Linux-audit@redhat.com https://www.redhat.com/mailman/listinfo/linux-audit
next prev parent reply other threads:[~2020-02-24 22:47 UTC|newest] Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-02-24 8:18 kernel panic: audit: backlog limit exceeded syzbot 2020-02-24 8:18 ` syzbot 2020-02-24 22:38 ` Paul Moore 2020-02-24 22:38 ` Paul Moore 2020-02-24 22:43 ` Eric Paris 2020-02-24 22:43 ` Eric Paris 2020-02-24 22:43 ` Eric Paris 2020-02-24 22:46 ` Paul Moore [this message] 2020-02-24 22:46 ` Paul Moore [not found] ` <CAHC9VhQnbdJprbdTa_XcgUJaiwhzbnGMWJqHczU54UMk0AFCtw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> 2020-02-27 15:39 ` (unknown) Dmitry Vyukov via B.A.T.M.A.N 2020-02-27 15:39 ` kernel panic: audit: backlog limit exceeded Dmitry Vyukov 2020-02-27 15:39 ` Dmitry Vyukov 2020-02-28 0:14 ` Paul Moore 2020-02-28 0:14 ` Paul Moore 2020-02-28 10:03 ` Tetsuo Handa 2020-02-28 13:08 ` Paul Moore 2020-03-02 8:47 ` Dmitry Vyukov 2020-03-02 13:43 ` Paul Moore 2020-03-02 14:25 ` Dmitry Vyukov 2020-03-02 8:42 ` Dmitry Vyukov 2020-03-02 8:42 ` Dmitry Vyukov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAHC9VhQnbdJprbdTa_XcgUJaiwhzbnGMWJqHczU54UMk0AFCtw@mail.gmail.com \ --to=paul@paul-moore.com \ --cc=a@unstable.cc \ --cc=b.a.t.m.a.n@lists.open-mesh.org \ --cc=dan.carpenter@oracle.com \ --cc=davem@davemloft.net \ --cc=eparis@redhat.com \ --cc=fzago@cray.com \ --cc=gregkh@linuxfoundation.org \ --cc=john.hammond@intel.com \ --cc=linux-audit@redhat.com \ --cc=linux-kernel@vger.kernel.org \ --cc=mareklindner@neomailbox.ch \ --cc=netdev@vger.kernel.org \ --cc=sw@simonwunderlich.de \ --cc=syzbot+9a5e789e4725b9ef1316@syzkaller.appspotmail.com \ --cc=syzkaller-bugs@googlegroups.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.