lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20171221013555.bscw7pn36anre4hj@inn>
Date:   Thu, 21 Dec 2017 09:35:55 +0800
From:   kernel test robot <fengguang.wu@...el.com>
To:     Florian Westphal <fw@...len.de>
Cc:     Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>,
        LKML <linux-kernel@...r.kernel.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [netfilter]  8f5216c927: WARNING:suspicious_RCU_usage


FYI, we noticed the following commit (built with gcc-7):

commit: 8f5216c9271b8ca375dc6d8bc31540f622cd5e65 ("netfilter: ipset: use nfnl_mutex_is_locked")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

in testcase: trinity
with following parameters:

	runtime: 300s

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -m 512M

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+--------------------------------------------------------------------------------+------------+------------+
|                                                                                | eef8fd03a4 | 8f5216c927 |
+--------------------------------------------------------------------------------+------------+------------+
| boot_successes                                                                 | 8          | 4          |
| boot_failures                                                                  | 0          | 7          |
| WARNING:suspicious_RCU_usage                                                   | 0          | 7          |
| net/netfilter/ipset/ip_set_core.c:#suspicious_rcu_dereference_protected()usage | 0          | 7          |
+--------------------------------------------------------------------------------+------------+------------+



[   31.564950] WARNING: suspicious RCU usage
[   31.565382] 4.14.0-rc8-02447-g8f5216c #25 Not tainted
[   31.565898] -----------------------------
[   31.566333] net/netfilter/ipset/ip_set_core.c:2059 suspicious rcu_dereference_protected() usage!
[   31.567340] 
[   31.567340] other info that might help us debug this:
[   31.567340] 
[   31.568466] 
[   31.568466] rcu_scheduler_active = 2, debug_locks = 1
[   31.569164] 3 locks held by kworker/u2:2/131:
[   31.569621]  #0:  ("%s""netns"){+.+.}, at: [<ffffffff8b0ff9cb>] process_one_work+0x132/0x49f
[   31.570492]  #1:  (net_cleanup_work){+.+.}, at: [<ffffffff8b0ff9cb>] process_one_work+0x132/0x49f
[   31.571375]  #2:  (net_mutex){+.+.}, at: [<ffffffff8cc1fede>] cleanup_net+0x7e/0x232
[   31.574390] 
[   31.574390] stack backtrace:
[   31.574903] CPU: 0 PID: 131 Comm: kworker/u2:2 Not tainted 4.14.0-rc8-02447-g8f5216c #25
[   31.575728] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   31.576563] Workqueue: netns cleanup_net
[   31.576988] Call Trace:
[   31.577295]  dump_stack+0x8a/0xc0
[   31.577669]  lockdep_rcu_suspicious+0xea/0xf3
[   31.578134]  ip_set_net_exit+0x6e/0xec
[   31.578543]  ops_exit_list+0x42/0x53
[   31.578935]  cleanup_net+0x199/0x232
[   31.579538]  process_one_work+0x291/0x49f
[   31.580074]  ? rescuer_thread+0x278/0x278
[   31.580562]  worker_thread+0x1a0/0x260
[   31.580977]  ? rescuer_thread+0x278/0x278
[   31.581413]  kthread+0x106/0x10e
[   31.581774]  ? __list_del_entry+0x22/0x22
[   31.582207]  ? call_usermodehelper+0x45/0x45
[   31.582657]  ? call_usermodehelper_exec_async+0x124/0x12d
[   31.583205]  ret_from_fork+0x2a/0x40
[  325.073586] sysrq: SysRq : Emergency Sync
[  325.075536] Emergency Sync complete
[  325.077366] sysrq: SysRq : Resetting

Elapsed time: 330

#!/bin/bash

# To reproduce,
# 1) save job-script and this script (both are attached in 0day report email)
# 2) run this script with your compiled kernel and optional env $INSTALL_MOD_PATH

kernel=$1

initrds=(
	/osimage/yocto/yocto-minimal-x86_64-2016-04-22.cgz
	/lkp/lkp/lkp-x86_64.cgz
	/osimage/pkg/debian-x86_64-2016-08-31.cgz/trinity-static-x86_64-x86_64-6ddabfd2_2017-11-10.cgz
)

HTTP_PREFIX=https://github.com/0day-ci/lkp-qemu/raw/master
wget --timestamping "${initrds[@]/#/$HTTP_PREFIX}"

{
	cat "${initrds[@]//*\//}"
	[[ $INSTALL_MOD_PATH ]] && (
		cd "$INSTALL_MOD_PATH"
		find lib | cpio -o -H newc --quiet | gzip
	)
	echo  job-script | cpio -o -H newc --quiet | gzip
} > initrd.img

qemu-img create -f qcow2 disk-vm-lkp-hsw01-yocto-x86_64-7-0 256G

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-kernel $kernel
	-initrd initrd.img
	-m 1024
	-smp 1
	-device e1000,netdev=net0
	-netdev user,id=net0
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-watchdog-action debug
	-rtc base=localtime
	-drive file=disk-vm-lkp-hsw01-yocto-x86_64-7-0,media=disk,if=virtio
	-serial stdio
	-display none
	-monitor null
)

append=(
	ip=::::vm-lkp-hsw01-yocto-x86_64-7::dhcp
	root=/dev/ram0
	user=lkp
	job=/job-script
	ARCH=x86_64
	kconfig=x86_64-allyesdebian
	branch=linux-next/master
	commit=8f5216c9271b8ca375dc6d8bc31540f622cd5e65
	BOOT_IMAGE=/pkg/linux/x86_64-allyesdebian/gcc-7/8f5216c9271b8ca375dc6d8bc31540f622cd5e65/vmlinuz-4.14.0-rc8-02447-g8f5216c
	max_uptime=1500
	RESULT_ROOT=/result/trinity/300s/vm-lkp-hsw01-yocto-x86_64/yocto-minimal-x86_64-2016-04-22.cgz/x86_64-allyesdebian/gcc-7/8f5216c9271b8ca375dc6d8bc31540f622cd5e65/1
	result_service=tmpfs
	debug


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script  # job-script is attached in this email



Thanks,
lkp

View attachment "config-4.14.0-rc8-02447-g8f5216c" of type "text/plain" (163663 bytes)

View attachment "job-script" of type "text/plain" (3891 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (26584 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ