* BUG: WARNING in retire_sysctl_set @ 2024-08-28 21:16 Xingyu Li 2024-08-29 1:26 ` Kees Cook 0 siblings, 1 reply; 5+ messages in thread From: Xingyu Li @ 2024-08-28 21:16 UTC (permalink / raw) To: mcgrof, kees, j.granados, linux-kernel, linux-fsdevel; +Cc: Yu Hao Hi, We found a bug in Linux 6.10. It is possibly a logic bug. The bug report is as follows, but unfortunately there is no generated syzkaller reproducer. Bug report: team0 (unregistering): Port device team_slave_1 removed team0 (unregistering): Port device team_slave_0 removed ------------[ cut here ]------------ WARNING: CPU: 0 PID: 27 at fs/proc/proc_sysctl.c:1536 retire_sysctl_set+0x3e/0x50 Modules linked in: CPU: 0 PID: 27 Comm: kworker/u4:2 Not tainted 6.10.0 #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: netns cleanup_net RIP: 0010:retire_sysctl_set+0x3e/0x50 fs/proc/proc_sysctl.c:1536 Code: 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 44 a1 c6 ff 48 83 3b 00 75 07 e8 19 96 63 ff 5b c3 e8 12 96 63 ff <0f> 0b 5b c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 53 48 89 RSP: 0018:ffffc900001e7ad0 EFLAGS: 00010293 RAX: ffffffff822dbb4e RBX: ffff88801b87bc68 RCX: ffff8880137a3c00 RDX: 0000000000000000 RSI: ffff8880137a3c00 RDI: ffff88801b87bc08 RBP: ffffc900001e7bd0 R08: ffffffff910fc58f R09: 1ffffffff221f8b1 R10: dffffc0000000000 R11: ffffffff8ab261b0 R12: ffff88801b87b980 R13: 1ffffffff1e0aec8 R14: ffffffff8f057620 R15: ffffffff8f057640 FS: 0000000000000000(0000) GS:ffff888063a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005599fcd69b18 CR3: 000000003c258000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ops_exit_list net/core/net_namespace.c:173 [inline] cleanup_net+0x810/0xcd0 net/core/net_namespace.c:640 process_one_work kernel/workqueue.c:3248 [inline] process_scheduled_works+0x977/0x1410 kernel/workqueue.c:3329 worker_thread+0xaa0/0x1020 kernel/workqueue.c:3409 kthread+0x2eb/0x380 kernel/kthread.c:389 ret_from_fork+0x49/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> -- Yours sincerely, Xingyu ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: WARNING in retire_sysctl_set 2024-08-28 21:16 BUG: WARNING in retire_sysctl_set Xingyu Li @ 2024-08-29 1:26 ` Kees Cook 2024-08-29 5:02 ` Xingyu Li 0 siblings, 1 reply; 5+ messages in thread From: Kees Cook @ 2024-08-29 1:26 UTC (permalink / raw) To: Xingyu Li Cc: mcgrof, j.granados, linux-kernel, linux-fsdevel, Yu Hao, Paul E. McKenney, Waiman Long, Sven Eckelmann, Thomas Gleixner, anna-maria, frederic, netdev, Eric Dumazet, Jakub Kicinski, Tejun Heo, Kuniyuki Iwashima, Greg Kroah-Hartman Hi, On Wed, Aug 28, 2024 at 02:16:34PM -0700, Xingyu Li wrote: > We found a bug in Linux 6.10. It is possibly a logic bug. > The bug report is as follows, but unfortunately there is no generated > syzkaller reproducer. I see you've sent 44 reports like this recently[1], but only have reproducers for 4 of them[2]. Without reproducers these reports aren't very helpful. There are hundreds like them (many with reproducers) already at: https://syzkaller.appspot.com/upstream Please only send these kind of reports if you have a fix for them (preferred) or a reproducer for an actual problem. This has been mentioned a few times already[3][4]; have you seen these replies? -Kees [1] https://lore.kernel.org/all/?q=f%3Axli399%40 [2] https://lore.kernel.org/all/?q=f%3Axli399%40+%22The+reproducer%22 [3] https://lore.kernel.org/netdev/CANn89iK6rq0XWO5-R5CzA5YAv2ygaTA==EVh+O74VHGDBNqUoA@mail.gmail.com/ [4] https://lore.kernel.org/all/20240829011805.92574-1-kuniyu@amazon.com/ -- Kees Cook ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: WARNING in retire_sysctl_set 2024-08-29 1:26 ` Kees Cook @ 2024-08-29 5:02 ` Xingyu Li 2024-08-29 5:33 ` Kees Cook 0 siblings, 1 reply; 5+ messages in thread From: Xingyu Li @ 2024-08-29 5:02 UTC (permalink / raw) To: Kees Cook Cc: mcgrof, j.granados, linux-kernel, linux-fsdevel, Yu Hao, Paul E. McKenney, Waiman Long, Sven Eckelmann, Thomas Gleixner, anna-maria, frederic, netdev, Eric Dumazet, Jakub Kicinski, Tejun Heo, Kuniyuki Iwashima, Greg Kroah-Hartman This has been mentioned a few times already[3][4]; have you seen these replies? Sorry, I did not see this email https://lore.kernel.org/netdev/CANn89iK6rq0XWO5-R5CzA5YAv2ygaTA==EVh+O74VHGDBNqUoA@mail.gmail.com/. And I received this reply https://lore.kernel.org/all/20240829011805.92574-1-kuniyu@amazon.com/ just 8 minutes before your response. Previously, I did not have the experience to send emails about bug reporting. Later, I will take care that I only send bug reports with reproducer or with a patch. but only have reproducers for 4 of them[2]. Your search words may ignore some of my emails. In fact, it has 16 bug reports with the C reproducer(previously, some of them is only given a syzkaller reproducer, and I just checked to confirm that C reproducer is given for each bug). https://lore.kernel.org/all/CALAgD-4M6bv53fpWnb2vdu4kxnCe_7H3kbOvs3DBAd8DeRHYuw@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-5cKJnWRsS_2rjL1P9pC0dbNX66b8x09p=DUx1kD+p6PQ@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-7TsMdA7rjxfpheXc=MNqikEXY9TZNxJt4z9vm6Yfs5qQ@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-6miPB6F2=89m90HzEGT4dmCX_ws1r26w7Vr8rtD8Z96Q@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-6Uy-2kVrj05SeCiN4wZu75Vq5-TCEsiUGzYwzjO4+Ahg@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-5myPieAa_9BY6RVfBjWT_8g48+S0CX7c=EihMzdwakxw@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-718DVmcVHtgSFGKbgr0ePoUjN2ST=gBtdYtGX5GUqBQg@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-5kt+F6S1aAwRhKMKb0KwFGzfJCWyHguotEvJGBBBvFkA@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-7JNKw5m0wpGAN+ezCL-qn7LcTL5vgyBmQZKbf5BTNUCw@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-6MJC+D0DzxLOpVvCbYzHE-r1YzNORtpOh-f+hgEkMjzg@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-7hbfOzovnPqVqo6bqb1nHZ2WciUOTsz0Dtwsgr+yx04w@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-4hkHVcCq2ycdwnA2hYDBMqijLUOfZgvf1WfFpU-8+42w@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-6gJ4W1rPj=CWG7bFUPpEJnUjEhQd3uvH=7C=aGKb=CUQ@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-7C3t=vRTvpnVvsZ_1YhgiiynDaX_ud0O6pxSBn3suADQ@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-4b_yFdN4fwPxpXEpJkcxEwXBxRHeQjeA3x3rMX4JpUwA@mail.gmail.com/ https://lore.kernel.org/all/CALAgD-58VEomA47Srga5H-p6cZa0zPj+y3E1se0rHb3gj4UvyA@mail.gmail.com/ There are hundreds like them (many with reproducers) already at: https://syzkaller.appspot.com/upstream In fact, the bugs that I report are fuzzed by the syzkaller templates that we generated, but not those from the syzkaller official templates. We want to find bugs that do not have the corresponding official syzkaller template. I also checked to make sure that the bugs I reported did not occur on syzbot. On Wed, Aug 28, 2024 at 6:26 PM Kees Cook <kees@kernel.org> wrote: > > Hi, > > On Wed, Aug 28, 2024 at 02:16:34PM -0700, Xingyu Li wrote: > > We found a bug in Linux 6.10. It is possibly a logic bug. > > The bug report is as follows, but unfortunately there is no generated > > syzkaller reproducer. > > I see you've sent 44 reports like this recently[1], but only have > reproducers for 4 of them[2]. > > Without reproducers these reports aren't very helpful. There > are hundreds like them (many with reproducers) already at: > https://syzkaller.appspot.com/upstream > > Please only send these kind of reports if you have a fix for them > (preferred) or a reproducer for an actual problem. This has been mentioned > a few times already[3][4]; have you seen these replies? > > -Kees > > [1] https://lore.kernel.org/all/?q=f%3Axli399%40 > [2] https://lore.kernel.org/all/?q=f%3Axli399%40+%22The+reproducer%22 > [3] https://lore.kernel.org/netdev/CANn89iK6rq0XWO5-R5CzA5YAv2ygaTA==EVh+O74VHGDBNqUoA@mail.gmail.com/ > [4] https://lore.kernel.org/all/20240829011805.92574-1-kuniyu@amazon.com/ > > -- > Kees Cook -- Yours sincerely, Xingyu ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: WARNING in retire_sysctl_set 2024-08-29 5:02 ` Xingyu Li @ 2024-08-29 5:33 ` Kees Cook 2024-08-29 6:00 ` Yu Hao 0 siblings, 1 reply; 5+ messages in thread From: Kees Cook @ 2024-08-29 5:33 UTC (permalink / raw) To: Xingyu Li Cc: mcgrof, j.granados, linux-kernel, linux-fsdevel, Yu Hao, Paul E. McKenney, Waiman Long, Sven Eckelmann, Thomas Gleixner, anna-maria, frederic, netdev, Eric Dumazet, Jakub Kicinski, Tejun Heo, Kuniyuki Iwashima, Greg Kroah-Hartman On August 28, 2024 10:02:00 PM PDT, Xingyu Li <xli399@ucr.edu> wrote: >In fact, the bugs that I report are fuzzed by the syzkaller templates >that we generated, but not those from the syzkaller official >templates. We want to find bugs that do not have the corresponding >official syzkaller template. >I also checked to make sure that the bugs I reported did not occur on syzbot. That's excellent that you've developed better templates! Can you submit these to syzkaller upstream? Then the automated fuzzing CI dashboard will benefit (and save you the work of running and reporting the new finds). -Kees -- Kees Cook ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: BUG: WARNING in retire_sysctl_set 2024-08-29 5:33 ` Kees Cook @ 2024-08-29 6:00 ` Yu Hao 0 siblings, 0 replies; 5+ messages in thread From: Yu Hao @ 2024-08-29 6:00 UTC (permalink / raw) To: Kees Cook Cc: Xingyu Li, mcgrof, j.granados, linux-kernel, linux-fsdevel, Paul E. McKenney, Waiman Long, Sven Eckelmann, Thomas Gleixner, anna-maria, frederic, netdev, Eric Dumazet, Jakub Kicinski, Tejun Heo, Kuniyuki Iwashima, Greg Kroah-Hartman On Wed, Aug 28, 2024 at 10:33 PM Kees Cook <kees@kernel.org> wrote: > That's excellent that you've developed better templates! Can you submit these to syzkaller upstream? Then the automated fuzzing CI dashboard will benefit (and save you the work of running and reporting the new finds). Yes, we are also working on this. And it also takes some time to figure out the differences in the syscall descriptions and to satisfy syzkaller's style requirements. So we are still working on the patch of syscall descriptions for Syzkaller. Once again, we apologize for our mistakes of some helpless report emails and thank you for your reminder and understanding. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-08-29 6:00 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-08-28 21:16 BUG: WARNING in retire_sysctl_set Xingyu Li 2024-08-29 1:26 ` Kees Cook 2024-08-29 5:02 ` Xingyu Li 2024-08-29 5:33 ` Kees Cook 2024-08-29 6:00 ` Yu Hao
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).