WARNING: locking bug in tomoyo

Linux Security Modules development
 help / color / mirror / Atom feed

* WARNING: locking bug in tomoyo_supervisor
@ 2020-04-16 22:05 syzbot
  2020-04-17  4:37 ` Tetsuo Handa
  0 siblings, 1 reply; 2+ messages in thread
From: syzbot @ 2020-04-16 22:05 UTC (permalink / raw)
  To: jmorris, linux-kernel, linux-security-module, penguin-kernel,
	serge, syzkaller-bugs, takedakn

Hello,

syzbot found the following crash on:

HEAD commit:    4f8a3cc1 Merge tag 'x86-urgent-2020-04-12' of git://git.ke..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1599027de00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=3bfbde87e8e65624
dashboard link: https://syzkaller.appspot.com/bug?extid=1c36440b364ea3774701
compiler:       clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=150733cde00000

Bisection is inconclusive: the first bad commit could be any of:

9211bfbf netfilter: add missing IS_ENABLED(CONFIG_BRIDGE_NETFILTER) checks to header-file.
47e640af netfilter: add missing IS_ENABLED(CONFIG_NF_TABLES) check to header-file.
a1b2f04e netfilter: add missing includes to a number of header-files.
0abc8bf4 netfilter: add missing IS_ENABLED(CONFIG_NF_CONNTRACK) checks to some header-files.
bd96b4c7 netfilter: inline four headers files into another one.
43dd16ef netfilter: nf_tables: store data in offload context registers
78458e3e netfilter: add missing IS_ENABLED(CONFIG_NETFILTER) checks to some header-files.
20a9379d netfilter: remove "#ifdef __KERNEL__" guards from some headers.
bd8699e9 netfilter: nft_bitwise: add offload support
2a475c40 kbuild: remove all netfilter headers from header-test blacklist.
7e59b3fe netfilter: remove unnecessary spaces
1b90af29 ipvs: Improve robustness to the ipvs sysctl
5785cf15 netfilter: nf_tables: add missing prototypes.
0a30ba50 netfilter: nf_nat_proto: make tables static
e84fb4b3 netfilter: conntrack: use shared sysctl constants
10533343 netfilter: connlabels: prefer static lock initialiser
8c0bb787 netfilter: synproxy: rename mss synproxy_options field
c162610c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10aacf5de00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+1c36440b364ea3774701@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 8602 at kernel/locking/lockdep.c:873 look_up_lock_class+0x207/0x280 kernel/locking/lockdep.c:863
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 8602 Comm: syz-executor.5 Not tainted 5.6.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1e9/0x30e lib/dump_stack.c:118
 panic+0x264/0x7a0 kernel/panic.c:221
 __warn+0x102/0x210 kernel/panic.c:574
 look_up_lock_class+0x207/0x280 kernel/locking/lockdep.c:863
 __warn+0x209/0x210 kernel/panic.c:582
 look_up_lock_class+0x207/0x280 kernel/locking/lockdep.c:863
 report_bug+0x1ac/0x2d0 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:175 [inline]
 do_error_trap+0xca/0x1c0 arch/x86/kernel/traps.c:267
 do_invalid_op+0x32/0x40 arch/x86/kernel/traps.c:286
 look_up_lock_class+0x207/0x280 kernel/locking/lockdep.c:863
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:look_up_lock_class+0x207/0x280 kernel/locking/lockdep.c:863
Code: 3d 91 8c 12 08 00 0f 85 35 ff ff ff 31 db 48 c7 c7 19 59 e5 88 48 c7 c6 03 ea e6 88 31 c0 e8 10 18 ec ff 0f 0b e9 7b ff ff ff <0f> 0b e9 74 ff ff ff 48 c7 c1 30 4d 55 8b 80 e1 07 80 c1 03 38 c1
RSP: 0018:ffffc90006017a98 EFLAGS: 00010002
RAX: ffffffff8ab05460 RBX: ffffffff8ad678f8 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888096695860
RBP: ffff888096695878 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff12d7735 R11: 0000000000000000 R12: 1ffff11012cd2b0c
R13: ffffffff89063ea9 R14: ffff888096695860 R15: dffffc0000000000
 register_lock_class+0x97/0x10d0 kernel/locking/lockdep.c:1220
 tomoyo_supervisor+0x13d/0x1310 security/tomoyo/common.c:2076
 __lock_acquire+0x102/0x2c30 kernel/locking/lockdep.c:4234
 rcu_lock_release+0x5/0x20 include/linux/rcupdate.h:212
 srcu_read_unlock include/linux/srcu.h:181 [inline]
 tomoyo_read_unlock security/tomoyo/common.h:1123 [inline]
 tomoyo_inet_entry security/tomoyo/network.c:487 [inline]
 tomoyo_check_inet_address+0x661/0x8e0 security/tomoyo/network.c:532
 lock_acquire+0x169/0x480 kernel/locking/lockdep.c:4934
 spin_lock_bh include/linux/spinlock.h:358 [inline]
 lock_sock_nested+0x43/0x110 net/core/sock.c:2959

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: WARNING: locking bug in tomoyo_supervisor
  2020-04-16 22:05 WARNING: locking bug in tomoyo_supervisor syzbot
@ 2020-04-17  4:37 ` Tetsuo Handa
  0 siblings, 0 replies; 2+ messages in thread
From: Tetsuo Handa @ 2020-04-17  4:37 UTC (permalink / raw)
  To: syzbot, linux-kernel, syzkaller-bugs, Network Development,
	James Chapman
  Cc: Petr Mladek, Sergey Senozhatsky

On 2020/04/17 7:05, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    4f8a3cc1 Merge tag 'x86-urgent-2020-04-12' of git://git.ke..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1599027de00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=3bfbde87e8e65624
> dashboard link: https://syzkaller.appspot.com/bug?extid=1c36440b364ea3774701
> compiler:       clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=150733cde00000

This seems to be a misattributed report explained at https://lkml.kernel.org/r/20190924140241.be77u2jne3melzte@pathway.suse.cz .
Petr and Sergey, how is the progress of making printk() asynchronous? When can we expect that work to be merged?
If it is delaying, can we implement storing these metadata into the per-CPU buffers?

Anyway,

> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10aacf5de00000

bisection log says this will be a duplicate of

#syz dup: WARNING: locking bug in inet_autobind

. This misattribution by chance served as a reminder for "locking bug in inet_autobind" bug. ;-)

According to https://syzkaller.appspot.com/bug?id=a7d678fba80c34b5770cc1b5638b8a2709ae9f3f ,
this bug is happening on "2020/04/01 19:28", "2020/04/09 06:24" and "2020/04/10 20:48"
which are after the opening of the merge window for 5.7-rc1. Reproducer suggests that
pppl2tp and inet6_udp are relevant.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-04-17  4:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-04-16 22:05 WARNING: locking bug in tomoyo_supervisor syzbot
2020-04-17  4:37 ` Tetsuo Handa

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox