Hi Birger and net expert,
Greeting!
There is "lwtunnel_valid_encap_type" WARNING in 6.1-rc3 mainline kernel in syzkaller test in guest:
[ 28.686292] ------------[ cut here ]------------
[ 28.686567] WARNING: CPU: 0 PID: 579 at net/core/lwtunnel.c:57 lwtunnel_valid_encap_type+0x167/0x1e0
[ 28.687079] Modules linked in:
[ 28.687254] CPU: 0 PID: 579 Comm: repro Not tainted 6.1.0-rc3-30a0b95b1335 #1
[ 28.687650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
[ 28.688343] RIP: 0010:lwtunnel_valid_encap_type+0x167/0x1e0
[ 28.688756] Code: d0 e3 55 83 48 c7 c2 6a c8 55 83 4c 0f 45 f2 e9 68 ff ff ff 49 c7 c6 6a c8 55 83 66 83 fb 0a 0f 85 57 ff ff ff e8 d9 75 b7 fe <0f> 0b eb 8c f
[ 28.690017] RSP: 0018:ffffc90000fcf7e8 EFLAGS: 00010246
[ 28.690398] RAX: 0000000000000000 RBX: 000000000000000a RCX: ffffffff826d71c8
[ 28.690906] RDX: 0000000000000000 RSI: ffff888010a39980 RDI: 0000000000000002
[ 28.691425] RBP: ffffc90000fcf810 R08: 0000000000000000 R09: 0000000000000000
[ 28.691919] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000000a
[ 28.692416] R13: ffffc90000fcfb08 R14: ffffffff8355c86a R15: 0000000000000000
[ 28.692915] FS: 00007fbacb971740(0000) GS:ffff88807dc00000(0000) knlGS:0000000000000000
[ 28.693466] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.693856] CR2: 0000000020000700 CR3: 0000000007c9c004 CR4: 0000000000770ef0
[ 28.694269] PKRU: 55555554
[ 28.694633] Call Trace:
[ 28.694951] <TASK>
[ 28.695108] rtm_to_fib6_config+0x4a8/0x680
[ 28.695769] inet6_rtm_delroute+0x4b/0x110
[ 28.696069] ? inet6_rtm_delroute+0x4b/0x110
[ 28.696410] ? ip6_route_multipath_del+0x280/0x280
[ 28.696786] rtnetlink_rcv_msg+0x22e/0x5f0
[ 28.697446] ? __sanitizer_cov_trace_pc+0x25/0x60
[ 28.697850] ? write_comp_data+0x2f/0x90
[ 28.698197] netlink_rcv_skb+0x8e/0x1e0
[ 28.698519] ? rtnl_calcit.isra.41+0x1c0/0x1c0
[ 28.698900] rtnetlink_rcv+0x25/0x30
[ 28.699168] netlink_unicast+0x2e6/0x410
[ 28.699464] ? write_comp_data+0x2f/0x90
[ 28.699799] netlink_sendmsg+0x372/0x700
[ 28.700163] ? netlink_unicast+0x410/0x410
[ 28.700476] sock_sendmsg+0xda/0xf0
[ 28.700753] ____sys_sendmsg+0x3a9/0x420
[ 28.701057] ? write_comp_data+0x2f/0x90
[ 28.701356] ___sys_sendmsg+0x9b/0xe0
[ 28.701615] ? lru_cache_add_inactive_or_unevictable+0x59/0xd0
[ 28.702042] ? __sanitizer_cov_trace_pc+0x25/0x60
[ 28.702385] ? write_comp_data+0x2f/0x90
[ 28.702669] ? __sanitizer_cov_trace_pc+0x25/0x60
[ 28.703002] ? __fget_light+0xb0/0x220
[ 28.703274] ? write_comp_data+0x2f/0x90
[ 28.703550] ? __sanitizer_cov_trace_pc+0x25/0x60
[ 28.703873] ? sockfd_lookup_light+0x7a/0xc0
[ 28.704166] __sys_sendmsg+0xa2/0x130
[ 28.704396] __x64_sys_sendmsg+0x2c/0x40
[ 28.704627] do_syscall_64+0x3b/0x90
[ 28.704840] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 28.705139] RIP: 0033:0x7fbacba9659d
[ 28.705391] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 8
[ 28.706528] RSP: 002b:00007ffe459d7038 EFLAGS: 00000213 ORIG_RAX: 000000000000002e
[ 28.706960] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbacba9659d
[ 28.707418] RDX: 0000000000000000 RSI: 0000000020001840 RDI: 0000000000000003
[ 28.707869] RBP: 00007ffe459d7050 R08: 00007ffe459d7130 R09: 00007ffe459d7130
[ 28.708277] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000000401040
[ 28.708670] R13: 00007ffe459d7130 R14: 0000000000000000 R15: 0000000000000000
[ 28.709092] </TASK>
[ 28.709221] ---[ end trace 0000000000000000 ]---
[ 28.711851] ------------[ cut here ]------------
[ 28.712131] WARNING: CPU: 0 PID: 580 at net/core/lwtunnel.c:57 lwtunnel_valid_encap_type+0x167/0x1e0
[ 28.712676] Modules linked in:
[ 28.712857] CPU: 0 PID: 580 Comm: repro Tainted: G W 6.1.0-rc3-30a0b95b1335 #1
...
Bisect and found the first bad commit is 2c2493b9da9166478fe072e3054f8a5741dadb02.
"xfrm: lwtunnel: add lwtunnel support for xfrm interfaces in collect_md mode"
And revert this commit, this issue could not be reproduced.
All bisect and test dmesg log, kconfig, repro.c and repro binary are in link:
https://github.com/xupengfe/syzkaller_logs/tree/main/221103_152117_lwtunnel_valid_encap_type
Kconfig, repro.c are in attached.
If you fix this issue, thanks to add the Reported tag.
Resend the email due to previous large attachment.
Thanks!
BR.
Hi,
On Mon, Nov 7, 2022 at 5:27 AM Pengfei Xu <[email protected]> wrote:
>
> Hi Birger and net expert,
>
> Greeting!
>
> There is "lwtunnel_valid_encap_type" WARNING in 6.1-rc3 mainline kernel in syzkaller test in guest:
<snip>
>
> Bisect and found the first bad commit is 2c2493b9da9166478fe072e3054f8a5741dadb02.
> "xfrm: lwtunnel: add lwtunnel support for xfrm interfaces in collect_md mode"
> And revert this commit, this issue could not be reproduced.
>
> All bisect and test dmesg log, kconfig, repro.c and repro binary are in link:
> https://github.com/xupengfe/syzkaller_logs/tree/main/221103_152117_lwtunnel_valid_encap_type
>
> Kconfig, repro.c are in attached.
>
> If you fix this issue, thanks to add the Reported tag.
>
> Resend the email due to previous large attachment.
Thanks for the report.
A fix was submitted to the IPsec tree:
https://lore.kernel.org/netdev/Y0UwqMZQ6n+G%2F%2FaD@shredder/
Thanks,
Eyal.
Hi Eyal,
On 2022-11-07 at 08:09:39 +0200, Eyal Birger wrote:
> Hi,
>
> On Mon, Nov 7, 2022 at 5:27 AM Pengfei Xu <[email protected]> wrote:
> >
> > Hi Birger and net expert,
> >
> > Greeting!
> >
> > There is "lwtunnel_valid_encap_type" WARNING in 6.1-rc3 mainline kernel in syzkaller test in guest:
>
> <snip>
>
> >
> > Bisect and found the first bad commit is 2c2493b9da9166478fe072e3054f8a5741dadb02.
> > "xfrm: lwtunnel: add lwtunnel support for xfrm interfaces in collect_md mode"
> > And revert this commit, this issue could not be reproduced.
> >
> > All bisect and test dmesg log, kconfig, repro.c and repro binary are in link:
> > https://github.com/xupengfe/syzkaller_logs/tree/main/221103_152117_lwtunnel_valid_encap_type
> >
> > Kconfig, repro.c are in attached.
> >
> > If you fix this issue, thanks to add the Reported tag.
> >
> > Resend the email due to previous large attachment.
>
> Thanks for the report.
>
> A fix was submitted to the IPsec tree:
> https://lore.kernel.org/netdev/Y0UwqMZQ6n+G%2F%2FaD@shredder/
>
Ah, thanks for your information of fixed patch, please ignore this email.
Thanks!
BR.
> Thanks,
> Eyal.