Received: by 2002:a89:288:0:b0:1f7:eeee:6653 with SMTP id j8csp352490lqh; Tue, 7 May 2024 00:35:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW9clvShMxbaBr1t9NScSK/hfN50281aNHoY7HwkzAq9PKFXkJStcBsFU1LtnrJC8i32WJJcNim3//EugZAV15v4SRN9mZi5Z7m9l3E4A== X-Google-Smtp-Source: AGHT+IHpJ8vNo+JA3xEfka4cOTi9XNWbOQsstzwKra8uLg9AYEr6FfnKQ9GghXWS0TXL3/75J4Dx X-Received: by 2002:a05:6a20:5649:b0:1a3:dc61:926a with SMTP id is9-20020a056a20564900b001a3dc61926amr11006353pzc.54.1715067341997; Tue, 07 May 2024 00:35:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715067341; cv=pass; d=google.com; s=arc-20160816; b=cyTdTxlLUk5xGDxAr0cmkurxg7vDt5rJZNZkJpUXT3Wy/sQvoYe4CcV5u5pgET+JcJ KbR9pgGkoLL7sS1Avp3F+fS7f555NxWL4IOx6xhVM5pw85pwUhZrS4q1LxI92O3NOrQk leoYVrY06N/R+vxxbydiA3MtlT9sdvLAu1YxahRusvHT3AGBEJgicU7yi2W9ykCkfN22 Aemj8ckOsf33ptAwRhhvB7+WuWhWFHuqae7UgEvIYi/RnWILkWa3TUKp/sC4WWgNgrZk 69+yF10LWJDyQkZ+j9cyGOZkilyk3lq4X816EgBuqkPpxt17kjLiOBBvxNKUad/aaIBt Yk8A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=dmvUSPF9NLdKwnRj3AKR4GurwZOdKRkhI6zjFH5eUHs=; fh=4rUSvHqoVk9K+skxbRtPK/qn3S+kJcdGM4mjrA3CaJA=; b=bHC2PeSO713/oOK2Ex1Kw84949xCc6ZYQDaJBcLn59JuxeTp7uKXXFrFWRL63U8OSq h0cHIqoEE1bj1qKFnNWgkKds/s2gY475vu/HztNw+1e9EurieqNJfDT1vKmZbNcXXNKd SFm2OmqEaWzvNIaAAnymVth45aIWfB5Fxwxg88qLP2XFT6qzc1N686dPpxSUIETN4pOF w4QV17FGXvRq7hL5Ee7ViR8SG0ojt1CR52ZX7NZnRXBoQQMcOKoGpoSAxJXx7ig14S4D 4TeUovxys6T/eDvG7OYtWPazWC4D729ucau/OykFxVW/9MxWsc+bGGbIGHNl4P3ldawj lPLg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=W2hHWxXD; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-170819-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-170819-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id d1-20020a170902e14100b001e9219222b3si9375183pla.271.2024.05.07.00.35.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 May 2024 00:35:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-170819-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=W2hHWxXD; arc=pass (i=1 spf=pass spfdomain=google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-170819-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-170819-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 970DAB21FBD for ; Tue, 7 May 2024 07:31:36 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5CD1713C667; Tue, 7 May 2024 07:31:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="W2hHWxXD" Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 95CBC13BAC3 for ; Tue, 7 May 2024 07:31:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715067081; cv=none; b=LJY4FgaSgWDpCDekMuIthXDdyFzSMVU35AwNV8QU2tnfqLSiqkqWYrshqxC5x5V0QvQbsrnToycUV81WRnNtdizuyW9DiriJ+s/jkwOhB75Ce86pS3wqKIJjC+dnrkn3NeLKzG5jS54pG5WyvzuH7GH1VWmo6QG6Q3kio9Htz5E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715067081; c=relaxed/simple; bh=KBDLtEBYt7DBX+CTDDeyBaMAe3X2ghmRW4PFkXcMS9Q=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=il9d5EDCgMQUw2wtMymGshXzfgG5FEU7dSbOsuJav2SaIaPllQEUj/2K3DPgYPrl7GeZXy3YWoR1Jke/dXUinHvA6+eyef5XuBsJJQ5ZfpfG7iZxu+iBr9bbk30pJDYV9DtcL2zWCq9eiAIMjK80WlcnOczXlA6E7Ii2ojgZMaI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=W2hHWxXD; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-572aad902baso10436a12.0 for ; Tue, 07 May 2024 00:31:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715067078; x=1715671878; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=dmvUSPF9NLdKwnRj3AKR4GurwZOdKRkhI6zjFH5eUHs=; b=W2hHWxXDNDT4MURGMdKYKFbN5mBJKhCOwtQR/VM8RF95DraKt1uj+u6P2+LaSNRSfG VMqx9Xx7iaHecn5I/U5h4GaG5IoiUzDCDQmDY/73zO7FSMtNxcBMxr8F/gKTLM7HZB89 g7JLgfL68fIVm8eJDpcms0JmPkFGd16hTwd46JKjKSaSYKdYyF6LMzCnmu+KmuTdpoUr 7g+XJjaueA8lPhA065QpwcyWVRhbCr3TKeeNa760R+rK8V7sSrXrz3iCrhLX9kpKRp25 G2/Al3LD8Kh53d51qPhPcDO0XjwvOdG+Q6mRASSL+TIR1YDTBFNseKHmR/7UdsJgs6ML cgww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715067078; x=1715671878; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dmvUSPF9NLdKwnRj3AKR4GurwZOdKRkhI6zjFH5eUHs=; b=klPgoQrzbNqzgCzsmVZkcniQeQq4m79lHtx4RyqMxZ4zRIPTGn2FEvwa6ZDa6Z/qTc 3M4Yl4p9R4VcQFOMiswnI5ptFd64wO2gZsBIk9PH7Nv44bY7Xt5uhzSWieowRTDwodly 8fLMTmm/pj3U4jBxq/VSG+T2jG1TM4jTvPCCcssiG+3D7NVFSlASa7jfYdhpZLCLoked 39MGv2lC+TtkGG18/WDDYB7r1P/1LZJrUGjMKukyPEoIDzq0RGLXRDJlkFJ664L1JK0e xZ5G85P3xWPRSaoSrd7+IWi0km2qjTHBrYifrqYww2kCM6Q9CuLEQ28SI/fiQcdsdHUY /K1Q== X-Gm-Message-State: AOJu0YwXxa0ZPkA7zClgH/mqMObAgUJWja9M4BDLnP96GC/+XeXGOnk1 CBb6UMo6g9dkE4D4efNT1vWASjfl3x5LxABHWe52cFzVD67JrDrNSqSfeIaTF6WF6d5YK9rVdpE mA5P9OlQ7MGtBJFI9hypyGYmOc4hMowDYGgJ8 X-Received: by 2002:aa7:d0d9:0:b0:573:8b4:a0a6 with SMTP id 4fb4d7f45d1cf-57313156605mr82751a12.5.1715067077628; Tue, 07 May 2024 00:31:17 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: In-Reply-To: From: Eric Dumazet Date: Tue, 7 May 2024 09:31:03 +0200 Message-ID: Subject: Re: [Linux kernel bug] general protection fault in nexthop_is_blackhole To: Sam Sun Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, davem@davemloft.net, dsahern@kernel.org, kuba@kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com, xrivendell7@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, May 7, 2024 at 9:00=E2=80=AFAM Sam Sun wr= ote: > > Dear developers and maintainers, > > We encountered a general protection fault in function > nexthop_is_blackhole. It was tested against the latest upstream linux > (tag 6.9-rc7). C repro and kernel config are attached to this email. > Kernel crash log is listed below. This is another reiserfs bug, please let's not be mistaken. We have dozens of syzbot reports about reiserfs. Thank you. > ``` > general protection fault, probably for non-canonical address > 0xdffffc0080008015: 0000 [#1] PREEMPT SMP KASAN NOPTI > KASAN: probably user-memory-access in range > [0x00000004000400a8-0x00000004000400af] > CPU: 1 PID: 7959 Comm: kworker/u8:2 Not tainted 6.9.0-rc6 #1 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.13.0-1ubuntu1.1 04/01/2014 > Workqueue: ipv6_addrconf addrconf_dad_work > RIP: 0010:nexthop_is_blackhole+0x23/0x2a0 include/net/nexthop.h:370 > Code: 00 00 00 0f 1f 40 00 55 41 57 41 56 53 48 89 fb 49 bf 00 00 00 > 00 00 fc ff df e8 58 c1 b6 f7 4c 8d 73 66 4c 89 f0 48 c1 e8 03 <42> 8a > 04 38 84 c0 0f 85 17 02 00 00 41 0f b6 2e 31 ff 89 ee e8 44 > RSP: 0018:ffffc900001d81f8 EFLAGS: 00010203 > RAX: 0000000080008015 RBX: 0000000400040048 RCX: ffff88801cbfa500 > RDX: 0000000080000101 RSI: 0000000000000000 RDI: 0000000400040048 > RBP: ffffc900001d8398 R08: ffffffff89d8fd23 R09: 0000000000000021 > R10: ffffc900001d84c0 R11: fffffbfff2273299 R12: ffff88807857e800 > R13: 1ffff1100f0afd0c R14: 00000004000400ae R15: dffffc0000000000 > FS: 0000000000000000(0000) GS:ffff8880be400000(0000) knlGS:0000000000000= 000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007fa8a2420630 CR3: 00000000264f6000 CR4: 0000000000750ef0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > Call Trace: > > __find_rr_leaf+0x521/0x890 net/ipv6/route.c:817 > find_rr_leaf net/ipv6/route.c:861 [inline] > rt6_select net/ipv6/route.c:896 [inline] > fib6_table_lookup+0x56f/0xbb0 net/ipv6/route.c:2193 > ip6_pol_route+0x272/0x1580 net/ipv6/route.c:2229 > pol_lookup_func include/net/ip6_fib.h:614 [inline] > fib6_rule_lookup+0x571/0x780 net/ipv6/fib6_rules.c:116 > ip6_route_input_lookup net/ipv6/route.c:2298 [inline] > ip6_route_input+0x839/0xd10 net/ipv6/route.c:2594 > ip6_rcv_finish net/ipv6/ip6_input.c:77 [inline] > NF_HOOK include/linux/netfilter.h:314 [inline] > ipv6_rcv+0x1dc/0x200 net/ipv6/ip6_input.c:310 > __netif_receive_skb_one_core net/core/dev.c:5544 [inline] > __netif_receive_skb+0x1dc/0x640 net/core/dev.c:5658 > process_backlog+0x361/0x790 net/core/dev.c:5987 > __napi_poll+0xca/0x480 net/core/dev.c:6638 > napi_poll net/core/dev.c:6707 [inline] > net_rx_action+0x7c0/0x10a0 net/core/dev.c:6822 > __do_softirq+0x272/0x734 kernel/softirq.c:554 > do_softirq+0xfe/0x1b0 kernel/softirq.c:455 > > > __local_bh_enable_ip+0x18a/0x1c0 kernel/softirq.c:382 > local_bh_enable include/linux/bottom_half.h:33 [inline] > rcu_read_unlock_bh include/linux/rcupdate.h:851 [inline] > __dev_queue_xmit+0x1d13/0x3a60 net/core/dev.c:4368 > neigh_output include/net/neighbour.h:542 [inline] > ip6_finish_output2+0xfcf/0x1600 net/ipv6/ip6_output.c:137 > ip6_finish_output+0x3c8/0x7f0 net/ipv6/ip6_output.c:222 > NF_HOOK include/linux/netfilter.h:314 [inline] > ndisc_send_skb+0xa39/0xf40 net/ipv6/ndisc.c:509 > addrconf_dad_completed+0x734/0xc60 net/ipv6/addrconf.c:4358 > addrconf_dad_work+0xd82/0x16b0 > process_one_work kernel/workqueue.c:3254 [inline] > process_scheduled_works+0x9c9/0x14a0 kernel/workqueue.c:3335 > worker_thread+0x85c/0xd50 kernel/workqueue.c:3416 > kthread+0x2ed/0x390 kernel/kthread.c:388 > ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 > > Modules linked in: > ---[ end trace 0000000000000000 ]--- > RIP: 0010:nexthop_is_blackhole+0x23/0x2a0 include/net/nexthop.h:370 > Code: 00 00 00 0f 1f 40 00 55 41 57 41 56 53 48 89 fb 49 bf 00 00 00 > 00 00 fc ff df e8 58 c1 b6 f7 4c 8d 73 66 4c 89 f0 48 c1 e8 03 <42> 8a > 04 38 84 c0 0f 85 17 02 00 00 41 0f b6 2e 31 ff 89 ee e8 44 > RSP: 0018:ffffc900001d81f8 EFLAGS: 00010203 > > RAX: 0000000080008015 RBX: 0000000400040048 RCX: ffff88801cbfa500 > RDX: 0000000080000101 RSI: 0000000000000000 RDI: 0000000400040048 > RBP: ffffc900001d8398 R08: ffffffff89d8fd23 R09: 0000000000000021 > R10: ffffc900001d84c0 R11: fffffbfff2273299 R12: ffff88807857e800 > R13: 1ffff1100f0afd0c R14: 00000004000400ae R15: dffffc0000000000 > FS: 0000000000000000(0000) GS:ffff8880be400000(0000) knlGS:0000000000000= 000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007fa8a2420630 CR3: 00000000264f6000 CR4: 0000000000750ef0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > PKRU: 55555554 > ---------------- > Code disassembly (best guess), 1 bytes skipped: > 0: 00 00 add %al,(%rax) > 2: 0f 1f 40 00 nopl 0x0(%rax) > 6: 55 push %rbp > 7: 41 57 push %r15 > 9: 41 56 push %r14 > b: 53 push %rbx > c: 48 89 fb mov %rdi,%rbx > f: 49 bf 00 00 00 00 00 movabs $0xdffffc0000000000,%r15 > 16: fc ff df > 19: e8 58 c1 b6 f7 callq 0xf7b6c176 > 1e: 4c 8d 73 66 lea 0x66(%rbx),%r14 > 22: 4c 89 f0 mov %r14,%rax > 25: 48 c1 e8 03 shr $0x3,%rax > * 29: 42 8a 04 38 mov (%rax,%r15,1),%al <-- trapping instruc= tion > 2d: 84 c0 test %al,%al > 2f: 0f 85 17 02 00 00 jne 0x24c > 35: 41 0f b6 2e movzbl (%r14),%ebp > 39: 31 ff xor %edi,%edi > 3b: 89 ee mov %ebp,%esi > 3d: e8 .byte 0xe8 > 3e: 44 rex.R > ``` > If you have any questions, please contact us. > > Reported by Yue Sun > Reported by xingwei lee > > Best Regards, > Yue