Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 92a3727452306125178366a58d87e886e194ae64 ("net: Find dst with sk's xfrm policy not ctl_sk")
url: https://github.com/intel-lab-lkp/linux/commits/UPDATE-20220706-143527/Sewook-Seo/net-tcp-Find-dst-with-sk-s-xfrm-policy-not-ctl_sk/20220622-042459
in testcase: hwsim
version: hwsim-x86_64-717e5d7-1_20220525
with following parameters:
test: group-07
ucode: 0x21
on test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz with 16G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>
[ 132.868237][ C0] BUG: KASAN: slab-out-of-bounds in tcp_v4_send_reset (net/ipv4/tcp_ipv4.c:823)
[ 132.868244][ C0] Read of size 8 at addr ffff888129341308 by task python3/5525
[ 132.868246][ C0]
[ 132.868248][ C0] CPU: 0 PID: 5525 Comm: python3 Tainted: G S 5.19.0-rc2-00127-g92a372745230 #1
[ 132.868251][ C0] Hardware name: /DZ77BH-55K, BIOS BHZ7710H.86A.0097.2012.1228.1346 12/28/2012
[ 132.868253][ C0] Call Trace:
[ 132.868255][ C0] <IRQ>
[ 132.868256][ C0] ? tcp_v4_send_reset (net/ipv4/tcp_ipv4.c:823)
[ 132.868259][ C0] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
[ 132.868263][ C0] print_address_description+0x1f/0x200
[ 132.868268][ C0] ? tcp_v4_send_reset (net/ipv4/tcp_ipv4.c:823)
[ 132.868270][ C0] print_report.cold (mm/kasan/report.c:430)
[ 132.868274][ C0] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 132.868277][ C0] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)
[ 132.868281][ C0] ? tcp_v4_send_reset (net/ipv4/tcp_ipv4.c:823)
[ 132.868283][ C0] tcp_v4_send_reset (net/ipv4/tcp_ipv4.c:823)
[ 132.868286][ C0] ? tcp_req_err (net/ipv4/tcp_ipv4.c:669)
[ 132.868288][ C0] ? tcp_check_req (net/ipv4/tcp_minisocks.c:87)
[ 132.868291][ C0] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 132.868293][ C0] ? memmove (mm/kasan/shadow.c:54 (discriminator 1))
[ 132.868297][ C0] ? tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2157)
[ 132.868299][ C0] tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2157)
[ 132.868302][ C0] ? tcp_v4_early_demux (net/ipv4/tcp_ipv4.c:1916)
[ 132.868304][ C0] ? kernel_text_address (kernel/extable.c:97 kernel/extable.c:94)
[ 132.868308][ C0] ? __kernel_text_address (kernel/extable.c:79)
[ 132.868311][ C0] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:318 arch/x86/kernel/unwind_orc.c:313)
[ 132.868315][ C0] ? create_prof_cpu_mask (kernel/stacktrace.c:83)
[ 132.868319][ C0] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26)
[ 132.868323][ C0] ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205 (discriminator 1))
[ 132.868327][ C0] ip_local_deliver_finish (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 net/ipv4/ip_input.c:234)
[ 132.868329][ C0] ? stack_trace_save (kernel/stacktrace.c:123)
[ 132.868332][ C0] ip_local_deliver (net/ipv4/ip_input.c:243)
[ 132.868334][ C0] ? ip_local_deliver_finish (net/ipv4/ip_input.c:243)
[ 132.868337][ C0] ? net_rx_action (net/core/dev.c:6634 net/core/dev.c:6657)
[ 132.868340][ C0] ? memset (mm/kasan/shadow.c:44)
[ 132.868343][ C0] ? ip_rcv_core (net/ipv4/ip_input.c:524)
[ 132.868346][ C0] ip_rcv (include/net/dst.h:461 net/ipv4/ip_input.c:437 include/linux/netfilter.h:307 include/linux/netfilter.h:301 net/ipv4/ip_input.c:557)
[ 132.868348][ C0] ? ip_rcv_finish (net/ipv4/ip_input.c:550)
[ 132.868350][ C0] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 132.868353][ C0] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
[ 132.868355][ C0] ? ip_rcv_finish (net/ipv4/ip_input.c:550)
[ 132.868357][ C0] __netif_receive_skb_one_core (net/core/dev.c:5480 (discriminator 4))
[ 132.868360][ C0] ? __netif_receive_skb_list_core (net/core/dev.c:5473)
[ 132.868363][ C0] ? _raw_spin_lock_irq (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:120 kernel/locking/spinlock.c:170)
[ 132.868365][ C0] ? cpumask_next_and (lib/cpumask.c:42)
[ 132.868369][ C0] process_backlog (include/linux/netdevice.h:3151 net/core/dev.c:5924)
[ 132.868371][ C0] ? timerqueue_add (lib/timerqueue.c:40)
[ 132.868374][ C0] __napi_poll (net/core/dev.c:6488)
[ 132.868377][ C0] net_rx_action (net/core/dev.c:6557 net/core/dev.c:6666)
[ 132.868380][ C0] ? napi_threaded_poll (net/core/dev.c:6642)
[ 132.868382][ C0] ? var_wake_function (kernel/sched/clock.c:364)
[ 132.868385][ C0] ? sched_clock_cpu (kernel/sched/clock.c:364)
[ 132.868387][ C0] ? __sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:484)
[ 132.868392][ C0] ? clockevents_program_event (kernel/time/clockevents.c:336 (discriminator 3))
[ 132.868396][ C0] __do_softirq (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/trace/events/irq.h:142 kernel/softirq.c:572)
[ 132.868399][ C0] do_softirq (kernel/softirq.c:472 kernel/softirq.c:459)
[ 132.868402][ C0] </IRQ>
[ 132.868403][ C0] <TASK>
[ 132.868404][ C0] __local_bh_enable_ip (kernel/softirq.c:396)
[ 132.868406][ C0] ip_finish_output2 (net/ipv4/ip_output.c:195)
[ 132.868409][ C0] ? __kernel_text_address (kernel/extable.c:79)
[ 132.868412][ C0] ? unwind_get_return_address (arch/x86/kernel/unwind_orc.c:318 arch/x86/kernel/unwind_orc.c:313)
[ 132.868415][ C0] ? create_prof_cpu_mask (kernel/stacktrace.c:83)
[ 132.868417][ C0] ? arch_stack_walk (arch/x86/kernel/stacktrace.c:26)
[ 132.868420][ C0] ? ip_setup_cork (net/ipv4/ip_output.c:195)
[ 132.868423][ C0] ? __ip_finish_output (include/linux/skbuff.h:1739 include/linux/skbuff.h:4977 net/ipv4/ip_output.c:300 net/ipv4/ip_output.c:288)
[ 132.868425][ C0] ip_output (net/ipv4/ip_output.c:422)
[ 132.868428][ C0] ? ip_finish_output (net/ipv4/ip_output.c:422)
[ 132.868431][ C0] __ip_queue_xmit (arch/x86/include/asm/preempt.h:85 include/linux/rcupdate.h:73 include/linux/rcupdate.h:727 net/ipv4/ip_output.c:533)
[ 132.868434][ C0] ? __tcp_select_window (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/net/tcp.h:1434 net/ipv4/tcp_output.c:2957)
[ 132.868437][ C0] ? __skb_clone (arch/x86/include/asm/atomic.h:95 (discriminator 4) include/linux/atomic/atomic-instrumented.h:191 (discriminator 4) net/core/skbuff.c:1082 (discriminator 4))
[ 132.868441][ C0] __tcp_transmit_skb (net/ipv4/tcp_output.c:1405 (discriminator 4))
[ 132.868444][ C0] ? __tcp_select_window (net/ipv4/tcp_output.c:1242)
[ 132.868447][ C0] ? _copy_from_iter (lib/iov_iter.c:767 (discriminator 8))
[ 132.868451][ C0] tcp_write_xmit (net/ipv4/tcp_output.c:2693)
[ 132.868455][ C0] ? skb_do_copy_data_nocache (include/linux/uio.h:171 include/linux/uio.h:177 include/net/sock.h:2204)
[ 132.868459][ C0] ? tcp_alloc_md5sig_pool (include/net/sock.h:2195)
[ 132.868462][ C0] ? skb_page_frag_refill (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/linux/page_ref.h:67 net/core/sock.c:2773)
[ 132.868465][ C0] __tcp_push_pending_frames (net/ipv4/tcp_output.c:2877)
[ 132.868469][ C0] tcp_sendmsg_locked (net/ipv4/tcp.c:1420)
[ 132.868472][ C0] ? _raw_spin_lock (kernel/locking/spinlock.c:177)
[ 132.868474][ C0] ? tcp_sendpage (net/ipv4/tcp.c:1192)
[ 132.868476][ C0] ? _raw_spin_lock_bh (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:127 kernel/locking/spinlock.c:178)
[ 132.868478][ C0] ? _raw_spin_lock (kernel/locking/spinlock.c:177)
[ 132.868480][ C0] ? __cond_resched (kernel/sched/core.c:8217)
[ 132.868483][ C0] ? inet_send_prepare (net/ipv4/af_inet.c:813)
[ 132.868486][ C0] tcp_sendmsg (net/ipv4/tcp.c:1449)
[ 132.868489][ C0] sock_sendmsg (net/socket.c:714 net/socket.c:734)
[ 132.868491][ C0] __sys_sendto (net/socket.c:2119)
[ 132.868494][ C0] ? __ia32_sys_getpeername (net/socket.c:2090)
[ 132.868498][ C0] ? nsec_to_clock_t (kernel/time/time.c:767)
[ 132.868501][ C0] ? __sys_getsockopt (net/socket.c:2299)
[ 132.868504][ C0] ? __x64_sys_poll (fs/select.c:1082 fs/select.c:1068 fs/select.c:1068)
[ 132.868507][ C0] ? __ia32_sys_poll (fs/select.c:1068)
[ 132.868510][ C0] __x64_sys_sendto (net/socket.c:2127)
[ 132.868512][ C0] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 132.868516][ C0] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115)
[ 132.868519][ C0] RIP: 0033:0x7f706977044c
[ 132.868523][ C0] Code: 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 19 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 64 c3 0f 1f 00 55 48 83 ec 20 48 89 54 24 10
All code
========
0: 89 02 mov %eax,(%rdx)
2: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax
9: eb b5 jmp 0xffffffffffffffc0
b: 0f 1f 00 nopl (%rax)
e: 41 89 ca mov %ecx,%r10d
11: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax
18: 00
19: 85 c0 test %eax,%eax
1b: 75 19 jne 0x36
1d: 45 31 c9 xor %r9d,%r9d
20: 45 31 c0 xor %r8d,%r8d
23: b8 2c 00 00 00 mov $0x2c,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 64 ja 0x96
32: c3 retq
33: 0f 1f 00 nopl (%rax)
36: 55 push %rbp
37: 48 83 ec 20 sub $0x20,%rsp
3b: 48 89 54 24 10 mov %rdx,0x10(%rsp)
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 64 ja 0x6c
8: c3 retq
9: 0f 1f 00 nopl (%rax)
c: 55 push %rbp
d: 48 83 ec 20 sub $0x20,%rsp
11: 48 89 54 24 10 mov %rdx,0x10(%rsp)
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp