All of lore.kernel.org
 help / color / mirror / Atom feed
* WARNING in sk_stream_kill_queues (3)
@ 2018-06-14 12:47 syzbot
  2019-11-25 15:59 ` syzbot
  0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2018-06-14 12:47 UTC (permalink / raw)
  To: davem, gregkh, kstewart, linux-kernel, netdev, pombredanne,
	syzkaller-bugs, tglx

Hello,

syzbot found the following crash on:

HEAD commit:    81c310582f0e kmsan: unpoison virtio input buffers when add..
git tree:       https://github.com/google/kmsan.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=1747c21f800000
kernel config:  https://syzkaller.appspot.com/x/.config?x=848e40757852af3e
dashboard link: https://syzkaller.appspot.com/bug?extid=13e1ee9caeab5a9abc62
compiler:       clang version 7.0.0 (trunk 334104)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=105f5eaf800000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13b15b6f800000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+13e1ee9caeab5a9abc62@syzkaller.appspotmail.com

WARNING: CPU: 0 PID: 4964 at net/core/stream.c:206  
sk_stream_kill_queues+0x944/0x970 net/core/stream.c:206
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 4964 Comm: syz-executor457 Not tainted 4.17.0+ #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x185/0x1d0 lib/dump_stack.c:113
  panic+0x3d0/0x990 kernel/panic.c:184
  __warn+0x40f/0x580 kernel/panic.c:536
  report_bug+0x72a/0x880 lib/bug.c:186
  fixup_bug arch/x86/kernel/traps.c:179 [inline]
  do_error_trap+0x1c1/0x620 arch/x86/kernel/traps.c:298
  do_invalid_op+0x46/0x50 arch/x86/kernel/traps.c:317
  invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:sk_stream_kill_queues+0x944/0x970 net/core/stream.c:206
RSP: 0018:ffff8801a867f368 EFLAGS: 00010293
RAX: ffffffff87dbf654 RBX: 0000000000000813 RCX: ffff8801ab7bd7c0
RDX: 0000000000000000 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000
RBP: ffff8801a867f3e8 R08: 0000000000000000 R09: 0000000000000002
R10: ffff8801a66d3a00 R11: ffffffff88c44c40 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000813
  inet_csk_destroy_sock+0x2a4/0x5d0 net/ipv4/inet_connection_sock.c:833
  tcp_close+0xe37/0x18f0 net/ipv4/tcp.c:2323
  tls_sk_proto_close+0xc2f/0xcd0 net/tls/tls_main.c:291
  inet_release+0x249/0x2b0 net/ipv4/af_inet.c:427
  inet6_release+0xaf/0x100 net/ipv6/af_inet6.c:460
  sock_release net/socket.c:594 [inline]
  sock_close+0xeb/0x310 net/socket.c:1149
  __fput+0x458/0xa30 fs/file_table.c:209
  ____fput+0x37/0x40 fs/file_table.c:243
  task_work_run+0x22e/0x2b0 kernel/task_work.c:113
  exit_task_work include/linux/task_work.h:22 [inline]
  do_exit+0x110e/0x3930 kernel/exit.c:867
  do_group_exit+0x1a0/0x360 kernel/exit.c:970
  get_signal+0x1405/0x1ec0 kernel/signal.c:2482
  do_signal+0xb8/0x1d20 arch/x86/kernel/signal.c:810
  exit_to_usermode_loop arch/x86/entry/common.c:162 [inline]
  prepare_exit_to_usermode+0x271/0x3a0 arch/x86/entry/common.c:196
  syscall_return_slowpath+0xe9/0x710 arch/x86/entry/common.c:265
  do_syscall_64+0x1ad/0x230 arch/x86/entry/common.c:290
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x447ce9
RSP: 002b:00007feb54132d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
RAX: 0000000000008000 RBX: 00000000006dec5c RCX: 0000000000447ce9
RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000020000000 R09: 000000000000001c
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dec58
R13: 0100000000000000 R14: 00007feb541339c0 R15: 000000000000000c
Dumping ftrace buffer:
    (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: WARNING in sk_stream_kill_queues (3)
  2018-06-14 12:47 WARNING in sk_stream_kill_queues (3) syzbot
@ 2019-11-25 15:59 ` syzbot
  2019-11-25 17:39   ` Jakub Kicinski
  0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2019-11-25 15:59 UTC (permalink / raw)
  To: aviadye, borisp, davejwatson, davem, gregkh, ilyal, kstewart,
	linux-kernel, netdev, pombredanne, syzkaller-bugs, tglx

syzbot has bisected this bug to:

commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
Author: Dave Watson <davejwatson@fb.com>
Date:   Wed Jun 14 18:37:39 2017 +0000

     tls: kernel TLS support

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=127a8f22e00000
start commit:   be779f03 Merge tag 'kbuild-v4.18-2' of git://git.kernel.or..
git tree:       upstream
final crash:    https://syzkaller.appspot.com/x/report.txt?x=117a8f22e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=167a8f22e00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=855fb54e1e019da2
dashboard link: https://syzkaller.appspot.com/bug?extid=13e1ee9caeab5a9abc62
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=165a0c1f800000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=114591af800000

Reported-by: syzbot+13e1ee9caeab5a9abc62@syzkaller.appspotmail.com
Fixes: 3c4d7559159b ("tls: kernel TLS support")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: WARNING in sk_stream_kill_queues (3)
  2019-11-25 15:59 ` syzbot
@ 2019-11-25 17:39   ` Jakub Kicinski
  0 siblings, 0 replies; 3+ messages in thread
From: Jakub Kicinski @ 2019-11-25 17:39 UTC (permalink / raw)
  To: syzbot
  Cc: aviadye, borisp, davejwatson, davem, gregkh, ilyal, kstewart,
	linux-kernel, netdev, pombredanne, syzkaller-bugs, tglx

On Mon, 25 Nov 2019 07:59:01 -0800, syzbot wrote:
> syzbot has bisected this bug to:
> 
> commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
> Author: Dave Watson <davejwatson@fb.com>
> Date:   Wed Jun 14 18:37:39 2017 +0000
> 
>      tls: kernel TLS support
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=127a8f22e00000
> start commit:   be779f03 Merge tag 'kbuild-v4.18-2' of git://git.kernel.or..
> git tree:       upstream
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=117a8f22e00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=167a8f22e00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=855fb54e1e019da2
> dashboard link: https://syzkaller.appspot.com/bug?extid=13e1ee9caeab5a9abc62
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=165a0c1f800000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=114591af800000
> 
> Reported-by: syzbot+13e1ee9caeab5a9abc62@syzkaller.appspotmail.com
> Fixes: 3c4d7559159b ("tls: kernel TLS support")
> 
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Looking at the repro timeline I'm fairly confident that
commit 9354544cbccf ("net/tls: fix page double free on TX cleanup")
stopped this. Even though it must had been appearing earlier due to a
different bug, because what the mentioned commit fixed was more recent
than the report.

#syz fix: net/tls: fix page double free on TX cleanup

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-25 17:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-14 12:47 WARNING in sk_stream_kill_queues (3) syzbot
2019-11-25 15:59 ` syzbot
2019-11-25 17:39   ` Jakub Kicinski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.