From: Andrey Konovalov <andreyknvl@google.com>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Gerrit Renker <gerrit@erg.abdn.ac.uk>,
"David S. Miller" <davem@davemloft.net>,
dccp@vger.kernel.org, netdev <netdev@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
syzkaller <syzkaller@googlegroups.com>,
Kostya Serebryany <kcc@google.com>,
Alexander Potapenko <glider@google.com>,
Eric Dumazet <edumazet@google.com>,
Dmitry Vyukov <dvyukov@google.com>
Subject: Re: net/dccp: warning in dccp_set_state
Date: Mon, 24 Oct 2016 15:41:34 +0200 [thread overview]
Message-ID: <CAAeHK+y5XmobRWLkiQLkYdogafQRSJM7X5Katc-3KDQ8fFP9Qw@mail.gmail.com> (raw)
In-Reply-To: <1477313555.7065.105.camel@edumazet-glaptop3.roam.corp.google.com>
Hi Eric,
I can confirm that with your patch the warning goes away.
Tested-by: Andrey Konovalov <andreyknvl@google.com>
On Mon, Oct 24, 2016 at 2:52 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Mon, 2016-10-24 at 05:47 -0700, Eric Dumazet wrote:
>> On Mon, 2016-10-24 at 14:23 +0200, Andrey Konovalov wrote:
>> > Hi,
>> >
>> > I've got the following error report while running the syzkaller fuzzer:
>> >
>> > WARNING: CPU: 1 PID: 21072 at net/dccp/proto.c:83 dccp_set_state+0x229/0x290
>> > Kernel panic - not syncing: panic_on_warn set ...
>> >
>> > CPU: 1 PID: 21072 Comm: syz-executor Not tainted 4.9.0-rc1+ #293
>> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>> > ffff88003d4c7738 ffffffff81b474f4 0000000000000003 dffffc0000000000
>> > ffffffff844f8b00 ffff88003d4c7804 ffff88003d4c7800 ffffffff8140c06a
>> > 0000000041b58ab3 ffffffff8479ab7d ffffffff8140beae ffffffff8140cd00
>> > Call Trace:
>> > [< inline >] __dump_stack lib/dump_stack.c:15
>> > [<ffffffff81b474f4>] dump_stack+0xb3/0x10f lib/dump_stack.c:51
>> > [<ffffffff8140c06a>] panic+0x1bc/0x39d kernel/panic.c:179
>> > [<ffffffff8111125c>] __warn+0x1cc/0x1f0 kernel/panic.c:542
>> > [<ffffffff8111144c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
>> > [<ffffffff8389e5d9>] dccp_set_state+0x229/0x290 net/dccp/proto.c:83
>> > [<ffffffff838a0aa2>] dccp_close+0x612/0xc10 net/dccp/proto.c:1016
>> > [<ffffffff8316bf1f>] inet_release+0xef/0x1c0 net/ipv4/af_inet.c:415
>> > [<ffffffff82b6e89e>] sock_release+0x8e/0x1d0 net/socket.c:570
>> > [<ffffffff82b6e9f6>] sock_close+0x16/0x20 net/socket.c:1017
>> > [<ffffffff815256ad>] __fput+0x29d/0x720 fs/file_table.c:208
>> > [<ffffffff81525bb5>] ____fput+0x15/0x20 fs/file_table.c:244
>> > [<ffffffff811727d8>] task_work_run+0xf8/0x170 kernel/task_work.c:116
>> > [< inline >] exit_task_work include/linux/task_work.h:21
>> > [<ffffffff8111bc53>] do_exit+0x883/0x2ac0 kernel/exit.c:828
>> > [<ffffffff811221fe>] do_group_exit+0x10e/0x340 kernel/exit.c:931
>> > [<ffffffff81143c94>] get_signal+0x634/0x15a0 kernel/signal.c:2307
>> > [<ffffffff81054aad>] do_signal+0x8d/0x1a30 arch/x86/kernel/signal.c:807
>> > [<ffffffff81003a05>] exit_to_usermode_loop+0xe5/0x130
>> > arch/x86/entry/common.c:156
>> > [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190
>> > [<ffffffff81006298>] syscall_return_slowpath+0x1a8/0x1e0
>> > arch/x86/entry/common.c:259
>> > [<ffffffff83fc1a62>] entry_SYSCALL_64_fastpath+0xc0/0xc2
>> > Dumping ftrace buffer:
>> > (ftrace buffer empty)
>> > Kernel Offset: disabled
>> >
>> > On commit 1a1891d762d6e64daf07b5be4817e3fbb29e3c59 (Oct 18).
>>
>> Not sure we we keep around DCCP. David could we kill it ?
>>
>> TCP seems to have an additional check, missing in DCCP.
>>
>> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
>> index 41e65804ddf5..9fe25bf63296 100644
>> --- a/net/dccp/proto.c
>> +++ b/net/dccp/proto.c
>> @@ -1009,6 +1009,10 @@ void dccp_close(struct sock *sk, long timeout)
>> __kfree_skb(skb);
>> }
>>
>> + /* If socket has been already reset kill it. */
>> + if (sk->sk_state == DCCP_CLOSED)
>> + goto adjudge_to_death;
>> +
>> if (data_was_unread) {
>> /* Unread data was tossed, send an appropriate Reset Code */
>> DCCP_WARN("ABORT with %u bytes unread\n", data_was_unread);
>>
>
> The equivalent tcp fix was :
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=565b7b2d2e632b5792879c0c9cccdd9eecd31195
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Andrey Konovalov <andreyknvl@google.com>
To: dccp@vger.kernel.org
Subject: Re: net/dccp: warning in dccp_set_state
Date: Mon, 24 Oct 2016 13:41:34 +0000 [thread overview]
Message-ID: <CAAeHK+y5XmobRWLkiQLkYdogafQRSJM7X5Katc-3KDQ8fFP9Qw@mail.gmail.com> (raw)
In-Reply-To: <CAAeHK+zBgPzp9KBCJb7_Q2Nm3n+t5HeuFwEFCDDc7cw234nREA@mail.gmail.com>
Hi Eric,
I can confirm that with your patch the warning goes away.
Tested-by: Andrey Konovalov <andreyknvl@google.com>
On Mon, Oct 24, 2016 at 2:52 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> On Mon, 2016-10-24 at 05:47 -0700, Eric Dumazet wrote:
>> On Mon, 2016-10-24 at 14:23 +0200, Andrey Konovalov wrote:
>> > Hi,
>> >
>> > I've got the following error report while running the syzkaller fuzzer:
>> >
>> > WARNING: CPU: 1 PID: 21072 at net/dccp/proto.c:83 dccp_set_state+0x229/0x290
>> > Kernel panic - not syncing: panic_on_warn set ...
>> >
>> > CPU: 1 PID: 21072 Comm: syz-executor Not tainted 4.9.0-rc1+ #293
>> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>> > ffff88003d4c7738 ffffffff81b474f4 0000000000000003 dffffc0000000000
>> > ffffffff844f8b00 ffff88003d4c7804 ffff88003d4c7800 ffffffff8140c06a
>> > 0000000041b58ab3 ffffffff8479ab7d ffffffff8140beae ffffffff8140cd00
>> > Call Trace:
>> > [< inline >] __dump_stack lib/dump_stack.c:15
>> > [<ffffffff81b474f4>] dump_stack+0xb3/0x10f lib/dump_stack.c:51
>> > [<ffffffff8140c06a>] panic+0x1bc/0x39d kernel/panic.c:179
>> > [<ffffffff8111125c>] __warn+0x1cc/0x1f0 kernel/panic.c:542
>> > [<ffffffff8111144c>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
>> > [<ffffffff8389e5d9>] dccp_set_state+0x229/0x290 net/dccp/proto.c:83
>> > [<ffffffff838a0aa2>] dccp_close+0x612/0xc10 net/dccp/proto.c:1016
>> > [<ffffffff8316bf1f>] inet_release+0xef/0x1c0 net/ipv4/af_inet.c:415
>> > [<ffffffff82b6e89e>] sock_release+0x8e/0x1d0 net/socket.c:570
>> > [<ffffffff82b6e9f6>] sock_close+0x16/0x20 net/socket.c:1017
>> > [<ffffffff815256ad>] __fput+0x29d/0x720 fs/file_table.c:208
>> > [<ffffffff81525bb5>] ____fput+0x15/0x20 fs/file_table.c:244
>> > [<ffffffff811727d8>] task_work_run+0xf8/0x170 kernel/task_work.c:116
>> > [< inline >] exit_task_work include/linux/task_work.h:21
>> > [<ffffffff8111bc53>] do_exit+0x883/0x2ac0 kernel/exit.c:828
>> > [<ffffffff811221fe>] do_group_exit+0x10e/0x340 kernel/exit.c:931
>> > [<ffffffff81143c94>] get_signal+0x634/0x15a0 kernel/signal.c:2307
>> > [<ffffffff81054aad>] do_signal+0x8d/0x1a30 arch/x86/kernel/signal.c:807
>> > [<ffffffff81003a05>] exit_to_usermode_loop+0xe5/0x130
>> > arch/x86/entry/common.c:156
>> > [< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190
>> > [<ffffffff81006298>] syscall_return_slowpath+0x1a8/0x1e0
>> > arch/x86/entry/common.c:259
>> > [<ffffffff83fc1a62>] entry_SYSCALL_64_fastpath+0xc0/0xc2
>> > Dumping ftrace buffer:
>> > (ftrace buffer empty)
>> > Kernel Offset: disabled
>> >
>> > On commit 1a1891d762d6e64daf07b5be4817e3fbb29e3c59 (Oct 18).
>>
>> Not sure we we keep around DCCP. David could we kill it ?
>>
>> TCP seems to have an additional check, missing in DCCP.
>>
>> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
>> index 41e65804ddf5..9fe25bf63296 100644
>> --- a/net/dccp/proto.c
>> +++ b/net/dccp/proto.c
>> @@ -1009,6 +1009,10 @@ void dccp_close(struct sock *sk, long timeout)
>> __kfree_skb(skb);
>> }
>>
>> + /* If socket has been already reset kill it. */
>> + if (sk->sk_state = DCCP_CLOSED)
>> + goto adjudge_to_death;
>> +
>> if (data_was_unread) {
>> /* Unread data was tossed, send an appropriate Reset Code */
>> DCCP_WARN("ABORT with %u bytes unread\n", data_was_unread);
>>
>
> The equivalent tcp fix was :
> https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?idV5b7b2d2e632b5792879c0c9cccdd9eecd31195
>
>
next prev parent reply other threads:[~2016-10-24 13:41 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-24 12:23 net/dccp: warning in dccp_set_state Andrey Konovalov
2016-10-24 12:23 ` Andrey Konovalov
2016-10-24 12:47 ` Eric Dumazet
2016-10-24 12:47 ` Eric Dumazet
2016-10-24 12:52 ` Eric Dumazet
2016-10-24 12:52 ` Eric Dumazet
2016-10-24 13:41 ` Andrey Konovalov [this message]
2016-10-24 13:41 ` Andrey Konovalov
2016-11-03 1:04 ` [PATCH net] dccp: do not send reset to already closed sockets Eric Dumazet
2016-11-03 1:04 ` Eric Dumazet
2016-11-03 20:19 ` David Miller
2016-11-03 20:19 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAeHK+y5XmobRWLkiQLkYdogafQRSJM7X5Katc-3KDQ8fFP9Qw@mail.gmail.com \
--to=andreyknvl@google.com \
--cc=davem@davemloft.net \
--cc=dccp@vger.kernel.org \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=gerrit@erg.abdn.ac.uk \
--cc=glider@google.com \
--cc=kcc@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.