From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753984AbdKJTrs (ORCPT <rfc822;w@1wt.eu>);
        Fri, 10 Nov 2017 14:47:48 -0500
Received: from mail-it0-f50.google.com ([209.85.214.50]:40629 "EHLO
        mail-it0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753777AbdKJTrp (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 10 Nov 2017 14:47:45 -0500
X-Google-Smtp-Source: AGs4zMYm1K8MnwkM9b85eYe4HlYQfDwT5+ZIY4pnrJT+GwD794ov5S3+exBx/6uKBOH+DxL7O7S7M833gPdFcHDeTV8=
MIME-Version: 1.0
In-Reply-To: <CAEeGbKME2ngYXZOFbPxjCkwu-hsooZZ4J3iHapgAZrFm3+AsMA@mail.gmail.com>
References: <CAM_iQpXa+orUek72UQ7OM9NiP0uvj_KKBunX7=SSNVrB+i_yEA@mail.gmail.com>
 <CA+55aFwVgYmfe6fFHxEnoAjKrFsDC357PmQ+qE2U2E7wDhgG7Q@mail.gmail.com>
 <CA+55aFzFgomi=xWUxkGxLyU0n1gWQQ+SzvqHUjnAi-8aRPB7Bg@mail.gmail.com>
 <CAM_iQpXEHsc+Yu9UDMmKBgx+fdF9ZNHLrmNrtZ5L0ypFgwr-Zw@mail.gmail.com>
 <CA+55aFypnFvxdZbaqwyZmV_1QzgHE92zu7xsMqAwJ+u-vR=01g@mail.gmail.com>
 <CAM_iQpWFGsXdC2qHfMLHy_0y3jEZxToxkSWYhj2_uQpTurPvdQ@mail.gmail.com> <CAEeGbKME2ngYXZOFbPxjCkwu-hsooZZ4J3iHapgAZrFm3+AsMA@mail.gmail.com>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 10 Nov 2017 11:47:43 -0800
X-Google-Sender-Auth: BsnohdjpyhillzDxRTWNtRaNpAY
Message-ID: <CA+55aFzZKnEmqiYUjiNDvy470yau3XmitOnH5t0F5Upn9mrEAw@mail.gmail.com>
Subject: Re: Kernel crash in free_pipe_info()
To: Simon Brewer <sbrunau@gmail.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Andrew Morton <akpm@linux-foundation.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Nov 9, 2017 at 10:07 PM, Simon Brewer <sbrunau@gmail.com> wrote:
>
> This looks familiar...
>
> https://github.com/moby/moby/issues/34472
>
> From the bug report:
> "In particular, it looks like either docker-containerd or
> docker-containerd-shim (the log is cut off) has a pipe open that is
> causing a kernel BUG when attempting to kill the process. Fun times."

Interestingly, some of the "reproducers" show a totally different problem, with

  kernel BUG at /build/linux-5EyXrQ/linux-4.4.0/mm/slub.c:1495!

which is this BUG():

  1493          if (unlikely(flags & GFP_SLAB_BUG_MASK)) {
  1494                  pr_emerg("gfp: %u\n", flags & GFP_SLAB_BUG_MASK);
  1495                  BUG();
  1496          }

which implies a completely invalid gfp mask.

The stack trace shows it's unix_stream_sendmsg -> sock_alloc_send_pskb
allocation, which uses "sk->sk_allocation".

Odd. af_unix just does

        sk->sk_allocation       = GFP_KERNEL_ACCOUNT;

That is new since v4.4, though - but before that it should have been
set by sock_init_data to just GFP_KERNEL.

So there it looks like a socket is entirely corrupted.

So that other backtrace looks entirely bogus too. More "that looks
like corrupted kernel data structures".

Enabling SLUB debugging would be really good here too.

But that is still quite an old kernel. I wish somebody could reproduce
this with something newer.

I added those wishes to the github thing.

             Linus