lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000013b0d056e997fec@google.com>
Date:   Thu, 14 Jun 2018 05:47:03 -0700
From:   syzbot <syzbot+13e1ee9caeab5a9abc62@...kaller.appspotmail.com>
To:     davem@...emloft.net, gregkh@...uxfoundation.org,
        kstewart@...uxfoundation.org, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, pombredanne@...b.com,
        syzkaller-bugs@...glegroups.com, tglx@...utronix.de
Subject: WARNING in sk_stream_kill_queues (3)

Hello,

syzbot found the following crash on:

HEAD commit:    81c310582f0e kmsan: unpoison virtio input buffers when add..
git tree:       https://github.com/google/kmsan.git/master
console output: https://syzkaller.appspot.com/x/log.txt?x=1747c21f800000
kernel config:  https://syzkaller.appspot.com/x/.config?x=848e40757852af3e
dashboard link: https://syzkaller.appspot.com/bug?extid=13e1ee9caeab5a9abc62
compiler:       clang version 7.0.0 (trunk 334104)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=105f5eaf800000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13b15b6f800000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+13e1ee9caeab5a9abc62@...kaller.appspotmail.com

WARNING: CPU: 0 PID: 4964 at net/core/stream.c:206  
sk_stream_kill_queues+0x944/0x970 net/core/stream.c:206
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 4964 Comm: syz-executor457 Not tainted 4.17.0+ #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x185/0x1d0 lib/dump_stack.c:113
  panic+0x3d0/0x990 kernel/panic.c:184
  __warn+0x40f/0x580 kernel/panic.c:536
  report_bug+0x72a/0x880 lib/bug.c:186
  fixup_bug arch/x86/kernel/traps.c:179 [inline]
  do_error_trap+0x1c1/0x620 arch/x86/kernel/traps.c:298
  do_invalid_op+0x46/0x50 arch/x86/kernel/traps.c:317
  invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:sk_stream_kill_queues+0x944/0x970 net/core/stream.c:206
RSP: 0018:ffff8801a867f368 EFLAGS: 00010293
RAX: ffffffff87dbf654 RBX: 0000000000000813 RCX: ffff8801ab7bd7c0
RDX: 0000000000000000 RSI: aaaaaaaaaaaab000 RDI: ffffea0000000000
RBP: ffff8801a867f3e8 R08: 0000000000000000 R09: 0000000000000002
R10: ffff8801a66d3a00 R11: ffffffff88c44c40 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000813
  inet_csk_destroy_sock+0x2a4/0x5d0 net/ipv4/inet_connection_sock.c:833
  tcp_close+0xe37/0x18f0 net/ipv4/tcp.c:2323
  tls_sk_proto_close+0xc2f/0xcd0 net/tls/tls_main.c:291
  inet_release+0x249/0x2b0 net/ipv4/af_inet.c:427
  inet6_release+0xaf/0x100 net/ipv6/af_inet6.c:460
  sock_release net/socket.c:594 [inline]
  sock_close+0xeb/0x310 net/socket.c:1149
  __fput+0x458/0xa30 fs/file_table.c:209
  ____fput+0x37/0x40 fs/file_table.c:243
  task_work_run+0x22e/0x2b0 kernel/task_work.c:113
  exit_task_work include/linux/task_work.h:22 [inline]
  do_exit+0x110e/0x3930 kernel/exit.c:867
  do_group_exit+0x1a0/0x360 kernel/exit.c:970
  get_signal+0x1405/0x1ec0 kernel/signal.c:2482
  do_signal+0xb8/0x1d20 arch/x86/kernel/signal.c:810
  exit_to_usermode_loop arch/x86/entry/common.c:162 [inline]
  prepare_exit_to_usermode+0x271/0x3a0 arch/x86/entry/common.c:196
  syscall_return_slowpath+0xe9/0x710 arch/x86/entry/common.c:265
  do_syscall_64+0x1ad/0x230 arch/x86/entry/common.c:290
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x447ce9
RSP: 002b:00007feb54132d98 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
RAX: 0000000000008000 RBX: 00000000006dec5c RCX: 0000000000447ce9
RDX: 00000000fffffdef RSI: 00000000200005c0 RDI: 0000000000000007
RBP: 0000000000000000 R08: 0000000020000000 R09: 000000000000001c
R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006dec58
R13: 0100000000000000 R14: 00007feb541339c0 R15: 000000000000000c
Dumping ftrace buffer:
    (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ