lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABOYnLzq7XwbFncos1p8FOnDyVes4VDkjWE277TngdJqSie14A@mail.gmail.com> Date: Fri, 1 Dec 2023 08:39:32 +0800 From: xingwei lee <xrivendell7@...il.com> To: Eric Dumazet <edumazet@...gle.com> Cc: syzbot+9ada62e1dc03fdc41982@...kaller.appspotmail.com, davem@...emloft.net, kuba@...nel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [net?] WARNING in cleanup_net (3) I forgot to CC others, repeat mail. Sorry, Dumazet. I found this bug with my modified syzkaller in my local environment. You are right, I crashed this bug about 10 times and used some heuristic solutions to increase the chances of luck with modifying syz-repro during this process. I can confirm the reproduction can trigger the bug soon and I hope it helps you. I'll test your patch and give your feedback ASAP. I apply your patch at https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b47bc037bd44f142ac09848e8d3ecccc726be99 with a little fix: diff --git a/net/core/sock.c b/net/core/sock.c index fef349dd72fa..36d2871ac24f 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -2197,8 +2197,6 @@ static void __sk_destruct(struct rcu_head *head) if (likely(sk->sk_net_refcnt)) put_net_track(sock_net(sk), &sk->ns_tracker); - else - __netns_tracker_free(sock_net(sk), &sk->ns_tracker, false); sk_prot_free(sk->sk_prot_creator, sk); } @@ -2212,6 +2210,9 @@ void sk_destruct(struct sock *sk) use_call_rcu = true; } + if (unlikely(!sk->sk_net_refcnt)) + __netns_tracker_free(sock_net(sk), &sk->ns_tracker, false); + if (use_call_rcu) call_rcu(&sk->sk_rcu, __sk_destruct); else and It's also trigger the crash like below: root@...kaller:~# ./a.out [ 114.072761][ T8229] chnl_net:caif_netlink_parms(): no params data found [ 114.326619][ T8230] chnl_net:caif_netlink_parms(): no params data found [ 114.340413][ T8231] chnl_net:caif_netlink_parms(): no params data found [ 114.351274][ T8229] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.352623][ T8229] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.353589][ T8229] bridge_slave_0: entered allmulticast mode [ 114.360175][ T8229] bridge_slave_0: entered promiscuous mode [ 114.362593][ T8232] chnl_net:caif_netlink_parms(): no params data found [ 114.367362][ T8229] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.368464][ T8229] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.369410][ T8229] bridge_slave_1: entered allmulticast mode [ 114.371429][ T8229] bridge_slave_1: entered promiscuous mode [ 114.510456][ T8229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.530922][ T8229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.683144][ T8231] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.684040][ T8231] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.684851][ T8231] bridge_slave_0: entered allmulticast mode [ 114.686531][ T8231] bridge_slave_0: entered promiscuous mode [ 114.694605][ T8230] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.695945][ T8230] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.696748][ T8230] bridge_slave_0: entered allmulticast mode [ 114.700798][ T8230] bridge_slave_0: entered promiscuous mode [ 114.705397][ T8229] team0: Port device team_slave_0 added [ 114.706511][ T8230] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.707322][ T8230] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.708736][ T8230] bridge_slave_1: entered allmulticast mode [ 114.710482][ T8230] bridge_slave_1: entered promiscuous mode [ 114.711909][ T8232] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.713037][ T8232] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.713871][ T8232] bridge_slave_0: entered allmulticast mode [ 114.715582][ T8232] bridge_slave_0: entered promiscuous mode [ 114.736327][ T8231] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.737133][ T8231] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.737924][ T8231] bridge_slave_1: entered allmulticast mode [ 114.740444][ T8231] bridge_slave_1: entered promiscuous mode [ 114.743350][ T8229] team0: Port device team_slave_1 added [ 114.761950][ T8232] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.762774][ T8232] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.763566][ T8232] bridge_slave_1: entered allmulticast mode [ 114.765230][ T8232] bridge_slave_1: entered promiscuous mode [ 114.788150][ T8230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.847766][ T8230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.892980][ T8231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.894626][ T8229] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 114.895367][ T8229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of b. [ 114.898001][ T8229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 114.946038][ T8231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.949398][ T8230] team0: Port device team_slave_0 added [ 114.950803][ T8229] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 114.951699][ T8229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of b. [ 114.954488][ T8229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.957273][ T8230] team0: Port device team_slave_1 added [ 114.964779][ T8232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.045328][ T8232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.048496][ T8231] team0: Port device team_slave_0 added [ 115.051434][ T8231] team0: Port device team_slave_1 added [ 115.069053][ T8230] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.069772][ T8230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of b. [ 115.072359][ T8230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.140116][ T8230] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.140850][ T8230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of b. [ 115.143422][ T8230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.173924][ T8231] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.174643][ T8231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of b. [ 115.177201][ T8231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.203430][ T8232] team0: Port device team_slave_0 added [ 115.209003][ T8229] hsr_slave_0: entered promiscuous mode [ 115.210517][ T8229] hsr_slave_1: entered promiscuous mode [ 115.212839][ T8231] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.213564][ T8231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of b. [ 115.216165][ T8231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.226076][ T8232] team0: Port device team_slave_1 added [ 115.275957][ T8232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.276680][ T8232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of b. [ 115.279865][ T8232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.373684][ T8232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.374593][ T8232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of b. [ 115.377603][ T8232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.395755][ T8230] hsr_slave_0: entered promiscuous mode [ 115.399850][ T8230] hsr_slave_1: entered promiscuous mode [ 115.401087][ T8230] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 115.402250][ T8230] Cannot create hsr debugfs directory [ 115.407395][ T8231] hsr_slave_0: entered promiscuous mode [ 115.409607][ T8231] hsr_slave_1: entered promiscuous mode [ 115.410872][ T8231] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 115.411646][ T8231] Cannot create hsr debugfs directory [ 115.501202][ T8232] hsr_slave_0: entered promiscuous mode [ 115.502669][ T8232] hsr_slave_1: entered promiscuous mode [ 115.503788][ T8232] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 115.504564][ T8232] Cannot create hsr debugfs directory [ 115.938476][ T8229] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 115.946200][ T8229] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 115.950819][ T8229] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 115.954893][ T8229] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 116.003434][ T8231] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 116.041993][ T8231] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 116.045749][ T8231] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 116.067822][ T8231] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 116.092189][ T8230] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 116.097375][ T8230] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 116.105152][ T8230] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 116.117443][ T8230] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 116.166762][ T8232] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 116.171211][ T8232] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 116.174915][ T8232] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.179722][ T8232] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.304475][ T8229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.330276][ T8231] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.352903][ T8229] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.361652][ T8230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.368463][ T8231] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.389882][ T791] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.390859][ T791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.393500][ T791] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.394306][ T791] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.400271][ T8230] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.413712][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.414726][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.416940][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.417923][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.455333][T10414] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.456169][T10414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.469603][ T4567] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.470452][ T4567] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.545064][ T8232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.585505][ T8232] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.604097][ T794] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.604923][ T794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.607359][ T794] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.608223][ T794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.625942][ T8229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.628671][ T8230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.640122][ T8231] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.705689][ T8231] veth0_vlan: entered promiscuous mode [ 116.732445][ T8229] veth0_vlan: entered promiscuous mode [ 116.750680][ T8230] veth0_vlan: entered promiscuous mode [ 116.754121][ T8229] veth1_vlan: entered promiscuous mode [ 116.767472][ T8232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.769106][ T8231] veth1_vlan: entered promiscuous mode [ 116.777934][ T8230] veth1_vlan: entered promiscuous mode [ 116.800068][ T8229] veth0_macvtap: entered promiscuous mode [ 116.806955][ T8229] veth1_macvtap: entered promiscuous mode [ 116.836114][ T8231] veth0_macvtap: entered promiscuous mode [ 116.853502][ T8229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.863525][ T8231] veth1_macvtap: entered promiscuous mode [ 116.869518][ T8232] veth0_vlan: entered promiscuous mode [ 116.871213][ T8230] veth0_macvtap: entered promiscuous mode [ 116.875893][ T8230] veth1_macvtap: entered promiscuous mode [ 116.879203][ T8231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 116.880567][ T8231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.882667][ T8231] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.896729][ T8229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.904540][ T8229] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.905714][ T8229] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.906606][ T8229] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.907497][ T8229] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.912478][ T8231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 116.913556][ T8231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.915575][ T8231] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.930500][ T8230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 116.931588][ T8230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.932581][ T8230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 116.933835][ T8230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.935827][ T8230] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.947967][ T8232] veth1_vlan: entered promiscuous mode [ 116.959390][ T8230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 116.960514][ T8230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.961524][ T8230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 116.962805][ T8230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.965336][ T8230] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.972417][ T8230] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.973541][ T8230] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.974592][ T8230] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.975688][ T8230] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.982689][ T8231] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.983846][ T8231] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.984740][ T8231] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.985636][ T8231] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.052763][ T8232] veth0_macvtap: entered promiscuous mode [ 117.125330][ T8232] veth1_macvtap: entered promiscuous mode [ 117.161855][ T8232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 117.162926][ T8232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.163915][ T8232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 117.164958][ T8232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.165942][ T8232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 117.167184][ T8232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.171068][ T8232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.177910][ T8232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 117.179152][ T8232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.180147][ T8232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 117.181173][ T8232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.182155][ T8232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 117.183208][ T8232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.185430][ T8232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.190533][ T8232] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.191440][ T8232] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.192319][ T8232] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.193220][ T8232] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.795002][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.804616][ T4551] systemd-journald[4551]: Sent WATCHDOG=1 notification. [ 122.341744][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.450843][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.504275][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.467548][ T11] hsr_slave_0: left promiscuous mode [ 123.485539][ T11] hsr_slave_1: left promiscuous mode [ 123.487868][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.491528][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.495447][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.496813][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.499352][ T11] bridge_slave_1: left allmulticast mode [ 123.500320][ T11] bridge_slave_1: left promiscuous mode [ 123.502166][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.507565][ T11] bridge_slave_0: left allmulticast mode [ 123.510266][ T11] bridge_slave_0: left promiscuous mode [ 123.511428][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.521008][ T11] veth1_macvtap: left promiscuous mode [ 123.522171][ T11] veth0_macvtap: left promiscuous mode [ 123.523307][ T11] veth1_vlan: left promiscuous mode [ 123.524665][ T11] veth0_vlan: left promiscuous mode [ 123.762113][ T11] team0 (unregistering): Port device team_slave_1 removed [ 123.774449][ T11] team0 (unregistering): Port device team_slave_0 removed [ 123.779911][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.786093][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.864081][ T11] bond0 (unregistering): Released all slaves [ 124.886124][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.002021][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.080483][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.123863][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.278920][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.343364][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.432573][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.524907][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.638921][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.708761][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.843861][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.902843][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.305317][ T11] hsr_slave_0: left promiscuous mode [ 127.307575][ T11] hsr_slave_1: left promiscuous mode [ 127.310229][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.311917][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.315522][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.317504][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.321068][ T11] bridge_slave_1: left allmulticast mode [ 127.322481][ T11] bridge_slave_1: left promiscuous mode [ 127.324051][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.329783][ T11] bridge_slave_0: left allmulticast mode [ 127.331132][ T11] bridge_slave_0: left promiscuous mode [ 127.332593][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.349619][ T11] hsr_slave_0: left promiscuous mode [ 127.351993][ T11] hsr_slave_1: left promiscuous mode [ 127.354448][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.356190][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.359889][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.361631][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.364894][ T11] bridge_slave_1: left allmulticast mode [ 127.366304][ T11] bridge_slave_1: left promiscuous mode [ 127.367795][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.374317][ T11] bridge_slave_0: left allmulticast mode [ 127.375638][ T11] bridge_slave_0: left promiscuous mode [ 127.377139][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.389196][ T11] hsr_slave_0: left promiscuous mode [ 127.391219][ T11] hsr_slave_1: left promiscuous mode [ 127.393432][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.395198][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.399196][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.400831][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.404132][ T11] bridge_slave_1: left allmulticast mode [ 127.405385][ T11] bridge_slave_1: left promiscuous mode [ 127.406979][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.411057][ T11] bridge_slave_0: left allmulticast mode [ 127.412025][ T11] bridge_slave_0: left promiscuous mode [ 127.413135][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.423598][ T11] veth1_macvtap: left promiscuous mode [ 127.424211][ T11] veth0_macvtap: left promiscuous mode [ 127.425254][ T11] veth1_vlan: left promiscuous mode [ 127.425850][ T11] veth0_vlan: left promiscuous mode [ 127.427781][ T11] veth1_macvtap: left promiscuous mode [ 127.428744][ T11] veth0_macvtap: left promiscuous mode [ 127.429592][ T11] veth1_vlan: left promiscuous mode [ 127.430202][ T11] veth0_vlan: left promiscuous mode [ 127.431961][ T11] veth1_macvtap: left promiscuous mode [ 127.432549][ T11] veth0_macvtap: left promiscuous mode [ 127.433382][ T11] veth1_vlan: left promiscuous mode [ 127.434000][ T11] veth0_vlan: left promiscuous mode [ 127.828054][ T11] team0 (unregistering): Port device team_slave_1 removed [ 127.841985][ T11] team0 (unregistering): Port device team_slave_0 removed [ 127.852461][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 127.863168][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 127.916740][ T11] bond0 (unregistering): Released all slaves [ 128.114888][ T11] team0 (unregistering): Port device team_slave_1 removed [ 128.123304][ T11] team0 (unregistering): Port device team_slave_0 removed [ 128.138250][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.150962][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.220915][ T11] bond0 (unregistering): Released all slaves [ 128.387330][ T11] team0 (unregistering): Port device team_slave_1 removed [ 128.393487][ T11] team0 (unregistering): Port device team_slave_0 removed [ 128.400283][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 128.405893][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 128.474976][ T11] bond0 (unregistering): Released all slaves [ 129.921396][ T11] ref_tracker: net notrefcnt@...f8880245d9fe0 has 1/1 users at [ 129.921396][ T11] sk_alloc+0xa8d/0xb90 [ 129.921396][ T11] inet6_create+0x380/0x1290 [ 129.921396][ T11] __sock_create+0x328/0x800 [ 129.921396][ T11] rds_tcp_listen_init+0xd3/0x4e0 [ 129.921396][ T11] rds_tcp_init_net+0x13a/0x3e0 [ 129.921396][ T11] ops_init+0xb9/0x650 [ 129.921396][ T11] setup_net+0x422/0xa40 [ 129.921396][ T11] copy_net_ns+0x2fa/0x660 [ 129.921396][ T11] create_new_namespaces+0x3ea/0xb10 [ 129.921396][ T11] unshare_nsproxy_namespaces+0xc1/0x1f0 [ 129.921396][ T11] ksys_unshare+0x3f5/0x9c0 [ 129.921396][ T11] __x64_sys_unshare+0x31/0x40 [ 129.921396][ T11] do_syscall_64+0x41/0x110 [ 129.921396][ T11] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 129.921396][ T11] [ 129.934511][ T4551] systemd-journald[4551]: Compressed data object 529 -> 323 using ZSTD [ 129.934699][ T11] ------------[ cut here ]------------ [ 129.936294][ T11] WARNING: CPU: 1 PID: 11 at lib/ref_tracker.c:179 ref_tracker_dir_exit+0x3e3/0x680 [ 129.937749][ T11] Modules linked in: [ 129.938708][ T11] CPU: 1 PID: 11 Comm: kworker/u8:0 Not tainted 6.7.0-rc3-00033-g3b47bc037bd4-dirty #4 [ 129.939985][ T11] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014 [ 129.941180][ T11] Workqueue: netns cleanup_net [ 129.941807][ T11] RIP: 0010:ref_tracker_dir_exit+0x3e3/0x680 [ 129.942750][ T11] Code: 0d 02 00 00 4d 39 f5 49 8b 06 4d 89 f7 0f 85 0e ff ff ff 48 8b 2c 24 e8 2b c1 f6 fc 48 8b 74 24 18 4 [ 129.945143][ T11] RSP: 0018:ffffc90000107b78 EFLAGS: 00010286 [ 129.945925][ T11] RAX: 0000000080000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 129.947126][ T11] RDX: 0000000000000001 RSI: ffffffff8accbc20 RDI: 0000000000000001 [ 129.948142][ T11] RBP: ffff8880245d9fe0 R08: 0000000000000001 R09: fffffbfff24241e9 [ 129.949154][ T11] R10: ffffffff92120f4f R11: 0000000000000003 R12: ffff8880245da030 [ 129.950129][ T11] R13: ffff8880245da030 R14: ffff8880245da030 R15: ffff8880245da030 [ 129.951127][ T11] FS: 0000000000000000(0000) GS:ffff88823bc00000(0000) knlGS:0000000000000000 [ 129.952236][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.953009][ T11] CR2: 000056418e092340 CR3: 000000000cf77000 CR4: 0000000000750ef0 [ 129.953803][ T11] PKRU: 55555554 [ 129.954177][ T11] Call Trace: [ 129.954519][ T11] <TASK> [ 129.954832][ T11] ? show_regs+0x8f/0xa0 [ 129.955459][ T11] ? __warn+0xe6/0x390 [ 129.955889][ T11] ? ref_tracker_dir_exit+0x3e3/0x680 [ 129.956437][ T11] ? report_bug+0x3b9/0x580 [ 129.956924][ T11] ? handle_bug+0x67/0x90 [ 129.957371][ T11] ? exc_invalid_op+0x17/0x40 [ 129.957856][ T11] ? asm_exc_invalid_op+0x1a/0x20 [ 129.958589][ T11] ? ref_tracker_dir_exit+0x3e3/0x680 [ 129.959146][ T11] ? ref_tracker_dir_exit+0x3e2/0x680 [ 129.959797][ T11] ? ref_tracker_dir_snprint+0xd0/0xd0 [ 129.960358][ T11] ? __kmem_cache_free+0xc0/0x180 [ 129.960879][ T11] cleanup_net+0x8d4/0xb20 [ 129.961437][ T11] ? unregister_pernet_device+0x80/0x80 [ 129.962015][ T11] process_one_work+0x886/0x15d0 [ 129.962535][ T11] ? unregister_pernet_device+0x80/0x80 [ 129.963102][ T11] ? workqueue_congested+0x300/0x300 [ 129.963706][ T11] ? assign_work+0x19c/0x240 [ 129.964185][ T11] worker_thread+0x8b9/0x1290 [ 129.964681][ T11] ? process_one_work+0x15d0/0x15d0 [ 129.965216][ T11] kthread+0x2c6/0x3a0 [ 129.965643][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 129.966183][ T11] ? kthread_complete_and_exit+0x40/0x40 [ 129.966780][ T11] ret_from_fork+0x45/0x80 [ 129.967239][ T11] ? kthread_complete_and_exit+0x40/0x40 [ 129.967811][ T11] ret_from_fork_asm+0x11/0x20 [ 129.968539][ T11] </TASK> [ 129.968865][ T11] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 129.969594][ T11] CPU: 1 PID: 11 Comm: kworker/u8:0 Not tainted 6.7.0-rc3-00033-g3b47bc037bd4-dirty #4 [ 129.970564][ T11] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014 [ 129.971705][ T11] Workqueue: netns cleanup_net [ 129.972355][ T11] Call Trace: [ 129.972699][ T11] <TASK> [ 129.973000][ T11] dump_stack_lvl+0xd3/0x1b0 [ 129.973481][ T11] panic+0x6dc/0x790 [ 129.973894][ T11] ? panic_smp_self_stop+0xa0/0xa0 [ 129.974464][ T11] ? show_trace_log_lvl+0x363/0x4f0 [ 129.975156][ T11] ? check_panic_on_warn+0x1f/0xb0 [ 129.975953][ T11] ? ref_tracker_dir_exit+0x3e3/0x680 [ 129.976587][ T11] check_panic_on_warn+0xab/0xb0 [ 129.977215][ T11] __warn+0xf2/0x390 [ 129.977858][ T11] ? ref_tracker_dir_exit+0x3e3/0x680 [ 129.978453][ T11] report_bug+0x3b9/0x580 [ 129.978978][ T11] handle_bug+0x67/0x90 [ 129.979605][ T11] exc_invalid_op+0x17/0x40 [ 129.980166][ T11] asm_exc_invalid_op+0x1a/0x20 [ 129.980774][ T11] RIP: 0010:ref_tracker_dir_exit+0x3e3/0x680 [ 129.981516][ T11] Code: 0d 02 00 00 4d 39 f5 49 8b 06 4d 89 f7 0f 85 0e ff ff ff 48 8b 2c 24 e8 2b c1 f6 fc 48 8b 74 24 18 4 [ 129.983639][ T11] RSP: 0018:ffffc90000107b78 EFLAGS: 00010286 [ 129.984314][ T11] RAX: 0000000080000000 RBX: dffffc0000000000 RCX: 0000000000000000 [ 129.985461][ T11] RDX: 0000000000000001 RSI: ffffffff8accbc20 RDI: 0000000000000001 [ 129.986696][ T11] RBP: ffff8880245d9fe0 R08: 0000000000000001 R09: fffffbfff24241e9 [ 129.987706][ T11] R10: ffffffff92120f4f R11: 0000000000000003 R12: ffff8880245da030 [ 129.988714][ T11] R13: ffff8880245da030 R14: ffff8880245da030 R15: ffff8880245da030 [ 129.989901][ T11] ? ref_tracker_dir_exit+0x3e2/0x680 [ 129.990759][ T11] ? ref_tracker_dir_snprint+0xd0/0xd0 [ 129.991536][ T11] ? __kmem_cache_free+0xc0/0x180 [ 129.992132][ T11] cleanup_net+0x8d4/0xb20 [ 129.992693][ T11] ? unregister_pernet_device+0x80/0x80 [ 129.993368][ T11] process_one_work+0x886/0x15d0 [ 129.994278][ T11] ? unregister_pernet_device+0x80/0x80 [ 129.994897][ T11] ? workqueue_congested+0x300/0x300 [ 129.995533][ T11] ? assign_work+0x19c/0x240 [ 129.996118][ T11] worker_thread+0x8b9/0x1290 [ 129.996913][ T11] ? process_one_work+0x15d0/0x15d0 [ 129.997521][ T11] kthread+0x2c6/0x3a0 [ 129.997989][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 129.998664][ T11] ? kthread_complete_and_exit+0x40/0x40 [ 129.999378][ T11] ret_from_fork+0x45/0x80 [ 129.999981][ T11] ? kthread_complete_and_exit+0x40/0x40 [ 130.000580][ T11] ret_from_fork_asm+0x11/0x20 [ 130.001142][ T11] </TASK> [ 130.001751][ T11] Kernel Offset: disabled [ 130.002231][ T11] Rebooting in 86400 seconds.. I am willing to help you and tell me what commit or branch should I test for your patch. Thanks. Eric Dumazet <edumazet@...gle.com> 于2023年11月30日周四 17:39写道: > > On Thu, Nov 30, 2023 at 9:46 AM Eric Dumazet <edumazet@...gle.com> wrote: > > > > On Thu, Nov 30, 2023 at 9:42 AM xingwei lee <xrivendell7@...il.com> wrote: > > > > > > Hello > > > I reproduced this bug with repro.txt and repro.c > > > > > > > > > > > > Is your syzbot instance ready to accept patches for testing ? > > > > Otherwise, a repro which happens to work 'by luck' might not work for me. > > > > The bug here is a race condition with rds subsystem being dismantled > > at netns dismantle, the 'repro' could be anything really. > > Can you test the following patch ? > Thanks. > > diff --git a/net/core/sock.c b/net/core/sock.c > index fef349dd72fa735b5915fc03e29cbb155b2aff2c..36d2871ac24f383e4e5d1af1168000f076011aae > 100644 > --- a/net/core/sock.c > +++ b/net/core/sock.c > @@ -2197,8 +2197,6 @@ static void __sk_destruct(struct rcu_head *head) > > if (likely(sk->sk_net_refcnt)) > put_net_track(sock_net(sk), &sk->ns_tracker); > - else > - __netns_tracker_free(sock_net(sk), &sk->ns_tracker, false); > > sk_prot_free(sk->sk_prot_creator, sk); > } > @@ -2212,6 +2210,9 @@ void sk_destruct(struct sock *sk) > use_call_rcu = true; > } > > + if (unlikely(!sk->sk_net_refcnt)) > + __netns_tracker_free(sock_net(sk), &sk->ns_tracker, false); > + > if (use_call_rcu) > call_rcu(&sk->sk_rcu, __sk_destruct); > else
Powered by blists - more mailing lists