Received: by 10.223.185.116 with SMTP id b49csp4073572wrg; Tue, 13 Feb 2018 12:16:49 -0800 (PST) X-Google-Smtp-Source: AH8x225Vmp5+MtZY7lTNBaPjwMGSTHbIEHNga++mx5ZE8VvcRyz+sL4VtyhrKylRYtjZ1Q5uRYW6 X-Received: by 2002:a17:902:60c4:: with SMTP id k4-v6mr2123402pln.347.1518553009312; Tue, 13 Feb 2018 12:16:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518553009; cv=none; d=google.com; s=arc-20160816; b=QGZEXQS+iOBGTBB7hEtOcspI1Qe9PEqMsAo+IfIAg06WOQjMgEM6AqmpicDkxEjrU+ xtlOgxjVIM2LEuLxIBYD63w5Ne/pB2Bvc2OXH/s7+zvF1/hnwsGZs5bm2IzqOx+kUj0e I09BUNDqKJXKLdiGoimRbKe8GIf9ji5xq3WWdAk3Amazd4Cm+EIVOaMEdPiuqL0SbPoL q4cHdHZDWIJ2alulenhzINSNidJGgFFel/ZAjSiuAKY3uEGmVdvnsGDNdN3UNSqcMGVo hKxS9n1e6EfT8TxcEsYLrRtALEazu0DOynoLaMmh3Di8zwH0piauqrEyuMKA/BaYTIG0 K9YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=jSRufbVMCZvumABz1X1NoIsjzH2C+mDtH+tRkPryGnI=; b=QP8nHH8N646mMi2yiyBvBEaTGyBWNWg4NmD/K2P1OPSBokrWkaLCgZMZlumyj2luxo nQjQHJqrzxCjYUXNvGCql/XyjOaT6h+AGHFJxOUqD06N3QV+T/cT5EkZEqnPp7Hsy9UD WtS7hKspXN2y+5UObC7Z94INhB/YPK3JM6fWBff7/2KUOmJbARnboVCzAtGnoDu3Dmb8 gbRUEj1n7x7H99ZB5Rt+Mopk1lLBF3YOmYmFtnJ2OnbNvIiIM756uX76WM4MSTNgjW8z gmyXW8nvDKfZQdMHwz5EPUXN8p1VRpl0Do73SVozv3ra9vssGmR6gZbDuQ5UgjOWhM0l WYKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HelrQbYL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x5-v6si449823plm.11.2018.02.13.12.16.34; Tue, 13 Feb 2018 12:16:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HelrQbYL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965749AbeBMUPv (ORCPT + 99 others); Tue, 13 Feb 2018 15:15:51 -0500 Received: from mail-pg0-f66.google.com ([74.125.83.66]:35984 "EHLO mail-pg0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965716AbeBMUPs (ORCPT ); Tue, 13 Feb 2018 15:15:48 -0500 Received: by mail-pg0-f66.google.com with SMTP id j9so648432pgv.3 for ; Tue, 13 Feb 2018 12:15:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jSRufbVMCZvumABz1X1NoIsjzH2C+mDtH+tRkPryGnI=; b=HelrQbYLyHK6J/0sKox6I5LjnW+S+XmevWdYN91yLGAnmOR3Q8uhaOmTEoTgcMqumx KLjQ9hdyclxRrbYqyCe/Zf/SU/EzrCe0Kw5uB9kFJwQJ/XtqAq4C5srwB16KapsyZ8iS pTYvWxZqvAO5p8HZD1h4FktgUCXNPKjDy1K5Xmi2jNGorDvUibMNHve6jryzVSFSRQ9+ Ko+w69qBPtmmozeFzUOd9CGRtwgtljlNMXXAWPMHjD36GjE8fNOLp/eXJSMbvHBXpbDh QgFFKRVsTlXd8GVcyfX9+ctfdi7TlxNgUxea0ocjaOlmtJOSnjXhXBzwIy5iMxDn1nkP paOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jSRufbVMCZvumABz1X1NoIsjzH2C+mDtH+tRkPryGnI=; b=Bd8ToM5Y5JX8PcR8LEZ+6FhwWvuWhNLgQK6zx3BzwMyIvVlUjs6PkGEhwyF1nSY2rH XXGU/wBEx3NYj59LHKVxboL7kd2ifxtgjsqa0uyHyVAOQYkB6o9Sd76rRLfGZH0/1cb3 kOL17dWTyG7+SOsj/h24LTY3ZUSwklkBy6PprcniauSihOxvPAAlEL/Na9Jy/Yo4UMwa khskP0hs6R/BXrKq1zZjeMkHwPoiuVDT76k4Jp7N92K/rxF6oKZ8GgukC5FYhuFSPSPT dNJMilK64cyXQvd3BXpgh9BWKYrBvPKC/hMbyXCFH7M2ykRpa9JW2DLcF+QqtYFdIJ9F E9kA== X-Gm-Message-State: APf1xPAcak4Cayp0QDi5oAu+AzlKaImcywoRmujQ7MptzKSyWzJjYuqg nJEGAMS6iU+HVWBfmmbHhPy89XlxSMzB8tDwMonP0Q== X-Received: by 10.99.95.15 with SMTP id t15mr1872281pgb.183.1518552947780; Tue, 13 Feb 2018 12:15:47 -0800 (PST) MIME-Version: 1.0 Received: by 10.236.140.151 with HTTP; Tue, 13 Feb 2018 12:15:27 -0800 (PST) In-Reply-To: References: <001a114aca7419fa410561f23992@google.com> From: Dmitry Vyukov Date: Tue, 13 Feb 2018 21:15:27 +0100 Message-ID: Subject: Re: BUG: free active (active state 0) object type: work_struct hint: strp_work To: Tom Herbert Cc: syzbot , "David S . Miller" , Eric Biggers , John Fastabend , LKML , Linux Kernel Network Developers , syzkaller-bugs@googlegroups.com, Cong Wang Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 4, 2018 at 8:36 PM, Tom Herbert wrote: > On Thu, Jan 4, 2018 at 4:10 AM, syzbot > wrote: >> Hello, >> >> syzkaller hit the following crash on >> 6bb8824732f69de0f233ae6b1a8158e149627b38 >> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master >> compiler: gcc (GCC) 7.1.1 20170620 >> .config is attached >> Raw console output is attached. >> Unfortunately, I don't have any reproducer for this bug yet. >> >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit: >> Reported-by: syzbot+3c6c745b0d2f341bbf50@syzkaller.appspotmail.com >> It will help syzbot understand when the bug is fixed. See footer for >> details. >> If you forward the report, please keep this part and the footer. >> >> Use struct sctp_assoc_value instead >> sctp: [Deprecated]: syz-executor4 (pid 12483) Use of int in maxseg socket >> option. >> Use struct sctp_assoc_value instead >> ------------[ cut here ]------------ >> ODEBUG: free active (active state 0) object type: work_struct hint: >> strp_work+0x0/0xf0 net/strparser/strparser.c:381 >> WARNING: CPU: 1 PID: 3502 at lib/debugobjects.c:291 >> debug_print_object+0x166/0x220 lib/debugobjects.c:288 >> Kernel panic - not syncing: panic_on_warn set ... >> >> CPU: 1 PID: 3502 Comm: kworker/u4:4 Not tainted 4.15.0-rc5+ #170 >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >> Google 01/01/2011 >> Workqueue: kkcmd kcm_tx_work >> Call Trace: >> __dump_stack lib/dump_stack.c:17 [inline] >> dump_stack+0x194/0x257 lib/dump_stack.c:53 >> panic+0x1e4/0x41c kernel/panic.c:183 >> __warn+0x1dc/0x200 kernel/panic.c:547 >> report_bug+0x211/0x2d0 lib/bug.c:184 >> fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178 >> fixup_bug arch/x86/kernel/traps.c:247 [inline] >> do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296 >> do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315 >> invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1061 >> RIP: 0010:debug_print_object+0x166/0x220 lib/debugobjects.c:288 >> RSP: 0018:ffff8801c0ee7068 EFLAGS: 00010086 >> RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff8159bc3e >> RDX: 0000000000000000 RSI: 1ffff100381dcdc8 RDI: ffff8801db317dd0 >> RBP: ffff8801c0ee70a8 R08: 0000000000000000 R09: 1ffff100381dcd9a >> R10: ffffed00381dce3c R11: ffffffff86137ad8 R12: 0000000000000001 >> R13: ffffffff86113480 R14: ffffffff8560dc40 R15: ffffffff8146e5f0 >> __debug_check_no_obj_freed lib/debugobjects.c:745 [inline] >> debug_check_no_obj_freed+0x662/0xf1f lib/debugobjects.c:774 >> kmem_cache_free+0x253/0x2a0 mm/slab.c:3745 > > I believe we just need to defer kmem_cache_free to call_rcu. Hi Tom, Was this ever submitted? I don't any such change in net/kcm/kcmsock.c.