Received: by 10.223.185.116 with SMTP id b49csp980116wrg; Wed, 14 Feb 2018 09:44:22 -0800 (PST) X-Google-Smtp-Source: AH8x227PD1N40MWd62m/V7l6R7fgU3ZG8oc3aCrSalSVjJNvVOe4cwQjt53YSiL0zoYtDr2rfMoO X-Received: by 10.98.215.12 with SMTP id b12mr5469925pfh.149.1518630261902; Wed, 14 Feb 2018 09:44:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518630261; cv=none; d=google.com; s=arc-20160816; b=bXCICqvcSHhUXKoKsPjLP0mFKCIppUZ1qlbHte+RtzceXJKoLLkUPhCJnsoIwamRr7 f+9WGgmpZcLCMaeoR1ffhMUVM0pF6+fYPG9IcKClGuLqU/u8/u7AO2NOYtwMOgjfOapy JmxAKCTN2LCQP8xpExWN1RRBQCcCi7ZH/nXNGlNrhhXaLd87tRCNNmUmiv/Ofv4HiAy0 HOmow8v3x0/5X8DymW1nuNaAgGFt8T534G3yu32fx4GYyC1ApxJ2MEROmzB/PQjquE2j AZrulr9yUe6GGGTju2nzbxuRTnlSKiWrraIxfLFN+oRKvvgwsMiMAg15bIUBp/sDGU4W mFKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=FAkUUe8CIX553ekWxz3QS1vJ/rTPgxlbEQvWmqhDHMw=; b=IhICm2Ztefyf1ZxasWuy3ME3a9iWLeOarouJdmI86IgOJMil0xQVjPOb9Tf+TBPppr FnxmlIM3NPnraBTsiYCrSwtUQAhJuUZrZa9JOhCJPgX/BxpozXEA+JKHNgRCsP8jb5qL 2XxnfFNH0xK0JdE36iG4pD4hhngD+1KbFhaGjuK9vFRHBWduumPLiGhHvEWx3+yvLL9A VVpNFr1m9B4BgtE2/lRCD7z2yvUTscZYWxUeT+1jnlKLO3k1DDgy0RPHxV/QCoeuTPwq YXERH7FmlXEhpHEdlNSNxJ8kaeuS8ZvLYHpRAQwCJpoewpvyrpdIb8/dtzbkvmZZYL5s 9PQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quantonium-net.20150623.gappssmtp.com header.s=20150623 header.b=Lvh98Fi4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r76si1640894pfa.66.2018.02.14.09.44.07; Wed, 14 Feb 2018 09:44:21 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@quantonium-net.20150623.gappssmtp.com header.s=20150623 header.b=Lvh98Fi4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1161528AbeBNRmt (ORCPT + 99 others); Wed, 14 Feb 2018 12:42:49 -0500 Received: from mail-wr0-f196.google.com ([209.85.128.196]:36738 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161212AbeBNRmq (ORCPT ); Wed, 14 Feb 2018 12:42:46 -0500 Received: by mail-wr0-f196.google.com with SMTP id u15so796278wrg.3 for ; Wed, 14 Feb 2018 09:42:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FAkUUe8CIX553ekWxz3QS1vJ/rTPgxlbEQvWmqhDHMw=; b=Lvh98Fi4SBA3ktcrsLmtpTmo4svZIbH5/bRGaAEyBYlPiAVrtaSAc+FGfprrt1wXZ1 CqEYy/7Ud2MyyrTuyAtChuOHULKXeaektXCW0yWIZaJLdcLfo/nRP70cXxnJ4fBf6wz3 fXnKqSXSUNglrCLejhGTYy2NvDPqykOyG2oP07r6PHK9qs5l0Q0fGOZ2UKW064yPYXCY XJKAXyMdv/6RVJ3pdErN7OOpv1pl2DfEIhcTS9yA69trvAtdsdzgnAotJyaULQDxUGJJ GFDEwUCeRiJmLGrwUsEMPrhmxe+Kq1GVGHuSucExCJCY+Nfh0TcDDluPNsRsJZ//wK8G hIfQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FAkUUe8CIX553ekWxz3QS1vJ/rTPgxlbEQvWmqhDHMw=; b=BrlmTCDBJDhuqfJ84GiLRH/ccI0z7polbS7VBCP/RhfHsxC5ypVxHfGReqgomokDxR VmWwP8koMd/oCA2KkmtGty5rcno2ciysuP+hyN2vZHaPnRCF4FQX0IOLTpPu1Fw6Up6N 4v5+oQPJ0yeCYjdWSLf05BQDRayqXFa4AslamK8qqkCO52BIIiMLmgzviA98LxP1a6ht iHU9vaF9BQZiHyq58g41qK8T/VNOyQ9JdnrO427GZU7B8UjKHILgvHLWKhS+CYZPhTXS nUruZTvgK3jYbGxBNCKIf/IDHn/GkLDoI6CncTjJEiMtxwd4Xt/Llt2qA8ICF3uPVVPR AtNg== X-Gm-Message-State: APf1xPDEq/vhipfA/tGqDBg4gN6p/Po/LWpf8AE5cTQ11VjOqpfPtAkg iJdYQ1zQy8VF7WLR0wrBYrO3sRnAUNokLJdNQXIZOQ== X-Received: by 10.223.153.215 with SMTP id y81mr8809wrb.144.1518630164476; Wed, 14 Feb 2018 09:42:44 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.142.142 with HTTP; Wed, 14 Feb 2018 09:42:44 -0800 (PST) In-Reply-To: References: <001a114aca7419fa410561f23992@google.com> From: Tom Herbert Date: Wed, 14 Feb 2018 09:42:44 -0800 Message-ID: Subject: Re: BUG: free active (active state 0) object type: work_struct hint: strp_work To: Dmitry Vyukov Cc: syzbot , "David S . Miller" , Eric Biggers , John Fastabend , LKML , Linux Kernel Network Developers , syzkaller-bugs@googlegroups.com, Cong Wang Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 13, 2018 at 12:15 PM, Dmitry Vyukov wrote: > > On Thu, Jan 4, 2018 at 8:36 PM, Tom Herbert wrote: > > On Thu, Jan 4, 2018 at 4:10 AM, syzbot > > wrote: > >> Hello, > >> > >> syzkaller hit the following crash on > >> 6bb8824732f69de0f233ae6b1a8158e149627b38 > >> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master > >> compiler: gcc (GCC) 7.1.1 20170620 > >> .config is attached > >> Raw console output is attached. > >> Unfortunately, I don't have any reproducer for this bug yet. > >> > >> > >> IMPORTANT: if you fix the bug, please add the following tag to the commit: > >> Reported-by: syzbot+3c6c745b0d2f341bbf50@syzkaller.appspotmail.com > >> It will help syzbot understand when the bug is fixed. See footer for > >> details. > >> If you forward the report, please keep this part and the footer. > >> > >> Use struct sctp_assoc_value instead > >> sctp: [Deprecated]: syz-executor4 (pid 12483) Use of int in maxseg socket > >> option. > >> Use struct sctp_assoc_value instead > >> ------------[ cut here ]------------ > >> ODEBUG: free active (active state 0) object type: work_struct hint: > >> strp_work+0x0/0xf0 net/strparser/strparser.c:381 > >> WARNING: CPU: 1 PID: 3502 at lib/debugobjects.c:291 > >> debug_print_object+0x166/0x220 lib/debugobjects.c:288 > >> Kernel panic - not syncing: panic_on_warn set ... > >> > >> CPU: 1 PID: 3502 Comm: kworker/u4:4 Not tainted 4.15.0-rc5+ #170 > >> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > >> Google 01/01/2011 > >> Workqueue: kkcmd kcm_tx_work > >> Call Trace: > >> __dump_stack lib/dump_stack.c:17 [inline] > >> dump_stack+0x194/0x257 lib/dump_stack.c:53 > >> panic+0x1e4/0x41c kernel/panic.c:183 > >> __warn+0x1dc/0x200 kernel/panic.c:547 > >> report_bug+0x211/0x2d0 lib/bug.c:184 > >> fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178 > >> fixup_bug arch/x86/kernel/traps.c:247 [inline] > >> do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296 > >> do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315 > >> invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:1061 > >> RIP: 0010:debug_print_object+0x166/0x220 lib/debugobjects.c:288 > >> RSP: 0018:ffff8801c0ee7068 EFLAGS: 00010086 > >> RAX: dffffc0000000008 RBX: 0000000000000003 RCX: ffffffff8159bc3e > >> RDX: 0000000000000000 RSI: 1ffff100381dcdc8 RDI: ffff8801db317dd0 > >> RBP: ffff8801c0ee70a8 R08: 0000000000000000 R09: 1ffff100381dcd9a > >> R10: ffffed00381dce3c R11: ffffffff86137ad8 R12: 0000000000000001 > >> R13: ffffffff86113480 R14: ffffffff8560dc40 R15: ffffffff8146e5f0 > >> __debug_check_no_obj_freed lib/debugobjects.c:745 [inline] > >> debug_check_no_obj_freed+0x662/0xf1f lib/debugobjects.c:774 > >> kmem_cache_free+0x253/0x2a0 mm/slab.c:3745 > > > > I believe we just need to defer kmem_cache_free to call_rcu. > > > Hi Tom, > > Was this ever submitted? I don't any such change in net/kcm/kcmsock.c. Hi Dmitry, I am looking at it. Not yet convinced that call_rcu is right fix. Tom