Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp263332imu; Thu, 3 Jan 2019 19:15:00 -0800 (PST) X-Google-Smtp-Source: ALg8bN6RiF3ktmbv6DE4pmjzLxlxVlhPNvpuyLqX42S3MxjwsKJBOYT2shbIXTnt44N8To8I4HVG X-Received: by 2002:a17:902:b494:: with SMTP id y20mr50404275plr.178.1546571700415; Thu, 03 Jan 2019 19:15:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546571700; cv=none; d=google.com; s=arc-20160816; b=N7P3f3ZkrhTjqK0pfRsRWbYZCFN4sS8igfz+nJUs0D+LVSbTsbdnvEktzuBid26YRT w3B+DNdWYTuGUXE71lxJA18pJrc02/NrtibsCipdZB524RQKaMPtzsPsMWbTbKWwWkBU YJVN7wuURWprXVJfk2ZvvpdQLfo0e+cd2DAaPWWyvyLA0VtZ6PQ0XsF/O8iKbl7moLXN xCwkK4KY88nEPatfUt4CymSuqEw25jkpsPAcxYvmWG73PCKC4SSaeWuBOaFfBTY/03uI 0uZ83v4dr/3129VgofwdIvNscEzuYPN+PFm3UWaxRl+Zc/G+NO/7dgFEmApEjxf0lTVQ y3ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=SyBYLPw2/2zwS3YTuZCUVEH+kVTNfgI6zETlsjimHIo=; b=wr4WJweqSth42rNHj5xZw69h5iKEnrB+kUA67xb5rBcrY4Rh+cC7nSTIiumwNy6mn4 jfyTJL/I0+dY3PwjgMzGBG00awXLLqTW2b3pdh+D2iTnhKd0tSRoIJs+pRfehpIoA84k Re46SBdxPJD+02+aMn1XXmhC4ZbKO/15mxIqPoNdKgHh/L+BBJifvp4S01F7fLdSPiqg 0fucSsOpMgadgH/y8vGh06I10JALRkdg74tDD90CsOdWOAk9Q+raGjANT5vCy99T7WCk kM5E5c91ljpSTbY4H7qhpS1iHLgUF8yIdFClrA91+4fI7wS5sYlMi/v7oL2licZiSX/F LYiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=C7ub41lg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g6si4218419pgn.57.2019.01.03.19.14.22; Thu, 03 Jan 2019 19:15:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=C7ub41lg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727565AbfACVPs (ORCPT + 99 others); Thu, 3 Jan 2019 16:15:48 -0500 Received: from mail-yb1-f195.google.com ([209.85.219.195]:38705 "EHLO mail-yb1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726041AbfACVPs (ORCPT ); Thu, 3 Jan 2019 16:15:48 -0500 Received: by mail-yb1-f195.google.com with SMTP id x9so4991003ybj.5 for ; Thu, 03 Jan 2019 13:15:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SyBYLPw2/2zwS3YTuZCUVEH+kVTNfgI6zETlsjimHIo=; b=C7ub41lg7LwquGwKceXYsYj3WSgI0y/V036FnJNUxnMUfDHnSZAIgYp/CRQVC7nyVK oGRJJlwAZP/Ah4ETJmE6824jo8RN3xTYEnq+b+sut2Y8xJOKR93s1DvnD08IBiZF77Pm 0MRJnf5NJg4D0oPybduDEfjFDvyt7rLJoPeckqk/7V17Aw8JhxgN7AfkOdOLBV85DR1L UO+EMWJqOeZA80bwt75HbPBGDBBpL/oiqJe1wHUqI4pjH7FV1tBovf/bWmbq6q7CjLsL u1+cAZLSmB2sT+z+261AQMH3Sw+ErEfqoVTL3v164HorcRw0xPDXhYGkL4g3gOW/07+F RM7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SyBYLPw2/2zwS3YTuZCUVEH+kVTNfgI6zETlsjimHIo=; b=MDAvtCkGlJZsDnh7yG2wArxepQFHufVlZZeM/Dy3VVZKHp7SOZbW8QhFBS+nMt08Oc /OxDNyn9QthZuQsX7Cm092QF3OOyFaIG0G7Rr8KDwon16bz2etKSbdRvm3QC7rOtjPJT RqPw/YkALgKxtLGDu9ZHIiz2iexbpismbQlM2Pz89rfuCI+u+43ZAxNIgVTczwTzxwRT W1tTyjBeVUO3EBJykkxe9dM2Wr36zxqF9o+f+K9MTyqkEDbIe6xMTMxQUuloypJws5uW KYWUxHN+9ugUghdfUdUpfx2wkubFWo1ZM4+nTTNWxCD2BYxZU56y09u87iz5BXlKl1cA FEtQ== X-Gm-Message-State: AJcUukdSlAQS/vyCY3bhrKp5neAc7uVAMe3OYGSL/yv6tLSUlJooY2IX o7WV0lQ94318VaLjsXtSr1rxyfjdRC0= X-Received: by 2002:a25:4255:: with SMTP id p82mr34003550yba.46.1546550146447; Thu, 03 Jan 2019 13:15:46 -0800 (PST) Received: from mail-yw1-f43.google.com (mail-yw1-f43.google.com. [209.85.161.43]) by smtp.gmail.com with ESMTPSA id n16sm23278760ywn.31.2019.01.03.13.15.44 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Jan 2019 13:15:45 -0800 (PST) Received: by mail-yw1-f43.google.com with SMTP id t13so13760534ywe.13 for ; Thu, 03 Jan 2019 13:15:44 -0800 (PST) X-Received: by 2002:a81:9184:: with SMTP id i126mr50104769ywg.371.1546550144403; Thu, 03 Jan 2019 13:15:44 -0800 (PST) MIME-Version: 1.0 References: <000000000000513fb7057e8d7013@google.com> <20190103210743.6518841e@redhat.com> In-Reply-To: <20190103210743.6518841e@redhat.com> From: Willem de Bruijn Date: Thu, 3 Jan 2019 15:15:06 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: kernel panic: stack is corrupted in udp4_lib_lookup2 To: Stefano Brivio Cc: Eric Dumazet , syzbot , David Miller , Alexey Kuznetsov , linux-kernel , Network Development , syzkaller-bugs@googlegroups.com, Hideaki YOSHIFUJI Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 3, 2019 at 2:07 PM Stefano Brivio wrote: > > On Thu, 3 Jan 2019 12:01:29 -0800 > Eric Dumazet wrote: > > > On 01/03/2019 05:07 AM, syzbot wrote: > > > Hello, > > > > > > syzbot found the following crash on: > > > > > > HEAD commit: 195303136f19 Merge tag 'kconfig-v4.21-2' of git://git.kern.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=12245d8f400000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=5e7dc790609552d7 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=4ad25edc7a33e4ab91e0 > > > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > > > > > > Unfortunately, I don't have any reproducer for this crash yet. > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > > Reported-by: syzbot+4ad25edc7a33e4ab91e0@syzkaller.appspotmail.com > > > > > > protocol 88fb is buggy, dev hsr_slave_1 > > > protocol 88fb is buggy, dev hsr_slave_0 > > > protocol 88fb is buggy, dev hsr_slave_1 > > > FAT-fs (loop0): invalid media value (0x00) > > > FAT-fs (loop0): Can't find a valid FAT filesystem > > > Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: udp4_lib_lookup2+0x7ea/0x7f0 net/ipv4/udp.c:455 > > > CPU: 1 PID: 17960 Comm: syz-executor2 Not tainted 4.20.0+ #176 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > > > Call Trace: > > > Kernel Offset: disabled > > > Rebooting in 86400 seconds.. > > > > > > > > > --- > > > This bug is generated by a bot. It may contain errors. > > > See https://goo.gl/tpsmEJ for more information about syzbot. > > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > > > syzbot will keep track of this bug report. See: > > > https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with syzbot. > > > > Maybe commit 11789039da536fea96c98a40c2b441decf2e7323 > > Author: Stefano Brivio > > Date: Tue Dec 18 00:13:17 2018 +0100 > > > > fou: Prevent unbounded recursion in GUE error handler > > > > Forgot to deal with IPv6 ? > > Damn, yes. :( Thanks both for pointing that out, patch coming. > > Still, I can't be sure this is the same issue. syzbot generated stack traces with [ 183.517380] udpv6_err+0x46/0x60 [ 183.520739] ? __udp6_lib_err+0x1890/0x1890 [ 183.525054] gue6_err_proto_handler+0x199/0x280 so it is quite likely