Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp5993499rdb; Thu, 14 Dec 2023 05:46:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IGMW9DvoTV91FJMmlNRVwv2/gNK82yt2jxcN3QTU4AykOySMpsXSYZBPQbLZnOSLW9XpcW0 X-Received: by 2002:a17:902:d485:b0:1d3:442e:177f with SMTP id c5-20020a170902d48500b001d3442e177fmr4914343plg.16.1702561614718; Thu, 14 Dec 2023 05:46:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702561614; cv=none; d=google.com; s=arc-20160816; b=wG97jh5mstx4GGd+Wj6uGn5vaqAzsNRC+wa8TCSkq2N6p9PsgYZKtG7y4SNbBERU2R YVNEA9NLC+8RT16thrfN+HjWBMn2d6BSdL5Q+AJ9k/Kq7olE2dVix4EJ3woV3NoDacTM W9rXv/dhAnypLEZt5OH+6y3mjUgEo4FvO7VAZV0x0vMrY3au04KQomiyhV6kxn2GmYeB GQLMudogL5+FiaZLAYoEaBVQajd6G09OOmYt+g3wbvQPZ8p3rMojOX8Q9F6UFB7Si2ns a9ltaynHszhOfWF6NOL/1ZGnFMoehLHjdiF/D+rkGSRRPqWWHnaVF7CQEUM/fhRW4xTa hj3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hOEVUJq9OoG8R5is92GBHXhyEM+foNZh7lJCCzZq/p8=; fh=r/+PNNpcw/2CT2LbsoH4tSQ0i/fjgosdsqSmJNxhDQE=; b=mmvOzSDiCLG9PNF/lNcwoIhrWlPpxw25r8ZBxUaL4a7T/vfPMvIdgUShhnazYVVHH9 rDZmHtxCKRgiCLSNja149NUYjTm0xgDFdDVh0YXf5fD23x9o5VUmOGVM8MVeIgsaOMOL yL1FTYUZ6UJGq66rB9bsqyKwugpJhXvMOGsiXDy0jJwwPABKGSZIIpEGkoVtl0jicq6o TIe7z3NApstO/U8UB1jnt30l5Lgv3XugOSNgwKZVsq9weCbRBCcYRsGJLQjw0M+/Ihqf IaX1oAoC1sLeASGdmg9FMUeK3x95m9LH4uh5iyQSO25g+7i8e6duu6qzsIl0DVM8D27o /qRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=FJSB+xO5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id n11-20020a1709026a8b00b001d36c2e3eb5si874822plk.418.2023.12.14.05.46.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 05:46:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=FJSB+xO5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id F07EF80EE74F; Thu, 14 Dec 2023 05:46:51 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229851AbjLNNqh (ORCPT + 99 others); Thu, 14 Dec 2023 08:46:37 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55852 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229930AbjLNNqg (ORCPT ); Thu, 14 Dec 2023 08:46:36 -0500 Received: from smtp-fw-52003.amazon.com (smtp-fw-52003.amazon.com [52.119.213.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 620C3128; Thu, 14 Dec 2023 05:46:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1702561602; x=1734097602; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=hOEVUJq9OoG8R5is92GBHXhyEM+foNZh7lJCCzZq/p8=; b=FJSB+xO5KtbyZyKyZfVxN9pFQ00s18Ta4dcMWJSvKq6VDMm+3tSHo713 iwtHYwty+kiqOlJVrE/ty6Imty1SXrqGBUJiM/2qHDn1otlQ9R5SIOzDr TGVoCemJ9QL3rL2RDQmfox+jzykB8rO9GKNrO9+eEcyx7zCcvDGjn70Sy E=; X-IronPort-AV: E=Sophos;i="6.04,275,1695686400"; d="scan'208";a="625228632" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-iad-1a-m6i4x-47cc8a4c.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-52003.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Dec 2023 13:46:40 +0000 Received: from smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev (iad7-ws-svc-p70-lb3-vlan2.iad.amazon.com [10.32.235.34]) by email-inbound-relay-iad-1a-m6i4x-47cc8a4c.us-east-1.amazon.com (Postfix) with ESMTPS id CD0A61619CB; Thu, 14 Dec 2023 13:46:37 +0000 (UTC) Received: from EX19MTAUWB002.ant.amazon.com [10.0.21.151:16235] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.43.236:2525] with esmtp (Farcaster) id 0e3acdb6-9070-4956-aa60-7f5ffd5e720a; Thu, 14 Dec 2023 13:46:36 +0000 (UTC) X-Farcaster-Flow-ID: 0e3acdb6-9070-4956-aa60-7f5ffd5e720a Received: from EX19D004ANA001.ant.amazon.com (10.37.240.138) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Thu, 14 Dec 2023 13:46:35 +0000 Received: from 88665a182662.ant.amazon.com (10.143.92.5) by EX19D004ANA001.ant.amazon.com (10.37.240.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Thu, 14 Dec 2023 13:46:30 +0000 From: Kuniyuki Iwashima To: CC: , , , , , , , Aleksandr Nogikh , syzbot Subject: Re: [PATCH net] net: Return error from sk_stream_wait_connect() if sk_wait_event() fails Date: Thu, 14 Dec 2023 22:46:14 +0900 Message-ID: <20231214134615.55389-1-kuniyu@amazon.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20231214.223106.2284573595890480656.syoshida@redhat.com> References: <20231214.223106.2284573595890480656.syoshida@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Originating-IP: [10.143.92.5] X-ClientProxiedBy: EX19D031UWA004.ant.amazon.com (10.13.139.19) To EX19D004ANA001.ant.amazon.com (10.37.240.138) X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 14 Dec 2023 05:46:52 -0800 (PST) From: Shigeru Yoshida Date: Thu, 14 Dec 2023 22:31:06 +0900 (JST) > On Thu, 14 Dec 2023 17:46:22 +0900, Kuniyuki Iwashima wrote: > > From: Shigeru Yoshida > > Date: Thu, 14 Dec 2023 14:09:22 +0900 > >> The following NULL pointer dereference issue occurred: > >> > >> BUG: kernel NULL pointer dereference, address: 0000000000000000 > >> <...> > >> RIP: 0010:ccid_hc_tx_send_packet net/dccp/ccid.h:166 [inline] > >> RIP: 0010:dccp_write_xmit+0x49/0x140 net/dccp/output.c:356 > >> <...> > >> Call Trace: > >> > >> dccp_sendmsg+0x642/0x7e0 net/dccp/proto.c:801 > >> inet_sendmsg+0x63/0x90 net/ipv4/af_inet.c:846 > >> sock_sendmsg_nosec net/socket.c:730 [inline] > >> __sock_sendmsg+0x83/0xe0 net/socket.c:745 > >> ____sys_sendmsg+0x443/0x510 net/socket.c:2558 > >> ___sys_sendmsg+0xe5/0x150 net/socket.c:2612 > >> __sys_sendmsg+0xa6/0x120 net/socket.c:2641 > >> __do_sys_sendmsg net/socket.c:2650 [inline] > >> __se_sys_sendmsg net/socket.c:2648 [inline] > >> __x64_sys_sendmsg+0x45/0x50 net/socket.c:2648 > >> do_syscall_x64 arch/x86/entry/common.c:51 [inline] > >> do_syscall_64+0x43/0x110 arch/x86/entry/common.c:82 > >> entry_SYSCALL_64_after_hwframe+0x63/0x6b > >> > >> sk_wait_event() returns an error (-EPIPE) if disconnect() is called on the > >> socket waiting for the event. However, sk_stream_wait_connect() returns > >> success, i.e. zero, even if sk_wait_event() returns -EPIPE, so a function > >> that waits for a connection with sk_stream_wait_connect() may misbehave. > >> > >> In the case of the above DCCP issue, dccp_sendmsg() is waiting for the > >> connection. If disconnect() is called in concurrently, the above issue > >> occurs. > >> > >> This patch fixes the issue by returning error from sk_stream_wait_connect() > >> if sk_wait_event() fails. > >> > >> Fixes: 419ce133ab92 ("tcp: allow again tcp_disconnect() when threads are waiting") > >> Signed-off-by: Shigeru Yoshida > > > > Reviewed-by: Kuniyuki Iwashima > > > > I guess you picked this issue from syzbot's report. > > https://lore.kernel.org/netdev/0000000000009e122006088a2b8d@google.com/ > > > > If so, let's give a proper credit to syzbot and its authors: > > > > Reported-by: syzbot+c71bc336c5061153b502@syzkaller.appspotmail.com > > Hi Kuniyuki-san, > > Thank you very much for your review. I didn't notice the syzbot's > report. Actually, I found this issue by running syzkaller on my > machine. Thanks for clarifying. I'm also running syzkaller locally and used to add Reported-by: syzbot But, it was confusing for syzbot's owners, and I got a mail from one of the authors, Aleksandr Nogikh. Since then, if syzkaller found an issue that was not on the syzbot dashboard, I have used Reported-by: syzkaller . FWIW, here's Aleksandr's words from the mail. ---8<--- Maybe it would be just a little more clear if instead of Reported-by: syzbot you'd write Reported-by: syzkaller if the bug was found only by a local syzkaller instance, because otherwise it implies that the bug was found by syzbot, which is not really the case here :) ---8<--- > > Now, I tested this patch with syzbot, and it looks good. > > Reported-and-tested-by: syzbot+c71bc336c5061153b502@syzkaller.appspotmail.com This time, this tag is best. Thanks!