WARNING in udp_lib_unhash
7 views
Skip to first unread message
syzbot
Apr 12, 2019, 8:00:55 PM4/12/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 3fc4284d ANDROID: sdcardfs: Move default_normal to superbl..
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=12114845800000
kernel config: https://syzkaller.appspot.com/x/.config?x=8b2789f7467547bd
dashboard link: https://syzkaller.appspot.com/bug?extid=8b31780c2aa84f8f2fff
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f34e79800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=127d2c29800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8b3178...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4968 at include/net/sock.h:628
sk_nulls_del_node_init_rcu include/net/sock.h:628 [inline]()
WARNING: CPU: 0 PID: 4968 at include/net/sock.h:628
udp_lib_unhash+0x545/0x6a0 net/ipv4/udp.c:1406()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 4968 Comm: syzkaller742045 Not tainted 4.4.112-g3fc4284 #32
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 803ff35879798751 ffff8800b1b2fa30 ffffffff81d054ed
ffffffff83843200 ffff8800b1b2fb08 ffffffff83cf1d40 0000000000000009
0000000000000274 ffff8800b1b2faf8 ffffffff81419dca 0000000041b58ab3
Call Trace:
[<ffffffff81d054ed>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d054ed>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81419dca>] panic+0x1aa/0x388 kernel/panic.c:112
[<ffffffff8112d835>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455
[<ffffffff8112da99>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492
[<ffffffff831a5d85>] sk_nulls_del_node_init_rcu include/net/sock.h:628
[inline]
[<ffffffff831a5d85>] udp_lib_unhash+0x545/0x6a0 net/ipv4/udp.c:1406
[<ffffffff82e0151d>] sk_common_release+0xbd/0x300 net/core/sock.c:2690
[<ffffffff831a2ae5>] udp_lib_close+0x15/0x20 include/net/udp.h:190
[<ffffffff831d16da>] inet_release+0xfa/0x1d0 net/ipv4/af_inet.c:435
[<ffffffff82dea37d>] sock_release+0x8d/0x1e0 net/socket.c:586
[<ffffffff82dea4e6>] sock_close+0x16/0x20 net/socket.c:1037
[<ffffffff81522f93>] __fput+0x233/0x6d0 fs/file_table.c:208
[<ffffffff815234b5>] ____fput+0x15/0x20 fs/file_table.c:244
[<ffffffff8118bb54>] task_work_run+0x104/0x180 kernel/task_work.c:115
[<ffffffff81132f21>] exit_task_work include/linux/task_work.h:21 [inline]
[<ffffffff81132f21>] do_exit+0x871/0x2a20 kernel/exit.c:755
[<ffffffff81139398>] do_group_exit+0x108/0x320 kernel/exit.c:885
[<ffffffff811395cd>] SYSC_exit_group kernel/exit.c:896 [inline]
[<ffffffff811395cd>] SyS_exit_group+0x1d/0x20 kernel/exit.c:894
[<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 3fc4284d ANDROID: sdcardfs: Move default_normal to superbl..
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=12114845800000
kernel config: https://syzkaller.appspot.com/x/.config?x=8b2789f7467547bd
dashboard link: https://syzkaller.appspot.com/bug?extid=8b31780c2aa84f8f2fff
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f34e79800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=127d2c29800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+8b3178...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4968 at include/net/sock.h:628
sk_nulls_del_node_init_rcu include/net/sock.h:628 [inline]()
WARNING: CPU: 0 PID: 4968 at include/net/sock.h:628
udp_lib_unhash+0x545/0x6a0 net/ipv4/udp.c:1406()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 4968 Comm: syzkaller742045 Not tainted 4.4.112-g3fc4284 #32
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
0000000000000000 803ff35879798751 ffff8800b1b2fa30 ffffffff81d054ed
ffffffff83843200 ffff8800b1b2fb08 ffffffff83cf1d40 0000000000000009
0000000000000274 ffff8800b1b2faf8 ffffffff81419dca 0000000041b58ab3
Call Trace:
[<ffffffff81d054ed>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d054ed>] dump_stack+0xc1/0x124 lib/dump_stack.c:51
[<ffffffff81419dca>] panic+0x1aa/0x388 kernel/panic.c:112
[<ffffffff8112d835>] warn_slowpath_common+0x125/0x140 kernel/panic.c:455
[<ffffffff8112da99>] warn_slowpath_null+0x29/0x30 kernel/panic.c:492
[<ffffffff831a5d85>] sk_nulls_del_node_init_rcu include/net/sock.h:628
[inline]
[<ffffffff831a5d85>] udp_lib_unhash+0x545/0x6a0 net/ipv4/udp.c:1406
[<ffffffff82e0151d>] sk_common_release+0xbd/0x300 net/core/sock.c:2690
[<ffffffff831a2ae5>] udp_lib_close+0x15/0x20 include/net/udp.h:190
[<ffffffff831d16da>] inet_release+0xfa/0x1d0 net/ipv4/af_inet.c:435
[<ffffffff82dea37d>] sock_release+0x8d/0x1e0 net/socket.c:586
[<ffffffff82dea4e6>] sock_close+0x16/0x20 net/socket.c:1037
[<ffffffff81522f93>] __fput+0x233/0x6d0 fs/file_table.c:208
[<ffffffff815234b5>] ____fput+0x15/0x20 fs/file_table.c:244
[<ffffffff8118bb54>] task_work_run+0x104/0x180 kernel/task_work.c:115
[<ffffffff81132f21>] exit_task_work include/linux/task_work.h:21 [inline]
[<ffffffff81132f21>] do_exit+0x871/0x2a20 kernel/exit.c:755
[<ffffffff81139398>] do_group_exit+0x108/0x320 kernel/exit.c:885
[<ffffffff811395cd>] SYSC_exit_group kernel/exit.c:896 [inline]
[<ffffffff811395cd>] SyS_exit_group+0x1d/0x20 kernel/exit.c:894
[<ffffffff837761d9>] entry_SYSCALL_64_fastpath+0x16/0x92
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages