WARNING in inet_sock_destruct
8 views
Skip to first unread message
syzbot
Apr 11, 2019, 8:00:47 PM4/11/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 09eb2ba5 ANDROID: x86_64_cuttlefish_defconfig: Enable lz4 ..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1187d74a400000
kernel config: https://syzkaller.appspot.com/x/.config?x=59246eb7b3f7dd72
dashboard link: https://syzkaller.appspot.com/bug?extid=f1e21fa48bc4fe5d287c
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146220ca400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17f4e2e1400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f1e21f...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
urandom_read: 1 callbacks suppressed
random: sshd: uninitialized urandom read (32 bytes read)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at net/ipv4/af_inet.c:167
inet_sock_destruct+0x598/0x760 net/ipv4/af_inet.c:167
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.124-g09eb2ba #83
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801db207cc0 ffffffff81eb95e9 ffffffff83c48ac0 00000000ffffffff
0000000000000000 0000000000000000 00000000000000a7 ffff8801db207d80
ffffffff81423eb5 0000000041b58ab3 ffffffff843bb8e8 ffffffff81423cf6
Call Trace:
<IRQ> [ 26.205249] [<ffffffff81eb95e9>] __dump_stack
lib/dump_stack.c:15 [inline]
<IRQ> [ 26.205249] [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
lib/dump_stack.c:51
[<ffffffff81423eb5>] panic+0x1bf/0x3bc kernel/panic.c:179
[<ffffffff814241a1>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff811383bc>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff8342c878>] inet_sock_destruct+0x598/0x760 net/ipv4/af_inet.c:167
[<ffffffff836c5839>] l2tp_tunnel_destruct+0x339/0x590
net/l2tp/l2tp_core.c:1329
[<ffffffff830281f5>] __sk_destruct+0x55/0x590 net/core/sock.c:1428
[<ffffffff812899ee>] __rcu_reclaim kernel/rcu/rcu.h:118 [inline]
[<ffffffff812899ee>] rcu_do_batch kernel/rcu/tree.c:2789 [inline]
[<ffffffff812899ee>] invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
[<ffffffff812899ee>] __rcu_process_callbacks kernel/rcu/tree.c:3020
[inline]
[<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
kernel/rcu/tree.c:3037
[<ffffffff83a085c0>] __do_softirq+0x210/0x940 kernel/softirq.c:288
[<ffffffff8114d554>] invoke_softirq kernel/softirq.c:368 [inline]
[<ffffffff8114d554>] irq_exit+0x114/0x150 kernel/softirq.c:409
[<ffffffff83a071a1>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
arch/x86/kernel/apic/apic.c:962
[<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
arch/x86/entry/entry_64.S:648
<EOI> [ 26.333834] [<ffffffff83a00606>] ? native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:55
[<ffffffff839ffc45>] arch_safe_halt arch/x86/include/asm/paravirt.h:104
[inline]
[<ffffffff839ffc45>] default_idle+0x55/0x360 arch/x86/kernel/process.c:437
[<ffffffff8106ae20>] arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:428
[<ffffffff83a00a65>] default_idle_call+0x45/0x60 kernel/sched/idle.c:97
[<ffffffff81225495>] cpuidle_idle_call kernel/sched/idle.c:155 [inline]
[<ffffffff81225495>] cpu_idle_loop kernel/sched/idle.c:248 [inline]
[<ffffffff81225495>] cpu_startup_entry+0x2b5/0x380 kernel/sched/idle.c:303
[<ffffffff839ed8cc>] rest_init+0x183/0x189 init/main.c:409
[<ffffffff84c98943>] start_kernel+0x67e/0x6b2 init/main.c:664
[<ffffffff84c9729a>] x86_64_start_reservations+0x29/0x2b
arch/x86/kernel/head64.c:196
[<ffffffff84c973db>] x86_64_start_kernel+0x13f/0x162
arch/x86/kernel/head64.c:177
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 09eb2ba5 ANDROID: x86_64_cuttlefish_defconfig: Enable lz4 ..
git tree: android-4.9
console output: https://syzkaller.appspot.com/x/log.txt?x=1187d74a400000
kernel config: https://syzkaller.appspot.com/x/.config?x=59246eb7b3f7dd72
dashboard link: https://syzkaller.appspot.com/bug?extid=f1e21fa48bc4fe5d287c
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146220ca400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17f4e2e1400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f1e21f...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
urandom_read: 1 callbacks suppressed
random: sshd: uninitialized urandom read (32 bytes read)
------------[ cut here ]------------
WARNING: CPU: 0 PID: 0 at net/ipv4/af_inet.c:167
inet_sock_destruct+0x598/0x760 net/ipv4/af_inet.c:167
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.124-g09eb2ba #83
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
ffff8801db207cc0 ffffffff81eb95e9 ffffffff83c48ac0 00000000ffffffff
0000000000000000 0000000000000000 00000000000000a7 ffff8801db207d80
ffffffff81423eb5 0000000041b58ab3 ffffffff843bb8e8 ffffffff81423cf6
Call Trace:
<IRQ> [ 26.205249] [<ffffffff81eb95e9>] __dump_stack
lib/dump_stack.c:15 [inline]
<IRQ> [ 26.205249] [<ffffffff81eb95e9>] dump_stack+0xc1/0x128
lib/dump_stack.c:51
[<ffffffff81423eb5>] panic+0x1bf/0x3bc kernel/panic.c:179
[<ffffffff814241a1>] __warn.cold.9+0xc1/0x17f kernel/panic.c:542
[<ffffffff811383bc>] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585
[<ffffffff8342c878>] inet_sock_destruct+0x598/0x760 net/ipv4/af_inet.c:167
[<ffffffff836c5839>] l2tp_tunnel_destruct+0x339/0x590
net/l2tp/l2tp_core.c:1329
[<ffffffff830281f5>] __sk_destruct+0x55/0x590 net/core/sock.c:1428
[<ffffffff812899ee>] __rcu_reclaim kernel/rcu/rcu.h:118 [inline]
[<ffffffff812899ee>] rcu_do_batch kernel/rcu/tree.c:2789 [inline]
[<ffffffff812899ee>] invoke_rcu_callbacks kernel/rcu/tree.c:3053 [inline]
[<ffffffff812899ee>] __rcu_process_callbacks kernel/rcu/tree.c:3020
[inline]
[<ffffffff812899ee>] rcu_process_callbacks+0x8ae/0x12b0
kernel/rcu/tree.c:3037
[<ffffffff83a085c0>] __do_softirq+0x210/0x940 kernel/softirq.c:288
[<ffffffff8114d554>] invoke_softirq kernel/softirq.c:368 [inline]
[<ffffffff8114d554>] irq_exit+0x114/0x150 kernel/softirq.c:409
[<ffffffff83a071a1>] exiting_irq arch/x86/include/asm/apic.h:669 [inline]
[<ffffffff83a071a1>] smp_apic_timer_interrupt+0x81/0xa0
arch/x86/kernel/apic/apic.c:962
[<ffffffff83a03330>] apic_timer_interrupt+0xa0/0xb0
arch/x86/entry/entry_64.S:648
<EOI> [ 26.333834] [<ffffffff83a00606>] ? native_safe_halt+0x6/0x10
arch/x86/include/asm/irqflags.h:55
[<ffffffff839ffc45>] arch_safe_halt arch/x86/include/asm/paravirt.h:104
[inline]
[<ffffffff839ffc45>] default_idle+0x55/0x360 arch/x86/kernel/process.c:437
[<ffffffff8106ae20>] arch_cpu_idle+0x10/0x20 arch/x86/kernel/process.c:428
[<ffffffff83a00a65>] default_idle_call+0x45/0x60 kernel/sched/idle.c:97
[<ffffffff81225495>] cpuidle_idle_call kernel/sched/idle.c:155 [inline]
[<ffffffff81225495>] cpu_idle_loop kernel/sched/idle.c:248 [inline]
[<ffffffff81225495>] cpu_startup_entry+0x2b5/0x380 kernel/sched/idle.c:303
[<ffffffff839ed8cc>] rest_init+0x183/0x189 init/main.c:409
[<ffffffff84c98943>] start_kernel+0x67e/0x6b2 init/main.c:664
[<ffffffff84c9729a>] x86_64_start_reservations+0x29/0x2b
arch/x86/kernel/head64.c:196
[<ffffffff84c973db>] x86_64_start_kernel+0x13f/0x162
arch/x86/kernel/head64.c:177
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages