RDS: WARNING in rds_recv_hs_exthdrs

92 views
Skip to first unread message

GeneBlue

unread,
Feb 27, 2018, 2:37:55 AM2/27/18
to santosh....@oracle.com, David S. Miller, net...@vger.kernel.org, linux...@vger.kernel.org, rds-...@oss.oracle.com, syzkaller
Hi:
  A bug was found by syzkaller when fuzzing linux kernel rds protocol.
kernel info:
version: Linux 4.12-rc7
commit: c0bc126f97fb929b3ae02c1c62322645d70eb408


crash info:
================================================================================================

WARNING: CPU: 1 PID: 26282 at net/rds/recv.c:139 rds_conn_peer_gen_update net/rds/recv.c:139 [inline]
WARNING: CPU: 1 PID: 26282 at net/rds/recv.c:139 rds_recv_hs_exthdrs+0x42a/0x4d0 net/rds/recv.c:230
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 26282 Comm: syzkaller129215 Not tainted 4.12.0-rc7+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0xb3/0x117 lib/dump_stack.c:52
 panic+0x1bc/0x39d kernel/panic.c:180
 __warn+0x1cc/0x1f0 kernel/panic.c:541
 report_bug+0x221/0x2e0 lib/bug.c:183
 fixup_bug+0x3f/0x90 arch/x86/kernel/traps.c:190
 do_trap_no_signal arch/x86/kernel/traps.c:224 [inline]
 do_trap+0x13f/0x3f0 arch/x86/kernel/traps.c:273
 do_error_trap+0x11c/0x1f0 arch/x86/kernel/traps.c:310
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:323
 invalid_op+0x1e/0x30 arch/x86/entry/entry_64.S:844
RIP: 0010:rds_conn_peer_gen_update net/rds/recv.c:139 [inline]
RIP: 0010:rds_recv_hs_exthdrs+0x42a/0x4d0 net/rds/recv.c:230
RSP: 0018:ffff88006c57f588 EFLAGS: 00010297
RAX: ffff88003be1c200 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffffffff842d7f0c
RBP: ffff88006c57f6c0 R08: 1ffffffff085afe1 R09: dffffc0000000000
R10: 0000000000000000 R11: 0000000000000007 R12: ffff88006c379f78
R13: dffffc0000000000 R14: ffffffff842d7ee0 R15: 0000000000000007
 rds_recv_incoming+0x4e1/0x10d0 net/rds/recv.c:343
 rds_loop_xmit+0x156/0x310 net/rds/loop.c:82
 rds_send_xmit+0xbab/0x1e80 net/rds/send.c:349
 rds_sendmsg+0x1d55/0x2020 net/rds/send.c:1187
 sock_sendmsg_nosec net/socket.c:633 [inline]
 sock_sendmsg+0xcc/0x110 net/socket.c:643
 ___sys_sendmsg+0x7df/0x940 net/socket.c:1997
 __sys_sendmsg+0xce/0x170 net/socket.c:2031
 SYSC_sendmsg net/socket.c:2042 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2038
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x43c839
RSP: 002b:00007f3465ecbcd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000006d3d44 RCX: 000000000043c839
RDX: 0000000000000000 RSI: 0000000020008fc8 RDI: 0000000000000003
RBP: 0000000000000046 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f3465ecc9c0 R15: 00007f3465ecc700
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
=======================================================================================================

Some useful files are attached.
config
log0
report0
repro.cprog
repro.log
repro.prog
repro.report
repro.stats
repro.stats.log
Reply all
Reply to author
Forward
0 new messages