Re: [syzbot] general protection fault in skb_dequeue (3)

From: John Hubbard
Date: Thu Feb 02 2023 - 18:10:29 EST

Next message: Daniel Borkmann: "Re: [PATCH bpf-next 2/3] bpf: Add KF_DEPRECATED kfunc flag"
Previous message: Andreas Dilger: "Re: [PATCH 0/5] Fix a minor POSIX conformance problem"
In reply to: David Howells: "Re: [syzbot] general protection fault in skb_dequeue (3)"
Next in thread: David Howells: "Re: [syzbot] general protection fault in skb_dequeue (3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/2/23 00:52, David Howells wrote:

Hi John, David,

Could you have a look at this?

Sure. So far, I have reproduced a crash using your simplified test
program (it required three simulaneous running copies), and will look
deeper now.

In case it illuminates anything, the crash looked like this (below), and
was obtained *without* setting KASAN. Also a minor point: this is from a
git branch of the last commit in the series (commit fd20d0c1852e "block:
convert bio_map_user_iov to use iov_iter_extract_pages"), rather than
from top of linux-next.

Kernel panic - not syncing: corrupted stack end detected inside scheduler
CPU: 2 PID: 27177 Comm: syzbot_howells Not tainted 6.2.0-rc5-hubbard-github+ #3
Hardware name: ASUS X299-A/PRIME X299-A, BIOS 1503 08/03/2018
Call Trace:
<TASK>
dump_stack_lvl+0x4c/0x63
panic+0x113/0x2c4
? folio_wait_bit_common+0xf6/0x360
__schedule+0xd1b/0xd20
schedule+0x5d/0xe0
io_schedule+0x42/0x70
folio_wait_bit_common+0x123/0x360
? __pfx_wake_page_function+0x10/0x10
folio_wait_writeback+0x24/0x100
__filemap_fdatawait_range+0x7a/0x120
? filemap_fdatawrite_wbc+0x69/0x80
? __filemap_fdatawrite_range+0x58/0x80
filemap_write_and_wait_range+0x84/0xb0
__iomap_dio_rw+0x183/0x830
? __lock_acquire+0x3b4/0x2620
iomap_dio_rw+0xe/0x40
ext4_file_read_iter+0x141/0x1c0
generic_file_splice_read+0x90/0x160
splice_direct_to_actor+0xb1/0x210
? __pfx_direct_splice_actor+0x10/0x10
do_splice_direct+0x8c/0xd0
do_sendfile+0x352/0x600
do_syscall_64+0x37/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f322d5116be
Code: c3 0f 1f 00 4c 89 d2 4c 89 c6 e9 fd fd ff ff 0f 1f 44 00 00 31 c0 c3 0f 1f 44 00 00 f3 0f 1e fa 49 89 ca b8 28 00 00 00 0f 05 <48> 3d 01 f0 ff ff8
RSP: 002b:00007ffd8c914538 EFLAGS: 00000202 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007ffd8c914678 RCX: 00007f322d5116be
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000001 R09: 00007f322d7f6740
R10: 000000000001dd00 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd8c914690 R14: 0000558a11e29d78 R15: 00007f322d843020
</TASK>

thanks,
--
John Hubbard
NVIDIA

Next message: Daniel Borkmann: "Re: [PATCH bpf-next 2/3] bpf: Add KF_DEPRECATED kfunc flag"
Previous message: Andreas Dilger: "Re: [PATCH 0/5] Fix a minor POSIX conformance problem"
In reply to: David Howells: "Re: [syzbot] general protection fault in skb_dequeue (3)"
Next in thread: David Howells: "Re: [syzbot] general protection fault in skb_dequeue (3)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]