syzbot


kernel BUG at net/rxrpc/conn_object.c:LINE!

Status: fixed on 2020/11/16 12:12
Subsystems: afs net
[Documentation on labels]
Reported-by: syzbot+52071f826a617b9c76ed@syzkaller.appspotmail.com
Fix commit: 546a42410bf7 rxrpc: Fix conn bundle leak in net-namespace exit
First crash: 1488d, last: 1422d
Cause bisection: introduced by (bisect log) :
commit 245500d853e9f20036cec7df4f6984ece4c6bf26
Author: David Howells <dhowells@redhat.com>
Date: Wed Jul 1 10:15:32 2020 +0000

  rxrpc: Rewrite the client connection manager

Crash: kernel BUG at net/rxrpc/conn_object.c:LINE! (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH net-next 0/5] rxrpc: Fixes for the connection manager rewrite 7 (7) 2020/09/14 21:04
kernel BUG at net/rxrpc/conn_object.c:LINE! 0 (1) 2020/09/10 08:48
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at net/rxrpc/conn_object.c:LINE! (2) afs net 7 1336d 1399d 0/28 auto-closed as invalid on 2021/05/17 08:51
upstream kernel BUG in rxrpc_destroy_all_connections afs net 4 1115d 1168d 0/28 auto-closed as invalid on 2022/01/14 17:56
Last patch testing requests (1)
Created Duration User Patch Repo Result
2020/09/14 11:45 17m himadrispandya@gmail.com https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master OK

Sample crash report:
rxrpc: Assertion failed
------------[ cut here ]------------
kernel BUG at net/rxrpc/conn_object.c:481!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 109 Comm: kworker/u4:3 Not tainted 5.9.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
RIP: 0010:rxrpc_destroy_all_connections.cold+0x11/0x13 net/rxrpc/conn_object.c:481
Code: c0 48 c7 c1 00 ba 14 89 48 89 f2 48 c7 c7 80 b6 14 89 e8 64 ed 0b fa 0f 0b e8 1e b6 22 fa 48 c7 c7 80 b9 14 89 e8 51 ed 0b fa <0f> 0b 41 57 41 56 41 55 41 54 55 53 48 89 f3 48 83 ec 20 48 89 3c
RSP: 0018:ffffc90001297b18 EFLAGS: 00010282
RAX: 0000000000000017 RBX: ffff888088868000 RCX: 0000000000000000
RDX: ffff8880a8d74500 RSI: ffffffff815dbd97 RDI: fffff52000252f55
RBP: ffff888088868064 R08: 0000000000000017 R09: ffff8880ae631927
R10: 0000000000000000 R11: 0000000039303154 R12: ffff888088868068
R13: ffff888088868078 R14: ffff888088868078 R15: ffff888088867eb8
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd3e4c1bdc CR3: 00000000953a3000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rxrpc_exit_net+0x1a4/0x2e0 net/rxrpc/net_ns.c:119
 ops_exit_list+0xb0/0x160 net/core/net_namespace.c:186
 cleanup_net+0x4ea/0xa00 net/core/net_namespace.c:603
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
---[ end trace 49e3d2fb10737186 ]---
RIP: 0010:rxrpc_destroy_all_connections.cold+0x11/0x13 net/rxrpc/conn_object.c:481
Code: c0 48 c7 c1 00 ba 14 89 48 89 f2 48 c7 c7 80 b6 14 89 e8 64 ed 0b fa 0f 0b e8 1e b6 22 fa 48 c7 c7 80 b9 14 89 e8 51 ed 0b fa <0f> 0b 41 57 41 56 41 55 41 54 55 53 48 89 f3 48 83 ec 20 48 89 3c
RSP: 0018:ffffc90001297b18 EFLAGS: 00010282
RAX: 0000000000000017 RBX: ffff888088868000 RCX: 0000000000000000
RDX: ffff8880a8d74500 RSI: ffffffff815dbd97 RDI: fffff52000252f55
RBP: ffff888088868064 R08: 0000000000000017 R09: ffff8880ae631927
R10: 0000000000000000 R11: 0000000039303154 R12: ffff888088868068
R13: ffff888088868078 R14: ffff888088868078 R15: ffff888088867eb8
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd3e4c1bdc CR3: 00000000953a3000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (855):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/09/12 17:20 net-next-old 5a6bd84f8154 ce441f06 .config console log report syz C ci-upstream-net-kasan-gce
2020/09/09 15:14 net-next-old f5499c67477e 0ea7a887 .config console log report syz C ci-upstream-net-kasan-gce
2020/11/14 05:08 bpf 50431b45685b 1bf9a662 .config console log report info ci-upstream-bpf-kasan-gce
2020/10/29 16:16 bpf c66dca98a24c f24824d3 .config console log report info ci-upstream-bpf-kasan-gce
2020/10/27 23:20 bpf 343a3e8bc635 96e03c1c .config console log report info ci-upstream-bpf-kasan-gce
2020/10/22 10:53 bpf c5eb48e89286 be6b1582 .config console log report info ci-upstream-bpf-kasan-gce
2020/10/19 07:38 bpf 9ff9b0d392ea fea47c01 .config console log report info ci-upstream-bpf-kasan-gce
2020/10/19 04:11 bpf 9ff9b0d392ea fea47c01 .config console log report info ci-upstream-bpf-kasan-gce
2020/11/09 20:00 bpf-next f055f355faf1 64069d48 .config console log report info ci-upstream-bpf-next-kasan-gce
2020/11/07 20:44 bpf-next f055f355faf1 64069d48 .config console log report info ci-upstream-bpf-next-kasan-gce
2020/10/28 00:48 bpf-next 3cb12d27ff65 96e03c1c .config console log report info ci-upstream-bpf-next-kasan-gce
2020/10/26 06:39 bpf-next 9ff9b0d392ea a1839e81 .config console log report info ci-upstream-bpf-next-kasan-gce
2020/10/25 11:03 bpf-next 9ff9b0d392ea a1839e81 .config console log report info ci-upstream-bpf-next-kasan-gce
2020/10/09 07:31 bpf-next 1e9259eca8fd 92390980 .config console log report info ci-upstream-bpf-next-kasan-gce
2020/10/01 09:08 bpf-next 3effc06a4dde a9767fb2 .config console log report info ci-upstream-bpf-next-kasan-gce
2020/09/14 02:28 net-next-old 068b62148255 2d3cdd63 .config console log report ci-upstream-net-kasan-gce
2020/09/14 02:21 net-next-old 068b62148255 2d3cdd63 .config console log report ci-upstream-net-kasan-gce
2020/09/14 00:12 net-next-old 068b62148255 2d3cdd63 .config console log report ci-upstream-net-kasan-gce
2020/09/13 22:10 net-next-old e5e252ba21d2 2d3cdd63 .config console log report ci-upstream-net-kasan-gce
2020/09/13 01:24 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/13 01:10 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/12 22:35 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/12 22:24 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/12 21:22 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/12 20:21 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/12 19:39 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/12 18:28 net-next-old 5a6bd84f8154 ce441f06 .config console log report ci-upstream-net-kasan-gce
2020/09/09 09:47 net-next-old f5499c67477e 0ea7a887 .config console log report ci-upstream-net-kasan-gce
2020/09/18 05:41 linux-next 860461e4fcaa 8247808b .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/09/15 08:16 linux-next f965d3ec86fa 6989d6f6 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/09/15 07:56 linux-next f965d3ec86fa 6989d6f6 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/09/14 10:58 linux-next f965d3ec86fa 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 09:48 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 09:14 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 08:08 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 07:04 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 06:23 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 04:46 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 03:45 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 03:32 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 01:20 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/14 01:13 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/13 23:12 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/13 21:54 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/13 20:53 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/13 20:19 linux-next d5b2251d63b5 2d3cdd63 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/13 04:44 linux-next d5b2251d63b5 ce441f06 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/13 03:26 linux-next d5b2251d63b5 ce441f06 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/12 23:57 linux-next d5b2251d63b5 ce441f06 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/12 16:10 linux-next d5b2251d63b5 ce441f06 .config console log report ci-upstream-linux-next-kasan-gce-root
2020/09/12 15:40 linux-next d5b2251d63b5 ce441f06 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.