syzbot


INFO: task hung in tls_sw_free_resources_tx

Status: closed as dup on 2019/08/19 21:16
Reported-by: syzbot+503339bf3c9053b8a7fc@syzkaller.appspotmail.com
First crash: 1450d, last: 1164d

Cause bisection: introduced by (bisect log) :
commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
Author: Dave Watson <davejwatson@fb.com>
Date: Wed Jun 14 18:37:39 2017 +0000

  tls: kernel TLS support

Crash: KASAN: use-after-free Read in padata_do_parallel (log)
Repro: C syz .config
Duplicate of (1):
Title Repro Cause bisect Fix bisect Count Last Reported
INFO: task hung in aead_recvmsg C done 11991 981d 1755d

Sample crash report:
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
INFO: task syz-executor852:6003 blocked for more than 140 seconds.
      Not tainted 4.20.0-rc4+ #324
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
syz-executor852 D20984  6003   5985 0x00000004
Call Trace:
 context_switch kernel/sched/core.c:2831 [inline]
 __schedule+0x8cf/0x21d0 kernel/sched/core.c:3472
 schedule+0xfe/0x460 kernel/sched/core.c:3516
 schedule_timeout+0x1cc/0x260 kernel/time/timer.c:1780
 do_wait_for_common kernel/sched/completion.c:83 [inline]
 __wait_for_common kernel/sched/completion.c:104 [inline]
 wait_for_common kernel/sched/completion.c:115 [inline]
 wait_for_completion+0x427/0x8a0 kernel/sched/completion.c:136
 crypto_wait_req include/linux/crypto.h:583 [inline]
 tls_sw_free_resources_tx+0x52b/0xcf0 net/tls/tls_sw.c:1774
 tls_sk_proto_close+0x602/0x750 net/tls/tls_main.c:278
 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:428
 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:458
 __sock_release+0xd7/0x250 net/socket.c:579
 sock_close+0x19/0x20 net/socket.c:1141
 __fput+0x385/0xa30 fs/file_table.c:278
 ____fput+0x15/0x20 fs/file_table.c:309
 task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x400fe0
Code: 01 f0 ff ff 0f 83 b0 0a 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d ed 16 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 84 0a 00 00 c3 48 83 ec 08 e8 3a 01 00 00
RSP: 002b:00007ffe30095a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000400fe0
RDX: 0000000000000058 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000067edd
R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000

Showing all locks held in the system:
1 lock held by khungtaskd/1020:
 #0: 0000000034ca4b1e (rcu_read_lock){....}, at: debug_show_all_locks+0xd0/0x424 kernel/locking/lockdep.c:4379
1 lock held by rsyslogd/5866:
 #0: 00000000f2b3f94d (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x1bb/0x200 fs/file.c:766
2 locks held by getty/5956:
 #0: 000000000ac99831 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000d09933e4 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5957:
 #0: 000000005f0193c3 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000f88a15c8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5958:
 #0: 00000000794f4a79 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 000000002fefcb05 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5959:
 #0: 0000000074eb97d6 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 0000000065ce552e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5960:
 #0: 00000000c84b7e95 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 0000000020f1a59d (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5961:
 #0: 00000000c90dcbd8 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000409d1c2e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by getty/5962:
 #0: 000000006f39f77f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x32/0x40 drivers/tty/tty_ldsem.c:353
 #1: 00000000c23bd515 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x335/0x1e80 drivers/tty/n_tty.c:2154
2 locks held by syz-executor852/6003:
 #0: 000000005aa3007c (&sb->s_type->i_mutex_key#11){+.+.}, at: inode_lock include/linux/fs.h:757 [inline]
 #0: 000000005aa3007c (&sb->s_type->i_mutex_key#11){+.+.}, at: __sock_release+0x8b/0x250 net/socket.c:578
 #1: 0000000097a7edc0 (sk_lock-AF_INET6){+.+.}, at: lock_sock include/net/sock.h:1492 [inline]
 #1: 0000000097a7edc0 (sk_lock-AF_INET6){+.+.}, at: tls_sk_proto_close+0xf5/0x750 net/tls/tls_main.c:262

=============================================

NMI backtrace for cpu 0
CPU: 0 PID: 1020 Comm: khungtaskd Not tainted 4.20.0-rc4+ #324
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x244/0x39d lib/dump_stack.c:113
 nmi_cpu_backtrace.cold.2+0x5c/0xa1 lib/nmi_backtrace.c:101
 nmi_trigger_cpumask_backtrace+0x1e8/0x22a lib/nmi_backtrace.c:62
 arch_trigger_cpumask_backtrace+0x14/0x20 arch/x86/kernel/apic/hw_nmi.c:38
 trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
 check_hung_uninterruptible_tasks kernel/hung_task.c:205 [inline]
 watchdog+0xb51/0x1060 kernel/hung_task.c:289
 kthread+0x35a/0x440 kernel/kthread.c:246
 ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1 skipped: idling at native_safe_halt+0x6/0x10 arch/x86/include/asm/irqflags.h:57

Crashes (109):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-kasan-gce 2018/12/04 08:31 net-next 6915bf3b002b 03f94a45 .config log report syz C
ci-upstream-kasan-gce 2019/04/21 17:13 upstream 9e5de623a0cb b0e8efcb .config log report
ci-upstream-kasan-gce-smack-root 2019/03/06 04:49 upstream 63bdf4284c38 16559f86 .config log report
ci-upstream-kasan-gce 2019/02/25 14:08 upstream 5908e6b738e3 a70141bf .config log report
ci-upstream-kasan-gce 2019/02/10 09:59 upstream df3865f8f568 b4f792e4 .config log report
ci-upstream-kasan-gce-selinux-root 2018/11/11 06:24 upstream ab6e1f378f54 f3c4e618 .config log report
ci-upstream-kasan-gce-386 2019/03/09 00:03 upstream 610cd4eadec4 12365b99 .config log report
ci-upstream-net-this-kasan-gce 2019/07/24 04:24 net 107e47cc80ec de453f34 .config log report
ci-upstream-net-this-kasan-gce 2019/06/14 13:09 net b8003cef2e63 998ccc76 .config log report
ci-upstream-net-this-kasan-gce 2019/05/15 04:50 net 0fe9f173d6cd bd4e3ac7 .config log report
ci-upstream-net-this-kasan-gce 2019/04/23 11:59 net acced9d2b4df 53199d6e .config log report
ci-upstream-net-this-kasan-gce 2019/03/25 13:08 net 526949e877f4 2c86e0a5 .config log report
ci-upstream-net-this-kasan-gce 2019/03/16 14:54 net 4477138fa0ae bab43553 .config log report
ci-upstream-net-this-kasan-gce 2019/03/15 07:39 net 3b319ee220a8 d72db19b .config log report
ci-upstream-net-this-kasan-gce 2019/03/12 10:48 net a3b1933d34d5 12365b99 .config log report
ci-upstream-net-this-kasan-gce 2019/03/11 12:00 net 2a5ff07a0eb9 12365b99 .config log report
ci-upstream-net-this-kasan-gce 2019/03/01 15:29 net d235c48b40d3 8a4b3a6b .config log report
ci-upstream-net-this-kasan-gce 2019/02/27 09:12 net d8e96745a97f f2468c12 .config log report
ci-upstream-net-this-kasan-gce 2019/02/25 17:49 net 71828b224069 a70141bf .config log report
ci-upstream-net-kasan-gce 2019/07/20 21:33 net-next 31cc088a4f5d 1656845f .config log report
ci-upstream-net-kasan-gce 2019/07/20 10:10 net-next 31cc088a4f5d 1656845f .config log report
ci-upstream-net-kasan-gce 2019/07/19 07:56 net-next 192f0f8e9db7 7bb222f7 .config log report
ci-upstream-net-kasan-gce 2019/06/29 09:22 net-next ee7dd7733b20 7509bf36 .config log report
ci-upstream-net-kasan-gce 2019/06/29 05:06 net-next ee7dd7733b20 7509bf36 .config log report
ci-upstream-net-kasan-gce 2019/06/26 09:44 net-next 045df37e743c 0a8d1a96 .config log report
ci-upstream-net-kasan-gce 2019/06/18 10:00 net-next 6a6b5c8bff89 442206d7 .config log report
ci-upstream-net-kasan-gce 2019/06/14 08:17 net-next 514fcaac371e 998ccc76 .config log report
ci-upstream-net-kasan-gce 2019/06/11 02:01 net-next a248384e6420 0159583c .config log report
ci-upstream-net-kasan-gce 2019/06/07 21:08 net-next 96524ea4be04 ce9107d0 .config log report
ci-upstream-net-kasan-gce 2019/05/20 04:12 net-next 35c99ffa20ed 5a4461b0 .config log report
ci-upstream-net-kasan-gce 2019/05/11 10:56 net-next b970afcfcabd 46caad94 .config log report
ci-upstream-net-kasan-gce 2019/05/09 17:42 net-next 80f232121b69 6fc130d3 .config log report
ci-upstream-net-kasan-gce 2019/05/08 06:25 net-next a55a385d8c84 a7383bfa .config log report
ci-upstream-net-kasan-gce 2019/05/04 10:56 net-next 8ef988b914bd d28f4ce5 .config log report
ci-upstream-net-kasan-gce 2019/04/28 01:30 net-next 7cb523d4fec7 b617407b .config log report
ci-upstream-net-kasan-gce 2019/04/25 18:01 net-next c049d56eb219 f46aabc8 .config log report
ci-upstream-net-kasan-gce 2019/04/24 04:23 net-next a93f7fe13454 4d3d6a50 .config log report
ci-upstream-net-kasan-gce 2019/04/21 15:36 net-next 4ef6cbe80d71 b0e8efcb .config log report
ci-upstream-net-kasan-gce 2019/04/20 03:04 net-next d7cc399e1227 b0e8efcb .config log report
ci-upstream-net-kasan-gce 2019/04/08 18:52 net-next 1f17f7742eeb 0dfb0452 .config log report
ci-upstream-net-kasan-gce 2019/04/07 10:55 net-next eb94dc9aabdf c34fde03 .config log report
ci-upstream-net-kasan-gce 2019/04/07 09:07 net-next eb94dc9aabdf c34fde03 .config log report
ci-upstream-net-kasan-gce 2019/04/01 04:40 net-next 6578229d4efb ccf2355a .config log report
ci-upstream-net-kasan-gce 2019/03/23 22:34 net-next 3b0f31f2b8c9 a2cef203 .config log report
ci-upstream-net-kasan-gce 2019/03/23 11:11 net-next 1d965c4def07 3361bde5 .config log report
ci-upstream-net-kasan-gce 2019/03/15 06:29 net-next 3b319ee220a8 d72db19b .config log report
ci-upstream-net-kasan-gce 2019/03/07 12:56 net-next d9862cfbe209 8c085c5e .config log report
ci-upstream-net-kasan-gce 2019/02/28 16:15 net-next 2ecba2d1e45b 09aeeba4 .config log report
ci-upstream-net-kasan-gce 2019/02/24 21:12 net-next a75d1d01477d 7a06e792 .config log report
ci-upstream-net-kasan-gce 2019/02/19 09:14 net-next 8bbed40f107f 59f36113 .config log report
ci-upstream-net-kasan-gce 2019/02/17 08:00 net-next f2281c245d60 f42dee6d .config log report
ci-upstream-net-kasan-gce 2019/02/12 20:13 net-next 6663cf821c13 6ecc6d0f .config log report
ci-upstream-net-kasan-gce 2019/02/11 10:09 net-next 6a98afbbb4af b4f792e4 .config log report
ci-upstream-net-kasan-gce 2019/02/08 12:33 net-next fc4aa1ca1628 aa4feb03 .config log report
ci-upstream-net-kasan-gce 2018/10/11 02:35 net-next e40a826a6cbc 5f818b4b .config log report
* Struck through repros no longer work on HEAD.