Sign in
Sign up
Explore
Enterprise
Education
Search
Help
Terms of use
About Us
Explore
Enterprise
Education
Gitee Premium
Gitee AI
AI teammates
Sign in
Sign up
Fetch the repository succeeded.
description of repo status
Open Source
>
Other
>
Operation System
&&
Donate
Please sign in before you donate.
Cancel
Sign in
Scan WeChat QR to Pay
Cancel
Complete
Prompt
Switch to Alipay.
OK
Cancel
Watch
Unwatch
Watching
Releases Only
Ignoring
459
Star
1.7K
Fork
1.9K
GVP
openEuler
/
kernel
Closed
Code
Issues
1271
Pull Requests
991
Wiki
Insights
Pipelines
Service
Quality Analysis
Jenkins for Gitee
Tencent CloudBase
Tencent Cloud Serverless
悬镜安全
Aliyun SAE
Codeblitz
SBOM
DevLens
Don’t show this again
Update failed. Please try again later!
Remove this flag
Content Risk Flag
This task is identified by
as the content contains sensitive information such as code security bugs, privacy leaks, etc., so it is only accessible to contributors of this repository.
【syzkaller】WARNING in sk_stream_kill_queues
Done
#I6TPN9
Task
Ziyang Xuan
Opened this issue
2023-04-07 17:31
问题: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 184543 at net/core/stream.c:212 sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 Modules linked in: CPU: 1 PID: 184543 Comm: syz-executor.0 Not tainted 5.10.0-00168-g57a838cc73a6-dirty #1 Hardware name: linux,dummy-virt (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--) pc : sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 lr : sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 sp : ffffa00019237820 x29: ffffa00019237820 x28: 0000000000000000 x27: 00000000421df188 x26: ffff0000ddfad92c x25: 00000000421df188 x24: ffff0000c190be88 x23: ffff0000d6a69868 x22: ffff0000d6a69910 x21: ffff0000d6a69948 x20: ffff0000d6a69840 x19: 0000000000000ac0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000001 x13: 00ea00f80120dd86 x12: ffff80001ad4d321 x11: 1fffe0001ad4d320 x10: ffff80001ad4d320 x9 : dfffa00000000000 x8 : ffff0000d6a69904 x7 : 0000000000000001 x6 : ffff80001ad4d320 x5 : ffff0000c190be80 x4 : 0000000000000000 x3 : ffffa00011e78d60 x2 : 0000000000000ac0 x1 : ffff0000c190be80 x0 : 0000000000000000 Call trace: sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 inet_csk_destroy_sock+0xe8/0x320 net/ipv4/inet_connection_sock.c:892 tcp_done+0x1dc/0x2f0 net/ipv4/tcp.c:4178 tcp_time_wait+0x294/0x510 net/ipv4/tcp_minisocks.c:340 tcp_rcv_state_process+0x728/0x14c0 net/ipv4/tcp_input.c:6575 tcp_v6_do_rcv+0x430/0xa20 net/ipv6/tcp_ipv6.c:1527 sk_backlog_rcv include/net/sock.h:1059 [inline] __release_sock+0x230/0x50c net/core/sock.c:2541 tcp_close+0x69c/0xeb0 net/ipv4/tcp.c:2615 inet_release+0xc0/0x140 net/ipv4/af_inet.c:431 inet6_release+0x48/0x6c net/ipv6/af_inet6.c:479 __sock_release+0x80/0x150 net/socket.c:600 sock_close+0x28/0x40 net/socket.c:1270 __fput+0x1dc/0x520 fs/file_table.c:281 ____fput+0x24/0x30 fs/file_table.c:314 task_work_run+0x240/0x3a0 kernel/task_work.c:161 tracehook_notify_resume include/linux/tracehook.h:188 [inline] do_notify_resume+0x3cc/0x3d0 arch/arm64/kernel/signal.c:718 work_pending+0xc/0x19c 问题分析: 1、社区修复了一个IPV6_ADDRFORM场景下的内存泄露问题:d38afeec26ed ("tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct()."),该问题的修复涉及多个补丁,但是这些补丁不是一个系列,而是分散开的。 2、LTS补丁回合中对上述问题的补丁回合不完整,仅回合了 ca43ccf41224 ("dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.") 和 62ec33b44e0f ("net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues()."),引入问题的前置补丁和后续补丁都没有回合,LTS分支在该问题场景下会有内存泄露问题,且由于补丁回合不完整引入了更多的IPv6内存泄露问题。 3、版本回合LTS补丁,跟随了LTS上的问题。 完整的补丁集如下: 6431b0f6ff16 ("sctp: Call inet6_destroy_sock() via sk->sk_destruct().") 1651951ebea5 ("dccp: Call inet6_destroy_sock() via sk->sk_destruct().") 62ec33b44e0f net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). ca43ccf4122 dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. b5fc29233d2 inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). d38afeec26e tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 21985f43376 udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). 影响版本: OLK-5.10 openEuler-1.0-LTS
问题: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 184543 at net/core/stream.c:212 sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 Modules linked in: CPU: 1 PID: 184543 Comm: syz-executor.0 Not tainted 5.10.0-00168-g57a838cc73a6-dirty #1 Hardware name: linux,dummy-virt (DT) pstate: 80400005 (Nzcv daif +PAN -UAO -TCO BTYPE=--) pc : sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 lr : sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 sp : ffffa00019237820 x29: ffffa00019237820 x28: 0000000000000000 x27: 00000000421df188 x26: ffff0000ddfad92c x25: 00000000421df188 x24: ffff0000c190be88 x23: ffff0000d6a69868 x22: ffff0000d6a69910 x21: ffff0000d6a69948 x20: ffff0000d6a69840 x19: 0000000000000ac0 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000001 x13: 00ea00f80120dd86 x12: ffff80001ad4d321 x11: 1fffe0001ad4d320 x10: ffff80001ad4d320 x9 : dfffa00000000000 x8 : ffff0000d6a69904 x7 : 0000000000000001 x6 : ffff80001ad4d320 x5 : ffff0000c190be80 x4 : 0000000000000000 x3 : ffffa00011e78d60 x2 : 0000000000000ac0 x1 : ffff0000c190be80 x0 : 0000000000000000 Call trace: sk_stream_kill_queues+0x1d4/0x200 net/core/stream.c:212 inet_csk_destroy_sock+0xe8/0x320 net/ipv4/inet_connection_sock.c:892 tcp_done+0x1dc/0x2f0 net/ipv4/tcp.c:4178 tcp_time_wait+0x294/0x510 net/ipv4/tcp_minisocks.c:340 tcp_rcv_state_process+0x728/0x14c0 net/ipv4/tcp_input.c:6575 tcp_v6_do_rcv+0x430/0xa20 net/ipv6/tcp_ipv6.c:1527 sk_backlog_rcv include/net/sock.h:1059 [inline] __release_sock+0x230/0x50c net/core/sock.c:2541 tcp_close+0x69c/0xeb0 net/ipv4/tcp.c:2615 inet_release+0xc0/0x140 net/ipv4/af_inet.c:431 inet6_release+0x48/0x6c net/ipv6/af_inet6.c:479 __sock_release+0x80/0x150 net/socket.c:600 sock_close+0x28/0x40 net/socket.c:1270 __fput+0x1dc/0x520 fs/file_table.c:281 ____fput+0x24/0x30 fs/file_table.c:314 task_work_run+0x240/0x3a0 kernel/task_work.c:161 tracehook_notify_resume include/linux/tracehook.h:188 [inline] do_notify_resume+0x3cc/0x3d0 arch/arm64/kernel/signal.c:718 work_pending+0xc/0x19c 问题分析: 1、社区修复了一个IPV6_ADDRFORM场景下的内存泄露问题:d38afeec26ed ("tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct()."),该问题的修复涉及多个补丁,但是这些补丁不是一个系列,而是分散开的。 2、LTS补丁回合中对上述问题的补丁回合不完整,仅回合了 ca43ccf41224 ("dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.") 和 62ec33b44e0f ("net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues()."),引入问题的前置补丁和后续补丁都没有回合,LTS分支在该问题场景下会有内存泄露问题,且由于补丁回合不完整引入了更多的IPv6内存泄露问题。 3、版本回合LTS补丁,跟随了LTS上的问题。 完整的补丁集如下: 6431b0f6ff16 ("sctp: Call inet6_destroy_sock() via sk->sk_destruct().") 1651951ebea5 ("dccp: Call inet6_destroy_sock() via sk->sk_destruct().") 62ec33b44e0f net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). ca43ccf4122 dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. b5fc29233d2 inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). d38afeec26e tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 21985f43376 udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). 影响版本: OLK-5.10 openEuler-1.0-LTS
Comments (
1
)
Sign in
to comment
Status
Done
Backlog
Doing
Done
Declined
Assignees
Not set
Labels
sig/Kernel
Not set
Projects
Unprojected
Unprojected
Pull Requests
None yet
None yet
Successfully merging a pull request will close this issue.
Branches
No related branch
Branches (
-
)
Tags (
-
)
Planed to start - Planed to end
-
Top level
Not Top
Top Level: High
Top Level: Medium
Top Level: Low
Priority
Not specified
Serious
Main
Secondary
Unimportant
Duration
(hours)
参与者(2)
C
1
https://gitee.com/openeuler/kernel.git
git@gitee.com:openeuler/kernel.git
openeuler
kernel
kernel
Going to Help Center
Search
Git 命令在线学习
如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
Comment
Repository Report
Back to the top
Login prompt
This operation requires login to the code cloud account. Please log in before operating.
Go to login
No account. Register
