Re: WARNING in refcount_dec

2018-04-23 Thread Willem de Bruijn
On Thu, Apr 19, 2018 at 2:55 PM, Willem de Bruijn wrote: > On Thu, Apr 19, 2018 at 2:32 AM, DaeRyong Jeong wrote: >> Hello. >> We have analyzed the cause of the crash in v4.16-rc3, WARNING in >> refcount_dec, >> which is found by RaceFuzzer (a modified version of Syz

Re: WARNING in refcount_dec

2018-04-19 Thread Willem de Bruijn
On Thu, Apr 19, 2018 at 2:32 AM, DaeRyong Jeong wrote: > Hello. > We have analyzed the cause of the crash in v4.16-rc3, WARNING in refcount_dec, > which is found by RaceFuzzer (a modified version of Syzkaller). > > Since struct packet_sock's member variables, running, has_vne

Re: WARNING in refcount_dec

2018-04-18 Thread DaeRyong Jeong
Hello. We have analyzed the cause of the crash in v4.16-rc3, WARNING in refcount_dec, which is found by RaceFuzzer (a modified version of Syzkaller). Since struct packet_sock's member variables, running, has_vnet_hdr, origdev and auxdata are declared as bitfields, accessing these variable

Re: WARNING in refcount_dec

2018-04-02 Thread DaeRyong Jeong
No. Only the first crash (WARNING in refcount_dec) is reproduced by the attached reproducer. The second crash (kernel bug at af_packet.c:3107) is reproduced by another reproducer. We reported it here. http://lkml.iu.edu/hypermail/linux/kernel/1803.3/05324.html On Sun, Apr 1, 2018 at 4:38 PM

Re: WARNING in refcount_dec

2018-04-01 Thread Willem de Bruijn
e8 >> 43 b3 c0 fd <0f> 0b e8 3c b3 c0 fd 48 8b bd 20 ff ff ff e8 60 1e e7 fd >> 4c 89 >> [ 357.792260] RIP: packet_do_bind+0x88d/0x950 RSP: 8800b2787b08 >> [ 357.793698] ---[ end trace 0c5a2539f0247369 ]--- >> [ 357.794696] Kernel panic - not syncing: Fatal

Re: WARNING in refcount_dec

2018-03-28 Thread Cong Wang
c b3 c0 fd 48 8b bd 20 ff ff ff e8 60 1e e7 fd > 4c 89 > [ 357.792260] RIP: packet_do_bind+0x88d/0x950 RSP: 8800b2787b08 > [ 357.793698] ---[ end trace 0c5a2539f0247369 ]--- > [ 357.794696] Kernel panic - not syncing: Fatal exception > [ 357.795918] Kernel Offset: disabled &

Re: WARNING in refcount_dec

2018-03-28 Thread Byoungyoung Lee
trace 0c5a2539f0247369 ]--- [ 357.794696] Kernel panic - not syncing: Fatal exception [ 357.795918] Kernel Offset: disabled [ 357.796614] Rebooting in 86400 seconds.. On Wed, Mar 28, 2018 at 1:19 AM, Byoungyoung Lee wrote: > We report the crash: WARNING in refcount_dec > > This crash ha

WARNING in refcount_dec

2018-03-27 Thread Byoungyoung Lee
We report the crash: WARNING in refcount_dec This crash has been found in v4.16-rc3 using RaceFuzzer (a modified version of Syzkaller), which we describe more at the end of this report. Our analysis shows that the race occurs when invoking two syscalls concurrently, (setsockopt$packet_int) and