WARNING in smc_unhash

WARNING in smc_unhash_sk (3)

Status: fixed on 2019/11/29 15:48
Subsystems: net s390
[Documentation on labels]
Reported-by: syzbot+8488cc4cf1c9e09b8b86@syzkaller.appspotmail.com
Fix commit: 8204df72bea1 net/smc: fix fastopen for non-blocking connect()
First crash: 1697d, last: 1606d

Cause bisection: the cause commit could be any of (bisect log):
  94c59aab42ce Merge branch 'bpf-l2-encap'
  3ec61df82ba0 selftests_bpf: add L2 encap to test_tc_tunnel
  6b7a21140fca tools: add smp_* barrier variants to include infrastructure
  1db04c300a41 bpf: sync bpf.h to tools/ for BPF_F_ADJ_ROOM_ENCAP_L2
  947e8b595b82 bpf: explicitly prohibit ctx_{in, out} in non-skb BPF_PROG_TEST_RUN
  58dfc900faff bpf: add layer 2 encap support to bpf_skb_adjust_room
  bb23581b9b38 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
  166b5a7f2ca3 selftests_bpf: extend test_tc_tunnel for UDP encap
  56490b623aa0 selftests: Add debugging options to pmtu.sh
  9994677c968e net: sched: flower: fix filter net reference counting
  c695865c5c98 bpf: fix missing bpf_check_uarg_tail_zero in BPF_PROG_TEST_RUN
  0eff1052438c sctp: Remove superfluous test in sctp_ulpq_reasm_drain().
  3daf8e703ec3 selftests: bpf: add selftest for __sk_buff context in BPF_PROG_TEST_RUN
  5e903c656b98 libbpf: add support for ctx_{size, }_{in, out} in BPF_PROG_TEST_RUN
  925b93742263 sctp: Always pass skbs on a list to sctp_ulpq_tail_event().
  5e8f641db673 sctp: Use helper for sctp_ulpq_tail_event() when hooked up to ->enqueue_event
  b0b9395d865e bpf: support input __sk_buff context in BPF_PROG_TEST_RUN
  178ca044aa60 sctp: Make sctp_enqueue_event tak an skb list.
  569b0c77735d tools/bpftool: show btf id in program information
  013b96ec6461 sctp: Pass sk_buff_head explicitly to sctp_ulpq_tail_event().
  d5adbdd77ecc libbpf: Fix build with gcc-8
  8af9f7291e22 Merge branch 'sctp-skb-list'
  fa0dcb3fe2ca mailmap: add entry for email addresses
  50bd645b3a21 libbpf: fix crash in XDP socket part with new larger BPF_LOG_BUF_SIZE
  6dc400af216a xen-netback: add reference from xenvif to backend_info to facilitate coredump analysis
  50717a37db03 net/smc: nonblocking connect rework
  69a0f9ecef22 bpf, bpftool: fix a few ubsan warnings
  4ada81fddfbb net/smc: fallback to TCP after connect problems
  6316f78306c1 Merge branch 'support-global-data'
  598866974c94 net/smc: check for ip prefix and subnet
  c861168b7c21 bpf, selftest: add test cases for BTF Var and DataSec
  b915ebe6d9c8 bpf, selftest: test global data/bss/rodata sections
  bc36d2fc93eb net/smc: consolidate function parameters
  fb2abb73e575 bpf, selftest: test {rd, wr}only flags and direct value access
  fba7e8ef513c net/smc: cleanup of get vlan id
  228bae05be32 net/smc: code cleanup smc_listen_work
  817998afa038 bpf: bpftool support for dumping data/bss/rodata sections
  1713d68b3bf0 bpf, libbpf: add support for BTF Var and DataSec
  9aa68d298c80 net/smc: improve smc_listen_work reason codes
  7a62725a50e0 net/smc: improve smc_conn_create reason codes
  d859900c4c56 bpf, libbpf: support global data/bss/rodata sections
  e0a092ebebf7 Merge branch 'smc-next'
  f8c7a4d4dc39 bpf, libbpf: refactor relocation handling
  b1cd609d9b51 bpf: Add base proto function for cgroup-bpf programs
  c83fef6bc562 bpf: sync {btf, bpf}.h uapi header from tools infrastructure
  2824ecb7010f bpf: allow for key-less BTF in array map
  7b146cebe30c bpf: Sysctl hook
  1dc92851849c bpf: kernel side support for BTF Var and DataSec
  808649fb787d bpf: Introduce bpf_sysctl_get_name helper
  1d11b3016cec bpf: Introduce bpf_sysctl_get_current_value helper

▶ ▼ Discussions (3)

Title	Replies (including bot)	Last reply
[PATCH 5.3 00/48] 5.3.12-stable review	57 (57)	2019/11/20 06:00
[PATCH net] net/smc: fix fastopen for non-blocking connect()	2 (2)	2019/11/16 21:04
WARNING in smc_unhash_sk (3)	0 (1)	2019/08/28 06:38

▶ ▼ Similar bugs (2)

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	WARNING in smc_unhash_sk s390 net	C			155731	2085d	2247d	8/26	fixed on 2018/08/07 13:43
upstream	WARNING in smc_unhash_sk (2)	C	done		1047	1697d	1833d	12/26	fixed on 2019/08/27 17:15

Sample crash report:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 9349 at include/net/sock.h:666 sk_del_node_init include/net/sock.h:666 [inline]
WARNING: CPU: 1 PID: 9349 at include/net/sock.h:666 smc_unhash_sk+0x1ea/0x260 net/smc/af_smc.c:96
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9349 Comm: syz-executor914 Not tainted 5.4.0-rc5+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x35 kernel/panic.c:582
 report_bug+0x289/0x300 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:sk_del_node_init include/net/sock.h:666 [inline]
RIP: 0010:smc_unhash_sk+0x1ea/0x260 net/smc/af_smc.c:96
Code: ff ff ff ff e8 77 3c 8b fe e8 52 47 5d fa 4c 89 ef e8 fa 81 38 00 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 36 47 5d fa <0f> 0b eb 86 4c 89 e7 e8 1a a6 98 fa e9 5f ff ff ff e8 30 a6 98 fa
RSP: 0018:ffff88808c867d00 EFLAGS: 00010293
RAX: ffff888080950080 RBX: ffff88809168f280 RCX: ffffffff8715d9fe
RDX: 0000000000000000 RSI: ffffffff8715da7a RDI: 0000000000000005
RBP: ffff88808c867d30 R08: ffff888080950080 R09: ffffed10122d1e61
R10: ffffed10122d1e60 R11: ffff88809168f303 R12: ffff88809168f300
R13: ffffffff89bada80 R14: ffff88809168f2a8 R15: 0000000000000001
 __smc_release+0x202/0x450 net/smc/af_smc.c:146
 smc_release+0x10c/0x380 net/smc/af_smc.c:185
 __sock_release+0xce/0x280 net/socket.c:590
 sock_close+0x1e/0x30 net/socket.c:1268
 __fput+0x2ff/0x890 fs/file_table.c:280
 ____fput+0x16/0x20 fs/file_table.c:313
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x65f/0x760 arch/x86/entry/common.c:300
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x401ff0
Code: 01 f0 ff ff 0f 83 40 0d 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 3d 8b 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0d 00 00 c3 48 83 ec 08 e8 7a 02 00 00
RSP: 002b:00007fff526a9a18 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000401ff0
RDX: 0000000000000017 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 0000000000015008 R08: 0000000000000004 R09: 0000000200000000
R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000403220 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (362):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	Manager
2019/10/31 04:54	upstream	320000e72ec0	a41ca8fa	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2019/10/26 09:25	upstream	8caacaad78b6	413926c5	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/10/25 10:57	upstream	39a38bcba4ab	d01bb02a	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2019/10/23 08:13	upstream	3b7c59a1950c	d0686497	.config	console log	report	syz	C	ci-upstream-kasan-gce
2019/08/27 19:09	upstream	a55aa89aab90	d21c5d9d	.config	console log	report	syz	C	ci-upstream-kasan-gce-selinux-root
2019/08/27 18:48	upstream	a55aa89aab90	d21c5d9d	.config	console log	report	syz	C	ci-upstream-kasan-gce
2019/08/27 18:31	upstream	a55aa89aab90	d21c5d9d	.config	console log	report	syz	C	ci-upstream-kasan-gce-smack-root
2019/08/27 18:12	upstream	a55aa89aab90	d21c5d9d	.config	console log	report	syz	C	ci-upstream-kasan-gce-root
2019/10/23 08:58	upstream	3b7c59a1950c	d0686497	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2019/08/27 18:34	upstream	a55aa89aab90	d21c5d9d	.config	console log	report	syz	C	ci-upstream-kasan-gce-386
2019/10/23 08:14	net-old	6c5d9c2a6bed	d0686497	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2019/08/27 18:39	net-old	f53a7ad18959	d21c5d9d	.config	console log	report	syz	C	ci-upstream-net-this-kasan-gce
2019/08/28 02:02	net-next-old	d00ee466a07e	fd37b39e	.config	console log	report	syz	C	ci-upstream-net-kasan-gce
2019/08/28 04:37	linux-next	ed2393ca0910	fd37b39e	.config	console log	report	syz	C	ci-upstream-linux-next-kasan-gce-root
2019/10/30 20:43	upstream	320000e72ec0	a41ca8fa	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/30 16:34	upstream	320000e72ec0	5ea87a66	.config	console log	report			ci-upstream-kasan-gce-root
2019/10/30 15:07	upstream	320000e72ec0	5ea87a66	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/30 13:32	upstream	23fdb198ae81	5ea87a66	.config	console log	report			ci-upstream-kasan-gce-root
2019/10/30 01:10	upstream	23fdb198ae81	5ea87a66	.config	console log	report			ci-upstream-kasan-gce
2019/10/29 21:29	upstream	23fdb198ae81	5ea87a66	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/28 23:22	upstream	9e5eefba3d09	439d7b14	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/28 13:49	upstream	9e5eefba3d09	25bb509e	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/28 00:19	upstream	d6d5df1db6e9	25bb509e	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/27 19:01	upstream	5a1e843c66fa	25bb509e	.config	console log	report			ci-upstream-kasan-gce
2019/10/23 18:18	upstream	13b86bc4cd64	b602d64b	.config	console log	report			ci-upstream-kasan-gce-root
2019/10/21 13:44	upstream	7d194c2100ad	b24d2b8a	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/10/20 21:44	upstream	4fe34d61a3a9	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/20 18:08	upstream	4fe34d61a3a9	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/20 14:47	upstream	4fe34d61a3a9	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/20 09:45	upstream	531e93d11470	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/20 06:03	upstream	531e93d11470	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce-smack-root
2019/10/19 20:58	upstream	998d75510e37	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/10/19 08:18	upstream	b9959c7a347d	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce
2019/10/18 16:11	upstream	0e2adab6cf28	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce
2019/10/18 03:52	upstream	283ea345934d	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce
2019/10/15 13:42	upstream	5bc52f64e884	b5268b89	.config	console log	report			ci-upstream-kasan-gce
2019/10/15 11:32	upstream	5bc52f64e884	b5268b89	.config	console log	report			ci-upstream-kasan-gce-selinux-root
2019/10/30 22:03	upstream	320000e72ec0	a41ca8fa	.config	console log	report			ci-upstream-kasan-gce-386
2019/10/24 08:51	upstream	13b86bc4cd64	d01bb02a	.config	console log	report			ci-upstream-kasan-gce-386
2019/10/23 02:24	upstream	3b7c59a1950c	5681358a	.config	console log	report			ci-upstream-kasan-gce-386
2019/10/19 22:31	upstream	998d75510e37	8c88c9c1	.config	console log	report			ci-upstream-kasan-gce-386
2019/11/26 03:20	net-old	32085f25d7b6	f746151a	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/11/24 09:20	net-old	34c36f4564b8	598ca6c8	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/11/16 00:37	net-old	a9a51bd727d1	cdac920b	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/11/13 04:27	net-old	6d6dd528d5af	048f2d49	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/30 05:55	net-old	55793d2a431c	5ea87a66	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/28 10:35	net-old	fc11078dd351	25bb509e	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/25 01:24	net-old	76db2d466f6a	d01bb02a	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/22 19:11	net-old	b30605319794	5681358a	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/21 16:10	net-old	531e93d11470	b24d2b8a	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/21 14:57	net-old	531e93d11470	b24d2b8a	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/20 02:45	net-old	bd310aca442f	8c88c9c1	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/18 01:15	net-old	af0de1303c4e	8c88c9c1	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/17 12:55	net-old	e497c20e2036	8c88c9c1	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/14 21:36	net-old	33902b4a4227	05ad7292	.config	console log	report			ci-upstream-net-this-kasan-gce
2019/10/21 21:17	net-next-old	13faf7718522	b24d2b8a	.config	console log	report			ci-upstream-net-kasan-gce
2019/10/21 19:32	net-next-old	13faf7718522	b24d2b8a	.config	console log	report			ci-upstream-net-kasan-gce
2019/10/17 23:32	net-next-old	a8c41a68076e	8c88c9c1	.config	console log	report			ci-upstream-net-kasan-gce
2019/10/17 15:56	net-next-old	2203cbf2c8b5	8c88c9c1	.config	console log	report			ci-upstream-net-kasan-gce
2019/10/16 08:28	net-next-old	14f2cf607ccd	d4ea592f	.config	console log	report			ci-upstream-net-kasan-gce
2019/10/14 17:31	net-next-old	7e0d15ee0d8b	05ad7292	.config	console log	report			ci-upstream-net-kasan-gce
2019/10/15 08:18	linux-next	0e9d28bc6c81	05ad7292	.config	console log	report			ci-upstream-linux-next-kasan-gce-root

* ~~Struck through~~ repros no longer work on HEAD.