syzbot


WARNING in smc_unhash_sk (3)

Status: fixed on 2019/11/29 15:48
Subsystems: net s390
[Documentation on labels]
Reported-by: syzbot+8488cc4cf1c9e09b8b86@syzkaller.appspotmail.com
Fix commit: 8204df72bea1 net/smc: fix fastopen for non-blocking connect()
First crash: 1929d, last: 1838d
Cause bisection: the cause commit could be any of (bisect log):
  94c59aab42ce Merge branch 'bpf-l2-encap'
  3ec61df82ba0 selftests_bpf: add L2 encap to test_tc_tunnel
  6b7a21140fca tools: add smp_* barrier variants to include infrastructure
  1db04c300a41 bpf: sync bpf.h to tools/ for BPF_F_ADJ_ROOM_ENCAP_L2
  947e8b595b82 bpf: explicitly prohibit ctx_{in, out} in non-skb BPF_PROG_TEST_RUN
  58dfc900faff bpf: add layer 2 encap support to bpf_skb_adjust_room
  bb23581b9b38 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
  166b5a7f2ca3 selftests_bpf: extend test_tc_tunnel for UDP encap
  56490b623aa0 selftests: Add debugging options to pmtu.sh
  9994677c968e net: sched: flower: fix filter net reference counting
  c695865c5c98 bpf: fix missing bpf_check_uarg_tail_zero in BPF_PROG_TEST_RUN
  0eff1052438c sctp: Remove superfluous test in sctp_ulpq_reasm_drain().
  3daf8e703ec3 selftests: bpf: add selftest for __sk_buff context in BPF_PROG_TEST_RUN
  5e903c656b98 libbpf: add support for ctx_{size, }_{in, out} in BPF_PROG_TEST_RUN
  925b93742263 sctp: Always pass skbs on a list to sctp_ulpq_tail_event().
  5e8f641db673 sctp: Use helper for sctp_ulpq_tail_event() when hooked up to ->enqueue_event
  b0b9395d865e bpf: support input __sk_buff context in BPF_PROG_TEST_RUN
  178ca044aa60 sctp: Make sctp_enqueue_event tak an skb list.
  569b0c77735d tools/bpftool: show btf id in program information
  013b96ec6461 sctp: Pass sk_buff_head explicitly to sctp_ulpq_tail_event().
  d5adbdd77ecc libbpf: Fix build with gcc-8
  8af9f7291e22 Merge branch 'sctp-skb-list'
  fa0dcb3fe2ca mailmap: add entry for email addresses
  50bd645b3a21 libbpf: fix crash in XDP socket part with new larger BPF_LOG_BUF_SIZE
  6dc400af216a xen-netback: add reference from xenvif to backend_info to facilitate coredump analysis
  50717a37db03 net/smc: nonblocking connect rework
  69a0f9ecef22 bpf, bpftool: fix a few ubsan warnings
  4ada81fddfbb net/smc: fallback to TCP after connect problems
  6316f78306c1 Merge branch 'support-global-data'
  598866974c94 net/smc: check for ip prefix and subnet
  c861168b7c21 bpf, selftest: add test cases for BTF Var and DataSec
  b915ebe6d9c8 bpf, selftest: test global data/bss/rodata sections
  bc36d2fc93eb net/smc: consolidate function parameters
  fb2abb73e575 bpf, selftest: test {rd, wr}only flags and direct value access
  fba7e8ef513c net/smc: cleanup of get vlan id
  228bae05be32 net/smc: code cleanup smc_listen_work
  817998afa038 bpf: bpftool support for dumping data/bss/rodata sections
  1713d68b3bf0 bpf, libbpf: add support for BTF Var and DataSec
  9aa68d298c80 net/smc: improve smc_listen_work reason codes
  7a62725a50e0 net/smc: improve smc_conn_create reason codes
  d859900c4c56 bpf, libbpf: support global data/bss/rodata sections
  e0a092ebebf7 Merge branch 'smc-next'
  f8c7a4d4dc39 bpf, libbpf: refactor relocation handling
  b1cd609d9b51 bpf: Add base proto function for cgroup-bpf programs
  c83fef6bc562 bpf: sync {btf, bpf}.h uapi header from tools infrastructure
  2824ecb7010f bpf: allow for key-less BTF in array map
  7b146cebe30c bpf: Sysctl hook
  1dc92851849c bpf: kernel side support for BTF Var and DataSec
  808649fb787d bpf: Introduce bpf_sysctl_get_name helper
  1d11b3016cec bpf: Introduce bpf_sysctl_get_current_value helper
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 5.3 00/48] 5.3.12-stable review 57 (57) 2019/11/20 06:00
[PATCH net] net/smc: fix fastopen for non-blocking connect() 2 (2) 2019/11/16 21:04
WARNING in smc_unhash_sk (3) 0 (1) 2019/08/28 06:38
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in smc_unhash_sk s390 net C 155731 2317d 2479d 8/28 fixed on 2018/08/07 13:43
upstream WARNING in smc_unhash_sk (2) C done 1047 1929d 2065d 12/28 fixed on 2019/08/27 17:15

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 9349 at include/net/sock.h:666 sk_del_node_init include/net/sock.h:666 [inline]
WARNING: CPU: 1 PID: 9349 at include/net/sock.h:666 smc_unhash_sk+0x1ea/0x260 net/smc/af_smc.c:96
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9349 Comm: syz-executor914 Not tainted 5.4.0-rc5+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x35 kernel/panic.c:582
 report_bug+0x289/0x300 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:179 [inline]
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028
RIP: 0010:sk_del_node_init include/net/sock.h:666 [inline]
RIP: 0010:smc_unhash_sk+0x1ea/0x260 net/smc/af_smc.c:96
Code: ff ff ff ff e8 77 3c 8b fe e8 52 47 5d fa 4c 89 ef e8 fa 81 38 00 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 36 47 5d fa <0f> 0b eb 86 4c 89 e7 e8 1a a6 98 fa e9 5f ff ff ff e8 30 a6 98 fa
RSP: 0018:ffff88808c867d00 EFLAGS: 00010293
RAX: ffff888080950080 RBX: ffff88809168f280 RCX: ffffffff8715d9fe
RDX: 0000000000000000 RSI: ffffffff8715da7a RDI: 0000000000000005
RBP: ffff88808c867d30 R08: ffff888080950080 R09: ffffed10122d1e61
R10: ffffed10122d1e60 R11: ffff88809168f303 R12: ffff88809168f300
R13: ffffffff89bada80 R14: ffff88809168f2a8 R15: 0000000000000001
 __smc_release+0x202/0x450 net/smc/af_smc.c:146
 smc_release+0x10c/0x380 net/smc/af_smc.c:185
 __sock_release+0xce/0x280 net/socket.c:590
 sock_close+0x1e/0x30 net/socket.c:1268
 __fput+0x2ff/0x890 fs/file_table.c:280
 ____fput+0x16/0x20 fs/file_table.c:313
 task_work_run+0x145/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_usermode_loop+0x316/0x380 arch/x86/entry/common.c:163
 prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
 do_syscall_64+0x65f/0x760 arch/x86/entry/common.c:300
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x401ff0
Code: 01 f0 ff ff 0f 83 40 0d 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 3d 8b 2d 00 00 75 14 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 14 0d 00 00 c3 48 83 ec 08 e8 7a 02 00 00
RSP: 002b:00007fff526a9a18 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000401ff0
RDX: 0000000000000017 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 0000000000015008 R08: 0000000000000004 R09: 0000000200000000
R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000403220 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (362):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/31 04:54 upstream 320000e72ec0 a41ca8fa .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/10/26 09:25 upstream 8caacaad78b6 413926c5 .config console log report syz C ci-upstream-kasan-gce-root
2019/10/25 10:57 upstream 39a38bcba4ab d01bb02a .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/10/23 08:13 upstream 3b7c59a1950c d0686497 .config console log report syz C ci-upstream-kasan-gce
2019/08/27 19:09 upstream a55aa89aab90 d21c5d9d .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/08/27 18:48 upstream a55aa89aab90 d21c5d9d .config console log report syz C ci-upstream-kasan-gce
2019/08/27 18:31 upstream a55aa89aab90 d21c5d9d .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/08/27 18:12 upstream a55aa89aab90 d21c5d9d .config console log report syz C ci-upstream-kasan-gce-root
2019/10/23 08:58 upstream 3b7c59a1950c d0686497 .config console log report syz C ci-upstream-kasan-gce-386
2019/08/27 18:34 upstream a55aa89aab90 d21c5d9d .config console log report syz C ci-upstream-kasan-gce-386
2019/10/23 08:14 net-old 6c5d9c2a6bed d0686497 .config console log report syz C ci-upstream-net-this-kasan-gce
2019/08/27 18:39 net-old f53a7ad18959 d21c5d9d .config console log report syz C ci-upstream-net-this-kasan-gce
2019/08/28 02:02 net-next-old d00ee466a07e fd37b39e .config console log report syz C ci-upstream-net-kasan-gce
2019/08/28 04:37 linux-next ed2393ca0910 fd37b39e .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2019/10/30 20:43 upstream 320000e72ec0 a41ca8fa .config console log report ci-upstream-kasan-gce-smack-root
2019/10/30 16:34 upstream 320000e72ec0 5ea87a66 .config console log report ci-upstream-kasan-gce-root
2019/10/30 15:07 upstream 320000e72ec0 5ea87a66 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/30 13:32 upstream 23fdb198ae81 5ea87a66 .config console log report ci-upstream-kasan-gce-root
2019/10/30 01:10 upstream 23fdb198ae81 5ea87a66 .config console log report ci-upstream-kasan-gce
2019/10/29 21:29 upstream 23fdb198ae81 5ea87a66 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/28 23:22 upstream 9e5eefba3d09 439d7b14 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/28 13:49 upstream 9e5eefba3d09 25bb509e .config console log report ci-upstream-kasan-gce-smack-root
2019/10/28 00:19 upstream d6d5df1db6e9 25bb509e .config console log report ci-upstream-kasan-gce-smack-root
2019/10/27 19:01 upstream 5a1e843c66fa 25bb509e .config console log report ci-upstream-kasan-gce
2019/10/23 18:18 upstream 13b86bc4cd64 b602d64b .config console log report ci-upstream-kasan-gce-root
2019/10/21 13:44 upstream 7d194c2100ad b24d2b8a .config console log report ci-upstream-kasan-gce-selinux-root
2019/10/20 21:44 upstream 4fe34d61a3a9 8c88c9c1 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/20 18:08 upstream 4fe34d61a3a9 8c88c9c1 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/20 14:47 upstream 4fe34d61a3a9 8c88c9c1 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/20 09:45 upstream 531e93d11470 8c88c9c1 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/20 06:03 upstream 531e93d11470 8c88c9c1 .config console log report ci-upstream-kasan-gce-smack-root
2019/10/19 20:58 upstream 998d75510e37 8c88c9c1 .config console log report ci-upstream-kasan-gce-selinux-root
2019/10/19 08:18 upstream b9959c7a347d 8c88c9c1 .config console log report ci-upstream-kasan-gce
2019/10/18 16:11 upstream 0e2adab6cf28 8c88c9c1 .config console log report ci-upstream-kasan-gce
2019/10/18 03:52 upstream 283ea345934d 8c88c9c1 .config console log report ci-upstream-kasan-gce
2019/10/15 13:42 upstream 5bc52f64e884 b5268b89 .config console log report ci-upstream-kasan-gce
2019/10/15 11:32 upstream 5bc52f64e884 b5268b89 .config console log report ci-upstream-kasan-gce-selinux-root
2019/10/30 22:03 upstream 320000e72ec0 a41ca8fa .config console log report ci-upstream-kasan-gce-386
2019/10/24 08:51 upstream 13b86bc4cd64 d01bb02a .config console log report ci-upstream-kasan-gce-386
2019/10/23 02:24 upstream 3b7c59a1950c 5681358a .config console log report ci-upstream-kasan-gce-386
2019/10/19 22:31 upstream 998d75510e37 8c88c9c1 .config console log report ci-upstream-kasan-gce-386
2019/11/26 03:20 net-old 32085f25d7b6 f746151a .config console log report ci-upstream-net-this-kasan-gce
2019/11/24 09:20 net-old 34c36f4564b8 598ca6c8 .config console log report ci-upstream-net-this-kasan-gce
2019/11/16 00:37 net-old a9a51bd727d1 cdac920b .config console log report ci-upstream-net-this-kasan-gce
2019/11/13 04:27 net-old 6d6dd528d5af 048f2d49 .config console log report ci-upstream-net-this-kasan-gce
2019/10/30 05:55 net-old 55793d2a431c 5ea87a66 .config console log report ci-upstream-net-this-kasan-gce
2019/10/28 10:35 net-old fc11078dd351 25bb509e .config console log report ci-upstream-net-this-kasan-gce
2019/10/25 01:24 net-old 76db2d466f6a d01bb02a .config console log report ci-upstream-net-this-kasan-gce
2019/10/22 19:11 net-old b30605319794 5681358a .config console log report ci-upstream-net-this-kasan-gce
2019/10/21 16:10 net-old 531e93d11470 b24d2b8a .config console log report ci-upstream-net-this-kasan-gce
2019/10/21 14:57 net-old 531e93d11470 b24d2b8a .config console log report ci-upstream-net-this-kasan-gce
2019/10/20 02:45 net-old bd310aca442f 8c88c9c1 .config console log report ci-upstream-net-this-kasan-gce
2019/10/18 01:15 net-old af0de1303c4e 8c88c9c1 .config console log report ci-upstream-net-this-kasan-gce
2019/10/17 12:55 net-old e497c20e2036 8c88c9c1 .config console log report ci-upstream-net-this-kasan-gce
2019/10/14 21:36 net-old 33902b4a4227 05ad7292 .config console log report ci-upstream-net-this-kasan-gce
2019/10/21 21:17 net-next-old 13faf7718522 b24d2b8a .config console log report ci-upstream-net-kasan-gce
2019/10/21 19:32 net-next-old 13faf7718522 b24d2b8a .config console log report ci-upstream-net-kasan-gce
2019/10/17 23:32 net-next-old a8c41a68076e 8c88c9c1 .config console log report ci-upstream-net-kasan-gce
2019/10/17 15:56 net-next-old 2203cbf2c8b5 8c88c9c1 .config console log report ci-upstream-net-kasan-gce
2019/10/16 08:28 net-next-old 14f2cf607ccd d4ea592f .config console log report ci-upstream-net-kasan-gce
2019/10/14 17:31 net-next-old 7e0d15ee0d8b 05ad7292 .config console log report ci-upstream-net-kasan-gce
2019/10/15 08:18 linux-next 0e9d28bc6c81 05ad7292 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.