syzbot


WARNING in refcount_sub_and_test

Status: fixed on 2018/03/12 10:10
Subsystems: sctp
[Documentation on labels]
Reported-by: syzbot+a004c8dcbae7c160bf1bbd6e6af2e9cf4fa54f84@syzkaller.appspotmail.com
Fix commit: d04adf1b3551 sctp: reset owner sk for data chunks on out queues when migrating a sock
First crash: 2691d, last: 2495d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in refcount_sub_and_test (2) net C 2 2439d 2440d 0/28 closed as dup on 2018/04/01 10:35

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2990 at lib/refcount.c:186 refcount_sub_and_test+0x167/0x1b0 lib/refcount.c:186
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 2990 Comm: syzkaller520154 Not tainted 4.14.0-rc6+ #56
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:52
 panic+0x1e4/0x417 kernel/panic.c:181
 __warn+0x1c4/0x1d9 kernel/panic.c:542
 report_bug+0x211/0x2d0 lib/bug.c:183
 fixup_bug+0x40/0x90 arch/x86/kernel/traps.c:178
 do_trap_no_signal arch/x86/kernel/traps.c:212 [inline]
 do_trap+0x260/0x390 arch/x86/kernel/traps.c:261
 do_error_trap+0x120/0x390 arch/x86/kernel/traps.c:298
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:311
 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:905
RIP: 0010:refcount_sub_and_test+0x167/0x1b0 lib/refcount.c:186
RSP: 0018:ffff8801d1ff6858 EFLAGS: 00010286
RAX: 0000000000000026 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000026 RSI: 1ffff1003a3feccb RDI: ffffed003a3fecff
RBP: ffff8801d1ff68e8 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003a3fed0c
R13: 00000000ffffff01 R14: 0000000000000100 R15: ffff8801d1fd52bc
 sctp_wfree+0x183/0x620 net/sctp/socket.c:7760
 skb_release_head_state+0x124/0x200 net/core/skbuff.c:616
 skb_release_all+0x15/0x60 net/core/skbuff.c:629
 __kfree_skb net/core/skbuff.c:645 [inline]
 consume_skb+0x153/0x490 net/core/skbuff.c:705
 sctp_chunk_destroy net/sctp/sm_make_chunk.c:1437 [inline]
 sctp_chunk_put+0x29c/0x420 net/sctp/sm_make_chunk.c:1464
 sctp_chunk_free+0x53/0x60 net/sctp/sm_make_chunk.c:1451
 __sctp_outq_teardown+0xc7d/0x15a0 net/sctp/outqueue.c:264
 sctp_outq_free+0x15/0x20 net/sctp/outqueue.c:284
 sctp_association_free+0x2d0/0x930 net/sctp/associola.c:357
 sctp_cmd_delete_tcb net/sctp/sm_sideeffect.c:919 [inline]
 sctp_cmd_interpreter net/sctp/sm_sideeffect.c:1333 [inline]
 sctp_side_effects net/sctp/sm_sideeffect.c:1200 [inline]
 sctp_do_sm+0x28e7/0x6dd0 net/sctp/sm_sideeffect.c:1171
 sctp_primitive_SHUTDOWN+0xa0/0xd0 net/sctp/primitive.c:104
 sctp_close+0x3c6/0x980 net/sctp/socket.c:1532
 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:425
 sock_release+0x8d/0x1e0 net/socket.c:597
 sock_close+0x16/0x20 net/socket.c:1126
 __fput+0x327/0x7e0 fs/file_table.c:210
 ____fput+0x15/0x20 fs/file_table.c:244
 task_work_run+0x199/0x270 kernel/task_work.c:112
 get_signal+0x1343/0x16d0 kernel/signal.c:2164
 do_signal+0x94/0x1ee0 arch/x86/kernel/signal.c:808
 exit_to_usermode_loop+0x214/0x310 arch/x86/entry/common.c:158
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:266 [inline]
 do_syscall_32_irqs_on arch/x86/entry/common.c:335 [inline]
 do_fast_syscall_32+0x83e/0xf05 arch/x86/entry/common.c:391
 entry_SYSENTER_compat+0x51/0x60 arch/x86/entry/entry_64_compat.S:124
RIP: 0023:0xf7fdcc79
RSP: 002b:00000000f67d51ec EFLAGS: 00000296 ORIG_RAX: 000000000000016c
RAX: fffffffffffffff2 RBX: 0000000000000003 RCX: 0000000020b53ff0
RDX: 0000000020137ffc RSI: 0000000000080000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (75150):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/10/25 08:10 upstream ae59df0349ba 3d7d860f .config console log report syz C ci-upstream-kasan-gce
2017/10/25 07:55 upstream ae59df0349ba 3d7d860f .config console log report syz C ci-upstream-kasan-gce
2017/10/06 00:20 upstream 0f380715e51f c26ea367 .config console log report syz C ci-upstream-kasan-gce
2017/10/06 00:11 upstream 0f380715e51f c26ea367 .config console log report syz C ci-upstream-kasan-gce
2017/09/25 10:00 upstream e19b205be43d c26ea367 .config console log report syz C ci-upstream-kasan-gce
2017/08/28 17:45 upstream cc4a41fe5541 0b652d72 .config console log report syz C ci-upstream-kasan-gce
2017/08/26 05:59 upstream b3242dba9ff2 9ec49e08 .config console log report syz C ci-upstream-kasan-gce
2017/08/22 11:44 upstream 6470812e2226 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/21 02:04 upstream 7f680d7ec315 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/20 23:13 upstream 7f680d7ec315 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/20 22:44 upstream 7f680d7ec315 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/20 21:20 upstream 7f680d7ec315 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/20 17:27 upstream 58d4e450a490 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/20 09:37 upstream 58d4e450a490 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/20 08:09 upstream 58d4e450a490 f238fbd4 .config console log report syz C ci-upstream-kasan-gce
2017/08/18 07:06 upstream 99f781b1bfc1 172189e9 .config console log report syz C ci-upstream-kasan-gce
2017/08/12 09:38 upstream 216e4a1def29 360f0528 .config console log report syz C ci-upstream-kasan-gce
2017/08/11 19:06 upstream 8001a975f955 a0330c0f .config console log report syz C ci-upstream-kasan-gce
2017/08/11 17:55 upstream 8001a975f955 a0330c0f .config console log report syz C ci-upstream-kasan-gce
2017/08/07 05:55 upstream 6ea1bc9b1a05 f5040a63 .config console log report syz C ci-upstream-kasan-gce
2017/08/07 03:07 upstream 6ea1bc9b1a05 f5040a63 .config console log report syz C ci-upstream-kasan-gce
2017/08/06 07:59 upstream 0fdd951c9bef f5040a63 .config console log report syz C ci-upstream-kasan-gce
2017/08/05 15:33 upstream ef9ca02baa87 f5040a63 .config console log report syz C ci-upstream-kasan-gce
2017/08/04 08:58 upstream 8d3fe85f07a9 f5040a63 .config console log report syz C ci-upstream-kasan-gce
2017/08/01 01:57 upstream 2e7ca2064cbb 864b7ea2 .config console log report syz C ci-upstream-kasan-gce
2017/07/22 13:23 upstream 82abbea734d6 d67f590c .config console log report syz C ci-upstream-kasan-gce
2017/10/24 12:07 upstream 6cff0a118f23 92f543f0 .config console log report syz C ci-upstream-kasan-gce-386
2017/10/24 11:53 upstream 6cff0a118f23 92f543f0 .config console log report syz C ci-upstream-kasan-gce-386
2017/10/20 12:05 upstream ce43f4fd6f10 4d9c0713 .config console log report syz C ci-upstream-kasan-gce-386
2017/10/20 11:43 upstream ce43f4fd6f10 4d9c0713 .config console log report syz C ci-upstream-kasan-gce-386
2017/09/27 00:28 upstream e365806ac289 c26ea367 .config console log report syz C ci-upstream-kasan-gce-386
2017/09/26 20:28 upstream e365806ac289 c26ea367 .config console log report syz C ci-upstream-kasan-gce-386
2017/09/26 14:42 upstream e365806ac289 c26ea367 .config console log report syz C ci-upstream-kasan-gce-386
2017/09/26 13:37 upstream e365806ac289 c26ea367 .config console log report syz C ci-upstream-kasan-gce-386
2017/10/25 08:09 net-next-old 6a331e1513af 3d7d860f .config console log report syz C ci-upstream-net-kasan-gce
2017/10/24 12:06 net-next-old 49ca1943a7ad 92f543f0 .config console log report syz C ci-upstream-net-kasan-gce
2017/10/20 11:53 net-next-old d18b4b35e310 4d9c0713 .config console log report syz C ci-upstream-net-kasan-gce
2017/10/05 23:57 net-next-old 4b54db137575 c26ea367 .config console log report syz C ci-upstream-net-kasan-gce
2017/09/28 16:58 net-next-old 14a0d032f4ec c26ea367 .config console log report syz C ci-upstream-net-kasan-gce
2017/08/28 17:27 net-next-old 901c5d2fbfcd 0b652d72 .config console log report syz C ci-upstream-net-kasan-gce
2017/08/26 05:59 net-next-old ec15ecdee5eb 4074aed7 .config console log report syz C ci-upstream-net-kasan-gce
2017/08/19 05:11 net-next-old 1547f538c145 4802b0fb .config console log report syz C ci-upstream-net-kasan-gce
2017/08/18 03:30 net-next-old 8c37bc677af3 172189e9 .config console log report syz C ci-upstream-net-kasan-gce
2017/08/17 14:50 net-next-old f03b488b2fb1 2dfba870 .config console log report syz C ci-upstream-net-kasan-gce
2017/08/15 14:08 net-next-old cb44a8606f06 6a0246bf .config console log report syz C ci-upstream-net-kasan-gce
2017/08/15 13:08 net-next-old cb44a8606f06 6a0246bf .config console log report syz C ci-upstream-net-kasan-gce
2017/08/15 04:04 net-next-old cb44a8606f06 6a0246bf .config console log report syz C ci-upstream-net-kasan-gce
2017/08/11 22:25 net-next-old 3b2b69efeca7 a0330c0f .config console log report syz C ci-upstream-net-kasan-gce
2017/10/29 08:59 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/29 06:17 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/29 05:51 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/28 15:35 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/27 05:35 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/25 23:20 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/25 23:03 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/25 08:09 linux-next 36ef71cae353 e511d9f8 .config console log report syz C skylake-linux-next-kasan-qemu
2017/10/25 08:09 mmots 0f611fb6dcc0 e0a2b195 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/10/24 12:49 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/24 12:07 mmots 0f611fb6dcc0 e0a2b195 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/10/20 11:44 mmots 65302eba00ae 4d9c0713 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/10/20 11:43 linux-next 36ef71cae353 e511d9f8 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/06 00:10 linux-next 1418b852174a c26ea367 .config console log report syz C ci-upstream-next-kasan-gce
2017/09/28 17:24 mmots da2915ba6bbf c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/18 05:48 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/17 18:45 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/17 12:50 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/16 06:42 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/16 05:26 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/16 03:32 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 21:46 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 21:34 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 19:13 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 06:15 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 04:13 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 03:48 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 02:27 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 00:32 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/15 00:03 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/14 17:34 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/14 16:30 mmots 720bbe532b7c c26ea367 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/13 03:38 mmots 114c278181ca 96b8e399 .config console log report syz C ci-upstream-mmots-kasan-gce
2017/09/05 17:54 linux-next 744c56def809 0ed1da4a .config console log report syz C skylake-linux-next-kasan-qemu
2017/09/05 15:09 linux-next 744c56def809 0ed1da4a .config console log report syz C skylake-linux-next-kasan-qemu
2017/09/05 14:35 linux-next 744c56def809 0ed1da4a .config console log report syz C skylake-linux-next-kasan-qemu
2017/08/28 18:33 linux-next adc4148c101c be291771 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/28 17:49 linux-next adc4148c101c be291771 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/26 05:58 linux-next 7159188b70e3 4074aed7 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/26 05:49 linux-next 7159188b70e3 4074aed7 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/25 10:20 linux-next 7159188b70e3 4074aed7 .config console log report syz C skylake-linux-next-kasan-qemu
2017/08/25 10:10 linux-next 7159188b70e3 4074aed7 .config console log report syz C skylake-linux-next-kasan-qemu
2017/08/19 05:02 linux-next bb70832dd42b f238fbd4 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/19 04:57 linux-next bb70832dd42b f238fbd4 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/18 03:45 linux-next bb70832dd42b f238fbd4 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/18 03:35 linux-next bb70832dd42b f238fbd4 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/17 15:08 linux-next bb70832dd42b f238fbd4 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/17 02:19 linux-next 5d51332f20b2 f93be584 .config console log report syz C skylake-linux-next-kasan-qemu
2017/08/15 15:24 linux-next 497247033eb1 6a0246bf .config console log report syz C skylake-linux-next-kasan-qemu
2017/08/15 14:40 linux-next 497247033eb1 6a0246bf .config console log report syz C skylake-linux-next-kasan-qemu
2017/08/15 13:24 linux-next 497247033eb1 6a0246bf .config console log report syz C skylake-linux-next-kasan-qemu
2017/08/15 04:18 linux-next 91dfed74eabc 6a0246bf .config console log report syz C ci-upstream-next-kasan-gce
2017/08/15 04:08 linux-next 91dfed74eabc 6a0246bf .config console log report syz C ci-upstream-next-kasan-gce
2017/08/11 23:46 linux-next 91dfed74eabc 360f0528 .config console log report syz C ci-upstream-next-kasan-gce
2017/08/11 23:30 linux-next 91dfed74eabc 360f0528 .config console log report syz C ci-upstream-next-kasan-gce
2017/10/01 22:31 upstream 368f89984bb9 c26ea367 .config console log report syz ci-upstream-kasan-gce
2017/09/08 21:37 upstream 5969d1bb3082 d18bfda0 .config console log report syz ci-upstream-kasan-gce
2017/08/04 00:30 upstream 8d3fe85f07a9 f5040a63 .config console log report syz ci-upstream-kasan-gce
2017/07/22 22:22 upstream 82abbea734d6 d67f590c .config console log report syz ci-upstream-kasan-gce
2017/07/22 14:45 upstream 82abbea734d6 d67f590c .config console log report syz ci-upstream-kasan-gce
2017/07/22 14:17 upstream 82abbea734d6 d67f590c .config console log report syz ci-upstream-kasan-gce
2017/07/22 13:57 upstream 82abbea734d6 d67f590c .config console log report syz ci-upstream-kasan-gce
2017/07/22 13:43 upstream 82abbea734d6 d67f590c .config console log report syz ci-upstream-kasan-gce
2017/07/22 13:03 upstream 82abbea734d6 d67f590c .config console log report syz ci-upstream-kasan-gce
2017/10/24 03:19 upstream 6cff0a118f23 92f543f0 .config console log report syz ci-upstream-kasan-gce-386
2017/10/24 03:04 upstream 6cff0a118f23 92f543f0 .config console log report syz ci-upstream-kasan-gce-386
2017/10/24 03:20 net-next-old 058c8d591241 92f543f0 .config console log report syz ci-upstream-net-kasan-gce
2017/08/17 02:14 net-next-old 251564f601a2 f93be584 .config console log report syz ci-upstream-net-kasan-gce
2017/10/24 03:19 linux-next 36ef71cae353 e511d9f8 .config console log report syz ci-upstream-next-kasan-gce
2017/10/24 03:19 mmots 0f611fb6dcc0 e0a2b195 .config console log report syz ci-upstream-mmots-kasan-gce
2017/09/08 21:35 linux-next 58bcd35f859b d18bfda0 .config console log report syz skylake-linux-next-kasan-qemu
2017/09/08 21:27 linux-next 58bcd35f859b d18bfda0 .config console log report syz skylake-linux-next-kasan-qemu
2018/02/02 17:21 upstream 4bf772b14675 632a8c2c .config console log report ci-upstream-kasan-gce
2018/02/02 09:16 upstream 4bf772b14675 826b35d6 .config console log report ci-upstream-kasan-gce
2018/01/30 21:05 upstream 6304672b7f0a a899be78 .config console log report ci-upstream-kasan-gce
2018/01/25 07:02 upstream 5132ede0fe80 866f1102 .config console log report ci-upstream-kasan-gce
2017/10/24 23:39 upstream ae59df0349ba 3d7d860f .config console log report ci-upstream-kasan-gce
2017/10/28 02:43 net-next-old c859e21a35ce 80c74880 .config console log report ci-upstream-net-kasan-gce
2017/10/16 21:58 net-next-old 833e0e2f24fd 441d64d9 .config console log report ci-upstream-net-kasan-gce
2017/10/06 06:21 net-next-old 53954cf8c5d2 c26ea367 .config console log report ci-upstream-net-kasan-gce
2017/10/05 16:14 net-next-old 4b54db137575 c26ea367 .config console log report ci-upstream-net-kasan-gce
2017/10/02 14:11 net-next-old b80ccfe9bbca c26ea367 .config console log report ci-upstream-net-kasan-gce
2017/09/17 15:31 net-next-old 2bd6bf03f4c1 96b8e399 .config console log report ci-upstream-net-kasan-gce
2017/09/14 15:59 net-next-old ad9a19d00370 96b8e399 .config console log report ci-upstream-net-kasan-gce
2017/09/01 06:41 net-next-old e12f1a5952c9 4ccdd782 .config console log report ci-upstream-net-kasan-gce
2017/09/01 05:52 net-next-old e12f1a5952c9 4ccdd782 .config console log report ci-upstream-net-kasan-gce
2017/08/31 03:16 net-next-old d35d6e92caa0 ed7f9598 .config console log report ci-upstream-net-kasan-gce
2017/08/28 05:40 net-next-old 901c5d2fbfcd 0b652d72 .config console log report ci-upstream-net-kasan-gce
2017/08/26 19:20 net-next-old ec15ecdee5eb 4074aed7 .config console log report ci-upstream-net-kasan-gce
2017/08/24 09:46 net-next-old 110d8465a66a 3f1aca48 .config console log report ci-upstream-net-kasan-gce
2017/08/22 11:41 net-next-old e2a7c34fb285 f238fbd4 .config console log report ci-upstream-net-kasan-gce
2017/08/21 22:14 net-next-old 0c45d7fe12c7 f238fbd4 .config console log report ci-upstream-net-kasan-gce
2017/08/14 04:56 net-next-old d0225784be6c 360f0528 .config console log report ci-upstream-net-kasan-gce
2017/08/12 11:15 net-next-old aa69ff9e9c32 360f0528 .config console log report ci-upstream-net-kasan-gce
2018/01/18 00:19 mmots ce3c209f6733 b8970f31 .config console log report ci-upstream-mmots-kasan-gce
2017/09/08 00:14 linux-next c6be5a0e3ceb 0ed1da4a .config console log report skylake-linux-next-kasan-qemu
2017/08/13 07:27 linux-next 91dfed74eabc 360f0528 .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.