syzbot


WARNING in sk_stream_kill_queues (3)

Status: fixed on 2019/11/26 19:44
Reported-by: syzbot+13e1ee9caeab5a9abc62@syzkaller.appspotmail.com
Fix commit: 9354544cbccf net/tls: fix page double free on TX cleanup
First crash: 1549d, last: 1165d

Cause bisection: introduced by (bisect log) :
commit 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
Author: Dave Watson <davejwatson@fb.com>
Date: Wed Jun 14 18:37:39 2017 +0000

  tls: kernel TLS support

Crash: WARNING in sk_stream_kill_queues (log)
Repro: C syz .config
similar bugs (8):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in sk_stream_kill_queues (4) C done done 6 899d 903d 17/23 fixed on 2020/06/30 18:57
upstream WARNING in sk_stream_kill_queues (7) C 6689 161d 279d 22/23 fixed on 2022/03/08 16:11
upstream WARNING in sk_stream_kill_queues (5) C done 4684 494d 624d 22/23 fixed on 2021/04/09 19:46
upstream WARNING in sk_stream_kill_queues (8) C unreliable 49 2d12h 48d 0/23 upstream: reported C repro on 2022/06/29 17:41
upstream WARNING in sk_stream_kill_queues (2) C 124 1625d 1686d 0/23 closed as dup on 2018/01/03 23:44
upstream WARNING in sk_stream_kill_queues (6) C 11376 279d 494d 22/23 fixed on 2021/11/10 00:50
upstream WARNING in sk_stream_kill_queues syz 96 1826d 1829d 3/23 fixed on 2017/11/07 20:45
linux-4.19 WARNING in sk_stream_kill_queues C error 4 43d 148d 0/1 upstream: reported C repro on 2022/03/21 10:58

Sample crash report:
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
WARNING: CPU: 0 PID: 6301 at net/core/stream.c:206 sk_stream_kill_queues+0x3e7/0x540 net/core/stream.c:206
WARNING: CPU: 1 PID: 6302 at net/core/stream.c:206 sk_stream_kill_queues+0x3e7/0x540 net/core/stream.c:206
Kernel panic - not syncing: panic_on_warn set ...

Modules linked in:
CPU: 0 PID: 6301 Comm: syz-executor035 Not tainted 4.18.0-rc7+ #172
CPU: 1 PID: 6302 Comm: syz-executor035 Not tainted 4.18.0-rc7+ #172
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
RIP: 0010:sk_stream_kill_queues+0x3e7/0x540 net/core/stream.c:206
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
Code: 
48 
 panic+0x238/0x4e7 kernel/panic.c:184
c1 
ea 
03 
0f 
b6 
 __warn.cold.8+0x163/0x1ba kernel/panic.c:536
04 
02 
 report_bug+0x252/0x2d0 lib/bug.c:186
84 c0 
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
74 
04 
3c 03 
7e 
41 44 
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
8b 
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
a3 
RIP: 0010:sk_stream_kill_queues+0x3e7/0x540 net/core/stream.c:206
f0 
Code: 
01 
48 
00 
c1 ea 
00 
03 0f 
e9 
b6 
5f 
04 
ff 
02 
ff 
84 
ff 
c0 
e8 
74 
02 
04 
02 
3c 
71 
03 
fc 
7e 
0f 
41 
0b 
44 
eb 
8b 
96 
a3 
e8 
f0 
f9 
01 00 
01 
00 
71 
e9 
fc 
5f 
<0f> 
ff 
0b 
ff 
eb 
ff 
a1 
e8 
e8 
02 
f0 
02 
01 
71 fc 
71 
0f 0b 
fc 
eb 
0f 
96 
0b 
e8 
e9 
f9 
9f 
01 
fe 
71 fc 
ff ff 
<0f> 
4c 
0b 
89 
eb 
ef 
a1 e8 
e8 
f0 
e1 
01 
de 
71 
fc 
RSP: 0018:ffff8801b2a3f638 EFLAGS: 00010293
0f 
0b e9 
RAX: ffff8801c51f2240 RBX: 0000000000000000 RCX: ffffffff850b15d7
9f 
RDX: 0000000000000000 RSI: ffffffff850b1637 RDI: 0000000000000005
fe ff 
RBP: ffff8801b2a3f678 R08: ffff8801c51f2240 R09: ffffed003b6246d6
ff 
R10: ffffed003b6246d6 R11: ffff8801db1236b3 R12: 0000000000000fe3
4c 
R13: ffff8801cba8ceb0 R14: ffffffff8a349b40 R15: 0000000000000007
89 
FS:  00007ffba4095700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
ef 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
e8 
CR2: 00000000004cdab0 CR3: 00000001ba552000 CR4: 00000000001406e0
e1 
Call Trace:
de 
 inet_csk_destroy_sock+0x1a7/0x440 net/ipv4/inet_connection_sock.c:828
 tcp_close+0xb89/0x12d0 net/ipv4/tcp.c:2484
RSP: 0018:ffff8801b243f638 EFLAGS: 00010293
RAX: ffff8801ca990580 RBX: 0000000000000000 RCX: ffffffff850b15d7
RDX: 0000000000000000 RSI: ffffffff850b1637 RDI: 0000000000000005
RBP: ffff8801b243f678 R08: ffff8801ca990580 R09: ffffed003b6046d6
R10: ffffed003b6046d6 R11: ffff8801db0236b3 R12: 0000000000000fe3
 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:427
R13: ffff8801caa922f0 R14: ffffffff8a349b40 R15: 0000000000000007
 __sock_release+0xd7/0x260 net/socket.c:600
 sock_close+0x19/0x20 net/socket.c:1151
 __fput+0x355/0x8b0 fs/file_table.c:209
 inet_csk_destroy_sock+0x1a7/0x440 net/ipv4/inet_connection_sock.c:828
 tcp_close+0xb89/0x12d0 net/ipv4/tcp.c:2484
 ____fput+0x15/0x20 fs/file_table.c:243
 task_work_run+0x1ec/0x2a0 kernel/task_work.c:113
 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:427
 get_signal+0x1559/0x1970 kernel/signal.c:2298
 __sock_release+0xd7/0x260 net/socket.c:600
 sock_close+0x19/0x20 net/socket.c:1151
 __fput+0x355/0x8b0 fs/file_table.c:209
 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816
 ____fput+0x15/0x20 fs/file_table.c:243
 task_work_run+0x1ec/0x2a0 kernel/task_work.c:113
 get_signal+0x1559/0x1970 kernel/signal.c:2298
 exit_to_usermode_loop+0x2e0/0x370 arch/x86/entry/common.c:162
 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446d19
Code: 
e8 4c 
e7 
ff 
 exit_to_usermode_loop+0x2e0/0x370 arch/x86/entry/common.c:162
ff 
48 
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
83 
c4 
18 
c3 
0f 
1f 
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
80 
RIP: 0033:0x446d19
00 
Code: 
00 
e8 
00 
4c 
00 
e7 
48 
ff 
89 
ff 
f8 
48 
48 
83 
89 
c4 
f7 
18 
48 
c3 
89 
0f 
d6 
1f 
48 
80 
89 
00 
ca 
00 
4d 
00 
89 
00 
c2 
48 
4d 
89 
89 
f8 
c8 
48 
4c 
89 
8b 
f7 
4c 
48 
24 
89 
08 
d6 
0f 
48 
05 
89 
<48> 
ca 
3d 
4d 
01 
89 
f0 
c2 
ff 
4d 
ff 
89 
0f 
c8 
83 
4c 
3b 
8b 
08 
4c 
fc 
24 
ff 
08 0f 
c3 
05 
66 
<48> 3d 
2e 
01 
0f 
f0 
1f 
ff 
84 
ff 
00 
0f 
00 
83 
00 
3b 
00 
08 
fc 
RSP: 002b:00007ffba4094da8 EFLAGS: 00000293
ff 
 ORIG_RAX: 0000000000000036
c3 
RAX: 0000000000000000 RBX: 00000000006dcc58 RCX: 0000000000446d19
66 2e 
RDX: 0000000000000001 RSI: 0000000000000029 RDI: 0000000000000005
0f 
RBP: 00000000006dcc50 R08: 0000000000000004 R09: 0000000000000000
1f 84 
R10: 0000000020000240 R11: 0000000000000293 R12: 00000000006dcc5c
00 
R13: d5979ab4093c3ebb R14: 0100000000000000 R15: 00000000006dcc50
00 
irq event stamp: 439
00 
hardirqs last  enabled at (438): [<ffffffff8166f883>] __call_rcu.constprop.67+0x3b3/0xc00 kernel/rcu/tree.c:2960
00 
hardirqs last disabled at (439): [<ffffffff86c01166>] error_entry+0x76/0xd0 arch/x86/entry/entry_64.S:1261
RSP: 002b:00007ffba4094da8 EFLAGS: 00000293
softirqs last  enabled at (410): [<ffffffff8506c9cc>] spin_unlock_bh include/linux/spinlock.h:355 [inline]
softirqs last  enabled at (410): [<ffffffff8506c9cc>] release_sock+0x1ec/0x2c0 net/core/sock.c:2862
softirqs last disabled at (412): [<ffffffff857e09b5>] sock_orphan include/net/sock.h:1720 [inline]
softirqs last disabled at (412): [<ffffffff857e09b5>] tcp_close+0x6f5/0x12d0 net/ipv4/tcp.c:2411
 ORIG_RAX: 0000000000000036
RAX: 0000000000000000 RBX: 00000000006dcc58 RCX: 0000000000446d19
---[ end trace 1d4a3dde5e0a37e4 ]---
RDX: 0000000000000001 RSI: 0000000000000029 RDI: 0000000000000005
RBP: 00000000006dcc50 R08: 0000000000000004 R09: 0000000000000000
WARNING: CPU: 1 PID: 6302 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x796/0x9c0 net/ipv4/af_inet.c:156
R10: 0000000020000240 R11: 0000000000000293 R12: 00000000006dcc5c
R13: d5979ab4093c3ebb R14: 0100000000000000 R15: 00000000006dcc50
Modules linked in:
CPU: 1 PID: 6302 Comm: syz-executor035 Tainted: G        W         4.18.0-rc7+ #172
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:inet_sock_destruct+0x796/0x9c0 net/ipv4/af_inet.c:156
Code: fb 41 80 ff 07 0f 84 78 fc ff ff e9 95 97 00 00 e8 ef 04 ef fb 44 89 f6 48 89 df e8 04 a8 79 ff e9 11 fc ff ff e8 da 04 ef fb <0f> 0b e9 62 fe ff ff e8 ce 04 ef fb 0f 0b e9 c8 fd ff ff e8 c2 04 
RSP: 0018:ffff8801b2a3f2d8 EFLAGS: 00010293
RAX: ffff8801c51f2240 RBX: ffff8801cba8ccc0 RCX: ffffffff858d11b6
RDX: 0000000000000000 RSI: ffffffff858d1356 RDI: 0000000000000005
RBP: ffff8801b2a3f408 R08: ffff8801c51f2240 R09: ffffed00397519df
R10: ffffed00397519df R11: ffff8801cba8ceff R12: ffff8801cba8cdf8
R13: ffff8801b2a3f3e0 R14: 0000000000000fe3 R15: 0000000000000000
FS:  00007ffba4095700(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004cdab0 CR3: 00000001ba552000 CR4: 00000000001406e0
Call Trace:
 __sk_destruct+0x107/0xa60 net/core/sock.c:1573
 sk_destruct+0x78/0x90 net/core/sock.c:1608
 __sk_free+0xcf/0x300 net/core/sock.c:1619
 sk_free+0x42/0x50 net/core/sock.c:1630
 sock_put include/net/sock.h:1667 [inline]
 tcp_close+0xd1e/0x12d0 net/ipv4/tcp.c:2491
 inet_release+0x104/0x1f0 net/ipv4/af_inet.c:427
 __sock_release+0xd7/0x260 net/socket.c:600
 sock_close+0x19/0x20 net/socket.c:1151
 __fput+0x355/0x8b0 fs/file_table.c:209
 ____fput+0x15/0x20 fs/file_table.c:243
 task_work_run+0x1ec/0x2a0 kernel/task_work.c:113
 get_signal+0x1559/0x1970 kernel/signal.c:2298
 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816
 exit_to_usermode_loop+0x2e0/0x370 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446d19
Code: e8 4c e7 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007ffba4094da8 EFLAGS: 00000293 ORIG_RAX: 0000000000000036
RAX: 0000000000000000 RBX: 00000000006dcc58 RCX: 0000000000446d19
RDX: 0000000000000001 RSI: 0000000000000029 RDI: 0000000000000005
RBP: 00000000006dcc50 R08: 0000000000000004 R09: 0000000000000000
R10: 0000000020000240 R11: 0000000000000293 R12: 00000000006dcc5c
R13: d5979ab4093c3ebb R14: 0100000000000000 R15: 00000000006dcc50
irq event stamp: 482
hardirqs last  enabled at (481): [<ffffffff814904a1>] __local_bh_enable_ip+0x161/0x230 kernel/softirq.c:194
hardirqs last disabled at (482): [<ffffffff86c01166>] error_entry+0x76/0xd0 arch/x86/entry/entry_64.S:1261
softirqs last  enabled at (480): [<ffffffff86e00780>] __do_softirq+0x780/0xb17 kernel/softirq.c:318
softirqs last disabled at (445): [<ffffffff86c00d4a>] do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1046
---[ end trace 1d4a3dde5e0a37e5 ]---
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (622):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2018/08/01 22:43 upstream 44960f2a7b63 0a7cf4ec .config log report syz C
ci-upstream-kasan-gce-root 2018/06/14 00:47 upstream be779f03d563 27c5f59f .config log report syz C
ci-upstream-net-this-kasan-gce 2018/08/01 17:37 net cb5c65688673 1477993e .config log report syz C
ci-upstream-net-kasan-gce 2018/08/01 19:10 net-next fea49f60c9b7 0a7cf4ec .config log report syz C
ci-upstream-kmsan-gce 2018/08/09 19:33 https://github.com/google/kmsan.git master 0cc51dc9a291 1fb62d58 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2018/08/02 12:03 linux-next d237c54d5b28 0a7cf4ec .config log report syz C
ci-upstream-kmsan-gce 2018/07/22 05:35 https://github.com/google/kmsan.git master d1c2a46a46f6 8cc079c3 .config log report syz C
ci-upstream-kmsan-gce 2018/06/14 01:54 https://github.com/google/kmsan.git master 81c310582f0e 27c5f59f .config log report syz C
ci-upstream-kasan-gce-root 2018/07/22 21:39 upstream 45ae4df92207 8cc079c3 .config log report syz
ci-upstream-kasan-gce 2018/07/22 07:58 upstream 490fc053865c 8cc079c3 .config log report syz
ci-upstream-kasan-gce-smack-root 2019/06/08 19:07 upstream 79c3ba3206c7 0159583c .config log report
ci-upstream-kasan-gce-root 2019/05/07 14:23 upstream 71ae5fc87c34 d28f4ce5 .config log report
ci-upstream-kasan-gce-smack-root 2019/05/03 17:50 upstream ea9866793d1e 1bfa09b9 .config log report
ci-upstream-kasan-gce-root 2019/04/30 18:11 upstream 83a50840e72a 618456b4 .config log report
ci-upstream-kasan-gce-root 2019/04/29 20:10 upstream 37624b58542f b617407b .config log report
ci-upstream-kasan-gce-root 2019/04/27 08:42 upstream baf76f0c58ae b617407b .config log report
ci-upstream-kasan-gce-smack-root 2019/04/26 15:52 upstream 8113a85f8720 b617407b .config log report
ci-upstream-kasan-gce-smack-root 2019/04/25 00:32 upstream ba25b50d582f 8e3c52b1 .config log report
ci-upstream-kasan-gce-smack-root 2019/04/24 15:35 upstream ba25b50d582f 8e3c52b1 .config log report
ci-upstream-kasan-gce 2019/04/15 15:29 upstream dc4060a5dc25 505ab413 .config log report
ci-upstream-kasan-gce 2019/04/10 11:17 upstream 0ee7fb36f988 65b612b7 .config log report
ci-upstream-kasan-gce-root 2019/04/07 16:57 upstream 3b0468914708 c34fde03 .config log report
ci-upstream-kasan-gce-386 2019/03/07 07:15 upstream afe6fe7036c6 18215b8d .config log report
ci-upstream-net-this-kasan-gce 2019/06/02 14:33 net e8d67fa5696e 53c81ea5 .config log report
ci-upstream-net-this-kasan-gce 2019/05/20 03:14 net 5a35c8ea7c40 5a4461b0 .config log report
ci-upstream-net-this-kasan-gce 2019/05/10 15:26 net 601e6bcc4ef0 cfeec859 .config log report
ci-upstream-net-this-kasan-gce 2019/05/09 04:03 net 80f232121b69 1ab4c999 .config log report
ci-upstream-net-this-kasan-gce 2019/05/08 07:26 net 982e826d31b1 a7383bfa .config log report
ci-upstream-net-this-kasan-gce 2019/04/30 08:02 net 6c0afef5fb0c 20f16bef .config log report
ci-upstream-net-this-kasan-gce 2019/04/29 22:19 net 2ae7a39770c7 b617407b .config log report
ci-upstream-net-this-kasan-gce 2019/04/27 21:05 net fdfdf86720a3 b617407b .config log report
ci-upstream-net-this-kasan-gce 2019/04/25 20:51 net cd8dead0c394 f46aabc8 .config log report
ci-upstream-net-this-kasan-gce 2019/04/21 17:25 net 12c768611132 b0e8efcb .config log report
ci-upstream-net-this-kasan-gce 2019/04/20 17:36 net d1bcf2b65177 b0e8efcb .config log report
ci-upstream-net-this-kasan-gce 2019/04/20 00:40 net 9188d5ca454f b0e8efcb .config log report
ci-upstream-net-this-kasan-gce 2019/04/19 21:45 net 9188d5ca454f b0e8efcb .config log report
ci-upstream-net-this-kasan-gce 2019/04/17 14:26 net 3b2e2904deb3 b0e8efcb .config log report
ci-upstream-net-this-kasan-gce 2019/04/17 07:27 net 3b2e2904deb3 b0e8efcb .config log report
ci-upstream-net-this-kasan-gce 2019/04/15 08:30 net c543cb4a5f07 505ab413 .config log report
ci-upstream-net-this-kasan-gce 2019/04/11 03:50 net f8d49bee4a5e e955ac50 .config log report
ci-upstream-net-this-kasan-gce 2019/04/06 00:14 net 7f46774c6480 fa763482 .config log report
ci-upstream-net-this-kasan-gce 2019/04/04 22:06 net ef0efcd3bd3f 6a475fff .config log report
ci-upstream-net-this-kasan-gce 2019/04/03 11:12 net b2e54b09a3d2 dfd3394d .config log report
ci-upstream-net-this-kasan-gce 2019/04/03 03:25 net b2e54b09a3d2 dfd3394d .config log report
ci-upstream-net-kasan-gce 2019/05/23 12:33 net-next 14a1eaa8820e 0dadcd9d .config log report
ci-upstream-net-kasan-gce 2019/05/14 17:01 net-next 63863ee8e2f6 ada3c44c .config log report
ci-upstream-net-kasan-gce 2019/05/14 12:20 net-next 63863ee8e2f6 ada3c44c .config log report
ci-upstream-net-kasan-gce 2019/05/14 06:01 net-next 63863ee8e2f6 7c305b44 .config log report
ci-upstream-net-kasan-gce 2019/05/11 23:50 net-next b970afcfcabd 0637a7f0 .config log report
ci-upstream-net-kasan-gce 2019/05/10 18:53 net-next b970afcfcabd cfeec859 .config log report
ci-upstream-net-kasan-gce 2019/05/09 10:55 net-next 80f232121b69 1ab4c999 .config log report
ci-upstream-net-kasan-gce 2019/05/08 11:20 net-next a55a385d8c84 a7383bfa .config log report
ci-upstream-net-kasan-gce 2019/05/04 16:22 net-next a734d1f4c2fc d28f4ce5 .config log report
ci-upstream-net-kasan-gce 2019/05/03 15:42 net-next ff24e4980a68 1bfa09b9 .config log report
ci-upstream-net-kasan-gce 2019/04/28 17:45 net-next b1a79360ee86 b617407b .config log report
ci-upstream-net-kasan-gce 2019/04/28 06:19 net-next 7cb523d4fec7 b617407b .config log report
ci-upstream-net-kasan-gce 2019/04/24 02:26 net-next a93f7fe13454 4d3d6a50 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/05/03 03:48 linux-next e8b243ea3b19 e9039493 .config log report
ci-upstream-kmsan-gce 2018/08/10 05:39 https://github.com/google/kmsan.git master 0cc51dc9a291 1fb62d58 .config log report
ci-upstream-kmsan-gce 2018/05/20 08:18 https://github.com/google/kmsan.git master 9f127b7ceaf7 f48c20b8 .config log report