bisecting fixing commit since b86ee2b7ae42b6b37a918b66236608e2cc325f59 building syzkaller on 4ebb27982f8984ed57466f87099acc0b250a1b5c testing commit b86ee2b7ae42b6b37a918b66236608e2cc325f59 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: dacd7ad2d27c0dda8c064a7564300772404561f0deb8ae48ff9d1ce54ddbfda0 run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: WARNING in strp_data_ready run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: WARNING in strp_data_ready run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: WARNING in strp_data_ready run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: crashed: unregister_netdevice: waiting for DEV to become free run #10: crashed: unregister_netdevice: waiting for DEV to become free run #11: crashed: unregister_netdevice: waiting for DEV to become free run #12: crashed: WARNING in strp_data_ready run #13: crashed: unregister_netdevice: waiting for DEV to become free run #14: crashed: unregister_netdevice: waiting for DEV to become free run #15: crashed: unregister_netdevice: waiting for DEV to become free run #16: crashed: unregister_netdevice: waiting for DEV to become free run #17: crashed: unregister_netdevice: waiting for DEV to become free run #18: crashed: unregister_netdevice: waiting for DEV to become free run #19: crashed: unregister_netdevice: waiting for DEV to become free testing current HEAD af48f51cb5934738a3ee97e951d7dededf029488 testing commit af48f51cb5934738a3ee97e951d7dededf029488 compiler: gcc version 8.4.1 20210217 (GCC) kernel signature: aa775b06b051045f5bdf461c4f38aebf1bbcc735f4adb31010c2918f85bc7dfc run #0: crashed: unregister_netdevice: waiting for DEV to become free run #1: crashed: WARNING in strp_data_ready run #2: crashed: unregister_netdevice: waiting for DEV to become free run #3: crashed: unregister_netdevice: waiting for DEV to become free run #4: crashed: unregister_netdevice: waiting for DEV to become free run #5: crashed: unregister_netdevice: waiting for DEV to become free run #6: crashed: unregister_netdevice: waiting for DEV to become free run #7: crashed: unregister_netdevice: waiting for DEV to become free run #8: crashed: unregister_netdevice: waiting for DEV to become free run #9: crashed: unregister_netdevice: waiting for DEV to become free revisions tested: 2, total time: 22m59.23875695s (build: 15m39.837519566s, test: 6m31.850302295s) the crash still happens on HEAD commit msg: Linux 4.14.271 crash: unregister_netdevice: waiting for DEV to become free IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready syz-executor.0 (7997) used greatest stack depth: 24032 bytes left can: request_module (can-proto-0) failed. can: request_module (can-proto-0) failed. can: request_module (can-proto-0) failed. unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8348 at include/net/sock.h:1520 sock_owned_by_me include/net/sock.h:1520 [inline] WARNING: CPU: 0 PID: 8348 at include/net/sock.h:1520 sock_owned_by_user include/net/sock.h:1526 [inline] WARNING: CPU: 0 PID: 8348 at include/net/sock.h:1520 strp_data_ready+0x270/0x300 net/strparser/strparser.c:390 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 8348 Comm: syz-executor168 Not tainted 4.14.271-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x14b/0x1e7 lib/dump_stack.c:58 panic+0x1b0/0x358 kernel/panic.c:183 __warn.cold.7+0x25/0x25 kernel/panic.c:547 report_bug+0x1a1/0x200 lib/bug.c:183 fixup_bug arch/x86/kernel/traps.c:177 [inline] fixup_bug arch/x86/kernel/traps.c:172 [inline] do_error_trap+0x1bd/0x310 arch/x86/kernel/traps.c:295 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:314 invalid_op+0x1b/0x40 arch/x86/entry/entry_64.S:964 RIP: 0010:sock_owned_by_me include/net/sock.h:1520 [inline] RIP: 0010:sock_owned_by_user include/net/sock.h:1526 [inline] RIP: 0010:strp_data_ready+0x270/0x300 net/strparser/strparser.c:390 RSP: 0018:ffff8880ba607708 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffff8880ae0a5388 RCX: ffffed10126235a0 RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffff893d18a0 RBP: ffff8880ba607730 R08: 1ffff110126235a0 R09: 0000000000000001 R10: 0000000000000000 R11: ffff88809311a480 R12: ffff8880b37700c0 R13: ffff8880ae0a5390 R14: ffff8880b3770248 R15: ffff8880b3770260 psock_data_ready+0x4c/0x60 net/kcm/kcmsock.c:353 __sock_queue_rcv_skb+0x4e7/0xb60 net/core/sock.c:470 sock_queue_rcv_skb+0x26/0x30 net/core/sock.c:483 rawv6_rcv_skb net/ipv6/raw.c:406 [inline] rawv6_rcv+0x45d/0xf10 net/ipv6/raw.c:457 ipv6_raw_deliver net/ipv6/raw.c:224 [inline] raw6_local_deliver+0x3cc/0xaf0 net/ipv6/raw.c:240 ip6_input_finish+0x3b9/0x1470 net/ipv6/ip6_input.c:246 NF_HOOK include/linux/netfilter.h:250 [inline] ip6_input+0xbe/0x2d0 net/ipv6/ip6_input.c:327 dst_input include/net/dst.h:476 [inline] ip6_rcv_finish+0x1f3/0x6d0 net/ipv6/ip6_input.c:71 NF_HOOK include/linux/netfilter.h:250 [inline] ipv6_rcv+0xe92/0x2160 net/ipv6/ip6_input.c:208 __netif_receive_skb_core+0x1d03/0x2fe0 net/core/dev.c:4474 __netif_receive_skb+0x1f/0x1b0 net/core/dev.c:4512 process_backlog+0x220/0x710 net/core/dev.c:5195 napi_poll net/core/dev.c:5604 [inline] net_rx_action+0x42d/0xe20 net/core/dev.c:5670 __do_softirq+0x247/0x9a2 kernel/softirq.c:288 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1016 do_softirq kernel/softirq.c:332 [inline] do_softirq+0xee/0x160 kernel/softirq.c:319 __local_bh_enable_ip+0x130/0x150 kernel/softirq.c:185 local_bh_enable include/linux/bottom_half.h:32 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:725 [inline] ip6_finish_output2+0xc9b/0x2070 net/ipv6/ip6_output.c:121 ip6_finish_output+0x54f/0xcc0 net/ipv6/ip6_output.c:192 NF_HOOK_COND include/linux/netfilter.h:239 [inline] ip6_output+0x1b3/0x610 net/ipv6/ip6_output.c:209 dst_output include/net/dst.h:470 [inline] ip6_local_out+0x78/0x130 net/ipv6/output_core.c:160 ip6_send_skb+0x92/0x2f0 net/ipv6/ip6_output.c:1729 ip6_push_pending_frames+0x94/0xb0 net/ipv6/ip6_output.c:1749 rawv6_push_pending_frames net/ipv6/raw.c:618 [inline] rawv6_sendmsg+0x232a/0x2e20 net/ipv6/raw.c:959 inet_sendmsg+0x108/0x440 net/ipv4/af_inet.c:762 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xac/0xf0 net/socket.c:656 kernel_sendmsg+0x26/0x30 net/socket.c:664 sock_no_sendpage+0xf7/0x130 net/core/sock.c:2613 kernel_sendpage+0x60/0xd0 net/socket.c:3407 kcm_write_msgs+0x2f7/0x1670 net/kcm/kcmsock.c:646 kcm_sendmsg+0x1665/0x24f0 net/kcm/kcmsock.c:1035 sock_sendmsg_nosec net/socket.c:646 [inline] sock_sendmsg+0xac/0xf0 net/socket.c:656 sock_write_iter+0x20d/0x400 net/socket.c:925 call_write_iter include/linux/fs.h:1780 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x413/0x840 fs/read_write.c:482 vfs_write+0x150/0x4f0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0x100/0x250 fs/read_write.c:582 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x7fc8360adc09 RSP: 002b:00007fc83603e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fc836136410 RCX: 00007fc8360adc09 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00007fc8361037c0 R08: 00007fc83603e700 R09: 0000000000000000 R10: 00007fc83603e700 R11: 0000000000000246 R12: 00007fc836103068 R13: 656c6c616b7a7973 R14: 0100000000000000 R15: 00007fc836136418 Kernel Offset: disabled Rebooting in 86400 seconds..