Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

syzkaller: BUG: soft lockup in inet_release #369

Closed
cpaasch opened this issue Mar 7, 2023 · 3 comments
Closed

syzkaller: BUG: soft lockup in inet_release #369

cpaasch opened this issue Mar 7, 2023 · 3 comments
Labels
bug syzkaller

Comments

@cpaasch
Copy link
Member

cpaasch commented Mar 7, 2023

HEAD: 778e547

syzkaller-id: 24c93ef6d0388b92cad18b65d1f7d8519f965b11

Trace:

watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.4:20324]
Modules linked in:
CPU: 0 PID: 20324 Comm: syz-executor.4 Not tainted 6.2.0-g778e54711659 #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
RIP: 0010:cpu_relax arch/x86/include/asm/vdso/processor.h:19 [inline]
RIP: 0010:virt_spin_lock arch/x86/include/asm/qspinlock.h:101 [inline]
RIP: 0010:queued_spin_lock_slowpath+0x122/0xaf0 kernel/locking/qspinlock.c:327
Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 4e 09 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc f3 90 <e9> 73 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 58 02 00
RSP: 0018:ffff888102897908 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffff88800e1bd3d8 RCX: ffffffff82ff18f7
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff88800e1bd3d8
RBP: 0000000000000001 R08: 0000000000000000 R09: ffff88800e1bd3db
R10: ffffed1001c37a7b R11: 0000000000022001 R12: 0000000000000003
R13: ffffed1001c37a7b R14: 0000000000000001 R15: 1ffff11020512f22
FS:  00007f708a413700(0000) GS:ffff88811b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b32623000 CR3: 0000000108d8c001 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
PKRU: 55555554
Call Trace:
 <TASK>
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock include/linux/spinlock.h:186 [inline]
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]
 _raw_spin_lock_bh+0xcd/0xe0 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:355 [inline]
 lock_sock_nested+0x29/0xd0 net/core/sock.c:3477
 __mptcp_close_ssk+0x13f/0x7c0 net/mptcp/protocol.c:2380
 mptcp_do_fastclose net/mptcp/protocol.c:2687 [inline]
 __mptcp_close+0x1bc/0x9d0 net/mptcp/protocol.c:3013
 mptcp_close+0x24/0xe0 net/mptcp/protocol.c:3072
 inet_release+0xe6/0x1f0 net/ipv4/af_inet.c:429
 __sock_release+0xcf/0x290 net/socket.c:651
 sock_close+0x15/0x20 net/socket.c:1393
 __fput+0x250/0xa20 fs/file_table.c:321
 task_work_run+0x14b/0x230 kernel/task_work.c:179
 get_signal+0x1d2/0x21e0 kernel/signal.c:2635
 arch_do_signal_or_restart+0x74/0x5c0 arch/x86/kernel/signal.c:306
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0xa2/0x120 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:296
 do_syscall_64+0x46/0x90 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x45c2d9
Code: fc ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 3d fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f708a412c18 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: 0000000000000002 RBX: 000000000079bf80 RCX: 000000000045c2d9
RDX: 0000000000000002 RSI: 0000000020002f40 RDI: 0000000000000003
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000079bf8c
R13: 0000000000021000 R14: 000000000079bf80 R15: 00007f708a413700
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 20328 Comm: syz-executor.3 Not tainted 6.2.0-g778e54711659 #6
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
RIP: 0010:arch_static_branch arch/x86/include/asm/jump_label.h:27 [inline]
RIP: 0010:static_key_false include/linux/jump_label.h:207 [inline]
RIP: 0010:native_write_msr arch/x86/include/asm/msr.h:147 [inline]
RIP: 0010:wrmsrl arch/x86/include/asm/msr.h:262 [inline]
RIP: 0010:lapic_next_deadline+0x21/0x40 arch/x86/kernel/apic/apic.c:492
Code: 90 90 90 90 90 90 90 90 90 0f ae f0 0f ae e8 0f 31 48 c1 e2 20 b9 e0 06 00 00 48 09 c2 48 8d 04 fa 48 89 c2 48 c1 ea 20 0f 30 <66> 90 31 c0 c3 cc cc cc cc 48 89 c6 31 d2 bf e0 06 00 00 e8 97 9c
RSP: 0018:ffff88811b709330 EFLAGS: 00000007
RAX: 000001d8e81120c0 RBX: ffff88811b726e40 RCX: 00000000000006e0
RDX: 00000000000001d8 RSI: ffff88811b726e40 RDI: 0000000000000994
RBP: 0000000000000994 R08: 0000000000000007 R09: 0000000000000000
R10: 00000000000022ec R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88811b72a138
FS:  00007fc1c14fd700(0000) GS:ffff88811b700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000008beca8 CR3: 00000001045b0002 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
PKRU: 55555554
Call Trace:
 <IRQ>
 clockevents_program_event+0x24b/0x360 kernel/time/clockevents.c:334
 tick_program_event+0xa5/0x140 kernel/time/tick-oneshot.c:44
 hrtimer_interrupt+0x358/0x7d0 kernel/time/hrtimer.c:1824
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1096 [inline]
 __sysvec_apic_timer_interrupt+0x10e/0x360 arch/x86/kernel/apic/apic.c:1113
 sysvec_apic_timer_interrupt+0x39/0xb0 arch/x86/kernel/apic/apic.c:1107
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:alloc_pages+0x133/0x260 mm/mempolicy.c:2277
Code: 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 0d 01 00 00 <44> 0f b7 6b 04 bf 03 00 00 00 44 89 ee e8 eb ac d3 ff 66 41 83 fd
RSP: 0018:ffff88811b709520 EFLAGS: 00010246
RAX: 0000000000000005 RBX: ffffffff83c39440 RCX: 0000000000000100
RDX: 0000000000000000 RSI: ffffffff816aa165 RDI: ffffffff83c39444
RBP: 0000000000012820 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000500 R11: 0000000000022001 R12: 0000000000000000
R13: 000000000000000c R14: 0000000000000000 R15: 00000000ffffffff
 alloc_slab_page mm/slub.c:1851 [inline]
 allocate_slab+0x259/0x300 mm/slub.c:1998
 new_slab mm/slub.c:2051 [inline]
 ___slab_alloc+0x3a7/0x880 mm/slub.c:3193
 __slab_alloc.constprop.0+0x4d/0x90 mm/slub.c:3292
 __slab_alloc_node mm/slub.c:3345 [inline]
 slab_alloc_node mm/slub.c:3442 [inline]
 slab_alloc mm/slub.c:3460 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3467 [inline]
 kmem_cache_alloc+0x2d4/0x310 mm/slub.c:3476
 skb_clone+0x16d/0x3c0 net/core/skbuff.c:1811
 dev_queue_xmit_nit+0x351/0x9f0 net/core/dev.c:2251
 xmit_one net/core/dev.c:3576 [inline]
 dev_hard_start_xmit+0x55/0x570 net/core/dev.c:3596
 __dev_queue_xmit+0x8cc/0x2580 net/core/dev.c:4246
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 neigh_hh_output include/net/neighbour.h:530 [inline]
 neigh_output include/net/neighbour.h:544 [inline]
 ip_finish_output2+0x872/0x18a0 net/ipv4/ip_output.c:228
 __ip_finish_output+0x2ad/0xa30 net/ipv4/ip_output.c:306
 dst_output include/net/dst.h:444 [inline]
 ip_local_out+0x288/0x320 net/ipv4/ip_output.c:126
 __ip_queue_xmit+0x908/0x15f0 net/ipv4/ip_output.c:532
 __tcp_transmit_skb+0x29ec/0x3490 net/ipv4/tcp_output.c:1399
 tcp_transmit_skb net/ipv4/tcp_output.c:1417 [inline]
 tcp_write_wakeup+0x4ec/0x610 net/ipv4/tcp_output.c:4068
 tcp_send_probe0+0x44/0x500 net/ipv4/tcp_output.c:4090
 tcp_probe_timer net/ipv4/tcp_timer.c:393 [inline]
 tcp_write_timer_handler net/ipv4/tcp_timer.c:624 [inline]
 tcp_write_timer_handler+0x799/0x920 net/ipv4/tcp_timer.c:594
 tcp_write_timer+0x85/0x210 net/ipv4/tcp_timer.c:637
 call_timer_fn+0x34/0x280 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers.part.0+0x64e/0x9a0 kernel/time/timer.c:2022
 __run_timers kernel/time/timer.c:2000 [inline]
 run_timer_softirq+0xae/0x1a0 kernel/time/timer.c:2035
 __do_softirq+0x1a5/0x5a0 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu kernel/softirq.c:650 [inline]
 irq_exit_rcu+0xbd/0x160 kernel/softirq.c:662
 sysvec_apic_timer_interrupt+0x8a/0xb0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:generic_exec_single+0xe4/0x2e0 kernel/smp.c:523
Code: 00 0f 85 d6 01 00 00 48 89 ee 48 89 ef 4a 03 14 e5 80 98 80 83 e8 bc 79 a1 00 31 ff 89 c5 89 c6 e8 01 33 09 00 40 84 ed 75 1a <31> db e8 15 3b 09 00 89 d8 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffff888102fd7b88 EFLAGS: 00000283
RAX: 00000000000003bf RBX: 0000000000000200 RCX: ffffc90001c6e000
RDX: 0000000000040000 RSI: ffffffff81351c6d RDI: 0000000000000007
RBP: ffff888102fd7c00 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000200 R11: 0000000000022001 R12: ffffffff814c63d0
R13: ffff888102fd7cf8 R14: ffff888102fd7c08 R15: 0000000000000200
 smp_call_function_single+0x189/0x470 kernel/smp.c:773
 task_function_call kernel/events/core.c:120 [inline]
 perf_install_in_context+0x2e3/0x580 kernel/events/core.c:2871
 __do_sys_perf_event_open+0x1834/0x2410 kernel/events/core.c:12662
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x37/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x45c2d9
Code: fc ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 3d fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fc1c14fcc18 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 000000000079bf80 RCX: 000000000045c2d9
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000140
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000079bf8c
R13: 0000000000021000 R14: 000000000079bf80 R15: 00007fc1c14fd700
 </TASK>

Kconfig:
Kconfig_k9_kasan.txt

No reproducer.
@cpaasch
Copy link
Member Author

cpaasch commented Mar 7, 2023

Note: Not 100% sure this actually is MPTCP-related, because there was another hit with a different but similar trace except that that one did not had mptcp_close in the call-stack:

HEAD: 240fc10

watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor.3:8831]
Modules linked in:
CPU: 0 PID: 8831 Comm: syz-executor.3 Not tainted 6.2.0-rc7-g240fc109b784 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
RIP: 0010:cpu_relax arch/x86/include/asm/vdso/processor.h:19 [inline]
RIP: 0010:virt_spin_lock arch/x86/include/asm/qspinlock.h:101 [inline]
RIP: 0010:queued_spin_lock_slowpath+0x122/0xaf0 kernel/locking/qspinlock.c:327
Code: 00 00 00 65 48 2b 04 25 28 00 00 00 0f 85 4f 09 00 00 48 81 c4 88 00 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc f3 90 <e9> 73 ff ff ff 44 8b 74 24 48 41 81 fe 00 01 00 00 0f 84 59 02 00
RSP: 0018:ffff888105867900 EFLAGS: 00000202
RAX: 0000000000000000 RBX: ffff888102aba598 RCX: ffffffff82fceb57
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffff888102aba598
RBP: 0000000000000001 R08: 0000000000000000 R09: ffff888102aba59b
R10: ffffed10205574b3 R11: 00000000498204a4 R12: 0000000000000003
R13: ffffed10205574b3 R14: 0000000000000001 R15: 1ffff11020b0cf21
FS:  0000000000000000(0000) GS:ffff88811b600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000520ca0 CR3: 0000000102770003 CR4: 0000000000770ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 <TASK>
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock include/linux/spinlock.h:186 [inline]
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:127 [inline]
 _raw_spin_lock_bh+0xcd/0xe0 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:355 [inline]
 lock_sock_nested+0x29/0xd0 net/core/sock.c:3476
 lock_sock include/net/sock.h:1697 [inline]
 tcp_close+0x20/0xc0 net/ipv4/tcp.c:3032
 inet_release+0xe6/0x1f0 net/ipv4/af_inet.c:429
 __sock_release+0xcf/0x280 net/socket.c:651
 sock_close+0x15/0x20 net/socket.c:1393
 __fput+0x250/0xa20 fs/file_table.c:320
 task_work_run+0x14b/0x230 kernel/task_work.c:179
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0x98e/0x2400 kernel/exit.c:867
 do_group_exit+0xc4/0x280 kernel/exit.c:1012
 get_signal+0x1ee1/0x2120 kernel/signal.c:2859
 arch_do_signal_or_restart+0x74/0x5c0 arch/x86/kernel/signal.c:306
 exit_to_user_mode_loop kernel/entry/common.c:168 [inline]
 exit_to_user_mode_prepare+0xa2/0x120 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:296
 ret_from_fork+0x1f/0x50 arch/x86/entry/entry_64.S:301
RIP: 0033:0x45e7e9
Code: Unable to access opcode bytes at 0x45e7bf.
RSP: 002b:00007fe7b267cd70 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
RAX: 0000000000000000 RBX: 00007fe7b267d700 RCX: 000000000045e7e9
RDX: 00007fe7b267d9d0 RSI: 00007fe7b267cd70 RDI: 00000000003d0f00
RBP: 00000000008bfcc0 R08: 00007fe7b267d700 R09: 00007fe7b267d700
R10: 00007fe7b267d9d0 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000021000 R14: 0000000000000000 R15: 00007fe7b267d700
 </TASK>
Sending NMI from CPU 0 to CPUs 1:
NMI backtrace for cpu 1
CPU: 1 PID: 8832 Comm: syz-executor.6 Not tainted 6.2.0-rc7-g240fc109b784 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x0/0x20 kernel/kcov.c:304
Code: d6 0f b7 f7 bf 03 00 00 00 e9 5c fe ff ff 66 90 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 0c 24 89 f2 89 fe bf 05 00 00 00 e9 2e fe ff ff 0f 1f 40 00
RSP: 0018:ffff88811b708f00 EFLAGS: 00000046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000100
RDX: ffff888103670000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff888107458a50 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff84a68043 R12: 000000282ce75d48
R13: dffffc0000000000 R14: 000000282ce75d48 R15: 0000000000000000
FS:  00007f61c19c2700(0000) GS:ffff88811b700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f61c191cd78 CR3: 0000000102770002 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
 <IRQ>
 __next_base kernel/time/hrtimer.c:490 [inline]
 __hrtimer_next_event_base+0x8a/0x260 kernel/time/hrtimer.c:510
 __hrtimer_get_next_event kernel/time/hrtimer.c:587 [inline]
 hrtimer_update_next_event+0x1a8/0x290 kernel/time/hrtimer.c:612
 hrtimer_interrupt+0x316/0x7b0 kernel/time/hrtimer.c:1814
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1096 [inline]
 __sysvec_apic_timer_interrupt+0x10e/0x360 arch/x86/kernel/apic/apic.c:1113
 sysvec_apic_timer_interrupt+0x39/0xb0 arch/x86/kernel/apic/apic.c:1107
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:unwind_next_frame+0x3d8/0x2190 arch/x86/kernel/unwind_orc.c:480
Code: c7 4c 89 f9 e8 f9 f4 ff ff 49 89 c0 48 85 c0 0f 84 41 05 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 48 04 48 89 ca 48 c1 ea 03 <0f> b6 04 02 48 89 ca 83 e2 07 38 d0 7f 08 84 c0 0f 85 b4 14 00 00
RSP: 0018:ffff88811b709120 EFLAGS: 00010a03
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff8416f624
RDX: 1ffffffff082dec4 RSI: 0000000000000000 RDI: ffffffff83f7c82c
RBP: ffff88811b7091f8 R08: ffffffff8416f620 R09: ffff88811b7091e0
R10: ffffed10236e1241 R11: 0000000000022001 R12: ffff88811b7091e1
R13: ffff88811b709200 R14: ffff88811b7091a0 R15: ffffffff812db6eb
 arch_stack_walk+0x83/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8c/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x1c/0x40 mm/kasan/common.c:45
 kasan_set_track+0x21/0x30 mm/kasan/common.c:52
 kasan_save_free_info+0x2a/0x50 mm/kasan/generic.c:518
 ____kasan_slab_free mm/kasan/common.c:236 [inline]
 ____kasan_slab_free+0x146/0x1b0 mm/kasan/common.c:200
 kasan_slab_free include/linux/kasan.h:177 [inline]
 slab_free_hook mm/slub.c:1781 [inline]
 slab_free_freelist_hook mm/slub.c:1807 [inline]
 slab_free mm/slub.c:3787 [inline]
 kmem_cache_free+0x168/0x420 mm/slub.c:3809
 kfree_skbmem+0xef/0x1b0 net/core/skbuff.c:924
 __kfree_skb net/core/skbuff.c:981 [inline]
 consume_skb net/core/skbuff.c:1193 [inline]
 consume_skb+0xd7/0x270 net/core/skbuff.c:1187
 tpacket_rcv+0x1a4/0x38d0 net/packet/af_packet.c:2500
 packet_rcv_fanout+0x260/0x630 net/packet/af_packet.c:1506
 dev_queue_xmit_nit+0x780/0x990 net/core/dev.c:2291
 xmit_one net/core/dev.c:3582 [inline]
 dev_hard_start_xmit+0x55/0x570 net/core/dev.c:3602
 __dev_queue_xmit+0x8cc/0x2550 net/core/dev.c:4252
 dev_queue_xmit include/linux/netdevice.h:3054 [inline]
 neigh_hh_output include/net/neighbour.h:530 [inline]
 neigh_output include/net/neighbour.h:544 [inline]
 ip_finish_output2+0x872/0x18a0 net/ipv4/ip_output.c:228
 __ip_finish_output+0x2ad/0xa30 net/ipv4/ip_output.c:306
 dst_output include/net/dst.h:444 [inline]
 ip_local_out+0x288/0x320 net/ipv4/ip_output.c:126
 __ip_queue_xmit+0x908/0x15f0 net/ipv4/ip_output.c:532
 __tcp_transmit_skb+0x29ec/0x3490 net/ipv4/tcp_output.c:1399
 __tcp_send_ack.part.0+0x395/0x5f0 net/ipv4/tcp_output.c:3983
 __tcp_send_ack net/ipv4/tcp_output.c:3989 [inline]
 tcp_send_ack+0x7e/0xa0 net/ipv4/tcp_output.c:3989
 tcp_delack_timer_handler+0x23b/0x340 net/ipv4/tcp_timer.c:316
 tcp_delack_timer+0x85/0x280 net/ipv4/tcp_timer.c:339
 call_timer_fn+0x34/0x280 kernel/time/timer.c:1700
 expire_timers kernel/time/timer.c:1751 [inline]
 __run_timers.part.0+0x64e/0x9a0 kernel/time/timer.c:2022
 __run_timers kernel/time/timer.c:2000 [inline]
 run_timer_softirq+0xae/0x1a0 kernel/time/timer.c:2035
 __do_softirq+0x1a2/0x5a8 kernel/softirq.c:571
 invoke_softirq kernel/softirq.c:445 [inline]
 __irq_exit_rcu+0x87/0x180 kernel/softirq.c:650
 sysvec_apic_timer_interrupt+0x8a/0xb0 arch/x86/kernel/apic/apic.c:1107
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:649
RIP: 0010:generic_exec_single+0xe4/0x2e0 kernel/smp.c:523
Code: 00 0f 85 d6 01 00 00 48 89 ee 48 89 ef 4a 03 14 e5 80 18 81 83 e8 8c a6 9f 00 31 ff 89 c5 89 c6 e8 91 24 09 00 40 84 ed 75 1a <31> db e8 95 2c 09 00 89 d8 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e c3
RSP: 0018:ffff888109777bc8 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000200 RCX: 0000000000000000
RDX: ffff888103670000 RSI: ffffffff81336bed RDI: 0000000000000007
RBP: ffff888109777c40 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000200 R11: ffffffff84a68043 R12: ffffffff814a8330
R13: ffff888109777d38 R14: ffff888109777c48 R15: 0000000000000200
 smp_call_function_single+0x189/0x470 kernel/smp.c:773
 task_function_call kernel/events/core.c:120 [inline]
 perf_install_in_context+0x2e3/0x580 kernel/events/core.c:2871
 __do_sys_perf_event_open+0x1810/0x23f0 kernel/events/core.c:12644
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x37/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x45c2d9
Code: fc ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb 3d fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f61c19c1c18 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
RAX: ffffffffffffffda RBX: 000000000079c050 RCX: 000000000045c2d9
RDX: ffffffffffffffff RSI: 0000000000000000 RDI: 0000000020000140
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000079c05c
R13: 0000000000021000 R14: 000000000079c050 R15: 00007f61c19c2700
 </TASK>

@pabeni
Copy link

pabeni commented Mar 27, 2023

indeed this one looks more related to TC related than MPTCP. I suspect being a dup of #377

@cpaasch
Copy link
Member Author

cpaasch commented Apr 18, 2023

Hasn't happened in more than a month. Closing.

@cpaasch cpaasch closed this as completed Apr 18, 2023
matttbe pushed a commit that referenced this issue Jan 8, 2025
@borkmann
selftests/bpf: Extend netkit tests to validate set {head,tail}room
058268e 
Extend the netkit selftests to specify and validate the {head,tail}room
on the netdevice:

  # ./vmtest.sh -- ./test_progs -t netkit
  [...]
  ./test_progs -t netkit
  [    1.174147] bpf_testmod: loading out-of-tree module taints kernel.
  [    1.174585] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel
  [    1.422307] tsc: Refined TSC clocksource calibration: 3407.983 MHz
  [    1.424511] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x311fc3e5084, max_idle_ns: 440795359833 ns
  [    1.428092] clocksource: Switched to clocksource tsc
  #363     tc_netkit_basic:OK
  #364     tc_netkit_device:OK
  #365     tc_netkit_multi_links:OK
  #366     tc_netkit_multi_opts:OK
  #367     tc_netkit_neigh_links:OK
  #368     tc_netkit_pkt_type:OK
  #369     tc_netkit_scrub:OK
  Summary: 7/0 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/bpf/20241220234658.490686-3-daniel@iogearbox.net
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug syzkaller
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpaasch @pabeni