* kernel panic: stack is corrupted in __lock_acquire (4)
@ 2019-06-10 8:54 syzbot
2019-09-01 22:48 ` syzbot
0 siblings, 1 reply; 7+ messages in thread
From: syzbot @ 2019-06-10 8:54 UTC (permalink / raw)
To: linux-kernel, netdev, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: fdf71426 net: fix indirect calls helpers for ptype list ho..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=1199f551a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f721a391cd46ea
dashboard link: https://syzkaller.appspot.com/bug?extid=83979935eb6304f8cd46
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
__lock_acquire+0x3959/0x5490 kernel/locking/lockdep.c:3820
CPU: 1 PID: 11196 Comm: syz-executor.0 Not tainted 5.2.0-rc2+ #41
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: kernel panic: stack is corrupted in __lock_acquire (4)
2019-06-10 8:54 kernel panic: stack is corrupted in __lock_acquire (4) syzbot
@ 2019-09-01 22:48 ` syzbot
2019-09-02 3:23 ` Dmitry Vyukov
0 siblings, 1 reply; 7+ messages in thread
From: syzbot @ 2019-09-01 22:48 UTC (permalink / raw)
To: linux-kernel, netdev, syzkaller-bugs
syzbot has found a reproducer for the following crash on:
HEAD commit: 38320f69 Merge branch 'Minor-cleanup-in-devlink'
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=13d74356600000
kernel config: https://syzkaller.appspot.com/x/.config?x=1bbf70b6300045af
dashboard link: https://syzkaller.appspot.com/bug?extid=83979935eb6304f8cd46
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1008b232600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
__lock_acquire+0x36fa/0x4c30 kernel/locking/lockdep.c:3907
CPU: 0 PID: 8662 Comm: syz-executor.4 Not tainted 5.3.0-rc6+ #153
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: kernel panic: stack is corrupted in __lock_acquire (4)
2019-09-01 22:48 ` syzbot
@ 2019-09-02 3:23 ` Dmitry Vyukov
2019-10-17 16:25 ` Eric Biggers
0 siblings, 1 reply; 7+ messages in thread
From: Dmitry Vyukov @ 2019-09-02 3:23 UTC (permalink / raw)
To: syzbot, bpf; +Cc: LKML, netdev, syzkaller-bugs
On Sun, Sep 1, 2019 at 3:48 PM syzbot
<syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com> wrote:
>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit: 38320f69 Merge branch 'Minor-cleanup-in-devlink'
> git tree: net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=13d74356600000
> kernel config: https://syzkaller.appspot.com/x/.config?x=1bbf70b6300045af
> dashboard link: https://syzkaller.appspot.com/bug?extid=83979935eb6304f8cd46
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1008b232600000
Stack corruption + bpf maps in repro triggers some bells. +bpf mailing list.
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
>
> Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
> __lock_acquire+0x36fa/0x4c30 kernel/locking/lockdep.c:3907
> CPU: 0 PID: 8662 Comm: syz-executor.4 Not tainted 5.3.0-rc6+ #153
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000000ec274059185a63e%40google.com.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: kernel panic: stack is corrupted in __lock_acquire (4)
2019-09-02 3:23 ` Dmitry Vyukov
@ 2019-10-17 16:25 ` Eric Biggers
2019-10-17 16:30 ` Eric Biggers
0 siblings, 1 reply; 7+ messages in thread
From: Eric Biggers @ 2019-10-17 16:25 UTC (permalink / raw)
To: bpf, netdev; +Cc: syzbot, LKML, Dmitry Vyukov, syzkaller-bugs
On Sun, Sep 01, 2019 at 08:23:42PM -0700, 'Dmitry Vyukov' via syzkaller-bugs wrote:
> On Sun, Sep 1, 2019 at 3:48 PM syzbot
> <syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com> wrote:
> >
> > syzbot has found a reproducer for the following crash on:
> >
> > HEAD commit: 38320f69 Merge branch 'Minor-cleanup-in-devlink'
> > git tree: net-next
> > console output: https://syzkaller.appspot.com/x/log.txt?x=13d74356600000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=1bbf70b6300045af
> > dashboard link: https://syzkaller.appspot.com/bug?extid=83979935eb6304f8cd46
> > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1008b232600000
>
> Stack corruption + bpf maps in repro triggers some bells. +bpf mailing list.
>
> > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
> >
> > Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
> > __lock_acquire+0x36fa/0x4c30 kernel/locking/lockdep.c:3907
> > CPU: 0 PID: 8662 Comm: syz-executor.4 Not tainted 5.3.0-rc6+ #153
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > Google 01/01/2011
> > Call Trace:
> > Kernel Offset: disabled
> > Rebooting in 86400 seconds..
> >
This is still reproducible on latest net tree, but using a different kconfig I
was able to get a more informative crash output. Apparently tcp_bpf_unhash() is
being called recursively. Anyone know why this might happen?
This is using the syzkaller language reproducer linked above -- I ran it with:
syz-execprog -threaded=1 -collide=1 -cover=0 -repeat=0 -procs=8 -sandbox=none -enable=net_dev,net_reset,tun syz_bpf.txt
Crash report on net/master:
PANIC: double fault, error_code: 0x0
CPU: 3 PID: 8328 Comm: syz-executor Not tainted 5.4.0-rc1-00118-ge497c20e2036 #31
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20191013_105130-anatol 04/01/2014
RIP: 0010:mark_lock+0x4/0x640 kernel/locking/lockdep.c:3631
Code: a2 7f 27 01 85 c0 0f 84 f3 42 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 48 83 ec 18 83 fa 08 76 21 44 8b 25 ab
RSP: 0018:ffffc9000010d000 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
RDX: 0000000000000008 RSI: ffff888071f92dd8 RDI: ffff888071f92600
RBP: ffffc9000010d000 R08: 0000000000000000 R09: 0000000000022023
R10: 00000000000000c8 R11: 0000000000000000 R12: ffff888071f92600
R13: ffff888071f92dd8 R14: 0000000000000023 R15: 0000000000000000
FS: 00007ff9f7765700(0000) GS:ffff88807fd80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000010cff8 CR3: 000000000221d000 CR4: 00000000003406e0
Call Trace:
<IRQ>
mark_usage kernel/locking/lockdep.c:3592 [inline]
__lock_acquire+0x22f/0xf80 kernel/locking/lockdep.c:3909
lock_acquire+0x99/0x170 kernel/locking/lockdep.c:4487
rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
rcu_read_lock include/linux/rcupdate.h:599 [inline]
tcp_bpf_unhash+0x33/0x1d0 net/ipv4/tcp_bpf.c:549
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_set_state+0xc1/0x220 net/ipv4/tcp.c:2249
tcp_done+0x39/0xe0 net/ipv4/tcp.c:3854
tcp_reset+0x5b/0x130 net/ipv4/tcp_input.c:4125
tcp_validate_incoming+0x323/0x450 net/ipv4/tcp_input.c:5486
tcp_rcv_established+0x138/0x6f0 net/ipv4/tcp_input.c:5694
tcp_v6_do_rcv+0xce/0x3f0 net/ipv6/tcp_ipv6.c:1378
tcp_v6_rcv+0xb75/0xcc0 net/ipv6/tcp_ipv6.c:1610
ip6_protocol_deliver_rcu+0xc8/0x540 net/ipv6/ip6_input.c:409
ip6_input_finish+0x57/0xf0 net/ipv6/ip6_input.c:450
NF_HOOK include/linux/netfilter.h:305 [inline]
NF_HOOK include/linux/netfilter.h:299 [inline]
ip6_input+0x40/0x1f0 net/ipv6/ip6_input.c:459
dst_input include/net/dst.h:442 [inline]
ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline]
ip6_rcv_finish+0x2f/0x60 net/ipv6/ip6_input.c:66
NF_HOOK include/linux/netfilter.h:305 [inline]
NF_HOOK include/linux/netfilter.h:299 [inline]
ipv6_rcv+0x16a/0x220 net/ipv6/ip6_input.c:284
__netif_receive_skb_one_core+0x4e/0x70 net/core/dev.c:5010
__netif_receive_skb+0x13/0x60 net/core/dev.c:5124
process_backlog+0xcd/0x210 net/core/dev.c:5955
napi_poll net/core/dev.c:6392 [inline]
net_rx_action+0xf1/0x3a0 net/core/dev.c:6460
__do_softirq+0xc1/0x40d kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082
</IRQ>
do_softirq.part.0+0x44/0x50 kernel/softirq.c:337
do_softirq arch/x86/include/asm/preempt.h:26 [inline]
__local_bh_enable_ip+0xc6/0xd0 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
inet_csk_listen_stop+0x14d/0x300 net/ipv4/inet_connection_sock.c:993
tcp_close+0x433/0x4e0 net/ipv4/tcp.c:2352
inet_release+0x30/0x60 net/ipv4/af_inet.c:427
inet6_release+0x2c/0x40 net/ipv6/af_inet6.c:470
__sock_release+0x31/0x90 net/socket.c:590
sock_close+0x13/0x20 net/socket.c:1268
__fput+0xca/0x250 fs/file_table.c:280
____fput+0x9/0x10 fs/file_table.c:313
task_work_run+0x7b/0xb0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x292/0xb30 kernel/exit.c:817
do_group_exit+0x4b/0xc0 kernel/exit.c:921
get_signal+0x132/0xb70 kernel/signal.c:2734
do_signal+0x2f/0x270 arch/x86/kernel/signal.c:815
exit_to_usermode_loop+0x5d/0xa0 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
do_syscall_64+0x145/0x1a0 arch/x86/entry/common.c:300
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x46165d
Code: Bad RIP value.
RSP: 002b:00007ff9f7764c58 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: 00000000002774e4 RBX: 000000000052bf00 RCX: 000000000046165d
RDX: ffffffffffffffc1 RSI: 00000000200005c0 RDI: 0000000000000006
RBP: 0000000000000006 R08: 0000000000000000 R09: 1201000000003618
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004f3d48 R14: 00000000004b258c R15: 00007ff9f77656bc
Kernel panic - not syncing: Machine halted.
CPU: 3 PID: 8328 Comm: syz-executor Not tainted 5.4.0-rc1-00118-ge497c20e2036 #31
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20191013_105130-anatol 04/01/2014
Call Trace:
<#DF>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x70/0x9a lib/dump_stack.c:113
panic+0xfb/0x2ba kernel/panic.c:220
df_debug+0x29/0x33 arch/x86/kernel/doublefault.c:81
do_double_fault+0x99/0x100 arch/x86/kernel/traps.c:420
double_fault+0x2a/0x30 arch/x86/entry/entry_64.S:1030
RIP: 0010:mark_lock+0x4/0x640 kernel/locking/lockdep.c:3631
Code: a2 7f 27 01 85 c0 0f 84 f3 42 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 48 83 ec 18 83 fa 08 76 21 44 8b 25 ab
RSP: 0018:ffffc9000010d000 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
RDX: 0000000000000008 RSI: ffff888071f92dd8 RDI: ffff888071f92600
RBP: ffffc9000010d000 R08: 0000000000000000 R09: 0000000000022023
R10: 00000000000000c8 R11: 0000000000000000 R12: ffff888071f92600
R13: ffff888071f92dd8 R14: 0000000000000023 R15: 0000000000000000
</#DF>
<IRQ>
mark_usage kernel/locking/lockdep.c:3592 [inline]
__lock_acquire+0x22f/0xf80 kernel/locking/lockdep.c:3909
lock_acquire+0x99/0x170 kernel/locking/lockdep.c:4487
rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
rcu_read_lock include/linux/rcupdate.h:599 [inline]
tcp_bpf_unhash+0x33/0x1d0 net/ipv4/tcp_bpf.c:549
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
tcp_set_state+0xc1/0x220 net/ipv4/tcp.c:2249
tcp_done+0x39/0xe0 net/ipv4/tcp.c:3854
tcp_reset+0x5b/0x130 net/ipv4/tcp_input.c:4125
tcp_validate_incoming+0x323/0x450 net/ipv4/tcp_input.c:5486
tcp_rcv_established+0x138/0x6f0 net/ipv4/tcp_input.c:5694
tcp_v6_do_rcv+0xce/0x3f0 net/ipv6/tcp_ipv6.c:1378
tcp_v6_rcv+0xb75/0xcc0 net/ipv6/tcp_ipv6.c:1610
ip6_protocol_deliver_rcu+0xc8/0x540 net/ipv6/ip6_input.c:409
ip6_input_finish+0x57/0xf0 net/ipv6/ip6_input.c:450
NF_HOOK include/linux/netfilter.h:305 [inline]
NF_HOOK include/linux/netfilter.h:299 [inline]
ip6_input+0x40/0x1f0 net/ipv6/ip6_input.c:459
dst_input include/net/dst.h:442 [inline]
ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline]
ip6_rcv_finish+0x2f/0x60 net/ipv6/ip6_input.c:66
NF_HOOK include/linux/netfilter.h:305 [inline]
NF_HOOK include/linux/netfilter.h:299 [inline]
ipv6_rcv+0x16a/0x220 net/ipv6/ip6_input.c:284
__netif_receive_skb_one_core+0x4e/0x70 net/core/dev.c:5010
__netif_receive_skb+0x13/0x60 net/core/dev.c:5124
process_backlog+0xcd/0x210 net/core/dev.c:5955
napi_poll net/core/dev.c:6392 [inline]
net_rx_action+0xf1/0x3a0 net/core/dev.c:6460
__do_softirq+0xc1/0x40d kernel/softirq.c:292
do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082
</IRQ>
do_softirq.part.0+0x44/0x50 kernel/softirq.c:337
do_softirq arch/x86/include/asm/preempt.h:26 [inline]
__local_bh_enable_ip+0xc6/0xd0 kernel/softirq.c:189
local_bh_enable include/linux/bottom_half.h:32 [inline]
inet_csk_listen_stop+0x14d/0x300 net/ipv4/inet_connection_sock.c:993
tcp_close+0x433/0x4e0 net/ipv4/tcp.c:2352
inet_release+0x30/0x60 net/ipv4/af_inet.c:427
inet6_release+0x2c/0x40 net/ipv6/af_inet6.c:470
__sock_release+0x31/0x90 net/socket.c:590
sock_close+0x13/0x20 net/socket.c:1268
__fput+0xca/0x250 fs/file_table.c:280
____fput+0x9/0x10 fs/file_table.c:313
task_work_run+0x7b/0xb0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0x292/0xb30 kernel/exit.c:817
do_group_exit+0x4b/0xc0 kernel/exit.c:921
get_signal+0x132/0xb70 kernel/signal.c:2734
do_signal+0x2f/0x270 arch/x86/kernel/signal.c:815
exit_to_usermode_loop+0x5d/0xa0 arch/x86/entry/common.c:159
prepare_exit_to_usermode arch/x86/entry/common.c:194 [inline]
syscall_return_slowpath arch/x86/entry/common.c:274 [inline]
do_syscall_64+0x145/0x1a0 arch/x86/entry/common.c:300
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x46165d
Code: Bad RIP value.
RSP: 002b:00007ff9f7764c58 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: 00000000002774e4 RBX: 000000000052bf00 RCX: 000000000046165d
RDX: ffffffffffffffc1 RSI: 00000000200005c0 RDI: 0000000000000006
RBP: 0000000000000006 R08: 0000000000000000 R09: 1201000000003618
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004f3d48 R14: 00000000004b258c R15: 00007ff9f77656bc
Kernel Offset: disabled
Rebooting in 5 seconds..
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: kernel panic: stack is corrupted in __lock_acquire (4)
2019-10-17 16:25 ` Eric Biggers
@ 2019-10-17 16:30 ` Eric Biggers
2019-11-19 5:29 ` Eric Biggers
0 siblings, 1 reply; 7+ messages in thread
From: Eric Biggers @ 2019-10-17 16:30 UTC (permalink / raw)
To: bpf, netdev
Cc: Jakub Kicinski, John Fastabend, syzbot, LKML, Dmitry Vyukov,
syzkaller-bugs
On Thu, Oct 17, 2019 at 09:25:05AM -0700, Eric Biggers wrote:
> On Sun, Sep 01, 2019 at 08:23:42PM -0700, 'Dmitry Vyukov' via syzkaller-bugs wrote:
> > On Sun, Sep 1, 2019 at 3:48 PM syzbot
> > <syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com> wrote:
> > >
> > > syzbot has found a reproducer for the following crash on:
> > >
> > > HEAD commit: 38320f69 Merge branch 'Minor-cleanup-in-devlink'
> > > git tree: net-next
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=13d74356600000
> > > kernel config: https://syzkaller.appspot.com/x/.config?x=1bbf70b6300045af
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=83979935eb6304f8cd46
> > > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1008b232600000
> >
> > Stack corruption + bpf maps in repro triggers some bells. +bpf mailing list.
> >
> > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
> > >
> > > Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
> > > __lock_acquire+0x36fa/0x4c30 kernel/locking/lockdep.c:3907
> > > CPU: 0 PID: 8662 Comm: syz-executor.4 Not tainted 5.3.0-rc6+ #153
> > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > > Google 01/01/2011
> > > Call Trace:
> > > Kernel Offset: disabled
> > > Rebooting in 86400 seconds..
> > >
>
> This is still reproducible on latest net tree, but using a different kconfig I
> was able to get a more informative crash output. Apparently tcp_bpf_unhash() is
> being called recursively. Anyone know why this might happen?
>
> This is using the syzkaller language reproducer linked above -- I ran it with:
>
> syz-execprog -threaded=1 -collide=1 -cover=0 -repeat=0 -procs=8 -sandbox=none -enable=net_dev,net_reset,tun syz_bpf.txt
>
> Crash report on net/master:
>
> PANIC: double fault, error_code: 0x0
> CPU: 3 PID: 8328 Comm: syz-executor Not tainted 5.4.0-rc1-00118-ge497c20e2036 #31
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20191013_105130-anatol 04/01/2014
> RIP: 0010:mark_lock+0x4/0x640 kernel/locking/lockdep.c:3631
> Code: a2 7f 27 01 85 c0 0f 84 f3 42 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 48 83 ec 18 83 fa 08 76 21 44 8b 25 ab
> RSP: 0018:ffffc9000010d000 EFLAGS: 00010046
> RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
> RDX: 0000000000000008 RSI: ffff888071f92dd8 RDI: ffff888071f92600
> RBP: ffffc9000010d000 R08: 0000000000000000 R09: 0000000000022023
> R10: 00000000000000c8 R11: 0000000000000000 R12: ffff888071f92600
> R13: ffff888071f92dd8 R14: 0000000000000023 R15: 0000000000000000
> FS: 00007ff9f7765700(0000) GS:ffff88807fd80000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffc9000010cff8 CR3: 000000000221d000 CR4: 00000000003406e0
> Call Trace:
> <IRQ>
> mark_usage kernel/locking/lockdep.c:3592 [inline]
> __lock_acquire+0x22f/0xf80 kernel/locking/lockdep.c:3909
> lock_acquire+0x99/0x170 kernel/locking/lockdep.c:4487
> rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
> rcu_read_lock include/linux/rcupdate.h:599 [inline]
> tcp_bpf_unhash+0x33/0x1d0 net/ipv4/tcp_bpf.c:549
> tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
[...]
Recursive tcp_bpf_unhash() also showed up in
"BUG: unable to handle kernel paging request in tls_prots"
(https://lkml.kernel.org/lkml/000000000000d7bcbb058c3758a1@google.com/T/)
which was claimed to be fixed by
"bpf: sockmap/tls, close can race with map free".
But that fix was months ago; this crash is on latest net tree.
- Eric
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: kernel panic: stack is corrupted in __lock_acquire (4)
2019-10-17 16:30 ` Eric Biggers
@ 2019-11-19 5:29 ` Eric Biggers
2019-11-19 5:46 ` John Fastabend
0 siblings, 1 reply; 7+ messages in thread
From: Eric Biggers @ 2019-11-19 5:29 UTC (permalink / raw)
To: bpf, netdev, Jakub Kicinski, John Fastabend, syzbot, LKML,
Dmitry Vyukov, syzkaller-bugs
On Thu, Oct 17, 2019 at 09:30:07AM -0700, Eric Biggers wrote:
> On Thu, Oct 17, 2019 at 09:25:05AM -0700, Eric Biggers wrote:
> > On Sun, Sep 01, 2019 at 08:23:42PM -0700, 'Dmitry Vyukov' via syzkaller-bugs wrote:
> > > On Sun, Sep 1, 2019 at 3:48 PM syzbot
> > > <syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com> wrote:
> > > >
> > > > syzbot has found a reproducer for the following crash on:
> > > >
> > > > HEAD commit: 38320f69 Merge branch 'Minor-cleanup-in-devlink'
> > > > git tree: net-next
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=13d74356600000
> > > > kernel config: https://syzkaller.appspot.com/x/.config?x=1bbf70b6300045af
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=83979935eb6304f8cd46
> > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1008b232600000
> > >
> > > Stack corruption + bpf maps in repro triggers some bells. +bpf mailing list.
> > >
> > > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > > Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
> > > >
> > > > Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
> > > > __lock_acquire+0x36fa/0x4c30 kernel/locking/lockdep.c:3907
> > > > CPU: 0 PID: 8662 Comm: syz-executor.4 Not tainted 5.3.0-rc6+ #153
> > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > > > Google 01/01/2011
> > > > Call Trace:
> > > > Kernel Offset: disabled
> > > > Rebooting in 86400 seconds..
> > > >
> >
> > This is still reproducible on latest net tree, but using a different kconfig I
> > was able to get a more informative crash output. Apparently tcp_bpf_unhash() is
> > being called recursively. Anyone know why this might happen?
> >
> > This is using the syzkaller language reproducer linked above -- I ran it with:
> >
> > syz-execprog -threaded=1 -collide=1 -cover=0 -repeat=0 -procs=8 -sandbox=none -enable=net_dev,net_reset,tun syz_bpf.txt
> >
> > Crash report on net/master:
> >
> > PANIC: double fault, error_code: 0x0
> > CPU: 3 PID: 8328 Comm: syz-executor Not tainted 5.4.0-rc1-00118-ge497c20e2036 #31
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20191013_105130-anatol 04/01/2014
> > RIP: 0010:mark_lock+0x4/0x640 kernel/locking/lockdep.c:3631
> > Code: a2 7f 27 01 85 c0 0f 84 f3 42 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 48 83 ec 18 83 fa 08 76 21 44 8b 25 ab
> > RSP: 0018:ffffc9000010d000 EFLAGS: 00010046
> > RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
> > RDX: 0000000000000008 RSI: ffff888071f92dd8 RDI: ffff888071f92600
> > RBP: ffffc9000010d000 R08: 0000000000000000 R09: 0000000000022023
> > R10: 00000000000000c8 R11: 0000000000000000 R12: ffff888071f92600
> > R13: ffff888071f92dd8 R14: 0000000000000023 R15: 0000000000000000
> > FS: 00007ff9f7765700(0000) GS:ffff88807fd80000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: ffffc9000010cff8 CR3: 000000000221d000 CR4: 00000000003406e0
> > Call Trace:
> > <IRQ>
> > mark_usage kernel/locking/lockdep.c:3592 [inline]
> > __lock_acquire+0x22f/0xf80 kernel/locking/lockdep.c:3909
> > lock_acquire+0x99/0x170 kernel/locking/lockdep.c:4487
> > rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
> > rcu_read_lock include/linux/rcupdate.h:599 [inline]
> > tcp_bpf_unhash+0x33/0x1d0 net/ipv4/tcp_bpf.c:549
> > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> [...]
>
> Recursive tcp_bpf_unhash() also showed up in
> "BUG: unable to handle kernel paging request in tls_prots"
> (https://lkml.kernel.org/lkml/000000000000d7bcbb058c3758a1@google.com/T/)
> which was claimed to be fixed by
> "bpf: sockmap/tls, close can race with map free".
> But that fix was months ago; this crash is on latest net tree.
>
Is anyone planning to look into this? This is still occurring on net-next
(4 days ago).
- Eric
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: kernel panic: stack is corrupted in __lock_acquire (4)
2019-11-19 5:29 ` Eric Biggers
@ 2019-11-19 5:46 ` John Fastabend
0 siblings, 0 replies; 7+ messages in thread
From: John Fastabend @ 2019-11-19 5:46 UTC (permalink / raw)
To: Eric Biggers, bpf, netdev, Jakub Kicinski, John Fastabend,
syzbot, LKML, Dmitry Vyukov, syzkaller-bugs
Eric Biggers wrote:
> On Thu, Oct 17, 2019 at 09:30:07AM -0700, Eric Biggers wrote:
> > On Thu, Oct 17, 2019 at 09:25:05AM -0700, Eric Biggers wrote:
> > > On Sun, Sep 01, 2019 at 08:23:42PM -0700, 'Dmitry Vyukov' via syzkaller-bugs wrote:
> > > > On Sun, Sep 1, 2019 at 3:48 PM syzbot
> > > > <syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com> wrote:
> > > > >
> > > > > syzbot has found a reproducer for the following crash on:
> > > > >
> > > > > HEAD commit: 38320f69 Merge branch 'Minor-cleanup-in-devlink'
> > > > > git tree: net-next
> > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=13d74356600000
> > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=1bbf70b6300045af
> > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=83979935eb6304f8cd46
> > > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> > > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1008b232600000
> > > >
> > > > Stack corruption + bpf maps in repro triggers some bells. +bpf mailing list.
> > > >
> > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit:
> > > > > Reported-by: syzbot+83979935eb6304f8cd46@syzkaller.appspotmail.com
> > > > >
> > > > > Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
> > > > > __lock_acquire+0x36fa/0x4c30 kernel/locking/lockdep.c:3907
> > > > > CPU: 0 PID: 8662 Comm: syz-executor.4 Not tainted 5.3.0-rc6+ #153
> > > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> > > > > Google 01/01/2011
> > > > > Call Trace:
> > > > > Kernel Offset: disabled
> > > > > Rebooting in 86400 seconds..
> > > > >
> > >
> > > This is still reproducible on latest net tree, but using a different kconfig I
> > > was able to get a more informative crash output. Apparently tcp_bpf_unhash() is
> > > being called recursively. Anyone know why this might happen?
> > >
> > > This is using the syzkaller language reproducer linked above -- I ran it with:
> > >
> > > syz-execprog -threaded=1 -collide=1 -cover=0 -repeat=0 -procs=8 -sandbox=none -enable=net_dev,net_reset,tun syz_bpf.txt
> > >
> > > Crash report on net/master:
> > >
> > > PANIC: double fault, error_code: 0x0
> > > CPU: 3 PID: 8328 Comm: syz-executor Not tainted 5.4.0-rc1-00118-ge497c20e2036 #31
> > > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20191013_105130-anatol 04/01/2014
> > > RIP: 0010:mark_lock+0x4/0x640 kernel/locking/lockdep.c:3631
> > > Code: a2 7f 27 01 85 c0 0f 84 f3 42 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 48 83 ec 18 83 fa 08 76 21 44 8b 25 ab
> > > RSP: 0018:ffffc9000010d000 EFLAGS: 00010046
> > > RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
> > > RDX: 0000000000000008 RSI: ffff888071f92dd8 RDI: ffff888071f92600
> > > RBP: ffffc9000010d000 R08: 0000000000000000 R09: 0000000000022023
> > > R10: 00000000000000c8 R11: 0000000000000000 R12: ffff888071f92600
> > > R13: ffff888071f92dd8 R14: 0000000000000023 R15: 0000000000000000
> > > FS: 00007ff9f7765700(0000) GS:ffff88807fd80000(0000) knlGS:0000000000000000
> > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > CR2: ffffc9000010cff8 CR3: 000000000221d000 CR4: 00000000003406e0
> > > Call Trace:
> > > <IRQ>
> > > mark_usage kernel/locking/lockdep.c:3592 [inline]
> > > __lock_acquire+0x22f/0xf80 kernel/locking/lockdep.c:3909
> > > lock_acquire+0x99/0x170 kernel/locking/lockdep.c:4487
> > > rcu_lock_acquire include/linux/rcupdate.h:208 [inline]
> > > rcu_read_lock include/linux/rcupdate.h:599 [inline]
> > > tcp_bpf_unhash+0x33/0x1d0 net/ipv4/tcp_bpf.c:549
> > > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> > > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> > > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> > > tcp_bpf_unhash+0x19b/0x1d0 net/ipv4/tcp_bpf.c:554
> > [...]
> >
> > Recursive tcp_bpf_unhash() also showed up in
> > "BUG: unable to handle kernel paging request in tls_prots"
> > (https://lkml.kernel.org/lkml/000000000000d7bcbb058c3758a1@google.com/T/)
> > which was claimed to be fixed by
> > "bpf: sockmap/tls, close can race with map free".
> > But that fix was months ago; this crash is on latest net tree.
> >
>
> Is anyone planning to look into this? This is still occurring on net-next
> (4 days ago).
>
> - Eric
I'll take a look in the morning thanks.
.John
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-11-19 5:46 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-10 8:54 kernel panic: stack is corrupted in __lock_acquire (4) syzbot
2019-09-01 22:48 ` syzbot
2019-09-02 3:23 ` Dmitry Vyukov
2019-10-17 16:25 ` Eric Biggers
2019-10-17 16:30 ` Eric Biggers
2019-11-19 5:29 ` Eric Biggers
2019-11-19 5:46 ` John Fastabend
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).