WARNING in __rcu_read_unlock

1,140 views
Skip to first unread message

syzbot

unread,
Dec 15, 2018, 7:41:04 AM12/15/18
to ak...@linux-foundation.org, ar...@linux.intel.com, jo...@joshtriplett.org, linux-...@vger.kernel.org, mi...@kernel.org, pau...@linux.vnet.ibm.com, syzkall...@googlegroups.com
Hello,

syzbot found the following crash on:

HEAD commit: 2aa55dccf83d hns3: prevent building without CONFIG_INET
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=15628f6d400000
kernel config: https://syzkaller.appspot.com/x/.config?x=d9655b05acfc97ff
dashboard link: https://syzkaller.appspot.com/bug?extid=43f6755d1c2e62743468
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=125fda8b400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=135e54cd400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+43f675...@syzkaller.appspotmail.com

IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
WARNING: CPU: 0 PID: -2035180937 at kernel/rcu/tree_plugin.h:438
__rcu_read_unlock+0x266/0x2e0 kernel/rcu/tree_plugin.h:432
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: -2035180937 Comm: L ����� Not tainted 4.20.0-rc6+ #344
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x244/0x39d lib/dump_stack.c:113
panic+0x2ad/0x55c kernel/panic.c:188
__warn.cold.8+0x20/0x45 kernel/panic.c:540
report_bug+0x254/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:973
RIP: 0010:__rcu_read_unlock+0x266/0x2e0 kernel/rcu/tree_plugin.h:432
Code: 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 0f b6 04 02 84 c0 74 04 3c 03
7e 6f 41 c7 84 24 70 03 00 00 00 00 00 00 e9 5a fe ff ff <0f> 0b e9 da fe
ff ff 4c 89 f7 e8 1b 14 59 00 e9 2a fe ff ff 4c 89
RSP: 0018:ffff8881dae075e8 EFLAGS: 00010006
RAX: dffffc0000000000 RBX: 1ffff1103b5c0ebe RCX: ffffffff8153f599
RDX: 1ffff1103b5c0eca RSI: ffffffff8153f5bb RDI: 0000000000000005
RBP: ffff8881dae076b8 R08: ffff8881bf1f4540 R09: ffffed103b5c3ef8
R10: ffffed103b5c3ef8 R11: ffff8881dae1f7c7 R12: 00000000fdb21501
R13: 1ffff1103b5c0eca R14: ffff8881bf1f48b0 R15: ffff8881dae07690
rcu_read_unlock include/linux/rcupdate.h:660 [inline]
__atomic_notifier_call_chain kernel/notifier.c:184 [inline]
atomic_notifier_call_chain+0xd0/0x190 kernel/notifier.c:193
notify_die+0x1bd/0x2d0 kernel/notifier.c:549
do_general_protection+0x16d/0x2f0 arch/x86/kernel/traps.c:557
general_protection+0x1e/0x30 arch/x86/entry/entry_64.S:1142
RIP: 0010:task_css include/linux/cgroup.h:477 [inline]
RIP: 0010:task_ca kernel/sched/cpuacct.c:43 [inline]
RIP: 0010:cpuacct_account_field+0x140/0x3d0 kernel/sched/cpuacct.c:365
Code: b6 97 08 00 85 c0 74 0d 80 3d 69 bb b2 08 00 0f 84 a4 01 00 00 49 8d
7e 10 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f
85 4e 02 00 00 4d 8b 7e 10 49 81 ff 20 23 58 89 0f
RSP: 0018:ffff8881dae078a8 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: ffff8881dae07918 RCX: 0000000000000000
RDX: 000000000000000e RSI: 00000000ffff8881 RDI: 0000000000000072
RBP: ffff8881dae07940 R08: 0000000000000000 R09: 0000000000000000
R10: ffffed1037304851 R11: 0000000000000007 R12: 0000000000982e14
R13: dffffc0000000000 R14: 0000000000000062 R15: ffff8881bf1f4540
cgroup_account_cputime_field include/linux/cgroup.h:775 [inline]
task_group_account_field kernel/sched/cputime.c:108 [inline]
account_system_index_time+0x1e8/0x5d0 kernel/sched/cputime.c:171
irqtime_account_process_tick.isra.6+0x35b/0x490 kernel/sched/cputime.c:388
account_process_tick+0x282/0x350 kernel/sched/cputime.c:483
update_process_times+0x21/0x70 kernel/time/timer.c:1634
tick_sched_handle+0x9f/0x180 kernel/time/tick-sched.c:164
tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
__run_hrtimer kernel/time/hrtimer.c:1398 [inline]
__hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460
hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1034 [inline]
smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1059
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
</IRQ>
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Paul E. McKenney

unread,
Dec 16, 2018, 2:04:18 PM12/16/18
to syzbot, ak...@linux-foundation.org, ar...@linux.intel.com, jo...@joshtriplett.org, linux-...@vger.kernel.org, mi...@kernel.org, syzkall...@googlegroups.com
Hmmm... Line 432 is the "t->rcu_read_lock_nesting = 0;" below
and Line 438 is the int "rrln = READ_ONCE(t->rcu_read_lock_nesting);"
below. Are you saying that the value of "current" is NULL? If you
do that, you have voided your RCU warranty. ;-)

Or should I be looking elsewhere than v4.20-rc5?

Thanx, Paul

------------------------------------------------------------------------

void __rcu_read_unlock(void)
{
struct task_struct *t = current;

if (t->rcu_read_lock_nesting != 1) {
--t->rcu_read_lock_nesting;
} else {
barrier(); /* critical section before exit code. */
t->rcu_read_lock_nesting = INT_MIN;
barrier(); /* assign before ->rcu_read_unlock_special load */
if (unlikely(READ_ONCE(t->rcu_read_unlock_special.s)))
rcu_read_unlock_special(t);
barrier(); /* ->rcu_read_unlock_special load before assign */
t->rcu_read_lock_nesting = 0;
}
#ifdef CONFIG_PROVE_LOCKING
{
int rrln = READ_ONCE(t->rcu_read_lock_nesting);

WARN_ON_ONCE(rrln < 0 && rrln > INT_MIN / 2);
}
#endif /* #ifdef CONFIG_PROVE_LOCKING */
}

Dmitry Vyukov

unread,
Dec 17, 2018, 4:45:04 AM12/17/18
to Paul E. McKenney, syzbot, Andrew Morton, Arjan van de Ven, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
Hi Paul,

Git tree and commit are in the first lines of the report ;)

I think it points to:
WARN_ON_ONCE(rrln < 0 && rrln > INT_MIN / 2);

The exact source line for the RIP: line maybe off-by-one, because
usually we have call return PCs, and then it's necessary to subtract 1
during symbolization, but not for RIP: lines, because they contain
exact faulting PC. This was fixed few days ago, but I think this
report was generated before this fix:
https://github.com/google/syzkaller/commit/7a944a0a666587f229291814b30644cc0859674c

But the kernel output contains the right line number:
[ 51.239451] WARNING: CPU: 0 PID: -2035180937 at
kernel/rcu/tree_plugin.h:438 __rcu_read_unlock+0x266/0x2e0

That "PID: -2035180937" looks concerning.

Out of 3 syscalls in the reproducer, 2 operate on invalid fd's so
probably no-op. And the remaining one injects a network packet. If
this is caused by the incoming network packet, it may be pretty bad.
+netdev.



> ------------------------------------------------------------------------
>
> void __rcu_read_unlock(void)
> {
> struct task_struct *t = current;
>
> if (t->rcu_read_lock_nesting != 1) {
> --t->rcu_read_lock_nesting;
> } else {
> barrier(); /* critical section before exit code. */
> t->rcu_read_lock_nesting = INT_MIN;
> barrier(); /* assign before ->rcu_read_unlock_special load */
> if (unlikely(READ_ONCE(t->rcu_read_unlock_special.s)))
> rcu_read_unlock_special(t);
> barrier(); /* ->rcu_read_unlock_special load before assign */
> t->rcu_read_lock_nesting = 0;
> }
> #ifdef CONFIG_PROVE_LOCKING
> {
> int rrln = READ_ONCE(t->rcu_read_lock_nesting);
>
> WARN_ON_ONCE(rrln < 0 && rrln > INT_MIN / 2);
> }
> #endif /* #ifdef CONFIG_PROVE_LOCKING */
> }
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/20181216190412.GE4170%40linux.ibm.com.
> For more options, visit https://groups.google.com/d/optout.

Paul E. McKenney

unread,
Dec 17, 2018, 6:29:21 AM12/17/18
to Dmitry Vyukov, syzbot, Andrew Morton, Arjan van de Ven, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
Ah, net-next.

> I think it points to:
> WARN_ON_ONCE(rrln < 0 && rrln > INT_MIN / 2);
>
> The exact source line for the RIP: line maybe off-by-one, because
> usually we have call return PCs, and then it's necessary to subtract 1
> during symbolization, but not for RIP: lines, because they contain
> exact faulting PC. This was fixed few days ago, but I think this
> report was generated before this fix:
> https://github.com/google/syzkaller/commit/7a944a0a666587f229291814b30644cc0859674c
>
> But the kernel output contains the right line number:
> [ 51.239451] WARNING: CPU: 0 PID: -2035180937 at
> kernel/rcu/tree_plugin.h:438 __rcu_read_unlock+0x266/0x2e0
>
> That "PID: -2035180937" looks concerning.

As does this sort of report on a line that contains simple integer
arithmetic and boolean operations. ;-)

Any chance of a bisection?

Thanx, Paul

Dmitry Vyukov

unread,
Dec 17, 2018, 8:07:29 AM12/17/18
to Paul E. McKenney, syzbot, Andrew Morton, Arjan van de Ven, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
For now I can say this is something notoriously bad. Just emitting the
packet gave me:

[ 2103.960719] BUG: unable to handle kernel paging request at ffffe902e1e2a2d8
early console in extract_kernel
input_data: 0x00000000089b12e9
input_len: 0x0000000003451648
output: 0x0000000001000000
output_len: 0x0000000009911a48
kernel_total_size: 0x000000000ae26000
trampoline_32bit: 0x000000000009d000
Decompressing Linux... Parsing ELF... done.
Booting the kernel.

and second time:

[ 30.976582] INFO: trying to register non-static key.
[ 30.977065] BUG: KASAN: stack-out-of-bounds in inode_init_always+0xc16/0xd80
[ 30.977681] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 30.978428] Kernel panic - not syncing: Fatal exception

Arjan van de Ven

unread,
Dec 17, 2018, 9:14:15 AM12/17/18
to pau...@linux.ibm.com, Dmitry Vyukov, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
On 12/17/2018 3:29 AM, Paul E. McKenney wrote:
> As does this sort of report on a line that contains simple integer
> arithmetic and boolean operations.;-)
>
> Any chance of a bisection?

btw this looks like something caused a stack overflow and thus all the weirdness that then happens

Dmitry Vyukov

unread,
Dec 17, 2018, 9:40:21 AM12/17/18
to Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
Yup, without KASAN/KCOV but with VMAP_STACK I got:

[ 28.233646] BUG: stack guard page was hit at 0000000022cb8581
(stack is 00000000da05d4f9..00000000faf1d802)
[ 28.237814] kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP
[ 28.240489] CPU: 3 PID: 7307 Comm: syz-executor Not tainted 4.20.0-rc6+ #7
[ 28.243250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-1 04/01/2014
[ 28.246254] RIP: 0010:__lock_is_held+0x17/0xa0
[ 28.248132] Code: 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 45 31
ff eb e5 55 48 89 e5 41 57 45 31 ff 41 56 49 89 fe 41 55 41 54 53 48
83 ec 08 <89> 75 d4 65 4c 8b 24 25 40 5e 01 00 41 8b 84 24 78 08 00 00
4d 8d
[ 28.253129] RSP: 0018:ffffc900023cbff8 EFLAGS: 00010092
[ 28.254934] RAX: 0000000000000286 RBX: ffff8880683ae040 RCX: 0000000000000000
[ 28.257739] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffffff83ac8480
[ 28.260421] RBP: ffffc900023cc028 R08: ffff8880683b7d40 R09: 000000000000000b
[ 28.263125] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
[ 28.265812] R13: 0000000000000000 R14: ffffffff83ac8480 R15: 0000000000000000
[ 28.268723] FS: 00007fd529f84700(0000) GS:ffff88807db80000(0000)
knlGS:0000000000000000
[ 28.271745] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.273061] BUG: stack guard page was hit at 00000000d4fbb259
(stack is 00000000e1a66146..0000000085659f15)
[ 28.273427] CR2: ffffc900023cbfe8 CR3: 0000000068371003 CR4: 00000000001606e0
[ 28.273432] Call Trace:
[ 28.279078] ? lock_is_held_type+0x4e/0x90
[ 28.280441] ? rcu_read_lock_held+0x54/0x60
[ 28.281869] ? gue_err_proto_handler+0x55/0x90
[ 28.282865] ? gue_err+0xed/0x190
[ 28.283520] ? gue_err_proto_handler+0x90/0x90
[ 28.283793] BUG: stack guard page was hit at 0000000062cbafbc
(stack is 00000000f3170459..000000003ae1141b)
[ 28.284355] ? __udp4_lib_err+0x32e/0x440
[ 28.284359] ? udp_err+0x10/0x20
[ 28.287550] ? gue_err_proto_handler+0x45/0x90
[ 28.288441] ? gue_err+0xed/0x190
[ 28.289086] ? gue_err_proto_handler+0x90/0x90
[ 28.290026] ? __udp4_lib_err+0x32e/0x440
[ 28.290812] ? udp_err+0x10/0x20
[ 28.291462] ? gue_err_proto_handler+0x45/0x90
[ 28.292332] ? gue_err+0xed/0x190
[ 28.292989] ? gue_err_proto_handler+0x90/0x90
[ 28.293828] ? __udp4_lib_err+0x32e/0x440
[ 28.294621] ? udp_err+0x10/0x20
[ 28.295256] ? gue_err_proto_handler+0x45/0x90
[ 28.296082] ? gue_err+0xed/0x190
[ 28.296754] ? gue_err_proto_handler+0x90/0x90
[ 28.297760] ? __udp4_lib_err+0x32e/0x440
[ 28.298563] ? udp_err+0x10/0x20
[ 28.299207] ? gue_err_proto_handler+0x45/0x90
[ 28.300075] ? gue_err+0xed/0x190
[ 28.300753] ? gue_err_proto_handler+0x90/0x90
[ 28.301586] ? __udp4_lib_err+0x32e/0x440
[ 28.302331] ? udp_err+0x10/0x20
[ 28.302947] ? gue_err_proto_handler+0x45/0x90
[ 28.303840] ? gue_err+0xed/0x190
[ 28.304526] ? gue_err_proto_handler+0x90/0x90
[ 28.305413] ? __udp4_lib_err+0x32e/0x440
[ 28.306194] ? udp_err+0x10/0x20
[ 28.306843] ? gue_err_proto_handler+0x45/0x90
[ 28.310631] ? gue_err+0xed/0x190
[ 28.311236] ? gue_err_proto_handler+0x90/0x90
[ 28.312048] ? __udp4_lib_err+0x32e/0x440
[ 28.312781] ? udp_err+0x10/0x20
[ 28.313381] ? gue_err_proto_handler+0x45/0x90
[ 28.314191] ? gue_err+0xed/0x190
[ 28.314798] ? gue_err_proto_handler+0x90/0x90
[ 28.315624] ? __udp4_lib_err+0x32e/0x440
[ 28.316352] ? udp_err+0x10/0x20
[ 28.316943] ? gue_err_proto_handler+0x45/0x90
[ 28.317747] ? gue_err+0xed/0x190
[ 28.318342] ? gue_err_proto_handler+0x90/0x90
[ 28.319149] ? __udp4_lib_err+0x32e/0x440
[ 28.319893] ? udp_err+0x10/0x20
[ 28.320464] ? gue_err_proto_handler+0x45/0x90
[ 28.321203] ? gue_err+0xed/0x190
[ 28.321777] ? gue_err_proto_handler+0x90/0x90
[ 28.322569] ? __udp4_lib_err+0x32e/0x440
[ 28.323301] ? udp_err+0x10/0x20
[ 28.323988] ? gue_err_proto_handler+0x45/0x90
[ 28.324794] ? gue_err+0xed/0x190
[ 28.325392] ? gue_err_proto_handler+0x90/0x90
[ 28.326193] ? __udp4_lib_err+0x32e/0x440
[ 28.326913] ? udp_err+0x10/0x20
[ 28.327504] ? gue_err_proto_handler+0x45/0x90
[ 28.328295] ? gue_err+0xed/0x190
[ 28.328905] ? gue_err_proto_handler+0x90/0x90
[ 28.329725] ? __udp4_lib_err+0x32e/0x440
[ 28.330455] ? udp_err+0x10/0x20
[ 28.331037] ? gue_err_proto_handler+0x45/0x90
[ 28.331849] ? gue_err+0xed/0x190
[ 28.332450] ? gue_err_proto_handler+0x90/0x90
[ 28.333245] ? __udp4_lib_err+0x32e/0x440
[ 28.333971] ? udp_err+0x10/0x20
[ 28.334548] ? gue_err_proto_handler+0x45/0x90
[ 28.335329] ? gue_err+0xed/0x190
[ 28.335916] ? gue_err_proto_handler+0x90/0x90
[ 28.336691] ? __udp4_lib_err+0x32e/0x440
[ 28.337421] ? udp_err+0x10/0x20
[ 28.338018] ? gue_err_proto_handler+0x45/0x90
[ 28.338916] ? gue_err+0xed/0x190
[ 28.339685] ? gue_err_proto_handler+0x90/0x90
[ 28.341270] ? __udp4_lib_err+0x32e/0x440
[ 28.342748] ? udp_err+0x10/0x20
[ 28.343973] ? gue_err_proto_handler+0x45/0x90
[ 28.345814] ? gue_err+0xed/0x190
[ 28.347150] ? gue_err_proto_handler+0x90/0x90
[ 28.348939] ? __udp4_lib_err+0x32e/0x440
[ 28.350543] ? udp_err+0x10/0x20
[ 28.351849] ? gue_err_proto_handler+0x45/0x90
[ 28.353617] ? gue_err+0xed/0x190
[ 28.354942] ? gue_err_proto_handler+0x90/0x90
[ 28.356704] ? __udp4_lib_err+0x32e/0x440
[ 28.358253] ? udp_err+0x10/0x20
[ 28.359623] ? gue_err_proto_handler+0x45/0x90
[ 28.361503] ? gue_err+0xed/0x190
[ 28.362891] ? gue_err_proto_handler+0x90/0x90
[ 28.364730] ? __udp4_lib_err+0x32e/0x440
[ 28.366325] ? udp_err+0x10/0x20
[ 28.367633] ? gue_err_proto_handler+0x45/0x90
[ 28.369430] ? gue_err+0xed/0x190
[ 28.370834] ? gue_err_proto_handler+0x90/0x90
[ 28.372707] ? __udp4_lib_err+0x32e/0x440
[ 28.374311] ? udp_err+0x10/0x20
[ 28.375580] ? gue_err_proto_handler+0x45/0x90
[ 28.376928] ? gue_err+0xed/0x190
[ 28.377759] ? gue_err_proto_handler+0x90/0x90
[ 28.378865] ? __udp4_lib_err+0x32e/0x440
[ 28.379627] ? udp_err+0x10/0x20
[ 28.380262] ? gue_err_proto_handler+0x45/0x90
[ 28.381152] ? gue_err+0xed/0x190
[ 28.381796] ? gue_err_proto_handler+0x90/0x90
[ 28.382650] ? __udp4_lib_err+0x32e/0x440
[ 28.383442] ? udp_err+0x10/0x20
[ 28.384060] ? gue_err_proto_handler+0x45/0x90
[ 28.384900] ? gue_err+0xed/0x190
[ 28.385571] ? gue_err_proto_handler+0x90/0x90
[ 28.386429] ? __udp4_lib_err+0x32e/0x440
[ 28.387193] ? udp_err+0x10/0x20
[ 28.388130] ? gue_err_proto_handler+0x45/0x90
[ 28.388976] ? gue_err+0xed/0x190
[ 28.389625] ? gue_err_proto_handler+0x90/0x90
[ 28.390467] ? __udp4_lib_err+0x32e/0x440
[ 28.391260] ? udp_err+0x10/0x20
[ 28.391911] ? gue_err_proto_handler+0x45/0x90
[ 28.392797] ? gue_err+0xed/0x190
[ 28.393466] ? gue_err_proto_handler+0x90/0x90
[ 28.394303] ? __udp4_lib_err+0x32e/0x440
[ 28.395048] ? udp_err+0x10/0x20
[ 28.395672] ? gue_err_proto_handler+0x45/0x90
[ 28.396523] ? gue_err+0xed/0x190
[ 28.397161] ? gue_err_proto_handler+0x90/0x90
[ 28.398054] ? __udp4_lib_err+0x32e/0x440
[ 28.398839] ? udp_err+0x10/0x20
[ 28.399443] ? gue_err_proto_handler+0x45/0x90
[ 28.400252] ? gue_err+0xed/0x190
[ 28.400867] ? gue_err_proto_handler+0x90/0x90
[ 28.401677] ? __udp4_lib_err+0x32e/0x440
[ 28.402410] ? udp_err+0x10/0x20
[ 28.403008] ? gue_err_proto_handler+0x45/0x90
[ 28.404473] ? gue_err+0xed/0x190
[ 28.405710] ? gue_err_proto_handler+0x90/0x90
[ 28.406771] ? __udp4_lib_err+0x32e/0x440
[ 28.408105] ? udp_err+0x10/0x20
[ 28.408902] ? gue_err_proto_handler+0x45/0x90
[ 28.410104] ? gue_err+0xed/0x190
[ 28.410767] ? gue_err_proto_handler+0x90/0x90
[ 28.411704] ? __udp4_lib_err+0x32e/0x440
[ 28.412439] ? udp_err+0x10/0x20
[ 28.413032] ? gue_err_proto_handler+0x45/0x90
[ 28.413851] ? gue_err+0xed/0x190
[ 28.414465] ? gue_err_proto_handler+0x90/0x90
[ 28.415295] ? __udp4_lib_err+0x32e/0x440
[ 28.416039] ? udp_err+0x10/0x20
[ 28.416635] ? gue_err_proto_handler+0x45/0x90
[ 28.417451] ? gue_err+0xed/0x190
[ 28.418025] ? gue_err_proto_handler+0x90/0x90
[ 28.418816] ? __udp4_lib_err+0x32e/0x440
[ 28.419734] ? udp_err+0x10/0x20
[ 28.420686] ? gue_err_proto_handler+0x45/0x90
[ 28.422251] ? gue_err+0xed/0x190
[ 28.422977] ? gue_err_proto_handler+0x90/0x90
[ 28.423926] ? __udp4_lib_err+0x32e/0x440
[ 28.424784] ? udp_err+0x10/0x20
[ 28.425470] ? gue_err_proto_handler+0x45/0x90
[ 28.426473] ? gue_err+0xed/0x190
[ 28.427289] ? gue_err_proto_handler+0x90/0x90
[ 28.428158] ? __udp4_lib_err+0x32e/0x440
[ 28.428999] ? udp_err+0x10/0x20
[ 28.429755] ? gue_err_proto_handler+0x45/0x90
[ 28.430655] ? gue_err+0xed/0x190
[ 28.431334] ? gue_err_proto_handler+0x90/0x90
[ 28.432245] ? __udp4_lib_err+0x32e/0x440
[ 28.433036] ? udp_err+0x10/0x20
[ 28.433921] ? gue_err_proto_handler+0x45/0x90
[ 28.435099] ? gue_err+0xed/0x190
[ 28.435727] ? gue_err_proto_handler+0x90/0x90
[ 28.436536] ? __udp4_lib_err+0x32e/0x440
[ 28.437272] ? udp_err+0x10/0x20
[ 28.437873] ? gue_err_proto_handler+0x45/0x90
[ 28.438660] ? gue_err+0xed/0x190
[ 28.439279] ? gue_err_proto_handler+0x90/0x90
[ 28.440093] ? __udp4_lib_err+0x32e/0x440
[ 28.440821] ? udp_err+0x10/0x20
[ 28.441416] ? gue_err_proto_handler+0x45/0x90
[ 28.442225] ? gue_err+0xed/0x190
[ 28.442849] ? gue_err_proto_handler+0x90/0x90
[ 28.443996] ? __udp4_lib_err+0x32e/0x440
[ 28.444957] ? udp_err+0x10/0x20
[ 28.446096] ? gue_err_proto_handler+0x45/0x90
[ 28.447725] ? gue_err+0xed/0x190
[ 28.448806] ? gue_err_proto_handler+0x90/0x90
[ 28.450192] ? __udp4_lib_err+0x32e/0x440
[ 28.451482] ? udp_err+0x10/0x20
[ 28.452423] ? gue_err_proto_handler+0x45/0x90
[ 28.453527] ? gue_err+0xed/0x190
[ 28.454160] ? gue_err_proto_handler+0x90/0x90
[ 28.455008] ? __udp4_lib_err+0x32e/0x440
[ 28.455833] ? udp_err+0x10/0x20
[ 28.456465] ? gue_err_proto_handler+0x45/0x90
[ 28.457324] ? gue_err+0xed/0x190
[ 28.457975] ? gue_err_proto_handler+0x90/0x90
[ 28.458834] ? __udp4_lib_err+0x32e/0x440
[ 28.459607] ? udp_err+0x10/0x20
[ 28.460234] ? gue_err_proto_handler+0x45/0x90
[ 28.461077] ? gue_err+0xed/0x190
[ 28.461737] ? gue_err_proto_handler+0x90/0x90
[ 28.462613] ? __udp4_lib_err+0x32e/0x440
[ 28.463418] ? udp_err+0x10/0x20
[ 28.464045] ? gue_err_proto_handler+0x45/0x90
[ 28.464923] ? gue_err+0xed/0x190
[ 28.465553] ? gue_err_proto_handler+0x90/0x90
[ 28.466357] ? __udp4_lib_err+0x32e/0x440
[ 28.467078] ? udp_err+0x10/0x20
[ 28.467680] ? gue_err_proto_handler+0x45/0x90
[ 28.468447] ? gue_err+0xed/0x190
[ 28.469053] ? gue_err_proto_handler+0x90/0x90
[ 28.469891] ? __udp4_lib_err+0x32e/0x440
[ 28.470618] ? udp_err+0x10/0x20
[ 28.471213] ? gue_err_proto_handler+0x45/0x90
[ 28.472838] ? gue_err+0xed/0x190
[ 28.474277] ? gue_err_proto_handler+0x90/0x90
[ 28.476153] ? __udp4_lib_err+0x32e/0x440
[ 28.477181] ? udp_err+0x10/0x20
[ 28.478281] ? gue_err_proto_handler+0x45/0x90
[ 28.480108] ? gue_err+0xed/0x190
[ 28.481509] ? gue_err_proto_handler+0x90/0x90
[ 28.482980] ? __udp4_lib_err+0x32e/0x440
[ 28.483904] ? udp_err+0x10/0x20
[ 28.484559] ? gue_err_proto_handler+0x45/0x90
[ 28.485422] ? gue_err+0xed/0x190
[ 28.486072] ? gue_err_proto_handler+0x90/0x90
[ 28.486958] ? __udp4_lib_err+0x32e/0x440
[ 28.487767] ? udp_err+0x10/0x20
[ 28.488468] ? gue_err_proto_handler+0x45/0x90
[ 28.489338] ? gue_err+0xed/0x190
[ 28.489991] ? gue_err_proto_handler+0x90/0x90
[ 28.490860] ? __udp4_lib_err+0x32e/0x440
[ 28.491641] ? udp_err+0x10/0x20
[ 28.492234] ? gue_err_proto_handler+0x45/0x90
[ 28.493048] ? gue_err+0xed/0x190
[ 28.493654] ? gue_err_proto_handler+0x90/0x90
[ 28.494446] ? __udp4_lib_err+0x32e/0x440
[ 28.495172] ? udp_err+0x10/0x20
[ 28.496076] ? gue_err_proto_handler+0x45/0x90
[ 28.497892] ? gue_err+0xed/0x190
[ 28.499259] ? gue_err_proto_handler+0x90/0x90
[ 28.501108] ? __udp4_lib_err+0x32e/0x440
[ 28.502784] ? udp_err+0x10/0x20
[ 28.503992] ? gue_err_proto_handler+0x45/0x90
[ 28.504895] ? gue_err+0xed/0x190
[ 28.505566] ? gue_err_proto_handler+0x90/0x90
[ 28.506461] ? __udp4_lib_err+0x32e/0x440
[ 28.507285] ? udp_err+0x10/0x20
[ 28.511487] ? gue_err_proto_handler+0x45/0x90
[ 28.512404] ? gue_err+0xed/0x190
[ 28.513094] ? gue_err_proto_handler+0x90/0x90
[ 28.514002] ? __udp4_lib_err+0x32e/0x440
[ 28.514745] ? udp_err+0x10/0x20
[ 28.515341] ? gue_err_proto_handler+0x45/0x90
[ 28.516169] ? gue_err+0xed/0x190
[ 28.516777] ? gue_err_proto_handler+0x90/0x90
[ 28.517571] ? __udp4_lib_err+0x32e/0x440
[ 28.518332] ? udp_err+0x10/0x20
[ 28.518960] ? gue_err_proto_handler+0x45/0x90
[ 28.519778] ? gue_err+0xed/0x190
[ 28.520385] ? gue_err_proto_handler+0x90/0x90
[ 28.521168] ? __udp4_lib_err+0x32e/0x440
[ 28.522033] ? udp_err+0x10/0x20
[ 28.522662] ? gue_err_proto_handler+0x45/0x90
[ 28.523473] ? gue_err+0xed/0x190
[ 28.524079] ? gue_err_proto_handler+0x90/0x90
[ 28.524881] ? __udp4_lib_err+0x32e/0x440
[ 28.525610] ? udp_err+0x10/0x20
[ 28.526202] ? gue_err_proto_handler+0x45/0x90
[ 28.527010] ? gue_err+0xed/0x190
[ 28.527628] ? gue_err_proto_handler+0x90/0x90
[ 28.528425] ? __udp4_lib_err+0x32e/0x440
[ 28.529167] ? udp_err+0x10/0x20
[ 28.529765] ? gue_err_proto_handler+0x45/0x90
[ 28.530568] ? gue_err+0xed/0x190
[ 28.531171] ? gue_err_proto_handler+0x90/0x90
[ 28.531993] ? __udp4_lib_err+0x32e/0x440
[ 28.532718] ? udp_err+0x10/0x20
[ 28.533312] ? gue_err_proto_handler+0x45/0x90
[ 28.534118] ? gue_err+0xed/0x190
[ 28.534726] ? gue_err_proto_handler+0x90/0x90
[ 28.535774] ? __udp4_lib_err+0x32e/0x440
[ 28.537428] ? udp_err+0x10/0x20
[ 28.538646] ? gue_err_proto_handler+0x45/0x90
[ 28.540449] ? gue_err+0xed/0x190
[ 28.541423] ? gue_err_proto_handler+0x90/0x90
[ 28.542609] ? __udp4_lib_err+0x32e/0x440
[ 28.543488] ? udp_err+0x10/0x20
[ 28.544167] ? gue_err_proto_handler+0x45/0x90
[ 28.545293] ? gue_err+0xed/0x190
[ 28.546016] ? gue_err_proto_handler+0x90/0x90
[ 28.546920] ? __udp4_lib_err+0x32e/0x440
[ 28.547755] ? udp_err+0x10/0x20
[ 28.548417] ? gue_err_proto_handler+0x45/0x90
[ 28.549227] ? gue_err+0xed/0x190
[ 28.549856] ? gue_err_proto_handler+0x90/0x90
[ 28.550700] ? __udp4_lib_err+0x32e/0x440
[ 28.551467] ? udp_err+0x10/0x20
[ 28.552073] ? gue_err_proto_handler+0x45/0x90
[ 28.552913] ? gue_err+0xed/0x190
[ 28.553566] ? gue_err_proto_handler+0x90/0x90
[ 28.554446] ? __udp4_lib_err+0x32e/0x440
[ 28.555230] ? udp_err+0x10/0x20
[ 28.555876] ? gue_err_proto_handler+0x45/0x90
[ 28.556707] ? gue_err+0xed/0x190
[ 28.557358] ? gue_err_proto_handler+0x90/0x90
[ 28.558229] ? __udp4_lib_err+0x32e/0x440
[ 28.558981] ? udp_err+0x10/0x20
[ 28.559607] ? gue_err_proto_handler+0x45/0x90
[ 28.560440] ? gue_err+0xed/0x190
[ 28.561076] ? gue_err_proto_handler+0x90/0x90
[ 28.561953] ? __udp4_lib_err+0x32e/0x440
[ 28.562769] ? udp_err+0x10/0x20
[ 28.563459] ? gue_err_proto_handler+0x45/0x90
[ 28.564304] ? gue_err+0xed/0x190
[ 28.564901] ? gue_err_proto_handler+0x90/0x90
[ 28.565686] ? __udp4_lib_err+0x32e/0x440
[ 28.566394] ? udp_err+0x10/0x20
[ 28.566973] ? gue_err_proto_handler+0x45/0x90
[ 28.567786] ? gue_err+0xed/0x190
[ 28.568392] ? gue_err_proto_handler+0x90/0x90
[ 28.569151] ? __udp4_lib_err+0x32e/0x440
[ 28.569876] ? udp_err+0x10/0x20
[ 28.570464] ? gue_err_proto_handler+0x45/0x90
[ 28.571268] ? gue_err+0xed/0x190
[ 28.571882] ? gue_err_proto_handler+0x90/0x90
[ 28.572678] ? __udp4_lib_err+0x32e/0x440
[ 28.573421] ? udp_err+0x10/0x20
[ 28.574006] ? gue_err_proto_handler+0x45/0x90
[ 28.574803] ? gue_err+0xed/0x190
[ 28.575426] ? gue_err_proto_handler+0x90/0x90
[ 28.576232] ? __udp4_lib_err+0x32e/0x440
[ 28.576968] ? udp_err+0x10/0x20
[ 28.577555] ? gue_err_proto_handler+0x45/0x90
[ 28.578365] ? gue_err+0xed/0x190
[ 28.578950] ? gue_err_proto_handler+0x90/0x90
[ 28.579857] ? __udp4_lib_err+0x32e/0x440
[ 28.580584] ? udp_err+0x10/0x20
[ 28.581176] ? gue_err_proto_handler+0x45/0x90
[ 28.581983] ? gue_err+0xed/0x190
[ 28.582593] ? gue_err_proto_handler+0x90/0x90
[ 28.583412] ? __udp4_lib_err+0x32e/0x440
[ 28.584146] ? udp_err+0x10/0x20
[ 28.584747] ? gue_err_proto_handler+0x45/0x90
[ 28.585555] ? gue_err+0xed/0x190
[ 28.586154] ? gue_err_proto_handler+0x90/0x90
[ 28.586942] ? __udp4_lib_err+0x32e/0x440
[ 28.587677] ? udp_err+0x10/0x20
[ 28.588259] ? gue_err_proto_handler+0x45/0x90
[ 28.589019] ? gue_err+0xed/0x190
[ 28.589643] ? gue_err_proto_handler+0x90/0x90
[ 28.590470] ? __udp4_lib_err+0x32e/0x440
[ 28.591195] ? udp_err+0x10/0x20
[ 28.591795] ? gue_err_proto_handler+0x45/0x90
[ 28.592595] ? gue_err+0xed/0x190
[ 28.593199] ? gue_err_proto_handler+0x90/0x90
[ 28.594009] ? __udp4_lib_err+0x32e/0x440
[ 28.594748] ? udp_err+0x10/0x20
[ 28.595344] ? gue_err_proto_handler+0x45/0x90
[ 28.597287] ? gue_err+0xed/0x190
[ 28.598715] ? gue_err_proto_handler+0x90/0x90
[ 28.600546] ? __udp4_lib_err+0x32e/0x440
[ 28.602196] ? udp_err+0x10/0x20
[ 28.603567] ? gue_err_proto_handler+0x45/0x90
[ 28.605416] ? gue_err+0xed/0x190
[ 28.606717] ? gue_err_proto_handler+0x90/0x90
[ 28.608485] ? __udp4_lib_err+0x32e/0x440
[ 28.610100] ? udp_err+0x10/0x20
[ 28.611390] ? gue_err_proto_handler+0x45/0x90
[ 28.613218] ? gue_err+0xed/0x190
[ 28.614587] ? gue_err_proto_handler+0x90/0x90
[ 28.616443] ? __udp4_lib_err+0x32e/0x440
[ 28.618140] ? udp_err+0x10/0x20
[ 28.619164] ? gue_err_proto_handler+0x45/0x90
[ 28.620832] ? gue_err+0xed/0x190
[ 28.621758] ? gue_err_proto_handler+0x90/0x90
[ 28.623433] ? __udp4_lib_err+0x32e/0x440
[ 28.625036] ? udp_err+0x10/0x20
[ 28.626001] ? gue_err_proto_handler+0x45/0x90
[ 28.626986] ? gue_err+0xed/0x190
[ 28.627662] ? gue_err_proto_handler+0x90/0x90
[ 28.628513] ? __udp4_lib_err+0x32e/0x440
[ 28.629355] ? udp_err+0x10/0x20
[ 28.630287] ? gue_err_proto_handler+0x45/0x90
[ 28.631550] ? gue_err+0xed/0x190
[ 28.632884] ? gue_err_proto_handler+0x90/0x90
[ 28.634306] ? __udp4_lib_err+0x32e/0x440
[ 28.636121] ? udp_err+0x10/0x20
[ 28.637050] ? gue_err_proto_handler+0x45/0x90
[ 28.638605] ? gue_err+0xed/0x190
[ 28.639954] ? gue_err_proto_handler+0x90/0x90
[ 28.641208] ? __udp4_lib_err+0x32e/0x440
[ 28.642208] ? udp_err+0x10/0x20
[ 28.642912] ? gue_err_proto_handler+0x45/0x90
[ 28.643998] ? gue_err+0xed/0x190
[ 28.644982] ? gue_err_proto_handler+0x90/0x90
[ 28.645944] ? __udp4_lib_err+0x32e/0x440
[ 28.647435] ? udp_err+0x10/0x20
[ 28.648541] ? gue_err_proto_handler+0x45/0x90
[ 28.649955] ? gue_err+0xed/0x190
[ 28.650962] ? gue_err_proto_handler+0x90/0x90
[ 28.652811] ? __udp4_lib_err+0x32e/0x440
[ 28.653694] ? udp_err+0x10/0x20
[ 28.654390] ? icmp_socket_deliver+0x7f/0xf0
[ 28.655738] ? icmp_redirect+0x3c/0x80
[ 28.657247] ? icmp_rcv+0x190/0x4c0
[ 28.658063] ? ip_protocol_deliver_rcu+0x2b/0x290
[ 28.659066] ? ip_local_deliver_finish+0x94/0x130
[ 28.659963] ? ip_local_deliver+0x180/0x220
[ 28.660764] ? ip_protocol_deliver_rcu+0x290/0x290
[ 28.661678] ? ip_rcv_finish+0x88/0xb0
[ 28.662419] ? ip_rcv+0x56/0x200
[ 28.663065] ? ip_rcv_finish_core.isra.18+0x600/0x600
[ 28.664083] ? __netif_receive_skb_one_core+0x52/0x70
[ 28.665076] ? __netif_receive_skb+0x13/0x60
[ 28.665939] ? netif_receive_skb_internal+0x72/0x380
[ 28.666905] ? napi_gro_frags+0x387/0x440
[ 28.667715] ? tun_get_user+0xda2/0x1200
[ 28.668492] ? tun_chr_write_iter+0x46/0x69
[ 28.669324] ? do_iter_readv_writev+0x12d/0x1a0
[ 28.670228] ? do_iter_write+0x81/0x190
[ 28.670987] ? vfs_writev+0xa2/0xf0
[ 28.671724] ? __fget+0xf7/0x1d0
[ 28.672348] ? do_writev+0x5e/0xf0
[ 28.672971] ? __x64_sys_writev+0x17/0x20
[ 28.673701] ? do_syscall_64+0x6e/0x1c0
[ 28.674398] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 28.675350] Modules linked in:
[ 28.675936] ---[ end trace 3c20e02f8428d132 ]---
[ 28.675943] kernel stack overflow (double-fault): 0000 [#2] PREEMPT SMP
[ 28.676781] RIP: 0010:__lock_is_held+0x17/0xa0
[ 28.678109] CPU: 1 PID: 7358 Comm: syz-executor Tainted: G D
4.20.0-rc6+ #7
[ 28.678927] Code: 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 45 31
ff eb e5 55 48 89 e5 41 57 45 31 ff 41 56 49 89 fe 41 55 41 54 53 48
83 ec 08 <89> 75 d4 65 4c 8b 24 25 40 5e 01 00 41 8b 84 24 78 08 00 00
4d 8d
[ 28.680596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-1 04/01/2014
[ 28.683994] RSP: 0018:ffffc900023cbff8 EFLAGS: 00010092
[ 28.685527] RIP: 0010:__udp4_lib_err+0x7f/0x440
[ 28.685534] Code: b0 80 05 00 00 74 0c 41 f6 44 24 3c 80 0f 85 dd
00 00 00 44 8b 88 08 01 00 00 44 0f b7 03 41 8b 4d 0c 0f b7 53 02 41
8b 75 10 <6a> 00 ff 75 d0 57 4c 89 f7 e8 83 fb ff ff 48 83 c4 18 48 85
c0 49
[ 28.686498] RAX: 0000000000000286 RBX: ffff8880683ae040 RCX: 0000000000000000
[ 28.687343] RSP: 0018:ffffc9000263c000 EFLAGS: 00010246
[ 28.690693] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffffff83ac8480
[ 28.692053] RAX: ffff888077264000 RBX: ffff8880748cf7aa RCX: 00000000aa1423ac
[ 28.692058] RDX: 0000000000000000 RSI: 00000000001414ac RDI: 0000000000000000
[ 28.693025] RBP: ffffc900023cc028 R08: ffff8880683b7d40 R09: 000000000000000b
[ 28.693029] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
[ 28.694427] RBP: ffffc9000263c048 R08: 0000000000000040 R09: 000000000000000b
[ 28.695753] R13: 0000000000000000 R14: ffffffff83ac8480 R15: 0000000000000000
[ 28.695758] FS: 00007fd529f84700(0000) GS:ffff88807db80000(0000)
knlGS:0000000000000000
[ 28.697108] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88807724dd00
[ 28.697113] R13: ffff8880748cf7aa R14: ffff888074038080 R15: 0000000000000005
[ 28.698502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.698506] CR2: ffffc900023cbfe8 CR3: 0000000068371003 CR4: 00000000001606e0
[ 28.699906] FS: 00007f27bab30700(0000) GS:ffff88807da80000(0000)
knlGS:0000000000000000
[ 28.699911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.701193] Kernel panic - not syncing: Fatal exception in interrupt
[ 28.702551] CR2: ffffc9000263bff8 CR3: 0000000068af4003 CR4: 00000000001606e0
[ 28.702558] Call Trace:
[ 28.715105] udp_err+0x10/0x20
[ 28.715700] gue_err_proto_handler+0x45/0x90
[ 28.716521] gue_err+0xed/0x190
[ 28.717123] ? gue_err_proto_handler+0x90/0x90
[ 28.717956] __udp4_lib_err+0x32e/0x440
[ 28.718667] udp_err+0x10/0x20
[ 28.719251] gue_err_proto_handler+0x45/0x90
[ 28.720079] gue_err+0xed/0x190
[ 28.720680] ? gue_err_proto_handler+0x90/0x90
[ 28.721518] __udp4_lib_err+0x32e/0x440
[ 28.722247] udp_err+0x10/0x20
[ 28.722831] gue_err_proto_handler+0x45/0x90
[ 28.723647] gue_err+0xed/0x190
[ 28.724248] ? gue_err_proto_handler+0x90/0x90
[ 28.725120] __udp4_lib_err+0x32e/0x440
[ 28.725850] udp_err+0x10/0x20
[ 28.726432] gue_err_proto_handler+0x45/0x90
[ 28.727238] gue_err+0xed/0x190
[ 28.727897] ? gue_err_proto_handler+0x90/0x90
[ 28.728738] __udp4_lib_err+0x32e/0x440
[ 28.729462] udp_err+0x10/0x20
[ 28.730050] gue_err_proto_handler+0x45/0x90
[ 28.730908] gue_err+0xed/0x190
[ 28.731560] ? gue_err_proto_handler+0x90/0x90
[ 28.732482] __udp4_lib_err+0x32e/0x440
[ 28.733288] udp_err+0x10/0x20
[ 28.733934] gue_err_proto_handler+0x45/0x90
[ 28.734810] gue_err+0xed/0x190
[ 28.735487] ? gue_err_proto_handler+0x90/0x90
[ 28.736329] __udp4_lib_err+0x32e/0x440
[ 28.737059] udp_err+0x10/0x20
[ 28.737661] gue_err_proto_handler+0x45/0x90
[ 28.738471] gue_err+0xed/0x190
[ 28.739101] ? gue_err_proto_handler+0x90/0x90
[ 28.739969] __udp4_lib_err+0x32e/0x440
[ 28.740700] udp_err+0x10/0x20
[ 28.741317] gue_err_proto_handler+0x45/0x90
[ 28.742116] gue_err+0xed/0x190
[ 28.742714] ? gue_err_proto_handler+0x90/0x90
[ 28.743630] __udp4_lib_err+0x32e/0x440
[ 28.744385] udp_err+0x10/0x20
[ 28.744979] gue_err_proto_handler+0x45/0x90
[ 28.745783] gue_err+0xed/0x190
[ 28.746384] ? gue_err_proto_handler+0x90/0x90
[ 28.747223] __udp4_lib_err+0x32e/0x440
[ 28.747964] udp_err+0x10/0x20
[ 28.748547] gue_err_proto_handler+0x45/0x90
[ 28.749352] gue_err+0xed/0x190
[ 28.749955] ? gue_err_proto_handler+0x90/0x90
[ 28.750789] __udp4_lib_err+0x32e/0x440
[ 28.751582] udp_err+0x10/0x20
[ 28.752203] gue_err_proto_handler+0x45/0x90
[ 28.753010] gue_err+0xed/0x190
[ 28.753611] ? gue_err_proto_handler+0x90/0x90
[ 28.754447] __udp4_lib_err+0x32e/0x440
[ 28.755171] udp_err+0x10/0x20
[ 28.755764] gue_err_proto_handler+0x45/0x90
[ 28.756565] gue_err+0xed/0x190
[ 28.757172] ? gue_err_proto_handler+0x90/0x90
[ 28.758008] __udp4_lib_err+0x32e/0x440
[ 28.758734] udp_err+0x10/0x20
[ 28.759322] gue_err_proto_handler+0x45/0x90
[ 28.760184] gue_err+0xed/0x190
[ 28.760839] ? gue_err_proto_handler+0x90/0x90
[ 28.761757] __udp4_lib_err+0x32e/0x440
[ 28.762471] udp_err+0x10/0x20
[ 28.763051] gue_err_proto_handler+0x45/0x90
[ 28.763843] gue_err+0xed/0x190
[ 28.764408] ? gue_err_proto_handler+0x90/0x90
[ 28.765228] __udp4_lib_err+0x32e/0x440
[ 28.765941] udp_err+0x10/0x20
[ 28.766521] gue_err_proto_handler+0x45/0x90
[ 28.767320] gue_err+0xed/0x190
[ 28.767922] ? gue_err_proto_handler+0x90/0x90
[ 28.768743] __udp4_lib_err+0x32e/0x440
[ 28.769506] udp_err+0x10/0x20
[ 28.770151] gue_err_proto_handler+0x45/0x90
[ 28.771007] gue_err+0xed/0x190
[ 28.771675] ? gue_err_proto_handler+0x90/0x90
[ 28.772553] __udp4_lib_err+0x32e/0x440
[ 28.773338] udp_err+0x10/0x20
[ 28.773919] gue_err_proto_handler+0x45/0x90
[ 28.774729] gue_err+0xed/0x190
[ 28.775332] ? gue_err_proto_handler+0x90/0x90
[ 28.776185] __udp4_lib_err+0x32e/0x440
[ 28.776896] udp_err+0x10/0x20
[ 28.777479] gue_err_proto_handler+0x45/0x90
[ 28.778269] gue_err+0xed/0x190
[ 28.778858] ? gue_err_proto_handler+0x90/0x90
[ 28.779828] __udp4_lib_err+0x32e/0x440
[ 28.780660] udp_err+0x10/0x20
[ 28.781263] gue_err_proto_handler+0x45/0x90
[ 28.782063] gue_err+0xed/0x190
[ 28.782649] ? gue_err_proto_handler+0x90/0x90
[ 28.783496] __udp4_lib_err+0x32e/0x440
[ 28.784231] udp_err+0x10/0x20
[ 28.784825] gue_err_proto_handler+0x45/0x90
[ 28.785655] gue_err+0xed/0x190
[ 28.786259] ? gue_err_proto_handler+0x90/0x90
[ 28.787103] __udp4_lib_err+0x32e/0x440
[ 28.787850] udp_err+0x10/0x20
[ 28.788443] gue_err_proto_handler+0x45/0x90
[ 28.789252] gue_err+0xed/0x190
[ 28.789836] ? gue_err_proto_handler+0x90/0x90
[ 28.790679] __udp4_lib_err+0x32e/0x440
[ 28.791373] udp_err+0x10/0x20
[ 28.791963] gue_err_proto_handler+0x45/0x90
[ 28.792767] gue_err+0xed/0x190
[ 28.793371] ? gue_err_proto_handler+0x90/0x90
[ 28.794242] __udp4_lib_err+0x32e/0x440
[ 28.794972] udp_err+0x10/0x20
[ 28.795628] gue_err_proto_handler+0x45/0x90
[ 28.796427] gue_err+0xed/0x190
[ 28.797027] ? gue_err_proto_handler+0x90/0x90
[ 28.797862] __udp4_lib_err+0x32e/0x440
[ 28.798580] udp_err+0x10/0x20
[ 28.799145] gue_err_proto_handler+0x45/0x90
[ 28.800001] gue_err+0xed/0x190
[ 28.800621] ? gue_err_proto_handler+0x90/0x90
[ 28.801444] __udp4_lib_err+0x32e/0x440
[ 28.802115] udp_err+0x10/0x20
[ 28.802682] gue_err_proto_handler+0x45/0x90
[ 28.803486] gue_err+0xed/0x190
[ 28.804082] ? gue_err_proto_handler+0x90/0x90
[ 28.804926] __udp4_lib_err+0x32e/0x440
[ 28.805683] udp_err+0x10/0x20
[ 28.806259] gue_err_proto_handler+0x45/0x90
[ 28.807074] gue_err+0xed/0x190
[ 28.807694] ? gue_err_proto_handler+0x90/0x90
[ 28.808528] __udp4_lib_err+0x32e/0x440
[ 28.809237] udp_err+0x10/0x20
[ 28.809823] gue_err_proto_handler+0x45/0x90
[ 28.810596] gue_err+0xed/0x190
[ 28.811183] ? gue_err_proto_handler+0x90/0x90
[ 28.812193] __udp4_lib_err+0x32e/0x440
[ 28.812958] udp_err+0x10/0x20
[ 28.813544] gue_err_proto_handler+0x45/0x90
[ 28.814352] gue_err+0xed/0x190
[ 28.814971] ? gue_err_proto_handler+0x90/0x90
[ 28.815829] __udp4_lib_err+0x32e/0x440
[ 28.816550] udp_err+0x10/0x20
[ 28.817125] gue_err_proto_handler+0x45/0x90
[ 28.817917] gue_err+0xed/0x190
[ 28.818529] ? gue_err_proto_handler+0x90/0x90
[ 28.819340] __udp4_lib_err+0x32e/0x440
[ 28.820837] udp_err+0x10/0x20
[ 28.821993] gue_err_proto_handler+0x45/0x90
[ 28.823530] gue_err+0xed/0x190
[ 28.824657] ? gue_err_proto_handler+0x90/0x90
[ 28.826157] __udp4_lib_err+0x32e/0x440
[ 28.827461] udp_err+0x10/0x20
[ 28.828450] gue_err_proto_handler+0x45/0x90
[ 28.829336] gue_err+0xed/0x190
[ 28.829922] ? gue_err_proto_handler+0x90/0x90
[ 28.830771] __udp4_lib_err+0x32e/0x440
[ 28.831514] udp_err+0x10/0x20
[ 28.832101] gue_err_proto_handler+0x45/0x90
[ 28.832953] gue_err+0xed/0x190
[ 28.833537] ? gue_err_proto_handler+0x90/0x90
[ 28.834378] __udp4_lib_err+0x32e/0x440
[ 28.835088] udp_err+0x10/0x20
[ 28.835673] gue_err_proto_handler+0x45/0x90
[ 28.836505] gue_err+0xed/0x190
[ 28.837099] ? gue_err_proto_handler+0x90/0x90
[ 28.837911] __udp4_lib_err+0x32e/0x440
[ 28.838628] udp_err+0x10/0x20
[ 28.839204] gue_err_proto_handler+0x45/0x90
[ 28.840012] gue_err+0xed/0x190
[ 28.840606] ? gue_err_proto_handler+0x90/0x90
[ 28.841479] __udp4_lib_err+0x32e/0x440
[ 28.842207] udp_err+0x10/0x20
[ 28.842794] gue_err_proto_handler+0x45/0x90
[ 28.843960] gue_err+0xed/0x190
[ 28.844800] ? gue_err_proto_handler+0x90/0x90
[ 28.845760] __udp4_lib_err+0x32e/0x440
[ 28.846580] udp_err+0x10/0x20
[ 28.847246] gue_err_proto_handler+0x45/0x90
[ 28.848233] gue_err+0xed/0x190
[ 28.848888] ? gue_err_proto_handler+0x90/0x90
[ 28.849724] __udp4_lib_err+0x32e/0x440
[ 28.850448] udp_err+0x10/0x20
[ 28.851037] gue_err_proto_handler+0x45/0x90
[ 28.851848] gue_err+0xed/0x190
[ 28.852454] ? gue_err_proto_handler+0x90/0x90
[ 28.853274] __udp4_lib_err+0x32e/0x440
[ 28.853982] udp_err+0x10/0x20
[ 28.854562] gue_err_proto_handler+0x45/0x90
[ 28.855379] gue_err+0xed/0x190
[ 28.855982] ? gue_err_proto_handler+0x90/0x90
[ 28.856805] __udp4_lib_err+0x32e/0x440
[ 28.857515] udp_err+0x10/0x20
[ 28.858098] gue_err_proto_handler+0x45/0x90
[ 28.858896] gue_err+0xed/0x190
[ 28.859635] ? gue_err_proto_handler+0x90/0x90
[ 28.860479] __udp4_lib_err+0x32e/0x440
[ 28.861199] udp_err+0x10/0x20
[ 28.861766] gue_err_proto_handler+0x45/0x90
[ 28.862558] gue_err+0xed/0x190
[ 28.863152] ? gue_err_proto_handler+0x90/0x90
[ 28.863995] __udp4_lib_err+0x32e/0x440
[ 28.864700] udp_err+0x10/0x20
[ 28.865286] gue_err_proto_handler+0x45/0x90
[ 28.866096] gue_err+0xed/0x190
[ 28.866704] ? gue_err_proto_handler+0x90/0x90
[ 28.867561] __udp4_lib_err+0x32e/0x440
[ 28.868294] udp_err+0x10/0x20
[ 28.868881] gue_err_proto_handler+0x45/0x90
[ 28.869722] gue_err+0xed/0x190
[ 28.870355] ? gue_err_proto_handler+0x90/0x90
[ 28.871214] __udp4_lib_err+0x32e/0x440
[ 28.871944] udp_err+0x10/0x20
[ 28.872534] gue_err_proto_handler+0x45/0x90
[ 28.873348] gue_err+0xed/0x190
[ 28.873941] ? gue_err_proto_handler+0x90/0x90
[ 28.874789] __udp4_lib_err+0x32e/0x440
[ 28.875537] udp_err+0x10/0x20
[ 28.876117] gue_err_proto_handler+0x45/0x90
[ 28.876902] gue_err+0xed/0x190
[ 28.877494] ? gue_err_proto_handler+0x90/0x90
[ 28.878327] __udp4_lib_err+0x32e/0x440
[ 28.879037] udp_err+0x10/0x20
[ 28.879615] gue_err_proto_handler+0x45/0x90
[ 28.880413] gue_err+0xed/0x190
[ 28.881013] ? gue_err_proto_handler+0x90/0x90
[ 28.881945] __udp4_lib_err+0x32e/0x440
[ 28.883670] udp_err+0x10/0x20
[ 28.884379] gue_err_proto_handler+0x45/0x90
[ 28.885923] gue_err+0xed/0x190
[ 28.886669] ? gue_err_proto_handler+0x90/0x90
[ 28.887624] __udp4_lib_err+0x32e/0x440
[ 28.888336] udp_err+0x10/0x20
[ 28.889024] gue_err_proto_handler+0x45/0x90
[ 28.889966] gue_err+0xed/0x190
[ 28.890629] ? gue_err_proto_handler+0x90/0x90
[ 28.891592] __udp4_lib_err+0x32e/0x440
[ 28.892401] udp_err+0x10/0x20
[ 28.893038] gue_err_proto_handler+0x45/0x90
[ 28.893866] gue_err+0xed/0x190
[ 28.894438] ? gue_err_proto_handler+0x90/0x90
[ 28.895252] __udp4_lib_err+0x32e/0x440
[ 28.896052] udp_err+0x10/0x20
[ 28.896706] gue_err_proto_handler+0x45/0x90
[ 28.897616] gue_err+0xed/0x190
[ 28.898289] ? gue_err_proto_handler+0x90/0x90
[ 28.899114] __udp4_lib_err+0x32e/0x440
[ 28.899855] udp_err+0x10/0x20
[ 28.900438] gue_err_proto_handler+0x45/0x90
[ 28.901314] gue_err+0xed/0x190
[ 28.902000] ? gue_err_proto_handler+0x90/0x90
[ 28.902926] __udp4_lib_err+0x32e/0x440
[ 28.903766] udp_err+0x10/0x20
[ 28.904417] gue_err_proto_handler+0x45/0x90
[ 28.905329] gue_err+0xed/0x190
[ 28.906005] ? gue_err_proto_handler+0x90/0x90
[ 28.906942] __udp4_lib_err+0x32e/0x440
[ 28.907750] udp_err+0x10/0x20
[ 28.908386] gue_err_proto_handler+0x45/0x90
[ 28.909253] gue_err+0xed/0x190
[ 28.909838] ? gue_err_proto_handler+0x90/0x90
[ 28.910652] __udp4_lib_err+0x32e/0x440
[ 28.911381] udp_err+0x10/0x20
[ 28.912041] gue_err_proto_handler+0x45/0x90
[ 28.912866] gue_err+0xed/0x190
[ 28.913487] ? gue_err_proto_handler+0x90/0x90
[ 28.914318] __udp4_lib_err+0x32e/0x440
[ 28.915051] udp_err+0x10/0x20
[ 28.915635] gue_err_proto_handler+0x45/0x90
[ 28.916433] gue_err+0xed/0x190
[ 28.917050] ? gue_err_proto_handler+0x90/0x90
[ 28.917889] __udp4_lib_err+0x32e/0x440
[ 28.918584] udp_err+0x10/0x20
[ 28.919163] gue_err_proto_handler+0x45/0x90
[ 28.919975] gue_err+0xed/0x190
[ 28.920573] ? gue_err_proto_handler+0x90/0x90
[ 28.921412] __udp4_lib_err+0x32e/0x440
[ 28.922134] udp_err+0x10/0x20
[ 28.922717] gue_err_proto_handler+0x45/0x90
[ 28.923529] gue_err+0xed/0x190
[ 28.924131] ? gue_err_proto_handler+0x90/0x90
[ 28.924965] __udp4_lib_err+0x32e/0x440
[ 28.925687] udp_err+0x10/0x20
[ 28.926269] gue_err_proto_handler+0x45/0x90
[ 28.927079] gue_err+0xed/0x190
[ 28.928022] ? gue_err_proto_handler+0x90/0x90
[ 28.929659] __udp4_lib_err+0x32e/0x440
[ 28.930560] udp_err+0x10/0x20
[ 28.931205] gue_err_proto_handler+0x45/0x90
[ 28.932114] gue_err+0xed/0x190
[ 28.932715] ? gue_err_proto_handler+0x90/0x90
[ 28.933548] __udp4_lib_err+0x32e/0x440
[ 28.934254] udp_err+0x10/0x20
[ 28.934825] gue_err_proto_handler+0x45/0x90
[ 28.935632] gue_err+0xed/0x190
[ 28.936293] ? gue_err_proto_handler+0x90/0x90
[ 28.937165] __udp4_lib_err+0x32e/0x440
[ 28.937891] udp_err+0x10/0x20
[ 28.938465] gue_err_proto_handler+0x45/0x90
[ 28.939375] gue_err+0xed/0x190
[ 28.940099] ? gue_err_proto_handler+0x90/0x90
[ 28.940942] __udp4_lib_err+0x32e/0x440
[ 28.941674] udp_err+0x10/0x20
[ 28.942268] gue_err_proto_handler+0x45/0x90
[ 28.943081] gue_err+0xed/0x190
[ 28.943726] ? gue_err_proto_handler+0x90/0x90
[ 28.944661] __udp4_lib_err+0x32e/0x440
[ 28.945448] udp_err+0x10/0x20
[ 28.946034] gue_err_proto_handler+0x45/0x90
[ 28.946832] gue_err+0xed/0x190
[ 28.947438] ? gue_err_proto_handler+0x90/0x90
[ 28.948275] __udp4_lib_err+0x32e/0x440
[ 28.949001] udp_err+0x10/0x20
[ 28.949580] gue_err_proto_handler+0x45/0x90
[ 28.950378] gue_err+0xed/0x190
[ 28.950971] ? gue_err_proto_handler+0x90/0x90
[ 28.951846] __udp4_lib_err+0x32e/0x440
[ 28.952656] udp_err+0x10/0x20
[ 28.953238] gue_err_proto_handler+0x45/0x90
[ 28.954039] gue_err+0xed/0x190
[ 28.955430] ? gue_err_proto_handler+0x90/0x90
[ 28.956269] __udp4_lib_err+0x32e/0x440
[ 28.956989] udp_err+0x10/0x20
[ 28.957576] gue_err_proto_handler+0x45/0x90
[ 28.958357] gue_err+0xed/0x190
[ 28.958909] ? gue_err_proto_handler+0x90/0x90
[ 28.959735] __udp4_lib_err+0x32e/0x440
[ 28.960435] udp_err+0x10/0x20
[ 28.961006] gue_err_proto_handler+0x45/0x90
[ 28.961768] gue_err+0xed/0x190
[ 28.962332] ? gue_err_proto_handler+0x90/0x90
[ 28.963144] __udp4_lib_err+0x32e/0x440
[ 28.963839] udp_err+0x10/0x20
[ 28.964379] gue_err_proto_handler+0x45/0x90
[ 28.965137] gue_err+0xed/0x190
[ 28.965707] ? gue_err_proto_handler+0x90/0x90
[ 28.966497] __udp4_lib_err+0x32e/0x440
[ 28.967164] udp_err+0x10/0x20
[ 28.967823] gue_err_proto_handler+0x45/0x90
[ 28.968627] gue_err+0xed/0x190
[ 28.969197] ? gue_err_proto_handler+0x90/0x90
[ 28.969986] __udp4_lib_err+0x32e/0x440
[ 28.970671] udp_err+0x10/0x20
[ 28.971219] gue_err_proto_handler+0x45/0x90
[ 28.971982] gue_err+0xed/0x190
[ 28.972544] ? gue_err_proto_handler+0x90/0x90
[ 28.973318] __udp4_lib_err+0x32e/0x440
[ 28.973994] udp_err+0x10/0x20
[ 28.974544] gue_err_proto_handler+0x45/0x90
[ 28.975289] gue_err+0xed/0x190
[ 28.975865] ? gue_err_proto_handler+0x90/0x90
[ 28.976672] __udp4_lib_err+0x32e/0x440
[ 28.977344] udp_err+0x10/0x20
[ 28.977886] gue_err_proto_handler+0x45/0x90
[ 28.978626] gue_err+0xed/0x190
[ 28.979177] ? gue_err_proto_handler+0x90/0x90
[ 28.979952] __udp4_lib_err+0x32e/0x440
[ 28.980610] udp_err+0x10/0x20
[ 28.981140] gue_err_proto_handler+0x45/0x90
[ 28.981872] gue_err+0xed/0x190
[ 28.982414] ? gue_err_proto_handler+0x90/0x90
[ 28.983173] __udp4_lib_err+0x32e/0x440
[ 28.983978] udp_err+0x10/0x20
[ 28.984508] gue_err_proto_handler+0x45/0x90
[ 28.985239] gue_err+0xed/0x190
[ 28.985780] ? gue_err_proto_handler+0x90/0x90
[ 28.986552] __udp4_lib_err+0x32e/0x440
[ 28.987233] udp_err+0x10/0x20
[ 28.987791] gue_err_proto_handler+0x45/0x90
[ 28.988563] gue_err+0xed/0x190
[ 28.989125] ? gue_err_proto_handler+0x90/0x90
[ 28.989910] __udp4_lib_err+0x32e/0x440
[ 28.990592] udp_err+0x10/0x20
[ 28.991139] gue_err_proto_handler+0x45/0x90
[ 28.991904] gue_err+0xed/0x190
[ 28.992449] ? gue_err_proto_handler+0x90/0x90
[ 28.993235] __udp4_lib_err+0x32e/0x440
[ 28.993895] udp_err+0x10/0x20
[ 28.994423] gue_err_proto_handler+0x45/0x90
[ 28.995151] gue_err+0xed/0x190
[ 28.995712] ? gue_err_proto_handler+0x90/0x90
[ 28.996474] __udp4_lib_err+0x32e/0x440
[ 28.997113] udp_err+0x10/0x20
[ 28.997620] gue_err_proto_handler+0x45/0x90
[ 28.998339] gue_err+0xed/0x190
[ 28.998886] ? gue_err_proto_handler+0x90/0x90
[ 28.999970] __udp4_lib_err+0x32e/0x440
[ 29.001304] udp_err+0x10/0x20
[ 29.002350] gue_err_proto_handler+0x45/0x90
[ 29.003782] gue_err+0xed/0x190
[ 29.004916] ? gue_err_proto_handler+0x90/0x90
[ 29.006578] __udp4_lib_err+0x32e/0x440
[ 29.007944] udp_err+0x10/0x20
[ 29.009052] gue_err_proto_handler+0x45/0x90
[ 29.010490] gue_err+0xed/0x190
[ 29.011577] ? gue_err_proto_handler+0x90/0x90
[ 29.013040] __udp4_lib_err+0x32e/0x440
[ 29.014317] udp_err+0x10/0x20
[ 29.015341] gue_err_proto_handler+0x45/0x90
[ 29.016772] gue_err+0xed/0x190
[ 29.017841] ? gue_err_proto_handler+0x90/0x90
[ 29.019389] __udp4_lib_err+0x32e/0x440
[ 29.020849] udp_err+0x10/0x20
[ 29.022034] icmp_socket_deliver+0x7f/0xf0
[ 29.023682] icmp_redirect+0x3c/0x80
[ 29.025103] icmp_rcv+0x190/0x4c0
[ 29.026410] ip_protocol_deliver_rcu+0x2b/0x290
[ 29.028194] ip_local_deliver_finish+0x94/0x130
[ 29.029973] ip_local_deliver+0x180/0x220
[ 29.031583] ? ip_protocol_deliver_rcu+0x290/0x290
[ 29.033471] ip_rcv_finish+0x88/0xb0
[ 29.034890] ip_rcv+0x56/0x200
[ 29.036122] ? ip_rcv_finish_core.isra.18+0x600/0x600
[ 29.038001] __netif_receive_skb_one_core+0x52/0x70
[ 29.039032] __netif_receive_skb+0x13/0x60
[ 29.039787] netif_receive_skb_internal+0x72/0x380
[ 29.040669] napi_gro_frags+0x387/0x440
[ 29.041416] tun_get_user+0xda2/0x1200
[ 29.042122] tun_chr_write_iter+0x46/0x69
[ 29.042832] do_iter_readv_writev+0x12d/0x1a0
[ 29.043604] do_iter_write+0x81/0x190
[ 29.044306] vfs_writev+0xa2/0xf0
[ 29.044945] ? __fget+0xf7/0x1d0
[ 29.045567] do_writev+0x5e/0xf0
[ 29.046214] __x64_sys_writev+0x17/0x20
[ 29.046945] do_syscall_64+0x6e/0x1c0
[ 29.047646] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 29.048573] RIP: 0033:0x456f91
[ 29.049753] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f
83 94 b0 fb ff c3 48 83 ec 08 e8 ba 14 00 00 48 89 04 24 b8 14 00 00
00 0f 05 <48> 8b 3c 24 48 89 c2 e8 03 15 00 00 48 89 d0 48 83 c4 08 48
3d 01
[ 29.053264] RSP: 002b:00007f27bab2fbc0 EFLAGS: 00000293 ORIG_RAX:
0000000000000014
[ 29.054686] RAX: ffffffffffffffda RBX: 000000000000006a RCX: 0000000000456f91
[ 29.055990] RDX: 0000000000000001 RSI: 00007f27bab2fc10 RDI: 00000000000000f0
[ 29.057283] RBP: 00000000200000c0 R08: 00000000000000f0 R09: 0000000000000000
[ 29.058565] R10: 00007f27bab309d0 R11: 0000000000000293 R12: 00007f27bab306d4
[ 29.059854] R13: 00000000004ac690 R14: 00000000006ec930 R15: 00000000ffffffff
[ 29.061148] Modules linked in:
[ 29.061748] ---[ end trace 3c20e02f8428d133 ]---
[ 29.061756] kernel stack overflow (double-fault): 0000 [#3] PREEMPT SMP
[ 29.062640] RIP: 0010:__lock_is_held+0x17/0xa0
[ 29.063946] CPU: 0 PID: 7361 Comm: syz-executor Tainted: G D
4.20.0-rc6+ #7
[ 29.064741] Code: 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 45 31
ff eb e5 55 48 89 e5 41 57 45 31 ff 41 56 49 89 fe 41 55 41 54 53 48
83 ec 08 <89> 75 d4 65 4c 8b 24 25 40 5e 01 00 41 8b 84 24 78 08 00 00
4d 8d
[ 29.066282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.10.2-1 04/01/2014
[ 29.069581] RSP: 0018:ffffc900023cbff8 EFLAGS: 00010092
[ 29.071172] RIP: 0010:__udp4_lib_err+0x7f/0x440
[ 29.072145] RAX: 0000000000000286 RBX: ffff8880683ae040 RCX: 0000000000000000
[ 29.073013] Code: b0 80 05 00 00 74 0c 41 f6 44 24 3c 80 0f 85 dd
00 00 00 44 8b 88 08 01 00 00 44 0f b7 03 41 8b 4d 0c 0f b7 53 02 41
8b 75 10 <6a> 00 ff 75 d0 57 4c 89 f7 e8 83 fb ff ff 48 83 c4 18 48 85
c0 49
[ 29.074229] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffffff83ac8480
[ 29.078806] RSP: 0018:ffffc9000265c000 EFLAGS: 00010246
[ 29.080111] RBP: ffffc900023cc028 R08: ffff8880683b7d40 R09: 000000000000000b
[ 29.081131] RAX: ffff8880773bc000 RBX: ffff888067c77daa RCX: 00000000aa1423ac
[ 29.081136] RDX: 0000000000000000 RSI: 00000000001414ac RDI: 0000000000000000
[ 29.082425] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
[ 29.083762] RBP: ffffc9000265c048 R08: 0000000000000040 R09: 000000000000000b
[ 29.083766] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888078e4a700
[ 29.085013] R13: 0000000000000000 R14: ffffffff83ac8480 R15: 0000000000000000
[ 29.085018] FS: 00007f27bab30700(0000) GS:ffff88807da80000(0000)
knlGS:0000000000000000
[ 29.086343] R13: ffff888067c77daa R14: ffff888077038200 R15: 0000000000000005
[ 29.086348] FS: 00007f0a51837700(0000) GS:ffff88807da00000(0000)
knlGS:0000000000000000
[ 29.087713] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.087718] CR2: ffffc9000263bff8 CR3: 0000000068af4003 CR4: 00000000001606e0
[ 29.089037] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.089042] CR2: ffffc9000265bff8 CR3: 0000000067c05005 CR4: 00000000001606f0
[ 29.099391] Call Trace:
[ 29.099924] udp_err+0x10/0x20
[ 29.100575] gue_err_proto_handler+0x45/0x90
[ 29.101460] gue_err+0xed/0x190
[ 29.102089] ? gue_err_proto_handler+0x90/0x90
[ 29.102931] __udp4_lib_err+0x32e/0x440
[ 29.103674] udp_err+0x10/0x20
[ 29.104307] gue_err_proto_handler+0x45/0x90
[ 29.105169] gue_err+0xed/0x190
[ 29.105773] ? gue_err_proto_handler+0x90/0x90
[ 29.106605] __udp4_lib_err+0x32e/0x440
[ 29.107331] udp_err+0x10/0x20
[ 29.107966] gue_err_proto_handler+0x45/0x90
[ 29.108760] gue_err+0xed/0x190
[ 29.109352] ? gue_err_proto_handler+0x90/0x90
[ 29.110246] __udp4_lib_err+0x32e/0x440
[ 29.111056] udp_err+0x10/0x20
[ 29.111701] gue_err_proto_handler+0x45/0x90
[ 29.112597] gue_err+0xed/0x190
[ 29.113270] ? gue_err_proto_handler+0x90/0x90
[ 29.114212] __udp4_lib_err+0x32e/0x440
[ 29.115015] udp_err+0x10/0x20
[ 29.115671] gue_err_proto_handler+0x45/0x90
[ 29.116560] gue_err+0xed/0x190
[ 29.117232] ? gue_err_proto_handler+0x90/0x90
[ 29.118150] __udp4_lib_err+0x32e/0x440
[ 29.118968] udp_err+0x10/0x20
[ 29.119634] gue_err_proto_handler+0x45/0x90
[ 29.120484] gue_err+0xed/0x190
[ 29.121069] ? gue_err_proto_handler+0x90/0x90
[ 29.121912] __udp4_lib_err+0x32e/0x440
[ 29.122632] udp_err+0x10/0x20
[ 29.123220] gue_err_proto_handler+0x45/0x90
[ 29.124152] gue_err+0xed/0x190
[ 29.124771] ? gue_err_proto_handler+0x90/0x90
[ 29.125606] __udp4_lib_err+0x32e/0x440
[ 29.126319] udp_err+0x10/0x20
[ 29.126908] gue_err_proto_handler+0x45/0x90
[ 29.127731] gue_err+0xed/0x190
[ 29.128335] ? gue_err_proto_handler+0x90/0x90
[ 29.129156] __udp4_lib_err+0x32e/0x440
[ 29.129873] udp_err+0x10/0x20
[ 29.130409] gue_err_proto_handler+0x45/0x90
[ 29.131192] gue_err+0xed/0x190
[ 29.131839] ? gue_err_proto_handler+0x90/0x90
[ 29.132698] __udp4_lib_err+0x32e/0x440
[ 29.133486] udp_err+0x10/0x20
[ 29.134140] gue_err_proto_handler+0x45/0x90
[ 29.135050] gue_err+0xed/0x190
[ 29.135724] ? gue_err_proto_handler+0x90/0x90
[ 29.136605] __udp4_lib_err+0x32e/0x440
[ 29.137369] udp_err+0x10/0x20
[ 29.137974] gue_err_proto_handler+0x45/0x90
[ 29.138762] gue_err+0xed/0x190
[ 29.139342] ? gue_err_proto_handler+0x90/0x90
[ 29.140220] __udp4_lib_err+0x32e/0x440
[ 29.140938] udp_err+0x10/0x20
[ 29.141521] gue_err_proto_handler+0x45/0x90
[ 29.142322] gue_err+0xed/0x190
[ 29.142933] ? gue_err_proto_handler+0x90/0x90
[ 29.143753] __udp4_lib_err+0x32e/0x440
[ 29.144477] udp_err+0x10/0x20
[ 29.145052] gue_err_proto_handler+0x45/0x90
[ 29.145850] gue_err+0xed/0x190
[ 29.146444] ? gue_err_proto_handler+0x90/0x90
[ 29.147269] __udp4_lib_err+0x32e/0x440
[ 29.148010] udp_err+0x10/0x20
[ 29.148591] gue_err_proto_handler+0x45/0x90
[ 29.149392] gue_err+0xed/0x190
[ 29.149998] ? gue_err_proto_handler+0x90/0x90
[ 29.150835] __udp4_lib_err+0x32e/0x440
[ 29.151855] udp_err+0x10/0x20
[ 29.153214] gue_err_proto_handler+0x45/0x90
[ 29.154698] gue_err+0xed/0x190
[ 29.155362] ? gue_err_proto_handler+0x90/0x90
[ 29.157105] __udp4_lib_err+0x32e/0x440
[ 29.158838] udp_err+0x10/0x20
[ 29.160248] gue_err_proto_handler+0x45/0x90
[ 29.162191] gue_err+0xed/0x190
[ 29.163581] ? gue_err_proto_handler+0x90/0x90
[ 29.165661] __udp4_lib_err+0x32e/0x440
[ 29.167500] udp_err+0x10/0x20
[ 29.169012] gue_err_proto_handler+0x45/0x90
[ 29.171107] gue_err+0xed/0x190
[ 29.172719] ? gue_err_proto_handler+0x90/0x90
[ 29.174821] __udp4_lib_err+0x32e/0x440
[ 29.176701] udp_err+0x10/0x20
[ 29.178190] gue_err_proto_handler+0x45/0x90
[ 29.180315] gue_err+0xed/0x190
[ 29.181938] ? gue_err_proto_handler+0x90/0x90
[ 29.183608] __udp4_lib_err+0x32e/0x440
[ 29.184658] udp_err+0x10/0x20
[ 29.185633] gue_err_proto_handler+0x45/0x90
[ 29.187729] gue_err+0xed/0x190
[ 29.189197] ? gue_err_proto_handler+0x90/0x90
[ 29.190763] __udp4_lib_err+0x32e/0x440
[ 29.191977] udp_err+0x10/0x20
[ 29.192904] gue_err_proto_handler+0x45/0x90
[ 29.193966] gue_err+0xed/0x190
[ 29.195523] ? gue_err_proto_handler+0x90/0x90
[ 29.197692] __udp4_lib_err+0x32e/0x440
[ 29.198741] udp_err+0x10/0x20
[ 29.200077] gue_err_proto_handler+0x45/0x90
[ 29.201512] gue_err+0xed/0x190
[ 29.202194] ? gue_err_proto_handler+0x90/0x90
[ 29.203168] __udp4_lib_err+0x32e/0x440
[ 29.203995] udp_err+0x10/0x20
[ 29.204654] gue_err_proto_handler+0x45/0x90
[ 29.205562] gue_err+0xed/0x190
[ 29.206238] ? gue_err_proto_handler+0x90/0x90
[ 29.207185] __udp4_lib_err+0x32e/0x440
[ 29.208062] udp_err+0x10/0x20
[ 29.208719] gue_err_proto_handler+0x45/0x90
[ 29.209631] gue_err+0xed/0x190
[ 29.210308] ? gue_err_proto_handler+0x90/0x90
[ 29.211781] __udp4_lib_err+0x32e/0x440
[ 29.213632] udp_err+0x10/0x20
[ 29.215073] gue_err_proto_handler+0x45/0x90
[ 29.217565] gue_err+0xed/0x190
[ 29.219050] ? gue_err_proto_handler+0x90/0x90
[ 29.221157] __udp4_lib_err+0x32e/0x440
[ 29.223052] udp_err+0x10/0x20
[ 29.224454] gue_err_proto_handler+0x45/0x90
[ 29.226359] gue_err+0xed/0x190
[ 29.227810] ? gue_err_proto_handler+0x90/0x90
[ 29.229791] __udp4_lib_err+0x32e/0x440
[ 29.231531] udp_err+0x10/0x20
[ 29.232872] gue_err_proto_handler+0x45/0x90
[ 29.234821] gue_err+0xed/0x190
[ 29.236310] ? gue_err_proto_handler+0x90/0x90
[ 29.238360] __udp4_lib_err+0x32e/0x440
[ 29.240152] udp_err+0x10/0x20
[ 29.242002] gue_err_proto_handler+0x45/0x90
[ 29.244009] gue_err+0xed/0x190
[ 29.245542] ? gue_err_proto_handler+0x90/0x90
[ 29.247734] __udp4_lib_err+0x32e/0x440
[ 29.249269] udp_err+0x10/0x20
[ 29.250518] gue_err_proto_handler+0x45/0x90
[ 29.252240] gue_err+0xed/0x190
[ 29.253566] ? gue_err_proto_handler+0x90/0x90
[ 29.255354] __udp4_lib_err+0x32e/0x440
[ 29.256898] udp_err+0x10/0x20
[ 29.258149] gue_err_proto_handler+0x45/0x90
[ 29.259879] gue_err+0xed/0x190
[ 29.261262] ? gue_err_proto_handler+0x90/0x90
[ 29.263109] __udp4_lib_err+0x32e/0x440
[ 29.264647] udp_err+0x10/0x20
[ 29.265914] gue_err_proto_handler+0x45/0x90
[ 29.267675] gue_err+0xed/0x190
[ 29.268906] ? gue_err_proto_handler+0x90/0x90
[ 29.270706] __udp4_lib_err+0x32e/0x440
[ 29.272288] udp_err+0x10/0x20
[ 29.273539] gue_err_proto_handler+0x45/0x90
[ 29.275245] gue_err+0xed/0x190
[ 29.276559] ? gue_err_proto_handler+0x90/0x90
[ 29.278410] __udp4_lib_err+0x32e/0x440
[ 29.280028] udp_err+0x10/0x20
[ 29.281327] gue_err_proto_handler+0x45/0x90
[ 29.283015] gue_err+0xed/0x190
[ 29.284277] ? gue_err_proto_handler+0x90/0x90
[ 29.286061] __udp4_lib_err+0x32e/0x440
[ 29.287626] udp_err+0x10/0x20
[ 29.289040] gue_err_proto_handler+0x45/0x90
[ 29.291000] gue_err+0xed/0x190
[ 29.292500] ? gue_err_proto_handler+0x90/0x90
[ 29.294590] __udp4_lib_err+0x32e/0x440
[ 29.296386] udp_err+0x10/0x20
[ 29.297737] gue_err_proto_handler+0x45/0x90
[ 29.299616] gue_err+0xed/0x190
[ 29.301455] ? gue_err_proto_handler+0x90/0x90
[ 29.303523] __udp4_lib_err+0x32e/0x440
[ 29.305292] udp_err+0x10/0x20
[ 29.306610] gue_err_proto_handler+0x45/0x90
[ 29.308626] gue_err+0xed/0x190
[ 29.310086] ? gue_err_proto_handler+0x90/0x90
[ 29.312219] __udp4_lib_err+0x32e/0x440
[ 29.313999] udp_err+0x10/0x20
[ 29.315494] gue_err_proto_handler+0x45/0x90
[ 29.317529] gue_err+0xed/0x190
[ 29.319057] ? gue_err_proto_handler+0x90/0x90
[ 29.321578] __udp4_lib_err+0x32e/0x440
[ 29.323458] udp_err+0x10/0x20
[ 29.324901] gue_err_proto_handler+0x45/0x90
[ 29.326951] gue_err+0xed/0x190
[ 29.328488] ? gue_err_proto_handler+0x90/0x90
[ 29.330509] __udp4_lib_err+0x32e/0x440
[ 29.332292] udp_err+0x10/0x20
[ 29.333658] gue_err_proto_handler+0x45/0x90
[ 29.335646] gue_err+0xed/0x190
[ 29.337046] ? gue_err_proto_handler+0x90/0x90
[ 29.339097] __udp4_lib_err+0x32e/0x440
[ 29.340973] udp_err+0x10/0x20
[ 29.342450] gue_err_proto_handler+0x45/0x90
[ 29.344431] gue_err+0xed/0x190
[ 29.346029] ? gue_err_proto_handler+0x90/0x90
[ 29.348182] __udp4_lib_err+0x32e/0x440
[ 29.349972] udp_err+0x10/0x20
[ 29.351363] gue_err_proto_handler+0x45/0x90
[ 29.353394] gue_err+0xed/0x190
[ 29.354847] ? gue_err_proto_handler+0x90/0x90
[ 29.356908] __udp4_lib_err+0x32e/0x440
[ 29.358716] udp_err+0x10/0x20
[ 29.359794] gue_err_proto_handler+0x45/0x90
[ 29.360645] gue_err+0xed/0x190
[ 29.361272] ? gue_err_proto_handler+0x90/0x90
[ 29.362161] __udp4_lib_err+0x32e/0x440
[ 29.363000] udp_err+0x10/0x20
[ 29.363847] gue_err_proto_handler+0x45/0x90
[ 29.364697] gue_err+0xed/0x190
[ 29.365379] ? gue_err_proto_handler+0x90/0x90
[ 29.367149] __udp4_lib_err+0x32e/0x440
[ 29.368685] udp_err+0x10/0x20
[ 29.369910] gue_err_proto_handler+0x45/0x90
[ 29.371621] gue_err+0xed/0x190
[ 29.372546] ? gue_err_proto_handler+0x90/0x90
[ 29.373587] __udp4_lib_err+0x32e/0x440
[ 29.374325] udp_err+0x10/0x20
[ 29.374939] gue_err_proto_handler+0x45/0x90
[ 29.375901] gue_err+0xed/0x190
[ 29.376534] ? gue_err_proto_handler+0x90/0x90
[ 29.377433] __udp4_lib_err+0x32e/0x440
[ 29.378203] udp_err+0x10/0x20
[ 29.378817] gue_err_proto_handler+0x45/0x90
[ 29.379840] gue_err+0xed/0x190
[ 29.380492] ? gue_err_proto_handler+0x90/0x90
[ 29.381389] __udp4_lib_err+0x32e/0x440
[ 29.382163] udp_err+0x10/0x20
[ 29.382825] gue_err_proto_handler+0x45/0x90
[ 29.383698] gue_err+0xed/0x190
[ 29.384343] ? gue_err_proto_handler+0x90/0x90
[ 29.385241] __udp4_lib_err+0x32e/0x440
[ 29.386012] udp_err+0x10/0x20
[ 29.386634] gue_err_proto_handler+0x45/0x90
[ 29.387502] gue_err+0xed/0x190
[ 29.388085] ? gue_err_proto_handler+0x90/0x90
[ 29.388886] __udp4_lib_err+0x32e/0x440
[ 29.389573] udp_err+0x10/0x20
[ 29.390134] gue_err_proto_handler+0x45/0x90
[ 29.390887] gue_err+0xed/0x190
[ 29.391474] ? gue_err_proto_handler+0x90/0x90
[ 29.392279] __udp4_lib_err+0x32e/0x440
[ 29.392981] udp_err+0x10/0x20
[ 29.393577] gue_err_proto_handler+0x45/0x90
[ 29.394353] gue_err+0xed/0x190
[ 29.394933] ? gue_err_proto_handler+0x90/0x90
[ 29.396070] __udp4_lib_err+0x32e/0x440
[ 29.396938] udp_err+0x10/0x20
[ 29.397618] gue_err_proto_handler+0x45/0x90
[ 29.398501] gue_err+0xed/0x190
[ 29.399147] ? gue_err_proto_handler+0x90/0x90
[ 29.400052] __udp4_lib_err+0x32e/0x440
[ 29.400749] udp_err+0x10/0x20
[ 29.401317] gue_err_proto_handler+0x45/0x90
[ 29.402091] gue_err+0xed/0x190
[ 29.402678] ? gue_err_proto_handler+0x90/0x90
[ 29.403536] __udp4_lib_err+0x32e/0x440
[ 29.404373] udp_err+0x10/0x20
[ 29.404967] gue_err_proto_handler+0x45/0x90
[ 29.405738] gue_err+0xed/0x190
[ 29.406316] ? gue_err_proto_handler+0x90/0x90
[ 29.407112] __udp4_lib_err+0x32e/0x440
[ 29.407817] udp_err+0x10/0x20
[ 29.408373] gue_err_proto_handler+0x45/0x90
[ 29.409150] gue_err+0xed/0x190
[ 29.409748] ? gue_err_proto_handler+0x90/0x90
[ 29.410557] __udp4_lib_err+0x32e/0x440
[ 29.411269] udp_err+0x10/0x20
[ 29.412408] gue_err_proto_handler+0x45/0x90
[ 29.413276] gue_err+0xed/0x190
[ 29.413900] ? gue_err_proto_handler+0x90/0x90
[ 29.414843] __udp4_lib_err+0x32e/0x440
[ 29.415696] udp_err+0x10/0x20
[ 29.416351] gue_err_proto_handler+0x45/0x90
[ 29.417206] gue_err+0xed/0x190
[ 29.417828] ? gue_err_proto_handler+0x90/0x90
[ 29.418707] __udp4_lib_err+0x32e/0x440
[ 29.419496] udp_err+0x10/0x20
[ 29.420132] gue_err_proto_handler+0x45/0x90
[ 29.421027] gue_err+0xed/0x190
[ 29.421689] ? gue_err_proto_handler+0x90/0x90
[ 29.422600] __udp4_lib_err+0x32e/0x440
[ 29.423794] udp_err+0x10/0x20
[ 29.425068] gue_err_proto_handler+0x45/0x90
[ 29.426841] gue_err+0xed/0x190
[ 29.428173] ? gue_err_proto_handler+0x90/0x90
[ 29.430031] __udp4_lib_err+0x32e/0x440
[ 29.431662] udp_err+0x10/0x20
[ 29.432763] gue_err_proto_handler+0x45/0x90
[ 29.433622] gue_err+0xed/0x190
[ 29.434294] ? gue_err_proto_handler+0x90/0x90
[ 29.435417] __udp4_lib_err+0x32e/0x440
[ 29.436194] udp_err+0x10/0x20
[ 29.436823] gue_err_proto_handler+0x45/0x90
[ 29.437700] gue_err+0xed/0x190
[ 29.438349] ? gue_err_proto_handler+0x90/0x90
[ 29.439272] __udp4_lib_err+0x32e/0x440
[ 29.440008] udp_err+0x10/0x20
[ 29.440571] gue_err_proto_handler+0x45/0x90
[ 29.441347] gue_err+0xed/0x190
[ 29.441924] ? gue_err_proto_handler+0x90/0x90
[ 29.442737] __udp4_lib_err+0x32e/0x440
[ 29.443449] udp_err+0x10/0x20
[ 29.444011] gue_err_proto_handler+0x45/0x90
[ 29.444771] gue_err+0xed/0x190
[ 29.445361] ? gue_err_proto_handler+0x90/0x90
[ 29.446166] __udp4_lib_err+0x32e/0x440
[ 29.446872] udp_err+0x10/0x20
[ 29.447525] gue_err_proto_handler+0x45/0x90
[ 29.448325] gue_err+0xed/0x190
[ 29.448913] ? gue_err_proto_handler+0x90/0x90
[ 29.449719] __udp4_lib_err+0x32e/0x440
[ 29.450408] udp_err+0x10/0x20
[ 29.450966] gue_err_proto_handler+0x45/0x90
[ 29.451758] gue_err+0xed/0x190
[ 29.452334] ? gue_err_proto_handler+0x90/0x90
[ 29.453161] __udp4_lib_err+0x32e/0x440
[ 29.453875] udp_err+0x10/0x20
[ 29.454443] gue_err_proto_handler+0x45/0x90
[ 29.455203] gue_err+0xed/0x190
[ 29.455774] ? gue_err_proto_handler+0x90/0x90
[ 29.456549] __udp4_lib_err+0x32e/0x440
[ 29.457230] udp_err+0x10/0x20
[ 29.457781] gue_err_proto_handler+0x45/0x90
[ 29.458544] gue_err+0xed/0x190
[ 29.459107] ? gue_err_proto_handler+0x90/0x90
[ 29.460034] __udp4_lib_err+0x32e/0x440
[ 29.460720] udp_err+0x10/0x20
[ 29.461286] gue_err_proto_handler+0x45/0x90
[ 29.462057] gue_err+0xed/0x190
[ 29.462615] ? gue_err_proto_handler+0x90/0x90
[ 29.463411] __udp4_lib_err+0x32e/0x440
[ 29.464100] udp_err+0x10/0x20
[ 29.464650] gue_err_proto_handler+0x45/0x90
[ 29.465404] gue_err+0xed/0x190
[ 29.465973] ? gue_err_proto_handler+0x90/0x90
[ 29.466755] __udp4_lib_err+0x32e/0x440
[ 29.467449] udp_err+0x10/0x20
[ 29.468063] gue_err_proto_handler+0x45/0x90
[ 29.468841] gue_err+0xed/0x190
[ 29.469415] ? gue_err_proto_handler+0x90/0x90
[ 29.470200] __udp4_lib_err+0x32e/0x440
[ 29.470899] udp_err+0x10/0x20
[ 29.471453] gue_err_proto_handler+0x45/0x90
[ 29.472221] gue_err+0xed/0x190
[ 29.472803] ? gue_err_proto_handler+0x90/0x90
[ 29.473615] __udp4_lib_err+0x32e/0x440
[ 29.474325] udp_err+0x10/0x20
[ 29.474898] gue_err_proto_handler+0x45/0x90
[ 29.475703] gue_err+0xed/0x190
[ 29.476275] ? gue_err_proto_handler+0x90/0x90
[ 29.477059] __udp4_lib_err+0x32e/0x440
[ 29.477741] udp_err+0x10/0x20
[ 29.478319] gue_err_proto_handler+0x45/0x90
[ 29.479089] gue_err+0xed/0x190
[ 29.479828] ? gue_err_proto_handler+0x90/0x90
[ 29.480883] __udp4_lib_err+0x32e/0x440
[ 29.481696] udp_err+0x10/0x20
[ 29.482328] gue_err_proto_handler+0x45/0x90
[ 29.483244] gue_err+0xed/0x190
[ 29.483897] ? gue_err_proto_handler+0x90/0x90
[ 29.484798] __udp4_lib_err+0x32e/0x440
[ 29.485573] udp_err+0x10/0x20
[ 29.486195] gue_err_proto_handler+0x45/0x90
[ 29.487085] gue_err+0xed/0x190
[ 29.487727] ? gue_err_proto_handler+0x90/0x90
[ 29.488618] __udp4_lib_err+0x32e/0x440
[ 29.489402] udp_err+0x10/0x20
[ 29.490036] gue_err_proto_handler+0x45/0x90
[ 29.490904] gue_err+0xed/0x190
[ 29.491563] ? gue_err_proto_handler+0x90/0x90
[ 29.492456] __udp4_lib_err+0x32e/0x440
[ 29.493247] udp_err+0x10/0x20
[ 29.493882] gue_err_proto_handler+0x45/0x90
[ 29.494752] gue_err+0xed/0x190
[ 29.495405] ? gue_err_proto_handler+0x90/0x90
[ 29.496295] __udp4_lib_err+0x32e/0x440
[ 29.497051] udp_err+0x10/0x20
[ 29.497673] gue_err_proto_handler+0x45/0x90
[ 29.498538] gue_err+0xed/0x190
[ 29.499185] ? gue_err_proto_handler+0x90/0x90
[ 29.500100] __udp4_lib_err+0x32e/0x440
[ 29.500876] udp_err+0x10/0x20
[ 29.501504] gue_err_proto_handler+0x45/0x90
[ 29.502372] gue_err+0xed/0x190
[ 29.503017] ? gue_err_proto_handler+0x90/0x90
[ 29.503936] __udp4_lib_err+0x32e/0x440
[ 29.504719] udp_err+0x10/0x20
[ 29.505371] gue_err_proto_handler+0x45/0x90
[ 29.506227] gue_err+0xed/0x190
[ 29.506885] ? gue_err_proto_handler+0x90/0x90
[ 29.507807] __udp4_lib_err+0x32e/0x440
[ 29.508594] udp_err+0x10/0x20
[ 29.509229] gue_err_proto_handler+0x45/0x90
[ 29.510093] gue_err+0xed/0x190
[ 29.510758] ? gue_err_proto_handler+0x90/0x90
[ 29.511685] __udp4_lib_err+0x32e/0x440
[ 29.512470] udp_err+0x10/0x20
[ 29.513099] gue_err_proto_handler+0x45/0x90
[ 29.513967] gue_err+0xed/0x190
[ 29.514620] ? gue_err_proto_handler+0x90/0x90
[ 29.515535] __udp4_lib_err+0x32e/0x440
[ 29.516295] udp_err+0x10/0x20
[ 29.516910] icmp_socket_deliver+0x7f/0xf0
[ 29.517730] icmp_redirect+0x3c/0x80
[ 29.518443] icmp_rcv+0x190/0x4c0
[ 29.519107] ip_protocol_deliver_rcu+0x2b/0x290
[ 29.520027] ip_local_deliver_finish+0x94/0x130
[ 29.520937] ip_local_deliver+0x180/0x220
[ 29.521747] ? ip_protocol_deliver_rcu+0x290/0x290
[ 29.522714] ip_rcv_finish+0x88/0xb0
[ 29.523481] ip_rcv+0x56/0x200
[ 29.524135] ? ip_rcv_finish_core.isra.18+0x600/0x600
[ 29.525137] __netif_receive_skb_one_core+0x52/0x70
[ 29.526122] __netif_receive_skb+0x13/0x60
[ 29.526950] netif_receive_skb_internal+0x72/0x380
[ 29.527912] napi_gro_frags+0x387/0x440
[ 29.528690] tun_get_user+0xda2/0x1200
[ 29.529438] tun_chr_write_iter+0x46/0x69
[ 29.530246] do_iter_readv_writev+0x12d/0x1a0
[ 29.531132] do_iter_write+0x81/0x190
[ 29.531887] vfs_writev+0xa2/0xf0
[ 29.532575] ? __fget+0xf7/0x1d0
[ 29.533235] do_writev+0x5e/0xf0
[ 29.533899] __x64_sys_writev+0x17/0x20
[ 29.534643] do_syscall_64+0x6e/0x1c0
[ 29.535391] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 29.536420] RIP: 0033:0x456f91
[ 29.537050] Code: 75 14 b8 14 00 00 00 0f 05 48 3d 01 f0 ff ff 0f
83 94 b0 fb ff c3 48 83 ec 08 e8 ba 14 00 00 48 89 04 24 b8 14 00 00
00 0f 05 <48> 8b 3c 24 48 89 c2 e8 03 15 00 00 48 89 d0 48 83 c4 08 48
3d 01
[ 29.540606] RSP: 002b:00007f0a51836bc0 EFLAGS: 00000293 ORIG_RAX:
0000000000000014
[ 29.541950] RAX: ffffffffffffffda RBX: 000000000000006a RCX: 0000000000456f91
[ 29.543230] RDX: 0000000000000001 RSI: 00007f0a51836c10 RDI: 00000000000000f0
[ 29.544594] RBP: 00000000200000c0 R08: 00000000000000f0 R09: 0000000000000000
[ 29.546022] R10: 00007f0a518379d0 R11: 0000000000000293 R12: 00007f0a518376d4
[ 29.547449] R13: 00000000004ac690 R14: 00000000006ec930 R15: 00000000ffffffff
[ 29.548893] Modules linked in:
[ 29.549501] ---[ end trace 3c20e02f8428d134 ]---
[ 29.550326] RIP: 0010:__lock_is_held+0x17/0xa0
[ 29.551123] Code: 4c 89 f8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 45 31
ff eb e5 55 48 89 e5 41 57 45 31 ff 41 56 49 89 fe 41 55 41 54 53 48
83 ec 08 <89> 75 d4 65 4c 8b 24 25 40 5e 01 00 41 8b 84 24 78 08 00 00
4d 8d
[ 29.554409] RSP: 0018:ffffc900023cbff8 EFLAGS: 00010092
[ 29.555340] RAX: 0000000000000286 RBX: ffff8880683ae040 RCX: 0000000000000000
[ 29.556746] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffffffff83ac8480
[ 29.558195] RBP: ffffc900023cc028 R08: ffff8880683b7d40 R09: 000000000000000b
[ 29.559676] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000286
[ 29.561087] R13: 0000000000000000 R14: ffffffff83ac8480 R15: 0000000000000000
[ 29.562488] FS: 00007f0a51837700(0000) GS:ffff88807da00000(0000)
knlGS:0000000000000000
[ 29.564074] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 29.565233] CR2: ffffc9000265bff8 CR3: 0000000067c05005 CR4: 00000000001606f0
[ 29.791591] Shutting down cpus with NMI
[ 29.792809] Kernel Offset: disabled
[ 29.793536] Rebooting in 86400 seconds..

Paul E. McKenney

unread,
Dec 17, 2018, 9:49:46 AM12/17/18
to Dmitry Vyukov, Arjan van de Ven, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
On Mon, Dec 17, 2018 at 03:40:06PM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 17, 2018 at 3:14 PM Arjan van de Ven <ar...@linux.intel.com> wrote:
> >
> > On 12/17/2018 3:29 AM, Paul E. McKenney wrote:
> > > As does this sort of report on a line that contains simple integer
> > > arithmetic and boolean operations.;-)
> > >
> > > Any chance of a bisection?
> >
> > btw this looks like something caused a stack overflow and thus all the weirdness that then happens
>
> Yup, without KASAN/KCOV but with VMAP_STACK I got:

Mutually assured recursion, looks like. ;-)

Thanx, Paul

Eric Dumazet

unread,
Dec 17, 2018, 9:57:42 AM12/17/18
to Dmitry Vyukov, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev, Stefano Brivio
Might be cause by commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
fou, fou6: ICMP error handlers for FoU and GUE


Please Stefano take a look, thanks !

Stefano Brivio

unread,
Dec 17, 2018, 10:00:08 AM12/17/18
to Eric Dumazet, Dmitry Vyukov, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
On Mon, 17 Dec 2018 06:57:35 -0800
Eric Dumazet <eric.d...@gmail.com> wrote:

> Might be cause by commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
> fou, fou6: ICMP error handlers for FoU and GUE

Most likely, yes.

> Please Stefano take a look, thanks !

Started one minute before your email, thanks for Cc'ing me though!

--
Stefano

Dmitry Vyukov

unread,
Dec 17, 2018, 10:11:32 AM12/17/18
to Stefano Brivio, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
Which reminds me that we need to make KASAN work with VMAP_STACK (or
equivalent):
https://bugzilla.kernel.org/show_bug.cgi?id=202009

Stefano Brivio

unread,
Dec 17, 2018, 10:24:31 AM12/17/18
to Eric Dumazet, Dmitry Vyukov, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
On Mon, 17 Dec 2018 06:57:35 -0800
Eric Dumazet <eric.d...@gmail.com> wrote:

> Might be cause by commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
> fou, fou6: ICMP error handlers for FoU and GUE

This:

diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c
index 0d0ad19ecb87..20a6de26d146 100644
--- a/net/ipv4/fou.c
+++ b/net/ipv4/fou.c
@@ -1008,6 +1008,9 @@ static int gue_err_proto_handler(int proto, struct sk_buff *skb, u32 info)
{
const struct net_protocol *ipprot = rcu_dereference(inet_protos[proto]);

+ if (ipprot == IPPROTO_UDP)
+ return -EINVAL;
+
if (ipprot && ipprot->err_handler) {
if (!ipprot->err_handler(skb, info))
return 0;

should fix the issue, but I still have to run tests and make sure we
don't hit similar cases.

--
Stefano

Dmitry Vyukov

unread,
Dec 17, 2018, 10:53:48 AM12/17/18
to Stefano Brivio, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
Please don't forget to add a regression test for it too ;)

syzbot

unread,
Dec 17, 2018, 12:03:04 PM12/17/18
to sbr...@redhat.com, syzkall...@googlegroups.com
Hello,

syzbot has tested the proposed patch but the reproducer still triggered
crash:
KASAN: stack-out-of-bounds Read in do_close_on_exec

IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
==================================================================
BUG: KASAN: stack-out-of-bounds in do_close_on_exec+0x44b/0x480
fs/file.c:656
Read of size 8 at addr ffff8881ba3038a0 by task ��ܹ����/-2035180937

CPU: 1 PID: -2035180937 Comm: ��ܹ���� Not tainted 4.20.0-rc6+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:

Allocated by task 3082463424:
BUG: unable to handle kernel paging request at ffffffff8caa7e88
PGD 946d067 P4D 946d067 PUD 946e063 PMD 0
Thread overran stack, or stack corrupted
kasan: CONFIG_KASAN_INLINE enabled
Oops: 0000 [#1] PREEMPT SMP KASAN
kasan: GPF could be caused by NULL-ptr deref or user memory access
CPU: 1 PID: -2035180937 Comm: ��ܹ���� Not tainted 4.20.0-rc6+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:202
Code: 89 e8 54 15 1d fe e9 87 fd ff ff e8 9a bc a2 fd 90 90 90 90 90 90 90
90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 80
3a ae 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00
RSP: 0018:ffff8881be87f430 EFLAGS: 00010006
RAX: 00000000001f8881 RBX: ffff8881ba3038e4 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8881be87f438 RDI: 0000000000003ff0
RBP: ffff8881be87f460 R08: ffff8881b9dcc0c0 R09: ffffed103b5e3ef8
R10: ffffed103b5e3ef8 R11: ffff8881daf1f7c7 R12: ffffea0006e8c0c0
R13: ffff8881ba303880 R14: ffff8881da8004c0 R15: ffff8881ba3038e0
FS: 0000000000000000(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff8caa7e88 CR3: 00000001c396a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
CR2: ffffffff8caa7e88
---[ end trace f1457be75aba7387 ]---
general protection fault: 0000 [#2] PREEMPT SMP KASAN
CPU: 0 PID: -1123973440 Comm: syz-executor4 Tainted: G D
4.20.0-rc6+ #1
RIP: 0010:depot_fetch_stack+0x10/0x30 lib/stackdepot.c:202
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Code: 89 e8 54 15 1d fe e9 87 fd ff ff e8 9a bc a2 fd 90 90 90 90 90 90 90
90 90 90 89 f8 c1 ef 11 25 ff ff 1f 00 81 e7 f0 3f 00 00 <48> 03 3c c5 80
3a ae 8b 8b 47 0c 48 83 c7 18 c7 46 10 00 00 00 00
RIP: 0010:__read_once_size include/linux/compiler.h:182 [inline]
RIP: 0010:get_running_cputimer include/linux/sched/cputime.h:85 [inline]
RIP: 0010:account_group_system_time include/linux/sched/cputime.h:149
[inline]
RIP: 0010:account_system_index_time+0xef/0x5d0 kernel/sched/cputime.c:168
RSP: 0018:ffff8881be87f430 EFLAGS: 00010006
Code: b5 04 00 00 48 8b 83 00 07 00 00 48 ba 00 00 00 00 00 fc ff df 48 8d
b8 40 01 00 00 48 8d 88 28 01 00 00 48 89 fe 48 c1 ee 03 <0f> b6 14 16 48
89 fe 83 e6 07 40 38 f2 7f 08 84 d2 0f 85 01 04 00
RAX: 00000000001f8881 RBX: ffff8881ba3038e4 RCX: 0000000000000000
RSP: 0018:ffff8881dae07950 EFLAGS: 00010006
RDX: 0000000000000000 RSI: ffff8881be87f438 RDI: 0000000000003ff0
RAX: 0000000000000000 RBX: ffff8881b7baa040 RCX: 0000000000000128
RBP: ffff8881be87f460 R08: ffff8881b9dcc0c0 R09: ffffed103b5e3ef8
RDX: dffffc0000000000 RSI: 0000000000000028 RDI: 0000000000000140
R10: ffffed103b5e3ef8 R11: ffff8881daf1f7c7 R12: ffffea0006e8c0c0
RBP: ffff8881dae07a30 R08: ffff8881dae1f5f0 R09: fffffbfff12b545c
R13: ffff8881ba303880 R14: ffff8881da8004c0 R15: ffff8881ba3038e0
R10: fffffbfff1281b45 R11: ffffffff895aa2e3 R12: ffffffffffffffff
FS: 0000000000000000(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
R13: 0000000000983396 R14: 1ffff1103b5c0f2d R15: ffff8881dae07a08
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
FS: 00007f4d858c9700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CR2: ffffffff8caa7e88 CR3: 00000001c396a000 CR4: 00000000001406e0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
CR2: 00000000004d9890 CR3: 00000001bd0cd000 CR4: 00000000001406f0
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000


Tested on:

commit: 2aa55dccf83d hns3: prevent building without CONFIG_INET
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1734df6d400000
kernel config: https://syzkaller.appspot.com/x/.config?x=d9655b05acfc97ff
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=1189f4cd400000

Stefano Brivio

unread,
Dec 17, 2018, 1:21:33 PM12/17/18
to Eric Dumazet, Dmitry Vyukov, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
On Mon, 17 Dec 2018 16:24:21 +0100
Stefano Brivio <sbr...@redhat.com> wrote:

> On Mon, 17 Dec 2018 06:57:35 -0800
> Eric Dumazet <eric.d...@gmail.com> wrote:
>
> > Might be cause by commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
> > fou, fou6: ICMP error handlers for FoU and GUE
>
> This:
>
> diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c
> index 0d0ad19ecb87..20a6de26d146 100644
> --- a/net/ipv4/fou.c
> +++ b/net/ipv4/fou.c
> @@ -1008,6 +1008,9 @@ static int gue_err_proto_handler(int proto, struct sk_buff *skb, u32 info)
> {
> const struct net_protocol *ipprot = rcu_dereference(inet_protos[proto]);
>
> + if (ipprot == IPPROTO_UDP)
^^^ proto, of course

> + return -EINVAL;
> +
> if (ipprot && ipprot->err_handler) {
> if (!ipprot->err_handler(skb, info))
> return 0;
>

--
Stefano

Dmitry Vyukov

unread,
Dec 17, 2018, 1:46:10 PM12/17/18
to Stefano Brivio, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
On Mon, Dec 17, 2018 at 12:29 PM Paul E. McKenney <pau...@linux.ibm.com> wrote:
> Any chance of a bisection?

Better later then never. Bisection also needs testing :)

syz-bisect -config bisect.cfg -crash dda626cdbd87eafe9a755acbbe102e2b6096b256
searching for guilty commit starting from 2aa55dccf83d
building syzkaller on 7624ddd6
testing commit 2aa55dccf83d7ca9f1da59ae005426c44fbeb890 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: slab-out-of-bounds in tick_sched_handle
run #1: crashed: KASAN: slab-out-of-bounds in tick_sched_handle
run #2: crashed: BUG: Bad page map
run #3: crashed: BUG: Bad page map
run #4: crashed: PANIC: double fault in __udp4_lib_err
run #5: crashed: general protection fault in __bfs
run #6: crashed: KASAN: stack-out-of-bounds Read in __handle_mm_fault
run #7: crashed: no output from test machine
testing release v4.19
testing commit 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d with gcc (GCC) 8.1.0
all runs: OK
# git bisect start 2aa55dccf83d v4.19
Bisecting: 7955 revisions left to test after this (roughly 13 steps)
[f8cab69be0a8a756a7409f6d2bd1e6e96ce46482] Merge tag
'linux-kselftest-4.20-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
testing commit f8cab69be0a8a756a7409f6d2bd1e6e96ce46482 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good f8cab69be0a8a756a7409f6d2bd1e6e96ce46482
Bisecting: 3957 revisions left to test after this (roughly 12 steps)
[b3491d8430dd25f0a4e00c33d60da22a9bd9d052] Merge tag 'media/v4.20-2'
of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
testing commit b3491d8430dd25f0a4e00c33d60da22a9bd9d052 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good b3491d8430dd25f0a4e00c33d60da22a9bd9d052
Bisecting: 1978 revisions left to test after this (roughly 11 steps)
[40df309e4166c69600968c93846aa0b1821e83f0] octeontx2-af: Support to
enable/disable default MCAM entries
testing commit 40df309e4166c69600968c93846aa0b1821e83f0 with gcc (GCC) 8.1.0
run #0: crashed: general protection fault in __bfs
run #1: crashed: KASAN: stack-out-of-bounds Read in copy_page_range
run #2: crashed: general protection fault in __bfs
run #3: crashed: KASAN: slab-out-of-bounds Read in vma_compute_subtree_gap
run #4: crashed: general protection fault in corrupted
run #5: crashed: general protection fault in corrupted
run #6: crashed: BUG: unable to handle kernel paging request in corrupted
run #7: crashed: KASAN: stack-out-of-bounds Read in inet6_fill_ifla6_attrs
# git bisect bad 40df309e4166c69600968c93846aa0b1821e83f0
Bisecting: 989 revisions left to test after this (roughly 10 steps)
[a13511dfa836c8305a737436eed3ba9a8e74a826] Merge
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
testing commit a13511dfa836c8305a737436eed3ba9a8e74a826 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good a13511dfa836c8305a737436eed3ba9a8e74a826
Bisecting: 521 revisions left to test after this (roughly 9 steps)
[9ff01193a20d391e8dbce4403dd5ef87c7eaaca6] Linux 4.20-rc3
testing commit 9ff01193a20d391e8dbce4403dd5ef87c7eaaca6 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 9ff01193a20d391e8dbce4403dd5ef87c7eaaca6
Bisecting: 260 revisions left to test after this (roughly 8 steps)
[47e3e53ceadc568c038e457661d836f2259ed774] ice: Destroy scheduler tree
in reset path
testing commit 47e3e53ceadc568c038e457661d836f2259ed774 with gcc (GCC) 8.1.0
run #0: crashed: KASAN: slab-out-of-bounds Read in tick_sched_handle
run #1: crashed: KASAN: stack-out-of-bounds in __fget_light
run #2: crashed: BUG: unable to handle kernel paging request in corrupted
run #3: crashed: KASAN: stack-out-of-bounds in anon_vma_interval_tree_remove
run #4: crashed: general protection fault in __udp4_lib_err
run #5: crashed: KASAN: stack-out-of-bounds Read in free_pgd_range
run #6: crashed: general protection fault in change_protection
run #7: crashed: INFO: trying to register non-static key in corrupted
# git bisect bad 47e3e53ceadc568c038e457661d836f2259ed774
Bisecting: 129 revisions left to test after this (roughly 7 steps)
[52358cb5a310990ea5069f986bdab3620e01181f] Merge branch 's390-qeth-next'
testing commit 52358cb5a310990ea5069f986bdab3620e01181f with gcc (GCC) 8.1.0
run #0: crashed: BUG: unable to handle kernel paging request in corrupted
run #1: crashed: general protection fault in vma_interval_tree_insert
run #2: crashed: KASAN: stack-out-of-bounds Read in __call_rcu
run #3: crashed: BUG: unable to handle kernel paging request in corrupted
run #4: crashed: general protection fault in __bfs
run #5: crashed: BUG: unable to handle kernel paging request in
__cgroup_account_cputime_field
run #6: crashed: WARNING in anon_vma_interval_tree_verify
run #7: crashed: general protection fault in rb_first
# git bisect bad 52358cb5a310990ea5069f986bdab3620e01181f
Bisecting: 65 revisions left to test after this (roughly 6 steps)
[2e7ad56aa54778de863998579fc6b5ff52838571] net/wan/fsl_ucc_hdlc: add BQL support
testing commit 2e7ad56aa54778de863998579fc6b5ff52838571 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good 2e7ad56aa54778de863998579fc6b5ff52838571
Bisecting: 32 revisions left to test after this (roughly 5 steps)
[b592843c6723a850be70bf9618578082f3b73851] net: sched: add an offload
dump helper
testing commit b592843c6723a850be70bf9618578082f3b73851 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good b592843c6723a850be70bf9618578082f3b73851
Bisecting: 16 revisions left to test after this (roughly 4 steps)
[a07966447f39fe43e37d05c9bfc92b1493267a59] geneve: ICMP error lookup handler
testing commit a07966447f39fe43e37d05c9bfc92b1493267a59 with gcc (GCC) 8.1.0
all runs: OK
# git bisect good a07966447f39fe43e37d05c9bfc92b1493267a59
Bisecting: 8 revisions left to test after this (roughly 3 steps)
[04087d9a89bef97998c71c21e3ecfca0cc7c52f3] openvswitch: remove BUG_ON
from get_dpdev
testing commit 04087d9a89bef97998c71c21e3ecfca0cc7c52f3 with gcc (GCC) 8.1.0
run #0: crashed: WARNING: kernel stack regs has bad 'bp' value
run #1: crashed: BUG: unable to handle kernel paging request in corrupted
run #2: crashed: general protection fault in corrupted
run #3: crashed: general protection fault in __bfs
run #4: crashed: general protection fault in corrupted
run #5: crashed: general protection fault in rb_insert_color
run #6: crashed: BUG: corrupted list in __pagevec_lru_add_fn
run #7: crashed: general protection fault in validate_mm
# git bisect bad 04087d9a89bef97998c71c21e3ecfca0cc7c52f3
Bisecting: 3 revisions left to test after this (roughly 2 steps)
[e7cc082455cb49ea937a3ec4ab3d001b0b5f137b] udp: Support for error
handlers of tunnels with arbitrary destination port
testing commit e7cc082455cb49ea937a3ec4ab3d001b0b5f137b with gcc (GCC) 8.1.0
all runs: OK
# git bisect good e7cc082455cb49ea937a3ec4ab3d001b0b5f137b
Bisecting: 1 revision left to test after this (roughly 1 step)
[56fd865f46b894681dd7e7f83761243add7a71a3] selftests: pmtu: Introduce
FoU and GUE PMTU exceptions tests
testing commit 56fd865f46b894681dd7e7f83761243add7a71a3 with gcc (GCC) 8.1.0
run #0: crashed: WARNING in unlink_anon_vmas
run #1: crashed: BUG: unable to handle kernel NULL pointer dereference
in corrupted
run #2: crashed: BUG: unable to handle kernel NULL pointer dereference
in corrupted
run #3: crashed: KASAN: stack-out-of-bounds Read in update_min_vruntime
run #4: crashed: BUG: unable to handle kernel paging request in corrupted
run #5: crashed: PANIC: double fault in corrupted
run #6: crashed: WARNING in unlink_anon_vmas
run #7: crashed: WARNING in unlink_anon_vmas
# git bisect bad 56fd865f46b894681dd7e7f83761243add7a71a3
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e] fou, fou6: ICMP error
handlers for FoU and GUE
testing commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e with gcc (GCC) 8.1.0
run #0: crashed: kernel BUG at include/linux/swapops.h:LINE!
run #1: crashed: general protection fault in __bfs
run #2: crashed: INFO: trying to register non-static key in corrupted
run #3: crashed: lost connection to test machine
run #4: crashed: BUG: unable to handle kernel NULL pointer dereference
in corrupted
run #5: crashed: kernel BUG at include/linux/swapops.h:LINE!
run #6: crashed: no output from test machine
run #7: crashed: lost connection to test machine
# git bisect bad b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e is the first bad commit
commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
Author: Stefano Brivio <sbr...@redhat.com>
Date: Thu Nov 8 12:19:23 2018 +0100

fou, fou6: ICMP error handlers for FoU and GUE

As the destination port in FoU and GUE receiving sockets doesn't
necessarily match the remote destination port, we can't associate errors
to the encapsulating tunnels with a socket lookup -- we need to blindly
try them instead. This means we don't even know if we are handling errors
for FoU or GUE without digging into the packets.

Hence, implement a single handler for both, one for IPv4 and one for IPv6,
that will check whether the packet that generated the ICMP error used a
direct IP encapsulation or if it had a GUE header, and send the error to
the matching protocol handler, if any.

Signed-off-by: Stefano Brivio <sbr...@redhat.com>
Reviewed-by: Sabrina Dubroca <s...@queasysnail.net>
Signed-off-by: David S. Miller <da...@davemloft.net>

:040000 040000 cabdcb7779c24a357486aae139cb31cdd625bc53
6bc9db712d9698330234b7c8c934dcfc71cfb657 M net
revisions tested: 16, total time: 3h25m25.893971693s (build:
1h23m29.053198068s, test: 1h59m23.409063298s)
first bad commit: b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e fou, fou6:
ICMP error handlers for FoU and GUE
cc: ["sbr...@redhat.com" "s...@queasysnail.net"]

Paul E. McKenney

unread,
Dec 17, 2018, 2:56:25 PM12/17/18
to Dmitry Vyukov, Stefano Brivio, Eric Dumazet, Arjan van de Ven, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
On Mon, Dec 17, 2018 at 07:45:58PM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 17, 2018 at 12:29 PM Paul E. McKenney <pau...@linux.ibm.com> wrote:
> > Any chance of a bisection?
>
> Better later then never. Bisection also needs testing :)

Well, it looks like it did pass the test, arriving at the same commit
that Eric called out. ;-)

Thanx, Paul

syzbot

unread,
Dec 17, 2018, 4:18:03 PM12/17/18
to sbr...@redhat.com, syzkall...@googlegroups.com
Hello,

syzbot has tested the proposed patch and the reproducer did not trigger
crash:

Reported-and-tested-by:
syzbot+43f675...@syzkaller.appspotmail.com

Tested on:

commit: 2aa55dccf83d hns3: prevent building without CONFIG_INET
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
kernel config: https://syzkaller.appspot.com/x/.config?x=d9655b05acfc97ff
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
patch: https://syzkaller.appspot.com/x/patch.diff?x=11a55885400000

Note: testing is done by a robot and is best-effort only.

Stefano Brivio

unread,
Dec 17, 2018, 6:18:38 PM12/17/18
to Dmitry Vyukov, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
Where would you suggest to add this? The only selftest that goes
through this path currently is net/pmtu.sh, but as configuration of an
actual UDP-in-GUE tunnel is currently not supported, I would really
need to forge that specific packet, so that doesn't seem to be a good
fit.

Won't syzbot add this to some list of reproducers that are checked in
the future?

--
Stefano

Dmitry Vyukov

unread,
Dec 18, 2018, 3:49:30 AM12/18/18
to Stefano Brivio, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev
I dunno. But there must be some place for such tests, right?

> through this path currently is net/pmtu.sh, but as configuration of an
> actual UDP-in-GUE tunnel is currently not supported, I would really
> need to forge that specific packet, so that doesn't seem to be a good
> fit.
>
> Won't syzbot add this to some list of reproducers that are checked in
> the future?

It won't. Also fuzzing is complementary to testing, not a replacement:
https://twitter.com/dvyukov/status/1074719682962358272

Stefano Brivio

unread,
Dec 18, 2018, 7:40:35 AM12/18/18
to Dmitry Vyukov, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev, Cong Wang, Xin Long
On Tue, 18 Dec 2018 09:49:17 +0100
Not as far as I know. The selftests checking this path, by design, only
use supported configurations, they don't forge packets.

Maybe it would be nice to have a semi-automated way to isolate and
describe/name specific conditions found by syzbot via fuzzing and turn
those into tests that are then repeated periodically. I'm not sure how
that would look like, but I think it's still more maintainable than a
pile of C reproducers with forged packets in selftests/net.

Eric, Cong, Xin, as you also recently fixed a nice deal of similar cases
reported by syzbot, what do you think? Did you ever feel the need to
turn a syzbot reproducer into a regression test case?

> > through this path currently is net/pmtu.sh, but as configuration of an
> > actual UDP-in-GUE tunnel is currently not supported, I would really
> > need to forge that specific packet, so that doesn't seem to be a good
> > fit.
> >
> > Won't syzbot add this to some list of reproducers that are checked in
> > the future?
>
> It won't. Also fuzzing is complementary to testing, not a replacement:

Indeed, but that doesn't mean we need to limit the potential of fuzzing
because "it's not testing". It can be used to check for regressions,
too, especially in these cases.

> https://twitter.com/dvyukov/status/1074719682962358272

Now, I'm extremely thankful for the work you're doing and especially
for finding this subtle condition with syzbot, but this is quite
inaccurate. To be exposed to this issue, the user would need to
have the fou module loaded (it won't autoload), which is used quite
rarely, and, on top of that, have a UDP tunnel configured. It wouldn't
have been the kind of "evil packet crashes the internet" scenario you
were dreaming of ;)

--
Stefano

Dmitry Vyukov

unread,
Dec 18, 2018, 8:26:12 AM12/18/18
to Stefano Brivio, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev, Cong Wang, Xin Long
It would be nice to do something like this. Filed
https://github.com/google/syzkaller/issues/884
However, there are few open questions that I am not sure how to resolve yet...


> Eric, Cong, Xin, as you also recently fixed a nice deal of similar cases
> reported by syzbot, what do you think? Did you ever feel the need to
> turn a syzbot reproducer into a regression test case?
>
> > > through this path currently is net/pmtu.sh, but as configuration of an
> > > actual UDP-in-GUE tunnel is currently not supported, I would really
> > > need to forge that specific packet, so that doesn't seem to be a good
> > > fit.
> > >
> > > Won't syzbot add this to some list of reproducers that are checked in
> > > the future?
> >
> > It won't. Also fuzzing is complementary to testing, not a replacement:
>
> Indeed, but that doesn't mean we need to limit the potential of fuzzing
> because "it's not testing". It can be used to check for regressions,
> too, especially in these cases.
>
> > https://twitter.com/dvyukov/status/1074719682962358272
>
> Now, I'm extremely thankful for the work you're doing and especially
> for finding this subtle condition with syzbot, but this is quite
> inaccurate. To be exposed to this issue, the user would need to
> have the fou module loaded (it won't autoload), which is used quite
> rarely, and, on top of that, have a UDP tunnel configured. It wouldn't
> have been the kind of "evil packet crashes the internet" scenario you
> were dreaming of ;)

Okay, I see. Full bug assessment is hard. I mess it both ways for
different bugs.
But I did not claim that it does not require some setup :)
And maybe there is somebody important on the internet that uses such
setup. Who knows.

Paul E. McKenney

unread,
Dec 18, 2018, 9:03:05 AM12/18/18
to Dmitry Vyukov, Stefano Brivio, Eric Dumazet, Arjan van de Ven, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev, Cong Wang, Xin Long
Black hats, if no one else. ;-)

Thanx, Paul

Stefano Brivio

unread,
Dec 18, 2018, 9:13:09 AM12/18/18
to Dmitry Vyukov, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev, Cong Wang, Xin Long
[Dropping syzbot from Cc:]

On Tue, 18 Dec 2018 14:26:00 +0100
Dmitry Vyukov <dvy...@google.com> wrote:

> On Tue, Dec 18, 2018 at 1:40 PM Stefano Brivio <sbr...@redhat.com>
> wrote:
>
> > Maybe it would be nice to have a semi-automated way to isolate and
> > describe/name specific conditions found by syzbot via fuzzing and
> > turn those into tests that are then repeated periodically. I'm not
> > sure how that would look like, but I think it's still more
> > maintainable than a pile of C reproducers with forged packets in
> > selftests/net.
>
> It would be nice to do something like this. Filed
> https://github.com/google/syzkaller/issues/884
> However, there are few open questions that I am not sure how to
> resolve yet...

I don't have a github account, so let me comment on your questions here:

> 1. How to effectively fetch so many repros from datastore without
> hitting timeouts? We probably need to limit this to 1 repro per bug,
> but still that's many repros.

I guess this would be less of a problem if reproducers are selected
based on input from developers, instead of just taking all the
reproducers. E.g. one could answer a report with something like:

#syz regression-test: <name>
<description>

in this case I would have answered:

#syz regression-test: icmp-udp-in-gue-recursion
ICMP exceptions on UDP direct encapsulation in GUE

and something could be automatically appended to the test name,
perhaps e-mail and date. It would also be nice to be able to undo
this and delete a regression test.

> 2. Do we need some sorting based on namespace? E.g. stable releases
> may not include fixes for bugs fixed in upstream, then we will just
> crash lots of kernels in vain.

Same here, I guess developer input might help, but I'm not sure how to
formalise this.

> 3. syzkaller repros depend on exact syzkaller revision, new syzkaller
> won't be able to use old repros. Using C repros is much harder and
> they are not present for all bugs. Not sure what to do here.

Would it make a difference if you could use the "syz" reproducers and
translate them to C reproducer only once needed?

--
Stefano

Dmitry Vyukov

unread,
Dec 18, 2018, 11:05:54 AM12/18/18
to Stefano Brivio, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev, Cong Wang, Xin Long
I hope we can solve these technical problems without imposing more
work onto humans. And just run all repros.
Besides the fact that it's just not good to ask people to do what
machines can do, _very_ few people will use these new tags.
Potentially we will have just this repro marked by you :)


> > 3. syzkaller repros depend on exact syzkaller revision, new syzkaller
> > won't be able to use old repros. Using C repros is much harder and
> > they are not present for all bugs. Not sure what to do here.
>
> Would it make a difference if you could use the "syz" reproducers and
> translate them to C reproducer only once needed?

That's the problem. Once we need them we will need to build and copy
to the target machine the exact syzkaller revision used to produce
that repro. So if we will test 10K repros, we will need 10K builds and
binaries copied.

Cong Wang

unread,
Dec 18, 2018, 11:12:17 PM12/18/18
to Stefano Brivio, Dmitry Vyukov, Eric Dumazet, Arjan van de Ven, Paul E. McKenney, syzbot, Andrew Morton, Josh Triplett, LKML, Ingo Molnar, syzkaller-bugs, netdev, Xin Long
On Tue, Dec 18, 2018 at 4:40 AM Stefano Brivio <sbr...@redhat.com> wrote:
> Not as far as I know. The selftests checking this path, by design, only
> use supported configurations, they don't forge packets.
>
> Maybe it would be nice to have a semi-automated way to isolate and
> describe/name specific conditions found by syzbot via fuzzing and turn
> those into tests that are then repeated periodically. I'm not sure how
> that would look like, but I think it's still more maintainable than a
> pile of C reproducers with forged packets in selftests/net.
>
> Eric, Cong, Xin, as you also recently fixed a nice deal of similar cases
> reported by syzbot, what do you think? Did you ever feel the need to
> turn a syzbot reproducer into a regression test case?

I think it is a very good idea to archive these C reproducers in
tools/testing/selftests/. After this is done, kbuild bot could do these
regression tests, no longer need to bother syzbot to run them again. :)

Thanks.
Reply all
Reply to author
Forward
0 new messages