* [syzbot] [net?] WARNING in xfrm_state_fini (3) @ 2025-07-29 7:08 syzbot 2025-07-29 11:01 ` Steffen Klassert 2025-08-01 0:54 ` syzbot 0 siblings, 2 replies; 7+ messages in thread From: syzbot @ 2025-07-29 7:08 UTC (permalink / raw) To: davem, edumazet, herbert, horms, kuba, linux-kernel, netdev, pabeni, steffen.klassert, syzkaller-bugs Hello, syzbot found the following issue on: HEAD commit: 038d61fd6422 Linux 6.16 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=11b88cf0580000 kernel config: https://syzkaller.appspot.com/x/.config?x=4066f1c76cfbc4fe dashboard link: https://syzkaller.appspot.com/bug?extid=6641a61fe0e2e89ae8c5 compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16ca1782580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140194a2580000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/6505c612be11/disk-038d61fd.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/e466ef29c1ca/vmlinux-038d61fd.xz kernel image: https://storage.googleapis.com/syzbot-assets/b6d3d8fc5cbb/bzImage-038d61fd.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com ------------[ cut here ]------------ WARNING: CPU: 1 PID: 36 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x270/0x2f0 net/xfrm/xfrm_state.c:3284 Modules linked in: CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 Workqueue: netns cleanup_net RIP: 0010:xfrm_state_fini+0x270/0x2f0 net/xfrm/xfrm_state.c:3284 Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 68 fa 0b f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 56 c8 ec f7 e8 51 e8 a9 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 43 e8 a9 f7 90 0f 0b 90 e9 60 fe ff ff RSP: 0018:ffffc90000ac7898 EFLAGS: 00010293 RAX: ffffffff8a163e8f RBX: ffff888034008000 RCX: ffff888143299e00 RDX: 0000000000000000 RSI: ffffffff8db8419f RDI: ffff888143299e00 RBP: ffffc90000ac79b0 R08: ffffffff8f6196e7 R09: 1ffffffff1ec32dc R10: dffffc0000000000 R11: fffffbfff1ec32dd R12: ffffffff8f617760 R13: 1ffff92000158f40 R14: ffff8880340094c0 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff888125d23000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbd9e960960 CR3: 00000000316d3000 CR4: 0000000000350ef0 Call Trace: <TASK> xfrm_net_exit+0x2d/0x70 net/xfrm/xfrm_policy.c:4348 ops_exit_list net/core/net_namespace.c:200 [inline] ops_undo_list+0x49a/0x990 net/core/net_namespace.c:253 cleanup_net+0x4c5/0x800 net/core/net_namespace.c:686 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x711/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] WARNING in xfrm_state_fini (3) 2025-07-29 7:08 [syzbot] [net?] WARNING in xfrm_state_fini (3) syzbot @ 2025-07-29 11:01 ` Steffen Klassert 2025-07-29 11:09 ` Sabrina Dubroca 2025-08-01 0:54 ` syzbot 1 sibling, 1 reply; 7+ messages in thread From: Steffen Klassert @ 2025-07-29 11:01 UTC (permalink / raw) To: syzbot, Sabrina Dubroca Cc: davem, edumazet, herbert, horms, kuba, linux-kernel, netdev, pabeni, syzkaller-bugs On Tue, Jul 29, 2025 at 12:08:31AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 038d61fd6422 Linux 6.16 > git tree: upstream > console+strace: https://syzkaller.appspot.com/x/log.txt?x=11b88cf0580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=4066f1c76cfbc4fe > dashboard link: https://syzkaller.appspot.com/bug?extid=6641a61fe0e2e89ae8c5 > compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16ca1782580000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140194a2580000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/6505c612be11/disk-038d61fd.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/e466ef29c1ca/vmlinux-038d61fd.xz > kernel image: https://storage.googleapis.com/syzbot-assets/b6d3d8fc5cbb/bzImage-038d61fd.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com > > ------------[ cut here ]------------ > WARNING: CPU: 1 PID: 36 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x270/0x2f0 net/xfrm/xfrm_state.c:3284 > Modules linked in: > CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 > Workqueue: netns cleanup_net > RIP: 0010:xfrm_state_fini+0x270/0x2f0 net/xfrm/xfrm_state.c:3284 > Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 68 fa 0b f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 56 c8 ec f7 e8 51 e8 a9 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 43 e8 a9 f7 90 0f 0b 90 e9 60 fe ff ff > RSP: 0018:ffffc90000ac7898 EFLAGS: 00010293 > RAX: ffffffff8a163e8f RBX: ffff888034008000 RCX: ffff888143299e00 > RDX: 0000000000000000 RSI: ffffffff8db8419f RDI: ffff888143299e00 > RBP: ffffc90000ac79b0 R08: ffffffff8f6196e7 R09: 1ffffffff1ec32dc > R10: dffffc0000000000 R11: fffffbfff1ec32dd R12: ffffffff8f617760 > R13: 1ffff92000158f40 R14: ffff8880340094c0 R15: dffffc0000000000 > FS: 0000000000000000(0000) GS:ffff888125d23000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007fbd9e960960 CR3: 00000000316d3000 CR4: 0000000000350ef0 > Call Trace: > <TASK> > xfrm_net_exit+0x2d/0x70 net/xfrm/xfrm_policy.c:4348 > ops_exit_list net/core/net_namespace.c:200 [inline] > ops_undo_list+0x49a/0x990 net/core/net_namespace.c:253 > cleanup_net+0x4c5/0x800 net/core/net_namespace.c:686 > process_one_work kernel/workqueue.c:3238 [inline] > process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 > worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 > kthread+0x711/0x8a0 kernel/kthread.c:464 > ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 > </TASK> Hi Sabrina, your recent ipcomp patches seem to trigger this issue. At least reverting them make it go away. Can you please look into this? Please note that CONFIG_INET_DIAG_DESTROY=y has to be set to trigger the warining. Thanks! ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] WARNING in xfrm_state_fini (3) 2025-07-29 11:01 ` Steffen Klassert @ 2025-07-29 11:09 ` Sabrina Dubroca 2025-07-29 18:47 ` syzbot 2025-08-28 11:06 ` Tetsuo Handa 0 siblings, 2 replies; 7+ messages in thread From: Sabrina Dubroca @ 2025-07-29 11:09 UTC (permalink / raw) To: Steffen Klassert Cc: syzbot, davem, edumazet, herbert, horms, kuba, linux-kernel, netdev, pabeni, syzkaller-bugs Hi Steffen, 2025-07-29, 13:01:22 +0200, Steffen Klassert wrote: > On Tue, Jul 29, 2025 at 12:08:31AM -0700, syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: 038d61fd6422 Linux 6.16 > > git tree: upstream > > console+strace: https://syzkaller.appspot.com/x/log.txt?x=11b88cf0580000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=4066f1c76cfbc4fe > > dashboard link: https://syzkaller.appspot.com/bug?extid=6641a61fe0e2e89ae8c5 > > compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16ca1782580000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140194a2580000 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/6505c612be11/disk-038d61fd.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/e466ef29c1ca/vmlinux-038d61fd.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/b6d3d8fc5cbb/bzImage-038d61fd.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com > > > > ------------[ cut here ]------------ > > WARNING: CPU: 1 PID: 36 at net/xfrm/xfrm_state.c:3284 xfrm_state_fini+0x270/0x2f0 net/xfrm/xfrm_state.c:3284 > > Modules linked in: > > CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 > > Workqueue: netns cleanup_net > > RIP: 0010:xfrm_state_fini+0x270/0x2f0 net/xfrm/xfrm_state.c:3284 > > Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 68 fa 0b f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 56 c8 ec f7 e8 51 e8 a9 f7 90 <0f> 0b 90 e9 fd fd ff ff e8 43 e8 a9 f7 90 0f 0b 90 e9 60 fe ff ff > > RSP: 0018:ffffc90000ac7898 EFLAGS: 00010293 > > RAX: ffffffff8a163e8f RBX: ffff888034008000 RCX: ffff888143299e00 > > RDX: 0000000000000000 RSI: ffffffff8db8419f RDI: ffff888143299e00 > > RBP: ffffc90000ac79b0 R08: ffffffff8f6196e7 R09: 1ffffffff1ec32dc > > R10: dffffc0000000000 R11: fffffbfff1ec32dd R12: ffffffff8f617760 > > R13: 1ffff92000158f40 R14: ffff8880340094c0 R15: dffffc0000000000 > > FS: 0000000000000000(0000) GS:ffff888125d23000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 00007fbd9e960960 CR3: 00000000316d3000 CR4: 0000000000350ef0 > > Call Trace: > > <TASK> > > xfrm_net_exit+0x2d/0x70 net/xfrm/xfrm_policy.c:4348 > > ops_exit_list net/core/net_namespace.c:200 [inline] > > ops_undo_list+0x49a/0x990 net/core/net_namespace.c:253 > > cleanup_net+0x4c5/0x800 net/core/net_namespace.c:686 > > process_one_work kernel/workqueue.c:3238 [inline] > > process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 > > worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 > > kthread+0x711/0x8a0 kernel/kthread.c:464 > > ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 > > </TASK> > > Hi Sabrina, your recent ipcomp patches seem to trigger this issue. > At least reverting them make it go away. Can you please look > into this? I haven't looked at the other reports yet, but this one seems to be a stupid mistake in my revert patch. With these changes, the syzbot repro stops splatting here: #syz test diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c index 5120a763da0d..0a0eeaed0591 100644 --- a/net/ipv6/xfrm6_tunnel.c +++ b/net/ipv6/xfrm6_tunnel.c @@ -334,7 +334,7 @@ static void __net_exit xfrm6_tunnel_net_exit(struct net *net) struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); unsigned int i; - xfrm_state_flush(net, IPSEC_PROTO_ANY, false); + xfrm_state_flush(net, 0, false); xfrm_flush_gc(); for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++) diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 97ff756191ba..5f1da305eea8 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -3278,7 +3278,7 @@ void xfrm_state_fini(struct net *net) unsigned int sz; flush_work(&net->xfrm.state_hash_work); - xfrm_state_flush(net, IPSEC_PROTO_ANY, false); + xfrm_state_flush(net, 0, false); flush_work(&xfrm_state_gc_work); WARN_ON(!list_empty(&net->xfrm.state_all)); -- Sabrina ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] WARNING in xfrm_state_fini (3) 2025-07-29 11:09 ` Sabrina Dubroca @ 2025-07-29 18:47 ` syzbot 2025-08-28 11:06 ` Tetsuo Handa 1 sibling, 0 replies; 7+ messages in thread From: syzbot @ 2025-07-29 18:47 UTC (permalink / raw) To: davem, edumazet, herbert, horms, kuba, linux-kernel, netdev, pabeni, sd, steffen.klassert, syzkaller-bugs Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com Tested-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com Tested on: commit: 86aa7218 Merge tag 'chrome-platform-v6.17' of git://gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16eb74a2580000 kernel config: https://syzkaller.appspot.com/x/.config?x=6aef71a615d0cdf2 dashboard link: https://syzkaller.appspot.com/bug?extid=6641a61fe0e2e89ae8c5 compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 patch: https://syzkaller.appspot.com/x/patch.diff?x=14b29782580000 Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] WARNING in xfrm_state_fini (3) 2025-07-29 11:09 ` Sabrina Dubroca 2025-07-29 18:47 ` syzbot @ 2025-08-28 11:06 ` Tetsuo Handa 2025-08-29 8:57 ` Sabrina Dubroca 1 sibling, 1 reply; 7+ messages in thread From: Tetsuo Handa @ 2025-08-28 11:06 UTC (permalink / raw) To: Sabrina Dubroca, Steffen Klassert Cc: syzbot, davem, edumazet, herbert, horms, kuba, linux-kernel, netdev, pabeni, syzkaller-bugs syzbot is still hitting this problem. Please check. On 2025/07/29 20:09, Sabrina Dubroca wrote: >> Hi Sabrina, your recent ipcomp patches seem to trigger this issue. >> At least reverting them make it go away. Can you please look >> into this? > > I haven't looked at the other reports yet, but this one seems to be a > stupid mistake in my revert patch. With these changes, the syzbot > repro stops splatting here: ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] WARNING in xfrm_state_fini (3) 2025-08-28 11:06 ` Tetsuo Handa @ 2025-08-29 8:57 ` Sabrina Dubroca 0 siblings, 0 replies; 7+ messages in thread From: Sabrina Dubroca @ 2025-08-29 8:57 UTC (permalink / raw) To: Tetsuo Handa Cc: Steffen Klassert, syzbot, davem, edumazet, herbert, horms, kuba, linux-kernel, netdev, pabeni, syzkaller-bugs 2025-08-28, 20:06:29 +0900, Tetsuo Handa wrote: > syzbot is still hitting this problem. Please check. Thanks for the ping. syzbot has found 2 different bugs that need separate fixes (but with the same symptoms, hitting that WARNING, and coming from the same patch series). I fixed one (syzbot confirmed the fix), I'm working on the other one now. > On 2025/07/29 20:09, Sabrina Dubroca wrote: > >> Hi Sabrina, your recent ipcomp patches seem to trigger this issue. > >> At least reverting them make it go away. Can you please look > >> into this? > > > > I haven't looked at the other reports yet, but this one seems to be a > > stupid mistake in my revert patch. With these changes, the syzbot > > repro stops splatting here: -- Sabrina ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [syzbot] [net?] WARNING in xfrm_state_fini (3) 2025-07-29 7:08 [syzbot] [net?] WARNING in xfrm_state_fini (3) syzbot 2025-07-29 11:01 ` Steffen Klassert @ 2025-08-01 0:54 ` syzbot 1 sibling, 0 replies; 7+ messages in thread From: syzbot @ 2025-08-01 0:54 UTC (permalink / raw) To: davem, dsahern, edumazet, hdanton, herbert, horms, kuba, linux-kernel, netdev, pabeni, sd, steffen.klassert, syzkaller-bugs syzbot has bisected this issue to: commit 2a198bbec6913ae1c90ec963750003c6213668c7 Author: Sabrina Dubroca <sd@queasysnail.net> Date: Fri Jul 4 14:54:34 2025 +0000 Revert "xfrm: destroy xfrm_state synchronously on net exit path" bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1714d2a2580000 start commit: 038d61fd6422 Linux 6.16 git tree: upstream final oops: https://syzkaller.appspot.com/x/report.txt?x=1494d2a2580000 console output: https://syzkaller.appspot.com/x/log.txt?x=1094d2a2580000 kernel config: https://syzkaller.appspot.com/x/.config?x=4066f1c76cfbc4fe dashboard link: https://syzkaller.appspot.com/bug?extid=6641a61fe0e2e89ae8c5 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16ca1782580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=140194a2580000 Reported-by: syzbot+6641a61fe0e2e89ae8c5@syzkaller.appspotmail.com Fixes: 2a198bbec691 ("Revert "xfrm: destroy xfrm_state synchronously on net exit path"") For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-08-29 8:57 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-07-29 7:08 [syzbot] [net?] WARNING in xfrm_state_fini (3) syzbot 2025-07-29 11:01 ` Steffen Klassert 2025-07-29 11:09 ` Sabrina Dubroca 2025-07-29 18:47 ` syzbot 2025-08-28 11:06 ` Tetsuo Handa 2025-08-29 8:57 ` Sabrina Dubroca 2025-08-01 0:54 ` syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).