possible deadlock in rtnl_lock (5)
44 views
Skip to first unread message
syzbot
Mar 27, 2018, 7:16:01 AM3/27/18
to christia...@ubuntu.com, dan...@iogearbox.net, da...@davemloft.net, dsa...@gmail.com, f...@strlen.de, jakub.k...@netronome.com, jb...@redhat.com, linux-...@vger.kernel.org, lucie...@gmail.com, net...@vger.kernel.org, syzkall...@googlegroups.com, vyas...@gmail.com
Hello,
syzbot hit the following crash on upstream commit
3eb2ce825ea1ad89d20f7a3b5780df850e4be274 (Sun Mar 25 22:44:30 2018 +0000)
Linux 4.16-rc7
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=a46d6abf9d56b1365a72
So far this crash happened 27 times on net-next, upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=6524202618191872
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=5383267238805504
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5136472378179584
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-8440362230543204781
compiler: gcc (GCC) 7.1.1 20170620
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a46d6a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
============================================
IPVS: stopping backup sync thread 4500 ...
WARNING: possible recursive locking detected
4.16.0-rc7+ #3 Not tainted
--------------------------------------------
syzkaller688027/4497 is trying to acquire lock:
(rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
but task is already holding lock:
IPVS: stopping backup sync thread 4495 ...
(rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(rtnl_mutex);
lock(rtnl_mutex);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syzkaller688027/4497:
#0: (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
#1: (ipvs->sync_mutex){+.+.}, at: [<00000000703f78e3>]
do_ip_vs_set_ctl+0x10f8/0x1cc0 net/netfilter/ipvs/ip_vs_ctl.c:2388
stack backtrace:
CPU: 1 PID: 4497 Comm: syzkaller688027 Not tainted 4.16.0-rc7+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x24d lib/dump_stack.c:53
print_deadlock_bug kernel/locking/lockdep.c:1761 [inline]
check_deadlock kernel/locking/lockdep.c:1805 [inline]
validate_chain kernel/locking/lockdep.c:2401 [inline]
__lock_acquire+0xe8f/0x3e00 kernel/locking/lockdep.c:3431
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
ip_mc_drop_socket+0x88/0x230 net/ipv4/igmp.c:2643
inet_release+0x4e/0x1c0 net/ipv4/af_inet.c:413
sock_release+0x8d/0x1e0 net/socket.c:595
start_sync_thread+0x2213/0x2b70 net/netfilter/ipvs/ip_vs_sync.c:1924
do_ip_vs_set_ctl+0x1139/0x1cc0 net/netfilter/ipvs/ip_vs_ctl.c:2389
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1261
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2406
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x446a69
RSP: 002b:00007fa1c3a64da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000446a69
RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00000000006e29fc R08: 0000000000000018 R09: 0000000000000000
R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000006e29f8
R13: 00676e697279656b R14: 00007fa1c3a659c0 R15: 00000000006e2b60
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
syzbot hit the following crash on upstream commit
3eb2ce825ea1ad89d20f7a3b5780df850e4be274 (Sun Mar 25 22:44:30 2018 +0000)
Linux 4.16-rc7
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=a46d6abf9d56b1365a72
So far this crash happened 27 times on net-next, upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=6524202618191872
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=5383267238805504
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5136472378179584
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-8440362230543204781
compiler: gcc (GCC) 7.1.1 20170620
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a46d6a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
============================================
IPVS: stopping backup sync thread 4500 ...
WARNING: possible recursive locking detected
4.16.0-rc7+ #3 Not tainted
--------------------------------------------
syzkaller688027/4497 is trying to acquire lock:
(rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
but task is already holding lock:
IPVS: stopping backup sync thread 4495 ...
(rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(rtnl_mutex);
lock(rtnl_mutex);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syzkaller688027/4497:
#0: (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
#1: (ipvs->sync_mutex){+.+.}, at: [<00000000703f78e3>]
do_ip_vs_set_ctl+0x10f8/0x1cc0 net/netfilter/ipvs/ip_vs_ctl.c:2388
stack backtrace:
CPU: 1 PID: 4497 Comm: syzkaller688027 Not tainted 4.16.0-rc7+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x24d lib/dump_stack.c:53
print_deadlock_bug kernel/locking/lockdep.c:1761 [inline]
check_deadlock kernel/locking/lockdep.c:1805 [inline]
validate_chain kernel/locking/lockdep.c:2401 [inline]
__lock_acquire+0xe8f/0x3e00 kernel/locking/lockdep.c:3431
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
ip_mc_drop_socket+0x88/0x230 net/ipv4/igmp.c:2643
inet_release+0x4e/0x1c0 net/ipv4/af_inet.c:413
sock_release+0x8d/0x1e0 net/socket.c:595
start_sync_thread+0x2213/0x2b70 net/netfilter/ipvs/ip_vs_sync.c:1924
do_ip_vs_set_ctl+0x1139/0x1cc0 net/netfilter/ipvs/ip_vs_ctl.c:2389
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1261
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2406
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
SYSC_setsockopt net/socket.c:1849 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1828
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x446a69
RSP: 002b:00007fa1c3a64da8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000446a69
RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00000000006e29fc R08: 0000000000000018 R09: 0000000000000000
R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000006e29f8
R13: 00676e697279656b R14: 00007fa1c3a659c0 R15: 00000000006e2b60
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
If you want to test a patch for this bug, please reply with:
#syz test: git://repo/address.git branch
and provide the patch inline or as an attachment.
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
Florian Westphal
Mar 27, 2018, 7:50:03 AM3/27/18
to syzbot, net...@vger.kernel.org, syzkall...@googlegroups.com, j...@ssi.bg
syzbot <syzbot+a46d6a...@syzkaller.appspotmail.com> wrote:
[ cc Julian and trimming cc list ]
> syzkaller688027/4497 is trying to acquire lock:
> (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
> net/core/rtnetlink.c:74
> but task is already holding lock:
> IPVS: stopping backup sync thread 4495 ...
> (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
> net/core/rtnetlink.c:74
>
> other info that might help us debug this:
> Possible unsafe locking scenario:
>
> CPU0
> ----
> lock(rtnl_mutex);
> lock(rtnl_mutex);
>
> *** DEADLOCK ***
>
> May be due to missing lock nesting notation
Looks like this is real, commit e0b26cc997d57305b4097711e12e13992580ae34
("ipvs: call rtnl_lock early") added rtnl_lock when starting sync thread
but socket close invokes rtnl_lock too:
> stack backtrace:
[ cc Julian and trimming cc list ]
> syzkaller688027/4497 is trying to acquire lock:
> (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
> net/core/rtnetlink.c:74
> but task is already holding lock:
> IPVS: stopping backup sync thread 4495 ...
> (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
> net/core/rtnetlink.c:74
>
> other info that might help us debug this:
> Possible unsafe locking scenario:
>
> CPU0
> ----
> lock(rtnl_mutex);
> lock(rtnl_mutex);
>
> *** DEADLOCK ***
>
> May be due to missing lock nesting notation
("ipvs: call rtnl_lock early") added rtnl_lock when starting sync thread
but socket close invokes rtnl_lock too:
> stack backtrace:
Julian Anastasov
Mar 27, 2018, 3:52:38 PM3/27/18
to Florian Westphal, syzbot, net...@vger.kernel.org, lvs-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
On Tue, 27 Mar 2018, Florian Westphal wrote:
> syzbot <syzbot+a46d6a...@syzkaller.appspotmail.com> wrote:
> [ cc Julian and trimming cc list ]
>
> > syzkaller688027/4497 is trying to acquire lock:
> > (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
> > net/core/rtnetlink.c:74
>
> > but task is already holding lock:
> > IPVS: stopping backup sync thread 4495 ...
> > (rtnl_mutex){+.+.}, at: [<00000000bb14d7fb>] rtnl_lock+0x17/0x20
> > net/core/rtnetlink.c:74
> >
> > other info that might help us debug this:
> > Possible unsafe locking scenario:
> >
> > CPU0
> > ----
> > lock(rtnl_mutex);
> > lock(rtnl_mutex);
> >
> > *** DEADLOCK ***
> >
> > May be due to missing lock nesting notation
>
> Looks like this is real, commit e0b26cc997d57305b4097711e12e13992580ae34
> ("ipvs: call rtnl_lock early") added rtnl_lock when starting sync thread
> but socket close invokes rtnl_lock too:
start_sync_thread and to split make_{send,receive}_sock
to {make,setup}_{send,receive}_sock ...
> > stack backtrace:
> > rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
> > ip_mc_drop_socket+0x88/0x230 net/ipv4/igmp.c:2643
> > inet_release+0x4e/0x1c0 net/ipv4/af_inet.c:413
> > sock_release+0x8d/0x1e0 net/socket.c:595
> > start_sync_thread+0x2213/0x2b70 net/netfilter/ipvs/ip_vs_sync.c:1924
> > do_ip_vs_set_ctl+0x1139/0x1cc0 net/netfilter/ipvs/ip_vs_ctl.c:2389
--
Julian Anastasov <j...@ssi.bg>
Dmitry Vyukov
Mar 28, 2018, 1:56:52 AM3/28/18
to Julian Anastasov, Florian Westphal, syzbot, netdev, lvs-...@vger.kernel.org, syzkall...@googlegroups.com
Please keep the Reported-by notice, and reproducer will probably be useful too:
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a46d6a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for details.
If you forward the report, please keep this part and the footer.
syzbot hit the following crash on upstream commit
3eb2ce825ea1ad89d20f7a3b5780df850e4be274 (Sun Mar 25 22:44:30 2018 +0000)
Linux 4.16-rc7
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=a46d6abf9d56b1365a72
So far this crash happened 27 times on net-next, upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=6524202618191872
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=5383267238805504
Raw console output: https://syzkaller.appspot.com/x/log.txt?id=5136472378179584
Kernel config: https://syzkaller.appspot.com/x/.config?id=-8440362230543204781
compiler: gcc (GCC) 7.1.1 20170620
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/alpine.LFD.2.20.1803272227370.3460%40ja.home.ssi.bg.
> For more options, visit https://groups.google.com/d/optout.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+a46d6a...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for details.
If you forward the report, please keep this part and the footer.
syzbot hit the following crash on upstream commit
3eb2ce825ea1ad89d20f7a3b5780df850e4be274 (Sun Mar 25 22:44:30 2018 +0000)
Linux 4.16-rc7
syzbot dashboard link:
https://syzkaller.appspot.com/bug?extid=a46d6abf9d56b1365a72
So far this crash happened 27 times on net-next, upstream.
C reproducer: https://syzkaller.appspot.com/x/repro.c?id=6524202618191872
syzkaller reproducer:
https://syzkaller.appspot.com/x/repro.syz?id=5383267238805504
Raw console output: https://syzkaller.appspot.com/x/log.txt?id=5136472378179584
Kernel config: https://syzkaller.appspot.com/x/.config?id=-8440362230543204781
compiler: gcc (GCC) 7.1.1 20170620
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/alpine.LFD.2.20.1803272227370.3460%40ja.home.ssi.bg.
> For more options, visit https://groups.google.com/d/optout.
syzbot
Mar 28, 2018, 5:38:02 PM3/28/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
possible deadlock in rtnl_lock
IPVS: stopping backup sync thread 4762 ...
IPVS: stopping backup sync thread 4767 ...
IPVS: stopping backup sync thread 4771 ...
======================================================
WARNING: possible circular locking dependency detected
4.16.0-rc6+ #76 Not tainted
------------------------------------------------------
syz-executor/4753 is trying to acquire lock:
(rtnl_mutex){+.+.}, at: [<00000000e9304478>] rtnl_lock+0x17/0x20
start_sync_thread+0x141/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1774
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (ipvs->sync_mutex){+.+.}:
do_ip_vs_set_ctl+0x111c/0x1c90 net/netfilter/ipvs/ip_vs_ctl.c:2387
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2400
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:3039
SYSC_setsockopt net/socket.c:1850 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1829
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #0 (rtnl_mutex){+.+.}:
start_sync_thread+0x1f6c/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1911
do_ip_vs_set_ctl+0x111c/0x1c90 net/netfilter/ipvs/ip_vs_ctl.c:2387
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2400
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:3039
SYSC_setsockopt net/socket.c:1850 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1829
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(ipvs->sync_mutex);
lock(rtnl_mutex);
lock(ipvs->sync_mutex);
lock(rtnl_mutex);
*** DEADLOCK ***
1 lock held by syz-executor/4753:
#0: (ipvs->sync_mutex){+.+.}, at: [<00000000b1eae02f>]
start_sync_thread+0x141/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1774
stack backtrace:
CPU: 1 PID: 4753 Comm: syz-executor Not tainted 4.16.0-rc6+ #76
check_prev_add kernel/locking/lockdep.c:1863 [inline]
check_prevs_add kernel/locking/lockdep.c:1976 [inline]
validate_chain kernel/locking/lockdep.c:2417 [inline]
__lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431
start_sync_thread+0x1f6c/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1911
do_ip_vs_set_ctl+0x111c/0x1c90 net/netfilter/ipvs/ip_vs_ctl.c:2387
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2400
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:3039
SYSC_setsockopt net/socket.c:1850 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1829
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x454879
RSP: 002b:00007f738259ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f738259b6d4 RCX: 0000000000454879
RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000004
RBP: 000000000072bea0 R08: 0000000000000018 R09: 0000000000000000
R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000051a R14: 00000000006f9b10 R15: 0000000000000000
IPVS: stopping backup sync thread 4780 ...
IPVS: stopping backup sync thread 4785 ...
IPVS: stopping backup sync thread 4789 ...
IPVS: stopping backup sync thread 4793 ...
IPVS: stopping backup sync thread 4799 ...
IPVS: stopping backup sync thread 4806 ...
IPVS: stopping backup sync thread 4814 ...
IPVS: stopping backup sync thread 4833 ...
IPVS: stopping backup sync thread 4837 ...
IPVS: stopping backup sync thread 4840 ...
IPVS: stopping backup sync thread 4852 ...
IPVS: stopping backup sync thread 4862 ...
IPVS: stopping backup sync thread 4867 ...
IPVS: stopping backup sync thread 4872 ...
IPVS: stopping backup sync thread 4876 ...
IPVS: stopping backup sync thread 4893 ...
IPVS: stopping backup sync thread 4902 ...
IPVS: stopping backup sync thread 4917 ...
IPVS: stopping backup sync thread 4927 ...
IPVS: stopping backup sync thread 4934 ...
IPVS: stopping backup sync thread 4942 ...
IPVS: stopping backup sync thread 4949 ...
IPVS: stopping backup sync thread 4962 ...
IPVS: stopping backup sync thread 4973 ...
IPVS: stopping backup sync thread 4952 ...
IPVS: stopping backup sync thread 4980 ...
IPVS: stopping backup sync thread 4990 ...
IPVS: stopping backup sync thread 4996 ...
IPVS: stopping backup sync thread 5003 ...
IPVS: stopping backup sync thread 4998 ...
IPVS: stopping backup sync thread 5013 ...
IPVS: stopping backup sync thread 5018 ...
IPVS: stopping backup sync thread 5033 ...
IPVS: stopping backup sync thread 5052 ...
IPVS: stopping backup sync thread 5073 ...
Tested on net-next commit
5d22d47b9ed96eddb35821dc2cc4f629f45827f7 (Tue Mar 27 17:33:21 2018 +0000)
Merge branch 'sfc-filter-locking'
compiler: gcc (GCC) 7.1.1 20170620
Patch: https://syzkaller.appspot.com/x/patch.diff?id=5868717594378240
Kernel config:
https://syzkaller.appspot.com/x/.config?id=4372867303600475372
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5907429879447552
syzbot has tested the proposed patch but the reproducer still triggered
crash:
possible deadlock in rtnl_lock
IPVS: stopping backup sync thread 4762 ...
IPVS: stopping backup sync thread 4767 ...
IPVS: stopping backup sync thread 4771 ...
======================================================
WARNING: possible circular locking dependency detected
4.16.0-rc6+ #76 Not tainted
------------------------------------------------------
syz-executor/4753 is trying to acquire lock:
(rtnl_mutex){+.+.}, at: [<00000000e9304478>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74
but task is already holding lock:
(ipvs->sync_mutex){+.+.}, at: [<00000000b1eae02f>]
but task is already holding lock:
start_sync_thread+0x141/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1774
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (ipvs->sync_mutex){+.+.}:
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
start_sync_thread+0x141/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1774
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
do_ip_vs_set_ctl+0x111c/0x1c90 net/netfilter/ipvs/ip_vs_ctl.c:2387
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1253
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2400
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:3039
SYSC_setsockopt net/socket.c:1850 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1829
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #0 (rtnl_mutex){+.+.}:
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
ip_mc_drop_socket+0x88/0x230 net/ipv4/igmp.c:2643
inet_release+0x4e/0x1c0 net/ipv4/af_inet.c:413
sock_release+0x8d/0x1e0 net/socket.c:594
ip_mc_drop_socket+0x88/0x230 net/ipv4/igmp.c:2643
inet_release+0x4e/0x1c0 net/ipv4/af_inet.c:413
start_sync_thread+0x1f6c/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1911
do_ip_vs_set_ctl+0x111c/0x1c90 net/netfilter/ipvs/ip_vs_ctl.c:2387
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1253
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2400
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:3039
SYSC_setsockopt net/socket.c:1850 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1829
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
other info that might help us debug this:
Possible unsafe locking scenario:
---- ----
lock(ipvs->sync_mutex);
lock(rtnl_mutex);
lock(ipvs->sync_mutex);
lock(rtnl_mutex);
*** DEADLOCK ***
1 lock held by syz-executor/4753:
#0: (ipvs->sync_mutex){+.+.}, at: [<00000000b1eae02f>]
start_sync_thread+0x141/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1774
stack backtrace:
CPU: 1 PID: 4753 Comm: syz-executor Not tainted 4.16.0-rc6+ #76
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x24d lib/dump_stack.c:53
print_circular_bug.isra.38+0x2cd/0x2dc kernel/locking/lockdep.c:1223
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x24d lib/dump_stack.c:53
check_prev_add kernel/locking/lockdep.c:1863 [inline]
check_prevs_add kernel/locking/lockdep.c:1976 [inline]
validate_chain kernel/locking/lockdep.c:2417 [inline]
__lock_acquire+0x30a8/0x3e00 kernel/locking/lockdep.c:3431
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
rtnl_lock+0x17/0x20 net/core/rtnetlink.c:74
ip_mc_drop_socket+0x88/0x230 net/ipv4/igmp.c:2643
inet_release+0x4e/0x1c0 net/ipv4/af_inet.c:413
sock_release+0x8d/0x1e0 net/socket.c:594
ip_mc_drop_socket+0x88/0x230 net/ipv4/igmp.c:2643
inet_release+0x4e/0x1c0 net/ipv4/af_inet.c:413
start_sync_thread+0x1f6c/0x2b20 net/netfilter/ipvs/ip_vs_sync.c:1911
do_ip_vs_set_ctl+0x111c/0x1c90 net/netfilter/ipvs/ip_vs_ctl.c:2387
nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1253
nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2400
sock_common_setsockopt+0x95/0xd0 net/core/sock.c:3039
SYSC_setsockopt net/socket.c:1850 [inline]
SyS_setsockopt+0x189/0x360 net/socket.c:1829
do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x454879
RSP: 002b:00007f738259ac68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 00007f738259b6d4 RCX: 0000000000454879
RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000004
RBP: 000000000072bea0 R08: 0000000000000018 R09: 0000000000000000
R10: 00000000200000c0 R11: 0000000000000246 R12: 00000000ffffffff
R13: 000000000000051a R14: 00000000006f9b10 R15: 0000000000000000
IPVS: stopping backup sync thread 4780 ...
IPVS: stopping backup sync thread 4785 ...
IPVS: stopping backup sync thread 4789 ...
IPVS: stopping backup sync thread 4793 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4797 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4800 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4799 ...
IPVS: stopping backup sync thread 4806 ...
IPVS: stopping backup sync thread 4814 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4815 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4824 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4830 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4832 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4833 ...
IPVS: stopping backup sync thread 4837 ...
IPVS: stopping backup sync thread 4840 ...
IPVS: stopping backup sync thread 4852 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4857 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4863 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4862 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4871 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4867 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4866 ...
= 0
IPVS: stopping backup sync thread 4872 ...
IPVS: stopping backup sync thread 4876 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4886 ...
= 0
IPVS: stopping backup sync thread 4893 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4896 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4900 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4902 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4906 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4912 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4913 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4917 ...
IPVS: stopping backup sync thread 4927 ...
IPVS: stopping backup sync thread 4934 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4939 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4940 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4942 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4943 ...
= 0
IPVS: stopping backup sync thread 4949 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4956 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4962 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4965 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4971 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4973 ...
IPVS: stopping backup sync thread 4952 ...
IPVS: stopping backup sync thread 4980 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4983 ...
= 0
IPVS: stopping backup sync thread 4990 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4992 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4997 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 4996 ...
IPVS: stopping backup sync thread 5003 ...
IPVS: stopping backup sync thread 4998 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5011 ...
= 0
IPVS: stopping backup sync thread 5013 ...
IPVS: stopping backup sync thread 5018 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5024 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5028 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5030 ...
= 0
IPVS: stopping backup sync thread 5033 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5036 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5039 ...
= 0
IPVS: stopping backup sync thread 5052 ...
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5058 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5062 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5065 ...
= 0
IPVS: sync thread started: state = BACKUP, mcast_ifn = sit0, syncid = 0, id
= 0
IPVS: stopping backup sync thread 5061 ...
= 0
IPVS: stopping backup sync thread 5073 ...
Tested on net-next commit
5d22d47b9ed96eddb35821dc2cc4f629f45827f7 (Tue Mar 27 17:33:21 2018 +0000)
Merge branch 'sfc-filter-locking'
compiler: gcc (GCC) 7.1.1 20170620
Kernel config:
https://syzkaller.appspot.com/x/.config?id=4372867303600475372
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=5907429879447552
syzbot
Mar 28, 2018, 6:31:02 PM3/28/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
no output from test machine
syzbot has tested the proposed patch but the reproducer still triggered
crash:
Tested on net-next commit
5d22d47b9ed96eddb35821dc2cc4f629f45827f7 (Tue Mar 27 17:33:21 2018 +0000)
Merge branch 'sfc-filter-locking'
compiler: gcc (GCC) 7.1.1 20170620
https://syzkaller.appspot.com/x/log.txt?id=5422368621068288
syzbot
Mar 28, 2018, 6:51:10 PM3/28/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
no output from test machine
Tested on net-next commit
5d22d47b9ed96eddb35821dc2cc4f629f45827f7 (Tue Mar 27 17:33:21 2018 +0000)
Merge branch 'sfc-filter-locking'
compiler: gcc (GCC) 7.1.1 20170620
Patch: https://syzkaller.appspot.com/x/patch.diff?id=5383587616522240
syzbot has tested the proposed patch but the reproducer still triggered
crash:
no output from test machine
Tested on net-next commit
5d22d47b9ed96eddb35821dc2cc4f629f45827f7 (Tue Mar 27 17:33:21 2018 +0000)
Merge branch 'sfc-filter-locking'
compiler: gcc (GCC) 7.1.1 20170620
https://syzkaller.appspot.com/x/log.txt?id=5674029411205120
syzbot
Mar 29, 2018, 3:14:02 PM3/29/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer still triggered
crash:
no output from test machine
Tested on net-next commit
7ae665f132a62e67ccef1ef0994acba51abc2400 (Wed Mar 28 14:14:56 2018 +0000)
syzbot has tested the proposed patch but the reproducer still triggered
crash:
no output from test machine
Tested on net-next commit
sctp: fix unused lable warning
compiler: gcc (GCC) 7.1.1 20170620
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-1598198232060683632
Raw console output:
https://syzkaller.appspot.com/x/log.txt?id=6406608158457856
syzbot
Apr 1, 2018, 10:35:01 AM4/1/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on net-next commit
06b19fe9a6df7aaa423cd8404ebe5ac9ec4b2960 (Sun Apr 1 03:37:33 2018 +0000)
Merge branch 'chelsio-inline-tls'
compiler: gcc (GCC) 7.1.1 20170620
Patch: https://syzkaller.appspot.com/x/patch.diff?id=6397421089193984
Kernel config: https://syzkaller.appspot.com/x/.config?id=-37309782588693906
---
There is no WARRANTY for the result, to the extent permitted by applicable
law.
Except when otherwise stated in writing syzbot provides the result "AS IS"
without warranty of any kind, either expressed or implied, but not limited
to,
the implied warranties of merchantability and fittness for a particular
purpose.
The entire risk as to the quality of the result is with you. Should the
result
prove defective, you assume the cost of all necessary servicing, repair or
correction.
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on net-next commit
06b19fe9a6df7aaa423cd8404ebe5ac9ec4b2960 (Sun Apr 1 03:37:33 2018 +0000)
Merge branch 'chelsio-inline-tls'
compiler: gcc (GCC) 7.1.1 20170620
Kernel config: https://syzkaller.appspot.com/x/.config?id=-37309782588693906
---
There is no WARRANTY for the result, to the extent permitted by applicable
law.
Except when otherwise stated in writing syzbot provides the result "AS IS"
without warranty of any kind, either expressed or implied, but not limited
to,
the implied warranties of merchantability and fittness for a particular
purpose.
The entire risk as to the quality of the result is with you. Should the
result
prove defective, you assume the cost of all necessary servicing, repair or
correction.
syzbot
Apr 2, 2018, 5:00:02 PM4/2/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on net-next commit
159f02977b2feb18a4bece5e586c838a6d26d44b (Mon Apr 2 15:14:03 2018 +0000)
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on net-next commit
Merge branch 'net-mvneta-improve-suspend-resume'
compiler: gcc (GCC) 7.1.1 20170620
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-2829566955235999811
syzbot
Apr 4, 2018, 3:48:02 PM4/4/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but build/boot failed:
kernel build failed: failed to run /usr/bin/make [make bzImage -j 32
CC=/syzkaller/gcc/bin/gcc]: exit status 2
scripts/kconfig/conf --syncconfig Kconfig
SYSTBL arch/x86/include/generated/asm/syscalls_32.h
SYSHDR arch/x86/include/generated/asm/unistd_32_ia32.h
SYSHDR arch/x86/include/generated/uapi/asm/unistd_32.h
CHK include/config/kernel.release
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
DESCEND objtool
CC scripts/mod/empty.o
CC scripts/mod/devicetable-offsets.s
gcc: error: unrecognized command line option
‘-fsanitize-coverage=trace-cmp’; did you mean
‘-fsanitize-coverage=trace-pc’?
scripts/Makefile.build:312: recipe for target 'scripts/mod/empty.o' failed
make[2]: *** [scripts/mod/empty.o] Error 1
make[2]: *** Waiting for unfinished jobs....
gcc: error: unrecognized command line option
‘-fsanitize-coverage=trace-cmp’; did you mean
‘-fsanitize-coverage=trace-pc’?
scripts/Makefile.build:138: recipe for
target 'scripts/mod/devicetable-offsets.s' failed
make[2]: *** [scripts/mod/devicetable-offsets.s] Error 1
scripts/Makefile.build:546: recipe for target 'scripts/mod' failed
make[1]: *** [scripts/mod] Error 2
make[1]: *** Waiting for unfinished jobs....
Makefile:1073: recipe for target 'scripts' failed
make: *** [scripts] Error 2
make: *** Waiting for unfinished jobs....
CC /syzkaller/jobs/linux/kernel/tools/objtool/str_error_r.o
LD /syzkaller/jobs/linux/kernel/tools/objtool/objtool-in.o
LINK /syzkaller/jobs/linux/kernel/tools/objtool/objtool
Tested on net-next commit
17dec0a949153d9ac00760ba2f5b78cb583e995f (Wed Apr 4 02:15:32 2018 +0000)
Merge branch 'userns-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
compiler: gcc (GCC) 7.1.1 20170620
Patch: https://syzkaller.appspot.com/x/patch.diff?id=6711260255092736
syzbot tried to test the proposed patch but build/boot failed:
kernel build failed: failed to run /usr/bin/make [make bzImage -j 32
CC=/syzkaller/gcc/bin/gcc]: exit status 2
scripts/kconfig/conf --syncconfig Kconfig
SYSTBL arch/x86/include/generated/asm/syscalls_32.h
SYSHDR arch/x86/include/generated/asm/unistd_32_ia32.h
SYSHDR arch/x86/include/generated/uapi/asm/unistd_32.h
CHK include/config/kernel.release
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
DESCEND objtool
CC scripts/mod/empty.o
CC scripts/mod/devicetable-offsets.s
gcc: error: unrecognized command line option
‘-fsanitize-coverage=trace-cmp’; did you mean
‘-fsanitize-coverage=trace-pc’?
scripts/Makefile.build:312: recipe for target 'scripts/mod/empty.o' failed
make[2]: *** [scripts/mod/empty.o] Error 1
make[2]: *** Waiting for unfinished jobs....
gcc: error: unrecognized command line option
‘-fsanitize-coverage=trace-cmp’; did you mean
‘-fsanitize-coverage=trace-pc’?
scripts/Makefile.build:138: recipe for
target 'scripts/mod/devicetable-offsets.s' failed
make[2]: *** [scripts/mod/devicetable-offsets.s] Error 1
scripts/Makefile.build:546: recipe for target 'scripts/mod' failed
make[1]: *** [scripts/mod] Error 2
make[1]: *** Waiting for unfinished jobs....
Makefile:1073: recipe for target 'scripts' failed
make: *** [scripts] Error 2
make: *** Waiting for unfinished jobs....
CC /syzkaller/jobs/linux/kernel/tools/objtool/str_error_r.o
LD /syzkaller/jobs/linux/kernel/tools/objtool/objtool-in.o
LINK /syzkaller/jobs/linux/kernel/tools/objtool/objtool
Tested on net-next commit
17dec0a949153d9ac00760ba2f5b78cb583e995f (Wed Apr 4 02:15:32 2018 +0000)
Merge branch 'userns-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
compiler: gcc (GCC) 7.1.1 20170620
Dmitry Vyukov
Apr 5, 2018, 2:33:45 PM4/5/18
to syzbot, Julian Anastasov, syzkall...@googlegroups.com
There turned out to be some make problem, distclean healed it. Let's try again:
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
master
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git
master
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c6b8aa05690b19e4%40google.com.
> You received this message because you are subscribed to the Google Groups
> "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit
syzbot
Apr 5, 2018, 3:09:01 PM4/5/18
to dvy...@google.com, j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on
commit
17dec0a949153d9ac00760ba2f5b78cb583e995f (Wed Apr 4 02:15:32 2018 +0000)
Merge branch 'userns-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
compiler: gcc (GCC) 8.0.1 20180301 (experimental)
17dec0a949153d9ac00760ba2f5b78cb583e995f (Wed Apr 4 02:15:32 2018 +0000)
Merge branch 'userns-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Patch: https://syzkaller.appspot.com/x/patch.diff?id=5250851048259584
Kernel config:
https://syzkaller.appspot.com/x/.config?id=-7654691824488752904
syzbot
Apr 5, 2018, 3:57:02 PM4/5/18
to j...@ssi.bg, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
Tested on net-next commit
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+a46d6a...@syzkaller.appspotmail.com
Note: the tag will also help syzbot to understand when the bug is fixed.
17dec0a949153d9ac00760ba2f5b78cb583e995f (Wed Apr 4 02:15:32 2018 +0000)
Merge branch 'userns-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
compiler: gcc (GCC) 8.0.1 20180301 (experimental)
Patch: https://syzkaller.appspot.com/x/patch.diff?id=4694115174318080
Merge branch 'userns-linus' of
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
compiler: gcc (GCC) 8.0.1 20180301 (experimental)
Reply all
Reply to author
Forward
0 new messages