panic: Assertion in_epoch(net_epoch_preempt) failed at /syzkaller/managers/main/kernel/sys/net/if.c:LINE

[syzbot]

Hello,

syzbot found the following crash on:

HEAD commit: 1c64917f Quickly plug another regression from r353292. Aga..
git tree: freebsd
console output: https://syzkaller.appspot.com/x/log.txt?x=141274b3600000
dashboard link: https://syzkaller.appspot.com/bug?extid=f68365b1e06521722984

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f68365...@syzkaller.appspotmail.com

login: panic: Assertion in_epoch(net_epoch_preempt) failed at
/syzkaller/managers/main/kernel/sys/net/if.c:3827
cpuid = 0
time = 1570557735
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x47/frame
0xfffffe0022bff5b0
vpanic() at vpanic+0x1e0/frame 0xfffffe0022bff610
panic() at panic+0x43/frame 0xfffffe0022bff670
if_setlladdr() at if_setlladdr+0x34c/frame 0xfffffe0022bff6e0
ifhwioctl() at ifhwioctl+0x9e0/frame 0xfffffe0022bff770
ifioctl() at ifioctl+0x4c2/frame 0xfffffe0022bff840
kern_ioctl() at kern_ioctl+0x465/frame 0xfffffe0022bff8b0
sys_ioctl() at sys_ioctl+0x267/frame 0xfffffe0022bff980
amd64_syscall() at amd64_syscall+0x477/frame 0xfffffe0022bffab0
fast_syscall_common() at fast_syscall_common+0x101/frame 0xfffffe0022bffab0
--- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x8004882ca, rsp =
0x7fffffffe428, rbp = 0x7fffffffe470 ---
KDB: enter: panic
[ thread pid 764 tid 100072 ]
Stopped at kdb_enter+0x6a: movq $0,kdb_why


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

[Mark Johnston]

#syz fix: Remove epoch assertion from if_setlladdr(). Originally this function was protected by IF_ADDR_LOCK(), which was a mutex, so that two simultaneous if_setlladdr() can't execute. Later it was switched to IF_ADDR_RLOCK(), likely by a mistake. Later it was switched to NET_EPOCH_ENTER(). Then I incorrectly added NET_EPOCH_ASSERT() here.

[syzbot]

This bug is marked as fixed by commit:

Remove epoch assertion from if_setlladdr(). Originally this function was
protected by IF_ADDR_LOCK(), which was a mutex, so that two simultaneous
if_setlladdr() can't execute. Later it was switched to IF_ADDR_RLOCK(),
likely by a mistake. Later it was switched to NET_EPOCH_ENTER(). Then I
incorrectly added NET_EPOCH_ASSERT() here.

But I can't find it in any tested tree for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and
new crashes with the same signature are ignored.

[syzbot]

[Andrew Turner]

#syz fix: Remove epoch assertion from if_setlladdr(). Originally this function was protected by IF_ADDR_LOCK(), which was a mutex, so that two simultaneous if_setlladdr() can't execute. Later it was switched to IF_ADDR_RLOCK(), likely by a mistake. Later it was switched to NET_EPOCH_ENTER(). Then I incorrectly added NET_EPOCH_ASSERT() here.

> --
> You received this message because you are subscribed to the Google Groups "syzkaller-freebsd-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-freebsd...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-freebsd-bugs/0000000000000da070059469fbc1%40google.com.
>