BUG: spinlock recursion in dev_mc_sync
6 views
Skip to first unread message
syzbot
Feb 13, 2020, 6:26:11 AM2/13/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: e0f8b8a6 Linux 4.14.170
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10d442e6e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=633dd9db249084f5
dashboard link: https://syzkaller.appspot.com/bug?extid=28e8c31710be09264aa9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+28e8c3...@syzkaller.appspotmail.com
BUG: spinlock recursion on CPU#0, syz-executor.1/12966
lock: 0xffff88805a9c5468, .magic: dead4ead, .owner: syz-executor.1/12966, .owner_cpu: 0
CPU: 0 PID: 12966 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
spin_dump.cold+0x56/0xa6 kernel/locking/spinlock_debug.c:67
spin_bug kernel/locking/spinlock_debug.c:75 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:84 [inline]
do_raw_spin_lock+0x1e3/0x240 kernel/locking/spinlock_debug.c:112
_raw_spin_lock_nested+0x3d/0x50 kernel/locking/spinlock.c:363
netif_addr_lock_nested include/linux/netdevice.h:3699 [inline]
dev_mc_sync+0x115/0x1d0 net/core/dev_addr_lists.c:765
vlan_dev_set_rx_mode+0x3f/0x80 net/8021q/vlan_dev.c:486
__dev_set_rx_mode+0x1a8/0x2b0 net/core/dev.c:6718
dev_uc_unsync net/core/dev_addr_lists.c:600 [inline]
dev_uc_unsync+0x181/0x1d0 net/core/dev_addr_lists.c:592
bond_hw_addr_flush+0x67/0xf0 drivers/net/bonding/bond_main.c:559
bond_enslave+0x1f1d/0x4c70 drivers/net/bonding/bond_main.c:1779
do_set_master net/core/rtnetlink.c:1961 [inline]
do_set_master+0x19f/0x200 net/core/rtnetlink.c:1936
rtnl_newlink+0x12ed/0x1700 net/core/rtnetlink.c:2756
rtnetlink_rcv_msg+0x3da/0xb70 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4327
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b3b9
RSP: 002b:00007f22028c7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f22028c86d4 RCX: 000000000045b3b9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009cb R14: 00000000004cb3dd R15: 000000000075bf2c
NOHZ: local_softirq_pending 08
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: e0f8b8a6 Linux 4.14.170
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10d442e6e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=633dd9db249084f5
dashboard link: https://syzkaller.appspot.com/bug?extid=28e8c31710be09264aa9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+28e8c3...@syzkaller.appspotmail.com
BUG: spinlock recursion on CPU#0, syz-executor.1/12966
lock: 0xffff88805a9c5468, .magic: dead4ead, .owner: syz-executor.1/12966, .owner_cpu: 0
CPU: 0 PID: 12966 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
spin_dump.cold+0x56/0xa6 kernel/locking/spinlock_debug.c:67
spin_bug kernel/locking/spinlock_debug.c:75 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:84 [inline]
do_raw_spin_lock+0x1e3/0x240 kernel/locking/spinlock_debug.c:112
_raw_spin_lock_nested+0x3d/0x50 kernel/locking/spinlock.c:363
netif_addr_lock_nested include/linux/netdevice.h:3699 [inline]
dev_mc_sync+0x115/0x1d0 net/core/dev_addr_lists.c:765
vlan_dev_set_rx_mode+0x3f/0x80 net/8021q/vlan_dev.c:486
__dev_set_rx_mode+0x1a8/0x2b0 net/core/dev.c:6718
dev_uc_unsync net/core/dev_addr_lists.c:600 [inline]
dev_uc_unsync+0x181/0x1d0 net/core/dev_addr_lists.c:592
bond_hw_addr_flush+0x67/0xf0 drivers/net/bonding/bond_main.c:559
bond_enslave+0x1f1d/0x4c70 drivers/net/bonding/bond_main.c:1779
do_set_master net/core/rtnetlink.c:1961 [inline]
do_set_master+0x19f/0x200 net/core/rtnetlink.c:1936
rtnl_newlink+0x12ed/0x1700 net/core/rtnetlink.c:2756
rtnetlink_rcv_msg+0x3da/0xb70 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4327
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b3b9
RSP: 002b:00007f22028c7c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f22028c86d4 RCX: 000000000045b3b9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009cb R14: 00000000004cb3dd R15: 000000000075bf2c
NOHZ: local_softirq_pending 08
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 13, 2020, 7:05:13 AM2/13/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: e0f8b8a6 Linux 4.14.170
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=152a96b5e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10662701e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+28e8c3...@syzkaller.appspotmail.com
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
BUG: spinlock recursion on CPU#1, syz-executor151/7401
lock: 0xffff8880906e5de8, .magic: dead4ead, .owner: syz-executor151/7401, .owner_cpu: 1
CPU: 1 PID: 7401 Comm: syz-executor151 Not tainted 4.14.170-syzkaller #0
RIP: 0033:0x4435a9
RSP: 002b:00007ffc0d24aca8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004435a9
R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000404930 R14: 0000000000000000 R15: 0000000000000000
HEAD commit: e0f8b8a6 Linux 4.14.170
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=633dd9db249084f5
dashboard link: https://syzkaller.appspot.com/bug?extid=28e8c31710be09264aa9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12f29701e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=28e8c31710be09264aa9
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10662701e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+28e8c3...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
BUG: spinlock recursion on CPU#1, syz-executor151/7401
lock: 0xffff8880906e5de8, .magic: dead4ead, .owner: syz-executor151/7401, .owner_cpu: 1
CPU: 1 PID: 7401 Comm: syz-executor151 Not tainted 4.14.170-syzkaller #0
RSP: 002b:00007ffc0d24aca8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004435a9
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000010
RBP: 0000000000000003 R08: 00000000bb1414ac R09: 00000000bb1414ac
R10: 00000000bb1414ac R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000404930 R14: 0000000000000000 R15: 0000000000000000
Reply all
Reply to author
Forward
0 new messages