BUG: spinlock recursion in dev_uc_sync
6 views
Skip to first unread message
syzbot
Apr 6, 2020, 11:16:14 PM4/6/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104ec43be00000
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=59bafe7e582794454bc4
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+59bafe...@syzkaller.appspotmail.com
TSC Offset = 0xffffff6555ae9ad7
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
EPT pointer = 0x0000000085d7401e
Virtual processor ID = 0x0001
FSBase=00007f1d4e99a700 GSBase=ffff8880aeb00000 TRBase=fffffe0000003000
BUG: spinlock recursion on CPU#0, syz-executor.0/7937
lock: 0xffff88805441cce8, .magic: dead4ead, .owner: syz-executor.0/7937, .owner_cpu: 0
CPU: 0 PID: 7937 Comm: syz-executor.0 Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
spin_bug kernel/locking/spinlock_debug.c:75 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:84 [inline]
do_raw_spin_lock+0x1cd/0x230 kernel/locking/spinlock_debug.c:112
netif_addr_lock_nested include/linux/netdevice.h:3699 [inline]
dev_uc_sync+0x10b/0x1c0 net/core/dev_addr_lists.c:544
macvlan_set_mac_lists+0x55/0x110 drivers/net/macvlan.c:804
__dev_set_rx_mode+0x191/0x2a0 net/core/dev.c:6718
dev_uc_unsync net/core/dev_addr_lists.c:600 [inline]
dev_uc_unsync+0x16c/0x1c0 net/core/dev_addr_lists.c:592
bond_hw_addr_flush+0x5c/0xe0 drivers/net/bonding/bond_main.c:559
bond_enslave+0x1e53/0x49e0 drivers/net/bonding/bond_main.c:1779
do_set_master net/core/rtnetlink.c:1961 [inline]
do_set_master+0x19e/0x200 net/core/rtnetlink.c:1936
rtnl_newlink+0x1319/0x1720 net/core/rtnetlink.c:2756
rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x620 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x733/0xbe0 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xc5/0x100 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c879
RSP: 002b:00007fc4cb5c8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fc4cb5c96d4 RCX: 000000000045c879
RDX: 0000000000000800 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009fc R14: 00000000004ccb5c R15: 000000000076bf0c
GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=00000000aa52e000 CR4=00000000001426e0
Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff866018a0
EFER = 0x0000000000000d01 PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000e2
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff6555bdf9db
EPT pointer = 0x000000008a4d301e
Virtual processor ID = 0x0002
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=104ec43be00000
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=59bafe7e582794454bc4
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+59bafe...@syzkaller.appspotmail.com
TSC Offset = 0xffffff6555ae9ad7
CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
EPT pointer = 0x0000000085d7401e
Virtual processor ID = 0x0001
FSBase=00007f1d4e99a700 GSBase=ffff8880aeb00000 TRBase=fffffe0000003000
BUG: spinlock recursion on CPU#0, syz-executor.0/7937
lock: 0xffff88805441cce8, .magic: dead4ead, .owner: syz-executor.0/7937, .owner_cpu: 0
CPU: 0 PID: 7937 Comm: syz-executor.0 Not tainted 4.14.175-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x13e/0x194 lib/dump_stack.c:58
spin_bug kernel/locking/spinlock_debug.c:75 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:84 [inline]
do_raw_spin_lock+0x1cd/0x230 kernel/locking/spinlock_debug.c:112
netif_addr_lock_nested include/linux/netdevice.h:3699 [inline]
dev_uc_sync+0x10b/0x1c0 net/core/dev_addr_lists.c:544
macvlan_set_mac_lists+0x55/0x110 drivers/net/macvlan.c:804
__dev_set_rx_mode+0x191/0x2a0 net/core/dev.c:6718
dev_uc_unsync net/core/dev_addr_lists.c:600 [inline]
dev_uc_unsync+0x16c/0x1c0 net/core/dev_addr_lists.c:592
bond_hw_addr_flush+0x5c/0xe0 drivers/net/bonding/bond_main.c:559
bond_enslave+0x1e53/0x49e0 drivers/net/bonding/bond_main.c:1779
do_set_master net/core/rtnetlink.c:1961 [inline]
do_set_master+0x19e/0x200 net/core/rtnetlink.c:1936
rtnl_newlink+0x1319/0x1720 net/core/rtnetlink.c:2756
rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4315
netlink_rcv_skb+0x127/0x370 net/netlink/af_netlink.c:2433
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x620 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x733/0xbe0 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xc5/0x100 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c879
RSP: 002b:00007fc4cb5c8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fc4cb5c96d4 RCX: 000000000045c879
RDX: 0000000000000800 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000009fc R14: 00000000004ccb5c R15: 000000000076bf0c
GDTBase=fffffe0000032000 IDTBase=fffffe0000000000
CR0=0000000080050033 CR3=00000000aa52e000 CR4=00000000001426e0
Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff866018a0
EFER = 0x0000000000000d01 PAT = 0x0407050600070106
*** Control State ***
PinBased=0000003f CPUBased=b6986dfa SecondaryExec=000000e2
EntryControls=0000d1ff ExitControls=002fefff
ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000000
reason=80000021 qualification=0000000000000000
IDTVectoring: info=00000000 errcode=00000000
TSC Offset = 0xffffff6555bdf9db
EPT pointer = 0x000000008a4d301e
Virtual processor ID = 0x0002
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 6, 2020, 11:34:14 PM4/6/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a22a57e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124ec43be00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+59bafe...@syzkaller.appspotmail.com
device bond0 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device macvlan0
BUG: spinlock recursion on CPU#0, syz-executor176/6332
lock: 0xffff8880a1608468, .magic: dead4ead, .owner: syz-executor176/6332, .owner_cpu: 0
CPU: 0 PID: 6332 Comm: syz-executor176 Not tainted 4.14.175-syzkaller #0
RIP: 0033:0x440729
RSP: 002b:00007ffd5bd21658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440729
R10: 000000000000000a R11: 0000000000000246 R12: 0000000000401fb0
R13: 0000000000402040 R14: 0000000000000000 R15: 0000000000000000
HEAD commit: 4520f06b Linux 4.14.175
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=93cf891381c0c347
dashboard link: https://syzkaller.appspot.com/bug?extid=59bafe7e582794454bc4
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=103ce1b3e00000
dashboard link: https://syzkaller.appspot.com/bug?extid=59bafe7e582794454bc4
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=124ec43be00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+59bafe...@syzkaller.appspotmail.com
8021q: adding VLAN 0 to HW filter on device macvlan0
BUG: spinlock recursion on CPU#0, syz-executor176/6332
lock: 0xffff8880a1608468, .magic: dead4ead, .owner: syz-executor176/6332, .owner_cpu: 0
CPU: 0 PID: 6332 Comm: syz-executor176 Not tainted 4.14.175-syzkaller #0
RSP: 002b:00007ffd5bd21658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440729
RDX: 0000000000000800 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 00000000006ca018 R08: 0000000000000004 R09: 00000000004002c8
R10: 000000000000000a R11: 0000000000000246 R12: 0000000000401fb0
R13: 0000000000402040 R14: 0000000000000000 R15: 0000000000000000
Reply all
Reply to author
Forward
0 new messages