[syzbot] kernel panic: kernel stack overflow
150 views
Skip to first unread message
syzbot
Oct 12, 2022, 3:48:38 AM10/12/22
to da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
Kernel panic - not syncing: kernel stack overflow
CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
panic+0x218/0x50c kernel/panic.c:274
nmi_panic+0xbc/0xf0 kernel/panic.c:169
panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
__bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
psi_sched_switch kernel/sched/stats.h:194 [inline]
__schedule+0x554/0x5a0 kernel/sched/core.c:6489
preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline]
__el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
lock_is_held include/linux/lockdep.h:283 [inline]
__might_resched+0x7c/0x218 kernel/sched/core.c:9854
__might_sleep+0x48/0x78 kernel/sched/core.c:9821
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc_node mm/slub.c:3162 [inline]
kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
__alloc_skb+0xf8/0x378 net/core/skbuff.c:422
alloc_skb include/linux/skbuff.h:1257 [inline]
nlmsg_new include/net/netlink.h:953 [inline]
genlmsg_new include/net/genetlink.h:410 [inline]
ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
ethnl_notify_features net/ethtool/netlink.c:715 [inline]
ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
do_set_master net/core/rtnetlink.c:2577 [inline]
do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
__rtnl_newlink net/core/rtnetlink.c:3546 [inline]
rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x1ac/0x228 net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
SMP: stopping secondary CPUs
Kernel Offset: disabled
CPU features: 0x00000,02070084,26017203
Memory Limit: none
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
Kernel panic - not syncing: kernel stack overflow
CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
panic+0x218/0x50c kernel/panic.c:274
nmi_panic+0xbc/0xf0 kernel/panic.c:169
panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
__bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
psi_sched_switch kernel/sched/stats.h:194 [inline]
__schedule+0x554/0x5a0 kernel/sched/core.c:6489
preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline]
__el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
lock_is_held include/linux/lockdep.h:283 [inline]
__might_resched+0x7c/0x218 kernel/sched/core.c:9854
__might_sleep+0x48/0x78 kernel/sched/core.c:9821
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc_node mm/slub.c:3162 [inline]
kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
__alloc_skb+0xf8/0x378 net/core/skbuff.c:422
alloc_skb include/linux/skbuff.h:1257 [inline]
nlmsg_new include/net/netlink.h:953 [inline]
genlmsg_new include/net/genetlink.h:410 [inline]
ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
ethnl_notify_features net/ethtool/netlink.c:715 [inline]
ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
do_set_master net/core/rtnetlink.c:2577 [inline]
do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
__rtnl_newlink net/core/rtnetlink.c:3546 [inline]
rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x1ac/0x228 net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
SMP: stopping secondary CPUs
Kernel Offset: disabled
CPU features: 0x00000,02070084,26017203
Memory Limit: none
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Dmitry Vyukov
Oct 12, 2022, 3:53:41 AM10/12/22
to syzbot, Jiří Pírko, da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
On Wed, 12 Oct 2022 at 09:48, syzbot
<syzbot+60748c...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> userspace arch: arm64
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
+Jiri
<syzbot+60748c...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> userspace arch: arm64
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
It looks like the issue is with the team device. It seems to call
itself infinitely.
team_device_event was mentioned in stack overflow bugs in the past:
https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c8900705ead19e41%40google.com.
Eric Dumazet
Oct 12, 2022, 8:20:04 AM10/12/22
to Dmitry Vyukov, Taehee Yoo, syzbot, Jiří Pírko, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov <dvy...@google.com> wrote:
>
> On Wed, 12 Oct 2022 at 09:48, syzbot
> <syzbot+60748c...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> > dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> > compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> > userspace arch: arm64
> >
> > Unfortunately, I don't have any reproducer for this issue yet.
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
>
> +Jiri
>
> It looks like the issue is with the team device. It seems to call
> itself infinitely.
> team_device_event was mentioned in stack overflow bugs in the past:
> https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>
Taehee Yoo, can you take a look ?
>
> On Wed, 12 Oct 2022 at 09:48, syzbot
> <syzbot+60748c...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> > dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> > compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> > userspace arch: arm64
> >
> > Unfortunately, I don't have any reproducer for this issue yet.
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
>
> +Jiri
>
> It looks like the issue is with the team device. It seems to call
> itself infinitely.
> team_device_event was mentioned in stack overflow bugs in the past:
> https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>
Patch series of yours was supposed to limit max nest level to 8
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
Jiri Pirko
Oct 12, 2022, 9:11:18 AM10/12/22
to Dmitry Vyukov, syzbot, da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Wed, Oct 12, 2022 at 09:53:27AM CEST, dvy...@google.com wrote:
>On Wed, 12 Oct 2022 at 09:48, syzbot
><syzbot+60748c...@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
>> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
>> userspace arch: arm64
>>
>> Unfortunately, I don't have any reproducer for this issue yet.
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
>
>+Jiri
>
>It looks like the issue is with the team device. It seems to call
>itself infinitely.
>team_device_event was mentioned in stack overflow bugs in the past:
>https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
Hi, do you have dmesg output available by any chance?
>On Wed, 12 Oct 2022 at 09:48, syzbot
><syzbot+60748c...@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
>> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
>> userspace arch: arm64
>>
>> Unfortunately, I don't have any reproducer for this issue yet.
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: syzbot+60748c...@syzkaller.appspotmail.com
>
>+Jiri
>
>It looks like the issue is with the team device. It seems to call
>itself infinitely.
>team_device_event was mentioned in stack overflow bugs in the past:
>https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
Thanks!
Dmitry Vyukov
Oct 12, 2022, 9:55:14 AM10/12/22
to Jiri Pirko, syzbot, da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
syzbot attaches dmesg output to every report under the "console output" link.
Jiri Pirko
Oct 12, 2022, 11:08:29 AM10/12/22
to Dmitry Vyukov, syzbot, da...@davemloft.net, edum...@google.com, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
there. Would it be possible to turn them on?
Eric Dumazet
Oct 12, 2022, 12:42:51 PM10/12/22
to Jiri Pirko, Dmitry Vyukov, syzbot, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
There is a nice stack trace [1] with file:number available
My guess was that for some reason the team driver does not enforce a
max nest level of 8 ?
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
[1]
Jiri Pirko
Oct 13, 2022, 3:11:11 AM10/13/22
to Eric Dumazet, Dmitry Vyukov, syzbot, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
processing. That could shed some light on if this is caused by lack of
nest level enforce or perhaps for some reason repetitive processing
of the same team-port netdevice couple in loop.
Eric Dumazet
Oct 13, 2022, 12:04:17 PM10/13/22
to Taehee Yoo, Dmitry Vyukov, syzbot, Jiří Pírko, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, Cong Wang
On Thu, Oct 13, 2022 at 8:00 AM Taehee Yoo <ap42...@gmail.com> wrote:
>
> Hi,
> I found a reproducer.
>
> #test_team.sh
> ip link add dummy0 type dummy
> ip link set dummy0 up
> for a1 in {0..1}
> do
> ip link add team$a1 type team
> for a2 in {0..1}
> do
> ip link add team$a1$a2 master team$a1 type team
> for a3 in {0..1}
> do
> ip link add team$a1$a2$a3 master team$a1$a2
> type team
> for a4 in {0..1}
> do
> ip link add team$a1$a2$a3$a4 master
> team$a1$a2$a3 type team
> for a5 in {0..1}
> do
> ip link add team$a1$a2$a3$a4$a5
> master team$a1$a2$a3$a4 type team
> for a6 in {0..1}
> do
> ip link add
> team$a1$a2$a3$a4$a5$a6 master team$a1$a2$a3$a4$a5 type team
> ip link add
> macvlan$a1$a2$a3$a4$a5$a6 link dummy0 master team$a1$a2$a3$a4$a5$a6 type
> macvlan
> ip link set
> macvlan$a1$a2$a3$a4$a5$a6 up
> ip link set
> team$a1$a2$a3$a4$a5$a6 up
> done
> ip link set team$a1$a2$a3$a4$a5 up
> done
> ip link set team$a1$a2$a3$a4 up
> done
> ip link set team$a1$a2$a3 up
> done
> ip link set team$a1$a2 up
> done
> ip link set team$a1 up
> done
>
> #test_ethtool.sh
> for a1 in {0..1}
> do
> ethtool -K team$a1 lro $1
> for a2 in {0..1}
> do
> ethtool -K team$a1$a2 lro $1
> for a3 in {0..1}
> do
> ethtool -K team$a1$a2$a3 lro $1
> for a4 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4 lro $1
> for a5 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4$a5
> lro $1
> for a6 in {0..1}
> do
> ethtool -K
> team$a1$a2$a3$a4$a5$a6 lro $1
> ethtool -K
> macvlan$a1$a2$a3$a4$a5$a6 lro $1
> done
> done
> done
> done
> done
> done
>
> shell#1
> bash test_team.sh
> while :
> do
> bash test_ethtool.sh on
> done
> shell#2
> while :
> do
> bash test_ethtool.sh off
> done
>
> We can see a very similar call trace with the above reproducer.
> I think it is the same issue.
Nice repro !
> Could you please test it?
Not sure who is supposed to test it :)
>
> And, I found the fixed same issue too.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
> https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
>
> Hi,
>
> #test_team.sh
> ip link add dummy0 type dummy
> ip link set dummy0 up
> for a1 in {0..1}
> do
> ip link add team$a1 type team
> for a2 in {0..1}
> do
> ip link add team$a1$a2 master team$a1 type team
> for a3 in {0..1}
> do
> ip link add team$a1$a2$a3 master team$a1$a2
> type team
> for a4 in {0..1}
> do
> ip link add team$a1$a2$a3$a4 master
> team$a1$a2$a3 type team
> for a5 in {0..1}
> do
> ip link add team$a1$a2$a3$a4$a5
> master team$a1$a2$a3$a4 type team
> for a6 in {0..1}
> do
> ip link add
> team$a1$a2$a3$a4$a5$a6 master team$a1$a2$a3$a4$a5 type team
> ip link add
> macvlan$a1$a2$a3$a4$a5$a6 link dummy0 master team$a1$a2$a3$a4$a5$a6 type
> macvlan
> ip link set
> macvlan$a1$a2$a3$a4$a5$a6 up
> ip link set
> team$a1$a2$a3$a4$a5$a6 up
> done
> ip link set team$a1$a2$a3$a4$a5 up
> done
> ip link set team$a1$a2$a3$a4 up
> done
> ip link set team$a1$a2$a3 up
> done
> ip link set team$a1$a2 up
> done
> ip link set team$a1 up
> done
>
> #test_ethtool.sh
> for a1 in {0..1}
> do
> ethtool -K team$a1 lro $1
> for a2 in {0..1}
> do
> ethtool -K team$a1$a2 lro $1
> for a3 in {0..1}
> do
> ethtool -K team$a1$a2$a3 lro $1
> for a4 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4 lro $1
> for a5 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4$a5
> lro $1
> for a6 in {0..1}
> do
> ethtool -K
> team$a1$a2$a3$a4$a5$a6 lro $1
> ethtool -K
> macvlan$a1$a2$a3$a4$a5$a6 lro $1
> done
> done
> done
> done
> done
> done
>
> shell#1
> bash test_team.sh
> while :
> do
> bash test_ethtool.sh on
> done
> shell#2
> while :
> do
> bash test_ethtool.sh off
> done
>
> We can see a very similar call trace with the above reproducer.
> I think it is the same issue.
Nice repro !
> Could you please test it?
Not sure who is supposed to test it :)
>
> And, I found the fixed same issue too.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
> https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
Taehee Yoo
Oct 21, 2022, 7:08:22 AM10/21/22
to Eric Dumazet, Dmitry Vyukov, syzbot, Jiří Pírko, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, Cong Wang
Hi,
2022. 10. 14. 오전 12:00에 Taehee Yoo 이(가) 쓴 글:
This is simpler reproducer.
ip link add team0 type team
ethtool -K team0 lro on
for i in {1..100}
do
ip link add team$i master team0 type team
ethtool -K team$i lro on
done
ethtool -K team0 lro off
The above graph is like below:
team0
|
+------+------+-----+-----+
| | | | |
team1 team2 team3 ... team100
int __netdev_update_features(struct net_device *dev)
{
struct net_device *upper, *lower;
netdev_features_t features;
struct list_head *iter;
int err = -1;
...
sync_lower:
/* some features must be disabled on lower devices when disabled
* on an upper device (think: bonding master or bridge)
*/
netdev_for_each_lower_dev(dev, lower, iter)
netdev_sync_lower_features(dev, lower, features);
...
static void netdev_sync_lower_features(struct net_device *upper,
struct net_device *lower, netdev_features_t features)
{
netdev_features_t upper_disables = NETIF_F_UPPER_DISABLES;
netdev_features_t feature;
int feature_bit;
for_each_netdev_feature(upper_disables, feature_bit) {
feature = __NETIF_F_BIT(feature_bit);
if (!(features & feature) && (lower->features & feature)) {
netdev_dbg(upper, "Disabling feature %pNF on
lower dev %s.\n",
&feature, lower->name);
lower->wanted_features &= ~feature;
__netdev_update_features(lower);
if (unlikely(lower->features & feature))
netdev_WARN(upper, "failed to disable
%pNF on %s!\n",
&feature, lower->name);
else
netdev_features_change(lower);<-----HERE
}
}
}
void netdev_features_change(struct net_device *dev)
{
call_netdevice_notifiers(NETDEV_FEAT_CHANGE, dev);
}
The code looks like an iterator.
But it would work recursively because of notification.
When team0's feature(LRO) is changed with <ethtool -K team0 lro off>",
__netdev_update_features(team0) is called.
__netdev_update_features(team0) internally sends NETDEV_FEAT_CHANGE
event to all lower interfaces(team1, team2, ... team100).
team1 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
to the upper interface(team0).
team0 will receive NETDEV_FEAT_CHANGE again, and it sends
NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
(At this point, team1 flag was already set, so it will be skipped.)
team2 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
to the upper interface(team0).
team0 will receive NETDEV_FEAT_CHANGE again again, and it sends
NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
(team1, team2 skipped.)
...
So, if there are a few lower interfaces(roughly under 30 lower
interfaces), it anyway works even if internally works recursively.
But so many lower interfaces exist, stack overflow will occur.
This is the root cause of this issue.
I think synchronization direction should be one way.
Up or Down.
It means that if the team0 interface can send the NETDEV_FEAT_CHANGE
notification event to the lower interface,
the lower interfaces should be disallowed to send NETDEV_FEAT_CHANGE
event to the upper interface.
bonding has same issue.
2022. 10. 14. 오전 12:00에 Taehee Yoo 이(가) 쓴 글:
> Hi,
>
> On 10/12/22 21:19, Eric Dumazet wrote:
>
> On 10/12/22 21:19, Eric Dumazet wrote:
> Could you please test it?
>
>
> And, I found the fixed same issue too.
>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
>
> https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
>
I found the root cause of this issue.
>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
>
> https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
>
This is simpler reproducer.
ip link add team0 type team
ethtool -K team0 lro on
for i in {1..100}
do
ip link add team$i master team0 type team
ethtool -K team$i lro on
done
ethtool -K team0 lro off
The above graph is like below:
team0
|
+------+------+-----+-----+
| | | | |
team1 team2 team3 ... team100
int __netdev_update_features(struct net_device *dev)
{
struct net_device *upper, *lower;
netdev_features_t features;
struct list_head *iter;
int err = -1;
...
sync_lower:
/* some features must be disabled on lower devices when disabled
* on an upper device (think: bonding master or bridge)
*/
netdev_for_each_lower_dev(dev, lower, iter)
netdev_sync_lower_features(dev, lower, features);
...
static void netdev_sync_lower_features(struct net_device *upper,
struct net_device *lower, netdev_features_t features)
{
netdev_features_t upper_disables = NETIF_F_UPPER_DISABLES;
netdev_features_t feature;
int feature_bit;
for_each_netdev_feature(upper_disables, feature_bit) {
feature = __NETIF_F_BIT(feature_bit);
if (!(features & feature) && (lower->features & feature)) {
netdev_dbg(upper, "Disabling feature %pNF on
lower dev %s.\n",
&feature, lower->name);
lower->wanted_features &= ~feature;
__netdev_update_features(lower);
if (unlikely(lower->features & feature))
netdev_WARN(upper, "failed to disable
%pNF on %s!\n",
&feature, lower->name);
else
netdev_features_change(lower);<-----HERE
}
}
}
void netdev_features_change(struct net_device *dev)
{
call_netdevice_notifiers(NETDEV_FEAT_CHANGE, dev);
}
The code looks like an iterator.
But it would work recursively because of notification.
When team0's feature(LRO) is changed with <ethtool -K team0 lro off>",
__netdev_update_features(team0) is called.
__netdev_update_features(team0) internally sends NETDEV_FEAT_CHANGE
event to all lower interfaces(team1, team2, ... team100).
team1 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
to the upper interface(team0).
team0 will receive NETDEV_FEAT_CHANGE again, and it sends
NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
(At this point, team1 flag was already set, so it will be skipped.)
team2 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
to the upper interface(team0).
team0 will receive NETDEV_FEAT_CHANGE again again, and it sends
NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
(team1, team2 skipped.)
...
So, if there are a few lower interfaces(roughly under 30 lower
interfaces), it anyway works even if internally works recursively.
But so many lower interfaces exist, stack overflow will occur.
This is the root cause of this issue.
I think synchronization direction should be one way.
Up or Down.
It means that if the team0 interface can send the NETDEV_FEAT_CHANGE
notification event to the lower interface,
the lower interfaces should be disallowed to send NETDEV_FEAT_CHANGE
event to the upper interface.
bonding has same issue.
syzbot
Feb 4, 2023, 6:52:38 PM2/4/23
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
wangyufen
Apr 7, 2023, 3:28:10 AM4/7/23
to Taehee Yoo, Eric Dumazet, Dmitry Vyukov, Jarod Wilson, syzbot, Jiří Pírko, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, Cong Wang
5.10 version of the bonding.
Taehee Yoo
Apr 7, 2023, 4:31:45 AM4/7/23
to wangyufen, Eric Dumazet, Dmitry Vyukov, Jarod Wilson, syzbot, Jiří Pírko, da...@davemloft.net, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, Cong Wang
Hi wangyufen,
It is not fixed, I will fix it.
I found the problem of this issue, but I couldn't find a good solution yet.
I think It would need relatively much time for fixing it.
Thanks!
Taehee Yoo
I found the problem of this issue, but I couldn't find a good solution yet.
I think It would need relatively much time for fixing it.
Thanks!
Taehee Yoo
Reply all
Reply to author
Forward
0 new messages