syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
bridge0: port 1(bond0) entered blocking state
bridge0: port 1(bond0) entered disabled state
device bridge0 entered promiscuous mode
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
4.19.211-syzkaller #0 Not tainted
-----------------------------------------------------
syz-executor.2/23741 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire:
000000009d7f8bd6 (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
and this task is already holding:
00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline]
00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: netif_addr_lock_bh include/linux/netdevice.h:4012 [inline]
00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: dev_uc_add+0x1f/0xb0 net/core/dev_addr_lists.c:492
which would create a new lock dependency:
(&bridge_netdev_addr_lock_key){+...} -> (&(&bond->stats_lock)->rlock#2/2){+.+.}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&(&mc->mca_lock)->rlock){+.-.}
... which became SOFTIRQ-irq-safe at:
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
mld_send_cr net/ipv6/mcast.c:1952 [inline]
mld_ifc_timer_expire+0x4a3/0xdf0 net/ipv6/mcast.c:2476
call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1696 [inline]
run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
__sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:97
rcu_lock_release include/linux/rcupdate.h:247 [inline]
rcu_read_unlock include/linux/rcupdate.h:681 [inline]
__d_lookup+0x3f9/0x710 fs/dcache.c:2310
lookup_fast+0x3a4/0x1080 fs/namei.c:1618
walk_component+0xde/0xda0 fs/namei.c:1807
link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142
link_path_walk fs/namei.c:2073 [inline]
path_openat+0x1db/0x2df0 fs/namei.c:3536
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
to a SOFTIRQ-irq-unsafe lock:
(&(&bond->stats_lock)->rlock#2/2){+.+.}
... which became SOFTIRQ-irq-unsafe at:
...
_raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061
rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176
rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663
rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357
rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline]
rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
netdev_features_change net/core/dev.c:1330 [inline]
netdev_change_features+0x7e/0xb0 net/core/dev.c:8490
bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116
bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780
do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321
do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455
rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077
rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
__sys_sendto+0x21a/0x320 net/socket.c:1899
__do_sys_sendto net/socket.c:1911 [inline]
__se_sys_sendto net/socket.c:1907 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
other info that might help us debug this:
Chain exists of:
&(&mc->mca_lock)->rlock --> &bridge_netdev_addr_lock_key --> &(&bond->stats_lock)->rlock#2/2
Possible interrupt unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&(&bond->stats_lock)->rlock#2/2);
local_irq_disable();
lock(&(&mc->mca_lock)->rlock);
lock(&bridge_netdev_addr_lock_key);
<Interrupt>
lock(&(&mc->mca_lock)->rlock);
*** DEADLOCK ***
2 locks held by syz-executor.2/23741:
#0: 00000000bf345e53 (rtnl_mutex){+.+.}, at: dev_ioctl+0x19d/0xc50 net/core/dev_ioctl.c:487
#1: 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline]
#1: 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: netif_addr_lock_bh include/linux/netdevice.h:4012 [inline]
#1: 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: dev_uc_add+0x1f/0xb0 net/core/dev_addr_lists.c:492
the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
-> (&(&mc->mca_lock)->rlock){+.-.} ops: 20290 {
HARDIRQ-ON-W at:
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
mld_del_delrec+0x452/0x6d0 net/ipv6/mcast.c:790
__ipv6_dev_mc_inc+0x720/0xa80 net/ipv6/mcast.c:934
ipv6_add_dev+0xadb/0x10b0 net/ipv6/addrconf.c:456
addrconf_init+0xe1/0x3a8 net/ipv6/addrconf.c:6785
inet6_init+0x349/0x6b3 net/ipv6/af_inet6.c:1019
do_one_initcall+0xf1/0x740 init/main.c:884
do_initcall_level init/main.c:952 [inline]
do_initcalls init/main.c:960 [inline]
do_basic_setup init/main.c:978 [inline]
kernel_init_freeable+0x9c5/0xab7 init/main.c:1145
VFS: could not find a valid V7 on loop1.
kernel_init+0xd/0x1ba init/main.c:1062
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
IN-SOFTIRQ-W at:
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
mld_send_cr net/ipv6/mcast.c:1952 [inline]
mld_ifc_timer_expire+0x4a3/0xdf0 net/ipv6/mcast.c:2476
call_timer_fn+0x177/0x700 kernel/time/timer.c:1338
expire_timers+0x243/0x4e0 kernel/time/timer.c:1375
__run_timers kernel/time/timer.c:1696 [inline]
run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
__sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:97
rcu_lock_release include/linux/rcupdate.h:247 [inline]
rcu_read_unlock include/linux/rcupdate.h:681 [inline]
__d_lookup+0x3f9/0x710 fs/dcache.c:2310
lookup_fast+0x3a4/0x1080 fs/namei.c:1618
walk_component+0xde/0xda0 fs/namei.c:1807
link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142
link_path_walk fs/namei.c:2073 [inline]
path_openat+0x1db/0x2df0 fs/namei.c:3536
do_filp_open+0x18c/0x3f0 fs/namei.c:3567
do_sys_open+0x3b3/0x520 fs/open.c:1085
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
INITIAL USE at:
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
mld_del_delrec+0x452/0x6d0 net/ipv6/mcast.c:790
__ipv6_dev_mc_inc+0x720/0xa80 net/ipv6/mcast.c:934
ipv6_add_dev+0xadb/0x10b0 net/ipv6/addrconf.c:456
addrconf_init+0xe1/0x3a8 net/ipv6/addrconf.c:6785
inet6_init+0x349/0x6b3 net/ipv6/af_inet6.c:1019
do_one_initcall+0xf1/0x740 init/main.c:884
do_initcall_level init/main.c:952 [inline]
do_initcalls init/main.c:960 [inline]
do_basic_setup init/main.c:978 [inline]
kernel_init_freeable+0x9c5/0xab7 init/main.c:1145
kernel_init+0xd/0x1ba init/main.c:1062
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
}
... key at: [<ffffffff8dd99dc0>] __key.7+0x0/0x40
... acquired at:
spin_lock_bh include/linux/spinlock.h:334 [inline]
netif_addr_lock_bh include/linux/netdevice.h:4012 [inline]
__dev_mc_add net/core/dev_addr_lists.c:669 [inline]
dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687
igmp6_group_added+0x4bc/0x5d0 net/ipv6/mcast.c:676
__ipv6_dev_mc_inc+0x728/0xa80 net/ipv6/mcast.c:935
ipv6_add_dev+0xaea/0x10b0 net/ipv6/addrconf.c:459
addrconf_notify+0x6a3/0x21f0 net/ipv6/addrconf.c:3447
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
register_netdevice+0xdd2/0x10f0 net/core/dev.c:8761
br_dev_newlink+0x23/0x110 net/bridge/br_netlink.c:1300
rtnl_newlink+0x1030/0x15c0 net/core/rtnetlink.c:3141
rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
__sys_sendto+0x21a/0x320 net/socket.c:1899
__do_sys_sendto net/socket.c:1911 [inline]
__se_sys_sendto net/socket.c:1907 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
-> (&bridge_netdev_addr_lock_key){+...} ops: 212 {
HARDIRQ-ON-W at:
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
netif_addr_lock_bh include/linux/netdevice.h:4012 [inline]
__dev_mc_add net/core/dev_addr_lists.c:669 [inline]
dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687
igmp6_group_added+0x4bc/0x5d0 net/ipv6/mcast.c:676
__ipv6_dev_mc_inc+0x728/0xa80 net/ipv6/mcast.c:935
ipv6_add_dev+0xaea/0x10b0 net/ipv6/addrconf.c:459
addrconf_notify+0x6a3/0x21f0 net/ipv6/addrconf.c:3447
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
register_netdevice+0xdd2/0x10f0 net/core/dev.c:8761
br_dev_newlink+0x23/0x110 net/bridge/br_netlink.c:1300
rtnl_newlink+0x1030/0x15c0 net/core/rtnetlink.c:3141
rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
__sys_sendto+0x21a/0x320 net/socket.c:1899
__do_sys_sendto net/socket.c:1911 [inline]
__se_sys_sendto net/socket.c:1907 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
INITIAL USE at:
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
netif_addr_lock_bh include/linux/netdevice.h:4012 [inline]
__dev_mc_add net/core/dev_addr_lists.c:669 [inline]
dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687
igmp6_group_added+0x4bc/0x5d0 net/ipv6/mcast.c:676
__ipv6_dev_mc_inc+0x728/0xa80 net/ipv6/mcast.c:935
ipv6_add_dev+0xaea/0x10b0 net/ipv6/addrconf.c:459
addrconf_notify+0x6a3/0x21f0 net/ipv6/addrconf.c:3447
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
register_netdevice+0xdd2/0x10f0 net/core/dev.c:8761
br_dev_newlink+0x23/0x110 net/bridge/br_netlink.c:1300
rtnl_newlink+0x1030/0x15c0 net/core/rtnetlink.c:3141
rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
__sys_sendto+0x21a/0x320 net/socket.c:1899
__do_sys_sendto net/socket.c:1911 [inline]
__se_sys_sendto net/socket.c:1907 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
}
... key at: [<ffffffff8dd9b0a0>] bridge_netdev_addr_lock_key+0x0/0x40
... acquired at:
_raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061
rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176
rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663
rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357
rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline]
rtmsg_ifinfo+0x83/0x120 net/core/rtnetlink.c:3398
__dev_notify_flags+0x226/0x2b0 net/core/dev.c:7713
__dev_set_promiscuity+0x197/0x210 net/core/dev.c:7490
dev_set_promiscuity+0x4f/0x100 net/core/dev.c:7510
br_port_set_promisc net/bridge/br_if.c:103 [inline]
br_manage_promisc+0x364/0x4e0 net/bridge/br_if.c:152
br_dev_change_rx_flags+0x37/0x40 net/bridge/br_device.c:182
dev_change_rx_flags net/core/dev.c:7443 [inline]
__dev_set_promiscuity.cold+0x2f1/0x35f net/core/dev.c:7487
__dev_set_rx_mode+0x257/0x2f0 net/core/dev.c:7592
dev_uc_add+0xa1/0xb0 net/core/dev_addr_lists.c:496
vlan_sync_address net/8021q/vlan.c:309 [inline]
vlan_device_event+0x1744/0x1e40 net/8021q/vlan.c:411
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers_info net/core/dev.c:1744 [inline]
call_netdevice_notifiers+0x99/0x110 net/core/dev.c:1762
br_add_if+0x16ba/0x1b60 net/bridge/br_if.c:687
add_del_if+0x106/0x140 net/bridge/br_ioctl.c:101
br_dev_ioctl+0xe9/0x160 net/bridge/br_ioctl.c:396
dev_ifsioc+0x256/0x8c0 net/core/dev_ioctl.c:322
dev_ioctl+0x1ab/0xc50 net/core/dev_ioctl.c:488
sock_do_ioctl+0x178/0x300 net/socket.c:1038
sock_ioctl+0x2ef/0x5d0 net/socket.c:1135
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
the dependencies between the lock to be acquired
and SOFTIRQ-irq-unsafe lock:
-> (&(&bond->stats_lock)->rlock#2/2){+.+.} ops: 75 {
HARDIRQ-ON-W at:
_raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061
rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176
rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663
rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357
rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline]
rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
netdev_features_change net/core/dev.c:1330 [inline]
netdev_change_features+0x7e/0xb0 net/core/dev.c:8490
bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116
bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780
do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321
do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455
rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077
rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
__sys_sendto+0x21a/0x320 net/socket.c:1899
__do_sys_sendto net/socket.c:1911 [inline]
__se_sys_sendto net/socket.c:1907 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
SOFTIRQ-ON-W at:
_raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061
rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176
rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663
rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357
rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline]
rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
netdev_features_change net/core/dev.c:1330 [inline]
netdev_change_features+0x7e/0xb0 net/core/dev.c:8490
bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116
bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780
do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321
do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455
rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077
rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
__sys_sendto+0x21a/0x320 net/socket.c:1899
__do_sys_sendto net/socket.c:1911 [inline]
__se_sys_sendto net/socket.c:1907 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
INITIAL USE at:
_raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061
rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176
rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663
rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357
rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline]
rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
netdev_features_change net/core/dev.c:1330 [inline]
netdev_change_features+0x7e/0xb0 net/core/dev.c:8490
bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116
bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780
do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321
do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455
rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077
rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463
netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351
netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917
sock_sendmsg_nosec net/socket.c:651 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:661
__sys_sendto+0x21a/0x320 net/socket.c:1899
__do_sys_sendto net/socket.c:1911 [inline]
__se_sys_sendto net/socket.c:1907 [inline]
__x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
}
... key at: [<ffffffff8dcd4062>] __key.13+0x2/0x40
... acquired at:
_raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061
rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176
rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663
rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357
rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline]
rtmsg_ifinfo+0x83/0x120 net/core/rtnetlink.c:3398
__dev_notify_flags+0x226/0x2b0 net/core/dev.c:7713
__dev_set_promiscuity+0x197/0x210 net/core/dev.c:7490
dev_set_promiscuity+0x4f/0x100 net/core/dev.c:7510
br_port_set_promisc net/bridge/br_if.c:103 [inline]
br_manage_promisc+0x364/0x4e0 net/bridge/br_if.c:152
br_dev_change_rx_flags+0x37/0x40 net/bridge/br_device.c:182
dev_change_rx_flags net/core/dev.c:7443 [inline]
__dev_set_promiscuity.cold+0x2f1/0x35f net/core/dev.c:7487
__dev_set_rx_mode+0x257/0x2f0 net/core/dev.c:7592
dev_uc_add+0xa1/0xb0 net/core/dev_addr_lists.c:496
vlan_sync_address net/8021q/vlan.c:309 [inline]
vlan_device_event+0x1744/0x1e40 net/8021q/vlan.c:411
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers_info net/core/dev.c:1744 [inline]
call_netdevice_notifiers+0x99/0x110 net/core/dev.c:1762
br_add_if+0x16ba/0x1b60 net/bridge/br_if.c:687
add_del_if+0x106/0x140 net/bridge/br_ioctl.c:101
br_dev_ioctl+0xe9/0x160 net/bridge/br_ioctl.c:396
dev_ifsioc+0x256/0x8c0 net/core/dev_ioctl.c:322
dev_ioctl+0x1ab/0xc50 net/core/dev_ioctl.c:488
sock_do_ioctl+0x178/0x300 net/socket.c:1038
sock_ioctl+0x2ef/0x5d0 net/socket.c:1135
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
stack backtrace:
CPU: 1 PID: 23741 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
print_bad_irq_dependency kernel/locking/lockdep.c:1573 [inline]
check_usage.cold+0x7ea/0xbad kernel/locking/lockdep.c:1605
check_irq_usage kernel/locking/lockdep.c:1661 [inline]
check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline]
check_prev_add kernel/locking/lockdep.c:1871 [inline]
check_prevs_add kernel/locking/lockdep.c:1979 [inline]
validate_chain kernel/locking/lockdep.c:2420 [inline]
__lock_acquire+0x1da1/0x3ff0 kernel/locking/lockdep.c:3416
lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
_raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492
dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061
rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176
rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663
rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357
rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline]
rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline]
rtmsg_ifinfo+0x83/0x120 net/core/rtnetlink.c:3398
__dev_notify_flags+0x226/0x2b0 net/core/dev.c:7713
__dev_set_promiscuity+0x197/0x210 net/core/dev.c:7490
dev_set_promiscuity+0x4f/0x100 net/core/dev.c:7510
br_port_set_promisc net/bridge/br_if.c:103 [inline]
br_manage_promisc+0x364/0x4e0 net/bridge/br_if.c:152
br_dev_change_rx_flags+0x37/0x40 net/bridge/br_device.c:182
dev_change_rx_flags net/core/dev.c:7443 [inline]
__dev_set_promiscuity.cold+0x2f1/0x35f net/core/dev.c:7487
__dev_set_rx_mode+0x257/0x2f0 net/core/dev.c:7592
dev_uc_add+0xa1/0xb0 net/core/dev_addr_lists.c:496
vlan_sync_address net/8021q/vlan.c:309 [inline]
vlan_device_event+0x1744/0x1e40 net/8021q/vlan.c:411
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers_info net/core/dev.c:1744 [inline]
call_netdevice_notifiers+0x99/0x110 net/core/dev.c:1762
br_add_if+0x16ba/0x1b60 net/bridge/br_if.c:687
add_del_if+0x106/0x140 net/bridge/br_ioctl.c:101
br_dev_ioctl+0xe9/0x160 net/bridge/br_ioctl.c:396
dev_ifsioc+0x256/0x8c0 net/core/dev_ioctl.c:322
dev_ioctl+0x1ab/0xc50 net/core/dev_ioctl.c:488
sock_do_ioctl+0x178/0x300 net/socket.c:1038
sock_ioctl+0x2ef/0x5d0 net/socket.c:1135
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688
ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7ff6bc61bae9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff6b9b91188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff6bc72ef60 RCX: 00007ff6bc61bae9
RDX: 0000000020000000 RSI: 00000000000089a2 RDI: 000000000000000a
RBP: 00007ff6bc675f45 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffe1998763f R14: 00007ff6b9b91300 R15: 0000000000022000
Bluetooth: hci1: command 0x0406 tx timeout
VFS: could not find a valid V7 on loop1.
VFS: could not find a valid V7 on loop1.
VFS: could not find a valid V7 on loop1.
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2021/11/09 00:43 | linux-4.19.y | 3f8a27f9e27b | 8ab17e57 | .config | console log | report | info | ci2-linux-4-19 | possible deadlock in mld_ifc_timer_expire |