syzbot |
sign-in | mailing list | source | docs |
bridge0: port 1(bond0) entered blocking state bridge0: port 1(bond0) entered disabled state device bridge0 entered promiscuous mode ===================================================== WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 4.19.211-syzkaller #0 Not tainted ----------------------------------------------------- syz-executor.2/23741 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: 000000009d7f8bd6 (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 and this task is already holding: 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: netif_addr_lock_bh include/linux/netdevice.h:4012 [inline] 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: dev_uc_add+0x1f/0xb0 net/core/dev_addr_lists.c:492 which would create a new lock dependency: (&bridge_netdev_addr_lock_key){+...} -> (&(&bond->stats_lock)->rlock#2/2){+.+.} but this new dependency connects a SOFTIRQ-irq-safe lock: (&(&mc->mca_lock)->rlock){+.-.} ... which became SOFTIRQ-irq-safe at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] mld_send_cr net/ipv6/mcast.c:1952 [inline] mld_ifc_timer_expire+0x4a3/0xdf0 net/ipv6/mcast.c:2476 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 __sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:97 rcu_lock_release include/linux/rcupdate.h:247 [inline] rcu_read_unlock include/linux/rcupdate.h:681 [inline] __d_lookup+0x3f9/0x710 fs/dcache.c:2310 lookup_fast+0x3a4/0x1080 fs/namei.c:1618 walk_component+0xde/0xda0 fs/namei.c:1807 link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142 link_path_walk fs/namei.c:2073 [inline] path_openat+0x1db/0x2df0 fs/namei.c:3536 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe to a SOFTIRQ-irq-unsafe lock: (&(&bond->stats_lock)->rlock#2/2){+.+.} ... which became SOFTIRQ-irq-unsafe at: ... _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline] rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] netdev_features_change net/core/dev.c:1330 [inline] netdev_change_features+0x7e/0xb0 net/core/dev.c:8490 bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116 bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321 do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455 rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 __sys_sendto+0x21a/0x320 net/socket.c:1899 __do_sys_sendto net/socket.c:1911 [inline] __se_sys_sendto net/socket.c:1907 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe other info that might help us debug this: Chain exists of: &(&mc->mca_lock)->rlock --> &bridge_netdev_addr_lock_key --> &(&bond->stats_lock)->rlock#2/2 Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&bond->stats_lock)->rlock#2/2); local_irq_disable(); lock(&(&mc->mca_lock)->rlock); lock(&bridge_netdev_addr_lock_key); <Interrupt> lock(&(&mc->mca_lock)->rlock); *** DEADLOCK *** 2 locks held by syz-executor.2/23741: #0: 00000000bf345e53 (rtnl_mutex){+.+.}, at: dev_ioctl+0x19d/0xc50 net/core/dev_ioctl.c:487 #1: 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline] #1: 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: netif_addr_lock_bh include/linux/netdevice.h:4012 [inline] #1: 00000000f0550dc2 (&bridge_netdev_addr_lock_key){+...}, at: dev_uc_add+0x1f/0xb0 net/core/dev_addr_lists.c:492 the dependencies between SOFTIRQ-irq-safe lock and the holding lock: -> (&(&mc->mca_lock)->rlock){+.-.} ops: 20290 { HARDIRQ-ON-W at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] mld_del_delrec+0x452/0x6d0 net/ipv6/mcast.c:790 __ipv6_dev_mc_inc+0x720/0xa80 net/ipv6/mcast.c:934 ipv6_add_dev+0xadb/0x10b0 net/ipv6/addrconf.c:456 addrconf_init+0xe1/0x3a8 net/ipv6/addrconf.c:6785 inet6_init+0x349/0x6b3 net/ipv6/af_inet6.c:1019 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 VFS: could not find a valid V7 on loop1. kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 IN-SOFTIRQ-W at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] mld_send_cr net/ipv6/mcast.c:1952 [inline] mld_ifc_timer_expire+0x4a3/0xdf0 net/ipv6/mcast.c:2476 call_timer_fn+0x177/0x700 kernel/time/timer.c:1338 expire_timers+0x243/0x4e0 kernel/time/timer.c:1375 __run_timers kernel/time/timer.c:1696 [inline] run_timer_softirq+0x21c/0x670 kernel/time/timer.c:1709 __do_softirq+0x265/0x980 kernel/softirq.c:292 invoke_softirq kernel/softirq.c:372 [inline] irq_exit+0x215/0x260 kernel/softirq.c:412 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894 __sanitizer_cov_trace_pc+0x4/0x50 kernel/kcov.c:97 rcu_lock_release include/linux/rcupdate.h:247 [inline] rcu_read_unlock include/linux/rcupdate.h:681 [inline] __d_lookup+0x3f9/0x710 fs/dcache.c:2310 lookup_fast+0x3a4/0x1080 fs/namei.c:1618 walk_component+0xde/0xda0 fs/namei.c:1807 link_path_walk.part.0+0x901/0x1230 fs/namei.c:2142 link_path_walk fs/namei.c:2073 [inline] path_openat+0x1db/0x2df0 fs/namei.c:3536 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 do_sys_open+0x3b3/0x520 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] mld_del_delrec+0x452/0x6d0 net/ipv6/mcast.c:790 __ipv6_dev_mc_inc+0x720/0xa80 net/ipv6/mcast.c:934 ipv6_add_dev+0xadb/0x10b0 net/ipv6/addrconf.c:456 addrconf_init+0xe1/0x3a8 net/ipv6/addrconf.c:6785 inet6_init+0x349/0x6b3 net/ipv6/af_inet6.c:1019 do_one_initcall+0xf1/0x740 init/main.c:884 do_initcall_level init/main.c:952 [inline] do_initcalls init/main.c:960 [inline] do_basic_setup init/main.c:978 [inline] kernel_init_freeable+0x9c5/0xab7 init/main.c:1145 kernel_init+0xd/0x1ba init/main.c:1062 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 } ... key at: [<ffffffff8dd99dc0>] __key.7+0x0/0x40 ... acquired at: spin_lock_bh include/linux/spinlock.h:334 [inline] netif_addr_lock_bh include/linux/netdevice.h:4012 [inline] __dev_mc_add net/core/dev_addr_lists.c:669 [inline] dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687 igmp6_group_added+0x4bc/0x5d0 net/ipv6/mcast.c:676 __ipv6_dev_mc_inc+0x728/0xa80 net/ipv6/mcast.c:935 ipv6_add_dev+0xaea/0x10b0 net/ipv6/addrconf.c:459 addrconf_notify+0x6a3/0x21f0 net/ipv6/addrconf.c:3447 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] register_netdevice+0xdd2/0x10f0 net/core/dev.c:8761 br_dev_newlink+0x23/0x110 net/bridge/br_netlink.c:1300 rtnl_newlink+0x1030/0x15c0 net/core/rtnetlink.c:3141 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 __sys_sendto+0x21a/0x320 net/socket.c:1899 __do_sys_sendto net/socket.c:1911 [inline] __se_sys_sendto net/socket.c:1907 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe -> (&bridge_netdev_addr_lock_key){+...} ops: 212 { HARDIRQ-ON-W at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] netif_addr_lock_bh include/linux/netdevice.h:4012 [inline] __dev_mc_add net/core/dev_addr_lists.c:669 [inline] dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687 igmp6_group_added+0x4bc/0x5d0 net/ipv6/mcast.c:676 __ipv6_dev_mc_inc+0x728/0xa80 net/ipv6/mcast.c:935 ipv6_add_dev+0xaea/0x10b0 net/ipv6/addrconf.c:459 addrconf_notify+0x6a3/0x21f0 net/ipv6/addrconf.c:3447 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] register_netdevice+0xdd2/0x10f0 net/core/dev.c:8761 br_dev_newlink+0x23/0x110 net/bridge/br_netlink.c:1300 rtnl_newlink+0x1030/0x15c0 net/core/rtnetlink.c:3141 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 __sys_sendto+0x21a/0x320 net/socket.c:1899 __do_sys_sendto net/socket.c:1911 [inline] __se_sys_sendto net/socket.c:1907 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x2f/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] netif_addr_lock_bh include/linux/netdevice.h:4012 [inline] __dev_mc_add net/core/dev_addr_lists.c:669 [inline] dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687 igmp6_group_added+0x4bc/0x5d0 net/ipv6/mcast.c:676 __ipv6_dev_mc_inc+0x728/0xa80 net/ipv6/mcast.c:935 ipv6_add_dev+0xaea/0x10b0 net/ipv6/addrconf.c:459 addrconf_notify+0x6a3/0x21f0 net/ipv6/addrconf.c:3447 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] register_netdevice+0xdd2/0x10f0 net/core/dev.c:8761 br_dev_newlink+0x23/0x110 net/bridge/br_netlink.c:1300 rtnl_newlink+0x1030/0x15c0 net/core/rtnetlink.c:3141 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 __sys_sendto+0x21a/0x320 net/socket.c:1899 __do_sys_sendto net/socket.c:1911 [inline] __se_sys_sendto net/socket.c:1907 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe } ... key at: [<ffffffff8dd9b0a0>] bridge_netdev_addr_lock_key+0x0/0x40 ... acquired at: _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline] rtmsg_ifinfo+0x83/0x120 net/core/rtnetlink.c:3398 __dev_notify_flags+0x226/0x2b0 net/core/dev.c:7713 __dev_set_promiscuity+0x197/0x210 net/core/dev.c:7490 dev_set_promiscuity+0x4f/0x100 net/core/dev.c:7510 br_port_set_promisc net/bridge/br_if.c:103 [inline] br_manage_promisc+0x364/0x4e0 net/bridge/br_if.c:152 br_dev_change_rx_flags+0x37/0x40 net/bridge/br_device.c:182 dev_change_rx_flags net/core/dev.c:7443 [inline] __dev_set_promiscuity.cold+0x2f1/0x35f net/core/dev.c:7487 __dev_set_rx_mode+0x257/0x2f0 net/core/dev.c:7592 dev_uc_add+0xa1/0xb0 net/core/dev_addr_lists.c:496 vlan_sync_address net/8021q/vlan.c:309 [inline] vlan_device_event+0x1744/0x1e40 net/8021q/vlan.c:411 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1744 [inline] call_netdevice_notifiers+0x99/0x110 net/core/dev.c:1762 br_add_if+0x16ba/0x1b60 net/bridge/br_if.c:687 add_del_if+0x106/0x140 net/bridge/br_ioctl.c:101 br_dev_ioctl+0xe9/0x160 net/bridge/br_ioctl.c:396 dev_ifsioc+0x256/0x8c0 net/core/dev_ioctl.c:322 dev_ioctl+0x1ab/0xc50 net/core/dev_ioctl.c:488 sock_do_ioctl+0x178/0x300 net/socket.c:1038 sock_ioctl+0x2ef/0x5d0 net/socket.c:1135 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe the dependencies between the lock to be acquired and SOFTIRQ-irq-unsafe lock: -> (&(&bond->stats_lock)->rlock#2/2){+.+.} ops: 75 { HARDIRQ-ON-W at: _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline] rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] netdev_features_change net/core/dev.c:1330 [inline] netdev_change_features+0x7e/0xb0 net/core/dev.c:8490 bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116 bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321 do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455 rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 __sys_sendto+0x21a/0x320 net/socket.c:1899 __do_sys_sendto net/socket.c:1911 [inline] __se_sys_sendto net/socket.c:1907 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe SOFTIRQ-ON-W at: _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline] rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] netdev_features_change net/core/dev.c:1330 [inline] netdev_change_features+0x7e/0xb0 net/core/dev.c:8490 bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116 bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321 do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455 rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 __sys_sendto+0x21a/0x320 net/socket.c:1899 __do_sys_sendto net/socket.c:1911 [inline] __se_sys_sendto net/socket.c:1907 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe INITIAL USE at: _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline] rtnetlink_event+0x123/0x1d0 net/core/rtnetlink.c:4833 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers net/core/dev.c:1762 [inline] netdev_features_change net/core/dev.c:1330 [inline] netdev_change_features+0x7e/0xb0 net/core/dev.c:8490 bond_compute_features+0x476/0x8c0 drivers/net/bonding/bond_main.c:1116 bond_enslave+0x3dc9/0x5250 drivers/net/bonding/bond_main.c:1780 do_set_master+0x1c8/0x220 net/core/rtnetlink.c:2321 do_setlink+0x7ec/0x3540 net/core/rtnetlink.c:2455 rtnl_newlink+0xda9/0x15c0 net/core/rtnetlink.c:3077 rtnetlink_rcv_msg+0x453/0xb80 net/core/rtnetlink.c:4782 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2463 netlink_unicast_kernel net/netlink/af_netlink.c:1325 [inline] netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1351 netlink_sendmsg+0x6c3/0xc50 net/netlink/af_netlink.c:1917 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xc3/0x120 net/socket.c:661 __sys_sendto+0x21a/0x320 net/socket.c:1899 __do_sys_sendto net/socket.c:1911 [inline] __se_sys_sendto net/socket.c:1907 [inline] __x64_sys_sendto+0xdd/0x1b0 net/socket.c:1907 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe } ... key at: [<ffffffff8dcd4062>] __key.13+0x2/0x40 ... acquired at: _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline] rtmsg_ifinfo+0x83/0x120 net/core/rtnetlink.c:3398 __dev_notify_flags+0x226/0x2b0 net/core/dev.c:7713 __dev_set_promiscuity+0x197/0x210 net/core/dev.c:7490 dev_set_promiscuity+0x4f/0x100 net/core/dev.c:7510 br_port_set_promisc net/bridge/br_if.c:103 [inline] br_manage_promisc+0x364/0x4e0 net/bridge/br_if.c:152 br_dev_change_rx_flags+0x37/0x40 net/bridge/br_device.c:182 dev_change_rx_flags net/core/dev.c:7443 [inline] __dev_set_promiscuity.cold+0x2f1/0x35f net/core/dev.c:7487 __dev_set_rx_mode+0x257/0x2f0 net/core/dev.c:7592 dev_uc_add+0xa1/0xb0 net/core/dev_addr_lists.c:496 vlan_sync_address net/8021q/vlan.c:309 [inline] vlan_device_event+0x1744/0x1e40 net/8021q/vlan.c:411 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1744 [inline] call_netdevice_notifiers+0x99/0x110 net/core/dev.c:1762 br_add_if+0x16ba/0x1b60 net/bridge/br_if.c:687 add_del_if+0x106/0x140 net/bridge/br_ioctl.c:101 br_dev_ioctl+0xe9/0x160 net/bridge/br_ioctl.c:396 dev_ifsioc+0x256/0x8c0 net/core/dev_ioctl.c:322 dev_ioctl+0x1ab/0xc50 net/core/dev_ioctl.c:488 sock_do_ioctl+0x178/0x300 net/socket.c:1038 sock_ioctl+0x2ef/0x5d0 net/socket.c:1135 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe stack backtrace: CPU: 1 PID: 23741 Comm: syz-executor.2 Not tainted 4.19.211-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_bad_irq_dependency kernel/locking/lockdep.c:1573 [inline] check_usage.cold+0x7ea/0xbad kernel/locking/lockdep.c:1605 check_irq_usage kernel/locking/lockdep.c:1661 [inline] check_prev_add_irq kernel/locking/lockdep_states.h:8 [inline] check_prev_add kernel/locking/lockdep.c:1871 [inline] check_prevs_add kernel/locking/lockdep.c:1979 [inline] validate_chain kernel/locking/lockdep.c:2420 [inline] __lock_acquire+0x1da1/0x3ff0 kernel/locking/lockdep.c:3416 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354 bond_get_stats+0xca/0x500 drivers/net/bonding/bond_main.c:3492 dev_get_stats+0xa5/0x2b0 net/core/dev.c:9061 rtnl_fill_stats+0x48/0xa90 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xf8e/0x36d0 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xcd/0x1a0 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event net/core/rtnetlink.c:3389 [inline] rtmsg_ifinfo_event net/core/rtnetlink.c:3380 [inline] rtmsg_ifinfo+0x83/0x120 net/core/rtnetlink.c:3398 __dev_notify_flags+0x226/0x2b0 net/core/dev.c:7713 __dev_set_promiscuity+0x197/0x210 net/core/dev.c:7490 dev_set_promiscuity+0x4f/0x100 net/core/dev.c:7510 br_port_set_promisc net/bridge/br_if.c:103 [inline] br_manage_promisc+0x364/0x4e0 net/bridge/br_if.c:152 br_dev_change_rx_flags+0x37/0x40 net/bridge/br_device.c:182 dev_change_rx_flags net/core/dev.c:7443 [inline] __dev_set_promiscuity.cold+0x2f1/0x35f net/core/dev.c:7487 __dev_set_rx_mode+0x257/0x2f0 net/core/dev.c:7592 dev_uc_add+0xa1/0xb0 net/core/dev_addr_lists.c:496 vlan_sync_address net/8021q/vlan.c:309 [inline] vlan_device_event+0x1744/0x1e40 net/8021q/vlan.c:411 notifier_call_chain+0xc0/0x230 kernel/notifier.c:93 call_netdevice_notifiers_info net/core/dev.c:1744 [inline] call_netdevice_notifiers+0x99/0x110 net/core/dev.c:1762 br_add_if+0x16ba/0x1b60 net/bridge/br_if.c:687 add_del_if+0x106/0x140 net/bridge/br_ioctl.c:101 br_dev_ioctl+0xe9/0x160 net/bridge/br_ioctl.c:396 dev_ifsioc+0x256/0x8c0 net/core/dev_ioctl.c:322 dev_ioctl+0x1ab/0xc50 net/core/dev_ioctl.c:488 sock_do_ioctl+0x178/0x300 net/socket.c:1038 sock_ioctl+0x2ef/0x5d0 net/socket.c:1135 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0xcdb/0x12e0 fs/ioctl.c:688 ksys_ioctl+0x9b/0xc0 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:710 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x7ff6bc61bae9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ff6b9b91188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ff6bc72ef60 RCX: 00007ff6bc61bae9 RDX: 0000000020000000 RSI: 00000000000089a2 RDI: 000000000000000a RBP: 00007ff6bc675f45 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe1998763f R14: 00007ff6b9b91300 R15: 0000000000022000 Bluetooth: hci1: command 0x0406 tx timeout VFS: could not find a valid V7 on loop1. VFS: could not find a valid V7 on loop1. VFS: could not find a valid V7 on loop1.
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2021/11/09 00:43 | linux-4.19.y | 3f8a27f9e27b | 8ab17e57 | .config | console log | report | info | ci2-linux-4-19 | possible deadlock in mld_ifc_timer_expire |