bisecting fixing commit since d183c8e2647a7d45202c14a33631f6c09020f8ac building syzkaller on f4e7270e33225b8f25b74ab9072e9b670f2f82ae testing commit d183c8e2647a7d45202c14a33631f6c09020f8ac with gcc (GCC) 8.1.0 kernel signature: 6bf8ed136216e4c9b3d5f42dcb9bf0f59d96e066b59b7d5970ec10f027d1372c all runs: crashed: possible deadlock in bond_get_stats testing current HEAD 675cc038067f0e530471c56a7442935f84669d95 testing commit 675cc038067f0e530471c56a7442935f84669d95 with gcc (GCC) 8.1.0 kernel signature: fe3e95b433bb7d77dfbe573730dd4e123aed1be209d58735b90ad69aa536933c all runs: crashed: possible deadlock in bond_get_stats revisions tested: 2, total time: 24m59.334793559s (build: 18m0.198892565s, test: 5m51.167108377s) the crash still happens on HEAD commit msg: Linux 4.19.167 crash: possible deadlock in bond_get_stats netlink: 'syz-executor.4': attribute type 1 has an invalid length. bond0: macvlan1 is up - this may be due to an out of date ifenslave 8021q: adding VLAN 0 to HW filter on device bond5 bond0: Enslaving bond5 as an active interface with an up link ============================================ WARNING: possible recursive locking detected 4.19.167-syzkaller #0 Not tainted -------------------------------------------- syz-executor.0/9031 is trying to acquire lock: 00000000c9dfeaaa (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xcc/0x500 drivers/net/bonding/bond_main.c:3491 but task is already holding lock: 00000000b62aa559 (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xcc/0x500 drivers/net/bonding/bond_main.c:3491 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&(&bond->stats_lock)->rlock#2/2); lock(&(&bond->stats_lock)->rlock#2/2); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.0/9031: #0: 00000000bf78f137 (rtnl_mutex){+.+.}, at: rtnl_lock net/core/rtnetlink.c:77 [inline] #0: 00000000bf78f137 (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x301/0x8f0 net/core/rtnetlink.c:4775 #1: 00000000b62aa559 (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xcc/0x500 drivers/net/bonding/bond_main.c:3491 #2: 00000000cefd355d (rcu_read_lock){....}, at: bond_get_nest_level drivers/net/bonding/bond_main.c:3480 [inline] #2: 00000000cefd355d (rcu_read_lock){....}, at: bond_get_stats+0xaf/0x500 drivers/net/bonding/bond_main.c:3491 stack backtrace: CPU: 0 PID: 9031 Comm: syz-executor.0 Not tainted 4.19.167-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x123/0x177 lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1763 [inline] check_deadlock kernel/locking/lockdep.c:1807 [inline] validate_chain kernel/locking/lockdep.c:2403 [inline] __lock_acquire.cold.62+0x259/0x57a kernel/locking/lockdep.c:3415 lock_acquire+0x173/0x3d0 kernel/locking/lockdep.c:3907 _raw_spin_lock_nested+0x33/0x50 kernel/locking/spinlock.c:354 bond_get_stats+0xcc/0x500 drivers/net/bonding/bond_main.c:3491 dev_get_stats+0xa2/0x290 net/core/dev.c:9048 bond_get_stats+0x1d0/0x500 drivers/net/bonding/bond_main.c:3497 dev_get_stats+0xa2/0x290 net/core/dev.c:9048 rtnl_fill_stats+0x44/0xc00 net/core/rtnetlink.c:1176 rtnl_fill_ifinfo+0xe1f/0x3170 net/core/rtnetlink.c:1663 rtmsg_ifinfo_build_skb+0xc4/0x170 net/core/rtnetlink.c:3357 rtmsg_ifinfo_event.part.32+0x1a/0xb0 net/core/rtnetlink.c:3389 rtmsg_ifinfo_event net/core/rtnetlink.c:4836 [inline] rtnetlink_event+0xc7/0x120 net/core/rtnetlink.c:4829 notifier_call_chain+0x8a/0x160 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401 call_netdevice_notifiers_info+0x28/0x60 net/core/dev.c:1744 call_netdevice_notifiers net/core/dev.c:1762 [inline] netdev_features_change net/core/dev.c:1330 [inline] netdev_change_features+0x76/0xa0 net/core/dev.c:8477 bond_compute_features.isra.47+0x4ab/0x800 drivers/net/bonding/bond_main.c:1116 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3225 [inline] bond_netdev_event+0x300/0x920 drivers/net/bonding/bond_main.c:3266 notifier_call_chain+0x8a/0x160 kernel/notifier.c:93 __raw_notifier_call_chain kernel/notifier.c:394 [inline] raw_notifier_call_chain+0x11/0x20 kernel/notifier.c:401 call_netdevice_notifiers_info+0x28/0x60 net/core/dev.c:1744 call_netdevice_notifiers net/core/dev.c:1762 [inline] netdev_features_change net/core/dev.c:1330 [inline] netdev_change_features+0x76/0xa0 net/core/dev.c:8477 bond_compute_features.isra.47+0x4ab/0x800 drivers/net/bonding/bond_main.c:1116 bond_enslave+0x144c/0x4cf0 drivers/net/bonding/bond_main.c:1780 do_set_master+0x171/0x200 net/core/rtnetlink.c:2321 rtnl_newlink+0xf09/0x1320 net/core/rtnetlink.c:3170 rtnetlink_rcv_msg+0x34f/0x8f0 net/core/rtnetlink.c:4778 netlink_rcv_skb+0x13e/0x3d0 net/netlink/af_netlink.c:2455 rtnetlink_rcv+0x10/0x20 net/core/rtnetlink.c:4796 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline] netlink_unicast+0x443/0x650 net/netlink/af_netlink.c:1344 netlink_sendmsg+0x765/0xc40 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:622 [inline] sock_sendmsg+0xb5/0xf0 net/socket.c:632 ___sys_sendmsg+0x647/0x950 net/socket.c:2115 __sys_sendmsg+0xd9/0x180 net/socket.c:2153 __do_sys_sendmsg net/socket.c:2162 [inline] __se_sys_sendmsg net/socket.c:2160 [inline] __x64_sys_sendmsg+0x73/0xb0 net/socket.c:2160 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45b3c9 Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ff71de8bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ff71de8c6d4 RCX: 000000000045b3c9 RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000009c1 R14: 00000000004cb3a7 R15: 000000000075bf2c bond5: making interface gretap1 the new active one bond5: Enslaving gretap1 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond4 bond0: Enslaving bond4 as an active interface with an up link bond0: geneve1 is up - this may be due to an out of date ifenslave bond4: making interface gretap1 the new active one bond4: Enslaving gretap1 as an active interface with an up link bond0: macsec0 is up - this may be due to an out of date ifenslave syz-executor.0 (9031) used greatest stack depth: 21704 bytes left bond0: Error: Device is in use and cannot be enslaved 8021q: adding VLAN 0 to HW filter on device bond3 bond0: Enslaving bond3 as an active interface with an up link bond3: making interface gretap2 the new active one bond3: Enslaving gretap2 as an active interface with an up link bond0: veth0_virt_wifi is up - this may be due to an out of date ifenslave bond0: macsec0 is up - this may be due to an out of date ifenslave 8021q: adding VLAN 0 to HW filter on device bond5 bond0: Enslaving bond5 as an active interface with an up link bond5: making interface gretap2 the new active one bond5: Enslaving gretap2 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link bond6: making interface gretap2 the new active one bond6: Enslaving gretap2 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond8 bond0: Enslaving bond8 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link bond8: making interface gretap2 the new active one bond8: Enslaving gretap2 as an active interface with an up link bond6: making interface gretap3 the new active one bond6: Enslaving gretap3 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond1 bond0: Enslaving bond1 as an active interface with an up link bond1: making interface gretap3 the new active one bond1: Enslaving gretap3 as an active interface with an up link device gretap1 left promiscuous mode bridge0: port 3(gretap1) entered disabled state bond0: Enslaving gretap1 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond7 bond0: Enslaving bond7 as an active interface with an up link bond7: making interface gretap3 the new active one bond7: Enslaving gretap3 as an active interface with an up link bond0: vlan1 is up - this may be due to an out of date ifenslave 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link bond6: making interface gretap3 the new active one bond6: Enslaving gretap3 as an active interface with an up link device gretap1 left promiscuous mode bridge0: port 3(gretap1) entered disabled state bond0: Enslaving gretap1 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link bond6: making interface gretap4 the new active one bond6: Enslaving gretap4 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond3 bond0: Enslaving bond3 as an active interface with an up link bond3: making interface gretap4 the new active one bond3: Enslaving gretap4 as an active interface with an up link bond0: enslaved VLAN challenged slave ipvlan0. Adding VLANs will be blocked as long as ipvlan0 is part of bond bond0 bond0: The slave device specified does not support setting the MAC address 8021q: adding VLAN 0 to HW filter on device bond7 bond0: Enslaving bond7 as an active interface with an up link bond7: making interface gretap4 the new active one bond7: Enslaving gretap4 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond2 bond0: Enslaving bond2 as an active interface with an up link bond2: making interface gretap4 the new active one bond2: Enslaving gretap4 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond7 bond0: Enslaving bond7 as an active interface with an up link bond7: making interface gretap5 the new active one bond7: Enslaving gretap5 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond10 bond0: Enslaving bond10 as an active interface with an up link bond10: making interface gretap3 the new active one bond10: Enslaving gretap3 as an active interface with an up link bond0: Error: Device is in use and cannot be enslaved 8021q: adding VLAN 0 to HW filter on device bond9 bond0: Enslaving bond9 as an active interface with an up link bond9: making interface gretap5 the new active one bond9: Enslaving gretap5 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond8 bond0: Enslaving bond8 as an active interface with an up link bond8: making interface gretap5 the new active one bond8: Enslaving gretap5 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond3 bond0: Enslaving bond3 as an active interface with an up link bond3: making interface gretap5 the new active one bond3: Enslaving gretap5 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond8 bond0: Enslaving bond8 as an active interface with an up link bond8: making interface gretap6 the new active one bond8: Enslaving gretap6 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond11 bond0: Enslaving bond11 as an active interface with an up link bond11: making interface gretap4 the new active one bond11: Enslaving gretap4 as an active interface with an up link bond0: geneve1 is up - this may be due to an out of date ifenslave 8021q: adding VLAN 0 to HW filter on device bond10 bond0: Enslaving bond10 as an active interface with an up link bond10: making interface gretap6 the new active one bond10: Enslaving gretap6 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond10 bond0: Enslaving bond10 as an active interface with an up link bond10: making interface gretap6 the new active one bond10: Enslaving gretap6 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond8 bond0: Enslaving bond8 as an active interface with an up link bond8: making interface gretap6 the new active one bond8: Enslaving gretap6 as an active interface with an up link validate_nla: 74 callbacks suppressed netlink: 'syz-executor.1': attribute type 1 has an invalid length. 8021q: adding VLAN 0 to HW filter on device bond9 bond0: Enslaving bond9 as an active interface with an up link bond9: making interface gretap7 the new active one bond9: Enslaving gretap7 as an active interface with an up link netlink: 'syz-executor.5': attribute type 1 has an invalid length. netlink: 'syz-executor.1': attribute type 1 has an invalid length. 8021q: adding VLAN 0 to HW filter on device bond2 bond0: Enslaving bond2 as an active interface with an up link bond2: making interface gretap5 the new active one bond2: Enslaving gretap5 as an active interface with an up link netlink: 'syz-executor.5': attribute type 1 has an invalid length. netlink: 'syz-executor.3': attribute type 1 has an invalid length. 8021q: adding VLAN 0 to HW filter on device bond2 bond0: Enslaving bond2 as an active interface with an up link bond2: making interface gretap2 the new active one bond2: Enslaving gretap2 as an active interface with an up link netlink: 'syz-executor.0': attribute type 1 has an invalid length. 8021q: adding VLAN 0 to HW filter on device bond4 bond0: Enslaving bond4 as an active interface with an up link netlink: 'syz-executor.3': attribute type 1 has an invalid length. bond4: making interface gretap7 the new active one bond4: Enslaving gretap7 as an active interface with an up link netlink: 'syz-executor.0': attribute type 1 has an invalid length. netlink: 'syz-executor.2': attribute type 1 has an invalid length. 8021q: adding VLAN 0 to HW filter on device bond11 bond0: Enslaving bond11 as an active interface with an up link bond11: making interface gretap7 the new active one bond11: Enslaving gretap7 as an active interface with an up link netlink: 'syz-executor.2': attribute type 1 has an invalid length. 8021q: adding VLAN 0 to HW filter on device bond9 bond0: Enslaving bond9 as an active interface with an up link bond9: making interface gretap7 the new active one bond9: Enslaving gretap7 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond10 bond0: Enslaving bond10 as an active interface with an up link bond10: making interface gretap8 the new active one bond10: Enslaving gretap8 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond3 bond0: Enslaving bond3 as an active interface with an up link bond3: making interface gretap6 the new active one bond3: Enslaving gretap6 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond4 bond0: Enslaving bond4 as an active interface with an up link bond4: making interface gretap3 the new active one bond4: Enslaving gretap3 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond11 bond0: Enslaving bond11 as an active interface with an up link bond11: making interface gretap8 the new active one bond11: Enslaving gretap8 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond12 bond0: Enslaving bond12 as an active interface with an up link bond12: making interface gretap8 the new active one bond12: Enslaving gretap8 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond10 bond0: Enslaving bond10 as an active interface with an up link bond10: making interface gretap8 the new active one bond10: Enslaving gretap8 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond11 bond0: Enslaving bond11 as an active interface with an up link bond11: making interface gretap9 the new active one bond11: Enslaving gretap9 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond12 bond0: Enslaving bond12 as an active interface with an up link bond12: making interface gretap7 the new active one bond12: Enslaving gretap7 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond12 bond0: Enslaving bond12 as an active interface with an up link bond12: making interface gretap9 the new active one bond12: Enslaving gretap9 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond5 bond0: Enslaving bond5 as an active interface with an up link bond5: making interface gretap4 the new active one bond5: Enslaving gretap4 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond11 bond0: Enslaving bond11 as an active interface with an up link bond11: making interface gretap9 the new active one bond11: Enslaving gretap9 as an active interface with an up link bond5: Releasing active interface gretap2 bond0: Enslaving gretap2 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond12 bond0: Enslaving bond12 as an active interface with an up link bond12: making interface gretap10 the new active one bond12: Enslaving gretap10 as an active interface with an up link bond6: Releasing active interface gretap2 bond0: Enslaving gretap2 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond6 bond0: Enslaving bond6 as an active interface with an up link bond6: making interface gretap5 the new active one bond6: Enslaving gretap5 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond12 bond0: Enslaving bond12 as an active interface with an up link bond12: making interface gretap10 the new active one bond12: Enslaving gretap10 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond13 bond0: Enslaving bond13 as an active interface with an up link bond13: making interface gretap8 the new active one bond13: Enslaving gretap8 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond9 bond0: Enslaving bond9 as an active interface with an up link bond9: making interface gretap9 the new active one bond9: Enslaving gretap9 as an active interface with an up link bond1: Releasing active interface gretap3 bond0: Enslaving gretap3 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond5 bond0: Enslaving bond5 as an active interface with an up link bond5: making interface gretap11 the new active one bond5: Enslaving gretap11 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond8 bond0: Enslaving bond8 as an active interface with an up link bond8: making interface gretap6 the new active one bond8: Enslaving gretap6 as an active interface with an up link bond9: Releasing active interface gretap5 bond0: Enslaving gretap5 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond14 bond0: Enslaving bond14 as an active interface with an up link bond14: making interface gretap9 the new active one bond14: Enslaving gretap9 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond14 bond0: Enslaving bond14 as an active interface with an up link bond14: making interface gretap10 the new active one bond14: Enslaving gretap10 as an active interface with an up link bond7: Releasing active interface gretap5 bond0: Enslaving gretap5 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond13 bond0: Enslaving bond13 as an active interface with an up link bond13: making interface gretap12 the new active one bond13: Enslaving gretap12 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond9 bond0: Enslaving bond9 as an active interface with an up link bond9: making interface gretap7 the new active one bond9: Enslaving gretap7 as an active interface with an up link bond12: Releasing active interface gretap9 bond0: Enslaving gretap9 as an active interface with an up link 8021q: adding VLAN 0 to HW filter on device bond15 bond0: Enslaving bond15 as an active interface with an up link bond15: making interface gretap10 the new active one bond15: Enslaving gretap10 as an active interface with an up link bond14: Releasing active interface gretap10 bond0: Enslaving gretap10 as an active interface with an up link validate_nla: 61 callbacks suppressed netlink: 'syz-executor.2': attribute type 1 has an invalid length. netlink: 'syz-executor.4': attribute type 1 has an invalid length. bond3: Releasing active interface gretap5 bond0: Enslaving gretap5 as an active interface with an up link netlink: 'syz-executor.1': attribute type 1 has an invalid length. bond11: Releasing active interface gretap9