syzbot

 sign-in | mailing list | source | docs
🐞 Open [1436]
Subsystems
🐞 Fixed [6757]
🐞 Invalid [17423]
Missing Backports [222]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

possible deadlock in bond_get_stats (2)

Status: auto-closed as invalid on 2019/10/25 08:51
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+de40a1dd58ea38aa9317@syzkaller.appspotmail.com
First crash: 2552d, last: 2382d
Discussions (3)
Title Replies (including bot) Last reply
Reminder: 99 open syzbot bugs in net subsystem 14 (14) 2019/07/31 15:13
Reminder: 94 open syzbot bugs in net subsystem 1 (1) 2019/06/25 05:48
possible deadlock in bond_get_stats (2) 0 (1) 2018/12/03 23:10
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in bond_get_stats (3) net 4 syz done 2 2105d 2105d 15/29 fixed on 2020/04/15 17:19
linux-4.19 possible deadlock in bond_get_stats 4 C 1244 995d 2133d 0/1 upstream: reported C repro on 2020/01/24 05:20
upstream possible deadlock in bond_get_stats net 4 C 11 2673d 2677d 8/29 fixed on 2018/08/08 18:10
linux-4.14 possible deadlock in bond_get_stats 4 C 130 1000d 2137d 0/1 upstream: reported C repro on 2020/01/20 04:38

Sample crash report:
============================================
WARNING: possible recursive locking detected
5.1.0+ #19 Not tainted
--------------------------------------------
syz-executor.4/14789 is trying to acquire lock:
00000000d0914714 (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xe1/0x560 drivers/net/bonding/bond_main.c:3451

but task is already holding lock:
00000000cbb17fac (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xe1/0x560 drivers/net/bonding/bond_main.c:3451

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&(&bond->stats_lock)->rlock#2/2);
  lock(&(&bond->stats_lock)->rlock#2/2);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor.4/14789:
 #0: 00000000384a952f (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 net/core/rtnetlink.c:76
 #1: 00000000cbb17fac (&(&bond->stats_lock)->rlock#2/2){+.+.}, at: bond_get_stats+0xe1/0x560 drivers/net/bonding/bond_main.c:3451
 #2: 00000000cab8c918 (rcu_read_lock){....}, at: bond_get_nest_level drivers/net/bonding/bond_main.c:3440 [inline]
 #2: 00000000cab8c918 (rcu_read_lock){....}, at: bond_get_stats+0xc0/0x560 drivers/net/bonding/bond_main.c:3451

stack backtrace:
CPU: 1 PID: 14789 Comm: syz-executor.4 Not tainted 5.1.0+ #19
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_deadlock_bug kernel/locking/lockdep.c:2190 [inline]
 check_deadlock kernel/locking/lockdep.c:2234 [inline]
 validate_chain kernel/locking/lockdep.c:2783 [inline]
 __lock_acquire.cold+0x219/0x53f kernel/locking/lockdep.c:3792
 lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:4302
 _raw_spin_lock_nested+0x35/0x50 kernel/locking/spinlock.c:361
 bond_get_stats+0xe1/0x560 drivers/net/bonding/bond_main.c:3451
 dev_get_stats+0x8e/0x280 net/core/dev.c:9063
 bond_get_stats+0x23e/0x560 drivers/net/bonding/bond_main.c:3457
 dev_get_stats+0x8e/0x280 net/core/dev.c:9063
 rtnl_fill_stats+0x4d/0xac0 net/core/rtnetlink.c:1176
 rtnl_fill_ifinfo+0x1171/0x3750 net/core/rtnetlink.c:1659
 rtmsg_ifinfo_build_skb+0xc9/0x1a0 net/core/rtnetlink.c:3463
 rtmsg_ifinfo_event.part.0+0x43/0xe0 net/core/rtnetlink.c:3495
 rtmsg_ifinfo_event net/core/rtnetlink.c:5272 [inline]
 rtnetlink_event+0x12c/0x150 net/core/rtnetlink.c:5265
 notifier_call_chain+0xc2/0x230 kernel/notifier.c:94
 __raw_notifier_call_chain kernel/notifier.c:395 [inline]
 raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:402
 call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1753
 call_netdevice_notifiers_extack net/core/dev.c:1765 [inline]
 call_netdevice_notifiers net/core/dev.c:1779 [inline]
 netdev_features_change net/core/dev.c:1337 [inline]
 netdev_change_features+0x7e/0xb0 net/core/dev.c:8503
 bond_compute_features.isra.0+0x4de/0x950 drivers/net/bonding/bond_main.c:1125
 bond_slave_netdev_event drivers/net/bonding/bond_main.c:3185 [inline]
 bond_netdev_event+0x537/0x940 drivers/net/bonding/bond_main.c:3226
 notifier_call_chain+0xc2/0x230 kernel/notifier.c:94
 __raw_notifier_call_chain kernel/notifier.c:395 [inline]
 raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:402
 call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1753
 call_netdevice_notifiers_extack net/core/dev.c:1765 [inline]
 call_netdevice_notifiers net/core/dev.c:1779 [inline]
 netdev_features_change net/core/dev.c:1337 [inline]
 netdev_change_features+0x7e/0xb0 net/core/dev.c:8503
 bond_compute_features.isra.0+0x4de/0x950 drivers/net/bonding/bond_main.c:1125
 bond_enslave+0x4718/0x4bb0 drivers/net/bonding/bond_main.c:1767
 bond_do_ioctl+0x7d8/0x870 drivers/net/bonding/bond_main.c:3553
 dev_ifsioc+0x6ec/0x940 net/core/dev_ioctl.c:322
 dev_ioctl+0x280/0xc60 net/core/dev_ioctl.c:514
 compat_ifr_data_ioctl+0xfb/0x160 net/socket.c:3136
 compat_sock_ioctl_trans net/socket.c:3361 [inline]
 compat_sock_ioctl+0x374/0x1bf0 net/socket.c:3447
 __do_compat_sys_ioctl fs/compat_ioctl.c:1052 [inline]
 __se_compat_sys_ioctl fs/compat_ioctl.c:998 [inline]
 __ia32_compat_sys_ioctl+0x195/0x620 fs/compat_ioctl.c:998
 do_syscall_32_irqs_on arch/x86/entry/common.c:337 [inline]
 do_fast_syscall_32+0x27b/0xd7d arch/x86/entry/common.c:408
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fbe849
Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f5dba0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f0
RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
bond0: Enslaving lo as an active interface with an up link

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/05/20 06:43 upstream 72cf0b07418a 5a4461b0 .config console log report ci-upstream-kasan-gce-386
2018/11/30 21:24 net-next-old 93029d7d407f ade12e91 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.