lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Wed, 08 Aug 2018 14:39:02 -0700
From:   syzbot <syzbot+bd051aba086537515cdb@...kaller.appspotmail.com>
To:     davem@...emloft.net, jiri@...nulli.us,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: possible deadlock in team_vlan_rx_add_vid

Hello,

syzbot found the following crash on:

HEAD commit:    0b5b1f9a78b5 Merge tag 'for-linus' of git://git.kernel.org..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1514a09c400000
kernel config:  https://syzkaller.appspot.com/x/.config?x=2dc0cd7c2eefb46f
dashboard link: https://syzkaller.appspot.com/bug?extid=bd051aba086537515cdb
compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16b10a54400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+bd051aba086537515cdb@...kaller.appspotmail.com

8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0

============================================
WARNING: possible recursive locking detected
4.18.0-rc7+ #176 Not tainted
--------------------------------------------
syz-executor4/6391 is trying to acquire lock:
(____ptrval____) (&team->lock){+.+.}, at: team_vlan_rx_add_vid+0x3b/0x1e0  
drivers/net/team/team.c:1868

but task is already holding lock:
(____ptrval____) (&team->lock){+.+.}, at: team_add_slave+0xdb/0x1c30  
drivers/net/team/team.c:1947

other info that might help us debug this:
  Possible unsafe locking scenario:

        CPU0
        ----
   lock(&team->lock);
   lock(&team->lock);

  *** DEADLOCK ***

  May be due to missing lock nesting notation

2 locks held by syz-executor4/6391:
  #0: (____ptrval____) (rtnl_mutex){+.+.}, at: rtnl_lock  
net/core/rtnetlink.c:77 [inline]
  #0: (____ptrval____) (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x412/0xc30  
net/core/rtnetlink.c:4662
  #1: (____ptrval____) (&team->lock){+.+.}, at: team_add_slave+0xdb/0x1c30  
drivers/net/team/team.c:1947

stack backtrace:
CPU: 1 PID: 6391 Comm: syz-executor4 Not tainted 4.18.0-rc7+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
  print_deadlock_bug kernel/locking/lockdep.c:1765 [inline]
  check_deadlock kernel/locking/lockdep.c:1809 [inline]
  validate_chain kernel/locking/lockdep.c:2405 [inline]
  __lock_acquire.cold.64+0x1fb/0x486 kernel/locking/lockdep.c:3435
  lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
  __mutex_lock_common kernel/locking/mutex.c:757 [inline]
  __mutex_lock+0x176/0x1820 kernel/locking/mutex.c:894
  mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:909
  team_vlan_rx_add_vid+0x3b/0x1e0 drivers/net/team/team.c:1868
  vlan_add_rx_filter_info+0x14a/0x1d0 net/8021q/vlan_core.c:210
  __vlan_vid_add net/8021q/vlan_core.c:278 [inline]
  vlan_vid_add+0x63e/0x9d0 net/8021q/vlan_core.c:308
  vlan_device_event.cold.12+0x2a/0x2f net/8021q/vlan.c:381
  notifier_call_chain+0x180/0x390 kernel/notifier.c:93
  __raw_notifier_call_chain kernel/notifier.c:394 [inline]
  raw_notifier_call_chain+0x2d/0x40 kernel/notifier.c:401
  call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1735
  call_netdevice_notifiers net/core/dev.c:1753 [inline]
  dev_open+0x173/0x1b0 net/core/dev.c:1433
  team_port_add drivers/net/team/team.c:1219 [inline]
  team_add_slave+0xa8b/0x1c30 drivers/net/team/team.c:1948
  do_set_master+0x1c9/0x220 net/core/rtnetlink.c:2248
  do_setlink+0xba4/0x3e10 net/core/rtnetlink.c:2382
  rtnl_setlink+0x2a9/0x400 net/core/rtnetlink.c:2636
  rtnetlink_rcv_msg+0x46e/0xc30 net/core/rtnetlink.c:4665
  netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2455
  rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:4683
  netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
  netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343
  netlink_sendmsg+0xa18/0xfd0 net/netlink/af_netlink.c:1908
  sock_sendmsg_nosec net/socket.c:642 [inline]
  sock_sendmsg+0xd5/0x120 net/socket.c:652
  ___sys_sendmsg+0x7fd/0x930 net/socket.c:2126
  __sys_sendmsg+0x11d/0x290 net/socket.c:2164
  __do_sys_sendmsg net/socket.c:2173 [inline]
  __se_sys_sendmsg net/socket.c:2171 [inline]
  __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2171
  do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x456b29
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7  
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff  
ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f9706bf8c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f9706bf96d4 RCX: 0000000000456b29
RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 00000000009300a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d3548 R14: 00000000004c8227 R15: 0000000000000000


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists