* [syzbot] kernel panic: kernel stack overflow
@ 2022-10-12 7:48 syzbot
2022-10-12 7:53 ` Dmitry Vyukov
0 siblings, 1 reply; 14+ messages in thread
From: syzbot @ 2022-10-12 7:48 UTC (permalink / raw)
To: davem, edumazet, kuba, linux-kernel, netdev, pabeni, syzkaller-bugs
Hello,
syzbot found the following issue on:
HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
Kernel panic - not syncing: kernel stack overflow
CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
panic+0x218/0x50c kernel/panic.c:274
nmi_panic+0xbc/0xf0 kernel/panic.c:169
panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
__bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
psi_sched_switch kernel/sched/stats.h:194 [inline]
__schedule+0x554/0x5a0 kernel/sched/core.c:6489
preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline]
__el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
lock_is_held include/linux/lockdep.h:283 [inline]
__might_resched+0x7c/0x218 kernel/sched/core.c:9854
__might_sleep+0x48/0x78 kernel/sched/core.c:9821
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc_node mm/slub.c:3162 [inline]
kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
__alloc_skb+0xf8/0x378 net/core/skbuff.c:422
alloc_skb include/linux/skbuff.h:1257 [inline]
nlmsg_new include/net/netlink.h:953 [inline]
genlmsg_new include/net/genetlink.h:410 [inline]
ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
ethnl_notify_features net/ethtool/netlink.c:715 [inline]
ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_compute_features drivers/net/team/team.c:1031 [inline]
team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
call_netdevice_notifiers net/core/dev.c:1997 [inline]
netdev_features_change net/core/dev.c:1315 [inline]
netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
__netdev_update_features+0x284/0xa88 net/core/dev.c:9751
netdev_change_features+0x30/0xfc net/core/dev.c:9823
team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
do_set_master net/core/rtnetlink.c:2577 [inline]
do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
__rtnl_newlink net/core/rtnetlink.c:3546 [inline]
rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x1ac/0x228 net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
SMP: stopping secondary CPUs
Kernel Offset: disabled
CPU features: 0x00000,02070084,26017203
Memory Limit: none
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 7:48 [syzbot] kernel panic: kernel stack overflow syzbot
@ 2022-10-12 7:53 ` Dmitry Vyukov
2022-10-12 12:19 ` Eric Dumazet
2022-10-12 13:11 ` Jiri Pirko
0 siblings, 2 replies; 14+ messages in thread
From: Dmitry Vyukov @ 2022-10-12 7:53 UTC (permalink / raw)
To: syzbot, Jiří Pírko
Cc: davem, edumazet, kuba, linux-kernel, netdev, pabeni, syzkaller-bugs
On Wed, 12 Oct 2022 at 09:48, syzbot
<syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> userspace arch: arm64
>
> Unfortunately, I don't have any reproducer for this issue yet.
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
+Jiri
It looks like the issue is with the team device. It seems to call
itself infinitely.
team_device_event was mentioned in stack overflow bugs in the past:
https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
> x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
> x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
> x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
> Kernel panic - not syncing: kernel stack overflow
> CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
> Call trace:
> dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
> show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
> __dump_stack lib/dump_stack.c:88 [inline]
> dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
> dump_stack+0x1c/0x58 lib/dump_stack.c:113
> panic+0x218/0x50c kernel/panic.c:274
> nmi_panic+0xbc/0xf0 kernel/panic.c:169
> panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
> handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
> __bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
> mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
> lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
> do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
> do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
> psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
> psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
> psi_sched_switch kernel/sched/stats.h:194 [inline]
> __schedule+0x554/0x5a0 kernel/sched/core.c:6489
> preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
> arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline]
> __el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
> el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
> el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
> el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
> arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
> lock_is_held include/linux/lockdep.h:283 [inline]
> __might_resched+0x7c/0x218 kernel/sched/core.c:9854
> __might_sleep+0x48/0x78 kernel/sched/core.c:9821
> might_alloc include/linux/sched/mm.h:274 [inline]
> slab_pre_alloc_hook mm/slab.h:700 [inline]
> slab_alloc_node mm/slub.c:3162 [inline]
> kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
> __alloc_skb+0xf8/0x378 net/core/skbuff.c:422
> alloc_skb include/linux/skbuff.h:1257 [inline]
> nlmsg_new include/net/netlink.h:953 [inline]
> genlmsg_new include/net/genetlink.h:410 [inline]
> ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
> ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
> ethnl_notify_features net/ethtool/netlink.c:715 [inline]
> ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_compute_features drivers/net/team/team.c:1031 [inline]
> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> notifier_call_chain kernel/notifier.c:87 [inline]
> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> netdev_features_change net/core/dev.c:1315 [inline]
> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
> do_set_master net/core/rtnetlink.c:2577 [inline]
> do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
> __rtnl_newlink net/core/rtnetlink.c:3546 [inline]
> rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
> rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
> netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
> rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
> netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
> netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
> netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
> sock_sendmsg_nosec net/socket.c:714 [inline]
> sock_sendmsg net/socket.c:734 [inline]
> ____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
> ___sys_sendmsg net/socket.c:2536 [inline]
> __sys_sendmsg+0x1ac/0x228 net/socket.c:2565
> __do_sys_sendmsg net/socket.c:2574 [inline]
> __se_sys_sendmsg net/socket.c:2572 [inline]
> __arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
> __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
> invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
> el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
> do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
> el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
> el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
> el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
> SMP: stopping secondary CPUs
> Kernel Offset: disabled
> CPU features: 0x00000,02070084,26017203
> Memory Limit: none
>
>
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c8900705ead19e41%40google.com.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 7:53 ` Dmitry Vyukov
@ 2022-10-12 12:19 ` Eric Dumazet
2022-10-12 13:31 ` Taehee Yoo
2022-10-13 15:00 ` Taehee Yoo
2022-10-12 13:11 ` Jiri Pirko
1 sibling, 2 replies; 14+ messages in thread
From: Eric Dumazet @ 2022-10-12 12:19 UTC (permalink / raw)
To: Dmitry Vyukov, Taehee Yoo
Cc: syzbot, Jiří Pírko, davem, kuba, linux-kernel,
netdev, pabeni, syzkaller-bugs
On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Wed, 12 Oct 2022 at 09:48, syzbot
> <syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> > dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> > compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> > userspace arch: arm64
> >
> > Unfortunately, I don't have any reproducer for this issue yet.
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
>
> +Jiri
>
> It looks like the issue is with the team device. It seems to call
> itself infinitely.
> team_device_event was mentioned in stack overflow bugs in the past:
> https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>
Taehee Yoo, can you take a look ?
Patch series of yours was supposed to limit max nest level to 8
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
>
> > x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
> > x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
> > x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
> > Kernel panic - not syncing: kernel stack overflow
> > CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
> > Call trace:
> > dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
> > show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
> > __dump_stack lib/dump_stack.c:88 [inline]
> > dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
> > dump_stack+0x1c/0x58 lib/dump_stack.c:113
> > panic+0x218/0x50c kernel/panic.c:274
> > nmi_panic+0xbc/0xf0 kernel/panic.c:169
> > panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
> > handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
> > __bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
> > mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
> > lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
> > do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
> > do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
> > psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
> > psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
> > psi_sched_switch kernel/sched/stats.h:194 [inline]
> > __schedule+0x554/0x5a0 kernel/sched/core.c:6489
> > preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
> > arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline]
> > __el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
> > el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
> > el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
> > el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
> > arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
> > lock_is_held include/linux/lockdep.h:283 [inline]
> > __might_resched+0x7c/0x218 kernel/sched/core.c:9854
> > __might_sleep+0x48/0x78 kernel/sched/core.c:9821
> > might_alloc include/linux/sched/mm.h:274 [inline]
> > slab_pre_alloc_hook mm/slab.h:700 [inline]
> > slab_alloc_node mm/slub.c:3162 [inline]
> > kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
> > __alloc_skb+0xf8/0x378 net/core/skbuff.c:422
> > alloc_skb include/linux/skbuff.h:1257 [inline]
> > nlmsg_new include/net/netlink.h:953 [inline]
> > genlmsg_new include/net/genetlink.h:410 [inline]
> > ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
> > ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
> > ethnl_notify_features net/ethtool/netlink.c:715 [inline]
> > ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_compute_features drivers/net/team/team.c:1031 [inline]
> > team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> > notifier_call_chain kernel/notifier.c:87 [inline]
> > raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> > call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> > call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> > call_netdevice_notifiers net/core/dev.c:1997 [inline]
> > netdev_features_change net/core/dev.c:1315 [inline]
> > netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> > __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> > netdev_change_features+0x30/0xfc net/core/dev.c:9823
> > team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
> > do_set_master net/core/rtnetlink.c:2577 [inline]
> > do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
> > __rtnl_newlink net/core/rtnetlink.c:3546 [inline]
> > rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
> > rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
> > netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
> > rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
> > netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
> > netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
> > netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
> > sock_sendmsg_nosec net/socket.c:714 [inline]
> > sock_sendmsg net/socket.c:734 [inline]
> > ____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
> > ___sys_sendmsg net/socket.c:2536 [inline]
> > __sys_sendmsg+0x1ac/0x228 net/socket.c:2565
> > __do_sys_sendmsg net/socket.c:2574 [inline]
> > __se_sys_sendmsg net/socket.c:2572 [inline]
> > __arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
> > __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
> > invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
> > el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
> > do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
> > el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
> > el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
> > el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
> > SMP: stopping secondary CPUs
> > Kernel Offset: disabled
> > CPU features: 0x00000,02070084,26017203
> > Memory Limit: none
> >
> >
> > ---
> > This report is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkaller@googlegroups.com.
> >
> > syzbot will keep track of this issue. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> >
> > --
> > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c8900705ead19e41%40google.com.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 7:53 ` Dmitry Vyukov
2022-10-12 12:19 ` Eric Dumazet
@ 2022-10-12 13:11 ` Jiri Pirko
2022-10-12 13:54 ` Dmitry Vyukov
1 sibling, 1 reply; 14+ messages in thread
From: Jiri Pirko @ 2022-10-12 13:11 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, davem, edumazet, kuba, linux-kernel, netdev, pabeni,
syzkaller-bugs
Wed, Oct 12, 2022 at 09:53:27AM CEST, dvyukov@google.com wrote:
>On Wed, 12 Oct 2022 at 09:48, syzbot
><syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
>>
>> Hello,
>>
>> syzbot found the following issue on:
>>
>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
>> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
>> userspace arch: arm64
>>
>> Unfortunately, I don't have any reproducer for this issue yet.
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
>
>+Jiri
>
>It looks like the issue is with the team device. It seems to call
>itself infinitely.
>team_device_event was mentioned in stack overflow bugs in the past:
>https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
Hi, do you have dmesg output available by any chance?
Thanks!
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 12:19 ` Eric Dumazet
@ 2022-10-12 13:31 ` Taehee Yoo
2022-10-13 15:00 ` Taehee Yoo
1 sibling, 0 replies; 14+ messages in thread
From: Taehee Yoo @ 2022-10-12 13:31 UTC (permalink / raw)
To: Eric Dumazet, Dmitry Vyukov
Cc: syzbot, Jiří Pírko, davem, kuba, linux-kernel,
netdev, pabeni, syzkaller-bugs
Hi Eric,
On 10/12/22 21:19, Eric Dumazet wrote:
> On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov <dvyukov@google.com>
wrote:
>>
>> On Wed, 12 Oct 2022 at 09:48, syzbot
>> <syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
>>>
>>> Hello,
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into
for-kernelci
>>> git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>>> console output:
https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>>> kernel config:
https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>>> dashboard link:
https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>>> compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld
(GNU Binutils for Debian) 2.35.2
>>> userspace arch: arm64
>>>
>>> Unfortunately, I don't have any reproducer for this issue yet.
>>>
>>> Downloadable assets:
>>> disk image:
https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>>> vmlinux:
https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>>>
>>> IMPORTANT: if you fix the issue, please add the following tag to
the commit:
>>> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
>>
>> +Jiri
>>
>> It looks like the issue is with the team device. It seems to call
>> itself infinitely.
>> team_device_event was mentioned in stack overflow bugs in the past:
>>
https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>>
>
>
> Taehee Yoo, can you take a look ?
>
> Patch series of yours was supposed to limit max nest level to 8
>
>
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
>
Thank you for the report,
Okay, I will take a look.
>
>
>
>>
>>> x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
>>> x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
>>> x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
>>> Kernel panic - not syncing: kernel stack overflow
>>> CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
>>> Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 09/30/2022
>>> Call trace:
>>> dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
>>> show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
>>> __dump_stack lib/dump_stack.c:88 [inline]
>>> dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
>>> dump_stack+0x1c/0x58 lib/dump_stack.c:113
>>> panic+0x218/0x50c kernel/panic.c:274
>>> nmi_panic+0xbc/0xf0 kernel/panic.c:169
>>> panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
>>> handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
>>> __bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
>>> mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
>>> lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
>>> do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
>>> do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
>>> psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
>>> psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
>>> psi_sched_switch kernel/sched/stats.h:194 [inline]
>>> __schedule+0x554/0x5a0 kernel/sched/core.c:6489
>>> preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
>>> arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265
[inline]
>>> __el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
>>> el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
>>> el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
>>> el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
>>> arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
>>> lock_is_held include/linux/lockdep.h:283 [inline]
>>> __might_resched+0x7c/0x218 kernel/sched/core.c:9854
>>> __might_sleep+0x48/0x78 kernel/sched/core.c:9821
>>> might_alloc include/linux/sched/mm.h:274 [inline]
>>> slab_pre_alloc_hook mm/slab.h:700 [inline]
>>> slab_alloc_node mm/slub.c:3162 [inline]
>>> kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
>>> __alloc_skb+0xf8/0x378 net/core/skbuff.c:422
>>> alloc_skb include/linux/skbuff.h:1257 [inline]
>>> nlmsg_new include/net/netlink.h:953 [inline]
>>> genlmsg_new include/net/genetlink.h:410 [inline]
>>> ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
>>> ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
>>> ethnl_notify_features net/ethtool/netlink.c:715 [inline]
>>> ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
>>> do_set_master net/core/rtnetlink.c:2577 [inline]
>>> do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
>>> __rtnl_newlink net/core/rtnetlink.c:3546 [inline]
>>> rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
>>> rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
>>> netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
>>> rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
>>> netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
>>> netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
>>> netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
>>> sock_sendmsg_nosec net/socket.c:714 [inline]
>>> sock_sendmsg net/socket.c:734 [inline]
>>> ____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
>>> ___sys_sendmsg net/socket.c:2536 [inline]
>>> __sys_sendmsg+0x1ac/0x228 net/socket.c:2565
>>> __do_sys_sendmsg net/socket.c:2574 [inline]
>>> __se_sys_sendmsg net/socket.c:2572 [inline]
>>> __arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
>>> __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
>>> invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
>>> el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
>>> do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
>>> el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
>>> el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
>>> el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
>>> SMP: stopping secondary CPUs
>>> Kernel Offset: disabled
>>> CPU features: 0x00000,02070084,26017203
>>> Memory Limit: none
>>>
>>>
>>> ---
>>> This report is generated by a bot. It may contain errors.
>>> See https://goo.gl/tpsmEJ for more information about syzbot.
>>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>>
>>> syzbot will keep track of this issue. See:
>>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
Groups "syzkaller-bugs" group.
>>> To unsubscribe from this group and stop receiving emails from it,
send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
>>> To view this discussion on the web visit
https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c8900705ead19e41%40google.com.
Thanks,
Taehee Yoo
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 13:11 ` Jiri Pirko
@ 2022-10-12 13:54 ` Dmitry Vyukov
2022-10-12 15:08 ` Jiri Pirko
0 siblings, 1 reply; 14+ messages in thread
From: Dmitry Vyukov @ 2022-10-12 13:54 UTC (permalink / raw)
To: Jiri Pirko
Cc: syzbot, davem, edumazet, kuba, linux-kernel, netdev, pabeni,
syzkaller-bugs
On Wed, 12 Oct 2022 at 15:11, Jiri Pirko <jiri@resnulli.us> wrote:
>
> Wed, Oct 12, 2022 at 09:53:27AM CEST, dvyukov@google.com wrote:
> >On Wed, 12 Oct 2022 at 09:48, syzbot
> ><syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
> >>
> >> Hello,
> >>
> >> syzbot found the following issue on:
> >>
> >> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> >> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> >> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> >> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> >> userspace arch: arm64
> >>
> >> Unfortunately, I don't have any reproducer for this issue yet.
> >>
> >> Downloadable assets:
> >> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> >> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
> >>
> >> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> >> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
> >
> >+Jiri
> >
> >It looks like the issue is with the team device. It seems to call
> >itself infinitely.
> >team_device_event was mentioned in stack overflow bugs in the past:
> >https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>
> Hi, do you have dmesg output available by any chance?
Hi Jiri,
syzbot attaches dmesg output to every report under the "console output" link.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 13:54 ` Dmitry Vyukov
@ 2022-10-12 15:08 ` Jiri Pirko
2022-10-12 16:42 ` Eric Dumazet
0 siblings, 1 reply; 14+ messages in thread
From: Jiri Pirko @ 2022-10-12 15:08 UTC (permalink / raw)
To: Dmitry Vyukov
Cc: syzbot, davem, edumazet, kuba, linux-kernel, netdev, pabeni,
syzkaller-bugs
Wed, Oct 12, 2022 at 03:54:59PM CEST, dvyukov@google.com wrote:
>On Wed, 12 Oct 2022 at 15:11, Jiri Pirko <jiri@resnulli.us> wrote:
>>
>> Wed, Oct 12, 2022 at 09:53:27AM CEST, dvyukov@google.com wrote:
>> >On Wed, 12 Oct 2022 at 09:48, syzbot
>> ><syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
>> >>
>> >> Hello,
>> >>
>> >> syzbot found the following issue on:
>> >>
>> >> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
>> >> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>> >> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>> >> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>> >> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
>> >> userspace arch: arm64
>> >>
>> >> Unfortunately, I don't have any reproducer for this issue yet.
>> >>
>> >> Downloadable assets:
>> >> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>> >> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>> >>
>> >> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> >> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
>> >
>> >+Jiri
>> >
>> >It looks like the issue is with the team device. It seems to call
>> >itself infinitely.
>> >team_device_event was mentioned in stack overflow bugs in the past:
>> >https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>>
>> Hi, do you have dmesg output available by any chance?
>
>Hi Jiri,
>
>syzbot attaches dmesg output to every report under the "console output" link.
I see. I guess the debug messages are not printed out, I don't see them
there. Would it be possible to turn them on?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 15:08 ` Jiri Pirko
@ 2022-10-12 16:42 ` Eric Dumazet
2022-10-13 7:11 ` Jiri Pirko
0 siblings, 1 reply; 14+ messages in thread
From: Eric Dumazet @ 2022-10-12 16:42 UTC (permalink / raw)
To: Jiri Pirko
Cc: Dmitry Vyukov, syzbot, davem, kuba, linux-kernel, netdev, pabeni,
syzkaller-bugs
On Wed, Oct 12, 2022 at 8:08 AM Jiri Pirko <jiri@resnulli.us> wrote:
>
> Wed, Oct 12, 2022 at 03:54:59PM CEST, dvyukov@google.com wrote:
> >On Wed, 12 Oct 2022 at 15:11, Jiri Pirko <jiri@resnulli.us> wrote:
> >>
> >> Wed, Oct 12, 2022 at 09:53:27AM CEST, dvyukov@google.com wrote:
> >> >On Wed, 12 Oct 2022 at 09:48, syzbot
> >> ><syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
> >> >>
> >> >> Hello,
> >> >>
> >> >> syzbot found the following issue on:
> >> >>
> >> >> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
> >> >> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> >> >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> >> >> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> >> >> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> >> >> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> >> >> userspace arch: arm64
> >> >>
> >> >> Unfortunately, I don't have any reproducer for this issue yet.
> >> >>
> >> >> Downloadable assets:
> >> >> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> >> >> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
> >> >>
> >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> >> >> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
> >> >
> >> >+Jiri
> >> >
> >> >It looks like the issue is with the team device. It seems to call
> >> >itself infinitely.
> >> >team_device_event was mentioned in stack overflow bugs in the past:
> >> >https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
> >>
> >> Hi, do you have dmesg output available by any chance?
> >
> >Hi Jiri,
> >
> >syzbot attaches dmesg output to every report under the "console output" link.
>
> I see. I guess the debug messages are not printed out, I don't see them
> there. Would it be possible to turn them on?
What debug messages do you need ?
There is a nice stack trace [1] with file:number available
My guess was that for some reason the team driver does not enforce a
max nest level of 8 ?
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
[1]
CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 09/30/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
panic+0x218/0x50c kernel/panic.c:274
nmi_panic+0xbc/0xf0 kernel/panic.c:169
panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
__bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
psi_sched_switch kernel/sched/stats.h:194 [inline]
__schedule+0x554/0x5a0 kernel/sched/core.c:6489
preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline]
__el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
lock_is_held include/linux/lockdep.h:283 [inline]
__might_resched+0x7c/0x218 kernel/sched/core.c:9854
__might_sleep+0x48/0x78 kernel/sched/core.c:9821
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:700 [inline]
slab_alloc_node mm/slub.c:3162 [inline]
kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
__alloc_skb+0xf8/0x378 net/core/skbuff.c:422
alloc_skb include/linux/skbuff.h:1257 [inline]
nlmsg_new include/net/netlink.h:953 [inline]
genlmsg_new include/net/genetlink.h:410 [inline]
ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
...
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 16:42 ` Eric Dumazet
@ 2022-10-13 7:11 ` Jiri Pirko
0 siblings, 0 replies; 14+ messages in thread
From: Jiri Pirko @ 2022-10-13 7:11 UTC (permalink / raw)
To: Eric Dumazet
Cc: Dmitry Vyukov, syzbot, davem, kuba, linux-kernel, netdev, pabeni,
syzkaller-bugs
Wed, Oct 12, 2022 at 06:42:39PM CEST, edumazet@google.com wrote:
>On Wed, Oct 12, 2022 at 8:08 AM Jiri Pirko <jiri@resnulli.us> wrote:
>>
>> Wed, Oct 12, 2022 at 03:54:59PM CEST, dvyukov@google.com wrote:
>> >On Wed, 12 Oct 2022 at 15:11, Jiri Pirko <jiri@resnulli.us> wrote:
>> >>
>> >> Wed, Oct 12, 2022 at 09:53:27AM CEST, dvyukov@google.com wrote:
>> >> >On Wed, 12 Oct 2022 at 09:48, syzbot
>> >> ><syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
>> >> >>
>> >> >> Hello,
>> >> >>
>> >> >> syzbot found the following issue on:
>> >> >>
>> >> >> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
>> >> >> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> >> >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>> >> >> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>> >> >> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>> >> >> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
>> >> >> userspace arch: arm64
>> >> >>
>> >> >> Unfortunately, I don't have any reproducer for this issue yet.
>> >> >>
>> >> >> Downloadable assets:
>> >> >> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>> >> >> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>> >> >>
>> >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>> >> >> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
>> >> >
>> >> >+Jiri
>> >> >
>> >> >It looks like the issue is with the team device. It seems to call
>> >> >itself infinitely.
>> >> >team_device_event was mentioned in stack overflow bugs in the past:
>> >> >https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>> >>
>> >> Hi, do you have dmesg output available by any chance?
>> >
>> >Hi Jiri,
>> >
>> >syzbot attaches dmesg output to every report under the "console output" link.
>>
>> I see. I guess the debug messages are not printed out, I don't see them
>> there. Would it be possible to turn them on?
>
>What debug messages do you need ?
>
>There is a nice stack trace [1] with file:number available
Sure, but there are no debug printks that are printed out during feature
processing. That could shed some light on if this is caused by lack of
nest level enforce or perhaps for some reason repetitive processing
of the same team-port netdevice couple in loop.
>
>
>My guess was that for some reason the team driver does not enforce a
>max nest level of 8 ?
>
>https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
>
>
>[1]
>CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted
>6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
>Hardware name: Google Google Compute Engine/Google Compute Engine,
>BIOS Google 09/30/2022
>Call trace:
> dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
> show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
> __dump_stack lib/dump_stack.c:88 [inline]
> dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
> dump_stack+0x1c/0x58 lib/dump_stack.c:113
> panic+0x218/0x50c kernel/panic.c:274
> nmi_panic+0xbc/0xf0 kernel/panic.c:169
> panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
> handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
> __bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
> mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
> lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
> do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
> do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
> psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
> psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
> psi_sched_switch kernel/sched/stats.h:194 [inline]
> __schedule+0x554/0x5a0 kernel/sched/core.c:6489
> preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
> arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline]
> __el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
> el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
> el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
> el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
> arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
> lock_is_held include/linux/lockdep.h:283 [inline]
> __might_resched+0x7c/0x218 kernel/sched/core.c:9854
> __might_sleep+0x48/0x78 kernel/sched/core.c:9821
> might_alloc include/linux/sched/mm.h:274 [inline]
> slab_pre_alloc_hook mm/slab.h:700 [inline]
> slab_alloc_node mm/slub.c:3162 [inline]
> kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
> __alloc_skb+0xf8/0x378 net/core/skbuff.c:422
> alloc_skb include/linux/skbuff.h:1257 [inline]
> nlmsg_new include/net/netlink.h:953 [inline]
> genlmsg_new include/net/genetlink.h:410 [inline]
> ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
>...
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-12 12:19 ` Eric Dumazet
2022-10-12 13:31 ` Taehee Yoo
@ 2022-10-13 15:00 ` Taehee Yoo
2022-10-13 16:04 ` Eric Dumazet
2022-10-21 11:08 ` Taehee Yoo
1 sibling, 2 replies; 14+ messages in thread
From: Taehee Yoo @ 2022-10-13 15:00 UTC (permalink / raw)
To: Eric Dumazet, Dmitry Vyukov
Cc: syzbot, Jiří Pírko, davem, kuba, linux-kernel,
netdev, pabeni, syzkaller-bugs, Cong Wang
Hi,
On 10/12/22 21:19, Eric Dumazet wrote:
> On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov <dvyukov@google.com>
wrote:
>>
>> On Wed, 12 Oct 2022 at 09:48, syzbot
>> <syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
>>>
>>> Hello,
>>>
>>> syzbot found the following issue on:
>>>
>>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into
for-kernelci
>>> git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>>> console output:
https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>>> kernel config:
https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>>> dashboard link:
https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>>> compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld
(GNU Binutils for Debian) 2.35.2
>>> userspace arch: arm64
>>>
>>> Unfortunately, I don't have any reproducer for this issue yet.
>>>
>>> Downloadable assets:
>>> disk image:
https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>>> vmlinux:
https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>>>
>>> IMPORTANT: if you fix the issue, please add the following tag to
the commit:
>>> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
>>
>> +Jiri
>>
>> It looks like the issue is with the team device. It seems to call
>> itself infinitely.
>> team_device_event was mentioned in stack overflow bugs in the past:
>>
https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>>
>
>
> Taehee Yoo, can you take a look ?
>
> Patch series of yours was supposed to limit max nest level to 8
>
>
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
>
I found a reproducer.
#test_team.sh
ip link add dummy0 type dummy
ip link set dummy0 up
for a1 in {0..1}
do
ip link add team$a1 type team
for a2 in {0..1}
do
ip link add team$a1$a2 master team$a1 type team
for a3 in {0..1}
do
ip link add team$a1$a2$a3 master team$a1$a2
type team
for a4 in {0..1}
do
ip link add team$a1$a2$a3$a4 master
team$a1$a2$a3 type team
for a5 in {0..1}
do
ip link add team$a1$a2$a3$a4$a5
master team$a1$a2$a3$a4 type team
for a6 in {0..1}
do
ip link add
team$a1$a2$a3$a4$a5$a6 master team$a1$a2$a3$a4$a5 type team
ip link add
macvlan$a1$a2$a3$a4$a5$a6 link dummy0 master team$a1$a2$a3$a4$a5$a6 type
macvlan
ip link set
macvlan$a1$a2$a3$a4$a5$a6 up
ip link set
team$a1$a2$a3$a4$a5$a6 up
done
ip link set team$a1$a2$a3$a4$a5 up
done
ip link set team$a1$a2$a3$a4 up
done
ip link set team$a1$a2$a3 up
done
ip link set team$a1$a2 up
done
ip link set team$a1 up
done
#test_ethtool.sh
for a1 in {0..1}
do
ethtool -K team$a1 lro $1
for a2 in {0..1}
do
ethtool -K team$a1$a2 lro $1
for a3 in {0..1}
do
ethtool -K team$a1$a2$a3 lro $1
for a4 in {0..1}
do
ethtool -K team$a1$a2$a3$a4 lro $1
for a5 in {0..1}
do
ethtool -K team$a1$a2$a3$a4$a5
lro $1
for a6 in {0..1}
do
ethtool -K
team$a1$a2$a3$a4$a5$a6 lro $1
ethtool -K
macvlan$a1$a2$a3$a4$a5$a6 lro $1
done
done
done
done
done
done
shell#1
bash test_team.sh
while :
do
bash test_ethtool.sh on
done
shell#2
while :
do
bash test_ethtool.sh off
done
We can see a very similar call trace with the above reproducer.
I think it is the same issue.
Could you please test it?
And, I found the fixed same issue too.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
>
>
>
>>
>>> x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
>>> x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
>>> x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
>>> Kernel panic - not syncing: kernel stack overflow
>>> CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
>>> Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 09/30/2022
>>> Call trace:
>>> dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
>>> show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
>>> __dump_stack lib/dump_stack.c:88 [inline]
>>> dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
>>> dump_stack+0x1c/0x58 lib/dump_stack.c:113
>>> panic+0x218/0x50c kernel/panic.c:274
>>> nmi_panic+0xbc/0xf0 kernel/panic.c:169
>>> panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
>>> handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
>>> __bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
>>> mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
>>> lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
>>> do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
>>> do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
>>> psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
>>> psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
>>> psi_sched_switch kernel/sched/stats.h:194 [inline]
>>> __schedule+0x554/0x5a0 kernel/sched/core.c:6489
>>> preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
>>> arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265
[inline]
>>> __el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
>>> el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
>>> el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
>>> el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
>>> arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
>>> lock_is_held include/linux/lockdep.h:283 [inline]
>>> __might_resched+0x7c/0x218 kernel/sched/core.c:9854
>>> __might_sleep+0x48/0x78 kernel/sched/core.c:9821
>>> might_alloc include/linux/sched/mm.h:274 [inline]
>>> slab_pre_alloc_hook mm/slab.h:700 [inline]
>>> slab_alloc_node mm/slub.c:3162 [inline]
>>> kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
>>> __alloc_skb+0xf8/0x378 net/core/skbuff.c:422
>>> alloc_skb include/linux/skbuff.h:1257 [inline]
>>> nlmsg_new include/net/netlink.h:953 [inline]
>>> genlmsg_new include/net/genetlink.h:410 [inline]
>>> ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
>>> ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
>>> ethnl_notify_features net/ethtool/netlink.c:715 [inline]
>>> ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_compute_features drivers/net/team/team.c:1031 [inline]
>>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
>>> notifier_call_chain kernel/notifier.c:87 [inline]
>>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
>>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
>>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
>>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
>>> netdev_features_change net/core/dev.c:1315 [inline]
>>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
>>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
>>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
>>> team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
>>> do_set_master net/core/rtnetlink.c:2577 [inline]
>>> do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
>>> __rtnl_newlink net/core/rtnetlink.c:3546 [inline]
>>> rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
>>> rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
>>> netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
>>> rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
>>> netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
>>> netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
>>> netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
>>> sock_sendmsg_nosec net/socket.c:714 [inline]
>>> sock_sendmsg net/socket.c:734 [inline]
>>> ____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
>>> ___sys_sendmsg net/socket.c:2536 [inline]
>>> __sys_sendmsg+0x1ac/0x228 net/socket.c:2565
>>> __do_sys_sendmsg net/socket.c:2574 [inline]
>>> __se_sys_sendmsg net/socket.c:2572 [inline]
>>> __arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
>>> __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
>>> invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
>>> el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
>>> do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
>>> el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
>>> el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
>>> el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
>>> SMP: stopping secondary CPUs
>>> Kernel Offset: disabled
>>> CPU features: 0x00000,02070084,26017203
>>> Memory Limit: none
>>>
>>>
>>> ---
>>> This report is generated by a bot. It may contain errors.
>>> See https://goo.gl/tpsmEJ for more information about syzbot.
>>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>>
>>> syzbot will keep track of this issue. See:
>>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
Groups "syzkaller-bugs" group.
>>> To unsubscribe from this group and stop receiving emails from it,
send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
>>> To view this discussion on the web visit
https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c8900705ead19e41%40google.com.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-13 15:00 ` Taehee Yoo
@ 2022-10-13 16:04 ` Eric Dumazet
2022-10-21 11:08 ` Taehee Yoo
1 sibling, 0 replies; 14+ messages in thread
From: Eric Dumazet @ 2022-10-13 16:04 UTC (permalink / raw)
To: Taehee Yoo
Cc: Dmitry Vyukov, syzbot, Jiří Pírko, davem, kuba,
linux-kernel, netdev, pabeni, syzkaller-bugs, Cong Wang
On Thu, Oct 13, 2022 at 8:00 AM Taehee Yoo <ap420073@gmail.com> wrote:
>
> Hi,
>
> On 10/12/22 21:19, Eric Dumazet wrote:
> > On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov <dvyukov@google.com>
> wrote:
> >>
> >> On Wed, 12 Oct 2022 at 09:48, syzbot
> >> <syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
> >>>
> >>> Hello,
> >>>
> >>> syzbot found the following issue on:
> >>>
> >>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into
> for-kernelci
> >>> git tree:
> git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> >>> console output:
> https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> >>> kernel config:
> https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> >>> dashboard link:
> https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> >>> compiler: Debian clang version
> 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld
> (GNU Binutils for Debian) 2.35.2
> >>> userspace arch: arm64
> >>>
> >>> Unfortunately, I don't have any reproducer for this issue yet.
> >>>
> >>> Downloadable assets:
> >>> disk image:
> https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> >>> vmlinux:
> https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
> >>>
> >>> IMPORTANT: if you fix the issue, please add the following tag to
> the commit:
> >>> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
> >>
> >> +Jiri
> >>
> >> It looks like the issue is with the team device. It seems to call
> >> itself infinitely.
> >> team_device_event was mentioned in stack overflow bugs in the past:
> >>
> https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
> >>
> >
> >
> > Taehee Yoo, can you take a look ?
> >
> > Patch series of yours was supposed to limit max nest level to 8
> >
> >
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
> >
>
> I found a reproducer.
>
> #test_team.sh
> ip link add dummy0 type dummy
> ip link set dummy0 up
> for a1 in {0..1}
> do
> ip link add team$a1 type team
> for a2 in {0..1}
> do
> ip link add team$a1$a2 master team$a1 type team
> for a3 in {0..1}
> do
> ip link add team$a1$a2$a3 master team$a1$a2
> type team
> for a4 in {0..1}
> do
> ip link add team$a1$a2$a3$a4 master
> team$a1$a2$a3 type team
> for a5 in {0..1}
> do
> ip link add team$a1$a2$a3$a4$a5
> master team$a1$a2$a3$a4 type team
> for a6 in {0..1}
> do
> ip link add
> team$a1$a2$a3$a4$a5$a6 master team$a1$a2$a3$a4$a5 type team
> ip link add
> macvlan$a1$a2$a3$a4$a5$a6 link dummy0 master team$a1$a2$a3$a4$a5$a6 type
> macvlan
> ip link set
> macvlan$a1$a2$a3$a4$a5$a6 up
> ip link set
> team$a1$a2$a3$a4$a5$a6 up
> done
> ip link set team$a1$a2$a3$a4$a5 up
> done
> ip link set team$a1$a2$a3$a4 up
> done
> ip link set team$a1$a2$a3 up
> done
> ip link set team$a1$a2 up
> done
> ip link set team$a1 up
> done
>
> #test_ethtool.sh
> for a1 in {0..1}
> do
> ethtool -K team$a1 lro $1
> for a2 in {0..1}
> do
> ethtool -K team$a1$a2 lro $1
> for a3 in {0..1}
> do
> ethtool -K team$a1$a2$a3 lro $1
> for a4 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4 lro $1
> for a5 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4$a5
> lro $1
> for a6 in {0..1}
> do
> ethtool -K
> team$a1$a2$a3$a4$a5$a6 lro $1
> ethtool -K
> macvlan$a1$a2$a3$a4$a5$a6 lro $1
> done
> done
> done
> done
> done
> done
>
> shell#1
> bash test_team.sh
> while :
> do
> bash test_ethtool.sh on
> done
> shell#2
> while :
> do
> bash test_ethtool.sh off
> done
>
> We can see a very similar call trace with the above reproducer.
> I think it is the same issue.
Nice repro !
> Could you please test it?
Not sure who is supposed to test it :)
>
> And, I found the fixed same issue too.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
> https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
>
> >
> >
> >
> >>
> >>> x8 : 00000000000c008e x7 : ffff80000818cfc0 x6 : 0000000000000000
> >>> x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
> >>> x2 : 0000000000000008 x1 : ffff00013e520a60 x0 : ffff00013e520000
> >>> Kernel panic - not syncing: kernel stack overflow
> >>> CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted
> 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
> >>> Hardware name: Google Google Compute Engine/Google Compute Engine,
> BIOS Google 09/30/2022
> >>> Call trace:
> >>> dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
> >>> show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163
> >>> __dump_stack lib/dump_stack.c:88 [inline]
> >>> dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
> >>> dump_stack+0x1c/0x58 lib/dump_stack.c:113
> >>> panic+0x218/0x50c kernel/panic.c:274
> >>> nmi_panic+0xbc/0xf0 kernel/panic.c:169
> >>> panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906
> >>> handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848
> >>> __bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549
> >>> mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593
> >>> lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
> >>> do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
> >>> do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
> >>> psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705
> >>> psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851
> >>> psi_sched_switch kernel/sched/stats.h:194 [inline]
> >>> __schedule+0x554/0x5a0 kernel/sched/core.c:6489
> >>> preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806
> >>> arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265
> [inline]
> >>> __el1_irq arch/arm64/kernel/entry-common.c:473 [inline]
> >>> el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485
> >>> el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490
> >>> el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
> >>> arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122
> >>> lock_is_held include/linux/lockdep.h:283 [inline]
> >>> __might_resched+0x7c/0x218 kernel/sched/core.c:9854
> >>> __might_sleep+0x48/0x78 kernel/sched/core.c:9821
> >>> might_alloc include/linux/sched/mm.h:274 [inline]
> >>> slab_pre_alloc_hook mm/slab.h:700 [inline]
> >>> slab_alloc_node mm/slub.c:3162 [inline]
> >>> kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298
> >>> __alloc_skb+0xf8/0x378 net/core/skbuff.c:422
> >>> alloc_skb include/linux/skbuff.h:1257 [inline]
> >>> nlmsg_new include/net/netlink.h:953 [inline]
> >>> genlmsg_new include/net/genetlink.h:410 [inline]
> >>> ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640
> >>> ethtool_notify+0xb4/0x178 net/ethtool/netlink.c:704
> >>> ethnl_notify_features net/ethtool/netlink.c:715 [inline]
> >>> ethnl_netdev_event+0x44/0x60 net/ethtool/netlink.c:723
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_compute_features drivers/net/team/team.c:1031 [inline]
> >>> team_device_event+0x1a8/0x25c drivers/net/team/team.c:3024
> >>> notifier_call_chain kernel/notifier.c:87 [inline]
> >>> raw_notifier_call_chain+0x7c/0x108 kernel/notifier.c:455
> >>> call_netdevice_notifiers_info net/core/dev.c:1945 [inline]
> >>> call_netdevice_notifiers_extack net/core/dev.c:1983 [inline]
> >>> call_netdevice_notifiers net/core/dev.c:1997 [inline]
> >>> netdev_features_change net/core/dev.c:1315 [inline]
> >>> netdev_sync_lower_features+0x13c/0x21c net/core/dev.c:9599
> >>> __netdev_update_features+0x284/0xa88 net/core/dev.c:9751
> >>> netdev_change_features+0x30/0xfc net/core/dev.c:9823
> >>> team_add_slave+0x7c/0x98 drivers/net/team/team.c:1988
> >>> do_set_master net/core/rtnetlink.c:2577 [inline]
> >>> do_setlink+0x5f8/0x17a4 net/core/rtnetlink.c:2787
> >>> __rtnl_newlink net/core/rtnetlink.c:3546 [inline]
> >>> rtnl_newlink+0x988/0xa04 net/core/rtnetlink.c:3593
> >>> rtnetlink_rcv_msg+0x484/0x82c net/core/rtnetlink.c:6090
> >>> netlink_rcv_skb+0xe4/0x1d0 net/netlink/af_netlink.c:2501
> >>> rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6108
> >>> netlink_unicast_kernel+0xfc/0x1dc net/netlink/af_netlink.c:1319
> >>> netlink_unicast+0x164/0x248 net/netlink/af_netlink.c:1345
> >>> netlink_sendmsg+0x484/0x584 net/netlink/af_netlink.c:1921
> >>> sock_sendmsg_nosec net/socket.c:714 [inline]
> >>> sock_sendmsg net/socket.c:734 [inline]
> >>> ____sys_sendmsg+0x2f8/0x440 net/socket.c:2482
> >>> ___sys_sendmsg net/socket.c:2536 [inline]
> >>> __sys_sendmsg+0x1ac/0x228 net/socket.c:2565
> >>> __do_sys_sendmsg net/socket.c:2574 [inline]
> >>> __se_sys_sendmsg net/socket.c:2572 [inline]
> >>> __arm64_sys_sendmsg+0x2c/0x3c net/socket.c:2572
> >>> __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
> >>> invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
> >>> el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
> >>> do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
> >>> el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
> >>> el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
> >>> el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
> >>> SMP: stopping secondary CPUs
> >>> Kernel Offset: disabled
> >>> CPU features: 0x00000,02070084,26017203
> >>> Memory Limit: none
> >>>
> >>>
> >>> ---
> >>> This report is generated by a bot. It may contain errors.
> >>> See https://goo.gl/tpsmEJ for more information about syzbot.
> >>> syzbot engineers can be reached at syzkaller@googlegroups.com.
> >>>
> >>> syzbot will keep track of this issue. See:
> >>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> >>>
> >>> --
> >>> You received this message because you are subscribed to the Google
> Groups "syzkaller-bugs" group.
> >>> To unsubscribe from this group and stop receiving emails from it,
> send an email to syzkaller-bugs+unsubscribe@googlegroups.com.
> >>> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-bugs/000000000000c8900705ead19e41%40google.com.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-13 15:00 ` Taehee Yoo
2022-10-13 16:04 ` Eric Dumazet
@ 2022-10-21 11:08 ` Taehee Yoo
2023-04-07 7:22 ` wangyufen
1 sibling, 1 reply; 14+ messages in thread
From: Taehee Yoo @ 2022-10-21 11:08 UTC (permalink / raw)
To: Eric Dumazet, Dmitry Vyukov
Cc: syzbot, Jiří Pírko, davem, kuba, linux-kernel,
netdev, pabeni, syzkaller-bugs, Cong Wang
Hi,
2022. 10. 14. 오전 12:00에 Taehee Yoo 이(가) 쓴 글:
> Hi,
>
> On 10/12/22 21:19, Eric Dumazet wrote:
> > On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov <dvyukov@google.com>
> wrote:
> >>
> >> On Wed, 12 Oct 2022 at 09:48, syzbot
> >> <syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
> >>>
> >>> Hello,
> >>>
> >>> syzbot found the following issue on:
> >>>
> >>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into
> for-kernelci
> >>> git tree:
> git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
> >>> console output:
> https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> >>> kernel config:
> https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> >>> dashboard link:
> https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> >>> compiler: Debian clang version
> 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld
> (GNU Binutils for Debian) 2.35.2
> >>> userspace arch: arm64
> >>>
> >>> Unfortunately, I don't have any reproducer for this issue yet.
> >>>
> >>> Downloadable assets:
> >>> disk image:
>
https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>
> >>> vmlinux:
>
https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>
> >>>
> >>> IMPORTANT: if you fix the issue, please add the following tag to
> the commit:
> >>> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
> >>
> >> +Jiri
> >>
> >> It looks like the issue is with the team device. It seems to call
> >> itself infinitely.
> >> team_device_event was mentioned in stack overflow bugs in the past:
> >>
>
https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
> >>
> >
> >
> > Taehee Yoo, can you take a look ?
> >
> > Patch series of yours was supposed to limit max nest level to 8
> >
> >
>
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
>
> >
>
> I found a reproducer.
>
> #test_team.sh
> ip link add dummy0 type dummy
> ip link set dummy0 up
> for a1 in {0..1}
> do
> ip link add team$a1 type team
> for a2 in {0..1}
> do
> ip link add team$a1$a2 master team$a1 type team
> for a3 in {0..1}
> do
> ip link add team$a1$a2$a3 master team$a1$a2
> type team
> for a4 in {0..1}
> do
> ip link add team$a1$a2$a3$a4 master
> team$a1$a2$a3 type team
> for a5 in {0..1}
> do
> ip link add team$a1$a2$a3$a4$a5
> master team$a1$a2$a3$a4 type team
> for a6 in {0..1}
> do
> ip link add
> team$a1$a2$a3$a4$a5$a6 master team$a1$a2$a3$a4$a5 type team
> ip link add
> macvlan$a1$a2$a3$a4$a5$a6 link dummy0 master team$a1$a2$a3$a4$a5$a6 type
> macvlan
> ip link set
> macvlan$a1$a2$a3$a4$a5$a6 up
> ip link set
> team$a1$a2$a3$a4$a5$a6 up
> done
> ip link set
team$a1$a2$a3$a4$a5 up
> done
> ip link set team$a1$a2$a3$a4 up
> done
> ip link set team$a1$a2$a3 up
> done
> ip link set team$a1$a2 up
> done
> ip link set team$a1 up
> done
>
> #test_ethtool.sh
> for a1 in {0..1}
> do
> ethtool -K team$a1 lro $1
> for a2 in {0..1}
> do
> ethtool -K team$a1$a2 lro $1
> for a3 in {0..1}
> do
> ethtool -K team$a1$a2$a3 lro $1
> for a4 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4 lro $1
> for a5 in {0..1}
> do
> ethtool -K team$a1$a2$a3$a4$a5
> lro $1
> for a6 in {0..1}
> do
> ethtool -K
> team$a1$a2$a3$a4$a5$a6 lro $1
> ethtool -K
> macvlan$a1$a2$a3$a4$a5$a6 lro $1
> done
> done
> done
> done
> done
> done
>
> shell#1
> bash test_team.sh
> while :
> do
> bash test_ethtool.sh on
> done
> shell#2
> while :
> do
> bash test_ethtool.sh off
> done
>
> We can see a very similar call trace with the above reproducer.
> I think it is the same issue.
> Could you please test it?
>
> And, I found the fixed same issue too.
>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
>
> https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
>
I found the root cause of this issue.
This is simpler reproducer.
ip link add team0 type team
ethtool -K team0 lro on
for i in {1..100}
do
ip link add team$i master team0 type team
ethtool -K team$i lro on
done
ethtool -K team0 lro off
The above graph is like below:
team0
|
+------+------+-----+-----+
| | | | |
team1 team2 team3 ... team100
int __netdev_update_features(struct net_device *dev)
{
struct net_device *upper, *lower;
netdev_features_t features;
struct list_head *iter;
int err = -1;
...
sync_lower:
/* some features must be disabled on lower devices when disabled
* on an upper device (think: bonding master or bridge)
*/
netdev_for_each_lower_dev(dev, lower, iter)
netdev_sync_lower_features(dev, lower, features);
...
static void netdev_sync_lower_features(struct net_device *upper,
struct net_device *lower, netdev_features_t features)
{
netdev_features_t upper_disables = NETIF_F_UPPER_DISABLES;
netdev_features_t feature;
int feature_bit;
for_each_netdev_feature(upper_disables, feature_bit) {
feature = __NETIF_F_BIT(feature_bit);
if (!(features & feature) && (lower->features & feature)) {
netdev_dbg(upper, "Disabling feature %pNF on
lower dev %s.\n",
&feature, lower->name);
lower->wanted_features &= ~feature;
__netdev_update_features(lower);
if (unlikely(lower->features & feature))
netdev_WARN(upper, "failed to disable
%pNF on %s!\n",
&feature, lower->name);
else
netdev_features_change(lower);<-----HERE
}
}
}
void netdev_features_change(struct net_device *dev)
{
call_netdevice_notifiers(NETDEV_FEAT_CHANGE, dev);
}
The code looks like an iterator.
But it would work recursively because of notification.
When team0's feature(LRO) is changed with <ethtool -K team0 lro off>",
__netdev_update_features(team0) is called.
__netdev_update_features(team0) internally sends NETDEV_FEAT_CHANGE
event to all lower interfaces(team1, team2, ... team100).
team1 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
to the upper interface(team0).
team0 will receive NETDEV_FEAT_CHANGE again, and it sends
NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
(At this point, team1 flag was already set, so it will be skipped.)
team2 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
to the upper interface(team0).
team0 will receive NETDEV_FEAT_CHANGE again again, and it sends
NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
(team1, team2 skipped.)
...
So, if there are a few lower interfaces(roughly under 30 lower
interfaces), it anyway works even if internally works recursively.
But so many lower interfaces exist, stack overflow will occur.
This is the root cause of this issue.
I think synchronization direction should be one way.
Up or Down.
It means that if the team0 interface can send the NETDEV_FEAT_CHANGE
notification event to the lower interface,
the lower interfaces should be disallowed to send NETDEV_FEAT_CHANGE
event to the upper interface.
bonding has same issue.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2022-10-21 11:08 ` Taehee Yoo
@ 2023-04-07 7:22 ` wangyufen
2023-04-07 8:17 ` Taehee Yoo
0 siblings, 1 reply; 14+ messages in thread
From: wangyufen @ 2023-04-07 7:22 UTC (permalink / raw)
To: Taehee Yoo, Eric Dumazet, Dmitry Vyukov, Jarod Wilson
Cc: syzbot, Jiří Pírko, davem, kuba, linux-kernel,
netdev, pabeni, syzkaller-bugs, Cong Wang
在 2022/10/21 19:08, Taehee Yoo 写道:
> Hi,
>
> 2022. 10. 14. 오전 12:00에 Taehee Yoo 이(가) 쓴 글:
> > Hi,
> >
> > On 10/12/22 21:19, Eric Dumazet wrote:
> > > On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov <dvyukov@google.com>
> > wrote:
> > >>
> > >> On Wed, 12 Oct 2022 at 09:48, syzbot
> > >> <syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
> > >>>
> > >>> Hello,
> > >>>
> > >>> syzbot found the following issue on:
> > >>>
> > >>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into
> > for-kernelci
> > >>> git tree:
> > git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
> for-kernelci
> > >>> console output:
> > https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
> > >>> kernel config:
> > https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
> > >>> dashboard link:
> > https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
> > >>> compiler: Debian clang version
> > 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld
> > (GNU Binutils for Debian) 2.35.2
> > >>> userspace arch: arm64
> > >>>
> > >>> Unfortunately, I don't have any reproducer for this issue yet.
> > >>>
> > >>> Downloadable assets:
> > >>> disk image:
> >
> https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
> >
> > >>> vmlinux:
> >
> https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
> >
> > >>>
> > >>> IMPORTANT: if you fix the issue, please add the following tag to
> > the commit:
> > >>> Reported-by: syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
> > >>
> > >> +Jiri
> > >>
> > >> It looks like the issue is with the team device. It seems to call
> > >> itself infinitely.
> > >> team_device_event was mentioned in stack overflow bugs in the past:
> > >>
> >
> https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
> > >>
> > >
> > >
> > > Taehee Yoo, can you take a look ?
> > >
> > > Patch series of yours was supposed to limit max nest level to 8
> > >
> > >
> >
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
> >
> > >
> >
> > I found a reproducer.
> >
> > #test_team.sh
> > ip link add dummy0 type dummy
> > ip link set dummy0 up
> > for a1 in {0..1}
> > do
> > ip link add team$a1 type team
> > for a2 in {0..1}
> > do
> > ip link add team$a1$a2 master team$a1 type team
> > for a3 in {0..1}
> > do
> > ip link add team$a1$a2$a3 master team$a1$a2
> > type team
> > for a4 in {0..1}
> > do
> > ip link add team$a1$a2$a3$a4 master
> > team$a1$a2$a3 type team
> > for a5 in {0..1}
> > do
> > ip link add team$a1$a2$a3$a4$a5
> > master team$a1$a2$a3$a4 type team
> > for a6 in {0..1}
> > do
> > ip link add
> > team$a1$a2$a3$a4$a5$a6 master team$a1$a2$a3$a4$a5 type team
> > ip link add
> > macvlan$a1$a2$a3$a4$a5$a6 link dummy0 master team$a1$a2$a3$a4$a5$a6 type
> > macvlan
> > ip link set
> > macvlan$a1$a2$a3$a4$a5$a6 up
> > ip link set
> > team$a1$a2$a3$a4$a5$a6 up
> > done
> > ip link set
> team$a1$a2$a3$a4$a5 up
> > done
> > ip link set team$a1$a2$a3$a4 up
> > done
> > ip link set team$a1$a2$a3 up
> > done
> > ip link set team$a1$a2 up
> > done
> > ip link set team$a1 up
> > done
> >
> > #test_ethtool.sh
> > for a1 in {0..1}
> > do
> > ethtool -K team$a1 lro $1
> > for a2 in {0..1}
> > do
> > ethtool -K team$a1$a2 lro $1
> > for a3 in {0..1}
> > do
> > ethtool -K team$a1$a2$a3 lro $1
> > for a4 in {0..1}
> > do
> > ethtool -K team$a1$a2$a3$a4 lro $1
> > for a5 in {0..1}
> > do
> > ethtool -K team$a1$a2$a3$a4$a5
> > lro $1
> > for a6 in {0..1}
> > do
> > ethtool -K
> > team$a1$a2$a3$a4$a5$a6 lro $1
> > ethtool -K
> > macvlan$a1$a2$a3$a4$a5$a6 lro $1
> > done
> > done
> > done
> > done
> > done
> > done
> >
> > shell#1
> > bash test_team.sh
> > while :
> > do
> > bash test_ethtool.sh on
> > done
> > shell#2
> > while :
> > do
> > bash test_ethtool.sh off
> > done
> >
> > We can see a very similar call trace with the above reproducer.
> > I think it is the same issue.
> > Could you please test it?
> >
> > And, I found the fixed same issue too.
> >
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
> >
> > https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
> >
>
> I found the root cause of this issue.
>
> This is simpler reproducer.
>
> ip link add team0 type team
> ethtool -K team0 lro on
> for i in {1..100}
> do
> ip link add team$i master team0 type team
> ethtool -K team$i lro on
> done
>
> ethtool -K team0 lro off
>
> The above graph is like below:
> team0
> |
> +------+------+-----+-----+
> | | | | |
> team1 team2 team3 ... team100
>
> int __netdev_update_features(struct net_device *dev)
> {
> struct net_device *upper, *lower;
> netdev_features_t features;
> struct list_head *iter;
> int err = -1;
> ...
> sync_lower:
> /* some features must be disabled on lower devices when disabled
> * on an upper device (think: bonding master or bridge)
> */
> netdev_for_each_lower_dev(dev, lower, iter)
> netdev_sync_lower_features(dev, lower, features);
> ...
>
>
> static void netdev_sync_lower_features(struct net_device *upper,
> struct net_device *lower, netdev_features_t features)
> {
> netdev_features_t upper_disables = NETIF_F_UPPER_DISABLES;
> netdev_features_t feature;
> int feature_bit;
>
> for_each_netdev_feature(upper_disables, feature_bit) {
> feature = __NETIF_F_BIT(feature_bit);
> if (!(features & feature) && (lower->features &
> feature)) {
> netdev_dbg(upper, "Disabling feature %pNF on
> lower dev %s.\n",
> &feature, lower->name);
> lower->wanted_features &= ~feature;
> __netdev_update_features(lower);
>
> if (unlikely(lower->features & feature))
> netdev_WARN(upper, "failed to disable
> %pNF on %s!\n",
> &feature, lower->name);
> else
> netdev_features_change(lower);<-----HERE
> }
> }
> }
>
> void netdev_features_change(struct net_device *dev)
> {
> call_netdevice_notifiers(NETDEV_FEAT_CHANGE, dev);
> }
>
> The code looks like an iterator.
> But it would work recursively because of notification.
>
> When team0's feature(LRO) is changed with <ethtool -K team0 lro off>",
> __netdev_update_features(team0) is called.
> __netdev_update_features(team0) internally sends NETDEV_FEAT_CHANGE
> event to all lower interfaces(team1, team2, ... team100).
> team1 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
> to the upper interface(team0).
> team0 will receive NETDEV_FEAT_CHANGE again, and it sends
> NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
> (At this point, team1 flag was already set, so it will be skipped.)
> team2 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
> to the upper interface(team0).
> team0 will receive NETDEV_FEAT_CHANGE again again, and it sends
> NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ... team100).
> (team1, team2 skipped.)
> ...
> So, if there are a few lower interfaces(roughly under 30 lower
> interfaces), it anyway works even if internally works recursively.
> But so many lower interfaces exist, stack overflow will occur.
> This is the root cause of this issue.
>
> I think synchronization direction should be one way.
> Up or Down.
> It means that if the team0 interface can send the NETDEV_FEAT_CHANGE
> notification event to the lower interface,
> the lower interfaces should be disallowed to send NETDEV_FEAT_CHANGE
> event to the upper interface.
>
> bonding has same issue.
Excuse me, is there a fix for this issue? I had the same issue with the
5.10 version of the bonding.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] kernel panic: kernel stack overflow
2023-04-07 7:22 ` wangyufen
@ 2023-04-07 8:17 ` Taehee Yoo
0 siblings, 0 replies; 14+ messages in thread
From: Taehee Yoo @ 2023-04-07 8:17 UTC (permalink / raw)
To: wangyufen, Eric Dumazet, Dmitry Vyukov, Jarod Wilson
Cc: syzbot, Jiří Pírko, davem, kuba, linux-kernel,
netdev, pabeni, syzkaller-bugs, Cong Wang
Hi wangyufen,
On 2023. 4. 7. 오후 4:22, wangyufen wrote:
>
>
> 在 2022/10/21 19:08, Taehee Yoo 写道:
>> Hi,
>>
>> 2022. 10. 14. 오전 12:00에 Taehee Yoo 이(가) 쓴 글:
>> > Hi,
>> >
>> > On 10/12/22 21:19, Eric Dumazet wrote:
>> > > On Wed, Oct 12, 2022 at 12:53 AM Dmitry Vyukov
<dvyukov@google.com>
>> > wrote:
>> > >>
>> > >> On Wed, 12 Oct 2022 at 09:48, syzbot
>> > >> <syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com> wrote:
>> > >>>
>> > >>> Hello,
>> > >>>
>> > >>> syzbot found the following issue on:
>> > >>>
>> > >>> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into
>> > for-kernelci
>> > >>> git tree:
>> > git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
>> for-kernelci
>> > >>> console output:
>> > https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000
>> > >>> kernel config:
>> > https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684
>> > >>> dashboard link:
>> > https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581
>> > >>> compiler: Debian clang version
>> > 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld
>> > (GNU Binutils for Debian) 2.35.2
>> > >>> userspace arch: arm64
>> > >>>
>> > >>> Unfortunately, I don't have any reproducer for this issue yet.
>> > >>>
>> > >>> Downloadable assets:
>> > >>> disk image:
>> >
>>
https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz
>> >
>> > >>> vmlinux:
>> >
>>
https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz
>> >
>> > >>>
>> > >>> IMPORTANT: if you fix the issue, please add the following tag to
>> > the commit:
>> > >>> Reported-by:
>> syzbot+60748c96cf5c6df8e581@syzkaller.appspotmail.com
>> > >>
>> > >> +Jiri
>> > >>
>> > >> It looks like the issue is with the team device. It seems to call
>> > >> itself infinitely.
>> > >> team_device_event was mentioned in stack overflow bugs in the
>> past:
>> > >>
>> >
>>
https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22
>> > >>
>> > >
>> > >
>> > > Taehee Yoo, can you take a look ?
>> > >
>> > > Patch series of yours was supposed to limit max nest level to 8
>> > >
>> > >
>> >
>>
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70
>> >
>> > >
>> >
>> > I found a reproducer.
>> >
>> > #test_team.sh
>> > ip link add dummy0 type dummy
>> > ip link set dummy0 up
>> > for a1 in {0..1}
>> > do
>> > ip link add team$a1 type team
>> > for a2 in {0..1}
>> > do
>> > ip link add team$a1$a2 master team$a1 type team
>> > for a3 in {0..1}
>> > do
>> > ip link add team$a1$a2$a3 master team$a1$a2
>> > type team
>> > for a4 in {0..1}
>> > do
>> > ip link add team$a1$a2$a3$a4 master
>> > team$a1$a2$a3 type team
>> > for a5 in {0..1}
>> > do
>> > ip link add
>> team$a1$a2$a3$a4$a5
>> > master team$a1$a2$a3$a4 type team
>> > for a6 in {0..1}
>> > do
>> > ip link add
>> > team$a1$a2$a3$a4$a5$a6 master team$a1$a2$a3$a4$a5 type team
>> > ip link add
>> > macvlan$a1$a2$a3$a4$a5$a6 link dummy0 master team$a1$a2$a3$a4$a5$a6
>> type
>> > macvlan
>> > ip link set
>> > macvlan$a1$a2$a3$a4$a5$a6 up
>> > ip link set
>> > team$a1$a2$a3$a4$a5$a6 up
>> > done
>> > ip link set
>> team$a1$a2$a3$a4$a5 up
>> > done
>> > ip link set team$a1$a2$a3$a4 up
>> > done
>> > ip link set team$a1$a2$a3 up
>> > done
>> > ip link set team$a1$a2 up
>> > done
>> > ip link set team$a1 up
>> > done
>> >
>> > #test_ethtool.sh
>> > for a1 in {0..1}
>> > do
>> > ethtool -K team$a1 lro $1
>> > for a2 in {0..1}
>> > do
>> > ethtool -K team$a1$a2 lro $1
>> > for a3 in {0..1}
>> > do
>> > ethtool -K team$a1$a2$a3 lro $1
>> > for a4 in {0..1}
>> > do
>> > ethtool -K team$a1$a2$a3$a4 lro $1
>> > for a5 in {0..1}
>> > do
>> > ethtool -K
>> team$a1$a2$a3$a4$a5
>> > lro $1
>> > for a6 in {0..1}
>> > do
>> > ethtool -K
>> > team$a1$a2$a3$a4$a5$a6 lro $1
>> > ethtool -K
>> > macvlan$a1$a2$a3$a4$a5$a6 lro $1
>> > done
>> > done
>> > done
>> > done
>> > done
>> > done
>> >
>> > shell#1
>> > bash test_team.sh
>> > while :
>> > do
>> > bash test_ethtool.sh on
>> > done
>> > shell#2
>> > while :
>> > do
>> > bash test_ethtool.sh off
>> > done
>> >
>> > We can see a very similar call trace with the above reproducer.
>> > I think it is the same issue.
>> > Could you please test it?
>> >
>> > And, I found the fixed same issue too.
>> >
>>
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.0&id=dd912306ff008891c82cd9f63e8181e47a9cb2fb
>> >
>> >
>> https://groups.google.com/g/syzkaller-bugs/c/-5OV1OW-dS4/m/o2Oq6AYSAwAJ
>> >
>>
>> I found the root cause of this issue.
>>
>> This is simpler reproducer.
>>
>> ip link add team0 type team
>> ethtool -K team0 lro on
>> for i in {1..100}
>> do
>> ip link add team$i master team0 type team
>> ethtool -K team$i lro on
>> done
>>
>> ethtool -K team0 lro off
>>
>> The above graph is like below:
>> team0
>> |
>> +------+------+-----+-----+
>> | | | | |
>> team1 team2 team3 ... team100
>>
>> int __netdev_update_features(struct net_device *dev)
>> {
>> struct net_device *upper, *lower;
>> netdev_features_t features;
>> struct list_head *iter;
>> int err = -1;
>> ...
>> sync_lower:
>> /* some features must be disabled on lower devices when
disabled
>> * on an upper device (think: bonding master or bridge)
>> */
>> netdev_for_each_lower_dev(dev, lower, iter)
>> netdev_sync_lower_features(dev, lower, features);
>> ...
>>
>>
>> static void netdev_sync_lower_features(struct net_device *upper,
>> struct net_device *lower, netdev_features_t features)
>> {
>> netdev_features_t upper_disables = NETIF_F_UPPER_DISABLES;
>> netdev_features_t feature;
>> int feature_bit;
>>
>> for_each_netdev_feature(upper_disables, feature_bit) {
>> feature = __NETIF_F_BIT(feature_bit);
>> if (!(features & feature) && (lower->features &
>> feature)) {
>> netdev_dbg(upper, "Disabling feature %pNF on
>> lower dev %s.\n",
>> &feature, lower->name);
>> lower->wanted_features &= ~feature;
>> __netdev_update_features(lower);
>>
>> if (unlikely(lower->features & feature))
>> netdev_WARN(upper, "failed to disable
>> %pNF on %s!\n",
>> &feature, lower->name);
>> else
>>
netdev_features_change(lower);<-----HERE
>> }
>> }
>> }
>>
>> void netdev_features_change(struct net_device *dev)
>> {
>> call_netdevice_notifiers(NETDEV_FEAT_CHANGE, dev);
>> }
>>
>> The code looks like an iterator.
>> But it would work recursively because of notification.
>>
>> When team0's feature(LRO) is changed with <ethtool -K team0 lro off>",
>> __netdev_update_features(team0) is called.
>> __netdev_update_features(team0) internally sends NETDEV_FEAT_CHANGE
>> event to all lower interfaces(team1, team2, ... team100).
>> team1 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
>> to the upper interface(team0).
>> team0 will receive NETDEV_FEAT_CHANGE again, and it sends
>> NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ...
>> team100).
>> (At this point, team1 flag was already set, so it will be skipped.)
>> team2 will receive NETDEV_FEAT_CHANGE, and it sends NETDEV_FEAT_CHANGE
>> to the upper interface(team0).
>> team0 will receive NETDEV_FEAT_CHANGE again again, and it sends
>> NETDEV_FEAT_CHANGE to the all lower interfaces(team1, team2, ...
>> team100).
>> (team1, team2 skipped.)
>> ...
>> So, if there are a few lower interfaces(roughly under 30 lower
>> interfaces), it anyway works even if internally works recursively.
>> But so many lower interfaces exist, stack overflow will occur.
>> This is the root cause of this issue.
>>
>> I think synchronization direction should be one way.
>> Up or Down.
>> It means that if the team0 interface can send the NETDEV_FEAT_CHANGE
>> notification event to the lower interface,
>> the lower interfaces should be disallowed to send NETDEV_FEAT_CHANGE
>> event to the upper interface.
>>
>> bonding has same issue.
>
> Excuse me, is there a fix for this issue? I had the same issue with the
> 5.10 version of the bonding.
It is not fixed, I will fix it.
I found the problem of this issue, but I couldn't find a good solution yet.
I think It would need relatively much time for fixing it.
Thanks!
Taehee Yoo
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2023-04-07 8:18 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-12 7:48 [syzbot] kernel panic: kernel stack overflow syzbot
2022-10-12 7:53 ` Dmitry Vyukov
2022-10-12 12:19 ` Eric Dumazet
2022-10-12 13:31 ` Taehee Yoo
2022-10-13 15:00 ` Taehee Yoo
2022-10-13 16:04 ` Eric Dumazet
2022-10-21 11:08 ` Taehee Yoo
2023-04-07 7:22 ` wangyufen
2023-04-07 8:17 ` Taehee Yoo
2022-10-12 13:11 ` Jiri Pirko
2022-10-12 13:54 ` Dmitry Vyukov
2022-10-12 15:08 ` Jiri Pirko
2022-10-12 16:42 ` Eric Dumazet
2022-10-13 7:11 ` Jiri Pirko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).