Received: by 2002:ab2:3141:0:b0:1ed:23cc:44d1 with SMTP id i1csp883244lqg; Sat, 2 Mar 2024 05:52:56 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVh+0xtkGIYlfsCU41I+GLIiTrPB+6zimZeU0XThS8qvEEoDW2+EdvIbUKXvqLc+NuGKJUP8d2JtC033Z+JuGkTJgsRfuAFpVifaCoz9w== X-Google-Smtp-Source: AGHT+IGm2W68Cnv7Q3DfcQvGVXW66CsxPHq8bswbh0ZSh5y/sjvr6BINQqzzBNGlhcovMS7dMLZ9 X-Received: by 2002:a92:d111:0:b0:365:d2be:3de6 with SMTP id a17-20020a92d111000000b00365d2be3de6mr3841800ilb.2.1709387576291; Sat, 02 Mar 2024 05:52:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709387576; cv=pass; d=google.com; s=arc-20160816; b=fX6me+B3PuWefbOwck5l80JlxlIP1/1rxUc/c04oewgFu8toq5+Texj/qaxl38Icyu hJQi7DgsrLJ6f68knlFcWComANZFmNWtoqJFNBbQxeJbrqZHU7o/rqHQnCuR8BWllTz9 qkSXy/u8XzPYpfyM9SNBVadHn79K3gJMpWR+j3AlFqlaFceSOOUmq3fw0Of+W/62tB/o YbgMitI8bZlmRumdWtJPxyOwCazJwxT96IsS+JBwcIGEzi3w6TKh+Bv9x+QxAQOZeLoV oLk4eJOnlFqpcAAbjMAt8Xg6tftJ/hJBJ5tPLM7RM3hQwM83dxa/8D2LjEm2Uxcv1pEe Mg/Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=FaKf0wjhl0NBGluN/844FZxvFZTkczu/pWwR8w+hej8=; fh=hQcs/V6pteCm/WOQFmLIzlwaceNF5Pagq7LaRxyjQM4=; b=yPf9hgzrN0T0ukQN95urJbNnIQyNIcWW1097sB+S5owtYY7S6TtXQzcmMOrS9z2TvI 7RQSsy5OUIvz2WInaPakrDMSDQMa2f5fnAJN8c/zO6bOfVFhRLW1xEBztUlqpIUbI8vU BYhjiBsUyWOGrMk4fynEMaQWJLNPL5fI4O56R5LSPHUZIf3+/6BXokl858r7j2wVzhox 5JGRkgNuwUMOq8Wc2yOaasLOYdc8KckodbvgtI773YTPHxTFALAKFtFIJbdwPgJfr80R dqHWYN8dPEsK7W4iQ2IIWq9eFmz2+IQP1CNSw5obSjo4AWVydBHeL7ZxVhXLDH65Htwb 6fJw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=G5w0AUPY; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-89452-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-89452-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id q1-20020a635041000000b005dc484bc9efsi5485519pgl.22.2024.03.02.05.52.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 02 Mar 2024 05:52:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-89452-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=G5w0AUPY; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-89452-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-89452-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7EEF7283930 for ; Sat, 2 Mar 2024 13:52:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1AF6E1775A; Sat, 2 Mar 2024 13:52:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="G5w0AUPY" Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 485521C16; Sat, 2 Mar 2024 13:52:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709387557; cv=none; b=Vibw8B8p/hQy6Z3LaP0tINH0aDFFdvdRoSTBRMjAM+OByeSHNflVou3SXRtpKV1/tre7uyGTjsUAruQGidUVL7ZLsBXWoVdDRXoc9tnO69QzajMfgRYqdJ+c+tUZIQG5BZq33GPzc2hFKsaIgBucqZPdrJTL9HSBRfpx7s1KUmg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709387557; c=relaxed/simple; bh=cJltSKSReU3gn2Kq7YwMuZ8+3CkYBmFr8Krv1X0oUk4=; h=MIME-Version:From:Date:Message-ID:Subject:To:Cc:Content-Type; b=IiXJjVZoCRBKQpthGDaVRb4pR/v3uiGkpC7r+6bomDbMPDco/9Wj/7LUL3DlU28vOsCKeC0I/X2X6IYA3oXohEtTL0OSJQaaC+V5Fj5SO02In2DR5yaRac6aHo8Qg0Jwy1CH4pNpQw2DIxx8kdVknHhu80EcNY5lzk3nFHagQkE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=G5w0AUPY; arc=none smtp.client-ip=209.85.215.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pg1-f170.google.com with SMTP id 41be03b00d2f7-5cddc5455aeso2496417a12.1; Sat, 02 Mar 2024 05:52:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1709387555; x=1709992355; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=FaKf0wjhl0NBGluN/844FZxvFZTkczu/pWwR8w+hej8=; b=G5w0AUPYoIqkB2ckMYNo2GNQjmtfX8VOKEwunhbyS/Ra+F0uPXastZgF3izghQv8Gm opSHlxUY4X5gee2kb50iu9px5hUnoqNv42FsyLcVeirvRYRO+9f8hLI2tUWsba2Dt41x kyTZ9ubFtjNqjVxrcLE+/JmZEF/Sqao7RMwCftBTGGtvcW8Ndi3lc/aLS7qrD9LYkybh GX3AhthlarU19lUuiufH+JTTWTwC+clOPLoRST7J5+0gGT+WE7AqudCdoG9kkwB6hJYc pmUgK8Z9B2bcY2khAmzo6Rw3xBIqFayBDGCxs5CiYBdAJwX18qu0P5H3sBisGN4YsPGR SJNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709387555; x=1709992355; h=content-transfer-encoding:cc:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FaKf0wjhl0NBGluN/844FZxvFZTkczu/pWwR8w+hej8=; b=G3scJpC25F/g+KX0nq/tZyp78CVdIMHqqAKxX+XUJn/tcpFgQreZOFdp+JiyqtyXXl qph5mj1AlEzhLngDk+TSaACPT2+EQVaOHxpTBzBm5rkzS/1g68/ddJ8UAhY4GdhSGqsR Fz0DM+RDXOPKGVQs2tdoE0slOGqBGJoEaBZ/nVnz1faNfjuhA77glvEW9a7x+87sdpbh n7cnw3E9QJFAN7ZB6vKj+y1UzUZrGM2MSN3Pov5XfXqlrZiKwvIGB1ejXDL9ms5CgbeG HsN+VUjBzaVkm4saL77wfr0Tof2iirQNhb9WpCabSLspc2QlvP8XqEaXbT8EGVKL5asD 6PnQ== X-Forwarded-Encrypted: i=1; AJvYcCWo4bCQaH/6a32fOUtSePk3c15GByQAp+AwG4iuhIMPKRpBTiP4Nrl36FqIUd1K/OE+LVbh2bq+h8IVItX+Zcx89weI92J8KneI5jut+eLRrbm315k3faRyyf48a88DM67XuS5h X-Gm-Message-State: AOJu0YxDuPQK37itZ5o6AKyprkD7hB89cu3cvq7CRs4KJE+N6Z9NHRJ5 DSaPXsMcVUxwl5KzOb4wA5U91xlMcgj7Yv3QFgKLzPeSs/DUjwNkWqFDGhD0cdVeCX2jH52eZV0 vZJapT5uclabWlRWAnhuJ5wZc0KA= X-Received: by 2002:a05:6a20:a10f:b0:1a1:4b3e:5ef1 with SMTP id q15-20020a056a20a10f00b001a14b3e5ef1mr102246pzk.26.1709387555443; Sat, 02 Mar 2024 05:52:35 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: xingwei lee Date: Sat, 2 Mar 2024 21:52:24 +0800 Message-ID: Subject: Re: [syzbot] [net?] possible deadlock in team_port_change_check (2) To: syzbot+3c47b5843403a45aef57@syzkaller.appspotmail.com Cc: davem@davemloft.net, Eric Dumazet , jiri@resnulli.us, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello, I reproduced this bug and comfired in the latest net tree. However, I can only make sure syzlang reproducer can work, C reproducer can=E2=80=99t work. Anyway, I uploaded it here. If you fix this issue, please add the following tag to the commit: Reported-by: xingwei lee I use the same configuation with syzbot dashboard. kernel version: net tree 2a770cdc4382b457ca3d43d03f0f0064f905a0d0 kernel config: https://syzkaller.appspot.com/text?tag=3DKernelConfig&x=3Def= f9f3183d0a20dd with KASAN enabled compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.4= 0 root@syzkaller:~/linux_amd64# ./syz-execprog -repeat 0 ../repro.txt [ 6971.160730][T106447] team0: Device veth0_vlan failed to register rx_hand= ler [ 6971.239311][T106447] [ 6971.240256][T106447] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D [ 6971.248075][T106447] WARNING: possible recursive locking detected [ 6971.252130][T106447] 6.8.0-rc5 #1 Not tainted [ 6971.253807][T106447] -------------------------------------------- [ 6971.258294][T106447] syz-executor/106447 is trying to acquire lock: [ 6971.262149][T106447] ffff888023bfad00 (team->team_lock_key#6){+.+.}-{3:3}, at: team_port_change_che0 [ 6971.272457][T106447] [ 6971.272457][T106447] but task is already holding lock: [ 6971.275722][T106447] ffff888023bfad00 (team->team_lock_key#6){+.+.}-{3:3}, at: team_add_slave+0xb2/0 [ 6971.277391][T106447] [ 6971.277391][T106447] other info that might help us debug this: [ 6971.278742][T106447] Possible unsafe locking scenario: [ 6971.278742][T106447] [ 6971.285531][T106447] CPU0 [ 6971.286119][T106447] ---- [ 6971.286685][T106447] lock(team->team_lock_key#6); [ 6971.294371][T106447] lock(team->team_lock_key#6); [ 6971.295269][T106447] [ 6971.295269][T106447] *** DEADLOCK *** [ 6971.295269][T106447] [ 6971.336594][T106447] May be due to missing lock nesting notation [ 6971.336594][T106447] [ 6971.337974][T106447] 2 locks held by syz-executor/106447: [ 6971.338906][T106447] #0: ffffffff8f7759c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x890/0x0 [ 6971.345377][T106447] #1: ffff888023bfad00 (team->team_lock_key#6){+.+.}-{3:3}, at: team_add_slave+0 [ 6971.347076][T106447] [ 6971.347076][T106447] stack backtrace: [ 6971.358055][T106447] CPU: 1 PID: 106447 Comm: syz-executor Not tainted 6.8.0-rc5 #1 [ 6971.375491][T106447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.164 [ 6971.384912][T106447] Call Trace: [ 6971.386057][T106447] [ 6971.387087][T106447] dump_stack_lvl+0x1f4/0x2f0 [ 6971.391295][T106447] ? __pfx_dump_stack_lvl+0x10/0x10 [ 6971.400249][T106447] ? print_deadlock_bug+0x479/0x620 [ 6971.402409][T106447] ? _find_first_zero_bit+0xe1/0x110 [ 6971.404284][T106447] validate_chain+0x15c0/0x58e0 [ 6971.407870][T106447] ? mark_lock+0x9a/0x350 [ 6971.410151][T106447] ? __pfx_validate_chain+0x10/0x10 [ 6971.447513][T106447] ? __lock_acquire+0x1345/0x1fd0 [ 6971.452451][T106447] ? mark_lock+0x9a/0x350 [ 6971.453974][T106447] ? __lock_acquire+0x1345/0x1fd0 [ 6971.459800][T106447] ? mark_lock+0x9a/0x350 [ 6971.467966][T106447] __lock_acquire+0x1345/0x1fd0 [ 6971.469667][T106447] lock_acquire+0x1e3/0x530 [ 6971.471195][T106447] ? team_port_change_check+0x56/0x200 [ 6971.485003][T106447] ? __pfx_lock_acquire+0x10/0x10 [ 6971.486723][T106447] ? lockdep_hardirqs_on+0x98/0x140 [ 6971.495451][T106447] ? __pfx___might_resched+0x10/0x10 [ 6971.497220][T106447] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 6971.510125][T106447] ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10 [ 6971.516047][T106447] ? lock_timer_base+0x257/0x270 [ 6971.517711][T106447] __mutex_lock+0x136/0xd70 [ 6971.524165][T106447] ? team_port_change_check+0x56/0x200 [ 6971.531180][T106447] ? bond_netdev_event+0xe6/0xf80 [ 6971.552437][T106447] ? __timer_delete_sync+0x165/0x320 [ 6971.555487][T106447] ? team_port_change_check+0x56/0x200 [ 6971.557402][T106447] ? __pfx___mutex_lock+0x10/0x10 [ 6971.585609][T106447] ? __asan_memset+0x23/0x50 [ 6971.588329][T106447] team_port_change_check+0x56/0x200 [ 6971.613558][T106447] team_device_event+0x172/0x5e0 [ 6971.615307][T106447] ? notifier_call_chain+0x171/0x3e0 [ 6971.617138][T106447] notifier_call_chain+0x19c/0x3e0 [ 6971.640031][T106447] dev_close_many+0x344/0x4d0 [ 6971.663799][T106447] ? __pfx_dev_close_many+0x10/0x10 [ 6971.665582][T106447] vlan_device_event+0x1962/0x1e90 [ 6971.667257][T106447] ? br_device_event+0x151/0x9d0 [ 6971.668865][T106447] ? __pfx_phonet_device_notify+0x10/0x10 [ 6971.681103][T106447] ? __pfx_vlan_device_event+0x10/0x10 [ 6971.689708][T106447] ? __pfx_br_device_event+0x10/0x10 [ 6971.702341][T106447] ? raw_notifier+0xa6/0x770 [ 6971.703945][T106447] ? cgw_notifier+0xdd/0x3c0 [ 6971.717620][T106447] notifier_call_chain+0x19c/0x3e0 [ 6971.719396][T106447] dev_close_many+0x344/0x4d0 [ 6971.723625][T106447] ? __pfx_dev_close_many+0x10/0x10 [ 6971.725406][T106447] dev_close+0x1c9/0x2d0 [ 6971.736927][T106447] ? __pfx_dev_close+0x10/0x10 [ 6971.741054][T106447] ? vlan_vids_del_by_dev+0x2b5/0x310 [ 6971.742923][T106447] team_add_slave+0x1bf3/0x28b0 [ 6971.747342][T106447] ? __pfx___dev_notify_flags+0x10/0x10 [ 6971.749385][T106447] ? __dev_change_flags+0x536/0x710 [ 6971.753249][T106447] ? __pfx_team_add_slave+0x10/0x10 [ 6971.760179][T106447] ? __pfx___dev_change_flags+0x10/0x10 [ 6971.762084][T106447] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 6971.764253][T106447] ? mutex_is_locked+0x12/0x50 [ 6971.765935][T106447] do_setlink+0xed1/0x43f0 [ 6971.769819][T106447] ? __pfx____ratelimit+0x10/0x10 [ 6971.771521][T106447] ? __pfx_do_setlink+0x10/0x10 [ 6971.779962][T106447] ? __nla_validate_parse+0x26b1/0x3140 [ 6971.781727][T106447] ? __pfx___nla_validate_parse+0x10/0x10 [ 6971.783590][T106447] ? __pfx_validate_chain+0x10/0x10 [ 6971.785386][T106447] ? __pfx_lock_acquire+0x10/0x10 [ 6971.787128][T106447] ? is_bpf_text_address+0x2b/0x2d0 [ 6971.788900][T106447] ? validate_linkmsg+0x75d/0x960 [ 6971.795596][T106447] rtnl_setlink+0x431/0x5d0 [ 6971.797190][T106447] ? mark_lock+0x9a/0x350 [ 6971.798632][T106447] ? __pfx_rtnl_setlink+0x10/0x10 [ 6971.812898][T106447] ? __kernel_text_address+0xd/0x40 [ 6971.814699][T106447] ? rcu_read_unlock+0x9b/0xb0 [ 6971.816298][T106447] ? __pfx___mutex_lock+0x10/0x10 [ 6971.821333][T106447] ? __pfx_rtnl_setlink+0x10/0x10 [ 6971.835950][T106447] rtnetlink_rcv_msg+0x8eb/0x10e0 [ 6971.836899][T106447] ? rtnetlink_rcv_msg+0x227/0x10e0 [ 6971.837816][T106447] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 6971.838758][T106447] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 6971.851410][T106447] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 6971.852604][T106447] ? __local_bh_enable_ip+0x168/0x200 [ 6971.853545][T106447] ? lockdep_hardirqs_on+0x98/0x140 [ 6971.863452][T106447] ? __local_bh_enable_ip+0x168/0x200 [ 6971.865250][T106447] ? __dev_queue_xmit+0x2d1/0x3c70 [ 6971.866978][T106447] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 6971.880602][T106447] ? __dev_queue_xmit+0x2d1/0x3c70 [ 6971.882349][T106447] ? __dev_queue_xmit+0x169b/0x3c70 [ 6971.886063][T106447] ? __dev_queue_xmit+0x2d1/0x3c70 [ 6971.895914][T106447] ? ref_tracker_free+0x648/0x7e0 [ 6971.897626][T106447] netlink_rcv_skb+0x1ee/0x450 [ 6971.899256][T106447] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 6971.901113][T106447] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 6971.908171][T106447] ? netlink_deliver_tap+0x33/0x1c0 [ 6971.915811][T106447] netlink_unicast+0x80d/0x9b0 [ 6971.916649][T106447] ? __pfx_netlink_unicast+0x10/0x10 [ 6971.917598][T106447] ? __virt_addr_valid+0x4a8/0x580 [ 6971.918508][T106447] ? __phys_addr_symbol+0x36/0x80 [ 6971.927482][T106447] ? __check_object_size+0x4e2/0xa60 [ 6971.928527][T106447] ? bpf_lsm_netlink_send+0xe/0x20 [ 6971.929516][T106447] netlink_sendmsg+0xa63/0xda0 [ 6971.930477][T106447] ? __pfx_netlink_sendmsg+0x10/0x10 [ 6971.959582][T106447] ? aa_sock_msg_perm+0x9e/0x160 [ 6971.960633][T106447] ? bpf_lsm_socket_sendmsg+0xe/0x20 [ 6971.961575][T106447] ? security_socket_sendmsg+0x92/0xb0 [ 6971.962546][T106447] ? __pfx_netlink_sendmsg+0x10/0x10 [ 6971.991813][T106447] __sock_sendmsg+0x230/0x280 [ 6971.993488][T106447] sock_write_iter+0x2f9/0x420 [ 6971.995138][T106447] ? __pfx_sock_write_iter+0x10/0x10 [ 6972.001110][T106447] ? futex_wait_queue+0x156/0x1e0 [ 6972.004680][T106447] ? futex_unqueue+0xd8/0x100 [ 6972.015657][T106447] do_iter_readv_writev+0x489/0x660 [ 6972.018731][T106447] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 6972.022915][T106447] ? bpf_lsm_file_permission+0xe/0x20 [ 6972.045752][T106447] ? security_file_permission+0x8a/0xb0 [ 6972.046896][T106447] ? rw_verify_area+0x1e7/0x5b0 [ 6972.047864][T106447] vfs_writev+0x3a8/0xbe0 [ 6972.048632][T106447] ? __pfx_vfs_writev+0x10/0x10 [ 6972.049483][T106447] ? __fget_files+0x2d/0x4a0 [ 6972.050281][T106447] ? __fdget_pos+0x1aa/0x340 [ 6972.064863][T106447] do_writev+0x1bf/0x360 [ 6972.079653][T106447] ? __pfx_do_writev+0x10/0x10 [ 6972.080726][T106447] ? do_syscall_64+0x108/0x240 [ 6972.081604][T106447] ? do_syscall_64+0xb4/0x240 [ 6972.082447][T106447] do_syscall_64+0xf9/0x240 [ 6972.100393][T106447] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 6972.112331][T106447] RIP: 0033:0x7fca8767dde9 [ 6972.114344][T106447] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 8 [ 6972.146796][T106447] RSP: 002b:00007fca883de0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 6972.175640][T106447] RAX: ffffffffffffffda RBX: 00007fca877abf80 RCX: 00007fca8767dde9 [ 6972.191791][T106447] RDX: 0000000000000001 RSI: 0000000020000400 RDI: 0000000000000003 [ 6972.209957][T106447] RBP: 00007fca876ca47a R08: 0000000000000000 R09: 0000000000000000 [ 6972.211305][T106447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 6972.212594][T106447] R13: 000000000000000b R14: 00007fca877abf80 R15: 00007ffddc5cb5f8 [ 6972.213901][T106447] Remember to run this repro.txt with the command: syz-execprog -repeat 0 ./repro.txt and wait for about 1minus, the bug triggered very steady. =3D* repro.txt =3D* r0 =3D socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000400)=3D[{&(0x7f0000000580)=3D"3900000013000b4600bb6= 5e1c3e4ffff0100001038000000560000022500000019000a001000000007fd17e5ffff0800= 04000000000000000a", 0x39}], 0x1) writev(0xffffffffffffffff, &(0x7f0000000400)=3D[{&(0x7f0000000580)=3D"3900000013000b4600bb65e1c3e4ffff= 0100000936000000560000022500000019000a001000000007fd17e5ffff080004000000000= 000000a", 0x39}], 0x1) and see also in https://gist.github.com/xrivendell7/dea2d84fe5efdb17eedcdb3e17297ffe I hope it helps. xingwei Lee