possible deadlock in hsr_dev

Kernel	Title	Repro	Cause bisect	Count	Last	Reported	Patched	Status
linux-5.15	possible deadlock in hsr_dev_xmit			5	107d	160d	0/3	auto-obsoleted due to no activity on 2024/10/15 17:23
linux-6.1	possible deadlock in hsr_dev_xmit			1	136d	136d	0/3	auto-obsoleted due to no activity on 2024/09/16 01:23
upstream	possible deadlock in hsr_dev_xmit (2) net	C	done	448	19h35m	208d	0/28	upstream: reported C repro on 2024/03/28 14:20
upstream	possible deadlock in hsr_dev_xmit net			1	573d	569d	0/28	auto-obsoleted due to no activity on 2023/07/27 11:35

============================================ WARNING: possible recursive locking detected 6.1.113-syzkaller #0 Not tainted -------------------------------------------- syz.4.2017/9578 is trying to acquire lock: ffff88807a790d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88807a790d88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x13a/0x210 net/hsr/hsr_device.c:219 but task is already holding lock: ffff88804f51ad88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] ffff88804f51ad88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x272/0xad0 net/hsr/hsr_device.c:300 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&hsr->seqnr_lock); lock(&hsr->seqnr_lock); *** DEADLOCK *** May be due to missing lock nesting notation 9 locks held by syz.4.2017/9578: #0: ffff888143bd8360 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_global_lock_killable drivers/block/loop.c:120 [inline] #0: ffff888143bd8360 (&lo->lo_mutex){+.+.}-{3:3}, at: loop_configure+0x1f9/0x1270 drivers/block/loop.c:1018 #1: ffffffff8d2071e0 (console_lock){+.+.}-{0:0}, at: _printk+0xd1/0x111 kernel/printk/printk.c:2328 #2: ffffc90000007bc0 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc2/0x6b0 kernel/time/timer.c:1501 #3: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #3: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #3: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0x9f/0x340 net/hsr/hsr_device.c:377 #4: ffff88804f51ad88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #4: ffff88804f51ad88 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_hsr_supervision_frame+0x272/0xad0 net/hsr/hsr_device.c:300 #5: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #5: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #5: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0xaa/0x2390 net/hsr/hsr_forward.c:614 #6: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline] #6: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:843 [inline] #6: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d6/0x3d50 net/core/dev.c:4220 #7: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline] #7: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline] #7: ffffffff8d32afc0 (rcu_read_lock){....}-{1:2}, at: br_dev_xmit+0x212/0x18e0 net/bridge/br_device.c:49 #8: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline] #8: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:843 [inline] #8: ffffffff8d32b020 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d6/0x3d50 net/core/dev.c:4220 stack backtrace: CPU: 0 PID: 9578 Comm: syz.4.2017 Not tainted 6.1.113-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 print_deadlock_bug kernel/locking/lockdep.c:2983 [inline] check_deadlock kernel/locking/lockdep.c:3026 [inline] validate_chain+0x4711/0x5950 kernel/locking/lockdep.c:3812 __lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049 lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] hsr_dev_xmit+0x13a/0x210 net/hsr/hsr_device.c:219 __netdev_start_xmit include/linux/netdevice.h:4853 [inline] netdev_start_xmit include/linux/netdevice.h:4867 [inline] xmit_one net/core/dev.c:3627 [inline] dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3643 __dev_queue_xmit+0x1b5d/0x3d50 net/core/dev.c:4297 dev_queue_xmit include/linux/netdevice.h:3021 [inline] br_dev_queue_push_xmit+0x6fe/0x8c0 net/bridge/br_forward.c:53 NF_HOOK+0x39f/0x450 include/linux/netfilter.h:302 br_forward_finish+0xe1/0x130 net/bridge/br_forward.c:66 NF_HOOK+0x39f/0x450 include/linux/netfilter.h:302 __br_forward+0x430/0x5f0 net/bridge/br_forward.c:115 deliver_clone net/bridge/br_forward.c:131 [inline] maybe_deliver+0xb3/0x150 net/bridge/br_forward.c:189 br_flood+0x2e7/0x440 net/bridge/br_forward.c:231 br_dev_xmit+0x1194/0x18e0 __netdev_start_xmit include/linux/netdevice.h:4853 [inline] netdev_start_xmit include/linux/netdevice.h:4867 [inline] xmit_one net/core/dev.c:3627 [inline] dev_hard_start_xmit+0x261/0x8c0 net/core/dev.c:3643 __dev_queue_xmit+0x1b5d/0x3d50 net/core/dev.c:4297 dev_queue_xmit include/linux/netdevice.h:3021 [inline] hsr_xmit net/hsr/hsr_forward.c:380 [inline] hsr_forward_do net/hsr/hsr_forward.c:471 [inline] hsr_forward_skb+0x17f3/0x2390 net/hsr/hsr_forward.c:619 send_hsr_supervision_frame+0x540/0xad0 net/hsr/hsr_device.c:323 hsr_announce+0x1a4/0x340 net/hsr/hsr_device.c:379 call_timer_fn+0x1ad/0x6b0 kernel/time/timer.c:1504 expire_timers kernel/time/timer.c:1549 [inline] __run_timers+0x67c/0x890 kernel/time/timer.c:1820 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1833 handle_softirqs+0x2ee/0xa40 kernel/softirq.c:571 __do_softirq kernel/softirq.c:605 [inline] invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x157/0x240 kernel/softirq.c:654 irq_exit_rcu+0x5/0x20 kernel/softirq.c:666 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1106 [inline] sysvec_apic_timer_interrupt+0xa0/0xc0 arch/x86/kernel/apic/apic.c:1106 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x16/0x20 arch/x86/include/asm/idtentry.h:691 RIP: 0010:console_emit_next_record+0xd67/0x1000 kernel/printk/printk.c:2786 Code: f6 1b 00 44 0f b6 74 24 1f 48 83 7c 24 30 00 75 07 e8 ad f6 1b 00 eb 06 e8 a6 f6 1b 00 fb 48 c7 84 24 a0 00 00 00 0e 36 e0 45 <43> c7 04 2c 00 00 00 00 4b c7 44 2c 0a 00 00 00 00 4b c7 44 2c 12 RSP: 0018:ffffc900039cec40 EFLAGS: 00000287 RAX: ffffffff816e9c1a RBX: ffffffff816e995c RCX: 0000000000040000 RDX: ffffc9000de4a000 RSI: 0000000000022770 RDI: 0000000000022771 RBP: ffffc900039ceef0 R08: ffffffff816e9bf2 R09: fffffbfff224604d R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 R13: 1ffff92000739d9c R14: 0000000000000001 R15: 0000000000000000 console_unlock+0x278/0x7c0 kernel/printk/printk.c:2906 vprintk_emit+0x523/0x740 kernel/printk/printk.c:2303 _printk+0xd1/0x111 kernel/printk/printk.c:2328 set_capacity_and_notify+0x2b0/0x340 block/genhd.c:91 loop_set_size+0x44/0xa0 drivers/block/loop.c:232 loop_configure+0xd1d/0x1270 drivers/block/loop.c:1095 lo_ioctl+0x882/0x2010 blkdev_ioctl+0x3a9/0x760 block/ioctl.c:619 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f8a5db7dbfb Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 RSP: 002b:00007f8a5e88fd10 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f8a5db7dbfb RDX: 0000000000000003 RSI: 0000000000004c00 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000607 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 R13: 00007f8a5e88fdec R14: 00007f8a5e88fdf0 R15: 00007f8a539f7000 </TASK> ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 1b 00 sbb (%rax),%eax 2: 44 0f b6 74 24 1f movzbl 0x1f(%rsp),%r14d 8: 48 83 7c 24 30 00 cmpq $0x0,0x30(%rsp) e: 75 07 jne 0x17 10: e8 ad f6 1b 00 call 0x1bf6c2 15: eb 06 jmp 0x1d 17: e8 a6 f6 1b 00 call 0x1bf6c2 1c: fb sti 1d: 48 c7 84 24 a0 00 00 movq $0x45e0360e,0xa0(%rsp) 24: 00 0e 36 e0 45 * 29: 43 c7 04 2c 00 00 00 movl $0x0,(%r12,%r13,1) <-- trapping instruction 30: 00 31: 4b c7 44 2c 0a 00 00 movq $0x0,0xa(%r12,%r13,1) 38: 00 00 3a: 4b rex.WXB 3b: c7 .byte 0xc7 3c: 44 2c 12 rex.R sub $0x12,%al

Crashes (2):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2024/10/18 06:53	linux-6.1.y	54d90d17e8ce	666f77ed	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	possible deadlock in hsr_dev_xmit
2024/10/18 06:51	linux-6.1.y	54d90d17e8ce	666f77ed	.config	console log	report			info	[disk image] [vmlinux] [kernel image]	ci2-linux-6-1-kasan	possible deadlock in hsr_dev_xmit

Crashes (2):

Assets (help?)