syzbot

 sign-in | mailing list | source | docs
🐞 Open [745]
🐞 Fixed [120]
🐞 Invalid [785]
Missing Backports [75]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in __dev_queue_xmit (3)

Status: upstream: reported on 2024/10/25 05:17
Reported-by: syzbot+1f5d85a41ae645abffc0@syzkaller.appspotmail.com
First crash: 241d, last: 23h13m
Similar bugs (12)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 possible deadlock in __dev_queue_xmit 4 2192d 2262d 0/3 auto-closed as invalid on 2019/10/25 08:36
upstream possible deadlock in __dev_queue_xmit (3) net C done inconclusive 1025 7d02h 2029d 0/29 upstream: reported C repro on 2019/12/03 09:55
linux-4.19 possible deadlock in __dev_queue_xmit C error 5 1370d 1788d 0/1 upstream: reported C repro on 2020/07/31 07:05
android-414 possible deadlock in __dev_queue_xmit 3 2251d 2262d 0/1 auto-closed as invalid on 2019/10/21 21:31
android-44 possible deadlock in __dev_queue_xmit 14 2028d 2089d 0/2 auto-closed as invalid on 2020/04/02 07:14
linux-6.1 possible deadlock in __dev_queue_xmit 98 612d 725d 0/3 auto-obsoleted due to no activity on 2023/12/28 22:22
linux-4.14 possible deadlock in __dev_queue_xmit 7 1738d 2183d 0/1 auto-closed as invalid on 2021/01/16 21:33
upstream possible deadlock in __dev_queue_xmit net 1 2350d 2350d 0/29 closed as invalid on 2019/03/10 18:51
linux-5.15 possible deadlock in __dev_queue_xmit 113 677d 812d 0/3 auto-obsoleted due to no activity on 2023/10/25 04:56
linux-6.1 possible deadlock in __dev_queue_xmit (2) 7 411d 520d 0/3 auto-obsoleted due to no activity on 2024/08/16 05:44
linux-5.15 possible deadlock in __dev_queue_xmit (2) origin:lts-only C done 73 17h09m 556d 0/3 upstream: reported C repro on 2023/12/15 02:11
upstream possible deadlock in __dev_queue_xmit (2) kernel 2 2163d 2278d 0/29 auto-closed as invalid on 2019/11/19 09:01

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.1.141-syzkaller #0 Not tainted
--------------------------------------------
kworker/1:15/4489 is trying to acquire lock:
ffff88807d5f7218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff88807d5f7218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3925 [inline]
ffff88807d5f7218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x208f/0x3760 net/core/dev.c:4300

but task is already holding lock:
ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:361 [inline]
ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:195 [inline]
ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3882 [inline]
ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x129a/0x3760 net/core/dev.c:4300

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

11 locks held by kworker/1:15/4489:
 #0: ffff88802f20f538 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #1: ffffc9000471fd00 ((work_completion)(&(&idev->mc_dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 kernel/workqueue.c:2267
 #2: ffff88807a77c538 (&idev->mc_lock){+.+.}-{3:3}, at: mld_dad_work+0x34/0x270 net/ipv6/mcast.c:2267
 #3: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #3: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #3: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: mld_sendpack+0x1f7/0xe80 net/ipv6/mcast.c:1798
 #4: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #4: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #4: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x593/0x1590 net/ipv6/ip6_output.c:123
 #5: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #5: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:843 [inline]
 #5: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x26f/0x3760 net/core/dev.c:4257
 #6: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #6: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #6: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: bond_start_xmit+0xfe/0x1b90 drivers/net/bonding/bond_main.c:5523
 #7: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #7: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:843 [inline]
 #7: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x26f/0x3760 net/core/dev.c:4257
 #8: ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:361 [inline]
 #8: ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:195 [inline]
 #8: ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb net/core/dev.c:3882 [inline]
 #8: ffff888055863258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_queue_xmit+0x129a/0x3760 net/core/dev.c:4300
 #9: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:350 [inline]
 #9: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:791 [inline]
 #9: ffffffff8c92aaa0 (rcu_read_lock){....}-{1:2}, at: ip_finish_output2+0x3e8/0x11b0 net/ipv4/ip_output.c:221
 #10: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
 #10: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_read_lock_bh include/linux/rcupdate.h:843 [inline]
 #10: ffffffff8c92ab00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x26f/0x3760 net/core/dev.c:4257

stack backtrace:
CPU: 1 PID: 4489 Comm: kworker/1:15 Not tainted 6.1.141-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: mld mld_dad_work
Call Trace:
 <TASK>
 dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106
 __lock_acquire+0x122f/0x7c50 kernel/locking/lockdep.c:-1
 lock_acquire+0x1b4/0x490 kernel/locking/lockdep.c:5662
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:351 [inline]
 __dev_xmit_skb net/core/dev.c:3925 [inline]
 __dev_queue_xmit+0x208f/0x3760 net/core/dev.c:4300
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 neigh_hh_output include/net/neighbour.h:528 [inline]
 neigh_output include/net/neighbour.h:542 [inline]
 ip_finish_output2+0xbe8/0x11b0 net/ipv4/ip_output.c:228
 iptunnel_xmit+0x525/0x930 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1c39/0x2360 net/ipv4/ip_tunnel.c:858
 __gre_xmit net/ipv4/ip_gre.c:474 [inline]
 gre_tap_xmit+0x50b/0x700 net/ipv4/ip_gre.c:751
 __netdev_start_xmit include/linux/netdevice.h:4896 [inline]
 netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 xmit_one net/core/dev.c:3658 [inline]
 dev_hard_start_xmit+0x262/0x870 net/core/dev.c:3674
 sch_direct_xmit+0x24e/0x4a0 net/sched/sch_generic.c:342
 __dev_xmit_skb net/core/dev.c:3895 [inline]
 __dev_queue_xmit+0x18cd/0x3760 net/core/dev.c:4300
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 bond_dev_queue_xmit+0x108/0x1e0 drivers/net/bonding/bond_main.c:307
 __bond_start_xmit drivers/net/bonding/bond_main.c:5503 [inline]
 bond_start_xmit+0xced/0x1b90 drivers/net/bonding/bond_main.c:5525
 __netdev_start_xmit include/linux/netdevice.h:4896 [inline]
 netdev_start_xmit include/linux/netdevice.h:4910 [inline]
 xmit_one net/core/dev.c:3658 [inline]
 dev_hard_start_xmit+0x262/0x870 net/core/dev.c:3674
 __dev_queue_xmit+0x1bf1/0x3760 net/core/dev.c:4334
 dev_queue_xmit include/linux/netdevice.h:3051 [inline]
 neigh_hh_output include/net/neighbour.h:528 [inline]
 neigh_output include/net/neighbour.h:542 [inline]
 ip6_finish_output2+0xd6b/0x1590 net/ipv6/ip6_output.c:138
 __ip6_finish_output net/ipv6/ip6_output.c:205 [inline]
 ip6_finish_output+0x5d3/0xa60 net/ipv6/ip6_output.c:216
 dst_output include/net/dst.h:453 [inline]
 NF_HOOK+0x15d/0x460 include/linux/netfilter.h:302
 mld_sendpack+0x893/0xe80 net/ipv6/mcast.c:1826
 mld_dad_work+0x3c/0x270 net/ipv6/mcast.c:2268
 process_one_work+0x898/0x1160 kernel/workqueue.c:2292
 worker_thread+0xaa2/0x1250 kernel/workqueue.c:2439
 kthread+0x29d/0x330 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Crashes (82):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/06/21 09:42 linux-6.1.y 58485ff1a74f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/19 06:12 linux-6.1.y 58485ff1a74f ed3e87f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/17 12:01 linux-6.1.y 58485ff1a74f cfebc887 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/13 14:28 linux-6.1.y 58485ff1a74f 98683f8f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/11 01:40 linux-6.1.y 58485ff1a74f 5d7e17ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/10 23:04 linux-6.1.y 58485ff1a74f 5d7e17ca .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/06 14:18 linux-6.1.y 58485ff1a74f 9fa58bba .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/02 04:36 linux-6.1.y da3c5173c55f 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/29 13:00 linux-6.1.y da3c5173c55f 3d2f584d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/27 10:05 linux-6.1.y da3c5173c55f 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/23 19:20 linux-6.1.y da3c5173c55f f8cc0c83 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/23 03:53 linux-6.1.y da3c5173c55f fa44301a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/22 05:21 linux-6.1.y 325285d9fc86 0919b50b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/21 16:05 linux-6.1.y 325285d9fc86 dc5d3808 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/20 17:34 linux-6.1.y 325285d9fc86 b47f9e02 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/19 20:41 linux-6.1.y 325285d9fc86 b84f0537 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/17 11:30 linux-6.1.y 02b72ccb5f9d f41472b0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/15 04:56 linux-6.1.y 02b72ccb5f9d d6b2ee52 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/14 20:19 linux-6.1.y 02b72ccb5f9d a4fa04ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/12 21:47 linux-6.1.y 02b72ccb5f9d f6671af7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/11 21:36 linux-6.1.y 02b72ccb5f9d 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/09 13:15 linux-6.1.y 02b72ccb5f9d bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/09 04:56 linux-6.1.y ac7079a42ea5 bb813bcc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/05/07 01:08 linux-6.1.y ac7079a42ea5 350f4ffc .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/04/24 22:11 linux-6.1.y 420102835862 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/04/23 01:05 linux-6.1.y 420102835862 53a8b9bd .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/04/08 14:02 linux-6.1.y 3dfebb87d7eb a775275d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/03/30 13:05 linux-6.1.y 8e60a714ba3b d3999433 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/03/24 17:36 linux-6.1.y 344a09659766 875573af .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/03/22 09:58 linux-6.1.y 344a09659766 c6512ef7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/01/18 22:13 linux-6.1.y 60ceadf9247e f2cb035c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/01/16 23:53 linux-6.1.y c63962be84ef f9e07a6e .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan possible deadlock in __dev_queue_xmit
2025/06/22 13:21 linux-6.1.y 58485ff1a74f d6cdfb8a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/06/17 16:59 linux-6.1.y 58485ff1a74f cfebc887 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/05/28 11:57 linux-6.1.y da3c5173c55f 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/05/27 18:34 linux-6.1.y da3c5173c55f 874a1386 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/05/24 09:48 linux-6.1.y da3c5173c55f ed351ea7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/05/14 18:30 linux-6.1.y 02b72ccb5f9d a4fa04ef .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/05/03 21:11 linux-6.1.y b6736e03756f b0714e37 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/04/25 04:14 linux-6.1.y 420102835862 9882047a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/04/15 20:14 linux-6.1.y 420102835862 23b969b7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/04/15 08:44 linux-6.1.y 420102835862 0bd6db41 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/04/03 12:04 linux-6.1.y 8e60a714ba3b 996a9618 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/03/23 12:14 linux-6.1.y 344a09659766 4e8d3850 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/03/20 18:53 linux-6.1.y 344a09659766 9209bc22 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/01/21 00:18 linux-6.1.y f4f677285b38 6e87cfa2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/01/15 00:03 linux-6.1.y c63962be84ef f310a27d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/01/10 15:02 linux-6.1.y c63962be84ef 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2025/01/07 11:15 linux-6.1.y 7dc732d24ff7 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2024/12/11 07:27 linux-6.1.y e4d90d63d385 cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
2024/10/25 05:16 linux-6.1.y 7ec6f9fa3d97 c79b8ca5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in __dev_queue_xmit
* Struck through repros no longer work on HEAD.