syzbot


possible deadlock in dev_uc_sync_multiple (3)

Status: upstream: reported C repro on 2022/08/08 00:40
Reported-by: syzbot+6504b577549187cc7512@syzkaller.appspotmail.com
First crash: 651d, last: 471d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in dev_uc_sync_multiple (3) net 1 1356d 1352d 0/26 auto-closed as invalid on 2020/12/31 04:17
linux-4.14 possible deadlock in dev_uc_sync_multiple (3) 1 457d 457d 0/1 upstream: reported on 2023/02/17 11:15
linux-4.19 possible deadlock in dev_uc_sync_multiple (2) 11 789d 969d 0/1 auto-closed as invalid on 2022/07/21 03:12
upstream possible deadlock in dev_uc_sync_multiple net 1 1893d 1892d 0/26 auto-closed as invalid on 2019/09/11 09:05
upstream possible deadlock in dev_uc_sync_multiple (2) net 26 1410d 1421d 15/26 fixed on 2020/07/20 08:03
linux-4.19 possible deadlock in dev_uc_sync_multiple 1 1372d 1372d 0/1 auto-closed as invalid on 2020/12/15 01:55
linux-4.14 possible deadlock in dev_uc_sync_multiple (2) 9 584d 871d 0/1 auto-obsoleted due to no activity on 2023/02/11 03:42
linux-4.14 possible deadlock in dev_uc_sync_multiple 4 1124d 1357d 0/1 auto-closed as invalid on 2021/08/19 17:04

Sample crash report:
8021q: adding VLAN 0 to HW filter on device bond2
bond1: Enslaving vlan1 as an active interface with an up link
IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
============================================
WARNING: possible recursive locking detected
4.19.211-syzkaller #0 Not tainted
--------------------------------------------
kworker/1:0/19 is trying to acquire lock:
00000000a85d965e (&vlan_netdev_addr_lock_key/1){+...}, at: netif_addr_lock_nested include/linux/netdevice.h:4007 [inline]
00000000a85d965e (&vlan_netdev_addr_lock_key/1){+...}, at: dev_uc_sync_multiple+0x11a/0x1e0 net/core/dev_addr_lists.c:574

but task is already holding lock:
00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline]
00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: netif_addr_lock_bh include/linux/netdevice.h:4012 [inline]
00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: __dev_mc_add net/core/dev_addr_lists.c:669 [inline]
00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&vlan_netdev_addr_lock_key/1);
  lock(&vlan_netdev_addr_lock_key/1);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

7 locks held by kworker/1:0/19:
 #0: 0000000029972925 ((wq_completion)"%s"("ipv6_addrconf")){+.+.}, at: process_one_work+0x767/0x1570 kernel/workqueue.c:2124
 #1: 0000000059397c77 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}, at: process_one_work+0x79c/0x1570 kernel/workqueue.c:2128
 #2: 0000000012b85e13 (rtnl_mutex){+.+.}, at: addrconf_dad_work+0x9c/0x10a0 net/ipv6/addrconf.c:3989
 #3: 00000000e221e088 (&(&mc->mca_lock)->rlock){+.-.}, at: spin_lock_bh include/linux/spinlock.h:334 [inline]
 #3: 00000000e221e088 (&(&mc->mca_lock)->rlock){+.-.}, at: igmp6_group_added+0x154/0x5d0 net/ipv6/mcast.c:672
 #4: 00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: spin_lock_bh include/linux/spinlock.h:334 [inline]
 #4: 00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: netif_addr_lock_bh include/linux/netdevice.h:4012 [inline]
 #4: 00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: __dev_mc_add net/core/dev_addr_lists.c:669 [inline]
 #4: 00000000360c7177 (&vlan_netdev_addr_lock_key/1){+...}, at: dev_mc_add+0x1f/0xb0 net/core/dev_addr_lists.c:687
 #5: 00000000e3955c7f (&dev_addr_list_lock_key/3){+...}, at: netif_addr_lock_nested include/linux/netdevice.h:4007 [inline]
 #5: 00000000e3955c7f (&dev_addr_list_lock_key/3){+...}, at: dev_mc_sync+0x11a/0x1e0 net/core/dev_addr_lists.c:765
 #6: 00000000e4aed9a9 (rcu_read_lock){....}, at: bond_set_rx_mode+0x0/0x490 drivers/net/bonding/bond_main.c:3481

stack backtrace:
CPU: 1 PID: 19 Comm: kworker/1:0 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
Workqueue: ipv6_addrconf addrconf_dad_work
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 print_deadlock_bug kernel/locking/lockdep.c:1764 [inline]
 check_deadlock kernel/locking/lockdep.c:1808 [inline]
 validate_chain kernel/locking/lockdep.c:2404 [inline]
 __lock_acquire.cold+0x121/0x57e kernel/locking/lockdep.c:3416
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 _raw_spin_lock_nested+0x30/0x40 kernel/locking/spinlock.c:354
 netif_addr_lock_nested include/linux/netdevice.h:4007 [inline]
 dev_uc_sync_multiple+0x11a/0x1e0 net/core/dev_addr_lists.c:574
 bond_set_rx_mode+0x1ae/0x490 drivers/net/bonding/bond_main.c:3646
 __dev_set_rx_mode+0x1d9/0x2f0 net/core/dev.c:7601
 dev_mc_sync+0x193/0x1e0 net/core/dev_addr_lists.c:768
 vlan_dev_set_rx_mode+0x38/0x80 net/8021q/vlan_dev.c:488
 __dev_set_rx_mode+0x1d9/0x2f0 net/core/dev.c:7601
 __dev_mc_add net/core/dev_addr_lists.c:673 [inline]
 dev_mc_add+0xa1/0xb0 net/core/dev_addr_lists.c:687
 igmp6_group_added+0x4bc/0x5d0 net/ipv6/mcast.c:676
 __ipv6_dev_mc_inc+0x728/0xa80 net/ipv6/mcast.c:935
 addrconf_join_solict net/ipv6/addrconf.c:2101 [inline]
 addrconf_join_solict net/ipv6/addrconf.c:2093 [inline]
 addrconf_dad_begin net/ipv6/addrconf.c:3895 [inline]
 addrconf_dad_work+0xb7d/0x10a0 net/ipv6/addrconf.c:4022
 process_one_work+0x864/0x1570 kernel/workqueue.c:2153
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296
 kthread+0x33f/0x460 kernel/kthread.c:259
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond3 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond3: link is not ready
8021q: adding VLAN 0 to HW filter on device bond3
bond1: Enslaving vlan2 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond4 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond4: link is not ready
8021q: adding VLAN 0 to HW filter on device bond4
bond1: Enslaving vlan3 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond5 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond5: link is not ready
8021q: adding VLAN 0 to HW filter on device bond5
bond1: Enslaving vlan4 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond6 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond6: link is not ready
8021q: adding VLAN 0 to HW filter on device bond6
bond1: Enslaving vlan5 as an active interface with an up link
bond7 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond7: link is not ready
8021q: adding VLAN 0 to HW filter on device bond7
bond1: Enslaving vlan6 as an active interface with an up link
bond8 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond8: link is not ready
8021q: adding VLAN 0 to HW filter on device bond8
bond1: Enslaving vlan7 as an active interface with an up link
bond9 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond9: link is not ready
8021q: adding VLAN 0 to HW filter on device bond9
bond1: Enslaving vlan8 as an active interface with an up link
bond10 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond10: link is not ready
8021q: adding VLAN 0 to HW filter on device bond10
bond1: Enslaving vlan9 as an active interface with an up link
bond11 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond11: link is not ready
8021q: adding VLAN 0 to HW filter on device bond11
bond1: Enslaving vlan10 as an active interface with an up link
bond12 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond12: link is not ready
8021q: adding VLAN 0 to HW filter on device bond12
bond1: Enslaving vlan11 as an active interface with an up link
bond13 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond13: link is not ready
8021q: adding VLAN 0 to HW filter on device bond13
bond1: Enslaving vlan12 as an active interface with an up link
bond14 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond14: link is not ready
8021q: adding VLAN 0 to HW filter on device bond14
bond1: Enslaving vlan13 as an active interface with an up link
bond15 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond15: link is not ready
8021q: adding VLAN 0 to HW filter on device bond15
bond1: Enslaving vlan14 as an active interface with an up link
bond16 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond16: link is not ready
8021q: adding VLAN 0 to HW filter on device bond16
bond1: Enslaving vlan15 as an active interface with an up link
bond17 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond17: link is not ready
8021q: adding VLAN 0 to HW filter on device bond17
bond1: Enslaving vlan16 as an active interface with an up link
bond18 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond18: link is not ready
8021q: adding VLAN 0 to HW filter on device bond18
bond1: Enslaving vlan17 as an active interface with an up link
bond19 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond19: link is not ready
8021q: adding VLAN 0 to HW filter on device bond19
bond1: Enslaving vlan18 as an active interface with an up link
bond20 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond20: link is not ready
8021q: adding VLAN 0 to HW filter on device bond20
bond1: Enslaving vlan19 as an active interface with an up link
bond21 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond21: link is not ready
8021q: adding VLAN 0 to HW filter on device bond21
bond1: Enslaving vlan20 as an active interface with an up link
validate_nla: 30 callbacks suppressed
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond22 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond22: link is not ready
8021q: adding VLAN 0 to HW filter on device bond22
bond1: Enslaving vlan21 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond23 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond23: link is not ready
8021q: adding VLAN 0 to HW filter on device bond23
bond1: Enslaving vlan22 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond24 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond24: link is not ready
8021q: adding VLAN 0 to HW filter on device bond24
bond1: Enslaving vlan23 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond25 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond25: link is not ready
8021q: adding VLAN 0 to HW filter on device bond25
bond1: Enslaving vlan24 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond26 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond26: link is not ready
8021q: adding VLAN 0 to HW filter on device bond26
bond1: Enslaving vlan25 as an active interface with an up link
bond27 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond27: link is not ready
8021q: adding VLAN 0 to HW filter on device bond27
bond1: Enslaving vlan26 as an active interface with an up link
bond28 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond28: link is not ready
8021q: adding VLAN 0 to HW filter on device bond28
bond1: Enslaving vlan27 as an active interface with an up link
bond29 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond29: link is not ready
8021q: adding VLAN 0 to HW filter on device bond29
bond1: Enslaving vlan28 as an active interface with an up link
bond30 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond30: link is not ready
8021q: adding VLAN 0 to HW filter on device bond30
bond1: Enslaving vlan29 as an active interface with an up link
bond31 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond31: link is not ready
8021q: adding VLAN 0 to HW filter on device bond31
bond1: Enslaving vlan30 as an active interface with an up link
bond32 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond32: link is not ready
8021q: adding VLAN 0 to HW filter on device bond32
bond1: Enslaving vlan31 as an active interface with an up link
bond33 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond33: link is not ready
8021q: adding VLAN 0 to HW filter on device bond33
bond1: Enslaving vlan32 as an active interface with an up link
bond34 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond34: link is not ready
8021q: adding VLAN 0 to HW filter on device bond34
bond1: Enslaving vlan33 as an active interface with an up link
bond35 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond35: link is not ready
8021q: adding VLAN 0 to HW filter on device bond35
bond1: Enslaving vlan34 as an active interface with an up link
bond36 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond36: link is not ready
8021q: adding VLAN 0 to HW filter on device bond36
bond1: Enslaving vlan35 as an active interface with an up link
bond37 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond37: link is not ready
8021q: adding VLAN 0 to HW filter on device bond37
bond1: Enslaving vlan36 as an active interface with an up link
bond38 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond38: link is not ready
8021q: adding VLAN 0 to HW filter on device bond38
bond1: Enslaving vlan37 as an active interface with an up link
bond39 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond39: link is not ready
8021q: adding VLAN 0 to HW filter on device bond39
bond1: Enslaving vlan38 as an active interface with an up link
bond40 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond40: link is not ready
8021q: adding VLAN 0 to HW filter on device bond40
bond1: Enslaving vlan39 as an active interface with an up link
bond41 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond41: link is not ready
8021q: adding VLAN 0 to HW filter on device bond41
bond1: Enslaving vlan40 as an active interface with an up link
bond42 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond42: link is not ready
8021q: adding VLAN 0 to HW filter on device bond42
bond1: Enslaving vlan41 as an active interface with an up link
bond43 (uninitialized): Released all slaves
IPv6: ADDRCONF(NETDEV_UP): bond43: link is not ready
8021q: adding VLAN 0 to HW filter on device bond43
bond1: Enslaving vlan42 as an active interface with an up link
validate_nla: 34 callbacks suppressed
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond44 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.
IPv6: ADDRCONF(NETDEV_UP): bond44: link is not ready
8021q: adding VLAN 0 to HW filter on device bond44
bond1: Enslaving vlan43 as an active interface with an up link
netlink: 'syz-executor692': attribute type 1 has an invalid length.
bond45 (uninitialized): Released all slaves
netlink: 'syz-executor692': attribute type 1 has an invalid length.

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/10/29 22:02 linux-4.19.y 3f8a27f9e27b 2a71366b .config console log report syz C [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in dev_uc_sync_multiple
2023/02/03 14:45 linux-4.19.y 3f8a27f9e27b 1b2f701a .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in dev_uc_sync_multiple
2023/01/22 23:23 linux-4.19.y 3f8a27f9e27b cc0f9968 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in dev_uc_sync_multiple
2022/10/29 18:13 linux-4.19.y 3f8a27f9e27b 2a71366b .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in dev_uc_sync_multiple
2022/10/28 13:28 linux-4.19.y 3f8a27f9e27b 8168b69e .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in dev_uc_sync_multiple
2022/09/07 12:46 linux-4.19.y 3f8a27f9e27b c5b7bc57 .config console log report info [disk image] [vmlinux] ci2-linux-4-19 possible deadlock in dev_uc_sync_multiple
2022/08/08 00:40 linux-4.19.y 3f8a27f9e27b 88e3a122 .config console log report info ci2-linux-4-19 possible deadlock in dev_uc_sync_multiple
* Struck through repros no longer work on HEAD.