syzbot


possible deadlock in team_vlan_rx_add_vid

Status: upstream: reported C repro on 2020/09/01 01:47
Reported-by: syzbot+f6d6eb54399925b08415@syzkaller.appspotmail.com
First crash: 764d, last: 341d

Fix bisection: failed (bisect log)
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in team_vlan_rx_add_vid (2) 1 392d 391d 0/24 auto-closed as invalid on 2022/01/05 11:04
linux-4.19 possible deadlock in team_vlan_rx_add_vid C error 26 1d17h 763d 0/1 upstream: reported C repro on 2020/09/01 18:26
upstream possible deadlock in team_vlan_rx_add_vid syz 5 1484d 1518d 12/24 fixed on 2018/10/11 14:33
Patch testing requests:
Created Duration User Patch Repo Result
2022/09/18 07:29 10m linux-4.14.y report log
2022/09/18 06:29 10m linux-4.14.y report log

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
device team1 entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap1: link is not ready
8021q: adding VLAN 0 to HW filter on device macvtap1
============================================
WARNING: possible recursive locking detected
4.14.195-syzkaller #0 Not tainted
--------------------------------------------
syz-executor252/6350 is trying to acquire lock:
 (&team->lock){+.+.}, at: [<ffffffff83e460b8>] team_vlan_rx_add_vid+0x38/0x1d0 drivers/net/team/team.c:1889

but task is already holding lock:
 (&team->lock){+.+.}, at: [<ffffffff83e4e57d>] team_add_slave+0x7d/0x1ad0 drivers/net/team/team.c:1967

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&team->lock);
  lock(&team->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

2 locks held by syz-executor252/6350:
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85176d2d>] rtnl_lock net/core/rtnetlink.c:72 [inline]
 #0:  (rtnl_mutex){+.+.}, at: [<ffffffff85176d2d>] rtnetlink_rcv_msg+0x31d/0xb10 net/core/rtnetlink.c:4311
 #1:  (&team->lock){+.+.}, at: [<ffffffff83e4e57d>] team_add_slave+0x7d/0x1ad0 drivers/net/team/team.c:1967

stack backtrace:
CPU: 1 PID: 6350 Comm: syz-executor252 Not tainted 4.14.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_deadlock_bug kernel/locking/lockdep.c:1800 [inline]
 check_deadlock kernel/locking/lockdep.c:1847 [inline]
 validate_chain kernel/locking/lockdep.c:2448 [inline]
 __lock_acquire.cold+0x180/0x97c kernel/locking/lockdep.c:3491
 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0xc4/0x1310 kernel/locking/mutex.c:893
 team_vlan_rx_add_vid+0x38/0x1d0 drivers/net/team/team.c:1889
 __vlan_vid_add net/8021q/vlan_core.c:219 [inline]
 vlan_vid_add+0x5ef/0x7d0 net/8021q/vlan_core.c:251
 __vlan_vid_add net/8021q/vlan_core.c:219 [inline]
 vlan_vid_add+0x5ef/0x7d0 net/8021q/vlan_core.c:251
 vlan_device_event.cold+0x23/0x28 net/8021q/vlan.c:372
 notifier_call_chain+0x108/0x1a0 kernel/notifier.c:93
 call_netdevice_notifiers_info net/core/dev.c:1667 [inline]
 call_netdevice_notifiers net/core/dev.c:1683 [inline]
 dev_open net/core/dev.c:1407 [inline]
 dev_open+0xf9/0x110 net/core/dev.c:1395
 team_port_add drivers/net/team/team.c:1214 [inline]
 team_add_slave+0x954/0x1ad0 drivers/net/team/team.c:1968
 do_set_master+0x19e/0x200 net/core/rtnetlink.c:1961
 rtnl_newlink+0x134c/0x1830 net/core/rtnetlink.c:2757
 rtnetlink_rcv_msg+0x3be/0xb10 net/core/rtnetlink.c:4316
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433
 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x443759
RSP: 002b:00007fffb142bdd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000443759
RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004

Crashes (6):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/09/02 03:00 linux-4.14.y d7e78d08fa77 abf9ba4f .config log report syz C
ci2-linux-4-14 2020/09/01 03:15 linux-4.14.y d7e78d08fa77 d5a3ae1f .config log report syz C
ci2-linux-4-14 2021/04/28 13:26 linux-4.14.y 7d7d1c0ab3eb 77e2b668 .config log report info possible deadlock in team_vlan_rx_add_vid
ci2-linux-4-14 2021/02/03 23:17 linux-4.14.y 2c8a3fceddf0 624dad51 .config log report info possible deadlock in team_vlan_rx_add_vid
ci2-linux-4-14 2021/01/30 01:58 linux-4.14.y 2d2791fce891 fc9fd31e .config log report info possible deadlock in team_vlan_rx_add_vid
ci2-linux-4-14 2020/09/01 01:46 linux-4.14.y d7e78d08fa77 d5a3ae1f .config log report
* Struck through repros no longer work on HEAD.