syzbot

 sign-in | mailing list | source | docs
🐞 Open [984] Subsystems 🐞 Fixed [5216] 🐞 Invalid [12476] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

possible deadlock in __dev_xmit_skb

Status: closed as invalid on 2022/11/15 21:20
Subsystems: net
[Documentation on labels]
First crash: 589d, last: 589d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in __dev_xmit_skb (2) net C 1 467d 467d 0/26 closed as invalid on 2023/03/21 17:14

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.0.0-rc4-syzkaller-17186-g25050c56fa3c #0 Not tainted
--------------------------------------------
kworker/0:14/14029 is trying to acquire lock:
ffff0001061e0a18
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb+0x724/0x8ac net/core/dev.c:3847

but task is already holding lock:
ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:359 [inline]
ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:187 [inline]
ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb+0x320/0x8ac net/core/dev.c:3804

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
  lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

11 locks held by kworker/0:14/14029:
 #0: ffff0000c7139938 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x270/0x504 kernel/workqueue.c:2262
 #1: ffff800021483d80 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x29c/0x504 kernel/workqueue.c:2264
 #2: ffff000100416538 (&idev->mc_lock){+.+.}-{3:3}, at: mld_ifc_work+0x30/0x270 net/ipv6/mcast.c:2652
 #3: ffff80000d4a3440 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:279
 #4: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280
 #5: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280
 #6: ffff80000d4a3440 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:279
 #7: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280
 #8: ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:359 [inline]
 #8: ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:187 [inline]
 #8: ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb+0x320/0x8ac net/core/dev.c:3804
 #9: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280
 #10: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280

stack backtrace:
CPU: 0 PID: 14029 Comm: kworker/0:14 Not tainted 6.0.0-rc4-syzkaller-17186-g25050c56fa3c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Workqueue: mld mld_ifc_work
Call trace:
 dump_backtrace+0x1b0/0x1dc arch/arm64/kernel/stacktrace.c:182
 show_stack+0x2c/0x64 arch/arm64/kernel/stacktrace.c:189
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __lock_acquire+0x808/0x30a4
 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
 _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:349 [inline]
 __dev_xmit_skb+0x724/0x8ac net/core/dev.c:3847
 __dev_queue_xmit+0x364/0xc88 net/core/dev.c:4222
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 neigh_resolve_output+0x348/0x388 net/core/neighbour.c:1552
 neigh_output include/net/neighbour.h:551 [inline]
 ip_finish_output2+0x690/0x818 net/ipv4/ip_output.c:228
 __ip_finish_output+0x108/0x29c
 ip_finish_output+0x168/0x188 net/ipv4/ip_output.c:316
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip_mc_output+0x378/0x3d8 net/ipv4/ip_output.c:415
 dst_output include/net/dst.h:451 [inline]
 ip_local_out+0xc0/0xf0 net/ipv4/ip_output.c:126
 iptunnel_xmit+0x194/0x2f4 net/ipv4/ip_tunnel_core.c:82
 ip_tunnel_xmit+0x1168/0x124c net/ipv4/ip_tunnel.c:813
 __gre_xmit net/ipv4/ip_gre.c:469 [inline]
 gre_tap_xmit+0x248/0x2b4 net/ipv4/ip_gre.c:743
 __netdev_start_xmit include/linux/netdevice.h:4819 [inline]
 netdev_start_xmit include/linux/netdevice.h:4833 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0xd4/0x1ec net/core/dev.c:3606
 sch_direct_xmit+0x150/0x2f4 net/sched/sch_generic.c:342
 __dev_xmit_skb+0x50c/0x8ac net/core/dev.c:3817
 __dev_queue_xmit+0x364/0xc88 net/core/dev.c:4222
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 br_dev_queue_push_xmit+0x318/0x388 net/bridge/br_forward.c:53
 NF_HOOK include/linux/netfilter.h:307 [inline]
 br_forward_finish net/bridge/br_forward.c:66 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 __br_forward+0x264/0x2d8 net/bridge/br_forward.c:115
 br_flood+0x3e0/0x458
 br_dev_xmit+0x544/0x834
 __netdev_start_xmit include/linux/netdevice.h:4819 [inline]
 netdev_start_xmit include/linux/netdevice.h:4833 [inline]
 xmit_one net/core/dev.c:3590 [inline]
 dev_hard_start_xmit+0xd4/0x1ec net/core/dev.c:3606
 sch_direct_xmit+0x150/0x2f4 net/sched/sch_generic.c:342
 __dev_xmit_skb+0x58c/0x8ac net/core/dev.c:3863
 __dev_queue_xmit+0x364/0xc88 net/core/dev.c:4222
 dev_queue_xmit include/linux/netdevice.h:3008 [inline]
 neigh_resolve_output+0x348/0x388 net/core/neighbour.c:1552
 neigh_output include/net/neighbour.h:551 [inline]
 ip6_finish_output2+0x704/0xbec net/ipv6/ip6_output.c:134
 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
 ip6_finish_output+0x448/0x4c4 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:296 [inline]
 ip6_output+0x180/0x2dc net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:451 [inline]
 NF_HOOK include/linux/netfilter.h:307 [inline]
 mld_sendpack+0x490/0x824 net/ipv6/mcast.c:1820
 mld_send_cr+0x4d8/0x598 net/ipv6/mcast.c:2121
 mld_ifc_work+0x38/0x270 net/ipv6/mcast.c:2653
 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
 worker_thread+0x340/0x610 kernel/workqueue.c:2436
 kthread+0x12c/0x158 kernel/kthread.c:376
 ret_from_fork+0x10/0x20

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/09/08 18:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 25050c56fa3c f3027468 .config console log report info ci-upstream-gce-arm64 possible deadlock in __dev_xmit_skb
* Struck through repros no longer work on HEAD.