============================================
WARNING: possible recursive locking detected
6.2.0-rc2-syzkaller-16046-gae87308093bc #0 Not tainted
--------------------------------------------
syz-executor280/4468 is trying to acquire lock:
ffff0000cc7fa218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
ffff0000cc7fa218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb+0x724/0x928 net/core/dev.c:3840
but task is already holding lock:
ffff0000cbf02258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:360 [inline]
ffff0000cbf02258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:187 [inline]
ffff0000cbf02258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb+0x320/0x928 net/core/dev.c:3797
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
*** DEADLOCK ***
May be due to missing lock nesting notation
8 locks held by syz-executor280/4468:
#0: ffff80000d635520 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:324
#1: ffff80000d635548 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:324
#2: ffff80000d635548 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:324
#3: ffff80000d635548 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:324
#4: ffff0000cbf02258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: spin_trylock include/linux/spinlock.h:360 [inline]
#4: ffff0000cbf02258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:187 [inline]
#4: ffff0000cbf02258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+...}-{2:2}, at: __dev_xmit_skb+0x320/0x928 net/core/dev.c:3797
#5: ffff0000cd0142d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
#5: ffff0000cd0142d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: __netif_tx_lock include/linux/netdevice.h:4316 [inline]
#5: ffff0000cd0142d8 (_xmit_ETHER#2){+.-.}-{2:2}, at: sch_direct_xmit+0xcc/0x324 net/sched/sch_generic.c:340
#6: ffff80000d635548 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:324
#7: ffff80000d635548 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:324
stack backtrace:
CPU: 1 PID: 4468 Comm: syz-executor280 Not tainted 6.2.0-rc2-syzkaller-16046-gae87308093bc #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__lock_acquire+0x808/0x3084
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:350 [inline]
__dev_xmit_skb+0x724/0x928 net/core/dev.c:3840
__dev_queue_xmit+0x414/0xdb8 net/core/dev.c:4215
dev_queue_xmit include/linux/netdevice.h:3035 [inline]
neigh_hh_output include/net/neighbour.h:530 [inline]
neigh_output include/net/neighbour.h:544 [inline]
ip_finish_output2+0x670/0x818 net/ipv4/ip_output.c:228
__ip_finish_output+0x108/0x29c
ip_finish_output+0x168/0x188 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip_output+0x1d4/0x234 net/ipv4/ip_output.c:430
dst_output include/net/dst.h:444 [inline]
ip_local_out+0xc0/0xf0 net/ipv4/ip_output.c:126
iptunnel_xmit+0x194/0x314 net/ipv4/ip_tunnel_core.c:82
ip_tunnel_xmit+0x1180/0x1328 net/ipv4/ip_tunnel.c:813
__gre_xmit net/ipv4/ip_gre.c:469 [inline]
erspan_xmit+0x32c/0x3c0 net/ipv4/ip_gre.c:715
__netdev_start_xmit include/linux/netdevice.h:4865 [inline]
netdev_start_xmit include/linux/netdevice.h:4879 [inline]
xmit_one net/core/dev.c:3583 [inline]
dev_hard_start_xmit+0xd4/0x1ec net/core/dev.c:3599
sch_direct_xmit+0x150/0x324 net/sched/sch_generic.c:342
__dev_xmit_skb+0x50c/0x928 net/core/dev.c:3810
__dev_queue_xmit+0x414/0xdb8 net/core/dev.c:4215
dev_queue_xmit include/linux/netdevice.h:3035 [inline]
neigh_hh_output include/net/neighbour.h:530 [inline]
neigh_output include/net/neighbour.h:544 [inline]
ip_finish_output2+0x670/0x818 net/ipv4/ip_output.c:228
__ip_finish_output+0x108/0x29c
ip_finish_output+0x168/0x188 net/ipv4/ip_output.c:316
NF_HOOK_COND include/linux/netfilter.h:291 [inline]
ip_mc_output+0x378/0x3d8 net/ipv4/ip_output.c:415
dst_output include/net/dst.h:444 [inline]
ip_local_out+0xc0/0xf0 net/ipv4/ip_output.c:126
iptunnel_xmit+0x194/0x314 net/ipv4/ip_tunnel_core.c:82
ip_tunnel_xmit+0x1180/0x1328 net/ipv4/ip_tunnel.c:813
__gre_xmit net/ipv4/ip_gre.c:469 [inline]
ipgre_xmit+0x348/0x3f0 net/ipv4/ip_gre.c:661
__netdev_start_xmit include/linux/netdevice.h:4865 [inline]
netdev_start_xmit include/linux/netdevice.h:4879 [inline]
xmit_one net/core/dev.c:3583 [inline]
dev_hard_start_xmit+0xd4/0x1ec net/core/dev.c:3599
__dev_queue_xmit+0x83c/0xdb8 net/core/dev.c:4249
dev_queue_xmit include/linux/netdevice.h:3035 [inline]
__bpf_tx_skb net/core/filter.c:2117 [inline]
__bpf_redirect_no_mac net/core/filter.c:2147 [inline]
__bpf_redirect+0x420/0x6dc net/core/filter.c:2170
____bpf_clone_redirect net/core/filter.c:2437 [inline]
bpf_clone_redirect+0xc4/0x11c net/core/filter.c:2409
bpf_prog_bebbfe2050753572+0x90/0xc8
bpf_dispatcher_nop_func include/linux/bpf.h:1082 [inline]
__bpf_prog_run include/linux/filter.h:600 [inline]
bpf_prog_run include/linux/filter.h:607 [inline]
bpf_test_run+0x1a8/0x420 net/bpf/test_run.c:402
bpf_prog_test_run_skb+0x45c/0x63c net/bpf/test_run.c:1187
bpf_prog_test_run+0x1d4/0x210 kernel/bpf/syscall.c:3644
__sys_bpf+0x36c/0x5fc kernel/bpf/syscall.c:4997
__do_sys_bpf kernel/bpf/syscall.c:5083 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5081 [inline]
__arm64_sys_bpf+0x2c/0x40 kernel/bpf/syscall.c:5081
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584