syzbot


possible deadlock in hsr_dev_xmit

Status: auto-obsoleted due to no activity on 2023/07/27 11:35
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+f411520c77f8faef228d@syzkaller.appspotmail.com
First crash: 449d, last: 449d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [net?] possible deadlock in hsr_dev_xmit 0 (1) 2023/04/02 11:36
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in hsr_dev_xmit 4 13d 36d 0/3 upstream: reported on 2024/05/15 14:40
linux-6.1 possible deadlock in hsr_dev_xmit 1 13d 13d 0/3 upstream: reported on 2024/06/08 01:23
upstream possible deadlock in hsr_dev_xmit (2) net C done 151 1d00h 84d 0/27 upstream: reported C repro on 2024/03/28 14:20

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.3.0-rc4-syzkaller-00034-gfcd476ea6a88 #0 Not tainted
--------------------------------------------
ksoftirqd/0/15 is trying to acquire lock:
ffff888044caed80 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline]
ffff888044caed80 (&hsr->seqnr_lock){+.-.}-{2:2}, at: hsr_dev_xmit+0x176/0x270 net/hsr/hsr_device.c:222

but task is already holding lock:
ffff88807e08ad80 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline]
ffff88807e08ad80 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_prp_supervision_frame+0x17b/0x620 net/hsr/hsr_device.c:351

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&hsr->seqnr_lock);
  lock(&hsr->seqnr_lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

10 locks held by ksoftirqd/0/15:
 #0: ffffc90000147c60 ((&hsr->announce_timer)){+.-.}-{0:0}, at: lockdep_copy_map include/linux/lockdep.h:31 [inline]
 #0: ffffc90000147c60 ((&hsr->announce_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x580 kernel/time/timer.c:1690
 #1: ffffffff8c7955c0 (rcu_read_lock){....}-{1:2}, at: hsr_announce+0x4/0x370 net/hsr/hsr_device.c:373
 #2: ffff88807e08ad80 (&hsr->seqnr_lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline]
 #2: ffff88807e08ad80 (&hsr->seqnr_lock){+.-.}-{2:2}, at: send_prp_supervision_frame+0x17b/0x620 net/hsr/hsr_device.c:351
 #3: ffffffff8c7955c0 (rcu_read_lock){....}-{1:2}, at: hsr_forward_skb+0x4/0x1f40 net/hsr/hsr_forward.c:612
 #4: ffffffff8c795560 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x23f/0x3c40 net/core/dev.c:4163
 #5: ffffffff8c7955c0 (rcu_read_lock){....}-{1:2}, at: geneve_xmit+0xe2/0x4970 drivers/net/geneve.c:1099
 #6: ffffffff8c795560 (rcu_read_lock_bh){....}-{1:2}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:95 [inline]
 #6: ffffffff8c795560 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x2a9/0x1590 net/ipv6/ip6_output.c:112
 #7: ffffffff8c7955c0 (rcu_read_lock){....}-{1:2}, at: ip6_nd_hdr net/ipv6/ndisc.c:467 [inline]
 #7: ffffffff8c7955c0 (rcu_read_lock){....}-{1:2}, at: ndisc_send_skb+0x830/0x1850 net/ipv6/ndisc.c:502
 #8: ffffffff8c795560 (rcu_read_lock_bh){....}-{1:2}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:95 [inline]
 #8: ffffffff8c795560 (rcu_read_lock_bh){....}-{1:2}, at: ip6_finish_output2+0x2a9/0x1590 net/ipv6/ip6_output.c:112
 #9: ffffffff8c795560 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x23f/0x3c40 net/core/dev.c:4163

stack backtrace:
CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.3.0-rc4-syzkaller-00034-gfcd476ea6a88 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/17/2023
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2991 [inline]
 check_deadlock kernel/locking/lockdep.c:3034 [inline]
 validate_chain kernel/locking/lockdep.c:3819 [inline]
 __lock_acquire+0x1362/0x5d40 kernel/locking/lockdep.c:5056
 lock_acquire kernel/locking/lockdep.c:5669 [inline]
 lock_acquire+0x1af/0x520 kernel/locking/lockdep.c:5634
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
 _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
 spin_lock_bh include/linux/spinlock.h:355 [inline]
 hsr_dev_xmit+0x176/0x270 net/hsr/hsr_device.c:222
 __netdev_start_xmit include/linux/netdevice.h:4883 [inline]
 netdev_start_xmit include/linux/netdevice.h:4897 [inline]
 xmit_one net/core/dev.c:3580 [inline]
 dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3596
 __dev_queue_xmit+0x2ce4/0x3c40 net/core/dev.c:4246
 dev_queue_xmit include/linux/netdevice.h:3053 [inline]
 neigh_connected_output+0x3c2/0x550 net/core/neighbour.c:1612
 neigh_output include/net/neighbour.h:546 [inline]
 ip6_finish_output2+0x56c/0x1590 net/ipv6/ip6_output.c:134
 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
 ip6_finish_output+0x694/0x1170 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:444 [inline]
 NF_HOOK include/linux/netfilter.h:302 [inline]
 ndisc_send_skb+0xa63/0x1850 net/ipv6/ndisc.c:508
 ndisc_send_ns+0xaa/0x130 net/ipv6/ndisc.c:666
 ndisc_solicit+0x2c8/0x4e0 net/ipv6/ndisc.c:758
 neigh_probe+0xc2/0x110 net/core/neighbour.c:1095
 __neigh_event_send+0xa74/0x1430 net/core/neighbour.c:1262
 neigh_event_send_probe include/net/neighbour.h:470 [inline]
 neigh_event_send include/net/neighbour.h:476 [inline]
 neigh_event_send include/net/neighbour.h:474 [inline]
 neigh_resolve_output+0x54a/0x870 net/core/neighbour.c:1567
 neigh_output include/net/neighbour.h:546 [inline]
 ip6_finish_output2+0x56c/0x1590 net/ipv6/ip6_output.c:134
 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline]
 ip6_finish_output+0x694/0x1170 net/ipv6/ip6_output.c:206
 NF_HOOK_COND include/linux/netfilter.h:291 [inline]
 ip6_output+0x1f1/0x540 net/ipv6/ip6_output.c:227
 dst_output include/net/dst.h:444 [inline]
 ip6_local_out+0xb3/0x1a0 net/ipv6/output_core.c:155
 ip6tunnel_xmit include/net/ip6_tunnel.h:161 [inline]
 udp_tunnel6_xmit_skb+0x740/0xbd0 net/ipv6/ip6_udp_tunnel.c:109
 geneve6_xmit_skb drivers/net/geneve.c:1076 [inline]
 geneve_xmit+0x9f0/0x4970 drivers/net/geneve.c:1105
 __netdev_start_xmit include/linux/netdevice.h:4883 [inline]
 netdev_start_xmit include/linux/netdevice.h:4897 [inline]
 xmit_one net/core/dev.c:3580 [inline]
 dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3596
 __dev_queue_xmit+0x2ce4/0x3c40 net/core/dev.c:4246
 dev_queue_xmit include/linux/netdevice.h:3053 [inline]
 hsr_xmit net/hsr/hsr_forward.c:382 [inline]
 hsr_forward_do net/hsr/hsr_forward.c:473 [inline]
 hsr_forward_skb+0xa7d/0x1f40 net/hsr/hsr_forward.c:620
 send_prp_supervision_frame+0x3e1/0x620 net/hsr/hsr_device.c:366
 hsr_announce+0x10d/0x370 net/hsr/hsr_device.c:382
 call_timer_fn+0x1a0/0x580 kernel/time/timer.c:1700
 expire_timers+0x29b/0x4b0 kernel/time/timer.c:1751
 __run_timers kernel/time/timer.c:2022 [inline]
 __run_timers kernel/time/timer.c:1995 [inline]
 run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035
 __do_softirq+0x1d4/0x905 kernel/softirq.c:571
 run_ksoftirqd kernel/softirq.c:934 [inline]
 run_ksoftirqd+0x31/0x60 kernel/softirq.c:926
 smpboot_thread_fn+0x659/0x9e0 kernel/smpboot.c:164
 kthread+0x2e8/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>
net_ratelimit: 31165 callbacks suppressed
ICMPv6: NA: 24:02:48:ff:05:00 advertised our address fe80::2602:48ff:feff:500 on bridge0!
bridge0: received packet on veth0_to_bridge with own address as source address (addr:24:02:48:ff:05:00, vlan:0)
ICMPv6: NA: 24:02:48:ff:05:00 advertised our address fe80::2602:48ff:feff:500 on bridge0!
bridge0: received packet on bridge_slave_0 with own address as source address (addr:24:02:48:ff:05:00, vlan:0)
ICMPv6: NA: 24:02:48:ff:05:00 advertised our address fe80::2602:48ff:feff:500 on bridge0!

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/03/29 11:34 upstream fcd476ea6a88 fc067f05 .config console log report info ci-upstream-kasan-gce possible deadlock in hsr_dev_xmit
* Struck through repros no longer work on HEAD.