============================================
WARNING: possible recursive locking detected
6.13.0-rc1-syzkaller-00277-g6145fefc1e42 #0 Not tainted
--------------------------------------------
modprobe/10657 is trying to acquire lock:
ffff88807dab8f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88807dab8f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x18a/0x210 net/hsr/hsr_device.c:234
but task is already holding lock:
ffff88807daa2f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
ffff88807daa2f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x18a/0x210 net/hsr/hsr_device.c:234
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&hsr->seqnr_lock);
lock(&hsr->seqnr_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
9 locks held by modprobe/10657:
#0: ffffc90000a18be0 ((&ndev->rs_timer)){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 kernel/time/timer.c:1790
#1: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#1: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#1: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: ip6_nd_hdr net/ipv6/ndisc.c:454 [inline]
#1: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: ndisc_send_skb+0x563/0x1450 net/ipv6/ndisc.c:505
#2: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#2: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#2: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: ip6_finish_output2+0x63a/0x17b0 net/ipv6/ip6_output.c:126
#3: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#3: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline]
#3: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50 net/core/dev.c:4359
#4: ffff88807daa2f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]
#4: ffff88807daa2f30 (&hsr->seqnr_lock){+.-.}-{3:3}, at: hsr_dev_xmit+0x18a/0x210 net/hsr/hsr_device.c:234
#5: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#5: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#5: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: hsr_forward_skb+0xb6/0x2b50 net/hsr/hsr_forward.c:725
#6: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#6: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline]
#6: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50 net/core/dev.c:4359
#7: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#7: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#7: ffffffff8e937aa0 (rcu_read_lock){....}-{1:3}, at: br_dev_xmit+0x21d/0x1b40 net/bridge/br_device.c:50
#8: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: local_bh_disable include/linux/bottom_half.h:20 [inline]
#8: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: rcu_read_lock_bh include/linux/rcupdate.h:901 [inline]
#8: ffffffff8e937b00 (rcu_read_lock_bh){....}-{1:3}, at: __dev_queue_xmit+0x2f4/0x3f50 net/core/dev.c:4359
stack backtrace:
CPU: 1 UID: 0 PID: 10657 Comm: modprobe Not tainted 6.13.0-rc1-syzkaller-00277-g6145fefc1e42 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037
check_deadlock kernel/locking/lockdep.c:3089 [inline]
validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891
__lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5226
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x35/0x50 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:356 [inline]
hsr_dev_xmit+0x18a/0x210 net/hsr/hsr_device.c:234
__netdev_start_xmit include/linux/netdevice.h:5043 [inline]
netdev_start_xmit include/linux/netdevice.h:5052 [inline]
xmit_one net/core/dev.c:3590 [inline]
dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606
__dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434
dev_queue_xmit include/linux/netdevice.h:3208 [inline]
br_dev_queue_push_xmit+0x726/0x900 net/bridge/br_forward.c:53
NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
br_forward_finish+0xd8/0x130 net/bridge/br_forward.c:66
NF_HOOK+0x3a7/0x460 include/linux/netfilter.h:314
__br_forward+0x489/0x660 net/bridge/br_forward.c:115
deliver_clone net/bridge/br_forward.c:131 [inline]
maybe_deliver+0xb3/0x150 net/bridge/br_forward.c:190
br_flood+0x2e4/0x660 net/bridge/br_forward.c:236
br_dev_xmit+0x1202/0x1b40
__netdev_start_xmit include/linux/netdevice.h:5043 [inline]
netdev_start_xmit include/linux/netdevice.h:5052 [inline]
xmit_one net/core/dev.c:3590 [inline]
dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606
__dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434
dev_queue_xmit include/linux/netdevice.h:3208 [inline]
hsr_xmit net/hsr/hsr_forward.c:430 [inline]
hsr_forward_do net/hsr/hsr_forward.c:571 [inline]
hsr_forward_skb+0x179d/0x2b50 net/hsr/hsr_forward.c:730
hsr_dev_xmit+0x195/0x210 net/hsr/hsr_device.c:235
__netdev_start_xmit include/linux/netdevice.h:5043 [inline]
netdev_start_xmit include/linux/netdevice.h:5052 [inline]
xmit_one net/core/dev.c:3590 [inline]
dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606
__dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434
neigh_output include/net/neighbour.h:539 [inline]
ip6_finish_output2+0x12c7/0x17b0 net/ipv6/ip6_output.c:141
ip6_finish_output+0x41e/0x840 net/ipv6/ip6_output.c:226
NF_HOOK include/linux/netfilter.h:314 [inline]
ndisc_send_skb+0xb30/0x1450 net/ipv6/ndisc.c:511
addrconf_rs_timer+0x371/0x670 net/ipv6/addrconf.c:4061
call_timer_fn+0x187/0x650 kernel/time/timer.c:1793
expire_timers kernel/time/timer.c:1844 [inline]
__run_timers kernel/time/timer.c:2418 [inline]
__run_timer_base+0x66a/0x8e0 kernel/time/timer.c:2430
run_timer_base kernel/time/timer.c:2439 [inline]
run_timer_softirq+0xb7/0x170 kernel/time/timer.c:2449
handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0xf7/0x220 kernel/softirq.c:655
irq_exit_rcu+0x9/0x30 kernel/softirq.c:671
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1049
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:orc_find arch/x86/kernel/unwind_orc.c:217 [inline]
RIP: 0010:unwind_next_frame+0x1cb/0x22d0 arch/x86/kernel/unwind_orc.c:494
Code: 65 e2 0c 00 0f 45 d1 8d 42 ff 44 39 f0 0f 86 55 18 00 00 44 89 f0 48 8d 1c 85 84 fb 48 91 48 89 d8 48 c1 e8 03 42 0f b6 04 20 <84> c0 4c 89 e5 0f 85 97 1a 00 00 44 8b 23 44 89 f0 ff c0 48 8d 1c
RSP: 0018:ffffc900035277f0 EFLAGS: 00000a02
RAX: 0000000000000000 RBX: ffffffff91743c30 RCX: 00000000000b0001
RDX: 00000000000b0001 RSI: ffffffff8bd02b43 RDI: ffffffff814ba930
RBP: ffffc900035278f5 R08: 0000000000000006 R09: ffffc900035279b0
R10: ffffc90003527910 R11: ffffffff818b36f0 R12: dffffc0000000000
R13: ffffc900035278c0 R14: 00000000000ad02b R15: ffffffff8bd02b42
arch_stack_walk+0x11c/0x150 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x118/0x1d0 kernel/stacktrace.c:122
kasan_save_stack mm/kasan/common.c:47 [inline]
kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
unpoison_slab_object mm/kasan/common.c:319 [inline]
__kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345
kasan_slab_alloc include/linux/kasan.h:250 [inline]
slab_post_alloc_hook mm/slub.c:4104 [inline]
slab_alloc_node mm/slub.c:4153 [inline]
kmem_cache_alloc_noprof+0x1d9/0x380 mm/slub.c:4160
getname_flags+0xb7/0x540 fs/namei.c:139
do_sys_openat2+0xd2/0x1d0 fs/open.c:1396
do_sys_open fs/open.c:1417 [inline]
__do_sys_openat fs/open.c:1433 [inline]
__se_sys_openat fs/open.c:1428 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1428
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa34f1c4a46
Code: 10 00 00 00 44 8b 54 24 e0 48 89 44 24 c0 48 8d 44 24 d0 48 89 44 24 c8 44 89 c2 4c 89 ce bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 0c f7 d8 89 05 0a 48 01 00 48 83 c8 ff c3 31
RSP: 002b:00007ffec6204c08 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffec6204e68 RCX: 00007fa34f1c4a46
RDX: 0000000000080000 RSI: 00007ffec6204c80 RDI: 00000000ffffff9c
RBP: 00007ffec6204c70 R08: 0000000000080000 R09: 00007ffec6204c80
R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffec6204c80
R13: 0000000000000004 R14: 00007ffec6204e4f R15: 00000000ffffffff
----------------
Code disassembly (best guess):
0: 65 e2 0c gs loop 0xf
3: 00 0f add %cl,(%rdi)
5: 45 d1 8d 42 ff 44 39 rex.RB rorl 0x3944ff42(%r13)
c: f0 0f 86 55 18 00 00 lock jbe 0x1868
13: 44 89 f0 mov %r14d,%eax
16: 48 8d 1c 85 84 fb 48 lea -0x6eb7047c(,%rax,4),%rbx
1d: 91
1e: 48 89 d8 mov %rbx,%rax
21: 48 c1 e8 03 shr $0x3,%rax
25: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax
* 2a: 84 c0 test %al,%al <-- trapping instruction
2c: 4c 89 e5 mov %r12,%rbp
2f: 0f 85 97 1a 00 00 jne 0x1acc
35: 44 8b 23 mov (%rbx),%r12d
38: 44 89 f0 mov %r14d,%eax
3b: ff c0 inc %eax
3d: 48 rex.W
3e: 8d .byte 0x8d
3f: 1c .byte 0x1c