============================================ WARNING: possible recursive locking detected 6.0.0-rc4-syzkaller-17186-g25050c56fa3c #0 Not tainted -------------------------------------------- kworker/0:14/14029 is trying to acquire lock: ffff0001061e0a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline] (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb+0x724/0x8ac net/core/dev.c:3847 but task is already holding lock: ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:359 [inline] ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:187 [inline] ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb+0x320/0x8ac net/core/dev.c:3804 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock); lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock); *** DEADLOCK *** May be due to missing lock nesting notation 11 locks held by kworker/0:14/14029: #0: ffff0000c7139938 ((wq_completion)mld){+.+.}-{0:0}, at: process_one_work+0x270/0x504 kernel/workqueue.c:2262 #1: ffff800021483d80 ((work_completion)(&(&idev->mc_ifc_work)->work)){+.+.}-{0:0}, at: process_one_work+0x29c/0x504 kernel/workqueue.c:2264 #2: ffff000100416538 (&idev->mc_lock){+.+.}-{3:3}, at: mld_ifc_work+0x30/0x270 net/ipv6/mcast.c:2652 #3: ffff80000d4a3440 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:279 #4: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280 #5: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280 #6: ffff80000d4a3440 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:279 #7: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280 #8: ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: spin_trylock include/linux/spinlock.h:359 [inline] #8: ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: qdisc_run_begin include/net/sch_generic.h:187 [inline] #8: ffff0001194af258 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}-{2:2}, at: __dev_xmit_skb+0x320/0x8ac net/core/dev.c:3804 #9: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280 #10: ffff80000d4a3468 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:280 stack backtrace: CPU: 0 PID: 14029 Comm: kworker/0:14 Not tainted 6.0.0-rc4-syzkaller-17186-g25050c56fa3c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Workqueue: mld mld_ifc_work Call trace: dump_backtrace+0x1b0/0x1dc arch/arm64/kernel/stacktrace.c:182 show_stack+0x2c/0x64 arch/arm64/kernel/stacktrace.c:189 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 __lock_acquire+0x808/0x30a4 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:349 [inline] __dev_xmit_skb+0x724/0x8ac net/core/dev.c:3847 __dev_queue_xmit+0x364/0xc88 net/core/dev.c:4222 dev_queue_xmit include/linux/netdevice.h:3008 [inline] neigh_resolve_output+0x348/0x388 net/core/neighbour.c:1552 neigh_output include/net/neighbour.h:551 [inline] ip_finish_output2+0x690/0x818 net/ipv4/ip_output.c:228 __ip_finish_output+0x108/0x29c ip_finish_output+0x168/0x188 net/ipv4/ip_output.c:316 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip_mc_output+0x378/0x3d8 net/ipv4/ip_output.c:415 dst_output include/net/dst.h:451 [inline] ip_local_out+0xc0/0xf0 net/ipv4/ip_output.c:126 iptunnel_xmit+0x194/0x2f4 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1168/0x124c net/ipv4/ip_tunnel.c:813 __gre_xmit net/ipv4/ip_gre.c:469 [inline] gre_tap_xmit+0x248/0x2b4 net/ipv4/ip_gre.c:743 __netdev_start_xmit include/linux/netdevice.h:4819 [inline] netdev_start_xmit include/linux/netdevice.h:4833 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0xd4/0x1ec net/core/dev.c:3606 sch_direct_xmit+0x150/0x2f4 net/sched/sch_generic.c:342 __dev_xmit_skb+0x50c/0x8ac net/core/dev.c:3817 __dev_queue_xmit+0x364/0xc88 net/core/dev.c:4222 dev_queue_xmit include/linux/netdevice.h:3008 [inline] br_dev_queue_push_xmit+0x318/0x388 net/bridge/br_forward.c:53 NF_HOOK include/linux/netfilter.h:307 [inline] br_forward_finish net/bridge/br_forward.c:66 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] __br_forward+0x264/0x2d8 net/bridge/br_forward.c:115 br_flood+0x3e0/0x458 br_dev_xmit+0x544/0x834 __netdev_start_xmit include/linux/netdevice.h:4819 [inline] netdev_start_xmit include/linux/netdevice.h:4833 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0xd4/0x1ec net/core/dev.c:3606 sch_direct_xmit+0x150/0x2f4 net/sched/sch_generic.c:342 __dev_xmit_skb+0x58c/0x8ac net/core/dev.c:3863 __dev_queue_xmit+0x364/0xc88 net/core/dev.c:4222 dev_queue_xmit include/linux/netdevice.h:3008 [inline] neigh_resolve_output+0x348/0x388 net/core/neighbour.c:1552 neigh_output include/net/neighbour.h:551 [inline] ip6_finish_output2+0x704/0xbec net/ipv6/ip6_output.c:134 __ip6_finish_output net/ipv6/ip6_output.c:195 [inline] ip6_finish_output+0x448/0x4c4 net/ipv6/ip6_output.c:206 NF_HOOK_COND include/linux/netfilter.h:296 [inline] ip6_output+0x180/0x2dc net/ipv6/ip6_output.c:227 dst_output include/net/dst.h:451 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] mld_sendpack+0x490/0x824 net/ipv6/mcast.c:1820 mld_send_cr+0x4d8/0x598 net/ipv6/mcast.c:2121 mld_ifc_work+0x38/0x270 net/ipv6/mcast.c:2653 process_one_work+0x2d8/0x504 kernel/workqueue.c:2289 worker_thread+0x340/0x610 kernel/workqueue.c:2436 kthread+0x12c/0x158 kernel/kthread.c:376 ret_from_fork+0x10/0x20