Hello,
syzbot found the following issue on:
HEAD commit: e5cd595e23c1 Linux 6.1.83
git tree: linux-6.1.y
console output:
https://syzkaller.appspot.com/x/log.txt?x=16859d29180000
kernel config:
https://syzkaller.appspot.com/x/.config?x=99d0cbbc2b2c7cfd
dashboard link:
https://syzkaller.appspot.com/bug?extid=4f4f84e5ae7cf9e36cc8
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/607b4730a2cc/disk-e5cd595e.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/265e84c69ac5/vmlinux-e5cd595e.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/af893c46019b/bzImage-e5cd595e.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+4f4f84...@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
6.1.83-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.3/10308 is trying to acquire lock:
ffff88807958cd00 (team->team_lock_key#5){+.+.}-{3:3}, at: team_port_change_check+0x51/0x1e0 drivers/net/team/team.c:3010
but task is already holding lock:
ffff88807958cd00 (team->team_lock_key#5){+.+.}-{3:3}, at: team_add_slave+0xab/0x2760 drivers/net/team/team.c:1986
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(team->team_lock_key#5);
lock(team->team_lock_key#5);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syz-executor.3/10308:
#0: ffffffff8e2991e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffffffff8e2991e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7c1/0xff0 net/core/rtnetlink.c:6118
#1: ffff88807958cd00 (team->team_lock_key#5){+.+.}-{3:3}, at: team_add_slave+0xab/0x2760 drivers/net/team/team.c:1986
stack backtrace:
CPU: 0 PID: 10308 Comm: syz-executor.3 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
print_deadlock_bug kernel/locking/lockdep.c:2983 [inline]
check_deadlock kernel/locking/lockdep.c:3026 [inline]
validate_chain+0x4711/0x5950 kernel/locking/lockdep.c:3812
__lock_acquire+0x125b/0x1f80 kernel/locking/lockdep.c:5049
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x132/0xd80 kernel/locking/mutex.c:747
team_port_change_check+0x51/0x1e0 drivers/net/team/team.c:3010
team_device_event+0x1a1/0x570 drivers/net/team/team.c:3036
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xd0/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
dev_close_many+0x37c/0x530 net/core/dev.c:1570
vlan_device_event+0x1584/0x1d10 net/8021q/vlan.c:449
notifier_call_chain kernel/notifier.c:87 [inline]
raw_notifier_call_chain+0xd0/0x170 kernel/notifier.c:455
call_netdevice_notifiers_info net/core/dev.c:1970 [inline]
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
dev_close_many+0x37c/0x530 net/core/dev.c:1570
dev_close+0x1b3/0x2b0 net/core/dev.c:1592
team_port_add drivers/net/team/team.c:1314 [inline]
team_add_slave+0x1a9e/0x2760 drivers/net/team/team.c:1987
do_set_master net/core/rtnetlink.c:2598 [inline]
do_setlink+0xe99/0x3e30 net/core/rtnetlink.c:2808
__rtnl_newlink net/core/rtnetlink.c:3576 [inline]
rtnl_newlink+0x172c/0x2050 net/core/rtnetlink.c:3623
rtnetlink_rcv_msg+0x818/0xff0 net/core/rtnetlink.c:6121
netlink_rcv_skb+0x1cd/0x410 net/netlink/af_netlink.c:2508
netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]
netlink_unicast+0x7d8/0x970 net/netlink/af_netlink.c:1352
netlink_sendmsg+0xa26/0xd60 net/netlink/af_netlink.c:1874
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x5a5/0x8f0 net/socket.c:2514
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmsg+0x2a9/0x390 net/socket.c:2597
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa7c107dda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa7c1e3f0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007fa7c11abf80 RCX: 00007fa7c107dda9
RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003
RBP: 00007fa7c10ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fa7c11abf80 R15: 00007ffe9c1a31f8
</TASK>
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup