possible deadlock in __dev_queue_xmit
13 views
Skip to first unread message
syzbot
Jul 1, 2019, 8:39:06 PM7/1/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: f4cc0ed9 Linux 4.14.131
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=155c490ba00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ab1953b2cdac00f5
dashboard link: https://syzkaller.appspot.com/bug?extid=613ff5e2182ed06b7af0
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+613ff5...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.14.131 #25 Not tainted
------------------------------------------------------
syz-executor.4/28180 is trying to acquire lock:
(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at:
[<ffffffff84d37bff>] spin_lock include/linux/spinlock.h:317 [inline]
(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at:
[<ffffffff84d37bff>] __dev_xmit_skb net/core/dev.c:3202 [inline]
(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at:
[<ffffffff84d37bff>] __dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
but task is already holding lock:
(_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] spin_lock
include/linux/spinlock.h:317 [inline]
(_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] __netif_tx_lock
include/linux/netdevice.h:3530 [inline]
(_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>]
sch_direct_xmit+0x1fc/0x550 net/sched/sch_generic.c:184
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (_xmit_ETHER#2){+.-.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
__netif_tx_lock include/linux/netdevice.h:3530 [inline]
sch_direct_xmit+0x1fc/0x550 net/sched/sch_generic.c:184
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0x10bd/0x21b0 net/ipv6/ip6_output.c:120
ip6_finish_output+0x4f4/0xb50 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x20f/0x6d0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:459 [inline]
ip6_local_out+0x97/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0xa2/0x330 net/ipv6/ip6_output.c:1688
udp_v6_send_skb+0x5c5/0xee0 net/ipv6/udp.c:1081
udpv6_sendmsg+0x1e38/0x2560 net/ipv6/udp.c:1353
inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #0 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}:
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2c89/0x45e0 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
__dev_xmit_skb net/core/dev.c:3202 [inline]
__dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
gre_tap_xmit net/ipv4/ip_gre.c:775 [inline]
gre_tap_xmit+0x29d/0x370 net/ipv4/ip_gre.c:759
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
erspan_xmit net/ipv4/ip_gre.c:750 [inline]
erspan_xmit+0x441/0x11c0 net/ipv4/ip_gre.c:725
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_resolve_output net/core/neighbour.c:1362 [inline]
neigh_resolve_output+0x4d8/0x870 net/core/neighbour.c:1342
neigh_output include/net/neighbour.h:500 [inline]
ip_finish_output2+0x766/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1e6/0x590 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1418
udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:829
udp_push_pending_frames+0x4e/0xe0 net/ipv4/udp.c:857
udp_sendmsg+0x1066/0x1da0 net/ipv4/udp.c:1085
udpv6_sendmsg+0x1e57/0x2560 net/ipv6/udp.c:1198
inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(_xmit_ETHER#2);
lock(dev->qdisc_tx_busylock ?:
&qdisc_tx_busylock);
lock(_xmit_ETHER#2);
lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
*** DEADLOCK ***
14 locks held by syz-executor.4/28180:
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff852b398c>] lock_sock
include/net/sock.h:1462 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff852b398c>]
udp_sendmsg+0xc6c/0x1da0 net/ipv4/udp.c:909
#1: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#1: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
#2: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#3: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at:
[<ffffffff84d382e8>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
#4: (_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] spin_lock
include/linux/spinlock.h:317 [inline]
#4: (_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] __netif_tx_lock
include/linux/netdevice.h:3530 [inline]
#4: (_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>]
sch_direct_xmit+0x1fc/0x550 net/sched/sch_generic.c:184
#5: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#5: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
#6: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#7: (rcu_read_lock){....}, at: [<ffffffff85627a52>]
br_dev_xmit+0xb2/0xd40 net/bridge/br_device.c:39
#8: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#9: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at:
[<ffffffff84d382e8>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
#10: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#10: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
#11: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#12: (rcu_read_lock){....}, at: [<ffffffff85627a52>]
br_dev_xmit+0xb2/0xd40 net/bridge/br_device.c:39
#13: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
stack backtrace:
CPU: 1 PID: 28180 Comm: syz-executor.4 Not tainted 4.14.131 #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x19c lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2c89/0x45e0 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
__dev_xmit_skb net/core/dev.c:3202 [inline]
__dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
gre_tap_xmit net/ipv4/ip_gre.c:775 [inline]
gre_tap_xmit+0x29d/0x370 net/ipv4/ip_gre.c:759
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
erspan_xmit net/ipv4/ip_gre.c:750 [inline]
erspan_xmit+0x441/0x11c0 net/ipv4/ip_gre.c:725
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_resolve_output net/core/neighbour.c:1362 [inline]
neigh_resolve_output+0x4d8/0x870 net/core/neighbour.c:1342
neigh_output include/net/neighbour.h:500 [inline]
ip_finish_output2+0x766/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1e6/0x590 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1418
udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:829
udp_push_pending_frames+0x4e/0xe0 net/ipv4/udp.c:857
udp_sendmsg+0x1066/0x1da0 net/ipv4/udp.c:1085
udpv6_sendmsg+0x1e57/0x2560 net/ipv6/udp.c:1198
inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4597c9
RSP: 002b:00007f8b8435bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004597c9
RDX: 00000000000005c3 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b8435c6d4
R13: 00000000004c6df8 R14: 00000000004dc140 R15: 00000000ffffffff
net_ratelimit: 90 callbacks suppressed
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
syz-executor.4 (28180) used greatest stack depth: 18936 bytes left
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: f4cc0ed9 Linux 4.14.131
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=155c490ba00000
kernel config: https://syzkaller.appspot.com/x/.config?x=ab1953b2cdac00f5
dashboard link: https://syzkaller.appspot.com/bug?extid=613ff5e2182ed06b7af0
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+613ff5...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
4.14.131 #25 Not tainted
------------------------------------------------------
syz-executor.4/28180 is trying to acquire lock:
(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at:
[<ffffffff84d37bff>] spin_lock include/linux/spinlock.h:317 [inline]
(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at:
[<ffffffff84d37bff>] __dev_xmit_skb net/core/dev.c:3202 [inline]
(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}, at:
[<ffffffff84d37bff>] __dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
but task is already holding lock:
(_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] spin_lock
include/linux/spinlock.h:317 [inline]
(_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] __netif_tx_lock
include/linux/netdevice.h:3530 [inline]
(_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>]
sch_direct_xmit+0x1fc/0x550 net/sched/sch_generic.c:184
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (_xmit_ETHER#2){+.-.}:
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
__netif_tx_lock include/linux/netdevice.h:3530 [inline]
sch_direct_xmit+0x1fc/0x550 net/sched/sch_generic.c:184
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip6_finish_output2+0x10bd/0x21b0 net/ipv6/ip6_output.c:120
ip6_finish_output+0x4f4/0xb50 net/ipv6/ip6_output.c:154
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip6_output+0x20f/0x6d0 net/ipv6/ip6_output.c:171
dst_output include/net/dst.h:459 [inline]
ip6_local_out+0x97/0x170 net/ipv6/output_core.c:178
ip6_send_skb+0xa2/0x330 net/ipv6/ip6_output.c:1688
udp_v6_send_skb+0x5c5/0xee0 net/ipv6/udp.c:1081
udpv6_sendmsg+0x1e38/0x2560 net/ipv6/udp.c:1353
inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
-> #0 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock){+.-.}:
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2c89/0x45e0 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
__dev_xmit_skb net/core/dev.c:3202 [inline]
__dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
gre_tap_xmit net/ipv4/ip_gre.c:775 [inline]
gre_tap_xmit+0x29d/0x370 net/ipv4/ip_gre.c:759
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
erspan_xmit net/ipv4/ip_gre.c:750 [inline]
erspan_xmit+0x441/0x11c0 net/ipv4/ip_gre.c:725
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_resolve_output net/core/neighbour.c:1362 [inline]
neigh_resolve_output+0x4d8/0x870 net/core/neighbour.c:1342
neigh_output include/net/neighbour.h:500 [inline]
ip_finish_output2+0x766/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1e6/0x590 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1418
udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:829
udp_push_pending_frames+0x4e/0xe0 net/ipv4/udp.c:857
udp_sendmsg+0x1066/0x1da0 net/ipv4/udp.c:1085
udpv6_sendmsg+0x1e57/0x2560 net/ipv6/udp.c:1198
inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(_xmit_ETHER#2);
lock(dev->qdisc_tx_busylock ?:
&qdisc_tx_busylock);
lock(_xmit_ETHER#2);
lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock);
*** DEADLOCK ***
14 locks held by syz-executor.4/28180:
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff852b398c>] lock_sock
include/net/sock.h:1462 [inline]
#0: (sk_lock-AF_INET6){+.+.}, at: [<ffffffff852b398c>]
udp_sendmsg+0xc6c/0x1da0 net/ipv4/udp.c:909
#1: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#1: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
#2: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#3: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at:
[<ffffffff84d382e8>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
#4: (_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] spin_lock
include/linux/spinlock.h:317 [inline]
#4: (_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>] __netif_tx_lock
include/linux/netdevice.h:3530 [inline]
#4: (_xmit_ETHER#2){+.-.}, at: [<ffffffff84e14adc>]
sch_direct_xmit+0x1fc/0x550 net/sched/sch_generic.c:184
#5: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#5: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
#6: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#7: (rcu_read_lock){....}, at: [<ffffffff85627a52>]
br_dev_xmit+0xb2/0xd40 net/bridge/br_device.c:39
#8: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#9: (dev->qdisc_running_key ?: &qdisc_running_key){+...}, at:
[<ffffffff84d382e8>] dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
#10: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
#10: (rcu_read_lock_bh){....}, at: [<ffffffff851f1996>]
ip_finish_output2+0x256/0x14a0 net/ipv4/ip_output.c:213
#11: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
#12: (rcu_read_lock){....}, at: [<ffffffff85627a52>]
br_dev_xmit+0xb2/0xd40 net/bridge/br_device.c:39
#13: (rcu_read_lock_bh){....}, at: [<ffffffff84d35ed2>]
__dev_queue_xmit+0x1e2/0x25e0 net/core/dev.c:3459
stack backtrace:
CPU: 1 PID: 28180 Comm: syz-executor.4 Not tainted 4.14.131 #25
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x138/0x19c lib/dump_stack.c:53
print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
check_prev_add kernel/locking/lockdep.c:1901 [inline]
check_prevs_add kernel/locking/lockdep.c:2018 [inline]
validate_chain kernel/locking/lockdep.c:2460 [inline]
__lock_acquire+0x2c89/0x45e0 kernel/locking/lockdep.c:3487
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3991
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:152
spin_lock include/linux/spinlock.h:317 [inline]
__dev_xmit_skb net/core/dev.c:3202 [inline]
__dev_queue_xmit+0x1f0f/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
gre_tap_xmit net/ipv4/ip_gre.c:775 [inline]
gre_tap_xmit+0x29d/0x370 net/ipv4/ip_gre.c:759
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
br_dev_queue_push_xmit+0x367/0x530 net/bridge/br_forward.c:55
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
br_forward_finish+0xbc/0x320 net/bridge/br_forward.c:67
NF_HOOK include/linux/netfilter.h:250 [inline]
NF_HOOK include/linux/netfilter.h:244 [inline]
__br_forward+0x560/0x9c0 net/bridge/br_forward.c:111
deliver_clone+0x61/0xc0 net/bridge/br_forward.c:127
maybe_deliver net/bridge/br_forward.c:168 [inline]
maybe_deliver net/bridge/br_forward.c:156 [inline]
br_flood+0x3c8/0x530 net/bridge/br_forward.c:210
br_dev_xmit+0x8a5/0xd40 net/bridge/br_device.c:67
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
__dev_queue_xmit+0x1d95/0x25e0 net/core/dev.c:3525
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_hh_output include/net/neighbour.h:490 [inline]
neigh_output include/net/neighbour.h:498 [inline]
ip_finish_output2+0xddc/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_mc_output+0x24a/0xd40 net/ipv4/ip_output.c:390
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
iptunnel_xmit+0x564/0x930 net/ipv4/ip_tunnel_core.c:91
ip_tunnel_xmit+0xfd9/0x3189 net/ipv4/ip_tunnel.c:795
__gre_xmit+0x4eb/0x890 net/ipv4/ip_gre.c:444
erspan_xmit net/ipv4/ip_gre.c:750 [inline]
erspan_xmit+0x441/0x11c0 net/ipv4/ip_gre.c:725
__netdev_start_xmit include/linux/netdevice.h:4033 [inline]
netdev_start_xmit include/linux/netdevice.h:4042 [inline]
xmit_one net/core/dev.c:3009 [inline]
dev_hard_start_xmit+0x18c/0x8b0 net/core/dev.c:3025
sch_direct_xmit+0x27a/0x550 net/sched/sch_generic.c:186
__dev_xmit_skb net/core/dev.c:3218 [inline]
__dev_queue_xmit+0x1b6e/0x25e0 net/core/dev.c:3493
dev_queue_xmit+0x18/0x20 net/core/dev.c:3558
neigh_resolve_output net/core/neighbour.c:1362 [inline]
neigh_resolve_output+0x4d8/0x870 net/core/neighbour.c:1342
neigh_output include/net/neighbour.h:500 [inline]
ip_finish_output2+0x766/0x14a0 net/ipv4/ip_output.c:229
ip_finish_output+0x56d/0xc60 net/ipv4/ip_output.c:317
NF_HOOK_COND include/linux/netfilter.h:239 [inline]
ip_output+0x1e6/0x590 net/ipv4/ip_output.c:405
dst_output include/net/dst.h:459 [inline]
ip_local_out+0x97/0x170 net/ipv4/ip_output.c:124
ip_send_skb+0x3e/0xc0 net/ipv4/ip_output.c:1418
udp_send_skb+0x53f/0xb90 net/ipv4/udp.c:829
udp_push_pending_frames+0x4e/0xe0 net/ipv4/udp.c:857
udp_sendmsg+0x1066/0x1da0 net/ipv4/udp.c:1085
udpv6_sendmsg+0x1e57/0x2560 net/ipv6/udp.c:1198
inet_sendmsg+0x122/0x500 net/ipv4/af_inet.c:762
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x349/0x840 net/socket.c:2062
__sys_sendmmsg+0x152/0x3a0 net/socket.c:2152
SYSC_sendmmsg net/socket.c:2183 [inline]
SyS_sendmmsg+0x35/0x60 net/socket.c:2178
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4597c9
RSP: 002b:00007f8b8435bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004597c9
RDX: 00000000000005c3 RSI: 0000000020000240 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8b8435c6d4
R13: 00000000004c6df8 R14: 00000000004dc140 R15: 00000000ffffffff
net_ratelimit: 90 callbacks suppressed
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
bridge0: received packet on gretap0 with own address as source address
(addr:aa:aa:aa:aa:aa:0c, vlan:0)
syz-executor.4 (28180) used greatest stack depth: 18936 bytes left
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
delete_channel: no stack
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jan 16, 2021, 4:33:12 PM1/16/21
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages