[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000000000000e3ba3806077d3110@google.com>
Date: Wed, 11 Oct 2023 21:15:49 -0700
From: syzbot <syzbot+25b3a0b24216651bc2af@...kaller.appspotmail.com>
To: davem@...emloft.net, edumazet@...gle.com, johannes@...solutions.net,
kuba@...nel.org, linux-kernel@...r.kernel.org, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com
Subject: [syzbot] [net?] [wireless?] possible deadlock in ieee80211_change_mac
Hello,
syzbot found the following issue on:
HEAD commit: 48533eca606e net: sock_dequeue_err_skb() optimization
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=134bea0e680000
kernel config: https://syzkaller.appspot.com/x/.config?x=37e6eb4526c4e801
dashboard link: https://syzkaller.appspot.com/bug?extid=25b3a0b24216651bc2af
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b31e70149a77/disk-48533eca.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e85019d639e1/vmlinux-48533eca.xz
kernel image: https://storage.googleapis.com/syzbot-assets/4f699a5f4501/bzImage-48533eca.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+25b3a0b24216651bc2af@...kaller.appspotmail.com
bond3: (slave wlan1): Releasing backup interface
============================================
WARNING: possible recursive locking detected
6.6.0-rc4-syzkaller-01096-g48533eca606e #0 Not tainted
--------------------------------------------
kworker/u4:20/1920 is trying to acquire lock:
ffff888029960768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5870 [inline]
ffff888029960768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_change_mac+0x8c/0x13a0 net/mac80211/iface.c:301
but task is already holding lock:
ffff888029960768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5870 [inline]
ffff888029960768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0xfe/0x750 net/mac80211/iface.c:2253
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&rdev->wiphy.mtx);
lock(&rdev->wiphy.mtx);
*** DEADLOCK ***
May be due to missing lock nesting notation
5 locks held by kworker/u4:20/1920:
#0: ffff888012c73d38 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x787/0x15c0 kernel/workqueue.c:2605
#1: ffffc9000fa5fd80 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7e9/0x15c0 kernel/workqueue.c:2606
#2: ffffffff8e5eedd0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x9f/0xb20 net/core/net_namespace.c:576
#3: ffffffff8e6040e8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x4d/0x3a0 net/mac80211/main.c:1486
#4: ffff888029960768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: wiphy_lock include/net/cfg80211.h:5870 [inline]
#4: ffff888029960768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0xfe/0x750 net/mac80211/iface.c:2253
stack backtrace:
CPU: 1 PID: 1920 Comm: kworker/u4:20 Not tainted 6.6.0-rc4-syzkaller-01096-g48533eca606e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Workqueue: netns cleanup_net
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106
check_deadlock kernel/locking/lockdep.c:3062 [inline]
validate_chain kernel/locking/lockdep.c:3855 [inline]
__lock_acquire+0x2971/0x5de0 kernel/locking/lockdep.c:5136
lock_acquire kernel/locking/lockdep.c:5753 [inline]
lock_acquire+0x1ae/0x510 kernel/locking/lockdep.c:5718
__mutex_lock_common kernel/locking/mutex.c:603 [inline]
__mutex_lock+0x181/0x1340 kernel/locking/mutex.c:747
wiphy_lock include/net/cfg80211.h:5870 [inline]
ieee80211_change_mac+0x8c/0x13a0 net/mac80211/iface.c:301
dev_set_mac_address+0x303/0x4a0 net/core/dev.c:8855
__bond_release_one+0xb1b/0x17e0 drivers/net/bonding/bond_main.c:2504
bond_slave_netdev_event drivers/net/bonding/bond_main.c:3888 [inline]
bond_netdev_event+0xbab/0xd30 drivers/net/bonding/bond_main.c:4006
notifier_call_chain+0xb6/0x3b0 kernel/notifier.c:93
call_netdevice_notifiers_info+0xb9/0x130 net/core/dev.c:1970
call_netdevice_notifiers_extack net/core/dev.c:2008 [inline]
call_netdevice_notifiers net/core/dev.c:2022 [inline]
unregister_netdevice_many_notify+0x85f/0x1a20 net/core/dev.c:10960
unregister_netdevice_many net/core/dev.c:11016 [inline]
unregister_netdevice_queue+0x2e5/0x3c0 net/core/dev.c:10896
unregister_netdevice include/linux/netdevice.h:3116 [inline]
_cfg80211_unregister_wdev+0x61c/0x7e0 net/wireless/core.c:1204
ieee80211_remove_interfaces+0x36d/0x750 net/mac80211/iface.c:2278
ieee80211_unregister_hw+0x55/0x3a0 net/mac80211/main.c:1493
mac80211_hwsim_del_radio drivers/net/wireless/virtual/mac80211_hwsim.c:5410 [inline]
hwsim_exit_net+0x3a8/0x7d0 drivers/net/wireless/virtual/mac80211_hwsim.c:6287
ops_exit_list+0xb0/0x170 net/core/net_namespace.c:170
cleanup_net+0x505/0xb20 net/core/net_namespace.c:614
process_one_work+0x884/0x15c0 kernel/workqueue.c:2630
process_scheduled_works kernel/workqueue.c:2703 [inline]
worker_thread+0x8b9/0x1290 kernel/workqueue.c:2784
kthread+0x33c/0x440 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Powered by blists - more mailing lists