lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMArcTX2dEs=H586fumSEv_V8_p-pcAjyyPXkcLG9WkQM+c0cA@mail.gmail.com>
Date: Mon, 17 Mar 2025 15:17:09 +0900
From: Taehee Yoo <ap420073@...il.com>
To: Netdev <netdev@...r.kernel.org>, Stanislav Fomichev <sdf@...ichev.me>
Cc: David Miller <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>
Subject: Report deadlock in the latest net-next

Hi Stanislav,
I found a deadlock in the latest net-next kernel.
The calltrace indicates your current
commit ad7c7b2172c3 ("net: hold netdev instance lock during sysfs operations").
The dev->lock was acquired in do_setlink.constprop.0+0x12a/0x3440,
which is net/core/rtnetlink.c:3025
And then dev->lock is acquired in dev_disable_lro+0x81/0x1f0,
which is /net/core/dev_api.c:255
dev_disable_lro() is called by netdev notification, but notification
seems to be called both outside and inside dev->lock context.
This case is that netdev notification is called inside dev->lock context.
So deadlock occurs.
Could you please look into this?

Reproducer:
modprobe netdevsim
ip netns add ns_test
echo 1 > /sys/bus/netdevsim/new_device
ip link set $interface netns ns_test

============================================
WARNING: possible recursive locking detected
6.14.0-rc6+ #56 Not tainted
--------------------------------------------
ip/1672 is trying to acquire lock:
ffff888231fbad90 (&dev->lock){+.+.}-{4:4}, at: dev_disable_lro+0x81/0x1f0

but task is already holding lock:
ffff888231fbad90 (&dev->lock){+.+.}-{4:4}, at:
do_setlink.constprop.0+0x12a/0x3440

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&dev->lock);
  lock(&dev->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by ip/1672:
 #0: ffffffff943ba050 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x6b4/0x1c60
 #1: ffff88813abc6170 (&net->rtnl_mutex){+.+.}-{4:4}, at:
rtnl_newlink+0x6f6/0x1c60
 #2: ffff888231fbad90 (&dev->lock){+.+.}-{4:4}, at:
do_setlink.constprop.0+0x12a/0x3440

stack backtrace:
CPU: 2 UID: 0 PID: 1672 Comm: ip Not tainted 6.14.0-rc6+ #56
66129e0c5b1b922fef38623168aea99c0593a519
Hardware name: ASUS System Product Name/PRIME Z690-P D4, BIOS 0603 11/01/2021
Call Trace:
 <TASK>
 dump_stack_lvl+0x7e/0xc0
 print_deadlock_bug+0x4fd/0x8e0
 __lock_acquire+0x3082/0x4fd0
 ? __pfx___lock_acquire+0x10/0x10
 ? mark_lock.part.0+0xfa/0x2f60
 ? __pfx___lock_acquire+0x10/0x10
 ? check_chain_key+0x1c1/0x520
 lock_acquire+0x1b0/0x570
 ? dev_disable_lro+0x81/0x1f0
 ? __pfx_lock_acquire+0x10/0x10
 __mutex_lock+0x17c/0x17c0
 ? dev_disable_lro+0x81/0x1f0
 ? dev_disable_lro+0x81/0x1f0
 ? __pfx___mutex_lock+0x10/0x10
 ? mark_held_locks+0xa5/0xf0
 ? neigh_parms_alloc+0x36b/0x4f0
 ? __local_bh_enable_ip+0xa5/0x120
 ? lockdep_hardirqs_on+0xbe/0x140
 ? dev_disable_lro+0x81/0x1f0
 dev_disable_lro+0x81/0x1f0
 inetdev_init+0x2d1/0x4a0
 inetdev_event+0x9b3/0x1590
 ? __pfx_lock_release+0x10/0x10
 ? __pfx_inetdev_event+0x10/0x10
 ? notifier_call_chain+0x9b/0x300
 notifier_call_chain+0x9b/0x300
 netif_change_net_namespace+0xdfe/0x1390
 ? __pfx_netif_change_net_namespace+0x10/0x10
 ? __pfx_validate_linkmsg+0x10/0x10
 ? __pfx___lock_acquire+0x10/0x10
 do_setlink.constprop.0+0x241/0x3440
 ? lock_acquire+0x1b0/0x570
 ? __pfx_do_setlink.constprop.0+0x10/0x10
 ? rtnl_newlink+0x6f6/0x1c60
 ? __pfx_lock_acquired+0x10/0x10
 ? netlink_sendmsg+0x712/0xbc0
 ? rcu_is_watching+0x11/0xb0
 ? trace_contention_end+0xef/0x140
 ? __mutex_lock+0x935/0x17c0
 ? __create_object+0x36/0x90
 ? __pfx_lock_release+0x10/0x10
 ? rtnl_newlink+0x6f6/0x1c60
 ? __nla_validate_parse+0xb9/0x2830
 ? __pfx___mutex_lock+0x10/0x10
 ? lockdep_hardirqs_on+0xbe/0x140
 ? __pfx___nla_validate_parse+0x10/0x10
 ? rcu_is_watching+0x11/0xb0
 ? cap_capable+0x17d/0x360
 ? fdget+0x4e/0x1d0
 rtnl_newlink+0x108d/0x1c60
 ? __pfx_rtnl_newlink+0x10/0x10
 ? mark_lock.part.0+0xfa/0x2f60
 ? __pfx___lock_acquire+0x10/0x10
 ? __pfx_mark_lock.part.0+0x10/0x10
 ? __pfx_lock_release+0x10/0x10
 ? __pfx_rtnl_newlink+0x10/0x10
 rtnetlink_rcv_msg+0x71c/0xc10
 ? __pfx_rtnetlink_rcv_msg+0x10/0x10
 ? check_chain_key+0x1c1/0x520
 ? __pfx___lock_acquire+0x10/0x10
 netlink_rcv_skb+0x12c/0x360
 ? __pfx_rtnetlink_rcv_msg+0x10/0x10
 ? __pfx_netlink_rcv_skb+0x10/0x10
 ? netlink_deliver_tap+0xcb/0x9e0
 ? netlink_deliver_tap+0x14b/0x9e0
 netlink_unicast+0x447/0x710
 ? __pfx_netlink_unicast+0x10/0x10
 netlink_sendmsg+0x712/0xbc0
 ? __pfx_netlink_sendmsg+0x10/0x10
 ? _copy_from_user+0x3e/0xa0
 ____sys_sendmsg+0x7ab/0xa10
 ? __pfx_____sys_sendmsg+0x10/0x10
 ? __pfx_copy_msghdr_from_user+0x10/0x10
 ___sys_sendmsg+0xee/0x170
 ? __pfx___lock_acquire+0x10/0x10
 ? kasan_save_stack+0x20/0x40
 ? __pfx____sys_sendmsg+0x10/0x10
 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
 ? kasan_save_stack+0x30/0x40
 ? __pfx_lock_release+0x10/0x10
 ? __might_fault+0xbf/0x170
 __sys_sendmsg+0x105/0x190
 ? __pfx___sys_sendmsg+0x10/0x10
 ? rseq_syscall+0xc3/0x130
 do_syscall_64+0x64/0x140
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7fd20f92c004
Code: 15 19 6e 0d 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 44 00
00 f3 0f 1e fa 80 3d 45 f0 0d 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d
005
RSP: 002b:00007fff40636e68 EFLAGS: 00000202 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd20f92c004
RDX: 0000000000000000 RSI: 00007fff40636ee0 RDI: 0000000000000003
RBP: 00007fff40636f50 R08: 0000000067d7b7e9 R09: 0000000000000050
R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000067d7b7ea R14: 000055d14b9e4040 R15: 0000000000000000

Thanks a lot!
Taehee Yoo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ