From: syzbot <syzbot+44e40ac2cfe68e8ce207@syzkaller.appspotmail.com>
To: alex.dewar90@gmail.com, arnd@arndb.de,
gregkh@linuxfoundation.org, hdanton@sina.com, jhansen@vmware.com,
linux-kernel@vger.kernel.org, snovitoll@gmail.com,
syzkaller-bugs@googlegroups.com, vdasa@vmware.com
Subject: Re: [syzbot] possible deadlock in vmci_qp_broker_detach
Date: Mon, 12 Apr 2021 10:29:13 -0700 [thread overview]
Message-ID: <00000000000036298005bfc9da23@google.com> (raw)
In-Reply-To: <00000000000002b41905be665238@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: d434405a Linux 5.12-rc7
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1661482ed00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9c3d8981d2bdb103
dashboard link: https://syzkaller.appspot.com/bug?extid=44e40ac2cfe68e8ce207
compiler: Debian clang version 11.0.1-2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=102336a6d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+44e40ac2cfe68e8ce207@syzkaller.appspotmail.com
============================================
WARNING: possible recursive locking detected
5.12.0-rc7-syzkaller #0 Not tainted
--------------------------------------------
syz-executor.0/10571 is trying to acquire lock:
ffffffff8ce6c1f8 (qp_broker_list.mutex){+.+.}-{3:3}, at: vmci_qp_broker_detach+0xd3/0x10c0 drivers/misc/vmw_vmci/vmci_queue_pair.c:2093
but task is already holding lock:
ffffffff8ce6c1f8 (qp_broker_list.mutex){+.+.}-{3:3}, at: vmci_qp_broker_detach+0xd3/0x10c0 drivers/misc/vmw_vmci/vmci_queue_pair.c:2093
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(qp_broker_list.mutex);
lock(qp_broker_list.mutex);
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by syz-executor.0/10571:
#0: ffffffff8ce6c1f8 (qp_broker_list.mutex){+.+.}-{3:3}, at: vmci_qp_broker_detach+0xd3/0x10c0 drivers/misc/vmw_vmci/vmci_queue_pair.c:2093
stack backtrace:
CPU: 1 PID: 10571 Comm: syz-executor.0 Not tainted 5.12.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x176/0x24e lib/dump_stack.c:120
__lock_acquire+0x2303/0x5e60 kernel/locking/lockdep.c:4739
lock_acquire+0x126/0x650 kernel/locking/lockdep.c:5511
__mutex_lock_common+0x167/0x2eb0 kernel/locking/mutex.c:949
__mutex_lock kernel/locking/mutex.c:1096 [inline]
mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1111
vmci_qp_broker_detach+0xd3/0x10c0 drivers/misc/vmw_vmci/vmci_queue_pair.c:2093
ctx_free_ctx drivers/misc/vmw_vmci/vmci_context.c:444 [inline]
kref_put include/linux/kref.h:65 [inline]
vmci_ctx_put+0x722/0xe00 drivers/misc/vmw_vmci/vmci_context.c:497
vmci_ctx_enqueue_datagram+0x3a7/0x440 drivers/misc/vmw_vmci/vmci_context.c:360
dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:275 [inline]
vmci_datagram_dispatch+0x3ec/0xb40 drivers/misc/vmw_vmci/vmci_datagram.c:339
qp_notify_peer drivers/misc/vmw_vmci/vmci_queue_pair.c:1479 [inline]
vmci_qp_broker_detach+0x9fa/0x10c0 drivers/misc/vmw_vmci/vmci_queue_pair.c:2186
ctx_free_ctx drivers/misc/vmw_vmci/vmci_context.c:444 [inline]
kref_put include/linux/kref.h:65 [inline]
vmci_ctx_put+0x722/0xe00 drivers/misc/vmw_vmci/vmci_context.c:497
vmci_host_close+0x96/0x160 drivers/misc/vmw_vmci/vmci_host.c:143
__fput+0x352/0x7b0 fs/file_table.c:280
task_work_run+0x146/0x1c0 kernel/task_work.c:140
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
exit_to_user_mode_prepare+0x10b/0x1e0 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x26/0x70 kernel/entry/common.c:301
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x41926b
Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
RSP: 002b:00007ffee76536f0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000041926b
RDX: 0000000000570698 RSI: 0000000000000001 RDI: 0000000000000003
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000001b30e200a8
R10: 00007ffee76537e0 R11: 0000000000000293 R12: 00000000000688ea
R13: 00000000000003e8 R14: 000000000056bf60 R15: 00000000000688cf
next prev parent reply other threads:[~2021-04-12 17:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-26 1:19 [syzbot] possible deadlock in vmci_qp_broker_detach syzbot
2021-04-12 17:29 ` syzbot [this message]
2021-06-30 17:21 ` syzbot
2021-06-30 21:36 ` Pavel Skripkin
2021-06-30 21:56 ` syzbot
2021-06-30 22:00 ` Pavel Skripkin
2021-06-30 22:20 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000036298005bfc9da23@google.com \
--to=syzbot+44e40ac2cfe68e8ce207@syzkaller.appspotmail.com \
--cc=alex.dewar90@gmail.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=hdanton@sina.com \
--cc=jhansen@vmware.com \
--cc=linux-kernel@vger.kernel.org \
--cc=snovitoll@gmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=vdasa@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.