From: syzbot <syzbot+1591462f226d9cbf0564@syzkaller.appspotmail.com>
To: hdanton@sina.com
Cc: hdanton@sina.com, linux-kernel@vger.kernel.org,
syzkaller@googlegroups.com, syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2)
Date: Tue, 11 Jul 2023 06:20:14 -0700 [thread overview]
Message-ID: <0000000000009e59f4060035f595@google.com> (raw)
In-Reply-To: <20230711131958.334-1-hdanton@sina.com>
> On Mon, 10 Jul 2023 10:53:57 -0700
>> HEAD commit: e40939bbfc68 Merge branch 'for-next/core' into for-kernelci
>> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=178f78d4a80000
>
> Put session without the session list lock held.
>
> #syz test https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git e40939bbfc68
Your commands are accepted, but please keep syzkaller-bugs@googlegroups.com mailing list in CC next time. It serves as a history of what happened with each bug report. Thank you.
>
> --- x/net/can/j1939/transport.c
> +++ y/net/can/j1939/transport.c
> @@ -1083,7 +1083,6 @@ static bool j1939_session_deactivate_loc
>
> list_del_init(&session->active_session_list_entry);
> session->state = J1939_SESSION_DONE;
> - j1939_session_put(session);
> }
>
> return active;
> @@ -1098,6 +1097,9 @@ static bool j1939_session_deactivate(str
> active = j1939_session_deactivate_locked(session);
> j1939_session_list_unlock(priv);
>
> + if (active)
> + j1939_session_put(session);
> +
> return active;
> }
>
> @@ -2178,6 +2180,7 @@ void j1939_simple_recv(struct j1939_priv
> int j1939_cancel_active_session(struct j1939_priv *priv, struct sock *sk)
> {
> struct j1939_session *session, *saved;
> + LIST_HEAD(active);
>
> netdev_dbg(priv->ndev, "%s, sk: %p\n", __func__, sk);
> j1939_session_list_lock(priv);
> @@ -2191,10 +2194,16 @@ int j1939_cancel_active_session(struct j
> j1939_session_put(session);
>
> session->err = ESHUTDOWN;
> - j1939_session_deactivate_locked(session);
> + if (j1939_session_deactivate_locked(session))
> + list_move(&session->active_session_list_entry, &active);
> }
> }
> j1939_session_list_unlock(priv);
> +
> + list_for_each_entry_safe(session, saved, &active, active_session_list_entry) {
> + list_del_init(&session->active_session_list_entry);
> + j1939_session_put(session);
> + }
> return NOTIFY_DONE;
> }
>
> --
next parent reply other threads:[~2023-07-11 13:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20230711131958.334-1-hdanton@sina.com>
2023-07-11 13:20 ` syzbot [this message]
2023-07-11 13:47 ` [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
2023-07-12 0:47 [PATCH] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Ziqi Zhao
2023-07-12 1:16 ` [syzbot] [can?] possible deadlock in j1939_sk_errqueue (2) syzbot
-- strict thread matches above, loose matches on Subject: below --
2023-07-04 6:19 syzbot
2023-07-10 17:53 ` syzbot
2023-11-15 3:54 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000009e59f4060035f595@google.com \
--to=syzbot+1591462f226d9cbf0564@syzkaller.appspotmail.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.