Re: [syzbot] [net?] possible deadlock in do_ipv6_setsockopt (4)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+3433b5cb8b2b70933f8d@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
	 syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [net?] possible deadlock in do_ipv6_setsockopt (4)
Date: Mon, 03 Feb 2025 00:31:04 -0800	[thread overview]
Message-ID: <67a07ec8.050a0220.d7c5a.0084.GAE@google.com> (raw)
In-Reply-To: <20250203080449.1988-1-hdanton@sina.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in smc_pnet_find_ism_resource

============================================
WARNING: possible recursive locking detected
6.13.0-syzkaller-09685-gc2933b2befe2-dirty #0 Not tainted
--------------------------------------------
syz.0.16/6653 is trying to acquire lock:
ffffffff8fcbf088 (rtnl_mutex){+.+.}-{4:4}, at: pnet_find_base_ndev net/smc/smc_pnet.c:945 [inline]
ffffffff8fcbf088 (rtnl_mutex){+.+.}-{4:4}, at: smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1101 [inline]
ffffffff8fcbf088 (rtnl_mutex){+.+.}-{4:4}, at: smc_pnet_find_ism_resource+0xe1/0x510 net/smc/smc_pnet.c:1152

but task is already holding lock:
ffffffff8fcbf088 (rtnl_mutex){+.+.}-{4:4}, at: smc_connect+0xb2/0xde0 net/smc/af_smc.c:1646

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(rtnl_mutex);
  lock(rtnl_mutex);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

2 locks held by syz.0.16/6653:
 #0: ffffffff8fcbf088 (rtnl_mutex){+.+.}-{4:4}, at: smc_connect+0xb2/0xde0 net/smc/af_smc.c:1646
 #1: ffff88806d868258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1624 [inline]
 #1: ffff88806d868258 (sk_lock-AF_INET6){+.+.}-{0:0}, at: smc_connect+0xbc/0xde0 net/smc/af_smc.c:1647

stack backtrace:
CPU: 0 UID: 0 PID: 6653 Comm: syz.0.16 Not tainted 6.13.0-syzkaller-09685-gc2933b2befe2-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3039
 check_deadlock kernel/locking/lockdep.c:3091 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3893
 __lock_acquire+0x1397/0x2100 kernel/locking/lockdep.c:5228
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5851
 __mutex_lock_common kernel/locking/mutex.c:585 [inline]
 __mutex_lock+0x19c/0x1010 kernel/locking/mutex.c:730
 pnet_find_base_ndev net/smc/smc_pnet.c:945 [inline]
 smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1101 [inline]
 smc_pnet_find_ism_resource+0xe1/0x510 net/smc/smc_pnet.c:1152
 smc_find_ism_device net/smc/af_smc.c:1011 [inline]
 smc_find_proposal_devices net/smc/af_smc.c:1096 [inline]
 __smc_connect+0x391/0x1910 net/smc/af_smc.c:1526
 smc_connect+0x872/0xde0 net/smc/af_smc.c:1699
 __sys_connect_file net/socket.c:2040 [inline]
 __sys_connect+0x288/0x2d0 net/socket.c:2059
 __do_sys_connect net/socket.c:2065 [inline]
 __se_sys_connect net/socket.c:2062 [inline]
 __x64_sys_connect+0x7a/0x90 net/socket.c:2062
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbdb618cda9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fbdb7056038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 00007fbdb63a5fa0 RCX: 00007fbdb618cda9
RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003
RBP: 00007fbdb620e2a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fbdb63a5fa0 R15: 00007fff45686908
 </TASK>


Tested on:

commit:         c2933b2b Merge tag 'net-6.14-rc1' of git://git.kernel...
git tree:       net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17c65724580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=d033b14aeef39158
dashboard link: https://syzkaller.appspot.com/bug?extid=3433b5cb8b2b70933f8d
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=13691764580000

     prev parent reply	other threads:[~2025-02-03  8:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-10 16:04 [syzbot] [net?] possible deadlock in do_ipv6_setsockopt (4) syzbot
2025-02-02 22:01 ` syzbot
2025-02-03  8:04   ` Hillf Danton
2025-02-03  8:31     ` syzbot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=67a07ec8.050a0220.d7c5a.0084.GAE@google.com \
    --to=syzbot+3433b5cb8b2b70933f8d@syzkaller.appspotmail.com \
    --cc=hdanton@sina.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.