From: Uladzislau Rezki <urezki@gmail.com>
To: syzbot <syzbot+1fa663a2100308ab6eab@syzkaller.appspotmail.com>
Cc: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org,
daniel@iogearbox.net, eddyz87@gmail.com, haoluo@google.com,
john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org,
linux-kernel@vger.kernel.org, martin.lau@linux.dev,
sdf@google.com, song@kernel.org, syzkaller-bugs@googlegroups.com,
yonghong.song@linux.dev
Subject: Re: [syzbot] [bpf?] possible deadlock in kvfree_call_rcu
Date: Sun, 31 Mar 2024 08:28:20 +0200 [thread overview]
Message-ID: <ZgkChGTru7cc3Nsv@pc636> (raw)
In-Reply-To: <000000000000f2f0c0061494e610@google.com>
On Tue, Mar 26, 2024 at 12:00:22PM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: fe46a7dd189e Merge tag 'sound-6.9-rc1' of git://git.kernel..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=11547a65180000
> kernel config: https://syzkaller.appspot.com/x/.config?x=4d90a36f0cab495a
> dashboard link: https://syzkaller.appspot.com/bug?extid=1fa663a2100308ab6eab
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
>
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 7033999ecd7b
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3467,19 +3467,19 @@ void kvfree_call_rcu(struct rcu_head *head, void *ptr)
*/
kmemleak_ignore(ptr);
- // Set timer to drain after KFREE_DRAIN_JIFFIES.
- if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING)
- schedule_delayed_monitor_work(krcp);
-
unlock_return:
krc_this_cpu_unlock(krcp, flags);
- /*
- * Inline kvfree() after synchronize_rcu(). We can do
- * it from might_sleep() context only, so the current
- * CPU can pass the QS state.
- */
- if (!success) {
+ if (success) {
+ // Set timer to drain after KFREE_DRAIN_JIFFIES.
+ if (rcu_scheduler_active == RCU_SCHEDULER_RUNNING)
+ schedule_delayed_monitor_work(krcp);
+ } else {
+ /*
+ * Inline kvfree() after synchronize_rcu(). We can do
+ * it from might_sleep() context only, so the current
+ * CPU can pass the QS state.
+ */
debug_rcu_head_unqueue((struct rcu_head *) ptr);
synchronize_rcu();
kvfree(ptr);
next prev parent reply other threads:[~2024-03-31 6:28 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-26 19:00 [syzbot] [bpf?] possible deadlock in kvfree_call_rcu syzbot
2024-03-26 19:53 ` false positive deadlock? Was: " Alexei Starovoitov
2024-03-27 4:37 ` Paul E. McKenney
2024-03-27 5:04 ` Paul E. McKenney
2024-03-28 0:12 ` Alexei Starovoitov
2024-03-27 23:27 ` syzbot
2024-03-28 23:07 ` Hillf Danton
2024-03-29 16:17 ` syzbot
2024-03-30 0:27 ` Hillf Danton
2024-03-30 15:34 ` syzbot
2024-03-30 23:42 ` Hillf Danton
2024-03-30 23:42 ` Hillf Danton
2024-03-31 5:43 ` syzbot
2024-03-31 6:19 ` Hillf Danton
2024-03-31 7:03 ` syzbot
2024-03-31 7:03 ` syzbot
2024-03-30 17:55 ` Uladzislau Rezki
2024-03-31 6:23 ` Hillf Danton
2024-03-31 6:23 ` Hillf Danton
2024-03-31 7:25 ` Uladzislau Rezki
2024-03-31 6:28 ` Uladzislau Rezki [this message]
2024-03-31 6:54 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZgkChGTru7cc3Nsv@pc636 \
--to=urezki@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=syzbot+1fa663a2100308ab6eab@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox