syzbot

 sign-in | mailing list | source | docs
🐞 Open [383] 🐞 Fixed [50] 🐞 Invalid [138] Missing Backports [37] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

possible deadlock in lock_timer_base

Status: upstream: reported syz repro on 2023/06/17 18:14
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+1e90d72fb78c8c8fae1d@syzkaller.appspotmail.com
First crash: 173d, last: 43d
Bug presence (2)
Date Name Commit Repro Result
2023/06/17 linux-6.1.y (ToT) ca87e77a2ef8 C [report] INFO: rcu detected stall in corrupted
2023/06/17 upstream (ToT) 1639fae5132b C Didn't crash
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in lock_timer_base batman 14 184d 1069d 1/25 upstream: reported on 2021/01/03 06:59
linux-5.15 possible deadlock in lock_timer_base origin:lts-only syz error 3 187d 196d 0/3 upstream: reported syz repro on 2023/05/25 21:57
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2023/10/09 13:49 2h28m fix candidate upstream job log (0)

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.1.34-syzkaller #0 Not tainted
--------------------------------------------
kworker/u4:0/4234 is trying to acquire lock:
ffff0001b45d0758 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x108/0x214 kernel/time/timer.c:999

but task is already holding lock:
ffff0001b45b0758 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x67c/0xd30 kernel/time/timer.c:1096

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&base->lock);
  lock(&base->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by kworker/u4:0/4234:
 #0: ffff0000d51c3938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 kernel/workqueue.c:2262
 #1: ffff80001da57c20 ((work_completion)(&(&bat_priv->orig_work)->work)){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 kernel/workqueue.c:2264
 #2: ffff0001b45b0758 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x67c/0xd30 kernel/time/timer.c:1096

stack backtrace:
CPU: 0 PID: 4234 Comm: kworker/u4:0 Not tainted 6.1.34-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: bat_events batadv_purge_orig
Call trace:
 dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 __lock_acquire+0x6310/0x764c kernel/locking/lockdep.c:5056
 lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
 lock_timer_base+0x108/0x214 kernel/time/timer.c:999
 __mod_timer+0x1b4/0xd30 kernel/time/timer.c:1072
 add_timer+0x6c/0x88 kernel/time/timer.c:1197
 __queue_delayed_work kernel/workqueue.c:1676 [inline]
 queue_delayed_work_on+0x1f0/0x320 kernel/workqueue.c:1701
 queue_delayed_work include/linux/workqueue.h:518 [inline]
 schedule_delayed_work include/linux/workqueue.h:670 [inline]
 __debug_check_no_obj_freed lib/debugobjects.c:1036 [inline]
 debug_check_no_obj_freed+0xc8/0x50c lib/debugobjects.c:1043
 free_pages_prepare mm/page_alloc.c:1466 [inline]
 free_pcp_prepare mm/page_alloc.c:1510 [inline]
 free_unref_page_prepare+0x450/0x1070 mm/page_alloc.c:3388
 free_unref_page+0x80/0x444 mm/page_alloc.c:3484
 free_the_page mm/page_alloc.c:770 [inline]
 __free_pages+0x1a0/0x1cc mm/page_alloc.c:5648
 free_pages+0xa0/0xb8 mm/page_alloc.c:5659
 __stack_depot_save+0x3a0/0x4dc lib/stackdepot.c:506
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x64/0x80 mm/kasan/common.c:52
 kasan_save_alloc_info+0x24/0x30 mm/kasan/generic.c:505
 __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook+0x74/0x458 mm/slab.h:737
 slab_alloc_node mm/slub.c:3398 [inline]
 slab_alloc mm/slub.c:3406 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3413 [inline]
 kmem_cache_alloc+0x230/0x37c mm/slub.c:3422
 kmem_cache_zalloc include/linux/slab.h:679 [inline]
 fill_pool lib/debugobjects.c:168 [inline]
 debug_objects_fill_pool+0x36c/0x7d4 lib/debugobjects.c:597
 debug_object_activate+0x114/0x790 lib/debugobjects.c:693
 debug_timer_activate kernel/time/timer.c:782 [inline]
 __mod_timer+0x830/0xd30 kernel/time/timer.c:1103
 add_timer+0x6c/0x88 kernel/time/timer.c:1197
 __queue_delayed_work kernel/workqueue.c:1676 [inline]
 queue_delayed_work_on+0x1f0/0x320 kernel/workqueue.c:1701
 queue_delayed_work include/linux/workqueue.h:518 [inline]
 batadv_purge_orig+0x60/0x70 net/batman-adv/originator.c:1273
 process_one_work+0x7ac/0x1404 kernel/workqueue.c:2289
 worker_thread+0x8e4/0xfec kernel/workqueue.c:2436
 kthread+0x250/0x2d8 kernel/kthread.c:376
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/17 18:12 linux-6.1.y ca87e77a2ef8 f3921d4d .config console log report syz [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 possible deadlock in lock_timer_base
2023/10/25 21:22 linux-6.1.y 32c9cdbe383c 72e794c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf possible deadlock in lock_timer_base
2023/10/23 22:04 linux-6.1.y 7d24402875c7 989a3687 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-perf possible deadlock in lock_timer_base
* Struck through repros no longer work on HEAD.