Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
upstream | possible deadlock in snd_seq_deliver_event | C | 6 | 2591d | 2601d | 4/28 | fixed on 2018/01/23 12:04 |
syzbot |
sign-in | mailing list | source | docs |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
upstream | possible deadlock in snd_seq_deliver_event | C | 6 | 2591d | 2601d | 4/28 | fixed on 2018/01/23 12:04 |
============================================= [ INFO: possible recursive locking detected ] 4.9.60-gdfe0a9b #81 Not tainted --------------------------------------------- syzkaller633487/3245 is trying to acquire lock: (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807 but task is already holding lock: (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&grp->list_mutex); lock(&grp->list_mutex); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by syzkaller633487/3245: #0: (register_mutex#4){+.+.+.}, at: [<ffffffff82e1e77a>] odev_release+0x4a/0x70 sound/core/seq/oss/seq_oss.c:152 #1: (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] #1: (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807 stack backtrace: CPU: 0 PID: 3245 Comm: syzkaller633487 Not tainted 4.9.60-gdfe0a9b #81 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ffff8801c772f100 ffffffff81d91389 ffffffff8537b4d0 ffffffff8537b4d0 dffffc0000000000 f75f28fb6e9d5274 0000000000000000 ffff8801c772f2c8 ffffffff8123c925 ffff8801c7720000 ffff8801c7720928 00000000000003c7 Call Trace: [<ffffffff81d91389>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81d91389>] dump_stack+0xc1/0x128 lib/dump_stack.c:51 [<ffffffff8123c925>] print_deadlock_bug kernel/locking/lockdep.c:1727 [inline] [<ffffffff8123c925>] check_deadlock kernel/locking/lockdep.c:1771 [inline] [<ffffffff8123c925>] validate_chain kernel/locking/lockdep.c:2249 [inline] [<ffffffff8123c925>] __lock_acquire+0xe35/0x3640 kernel/locking/lockdep.c:3345 [<ffffffff8123fb6e>] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756 [<ffffffff838a3354>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22 [<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline] [<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807 [<ffffffff82e0bf2e>] snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2318 [<ffffffff82e306c5>] dummy_input+0x235/0x320 sound/core/seq/seq_dummy.c:104 [<ffffffff82e0a5e0>] snd_seq_deliver_single_event.constprop.11+0x310/0x7c0 sound/core/seq/seq_clientmgr.c:621 [<ffffffff82e0ada6>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:676 [inline] [<ffffffff82e0ada6>] snd_seq_deliver_event+0x316/0x740 sound/core/seq/seq_clientmgr.c:807 [<ffffffff82e0bf2e>] snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2318 [<ffffffff82e306c5>] dummy_input+0x235/0x320 sound/core/seq/seq_dummy.c:104 [<ffffffff82e0a5e0>] snd_seq_deliver_single_event.constprop.11+0x310/0x7c0 sound/core/seq/seq_clientmgr.c:621 [<ffffffff82e0abbd>] snd_seq_deliver_event+0x12d/0x740 sound/core/seq/seq_clientmgr.c:818 [<ffffffff82e0bf2e>] snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2318 [<ffffffff82e2cef0>] snd_seq_oss_dispatch sound/core/seq/oss/seq_oss_device.h:150 [inline] [<ffffffff82e2cef0>] snd_seq_oss_midi_reset+0x390/0x570 sound/core/seq/oss/seq_oss_midi.c:481 [<ffffffff82e29320>] snd_seq_oss_synth_reset+0x3c0/0x8b0 sound/core/seq/oss/seq_oss_synth.c:416 [<ffffffff82e1fd7c>] snd_seq_oss_reset+0x6c/0x260 sound/core/seq/oss/seq_oss_init.c:448 [<ffffffff82e1ffe1>] snd_seq_oss_release+0x71/0x130 sound/core/seq/oss/seq_oss_init.c:425 [<ffffffff82e1e782>] odev_release+0x52/0x70 sound/core/seq/oss/seq_oss.c:153 [<ffffffff815734dc>] __fput+0x28c/0x6e0 fs/file_table.c:208 [<ffffffff815739b5>] ____fput+0x15/0x20 fs/file_table.c:244 [<ffffffff81196005>] task_work_run+0x115/0x190 kernel/task_work.c:116 [<ffffffff8113d2e7>] exit_task_work include/linux/task_work.h:21 [inline] [<ffffffff8113d2e7>] do_exit+0x7e7/0x2a40 kernel/exit.c:833 [<ffffffff810e0256>] ? _
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2017/11/06 15:40 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | syz | C | ci-android-49-kasan-gce |