syzbot


possible deadlock in io_poll_double_wake (2)

Status: fixed on 2021/04/09 19:46
Subsystems: io-uring fs
[Documentation on labels]
Reported-by: syzbot+28abd693db9e92c160d8@syzkaller.appspotmail.com
Fix commit: 1c3b3e6527e5 io_uring: ignore double poll add on the same waitqueue head
First crash: 1478d, last: 1281d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: failed (error log, bisect log)
  
Discussions (5)
Title Replies (including bot) Last reply
[PATCH 5.10 00/42] 5.10.22-rc1 review 50 (50) 2021/03/09 10:27
[PATCH 5.11 00/44] 5.11.5-rc1 review 49 (49) 2021/03/09 10:26
[PATCHSET 0/33] Fixes queued up for 5.12 36 (36) 2021/03/04 14:05
Re: possible deadlock in io_poll_double_wake (2) 1 (1) 2021/03/03 13:39
possible deadlock in io_poll_double_wake (2) 8 (14) 2021/03/03 12:45
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream possible deadlock in io_poll_double_wake (3) io-uring fs C error done 703 1004d 1277d 20/28 fixed on 2022/03/08 16:11
upstream possible deadlock in io_poll_double_wake io-uring fs C 17 1490d 1518d 0/28 closed as dup on 2020/08/15 18:15
Last patch testing requests (4)
Created Duration User Patch Repo Result
2021/03/03 04:01 10m axboe@kernel.dk git://git.kernel.dk/linux-block syzbot-test report log
2021/03/02 17:20 10m axboe@kernel.dk git://git.kernel.dk/linux-block syzbot-test report log
2021/03/01 15:27 11m axboe@kernel.dk git://git.kernel.dk/linux-block syzbot-test report log
2021/02/28 23:08 11m axboe@kernel.dk git://git.kernel.dk/linux-block syzbot-test report log

Sample crash report:
============================================
WARNING: possible recursive locking detected
5.11.0-syzkaller #0 Not tainted
--------------------------------------------
swapper/1/0 is trying to acquire lock:
ffff88801b2b1130 (&runtime->sleep){..-.}-{2:2}, at: spin_lock include/linux/spinlock.h:354 [inline]
ffff88801b2b1130 (&runtime->sleep){..-.}-{2:2}, at: io_poll_double_wake+0x25f/0x6a0 fs/io_uring.c:4960

but task is already holding lock:
ffff88801b2b3130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&runtime->sleep);
  lock(&runtime->sleep);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

2 locks held by swapper/1/0:
 #0: ffff888147474908 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 sound/core/pcm_native.c:170
 #1: ffff88801b2b3130 (&runtime->sleep){..-.}-{2:2}, at: __wake_up_common_lock+0xb4/0x130 kernel/sched/wait.c:137

stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0xfa/0x151 lib/dump_stack.c:120
 print_deadlock_bug kernel/locking/lockdep.c:2829 [inline]
 check_deadlock kernel/locking/lockdep.c:2872 [inline]
 validate_chain kernel/locking/lockdep.c:3661 [inline]
 __lock_acquire.cold+0x14c/0x3b4 kernel/locking/lockdep.c:4900
 lock_acquire kernel/locking/lockdep.c:5510 [inline]
 lock_acquire+0x1ab/0x730 kernel/locking/lockdep.c:5475
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:151
 spin_lock include/linux/spinlock.h:354 [inline]
 io_poll_double_wake+0x25f/0x6a0 fs/io_uring.c:4960
 __wake_up_common+0x147/0x650 kernel/sched/wait.c:108
 __wake_up_common_lock+0xd0/0x130 kernel/sched/wait.c:138
 snd_pcm_update_state+0x46a/0x540 sound/core/pcm_lib.c:203
 snd_pcm_update_hw_ptr0+0xa75/0x1a50 sound/core/pcm_lib.c:464
 snd_pcm_period_elapsed+0x160/0x250 sound/core/pcm_lib.c:1805
 dummy_hrtimer_callback+0x94/0x1b0 sound/drivers/dummy.c:378
 __run_hrtimer kernel/time/hrtimer.c:1519 [inline]
 __hrtimer_run_queues+0x609/0xe40 kernel/time/hrtimer.c:1583
 hrtimer_run_softirq+0x17b/0x360 kernel/time/hrtimer.c:1600
 __do_softirq+0x29b/0x9f6 kernel/softirq.c:345
 invoke_softirq kernel/softirq.c:221 [inline]
 __irq_exit_rcu kernel/softirq.c:422 [inline]
 irq_exit_rcu+0x134/0x200 kernel/softirq.c:434
 sysvec_apic_timer_interrupt+0x93/0xc0 arch/x86/kernel/apic/apic.c:1100
 </IRQ>
 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:137 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
RIP: 0010:acpi_idle_do_entry+0x1c9/0x250 drivers/acpi/processor_idle.c:516
Code: dd 38 6e f8 84 db 75 ac e8 54 32 6e f8 e8 0f 1c 74 f8 e9 0c 00 00 00 e8 45 32 6e f8 0f 00 2d 4e 4a c5 00 e8 39 32 6e f8 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 14 3a 6e f8 48 85 db
RSP: 0018:ffffc90000d47d18 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff8880115c3780 RSI: ffffffff89052537 RDI: 0000000000000000
RBP: ffff888141127064 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff81794168 R11: 0000000000000000 R12: 0000000000000001
R13: ffff888141127000 R14: ffff888141127064 R15: ffff888143331804
 acpi_idle_enter+0x361/0x500 drivers/acpi/processor_idle.c:647
 cpuidle_enter_state+0x1b1/0xc80 drivers/cpuidle/cpuidle.c:237
 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:351
 call_cpuidle kernel/sched/idle.c:158 [inline]
 cpuidle_idle_call kernel/sched/idle.c:239 [inline]
 do_idle+0x3e1/0x590 kernel/sched/idle.c:300
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:397
 start_secondary+0x274/0x350 arch/x86/kernel/smpboot.c:272
 secondary_startup_64_no_verify+0xb0/0xbb

Crashes (431):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/02/28 00:41 upstream 5695e5161974 4c37c133 .config console log report syz C ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2020/10/01 04:55 upstream 02de58b24d2e 8516f6d3 .config console log report syz ci-upstream-kasan-gce
2020/12/13 15:56 linux-next 14240d4c5b25 bca53db9 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2020/09/25 02:21 linux-next d1d2220c7f39 54289b08 .config console log report syz ci-upstream-linux-next-kasan-gce-root
2021/04/09 18:06 upstream 17e7124aad76 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/09 01:59 upstream 4fa56ad0d12e 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/08 13:46 upstream 454859c552da 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/08 04:23 upstream 3a22981230f9 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/08 01:23 upstream 3a22981230f9 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/07 23:57 upstream 3a22981230f9 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/07 20:53 upstream 2d743660786e 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/07 15:18 upstream 2d743660786e 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/07 08:14 upstream 2d743660786e 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/07 04:05 upstream 2d743660786e 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/07 01:28 upstream 2d743660786e 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/06 19:34 upstream 0a50438c8436 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/06 11:01 upstream 0a50438c8436 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/06 00:12 upstream 0a50438c8436 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/05 22:16 upstream 0a50438c8436 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/05 20:42 upstream 0a50438c8436 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/05 18:33 upstream 0a50438c8436 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/05 00:48 upstream e49d033bddf5 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/04 23:43 upstream e49d033bddf5 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/04 22:21 upstream e49d033bddf5 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/04 15:49 upstream 2023a53bdf41 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/04 10:30 upstream 2023a53bdf41 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/04 08:07 upstream 2023a53bdf41 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/04 02:36 upstream 57fbdb15ec42 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/03 19:57 upstream 57fbdb15ec42 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/03 17:24 upstream 57fbdb15ec42 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/03 16:39 upstream d93a0d43e3d0 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/03 14:59 upstream d93a0d43e3d0 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/03 06:14 upstream d93a0d43e3d0 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/03 04:18 upstream d93a0d43e3d0 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/03 02:51 upstream d93a0d43e3d0 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/02 16:28 upstream 1678e493d530 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/02 12:52 upstream 1678e493d530 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/02 11:29 upstream 1678e493d530 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/01 21:58 upstream ffd9fb546d49 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/01 20:38 upstream ffd9fb546d49 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/01 08:38 upstream d19cc4bfbff1 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/04/01 06:48 upstream d19cc4bfbff1 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/04/01 05:08 upstream d19cc4bfbff1 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/03/31 16:51 upstream 5e46d1b78a03 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/03/31 13:29 upstream 5e46d1b78a03 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/03/31 12:00 upstream 5e46d1b78a03 6a81331a .config console log report info ci-upstream-kasan-gce possible deadlock in io_poll_double_wake
2021/03/31 01:18 upstream 2bb25b3a748a 6a81331a .config console log report info ci-upstream-kasan-gce-selinux-root possible deadlock in io_poll_double_wake
2021/03/01 13:44 upstream fe07bfda2fb9 4c37c133 .config console log report info ci-qemu-upstream possible deadlock in io_poll_double_wake
2021/02/28 14:14 upstream 5695e5161974 4c37c133 .config console log report info ci-upstream-kasan-gce-root possible deadlock in io_poll_double_wake
2021/02/28 11:45 upstream 5695e5161974 4c37c133 .config console log report info ci-upstream-kasan-gce-smack-root possible deadlock in io_poll_double_wake
2021/03/26 10:32 upstream db24726bfefa 6a383ecf .config console log report info ci-upstream-kasan-gce-386 possible deadlock in io_poll_double_wake
2021/03/05 10:22 upstream 280d542f6ffa 9d751681 .config console log report info ci-qemu-upstream-386 possible deadlock in io_poll_double_wake
2021/03/02 04:39 linux-next 92f791ebd25b 183afb6c .config console log report info ci-upstream-linux-next-kasan-gce-root possible deadlock in io_poll_double_wake
* Struck through repros no longer work on HEAD.