syzbot


possible deadlock in strp_sock_lock

Status: upstream: reported C repro on 2019/07/31 22:27
Reported-by: syzbot+5384e4fa4aa4361bfcc4@syzkaller.appspotmail.com
First crash: 1782d, last: 1466d
Fix bisection the fix commit could be any of (bisect log):
  ddef1e8e3f6e Linux 4.14.151
  56dfe6252c68 Linux 4.14.188
  
Last patch testing requests (6)
Created Duration User Patch Repo Result
2023/01/25 03:32 10m retest repro linux-4.14.y report log
2023/01/24 18:32 10m retest repro linux-4.14.y report log
2023/01/24 14:32 13m retest repro linux-4.14.y report log
2022/09/07 10:27 8m retest repro linux-4.14.y report log
2022/09/07 09:27 9m retest repro linux-4.14.y report log
2022/09/07 08:27 9m retest repro linux-4.14.y report log
Fix bisection attempts (8)
Created Duration User Patch Repo Result
2020/07/11 06:34 29m bisect fix linux-4.14.y job log (2)
2020/06/11 06:01 24m bisect fix linux-4.14.y job log (0) log
2020/05/12 05:35 24m bisect fix linux-4.14.y job log (0) log
2020/04/12 05:12 22m bisect fix linux-4.14.y job log (0) log
2020/03/13 04:48 23m bisect fix linux-4.14.y job log (0) log
2020/02/12 04:07 23m bisect fix linux-4.14.y job log (0) log
2020/01/13 03:44 22m bisect fix linux-4.14.y job log (0) log
2019/12/14 03:21 23m bisect fix linux-4.14.y job log (0) log

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1572500433.394:36): avc:  denied  { map } for  pid=6934 comm="syz-executor803" path="/root/syz-executor803687095" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
======================================================
WARNING: possible circular locking dependency detected
4.14.151 #0 Not tainted
------------------------------------------------------
kworker/u4:3/269 is trying to acquire lock:
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff8599e2de>] lock_sock include/net/sock.h:1462 [inline]
 (sk_lock-AF_INET){+.+.}, at: [<ffffffff8599e2de>] strp_sock_lock+0x2e/0x40 net/strparser/strparser.c:451

but task is already holding lock:
 ((&strp->work)){+.+.}, at: [<ffffffff813cf92b>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089

which lock already depends on the new lock.


the existing dependency chain (in reverse order) is:

-> #1 ((&strp->work)){+.+.}:
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       flush_work+0xae/0x730 kernel/workqueue.c:2881
       __cancel_work_timer+0x2f0/0x480 kernel/workqueue.c:2956
       cancel_work_sync+0x18/0x20 kernel/workqueue.c:2992
       strp_done+0x58/0xe0 net/strparser/strparser.c:519
       kcm_attach net/kcm/kcmsock.c:1429 [inline]
       kcm_attach_ioctl net/kcm/kcmsock.c:1490 [inline]
       kcm_ioctl+0x8d9/0x1120 net/kcm/kcmsock.c:1701
       sock_do_ioctl+0x64/0xb0 net/socket.c:974
       sock_ioctl+0x2a6/0x470 net/socket.c:1071
       vfs_ioctl fs/ioctl.c:46 [inline]
       file_ioctl fs/ioctl.c:500 [inline]
       do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
       SYSC_ioctl fs/ioctl.c:701 [inline]
       SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
       do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
       entry_SYSCALL_64_after_hwframe+0x42/0xb7

-> #0 (sk_lock-AF_INET){+.+.}:
       check_prev_add kernel/locking/lockdep.c:1901 [inline]
       check_prevs_add kernel/locking/lockdep.c:2018 [inline]
       validate_chain kernel/locking/lockdep.c:2460 [inline]
       __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
       lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
       lock_sock_nested+0xbd/0x110 net/core/sock.c:2770
       lock_sock include/net/sock.h:1462 [inline]
       strp_sock_lock+0x2e/0x40 net/strparser/strparser.c:451
       do_strp_work net/strparser/strparser.c:415 [inline]
       strp_work+0x43/0x100 net/strparser/strparser.c:434
       process_one_work+0x863/0x1600 kernel/workqueue.c:2114
       worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
       kthread+0x319/0x430 kernel/kthread.c:232
       ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404

other info that might help us debug this:

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock((&strp->work));
                               lock(sk_lock-AF_INET);
                               lock((&strp->work));
  lock(sk_lock-AF_INET);

 *** DEADLOCK ***

2 locks held by kworker/u4:3/269:
 #0:  ("%s""kstrp"){+.+.}, at: [<ffffffff813cf8ee>] work_static include/linux/workqueue.h:199 [inline]
 #0:  ("%s""kstrp"){+.+.}, at: [<ffffffff813cf8ee>] set_work_data kernel/workqueue.c:619 [inline]
 #0:  ("%s""kstrp"){+.+.}, at: [<ffffffff813cf8ee>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 #0:  ("%s""kstrp"){+.+.}, at: [<ffffffff813cf8ee>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
 #1:  ((&strp->work)){+.+.}, at: [<ffffffff813cf92b>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089

stack backtrace:
CPU: 0 PID: 269 Comm: kworker/u4:3 Not tainted 4.14.151 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: kstrp strp_work
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x138/0x197 lib/dump_stack.c:53
 print_circular_bug.isra.0.cold+0x1cc/0x28f kernel/locking/lockdep.c:1258
 check_prev_add kernel/locking/lockdep.c:1901 [inline]
 check_prevs_add kernel/locking/lockdep.c:2018 [inline]
 validate_chain kernel/locking/lockdep.c:2460 [inline]
 __lock_acquire+0x2cb3/0x4620 kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 lock

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/10/31 05:43 linux-4.14.y ddef1e8e3f6e a41ca8fa .config console log report syz C ci2-linux-4-14
2019/10/22 07:03 linux-4.14.y b98aebd29824 c59a7cd8 .config console log report syz C ci2-linux-4-14
2019/10/02 15:17 linux-4.14.y f6e27dbb1afa 2e29b534 .config console log report syz C ci2-linux-4-14
2019/09/02 07:43 linux-4.14.y 01fd1694b93c db7c31ca .config console log report ci2-linux-4-14
2019/07/31 21:26 linux-4.14.y 10d6aa565d05 995b2a26 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.