syzbot


possible deadlock in __bpf_ringbuf_reserve

Status: upstream: reported C repro on 2024/03/12 16:41
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+850aaf14624dc0c6d366@syzkaller.appspotmail.com
First crash: 257d, last: 37m
Cause bisection: failed (error log, bisect log)
  
Discussions (6)
Title Replies (including bot) Last reply
[syzbot] Monthly bpf report (Oct 2024) 0 (1) 2024/10/15 21:53
[syzbot] Monthly bpf report (Sep 2024) 0 (1) 2024/09/14 12:53
[syzbot] Monthly bpf report (Aug 2024) 0 (1) 2024/08/14 12:43
[syzbot] Monthly bpf report (Jul 2024) 0 (1) 2024/07/15 11:52
[syzbot] Monthly bpf report (Jun 2024) 0 (1) 2024/06/12 22:41
[syzbot] [bpf?] possible deadlock in __bpf_ringbuf_reserve 6 (8) 2024/03/13 12:13
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in __bpf_ringbuf_reserve origin:upstream C 47 31d 257d 0/3 upstream: reported C repro on 2024/03/08 23:13
Last patch testing requests (3)
Created Duration User Patch Repo Result
2024/03/24 09:45 21m retest repro bpf report log
2024/03/24 09:45 17m retest repro bpf-next report log
2024/03/13 10:46 24m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.11.0-syzkaller-10555-gbcd28cfd04eb #0 Not tainted
--------------------------------------------
syz-executor647/5299 is trying to acquire lock:
ffffc900097650d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427

but task is already holding lock:
ffffc9000aa450d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&rb->spinlock);
  lock(&rb->spinlock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by syz-executor647/5299:
 #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2317 [inline]
 #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1fc/0x540 kernel/trace/bpf_trace.c:2359
 #1: ffffc9000aa450d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427
 #2: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: trace_call_bpf+0xbc/0x8a0

stack backtrace:
CPU: 1 UID: 0 PID: 5299 Comm: syz-executor647 Not tainted 6.11.0-syzkaller-10555-gbcd28cfd04eb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3034
 check_deadlock kernel/locking/lockdep.c:3086 [inline]
 validate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3888
 __lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5199
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5822
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427
 ____bpf_ringbuf_output kernel/bpf/ringbuf.c:553 [inline]
 bpf_ringbuf_output+0x67/0x1e0 kernel/bpf/ringbuf.c:543
 bpf_prog_4aaef4562453526c+0x43/0x47
 bpf_dispatcher_nop_func include/linux/bpf.h:1257 [inline]
 __bpf_prog_run include/linux/filter.h:701 [inline]
 bpf_prog_run include/linux/filter.h:708 [inline]
 bpf_prog_run_array include/linux/bpf.h:2123 [inline]
 trace_call_bpf+0x369/0x8a0 kernel/trace/bpf_trace.c:146
 perf_trace_run_bpf_submit+0x82/0x180 kernel/events/core.c:10417
 perf_trace_lock_acquire+0x3c3/0x4f0 include/trace/events/lock.h:24
 trace_lock_acquire include/trace/events/lock.h:24 [inline]
 lock_acquire+0x51b/0x550 kernel/locking/lockdep.c:5793
 rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 rcu_read_lock include/linux/rcupdate.h:849 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2317 [inline]
 bpf_trace_run2+0x219/0x540 kernel/trace/bpf_trace.c:2359
 __traceiter_contention_end+0x7b/0xb0 include/trace/events/lock.h:122
 trace_contention_end+0x114/0x140 include/trace/events/lock.h:122
 __pv_queued_spin_lock_slowpath+0xb7e/0xdb0 kernel/locking/qspinlock.c:557
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x272/0x370 kernel/locking/spinlock_debug.c:116
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xe1/0x120 kernel/locking/spinlock.c:162
 __bpf_ringbuf_reserve+0x1ea/0x600 kernel/bpf/ringbuf.c:427
 ____bpf_ringbuf_reserve kernel/bpf/ringbuf.c:478 [inline]
 bpf_ringbuf_reserve+0x5c/0x70 kernel/bpf/ringbuf.c:470
 bpf_prog_f42551b0fba4abb2+0x2e/0x48
 bpf_dispatcher_nop_func include/linux/bpf.h:1257 [inline]
 __bpf_prog_run include/linux/filter.h:701 [inline]
 bpf_prog_run include/linux/filter.h:708 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2318 [inline]
 bpf_trace_run2+0x2ec/0x540 kernel/trace/bpf_trace.c:2359
 __traceiter_kfree+0x2b/0x50 include/trace/events/kmem.h:94
 trace_kfree include/trace/events/kmem.h:94 [inline]
 kfree+0x35e/0x440 mm/slub.c:4715
 bpf_check+0x1b421/0x1e320 kernel/bpf/verifier.c:22428
 bpf_prog_load+0x1667/0x20f0 kernel/bpf/syscall.c:2846
 __sys_bpf+0x4ee/0x810 kernel/bpf/syscall.c:5634
 __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
 __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5739
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6682fc85a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffefabbb128 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6682fc85a9
RDX: 0000000000000080 RSI: 0000000020000200 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000000a0
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

Crashes (1704):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/06 09:44 bpf bcd28cfd04eb d7906eff .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/09/11 14:06 bpf b831f83e40a2 9326a104 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/05/31 02:02 net 068648aab72c 34889ee3 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/05/10 17:57 bpf 3e9bc0472b91 f7c35481 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/03/08 17:14 bpf df4793505abd cf82cde1 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/26 21:38 bpf-next 87cb58aebdf7 65e8686b .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/24 03:43 bpf-next 1f7c33630724 15fa2979 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/09/12 08:07 bpf-next c229c17a76e9 d94c83d8 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/09/08 09:34 bpf-next 8a3f14bb1e94 9750182a .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/03/08 19:47 bpf-next a27e89673abf cf82cde1 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/19 03:13 upstream 4d939780b705 cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in __bpf_ringbuf_reserve
2024/10/13 08:09 upstream 36c254515dc6 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in __bpf_ringbuf_reserve
2024/09/29 20:58 upstream e7ed34365879 ba29ff75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in __bpf_ringbuf_reserve
2024/08/16 09:38 upstream d7a5aa4b3c00 e4bacdaf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root possible deadlock in __bpf_ringbuf_reserve
2024/07/28 02:37 upstream 3a7e02c040b1 46eb10b7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root possible deadlock in __bpf_ringbuf_reserve
2024/11/17 23:59 upstream f66d6acccbc0 cfe3a04a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/11/08 04:24 upstream 906bd684e4b1 179b040e .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/11/04 14:02 upstream 59b723cd2adb 7bfecfb9 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/11/03 03:04 upstream 11066801dd4b f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/11/02 12:18 upstream 05b92660cdfe f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/10/30 05:11 upstream c1e939a21eb1 66aeb999 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/10/22 19:35 upstream c2ee9f594da8 a573a9f4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/10/11 10:52 upstream 1d227fcc7222 5e7b4bca .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/10/06 05:31 upstream fc20a3e57247 d7906eff .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/10/03 12:18 upstream 7ec462100ef9 d7906eff .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/10/02 19:44 upstream e32cde8d2bd7 83a2f15f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/10/02 08:26 upstream e32cde8d2bd7 ea2b66a6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __bpf_ringbuf_reserve
2024/11/12 23:26 upstream 3022e9d00ebe c819f227 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/11/07 03:36 upstream 7758b206117d df3dc63b .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/11/03 16:21 upstream 3e5e6c9900c3 f00eed24 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/10/30 00:14 upstream e42b1a9a2557 66aeb999 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/10/22 01:40 upstream c2ee9f594da8 a93682b3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/10/20 21:08 upstream db87114dcf13 cd6fc0a3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/10/19 13:30 upstream 3d5ad2d4eca3 cd6fc0a3 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/10/18 09:10 upstream 4d939780b705 666f77ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/10/15 06:16 upstream eca631b8fe80 b01b6661 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/10/09 10:31 upstream 75b607fab38d 56fb2cb7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 possible deadlock in __bpf_ringbuf_reserve
2024/11/16 10:40 bpf 9f8e716d46c6 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/14 23:57 bpf 9f8e716d46c6 77f3eeb7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/10 17:17 bpf fb86c42a2a5d 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/10 11:45 bpf fb86c42a2a5d 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/10 09:30 bpf fb86c42a2a5d 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/05 20:08 bpf 6c52d4da1c74 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/04 02:37 bpf 6c52d4da1c74 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/02 01:45 bpf 6c52d4da1c74 f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/30 12:19 bpf d0b98f6a17a5 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/30 12:18 bpf d0b98f6a17a5 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/26 19:35 bpf ae90f6a6170d 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/13 12:59 bpf b836cbdf3b81 084d8178 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/09/21 03:39 net b5109b60ee4f 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/21 06:20 bpf-next 2c8b09ac2537 4b25d554 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/18 11:23 bpf-next 2c8b09ac2537 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/08 07:05 bpf-next 2ed7316a506c 179b040e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/08 00:12 bpf-next 9a28559932d2 c069283c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/11/05 02:27 bpf-next 9a783139614f 509da429 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/30 06:39 bpf-next 42602e3a06f8 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/26 11:04 bpf-next 87cb58aebdf7 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/26 09:42 bpf-next 87cb58aebdf7 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/24 21:09 bpf-next 39b8ab151968 9fc8fe02 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/07 10:37 bpf-next a5da3d65681f d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/05 17:45 net-next d521db38f339 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/05 16:13 net-next d521db38f339 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/05 13:53 net-next d521db38f339 d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/10/04 13:45 net-next b63c755cb65d d7906eff .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __bpf_ringbuf_reserve
2024/08/17 13:10 linux-next 367b5c3d53e5 dbc93b08 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __bpf_ringbuf_reserve
* Struck through repros no longer work on HEAD.