syzbot


possible deadlock in lock_timer_base

Status: upstream: reported on 2021/01/03 06:59
Subsystems: batman
[Documentation on labels]
Reported-by: syzbot+8983d6d4f7df556be565@syzkaller.appspotmail.com
Fix commit: kfence: fix potential deadlock due to wake_up()
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb]
First crash: 1152d, last: 16d
Discussions (3)
Title Replies (including bot) Last reply
[PATCH mm] kfence: fix potential deadlock due to wake_up() 1 (1) 2021/01/04 13:07
Re: possible deadlock in lock_timer_base 1 (1) 2021/01/04 10:54
possible deadlock in lock_timer_base 0 (1) 2021/01/03 06:59
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in lock_timer_base origin:lts-only syz inconclusive 3 122d 252d 0/3 upstream: reported syz repro on 2023/06/17 18:14
linux-5.15 possible deadlock in lock_timer_base origin:lts-only syz error 3 266d 275d 0/3 upstream: reported syz repro on 2023/05/25 21:57

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0 Not tainted
--------------------------------------------
kworker/u4:5/2437 is trying to acquire lock:
ffff8880b98295d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 kernel/time/timer.c:999

but task is already holding lock:
ffff8880b99295d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 kernel/time/timer.c:999

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&base->lock);
  lock(&base->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

4 locks held by kworker/u4:5/2437:
 #0: ffff888028f5b138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x77e/0x10e0 kernel/workqueue.c:2378
 #1: ffffc9000b86fd20 ((work_completion)(&(&bat_priv->mcast.work)->work)){+.+.}-{0:0}, at: process_one_work+0x7c8/0x10e0 kernel/workqueue.c:2380
 #2: ffff8880b99295d8 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 kernel/time/timer.c:999
 #3: ffffffff8d57b5a0 (fill_pool_map-wait-type-override){+.+.}-{3:3}, at: debug_objects_fill_pool+0x79/0x990 lib/debugobjects.c:591

stack backtrace:
CPU: 1 PID: 2437 Comm: kworker/u4:5 Not tainted 6.4.0-rc5-syzkaller-00016-ga4d7d7011219 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
Workqueue: bat_events batadv_mcast_mla_update
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:3006 [inline]
 check_deadlock kernel/locking/lockdep.c:3049 [inline]
 validate_chain+0x473a/0x58f0 kernel/locking/lockdep.c:3834
 __lock_acquire+0x1316/0x2070 kernel/locking/lockdep.c:5088
 lock_acquire+0x1e3/0x520 kernel/locking/lockdep.c:5705
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 lock_timer_base+0x120/0x260 kernel/time/timer.c:999
 __mod_timer+0x1b8/0xf40 kernel/time/timer.c:1080
 queue_delayed_work_on+0x15a/0x260 kernel/workqueue.c:1710
 free_pages_prepare mm/page_alloc.c:1308 [inline]
 free_unref_page_prepare+0x241/0xa30 mm/page_alloc.c:2564
 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2659
 __stack_depot_save+0x4ef/0x650 lib/stackdepot.c:443
 kasan_save_stack mm/kasan/common.c:46 [inline]
 kasan_set_track+0x61/0x70 mm/kasan/common.c:52
 __kasan_slab_alloc+0x66/0x70 mm/kasan/common.c:328
 kasan_slab_alloc include/linux/kasan.h:186 [inline]
 slab_post_alloc_hook+0x68/0x3a0 mm/slab.h:711
 slab_alloc_node mm/slub.c:3451 [inline]
 slab_alloc mm/slub.c:3459 [inline]
 __kmem_cache_alloc_lru mm/slub.c:3466 [inline]
 kmem_cache_alloc+0x11f/0x2e0 mm/slub.c:3475
 kmem_cache_zalloc include/linux/slab.h:670 [inline]
 fill_pool lib/debugobjects.c:168 [inline]
 debug_objects_fill_pool+0x598/0x990 lib/debugobjects.c:606
 debug_object_activate+0x139/0x8b0 lib/debugobjects.c:704
 debug_timer_activate kernel/time/timer.c:782 [inline]
 __mod_timer+0x938/0xf40 kernel/time/timer.c:1119
 queue_delayed_work_on+0x15a/0x260 kernel/workqueue.c:1710
 queue_delayed_work include/linux/workqueue.h:520 [inline]
 batadv_mcast_start_timer net/batman-adv/multicast.c:71 [inline]
 batadv_mcast_mla_update+0x384c/0x3bb0 net/batman-adv/multicast.c:916
 process_one_work+0x8a0/0x10e0 kernel/workqueue.c:2405
 worker_thread+0xa63/0x1210 kernel/workqueue.c:2552
 kthread+0x2b8/0x350 kernel/kthread.c:379
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
 </TASK>

Crashes (15):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/06 17:55 upstream a4d7d7011219 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs possible deadlock in lock_timer_base
2022/12/12 06:38 upstream 830b3c68c1fb 67be1ae7 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/12/11 21:18 upstream 4cee37b3a4e6 67be1ae7 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/11/30 02:07 upstream 01f856ae6d0c 579a3740 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/11/28 21:55 upstream b7b275e60bcd 950c3e02 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/11/26 22:39 upstream 644e9524388a f4470a7b .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/11/25 21:36 upstream 0b1dcc2cf55a 0d68fcb4 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/11/23 23:26 upstream 4312098baf37 ff68ff8f .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/11/20 22:16 upstream 894909f95aa1 5bb70014 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/11/12 08:44 upstream 8f2975c2bb4c f42ee5d8 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/09/29 22:04 upstream 511cce163b75 d9da3ac6 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/09/28 04:33 upstream 46452d3786a8 75c78242 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2022/09/27 18:59 upstream a1375562c0a8 87840e00 .config console log report info ci-qemu-upstream possible deadlock in lock_timer_base
2024/02/08 18:26 linux-next b1d3a0e70c38 7f07e9b0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in lock_timer_base
2020/12/30 06:55 linux-next d7a03a44a5e9 0fa352f2 .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.