syzbot


possible deadlock in __queue_map_get

Status: upstream: reported C repro on 2024/04/13 05:14
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+8bdfc2c53fb2b63e1871@syzkaller.appspotmail.com
First crash: 42d, last: 3h52m
Cause bisection: failed (error log, bisect log)
  
Discussions (4)
Title Replies (including bot) Last reply
[PATCH v3 bpf-next 1/2] bpf: Patch to Fix deadlocks in queue and stack maps 7 (7) 2024/05/17 03:32
[PATCH v2 bpf-next 1/2] bpf: Patch to Fix deadlocks in queue and stack maps 1 (1) 2024/05/14 12:23
[PATCH bpf-next 1/2] Patch to Fix deadlocks in queue and stack maps 4 (4) 2024/05/04 12:22
[syzbot] [bpf?] possible deadlock in __queue_map_get 0 (1) 2024/04/13 05:14
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in __queue_map_get origin:upstream C 7 8d05h 43d 0/3 upstream: reported C repro on 2024/04/08 00:56

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.8.0-syzkaller-05236-g443574b03387 #0 Not tainted
--------------------------------------------
syz-executor699/5148 is trying to acquire lock:
ffff88807c5901d8 (&qs->lock){-.-.}-{2:2}, at: __queue_map_get+0x14b/0x4d0 kernel/bpf/queue_stack_maps.c:105

but task is already holding lock:
ffff88801cb701d8 (&qs->lock){-.-.}-{2:2}, at: __queue_map_get+0x14b/0x4d0 kernel/bpf/queue_stack_maps.c:105

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&qs->lock);
  lock(&qs->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

4 locks held by syz-executor699/5148:
 #0: ffff88806fd84fe8 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_cleanup_begin kernel/futex/core.c:1091 [inline]
 #0: ffff88806fd84fe8 (&tsk->futex_exit_mutex){+.+.}-{3:3}, at: futex_exit_release+0x34/0x1f0 kernel/futex/core.c:1143
 #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
 #1: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420
 #2: ffff88801cb701d8 (&qs->lock){-.-.}-{2:2}, at: __queue_map_get+0x14b/0x4d0 kernel/bpf/queue_stack_maps.c:105
 #3: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline]
 #3: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline]
 #3: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
 #3: ffffffff8e131920 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420

stack backtrace:
CPU: 0 PID: 5148 Comm: syz-executor699 Not tainted 6.8.0-syzkaller-05236-g443574b03387 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
 check_deadlock kernel/locking/lockdep.c:3062 [inline]
 validate_chain+0x15c1/0x58e0 kernel/locking/lockdep.c:3856
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1e4/0x530 kernel/locking/lockdep.c:5754
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 __queue_map_get+0x14b/0x4d0 kernel/bpf/queue_stack_maps.c:105
 bpf_prog_00798911c748094f+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420
 __traceiter_contention_end+0x7b/0xb0 include/trace/events/lock.h:122
 trace_contention_end+0xf6/0x120 include/trace/events/lock.h:122
 __pv_queued_spin_lock_slowpath+0x939/0xc60 kernel/locking/qspinlock.c:560
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x272/0x370 kernel/locking/spinlock_debug.c:116
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xe1/0x120 kernel/locking/spinlock.c:162
 __queue_map_get+0x14b/0x4d0 kernel/bpf/queue_stack_maps.c:105
 bpf_prog_00798911c748094f+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420
 __traceiter_contention_end+0x7b/0xb0 include/trace/events/lock.h:122
 trace_contention_end+0xd7/0x100 include/trace/events/lock.h:122
 __mutex_lock_common kernel/locking/mutex.c:617 [inline]
 __mutex_lock+0x2e5/0xd70 kernel/locking/mutex.c:752
 futex_cleanup_begin kernel/futex/core.c:1091 [inline]
 futex_exit_release+0x34/0x1f0 kernel/futex/core.c:1143
 exit_mm_release+0x1a/0x30 kernel/fork.c:1652
 exit_mm+0xb0/0x310 kernel/exit.c:542
 do_exit+0x99e/0x27e0 kernel/exit.c:865
 do_group_exit+0x207/0x2c0 kernel/exit.c:1027
 __do_sys_exit_group kernel/exit.c:1038 [inline]
 __se_sys_exit_group kernel/exit.c:1036 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f479a031f79
Code: 90 49 c7 c0 b8 ff ff ff be e7 00 00 00 ba 3c 00 00 00 eb 12 0f 1f 44 00 00 89 d0 0f 05 48 3d 00 f0 ff ff 77 1c f4 89 f0 0f 05 <48> 3d 00 f0 ff ff 76 e7 f7 d8 64 41 89 00 eb df 0f 1f 80 00 00 00
RSP: 002b:00007ffe8d52ae18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f479a031f79
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000
RBP: 00007f479a0ad2b0 R08: ffffffffffffffb8 R09: 00000000000000a0
R10: 00000000000000a0 R11: 0000000000000246 R12: 00007f479a0ad2b0
R13: 0000000000000000 R14: 00007f479a0add20 R15: 00007f479a003100
 </TASK>

Crashes (98):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/15 22:30 bpf 443574b03387 0d592ce4 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/09 05:34 net f99c5f563c17 53df08b6 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in __queue_map_get
2024/05/18 11:44 net-next 4b377b4868ef c0f1611a .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __queue_map_get
2024/05/11 15:41 net-next b9d5f5711dd8 9026e142 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __queue_map_get
2024/05/08 20:29 bpf-next e612b5c1d3ee 4cf3f9b3 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __queue_map_get
2024/05/05 00:30 bpf-next a9e7715ce8b3 610f2a54 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __queue_map_get
2024/04/11 21:54 bpf 443574b03387 478efa7f .config console log report syz [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/05/17 11:21 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in __queue_map_get
2024/05/12 03:59 upstream cf87f46fd34d 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in __queue_map_get
2024/04/25 02:14 upstream e88c4cfcb7b8 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in __queue_map_get
2024/05/18 08:56 upstream 4b377b4868ef c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __queue_map_get
2024/05/17 18:42 upstream ff2632d7d08e c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __queue_map_get
2024/05/01 21:37 upstream 0106679839f7 3ba885bc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream possible deadlock in __queue_map_get
2024/05/07 20:25 bpf 3e9bc0472b91 cb2dcc0e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/30 23:54 bpf 3e9bc0472b91 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/30 20:39 bpf 3e9bc0472b91 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/30 18:53 bpf b867247555c4 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/30 15:24 bpf b867247555c4 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/30 15:24 bpf b867247555c4 9e0e6af1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/30 09:12 bpf b867247555c4 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/30 09:12 bpf b867247555c4 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/29 16:21 bpf b867247555c4 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/29 07:39 bpf b2ff42c6d3ab 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/29 05:07 bpf b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/28 22:21 bpf b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/27 05:06 bpf b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/27 05:06 bpf b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/27 05:06 bpf b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/27 04:10 bpf b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/27 04:10 bpf b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/26 09:18 bpf 443574b03387 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/25 20:20 bpf 443574b03387 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/25 12:22 bpf 443574b03387 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/25 08:23 bpf 443574b03387 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/24 18:40 bpf 443574b03387 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/24 18:40 bpf 443574b03387 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/22 21:56 bpf 443574b03387 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/22 21:56 bpf 443574b03387 21339d7b .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/22 14:49 bpf 443574b03387 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/22 11:29 bpf 443574b03387 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/22 09:34 bpf 443574b03387 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/21 16:22 bpf 443574b03387 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/21 06:15 bpf 443574b03387 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __queue_map_get
2024/04/09 05:10 net f99c5f563c17 53df08b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in __queue_map_get
2024/05/09 01:28 net-next 252aa6d53931 20bf80e1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __queue_map_get
2024/05/02 13:51 bpf-next ac2f438c2a85 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __queue_map_get
2024/05/21 16:13 linux-next 124cfbcd6d18 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/21 03:59 linux-next 124cfbcd6d18 c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/20 04:55 linux-next 632483ea8004 c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/20 04:55 linux-next 632483ea8004 c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/18 03:21 linux-next c75962170e49 c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/18 01:20 linux-next c75962170e49 c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/17 13:07 linux-next c75962170e49 a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/17 11:48 linux-next c75962170e49 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
2024/05/03 14:44 linux-next 9221b2819b8a 375d4445 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __queue_map_get
* Struck through repros no longer work on HEAD.