syzbot


possible deadlock in vhost_chr_write_iter

Status: fixed on 2018/01/29 03:39
Subsystems: kvm net virt
[Documentation on labels]
Reported-by: syzbot+dbb7c1161485e61b0241@syzkaller.appspotmail.com
Fix commit: e9cb4239134c vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
First crash: 2511d, last: 2505d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH 4.9 000/145] 4.9.84-stable review 153 (153) 2018/04/06 15:55
[PATCH 4.14 000/159] 4.14.22-stable review 164 (164) 2018/02/24 17:57
[PATCH net 1/2] vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() 7 (7) 2018/01/24 21:55
possible deadlock in vhost_chr_write_iter 0 (1) 2018/01/22 19:58

Sample crash report:
============================================
WARNING: possible recursive locking detected
4.15.0-rc8+ #269 Not tainted
--------------------------------------------
syzkaller382504/3658 is trying to acquire lock:
 (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline]
 (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline]
 (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046

but task is already holding lock:
 (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline]
 (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline]
 (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&vq->mutex);
  lock(&vq->mutex);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

1 lock held by syzkaller382504/3658:
 #0:  (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline]
 #0:  (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline]
 #0:  (&vq->mutex){+.+.}, at: [<00000000857a331f>] vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046

stack backtrace:
CPU: 0 PID: 3658 Comm: syzkaller382504 Not tainted 4.15.0-rc8+ #269
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 print_deadlock_bug kernel/locking/lockdep.c:1756 [inline]
 check_deadlock kernel/locking/lockdep.c:1800 [inline]
 validate_chain kernel/locking/lockdep.c:2396 [inline]
 __lock_acquire+0xe8f/0x3e00 kernel/locking/lockdep.c:3426
 lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3914
 __mutex_lock_common kernel/locking/mutex.c:756 [inline]
 __mutex_lock+0x16f/0x1a80 kernel/locking/mutex.c:893
 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
 vhost_dev_lock_vqs drivers/vhost/vhost.c:907 [inline]
 vhost_process_iotlb_msg drivers/vhost/vhost.c:997 [inline]
 vhost_chr_write_iter+0x278/0x1580 drivers/vhost/vhost.c:1046
 vhost_net_chr_write_iter+0x59/0x70 drivers/vhost/net.c:1353
 call_write_iter include/linux/fs.h:1772 [inline]
 new_sync_write fs/read_write.c:469 [inline]
 __vfs_write+0x684/0x970 fs/read_write.c:482
 vfs_write+0x189/0x510 fs/read_write.c:544
 SYSC_write fs/read_write.c:589 [inline]
 SyS_write+0xef/0x220 fs/read_write.c:581
 entr

Crashes (25952):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/01/19 22:42 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce
2018/01/19 22:31 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce
2018/01/19 22:07 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce
2018/01/19 21:02 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce
2018/01/19 23:14 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/19 23:02 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/19 22:38 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/19 20:58 upstream ec835f8104a2 fbbdcd92 .config console log report syz C ci-upstream-kasan-gce-386
2018/01/20 04:30 linux-next 761914dd2975 fbbdcd92 .config console log report syz C ci-upstream-next-kasan-gce
2018/01/20 04:20 linux-next 761914dd2975 fbbdcd92 .config console log report syz C ci-upstream-next-kasan-gce
2018/01/20 03:56 linux-next 761914dd2975 fbbdcd92 .config console log report syz C ci-upstream-next-kasan-gce
2018/01/19 23:40 mmots 216435561218 fbbdcd92 .config console log report syz C ci-upstream-mmots-kasan-gce
2018/01/19 23:29 mmots 216435561218 fbbdcd92 .config console log report syz C ci-upstream-mmots-kasan-gce
2018/01/19 23:18 mmots 216435561218 fbbdcd92 .config console log report syz C ci-upstream-mmots-kasan-gce
2018/01/19 21:04 linux-next 761914dd2975 fbbdcd92 .config console log report syz C ci-upstream-next-kasan-gce
2018/01/19 20:41 mmots 216435561218 fbbdcd92 .config console log report syz C ci-upstream-mmots-kasan-gce
2018/01/20 05:41 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:41 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:40 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:40 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:39 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:38 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:38 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:38 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:38 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:38 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:36 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:36 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:35 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:35 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:34 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:34 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:32 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:31 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:31 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:31 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:30 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:30 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:30 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:29 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:29 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:28 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:27 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:27 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:27 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:25 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:25 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:24 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:24 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:23 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:23 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:22 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:22 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:21 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:21 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
2018/01/20 05:19 upstream ec835f8104a2 fbbdcd92 .config console log report ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.