syzbot


possible deadlock in __stack_map_get

Status: upstream: reported C repro on 2024/04/18 20:00
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+dddd99ae26c656485d89@syzkaller.appspotmail.com
First crash: 33d, last: 2d00h
Cause bisection: failed (error log, bisect log)
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [bpf?] possible deadlock in __stack_map_get 2 (5) 2024/04/19 14:12
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 possible deadlock in __stack_map_get origin:upstream C 3 9d00h 35d 0/3 upstream: reported C repro on 2024/04/12 22:39
Last patch testing requests (2)
Created Duration User Patch Repo Result
2024/04/19 11:03 1h35m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git f99c5f563c17 OK log
2024/04/18 23:09 2h20m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git f99c5f563c17 report log

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.9.0-rc5-syzkaller-00185-g3e9bc0472b91 #0 Not tainted
--------------------------------------------
sshd/5075 is trying to acquire lock:
ffff8880241111d8 (&qs->lock){-.-.}-{2:2}, at: __stack_map_get+0x14b/0x4b0 kernel/bpf/queue_stack_maps.c:140

but task is already holding lock:
ffff8880237681d8 (&qs->lock){-.-.}-{2:2}, at: __stack_map_get+0x14b/0x4b0 kernel/bpf/queue_stack_maps.c:140

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&qs->lock);
  lock(&qs->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

4 locks held by sshd/5075:
 #0: ffff88807a82dc68 (&pipe->mutex){+.+.}-{3:3}, at: pipe_read+0x12a/0x13e0 fs/pipe.c:264
 #1: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #1: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #1: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
 #1: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420
 #2: ffff8880237681d8 (&qs->lock){-.-.}-{2:2}, at: __stack_map_get+0x14b/0x4b0 kernel/bpf/queue_stack_maps.c:140
 #3: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]
 #3: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:781 [inline]
 #3: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2380 [inline]
 #3: ffffffff8e334d20 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x114/0x420 kernel/trace/bpf_trace.c:2420

stack backtrace:
CPU: 1 PID: 5075 Comm: sshd Not tainted 6.9.0-rc5-syzkaller-00185-g3e9bc0472b91 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 check_deadlock kernel/locking/lockdep.c:3062 [inline]
 validate_chain+0x15c1/0x58e0 kernel/locking/lockdep.c:3856
 __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
 __stack_map_get+0x14b/0x4b0 kernel/bpf/queue_stack_maps.c:140
 bpf_prog_00798911c748094f+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420
 __traceiter_contention_end+0x7b/0xb0 include/trace/events/lock.h:122
 trace_contention_end+0x114/0x140 include/trace/events/lock.h:122
 __pv_queued_spin_lock_slowpath+0x939/0xc60 kernel/locking/qspinlock.c:560
 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:584 [inline]
 queued_spin_lock_slowpath+0x42/0x50 arch/x86/include/asm/qspinlock.h:51
 queued_spin_lock include/asm-generic/qspinlock.h:114 [inline]
 do_raw_spin_lock+0x272/0x370 kernel/locking/spinlock_debug.c:116
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline]
 _raw_spin_lock_irqsave+0xe1/0x120 kernel/locking/spinlock.c:162
 __stack_map_get+0x14b/0x4b0 kernel/bpf/queue_stack_maps.c:140
 bpf_prog_00798911c748094f+0x42/0x46
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run2+0x204/0x420 kernel/trace/bpf_trace.c:2420
 __traceiter_contention_end+0x7b/0xb0 include/trace/events/lock.h:122
 trace_contention_end+0xf5/0x120 include/trace/events/lock.h:122
 __mutex_lock_common kernel/locking/mutex.c:617 [inline]
 __mutex_lock+0x2e5/0xd70 kernel/locking/mutex.c:752
 pipe_read+0x12a/0x13e0 fs/pipe.c:264
 call_read_iter include/linux/fs.h:2104 [inline]
 new_sync_read fs/read_write.c:395 [inline]
 vfs_read+0x97b/0xb70 fs/read_write.c:476
 ksys_read+0x1a0/0x2c0 fs/read_write.c:619
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f36c58d8b6a
Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007ffc372dcf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f36c58d8b6a
RDX: 0000000000004000 RSI: 00007ffc372dcf38 RDI: 0000000000000009
RBP: 000055dc90c4d3f0 R08: 0000000000000000 R09: 0000000000000000
R10: 00007ffc372dcf38 R11: 0000000000000246 R12: 000055dc90c453f0
R13: 000055dc7f7b4937 R14: 000055dc7f7b7480 R15: 000055dc90c453f0
 </TASK>

Crashes (19):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/11 05:05 bpf 3e9bc0472b91 9026e142 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __stack_map_get
2024/04/15 11:26 net f99c5f563c17 c8349e48 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in __stack_map_get
2024/04/14 19:51 bpf 443574b03387 c8349e48 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __stack_map_get
2024/05/14 18:22 net-next 5c1672705a1a fdb4c10c .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-net-kasan-gce possible deadlock in __stack_map_get
2024/04/25 10:15 upstream e88c4cfcb7b8 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root possible deadlock in __stack_map_get
2024/04/25 03:19 upstream e88c4cfcb7b8 8bdc0f22 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root possible deadlock in __stack_map_get
2024/05/04 04:00 bpf 3e9bc0472b91 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __stack_map_get
2024/04/27 23:21 net b2ff42c6d3ab 07b455f9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-net-this-kasan-gce possible deadlock in __stack_map_get
2024/04/20 11:09 bpf 443574b03387 af24b050 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-kasan-gce possible deadlock in __stack_map_get
2024/05/16 04:09 bpf-next 5c1672705a1a ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/15 01:35 bpf-next 5c1672705a1a fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/14 18:32 bpf-next 5c1672705a1a fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/14 16:13 bpf-next 5c1672705a1a fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/13 15:08 bpf-next ba39486d2c43 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/13 01:30 bpf-next 20a759df3bba 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/11 05:05 bpf-next fcd1ed89a043 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/10 14:34 bpf-next fcd1ed89a043 f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/09 16:36 bpf-next 009367099eb6 de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-bpf-next-kasan-gce possible deadlock in __stack_map_get
2024/05/15 21:18 linux-next 82d92a9a1b9e 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root possible deadlock in __stack_map_get
* Struck through repros no longer work on HEAD.