syzbot


possible deadlock in p9_req_put

Status: upstream: reported C repro on 2022/08/08 07:35
Reported-by: syzbot+50f7e8d06c3768dd97f3@syzkaller.appspotmail.com
Fix commit: 9p: trans_fd/p9_conn_cancel: drop client lock earlier
Patched on: [ci-upstream-linux-next-kasan-gce-root], missing on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb]
First crash: 53d, last: now

Cause bisection: introduced by (bisect log) :
commit 54283409cd162fc60480df514924ed4cb313735e
Author: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Date: Tue Jun 14 14:20:04 2022 +0000

  wifi: mac80211: Consider MLO links in offchannel logic

Crash: SYZFATAL: executor failed NUM times: executor NUM: failed to write control pipe: write |NUM: broken pipe (log)
Repro: C syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2022/08/09 10:53 18m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git ca688bff68bc OK log

Sample crash report:
============================================
WARNING: possible recursive locking detected
6.0.0-rc5-syzkaller-00094-ga335366bad13 #0 Not tainted
--------------------------------------------
kworker/2:1/38 is trying to acquire lock:
ffff88801e709c18 (&clnt->lock){+.+.}-{2:2}, at: p9_tag_remove net/9p/client.c:367 [inline]
ffff88801e709c18 (&clnt->lock){+.+.}-{2:2}, at: p9_req_put net/9p/client.c:375 [inline]
ffff88801e709c18 (&clnt->lock){+.+.}-{2:2}, at: p9_req_put+0xc6/0x250 net/9p/client.c:372

but task is already holding lock:
ffff88801e709c18 (&clnt->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
ffff88801e709c18 (&clnt->lock){+.+.}-{2:2}, at: p9_conn_cancel+0xaa/0x970 net/9p/trans_fd.c:192

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&clnt->lock);
  lock(&clnt->lock);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by kworker/2:1/38:
 #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline]
 #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline]
 #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1280 [inline]
 #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:636 [inline]
 #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:663 [inline]
 #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 kernel/workqueue.c:2260
 #1: ffffc90000827da8 ((work_completion)(&m->rq)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 kernel/workqueue.c:2264
 #2: ffff88801e709c18 (&clnt->lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:349 [inline]
 #2: ffff88801e709c18 (&clnt->lock){+.+.}-{2:2}, at: p9_conn_cancel+0xaa/0x970 net/9p/trans_fd.c:192

stack backtrace:
CPU: 2 PID: 38 Comm: kworker/2:1 Not tainted 6.0.0-rc5-syzkaller-00094-ga335366bad13 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Workqueue: events p9_read_work
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_deadlock_bug kernel/locking/lockdep.c:2988 [inline]
 check_deadlock kernel/locking/lockdep.c:3031 [inline]
 validate_chain kernel/locking/lockdep.c:3816 [inline]
 __lock_acquire.cold+0x116/0x3a7 kernel/locking/lockdep.c:5053
 lock_acquire kernel/locking/lockdep.c:5666 [inline]
 lock_acquire+0x1ab/0x570 kernel/locking/lockdep.c:5631
 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
 _raw_spin_lock_irqsave+0x39/0x50 kernel/locking/spinlock.c:162
 p9_tag_remove net/9p/client.c:367 [inline]
 p9_req_put net/9p/client.c:375 [inline]
 p9_req_put+0xc6/0x250 net/9p/client.c:372
 p9_conn_cancel+0x640/0x970 net/9p/trans_fd.c:213
 p9_read_work+0x514/0x10c0 net/9p/trans_fd.c:403
 process_one_work+0x991/0x1610 kernel/workqueue.c:2289
 worker_thread+0x665/0x1080 kernel/workqueue.c:2436
 kthread+0x2e4/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
 </TASK>

Crashes (2427):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu-upstream 2022/09/18 03:48 upstream a335366bad13 dd9a85ff .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/09/13 15:21 upstream e839a756012b a08652b0 .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/10 15:27 upstream ce888220d5c7 356d8217 .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/09/10 01:08 upstream 9b4509495418 356d8217 .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/08/17 20:37 upstream 7ebfc85e2cd7 4e72d229 .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/08/17 15:01 upstream 7ebfc85e2cd7 4e72d229 .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/08/15 16:16 upstream 7ebfc85e2cd7 8dfcaa3d .config log report syz C possible deadlock in p9_req_put
ci-qemu-upstream 2022/08/15 13:14 upstream 568035b01cfb 8dfcaa3d .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/08/15 07:29 upstream 7ebfc85e2cd7 8dfcaa3d .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/08/15 04:45 upstream 7ebfc85e2cd7 8dfcaa3d .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/08/12 21:53 upstream 7ebfc85e2cd7 402cd70d .config log report syz C possible deadlock in p9_req_put
ci-upstream-linux-next-kasan-gce-root 2022/08/08 14:13 linux-next ca688bff68bc 88e3a122 .config log report syz C possible deadlock in p9_req_put
ci-upstream-gce-arm64 2022/09/15 01:58 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a6b443748715 b884348d .config log report syz C possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/08/28 18:34 upstream 10d4879f9ef0 07177916 .config log report syz possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/08/28 03:07 upstream e022620b5d05 07177916 .config log report syz possible deadlock in p9_req_put
ci-upstream-linux-next-kasan-gce-root 2022/08/22 22:14 linux-next 8755ae45a9e8 26a13b38 .config log report syz possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/30 08:18 upstream 987a926c1d8a 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/30 07:10 upstream 987a926c1d8a 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/30 06:08 upstream 987a926c1d8a 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/09/29 23:05 upstream 987a926c1d8a 1d385642 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/29 21:46 upstream 511cce163b75 d9da3ac6 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/09/29 16:23 upstream c3e0e1e23c70 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/29 12:48 upstream c3e0e1e23c70 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/09/29 08:37 upstream c3e0e1e23c70 e2556bc3 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/09/29 07:23 upstream c3e0e1e23c70 e2556bc3 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/29 06:30 upstream c3e0e1e23c70 e2556bc3 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/09/29 03:28 upstream c3e0e1e23c70 e2556bc3 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/28 21:50 upstream 49c13ed0316d e2556bc3 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/28 18:55 upstream 49c13ed0316d e2556bc3 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/28 17:09 upstream 49c13ed0316d e2556bc3 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/28 15:39 upstream 49c13ed0316d e2556bc3 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/09/28 07:31 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/28 04:49 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/28 03:03 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/28 01:49 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/28 00:40 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/28 00:33 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/27 23:11 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/27 17:53 upstream a1375562c0a8 87840e00 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/27 15:49 upstream a1375562c0a8 87840e00 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/09/27 14:20 upstream a1375562c0a8 87840e00 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/27 13:16 upstream a1375562c0a8 87840e00 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-selinux-root 2022/09/27 12:05 upstream a1375562c0a8 87840e00 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream 2022/09/27 11:04 upstream a1375562c0a8 87840e00 .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-smack-root 2022/09/27 04:18 upstream 3800a713b607 10323ddf .config log report info possible deadlock in p9_req_put
ci-upstream-kasan-gce-root 2022/09/27 03:19 upstream 3800a713b607 10323ddf .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/30 05:58 upstream 987a926c1d8a 45fd7169 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/30 01:36 upstream 987a926c1d8a 45fd7169 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/30 00:13 upstream 987a926c1d8a 45fd7169 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/29 13:07 upstream c3e0e1e23c70 d9da3ac6 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/29 11:40 upstream c3e0e1e23c70 d9da3ac6 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/29 02:22 upstream c3e0e1e23c70 a41a2080 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/29 00:45 upstream c3e0e1e23c70 a41a2080 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/28 14:24 upstream 49c13ed0316d e2556bc3 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/28 12:50 upstream 49c13ed0316d e2556bc3 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/28 09:29 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/28 05:41 upstream 46452d3786a8 75c78242 .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/27 08:32 upstream 3800a713b607 10323ddf .config log report info possible deadlock in p9_req_put
ci-qemu-upstream-386 2022/09/27 05:55 upstream 3800a713b607 10323ddf .config log report info possible deadlock in p9_req_put
ci-upstream-linux-next-kasan-gce-root 2022/08/08 07:06 linux-next ca688bff68bc 88e3a122 .config log report info possible deadlock in p9_req_put
ci-upstream-linux-next-kasan-gce-root 2022/08/08 05:38 linux-next ca688bff68bc 88e3a122 .config log report info possible deadlock in p9_req_put
ci-upstream-gce-arm64 2022/09/29 19:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5911b92626df 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-gce-arm64 2022/09/29 18:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 5911b92626df 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-gce-arm64 2022/09/29 17:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-gce-arm64 2022/09/29 09:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 1d385642 .config log report info possible deadlock in p9_req_put
ci-upstream-gce-arm64 2022/09/28 11:23 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 e2556bc3 .config log report info possible deadlock in p9_req_put
ci-upstream-gce-arm64 2022/09/27 22:00 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 87840e00 .config log report info possible deadlock in p9_req_put
* Struck through repros no longer work on HEAD.