syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

possible deadlock in flush_workqueue (2)

Status: auto-closed as invalid on 2020/04/22 20:54
Reported-by: syzbot+70f9d50f6049ac0fe91e@syzkaller.appspotmail.com
First crash: 1800d, last: 1796d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 possible deadlock in flush_workqueue 1 592d 592d 0/3 auto-obsoleted due to no activity on 2023/08/09 18:38
android-414 possible deadlock in flush_workqueue 1 1839d 1839d 0/1 auto-closed as invalid on 2020/03/10 11:29
linux-5.15 possible deadlock in flush_workqueue (2) origin:lts-only syz inconclusive 51 121d 255d 0/3 auto-obsoleted due to no activity on 2024/10/05 10:09
upstream possible deadlock in flush_workqueue (2) C done done 256 1793d 2226d 15/28 fixed on 2020/01/31 18:49
linux-4.14 possible deadlock in flush_workqueue C done 15 1832d 1925d 1/1 fixed on 2019/12/18 17:48
upstream possible deadlock in flush_workqueue net C 73762 2242d 2284d 11/28 fixed on 2018/10/11 14:33
linux-4.19 possible deadlock in flush_workqueue 3 1853d 1864d 0/1 auto-closed as invalid on 2020/02/25 05:02

Sample crash report:
audit: type=1804 audit(1577220825.981:91): pid=12475 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir339298454/syzkaller.tXTZO2/133/file0" dev="sda1" ino=17011 res=1
block nbd3: Receive control failed (result -107)
block nbd3: shutting down sockets
============================================
WARNING: possible recursive locking detected
4.14.160-syzkaller #0 Not tainted
--------------------------------------------
kworker/u5:0/1179 is trying to acquire lock:
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813ce7fa>] flush_workqueue+0xda/0x1400 kernel/workqueue.c:2619

but task is already holding lock:
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] work_static include/linux/workqueue.h:199 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_data kernel/workqueue.c:619 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock("knbd%d-recv"nbd->index);
  lock("knbd%d-recv"nbd->index);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

3 locks held by kworker/u5:0/1179:
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] work_static include/linux/workqueue.h:199 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_data kernel/workqueue.c:619 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] set_work_pool_and_clear_pending kernel/workqueue.c:646 [inline]
 #0:  ("knbd%d-recv"nbd->index){+.+.}, at: [<ffffffff813d581e>] process_one_work+0x76e/0x1600 kernel/workqueue.c:2085
 #1:  ((&args->work)){+.+.}, at: [<ffffffff813d585b>] process_one_work+0x7ab/0x1600 kernel/workqueue.c:2089
 #2:  (&nbd->config_lock){+.+.}, at: [<ffffffff830a14f1>] refcount_dec_and_mutex_lock lib/refcount.c:312 [inline]
 #2:  (&nbd->config_lock){+.+.}, at: [<ffffffff830a14f1>] refcount_dec_and_mutex_lock+0x41/0x5f lib/refcount.c:307

stack backtrace:
CPU: 0 PID: 1179 Comm: kworker/u5:0 Not tainted 4.14.160-syzkaller #0
kobject: 'loop1' (ffff8880a4046360): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
kobject: 'loop1' (ffff8880a4046360): fill_kobj_path: path = '/devices/virtual/block/loop1'
Workqueue: knbd3-recv recv_work
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_deadlock_bug kernel/locking/lockdep.c:1796 [inline]
 check_deadlock kernel/locking/lockdep.c:1843 [inline]
 validate_chain kernel/locking/lockdep.c:2444 [inline]
 __lock_acquire.cold+0x2bf/0x8dc kernel/locking/lockdep.c:3487
 lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
 flush_workqueue+0x109/0x1400 kernel/workqueue.c:2622
 drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2787
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
 destroy_workqueue+0x75/0x670 kernel/workqueue.c:4100
 nbd_config_put+0x43c/0x7a0 drivers/block/nbd.c:1151
 recv_work+0x18d/0x1f0 drivers/block/nbd.c:730
 process_one_work+0x863/0x1600 kernel/workqueue.c:2114
 worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
 kthread+0x319/0x430 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop1' (ffff8880a4046360): kobject_uevent_env
kobject: 'loop1' (ffff8880a4046360): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop0' (ffff88808a8a17a0): kobject_uevent_env
kobject: 'loop0' (ffff88808a8a17a0): fill_kobj_path: path = '/devices/virtual/block/loop0'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop4' (ffff8880a41815e0): kobject_uevent_env
kobject: 'loop4' (ffff8880a41815e0): fill_kobj_path: path = '/devices/virtual/block/loop4'

Crashes (3):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/24 20:53 linux-4.14.y e1f7d50ae3a3 be5c2c81 .config console log report ci2-linux-4-14
2019/12/20 20:42 linux-4.14.y bfb9e5c03076 34011c05 .config console log report ci2-linux-4-14
2019/12/20 14:05 linux-4.14.y bfb9e5c03076 34011c05 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.