bisecting fixing commit since 54b4fa6d39551639cb10664f6ac78b01993a1d7e building syzkaller on 05736b290dd5af17adbb0fb5ea67405a0167a7c8 testing commit 54b4fa6d39551639cb10664f6ac78b01993a1d7e with gcc (GCC) 8.1.0 kernel signature: 3ac037af736884618e6453dd9748c5dad494bffd938e2ab7d1c2b9d68d57aa3e all runs: crashed: possible deadlock in blocking_notifier_call_chain testing current HEAD 17a87580a8856170d59aab302226811a4ae69149 testing commit 17a87580a8856170d59aab302226811a4ae69149 with gcc (GCC) 8.1.0 kernel signature: a6e600358d596a0ac8d0cba00adc3ac6f1eee3cbf3e2fc838c6128359beb9993 all runs: crashed: possible deadlock in blocking_notifier_call_chain revisions tested: 2, total time: 26m57.349067574s (build: 18m34.780837352s, test: 7m8.348368227s) the crash still happens on HEAD commit msg: Linux 4.19.133 crash: possible deadlock in blocking_notifier_call_chain batman_adv: batadv0: Interface activated: batadv_slave_1 IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready ============================================ WARNING: possible recursive locking detected 4.19.133-syzkaller #0 Not tainted -------------------------------------------- syz-executor.3/7934 is trying to acquire lock: 00000000a3ee3fe4 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 00000000a3ee3fe4 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:328 but task is already holding lock: 00000000a3ee3fe4 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] 00000000a3ee3fe4 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:328 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock((fb_notifier_list).rwsem); lock((fb_notifier_list).rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by syz-executor.3/7934: #0: 000000007758d655 (console_lock){+.+.}, at: do_fb_ioctl+0x512/0x860 drivers/video/fbdev/core/fbmem.c:1200 #1: 00000000fbf13486 (&fb_info->lock){+.+.}, at: lock_fb_info+0x18/0x60 drivers/video/fbdev/core/fbmem.c:81 #2: 00000000a3ee3fe4 ((fb_notifier_list).rwsem){++++}, at: __blocking_notifier_call_chain kernel/notifier.c:316 [inline] #2: 00000000a3ee3fe4 ((fb_notifier_list).rwsem){++++}, at: blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:328 stack backtrace: CPU: 1 PID: 7934 Comm: syz-executor.3 Not tainted 4.19.133-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x123/0x177 lib/dump_stack.c:118 print_deadlock_bug kernel/locking/lockdep.c:1763 [inline] check_deadlock kernel/locking/lockdep.c:1807 [inline] validate_chain kernel/locking/lockdep.c:2403 [inline] __lock_acquire.cold.62+0x259/0x57a kernel/locking/lockdep.c:3415 lock_acquire+0x173/0x3d0 kernel/locking/lockdep.c:3907 down_read+0x3b/0xb0 kernel/locking/rwsem.c:24 __blocking_notifier_call_chain kernel/notifier.c:316 [inline] blocking_notifier_call_chain+0x53/0xa0 kernel/notifier.c:328 fb_notifier_call_chain+0x16/0x20 drivers/video/fbdev/core/fb_notify.c:45 fb_set_var+0xb0c/0xfb0 drivers/video/fbdev/core/fbmem.c:1042 fbcon_switch+0x483/0x1910 drivers/video/fbdev/core/fbcon.c:2257 redraw_screen+0x311/0x820 drivers/tty/vt/vt.c:1015 fbcon_blank+0x89b/0xe80 drivers/video/fbdev/core/fbcon.c:2395 do_unblank_screen+0x1ea/0x520 drivers/tty/vt/vt.c:4268 fbcon_fb_blanked drivers/video/fbdev/core/fbcon.c:3259 [inline] fbcon_event_notify+0x15b1/0x1c66 drivers/video/fbdev/core/fbcon.c:3377 notifier_call_chain+0x8a/0x160 kernel/notifier.c:93 __blocking_notifier_call_chain kernel/notifier.c:317 [inline] blocking_notifier_call_chain+0x6b/0xa0 kernel/notifier.c:328 fb_notifier_call_chain+0x16/0x20 drivers/video/fbdev/core/fb_notify.c:45 fb_blank+0x171/0x1c0 drivers/video/fbdev/core/fbmem.c:1070 do_fb_ioctl+0x557/0x860 drivers/video/fbdev/core/fbmem.c:1206 fb_ioctl+0xcb/0x150 drivers/video/fbdev/core/fbmem.c:1230 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:501 [inline] do_vfs_ioctl+0x196/0x10c0 fs/ioctl.c:688 ksys_ioctl+0x62/0x90 fs/ioctl.c:705 __do_sys_ioctl fs/ioctl.c:712 [inline] __se_sys_ioctl fs/ioctl.c:710 [inline] __x64_sys_ioctl+0x6e/0xb0 fs/ioctl.c:710 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c8c9 Code: 2d b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f2a9ad8cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f2a9ad8d6d4 RCX: 000000000045c8c9 RDX: 0000000000000000 RSI: 0000000000004611 RDI: 0000000000000004 RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000002e6 R14: 00000000004c544e R15: 000000000076bfac