Re: [syzbot] possible deadlock in vmci_qp_broker_detach

From: Pavel Skripkin
Date: Wed Jun 30 2021 - 17:36:28 EST

Next message: Abd-Alrhman Masalkhi: "[PATCH] block: Removed a warning while compiling with a cross compiler for parisc"
Previous message: Steven Rostedt: "Re: [PATCH 2/2] tracing: Resize tgid_map to PID_MAX_LIMIT, not PID_MAX_DEFAULT"
In reply to: syzbot: "Re: [syzbot] possible deadlock in vmci_qp_broker_detach"
Next in thread: syzbot: "Re: [syzbot] possible deadlock in vmci_qp_broker_detach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 30 Jun 2021 10:21:26 -0700
syzbot <syzbot+44e40ac2cfe68e8ce207@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: a1f92694 Add linux-next specific files for 20210518
> git tree: linux-next
> console output:
> https://syzkaller.appspot.com/x/log.txt?x=14cf5118300000 kernel
> config: https://syzkaller.appspot.com/x/.config?x=d612e75ffd53a6d3
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=44e40ac2cfe68e8ce207 syz
> repro:
> https://syzkaller.appspot.com/x/repro.syz?x=15dae18c300000 C
> reproducer: https://syzkaller.appspot.com/x/repro.c?x=14c680e2300000
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit: Reported-by:
> syzbot+44e40ac2cfe68e8ce207@xxxxxxxxxxxxxxxxxxxxxxxxx
>
> ============================================
> WARNING: possible recursive locking detected
> 5.13.0-rc2-next-20210518-syzkaller #0 Not tainted
> --------------------------------------------
> syz-executor723/9333 is trying to acquire lock:
> ffffffff8cc8b5f8 (qp_broker_list.mutex){+.+.}-{3:3}, at:
> vmci_qp_broker_detach+0x147/0x11b0
> drivers/misc/vmw_vmci/vmci_queue_pair.c:2093
>
> but task is already holding lock:
> ffffffff8cc8b5f8 (qp_broker_list.mutex){+.+.}-{3:3}, at:
> vmci_qp_broker_detach+0x147/0x11b0
> drivers/misc/vmw_vmci/vmci_queue_pair.c:2093
>
> other info that might help us debug this:
> Possible unsafe locking scenario:
>
> CPU0
> ----
> lock(qp_broker_list.mutex);
> lock(qp_broker_list.mutex);
>
> *** DEADLOCK ***
>
> May be due to missing lock nesting notation
>
> 1 lock held by syz-executor723/9333:
> #0: ffffffff8cc8b5f8 (qp_broker_list.mutex){+.+.}-{3:3}, at:
> vmci_qp_broker_detach+0x147/0x11b0
> drivers/misc/vmw_vmci/vmci_queue_pair.c:2093

Very ugly patch just to test the idea:

vmci_ctx_put() in vmci_ctx_enqueue_datagram() should not be the last
vmci_ctx_put() in context life, so we need to block vmci_ctx_destroy() until
vmci_ctx_enqueue_datagram() is done.

#syz test
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

With regards,
Pavel Skripkin

Next message: Abd-Alrhman Masalkhi: "[PATCH] block: Removed a warning while compiling with a cross compiler for parisc"
Previous message: Steven Rostedt: "Re: [PATCH 2/2] tracing: Resize tgid_map to PID_MAX_LIMIT, not PID_MAX_DEFAULT"
In reply to: syzbot: "Re: [syzbot] possible deadlock in vmci_qp_broker_detach"
Next in thread: syzbot: "Re: [syzbot] possible deadlock in vmci_qp_broker_detach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]