Received: by 2002:ab2:7a55:0:b0:1f4:4a7d:290d with SMTP id u21csp316217lqp; Thu, 4 Apr 2024 14:14:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUG1pjLr/vdzfXU3xeRN6mqOExtd4FW6jtpVpN9zZi8vfMDU7XUjjh74SM0OYfn+IsvaUWIY03NlUS/02KAMYRKogilEE1LR55zZtU6tw== X-Google-Smtp-Source: AGHT+IEP/j6HITj8cEpI/FoAmwJulkt4EVLstiaK/SREttesKz1UI2QOX8XcpN4PfFdSJds78PTE X-Received: by 2002:a05:622a:5b96:b0:434:3e4e:8dac with SMTP id ec22-20020a05622a5b9600b004343e4e8dacmr1364554qtb.8.1712265248267; Thu, 04 Apr 2024 14:14:08 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712265248; cv=pass; d=google.com; s=arc-20160816; b=imWwIuiqFFGtrLA+qfTuCCDsk4io69jwOKlmyUhv1F8Lv+vt3DTDt9qMzDH+PUMU4o H5vMuZra694Erzhp1Arp3PiBcZezYhmKTlTdnqhLgwskMwDWuqHh6cjGGyzhXdxftrw/ BAGDHaT79MZbJxV6AsZTdMTym/AGtKJOSLbW9tDZ9AHzlYiLFWmIkUOlXxESysV5YRvQ 4hbdBokmXrclAijm/c7NkL4d0TjozBQ/o/5tnA8PLJdwHRooUpeH2lbYsutqXxoG7cuq 1uj47VwZYSU/ATKQuK8UT8r4KfpHxkcROOhh1X8qIAfwxciRDPftrAy8VY6egmI0yCbl pbKg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=QQNMJqyXpMyQcdc35q1n/uJzBeVy7tmfmWSmoONPVCA=; fh=5ANsXBgk4O9WgLakDy1qNMlBqUweLNqHlxxS8fs/r+w=; b=m1kGkktb4cMiXiWV26sZ8d197s3x7ZvQS2t4JSXEMrWmZ5esNeRYHou0CNyOOk79Qh Fcp6lzWObGuNLJsfw5khFxXzGTdBPMIHY4lk+PzHZqGhhKyfKgUYUyKe+eG2yt6GgCnx a6Aw8ivNMc9cIajq1cfPAWGc5fGNRvuuunKmgEq7SZ52ZCY6Xeoubl3DmAIZWwJ7s6A0 bM54LVqzhoAEY4GvU+Mi264//wplPhqECaB21m7h1+FBXP5kOSZb1uh+PORX/NEkJA9h +rXRyXYSVUjuboD8lUGYAsQPvPWu4niooPJUYv5IqdWzRvsCs+qrO4SWNxkCJk8YVhYR 8LHw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="L//OCpOz"; arc=pass (i=1 spf=pass spfdomain=amazon.co.jp dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-132125-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-132125-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id dj7-20020a05622a4e8700b00432c26a6011si185853qtb.394.2024.04.04.14.14.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 14:14:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-132125-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b="L//OCpOz"; arc=pass (i=1 spf=pass spfdomain=amazon.co.jp dkim=pass dkdomain=amazon.com dmarc=pass fromdomain=amazon.com); spf=pass (google.com: domain of linux-kernel+bounces-132125-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-132125-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E1FA81C22B14 for ; Thu, 4 Apr 2024 21:14:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 6BD8213BC3B; Thu, 4 Apr 2024 21:13:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="L//OCpOz" Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60F0813AD2F; Thu, 4 Apr 2024 21:13:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=52.95.49.90 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712265230; cv=none; b=GMV0F6/TgSMXnjamzr+dE6v7chJ6JKI971UvCJ8Ytvgta3U16g2hBF+vc5nhAgJFj1Y+KP2bgAmxpPF6v64R0JqoKvNAH7MBFYy4FYexukx/20XTlFqifLHHanms+o0Lw9OSwLG90QMGAwXTIYG5bQIQYA8dMsibEfsrXIUQkQc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712265230; c=relaxed/simple; bh=EEof2slDW7gYodnqaab/2948OaIHbPKbWF+mIByxp7k=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=r8VCsSWiuF6HN5Or/s3IcpwPBC8uBBSGuvLsgVrya8BVtQdlUTZH3fiSWnk1qnUAC2wgjBCFXYYc7U3uqum7D+TwMm9wxjpQrNiWCEPrut1M7Fy4zzMvU7VcSDEizIH8JTw8NKpleQThmT6WzY1i5MDeiS9jzpP9ciohgrlxmm0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.co.jp; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=L//OCpOz; arc=none smtp.client-ip=52.95.49.90 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.co.jp DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1712265229; x=1743801229; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QQNMJqyXpMyQcdc35q1n/uJzBeVy7tmfmWSmoONPVCA=; b=L//OCpOzGIzlhS4l5SuqAeYDSzkBuZr3yYGf54TXh3fDthYbF/YKT73I d4te/DYfpzS/47mcTO5iLogcrwnymmbJ+1yR4j80IOBDQ3GuaGFXOnqVT S7uKWrKq7o4xFF6dJYS/SPVKE+gDyNwVpp3w8dej3Tc0FY+UQmhAiG1xh o=; X-IronPort-AV: E=Sophos;i="6.07,180,1708387200"; d="scan'208";a="398265065" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Apr 2024 21:13:46 +0000 Received: from EX19MTAUWC002.ant.amazon.com [10.0.7.35:10975] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.15.213:2525] with esmtp (Farcaster) id dcc88f20-f6d7-458e-b8e2-59575be13a00; Thu, 4 Apr 2024 21:13:44 +0000 (UTC) X-Farcaster-Flow-ID: dcc88f20-f6d7-458e-b8e2-59575be13a00 Received: from EX19D004ANA001.ant.amazon.com (10.37.240.138) by EX19MTAUWC002.ant.amazon.com (10.250.64.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Thu, 4 Apr 2024 21:13:41 +0000 Received: from 88665a182662.ant.amazon.com (10.106.100.6) by EX19D004ANA001.ant.amazon.com (10.37.240.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Thu, 4 Apr 2024 21:13:38 +0000 From: Kuniyuki Iwashima To: CC: , , , , , , , Subject: Re: [syzbot] [net?] possible deadlock in unix_del_edges Date: Thu, 4 Apr 2024 14:13:29 -0700 Message-ID: <20240404211329.40644-1-kuniyu@amazon.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <00000000000083ca480615479e79@google.com> References: <00000000000083ca480615479e79@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: EX19D043UWA004.ant.amazon.com (10.13.139.41) To EX19D004ANA001.ant.amazon.com (10.37.240.138) From: syzbot Date: Thu, 04 Apr 2024 09:13:26 -0700 > syzbot has found a reproducer for the following issue on: > > HEAD commit: 2b3d5988ae2c Add linux-next specific files for 20240404 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=13114d8d180000 > kernel config: https://syzkaller.appspot.com/x/.config?x=9c48fd2523cdee5e > dashboard link: https://syzkaller.appspot.com/bug?extid=7f7f201cc2668a8fd169 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113c7103180000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1133aaa9180000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/136270ed2c7b/disk-2b3d5988.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/466d2f7c1952/vmlinux-2b3d5988.xz > kernel image: https://storage.googleapis.com/syzbot-assets/7dfaf3959891/bzImage-2b3d5988.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+7f7f201cc2668a8fd169@syzkaller.appspotmail.com > > ============================================ > WARNING: possible recursive locking detected > 6.9.0-rc2-next-20240404-syzkaller #0 Not tainted > -------------------------------------------- > kworker/u8:3/51 is trying to acquire lock: > ffffffff8f6dc178 (unix_gc_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] > ffffffff8f6dc178 (unix_gc_lock){+.+.}-{2:2}, at: unix_del_edges+0x30/0x590 net/unix/garbage.c:227 > > but task is already holding lock: > ffffffff8f6dc178 (unix_gc_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] > ffffffff8f6dc178 (unix_gc_lock){+.+.}-{2:2}, at: __unix_gc+0xc5/0x1830 net/unix/garbage.c:547 > > other info that might help us debug this: > Possible unsafe locking scenario: > > CPU0 > ---- > lock(unix_gc_lock); > lock(unix_gc_lock); > > *** DEADLOCK *** > > May be due to missing lock nesting notation > > 4 locks held by kworker/u8:3/51: > #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3193 [inline] > #0: ffff888015089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 kernel/workqueue.c:3299 > #1: ffffc90000bb7d00 (unix_gc_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3194 [inline] > #1: ffffc90000bb7d00 (unix_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 kernel/workqueue.c:3299 > #2: ffffffff8f6dc178 (unix_gc_lock){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] > #2: ffffffff8f6dc178 (unix_gc_lock){+.+.}-{2:2}, at: __unix_gc+0xc5/0x1830 net/unix/garbage.c:547 > #3: ffff88802bd76118 (rlock-AF_UNIX){+.+.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] > #3: ffff88802bd76118 (rlock-AF_UNIX){+.+.}-{2:2}, at: unix_collect_skb+0xb8/0x700 net/unix/garbage.c:343 > > stack backtrace: > CPU: 0 PID: 51 Comm: kworker/u8:3 Not tainted 6.9.0-rc2-next-20240404-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 > Workqueue: events_unbound __unix_gc > Call Trace: > > __dump_stack lib/dump_stack.c:88 [inline] > dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 > check_deadlock kernel/locking/lockdep.c:3062 [inline] > validate_chain+0x15c1/0x58e0 kernel/locking/lockdep.c:3856 > __lock_acquire+0x1346/0x1fd0 kernel/locking/lockdep.c:5137 > lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754 > __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] > _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 > spin_lock include/linux/spinlock.h:351 [inline] > unix_del_edges+0x30/0x590 net/unix/garbage.c:227 > unix_destroy_fpl+0x59/0x210 net/unix/garbage.c:286 > unix_detach_fds net/unix/af_unix.c:1816 [inline] > unix_destruct_scm+0x13e/0x210 net/unix/af_unix.c:1873 > skb_release_head_state+0x100/0x250 net/core/skbuff.c:1162 > skb_release_all net/core/skbuff.c:1173 [inline] > __kfree_skb net/core/skbuff.c:1189 [inline] > kfree_skb_reason+0x16d/0x3b0 net/core/skbuff.c:1225 > kfree_skb include/linux/skbuff.h:1262 [inline] > unix_collect_skb+0x5e4/0x700 net/unix/garbage.c:361 > __unix_walk_scc net/unix/garbage.c:481 [inline] > unix_walk_scc net/unix/garbage.c:506 [inline] > __unix_gc+0x108c/0x1830 net/unix/garbage.c:559 > process_one_work kernel/workqueue.c:3218 [inline] > process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3299 > worker_thread+0x86d/0xd70 kernel/workqueue.c:3380 > kthread+0x2f0/0x390 kernel/kthread.c:388 > ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 > > > > --- > If you want syzbot to run the reproducer, reply with: > #syz test: git://repo/address.git branch-or-commit-hash > If you attach or paste a git patch, syzbot will apply it before testing. #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git main diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 61ecfa9c9c6b..12851dadcd4c 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -2619,6 +2619,7 @@ static struct sk_buff *manage_oob(struct sk_buff *skb, struct sock *sk, } } else if (!(flags & MSG_PEEK)) { skb_unlink(skb, &sk->sk_receive_queue); + WRITE_ONCE(u->oob_skb, NULL); consume_skb(skb); skb = skb_peek(&sk->sk_receive_queue); }