| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| upstream | possible deadlock in snd_seq_deliver_event | 4 | C | 6 | 2938d | 2948d | 4/29 | fixed on 2018/01/23 12:04 |
syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| upstream | possible deadlock in snd_seq_deliver_event | 4 | C | 6 | 2938d | 2948d | 4/29 | fixed on 2018/01/23 12:04 |
=============================================
[ INFO: possible recursive locking detected ]
4.9.60-gdfe0a9b #81 Not tainted
---------------------------------------------
syzkaller633487/3245 is trying to acquire lock:
(&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline]
(&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807
but task is already holding lock:
(&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline]
(&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&grp->list_mutex);
lock(&grp->list_mutex);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syzkaller633487/3245:
#0: (register_mutex#4){+.+.+.}, at: [<ffffffff82e1e77a>] odev_release+0x4a/0x70 sound/core/seq/oss/seq_oss.c:152
#1: (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline]
#1: (&grp->list_mutex){++++.+}, at: [<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807
stack backtrace:
CPU: 0 PID: 3245 Comm: syzkaller633487 Not tainted 4.9.60-gdfe0a9b #81
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
ffff8801c772f100 ffffffff81d91389 ffffffff8537b4d0 ffffffff8537b4d0
dffffc0000000000 f75f28fb6e9d5274 0000000000000000 ffff8801c772f2c8
ffffffff8123c925 ffff8801c7720000 ffff8801c7720928 00000000000003c7
Call Trace:
[<ffffffff81d91389>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81d91389>] dump_stack+0xc1/0x128 lib/dump_stack.c:51
[<ffffffff8123c925>] print_deadlock_bug kernel/locking/lockdep.c:1727 [inline]
[<ffffffff8123c925>] check_deadlock kernel/locking/lockdep.c:1771 [inline]
[<ffffffff8123c925>] validate_chain kernel/locking/lockdep.c:2249 [inline]
[<ffffffff8123c925>] __lock_acquire+0xe35/0x3640 kernel/locking/lockdep.c:3345
[<ffffffff8123fb6e>] lock_acquire+0x12e/0x410 kernel/locking/lockdep.c:3756
[<ffffffff838a3354>] down_read+0x44/0xb0 kernel/locking/rwsem.c:22
[<ffffffff82e0af5f>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:666 [inline]
[<ffffffff82e0af5f>] snd_seq_deliver_event+0x4cf/0x740 sound/core/seq/seq_clientmgr.c:807
[<ffffffff82e0bf2e>] snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2318
[<ffffffff82e306c5>] dummy_input+0x235/0x320 sound/core/seq/seq_dummy.c:104
[<ffffffff82e0a5e0>] snd_seq_deliver_single_event.constprop.11+0x310/0x7c0 sound/core/seq/seq_clientmgr.c:621
[<ffffffff82e0ada6>] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:676 [inline]
[<ffffffff82e0ada6>] snd_seq_deliver_event+0x316/0x740 sound/core/seq/seq_clientmgr.c:807
[<ffffffff82e0bf2e>] snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2318
[<ffffffff82e306c5>] dummy_input+0x235/0x320 sound/core/seq/seq_dummy.c:104
[<ffffffff82e0a5e0>] snd_seq_deliver_single_event.constprop.11+0x310/0x7c0 sound/core/seq/seq_clientmgr.c:621
[<ffffffff82e0abbd>] snd_seq_deliver_event+0x12d/0x740 sound/core/seq/seq_clientmgr.c:818
[<ffffffff82e0bf2e>] snd_seq_kernel_client_dispatch+0x11e/0x150 sound/core/seq/seq_clientmgr.c:2318
[<ffffffff82e2cef0>] snd_seq_oss_dispatch sound/core/seq/oss/seq_oss_device.h:150 [inline]
[<ffffffff82e2cef0>] snd_seq_oss_midi_reset+0x390/0x570 sound/core/seq/oss/seq_oss_midi.c:481
[<ffffffff82e29320>] snd_seq_oss_synth_reset+0x3c0/0x8b0 sound/core/seq/oss/seq_oss_synth.c:416
[<ffffffff82e1fd7c>] snd_seq_oss_reset+0x6c/0x260 sound/core/seq/oss/seq_oss_init.c:448
[<ffffffff82e1ffe1>] snd_seq_oss_release+0x71/0x130 sound/core/seq/oss/seq_oss_init.c:425
[<ffffffff82e1e782>] odev_release+0x52/0x70 sound/core/seq/oss/seq_oss.c:153
[<ffffffff815734dc>] __fput+0x28c/0x6e0 fs/file_table.c:208
[<ffffffff815739b5>] ____fput+0x15/0x20 fs/file_table.c:244
[<ffffffff81196005>] task_work_run+0x115/0x190 kernel/task_work.c:116
[<ffffffff8113d2e7>] exit_task_work include/linux/task_work.h:21 [inline]
[<ffffffff8113d2e7>] do_exit+0x7e7/0x2a40 kernel/exit.c:833
[<ffffffff810e0256>] ? _
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2017/11/06 15:40 | https://android.googlesource.com/kernel/common android-4.9 | dfe0a9bcfc3a | d49979f7 | .config | console log | report | syz | C | ci-android-49-kasan-gce |