syzbot has found a reproducer for the following issue on: HEAD commit: 02ffd6f89c50 Merge tag 'bpf-fixes' of git://git.kernel.org.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=124f6934580000 kernel config: https://syzkaller.appspot.com/x/.config?x=c1f4909b95fa1ed dashboard link: https://syzkaller.appspot.com/bug?extid=bd936ccd4339cea66e6b compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12e46b12580000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1598a47c580000 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-02ffd6f8.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/56f3c676fa83/vmlinux-02ffd6f8.xz kernel image: https://storage.googleapis.com/syzbot-assets/b17e95e57bfa/bzImage-02ffd6f8.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+bd936ccd4339cea66e6b@xxxxxxxxxxxxxxxxxxxxxxxxx ============================================ WARNING: possible recursive locking detected syzkaller #0 Not tainted -------------------------------------------- kworker/u32:5/96 is trying to acquire lock: ffffe8fefc53dbc8 (&pd_list->lock){+...}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] ffffe8fefc53dbc8 (&pd_list->lock){+...}-{3:3}, at: padata_find_next kernel/padata.c:256 [inline] ffffe8fefc53dbc8 (&pd_list->lock){+...}-{3:3}, at: padata_reorder kernel/padata.c:309 [inline] ffffe8fefc53dbc8 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x7bd/0xd20 kernel/padata.c:379 but task is already holding lock: ffffe8fefc53dc18 (&pd_list->lock){+...}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] ffffe8fefc53dc18 (&pd_list->lock){+...}-{3:3}, at: padata_reorder kernel/padata.c:300 [inline] ffffe8fefc53dc18 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x697/0xd20 kernel/padata.c:379 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&pd_list->lock); lock(&pd_list->lock); *** DEADLOCK *** May be due to missing lock nesting notation 3 locks held by kworker/u32:5/96: #0: ffff888022495148 ((wq_completion)pdecrypt_parallel){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 kernel/workqueue.c:3211 #1: ffffc9000167fd10 ((work_completion)(&pw->pw_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 kernel/workqueue.c:3212 #2: ffffe8fefc53dc18 (&pd_list->lock){+...}-{3:3}, at: spin_lock include/linux/spinlock.h:351 [inline] #2: ffffe8fefc53dc18 (&pd_list->lock){+...}-{3:3}, at: padata_reorder kernel/padata.c:300 [inline] #2: ffffe8fefc53dc18 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x697/0xd20 kernel/padata.c:379 stack backtrace: CPU: 2 UID: 0 PID: 96 Comm: kworker/u32:5 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: pdecrypt_parallel padata_parallel_worker Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_deadlock_bug+0x1e9/0x240 kernel/locking/lockdep.c:3041 check_deadlock kernel/locking/lockdep.c:3093 [inline] validate_chain kernel/locking/lockdep.c:3895 [inline] __lock_acquire+0x1133/0x1ce0 kernel/locking/lockdep.c:5237 lock_acquire kernel/locking/lockdep.c:5868 [inline] lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5825 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 spin_lock include/linux/spinlock.h:351 [inline] padata_find_next kernel/padata.c:256 [inline] padata_reorder kernel/padata.c:309 [inline] padata_do_serial+0x7bd/0xd20 kernel/padata.c:379 pcrypt_aead_dec+0x5b/0x70 crypto/pcrypt.c:140 padata_parallel_worker+0x62/0xb0 kernel/padata.c:157 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3236 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:463 ret_from_fork+0x56a/0x730 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> --- If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing.
