Re: sound: another deadlock in snd_seq_pool_done

From: Dmitry Vyukov
Date: Mon Mar 20 2017 - 05:02:44 EST


On Mon, Mar 20, 2017 at 8:17 AM, Takashi Iwai <tiwai@xxxxxxx> wrote:
> On Fri, 10 Mar 2017 10:19:13 +0100,
> Dmitry Vyukov wrote:
>>
>> On Sat, Mar 4, 2017 at 5:31 PM, Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
>> > Hello,
>> >
>> > The following program creates processes deadlocked in snd_seq_pool_done:
>> >
>> > https://gist.githubusercontent.com/dvyukov/97efc9cb6d63b1b2c7b737b82cc8b0d6/raw/3546b133ae0b2d3e1190ae7c1f4e240ce7ce132e/gistfile1.txt
>> >
>> > After few seconds I get:
>> >
>> > # ps afxu | grep a.out
>> > root 8660 2.0 0.0 0 0 pts/0 Zl 16:27 0:00
>> > [a.out] <defunct>
>> >
>> > # kill -9 8660
>> >
>> > # cat /proc/8660/status
>> > Name: a.out
>> > State: Z (zombie)
>> > Tgid: 8660
>> > Ngid: 0
>> > Pid: 8660
>> > PPid: 1
>> > TracerPid: 0
>> > Uid: 0 0 0 0
>> > Gid: 0 0 0 0
>> > FDSize: 0
>> > Groups: 0
>> > NStgid: 8660
>> > NSpid: 8660
>> > NSpgid: 8660
>> > NSsid: 2971
>> > Threads: 2
>> > SigQ: 1/3304
>> > SigPnd: 0000000000000000
>> > ShdPnd: 0000000000000100
>> > SigBlk: 0000000000000000
>> > SigIgn: 0000000180000000
>> > SigCgt: 0000000000000440
>> > CapInh: 0000000000000000
>> > CapPrm: 0000003fffffffff
>> > CapEff: 0000003fffffffff
>> > CapBnd: 0000003fffffffff
>> > CapAmb: 0000000000000000
>> > NoNewPrivs: 0
>> > Seccomp: 0
>> > Cpus_allowed: f
>> > Cpus_allowed_list: 0-3
>> > Mems_allowed: 00000000,00000001
>> > Mems_allowed_list: 0
>> > voluntary_ctxt_switches: 12
>> > nonvoluntary_ctxt_switches: 0
>> >
>> > # cat /proc/8660/task/*/stack
>> > [<ffffffff835406db>] snd_seq_pool_done+0x31b/0x620
>> > sound/core/seq/seq_memory.c:436
>> > [<ffffffff8353a11e>] snd_seq_ioctl_set_client_pool+0x1ae/0x600
>> > sound/core/seq/seq_clientmgr.c:1836
>> > [<ffffffff835382ba>] snd_seq_ioctl+0x2da/0x4d0
>> > sound/core/seq/seq_clientmgr.c:2130
>> > [<ffffffff81aced2f>] vfs_ioctl fs/ioctl.c:45 [inline]
>> > [<ffffffff81aced2f>] do_vfs_ioctl+0x1bf/0x1790 fs/ioctl.c:685
>> > [<ffffffff81ad038f>] SYSC_ioctl fs/ioctl.c:700 [inline]
>> > [<ffffffff81ad038f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
>> > [<ffffffff8457dc41>] entry_SYSCALL_64_fastpath+0x1f/0xc2
>>
>>
>> A friendly ping.
>
> Sorry for the delay, I've been on vacation for over the last two
> weeks. (And I have a deja vu feeing, as if I so often receive your
> syzkaller bug reports during or just before my vacation in the past,
> too... :)
>
> Will take a look at this soon after digesting the pending mails.

I swear I don't stack them up to send right before your vacation :)