Re: [syzbot] possible deadlock in trie_delete_elem

[syzbot]

For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx, syzkaller-bugs@xxxxxxxxxxxxxxxx.

***

Subject: possible deadlock in trie_delete_elem
Author: norbert.kaminski@xxxxxxxxxxxx

#syz test https://linux.googlesource.com/linux/kernel/git/torvalds/linux e377d803b65ee4130213b3c041fc25fdfec1bd90

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 2d29bc0f21cc..75fdb8e3abaa 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2393,12 +2393,21 @@ void __bpf_trace_run(struct bpf_raw_tp_link *link, u64 *args)
        cant_sleep();

        // return if instrumentation disabled, see: bpf_disable_instrumentation
-       if (unlikely(__this_cpu_read(bpf_prog_active))) {
+       int instrumentation = unlikely(__this_cpu_read(bpf_prog_active));
+       if (instrumentation) {
+               printk("SKIP FOR INSTRUMENTATION: %s > %s > %p /%i ==============\n",
+                               prog->aux->name,
+                               link->btp->tp->name, prog, instrumentation);
                bpf_prog_inc_misses_counter(prog);
                return;
        }

-       if (unlikely(this_cpu_inc_return(*(prog->active)) != 1)) {
+       int active = this_cpu_inc_return(*(prog->active));
+       // printk("%s > %s > %p /%i\n", prog->aux->name, link->btp->tp->name, prog, active);
+       if (active != 1) {
+               printk("SKIP FOR ACTIVE: %s > %s > %p /%i =======================\n",
+                               prog->aux->name,
+                               link->btp->tp->name, prog, active);
                bpf_prog_inc_misses_counter(prog);
                goto out;
        }
diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c
index 8d1507dd0724..e756262d8df7 100644
--- a/kernel/tracepoint.c
+++ b/kernel/tracepoint.c
@@ -168,12 +169,21 @@ static inline void release_probes(struct tracepoint_func *old)
 static void debug_print_probes(struct tracepoint_func *funcs)
 {
        int i;
+       struct bpf_raw_tp_link *link;

        if (!tracepoint_debug || !funcs)
                return;

-       for (i = 0; funcs[i].func; i++)
-               printk(KERN_DEBUG "Probe %d : %p\n", i, funcs[i].func);
+       for (i = 0; funcs[i].func; i++) {
+               link = funcs[i].data;
+               int active = this_cpu_read(*(link->link.prog->active));
+               printk("Probe %d : %p / %p: %s/%d / %i\n", i,
+                               funcs[i].func,
+                               link,
+                               link->link.prog->aux->name,
+                               active,
+                               funcs[i].prio);
+       }
 }

 static struct tracepoint_func *
@@ -298,6 +308,8 @@ static enum tp_func_state nr_func_state(const struct tracepoint_func *tp_funcs)
 {
        if (!tp_funcs)
                return TP_FUNC_0;
+       if (!tp_funcs[0].func)
+               return TP_FUNC_0;
        if (!tp_funcs[1].func)
                return TP_FUNC_1;
        if (!tp_funcs[2].func)
The information in this email is confidential and may be legally privileged. It is intended solely for the addressee and access to it by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken based on it, is strictly prohibited and may be unlawful.