[syzbot] possible deadlock in __fs_reclaim_acquire
23 views
Skip to first unread message
syzbot
Jul 4, 2021, 4:57:17 AM7/4/21
to linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Hello,
syzbot found the following issue on:
HEAD commit: 3dbdb38e Merge branch 'for-5.14' of git://git.kernel.org/p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1333db52300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1700b0b2b41cd52c
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+127fd7...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.13.0-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.3/21469 is trying to acquire lock:
ffffffff8cfd6720 (fs_reclaim){+.+.}-{0:0}, at: __fs_reclaim_acquire+0x0/0x30 mm/page_alloc.c:4222
but task is already holding lock:
ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (lock#2){-.-.}-{2:2}:
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
local_lock_acquire+0x23/0x130 include/linux/local_lock_internal.h:42
rmqueue_pcplist+0x10c/0x4d0 mm/page_alloc.c:3675
rmqueue+0x1eb4/0x22e0 mm/page_alloc.c:3713
get_page_from_freelist+0x4b3/0xa30 mm/page_alloc.c:4175
__alloc_pages+0x26c/0x5f0 mm/page_alloc.c:5386
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
kasan_save_stack+0x3e/0x50 mm/kasan/common.c:40
kasan_record_aux_stack+0xee/0x120 mm/kasan/generic.c:348
__call_rcu kernel/rcu/tree.c:3038 [inline]
call_rcu+0x1a0/0xa20 kernel/rcu/tree.c:3113
context_switch kernel/sched/core.c:4686 [inline]
__schedule+0xc0f/0x11f0 kernel/sched/core.c:5940
preempt_schedule_notrace+0x12c/0x170 kernel/sched/core.c:6179
preempt_schedule_notrace_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:36
rcu_read_unlock_sched_notrace include/linux/rcupdate.h:809 [inline]
trace_lock_release+0x9f/0x140 include/trace/events/lock.h:58
lock_release+0x81/0x7b0 kernel/locking/lockdep.c:5636
might_alloc include/linux/sched/mm.h:199 [inline]
slab_pre_alloc_hook mm/slab.h:485 [inline]
slab_alloc_node mm/slub.c:2891 [inline]
slab_alloc mm/slub.c:2978 [inline]
kmem_cache_alloc+0x41/0x340 mm/slub.c:2983
kmem_cache_zalloc include/linux/slab.h:711 [inline]
__alloc_file+0x26/0x2f0 fs/file_table.c:101
alloc_empty_file+0xa9/0x1b0 fs/file_table.c:150
path_openat+0x119/0x39b0 fs/namei.c:3480
do_filp_open+0x221/0x460 fs/namei.c:3521
do_open_execat+0x16d/0x710 fs/exec.c:913
bprm_execve+0x505/0x1470 fs/exec.c:1809
kernel_execve+0x8ce/0x9a0 fs/exec.c:1977
call_usermodehelper_exec_async+0x262/0x3b0 kernel/umh.c:112
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
-> #0 (fs_reclaim){+.+.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
__vmalloc_node mm/vmalloc.c:2996 [inline]
vzalloc+0x75/0x80 mm/vmalloc.c:3066
n_tty_open+0x19/0x150 drivers/tty/n_tty.c:1914
tty_ldisc_open drivers/tty/tty_ldisc.c:464 [inline]
tty_ldisc_setup+0xcf/0x3c0 drivers/tty/tty_ldisc.c:781
tty_init_dev+0x271/0x4c0 drivers/tty/tty_io.c:1461
tty_open_by_driver drivers/tty/tty_io.c:2102 [inline]
tty_open+0x89a/0xdd0 drivers/tty/tty_io.c:2150
chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
do_dentry_open+0x7cb/0x1010 fs/open.c:826
do_open fs/namei.c:3361 [inline]
path_openat+0x28e6/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1195
do_sys_open fs/open.c:1211 [inline]
__do_sys_openat fs/open.c:1227 [inline]
__se_sys_openat fs/open.c:1222 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1222
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(lock#2);
lock(fs_reclaim);
lock(lock#2);
lock(fs_reclaim);
*** DEADLOCK ***
4 locks held by syz-executor.3/21469:
#0: ffffffff8d5ca708 (tty_mutex){+.+.}-{3:3}, at: tty_open_by_driver drivers/tty/tty_io.c:2066 [inline]
#0: ffffffff8d5ca708 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x235/0xdd0 drivers/tty/tty_io.c:2150
#1: ffff8880257541c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_init_dev+0x6a/0x4c0 drivers/tty/tty_io.c:1436
#2: ffff888025754098 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:315 [inline]
#2: ffff888025754098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x6a/0xb0 drivers/tty/tty_ldisc.c:339
#3: ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
stack backtrace:
CPU: 1 PID: 21469 Comm: syz-executor.3 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2009
check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2131
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
__vmalloc_node mm/vmalloc.c:2996 [inline]
vzalloc+0x75/0x80 mm/vmalloc.c:3066
n_tty_open+0x19/0x150 drivers/tty/n_tty.c:1914
tty_ldisc_open drivers/tty/tty_ldisc.c:464 [inline]
tty_ldisc_setup+0xcf/0x3c0 drivers/tty/tty_ldisc.c:781
tty_init_dev+0x271/0x4c0 drivers/tty/tty_io.c:1461
tty_open_by_driver drivers/tty/tty_io.c:2102 [inline]
tty_open+0x89a/0xdd0 drivers/tty/tty_io.c:2150
chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
do_dentry_open+0x7cb/0x1010 fs/open.c:826
do_open fs/namei.c:3361 [inline]
path_openat+0x28e6/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1195
do_sys_open fs/open.c:1211 [inline]
__do_sys_openat fs/open.c:1227 [inline]
__se_sys_openat fs/open.c:1222 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1222
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4196c4
Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
RSP: 002b:00007f7b60ac8cc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004196c4
RDX: 0000000000000002 RSI: 00007f7b60ac8d60 RDI: 00000000ffffff9c
RBP: 00007f7b60ac8d60 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
R13: 00007ffc7de709ef R14: 00007f7b60ac9300 R15: 0000000000022000
BUG: sleeping function called from invalid context at mm/page_alloc.c:5179
in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 21469, name: syz-executor.3
INFO: lockdep is turned off.
irq event stamp: 200
hardirqs last enabled at (199): [<ffffffff89cf038b>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (199): [<ffffffff89cf038b>] _raw_spin_unlock_irqrestore+0x8b/0x120 kernel/locking/spinlock.c:191
hardirqs last disabled at (200): [<ffffffff81be4351>] __alloc_pages_bulk+0x801/0x1090 mm/page_alloc.c:5291
softirqs last enabled at (0): [<ffffffff814b0828>] copy_process+0x1498/0x5b30 kernel/fork.c:2065
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 1 PID: 21469 Comm: syz-executor.3 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
___might_sleep+0x4e5/0x6b0 kernel/sched/core.c:9153
prepare_alloc_pages+0x1c0/0x5a0 mm/page_alloc.c:5179
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
__vmalloc_node mm/vmalloc.c:2996 [inline]
vzalloc+0x75/0x80 mm/vmalloc.c:3066
n_tty_open+0x19/0x150 drivers/tty/n_tty.c:1914
tty_ldisc_open drivers/tty/tty_ldisc.c:464 [inline]
tty_ldisc_setup+0xcf/0x3c0 drivers/tty/tty_ldisc.c:781
tty_init_dev+0x271/0x4c0 drivers/tty/tty_io.c:1461
tty_open_by_driver drivers/tty/tty_io.c:2102 [inline]
tty_open+0x89a/0xdd0 drivers/tty/tty_io.c:2150
chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
do_dentry_open+0x7cb/0x1010 fs/open.c:826
do_open fs/namei.c:3361 [inline]
path_openat+0x28e6/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1195
do_sys_open fs/open.c:1211 [inline]
__do_sys_openat fs/open.c:1227 [inline]
__se_sys_openat fs/open.c:1222 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1222
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4196c4
Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
RSP: 002b:00007f7b60ac8cc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004196c4
RDX: 0000000000000002 RSI: 00007f7b60ac8d60 RDI: 00000000ffffff9c
RBP: 00007f7b60ac8d60 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
R13: 00007ffc7de709ef R14: 00007f7b60ac9300 R15: 0000000000022000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3dbdb38e Merge branch 'for-5.14' of git://git.kernel.org/p..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1333db52300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1700b0b2b41cd52c
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+127fd7...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.13.0-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.3/21469 is trying to acquire lock:
ffffffff8cfd6720 (fs_reclaim){+.+.}-{0:0}, at: __fs_reclaim_acquire+0x0/0x30 mm/page_alloc.c:4222
but task is already holding lock:
ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (lock#2){-.-.}-{2:2}:
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
local_lock_acquire+0x23/0x130 include/linux/local_lock_internal.h:42
rmqueue_pcplist+0x10c/0x4d0 mm/page_alloc.c:3675
rmqueue+0x1eb4/0x22e0 mm/page_alloc.c:3713
get_page_from_freelist+0x4b3/0xa30 mm/page_alloc.c:4175
__alloc_pages+0x26c/0x5f0 mm/page_alloc.c:5386
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
kasan_save_stack+0x3e/0x50 mm/kasan/common.c:40
kasan_record_aux_stack+0xee/0x120 mm/kasan/generic.c:348
__call_rcu kernel/rcu/tree.c:3038 [inline]
call_rcu+0x1a0/0xa20 kernel/rcu/tree.c:3113
context_switch kernel/sched/core.c:4686 [inline]
__schedule+0xc0f/0x11f0 kernel/sched/core.c:5940
preempt_schedule_notrace+0x12c/0x170 kernel/sched/core.c:6179
preempt_schedule_notrace_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:36
rcu_read_unlock_sched_notrace include/linux/rcupdate.h:809 [inline]
trace_lock_release+0x9f/0x140 include/trace/events/lock.h:58
lock_release+0x81/0x7b0 kernel/locking/lockdep.c:5636
might_alloc include/linux/sched/mm.h:199 [inline]
slab_pre_alloc_hook mm/slab.h:485 [inline]
slab_alloc_node mm/slub.c:2891 [inline]
slab_alloc mm/slub.c:2978 [inline]
kmem_cache_alloc+0x41/0x340 mm/slub.c:2983
kmem_cache_zalloc include/linux/slab.h:711 [inline]
__alloc_file+0x26/0x2f0 fs/file_table.c:101
alloc_empty_file+0xa9/0x1b0 fs/file_table.c:150
path_openat+0x119/0x39b0 fs/namei.c:3480
do_filp_open+0x221/0x460 fs/namei.c:3521
do_open_execat+0x16d/0x710 fs/exec.c:913
bprm_execve+0x505/0x1470 fs/exec.c:1809
kernel_execve+0x8ce/0x9a0 fs/exec.c:1977
call_usermodehelper_exec_async+0x262/0x3b0 kernel/umh.c:112
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
-> #0 (fs_reclaim){+.+.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
__vmalloc_node mm/vmalloc.c:2996 [inline]
vzalloc+0x75/0x80 mm/vmalloc.c:3066
n_tty_open+0x19/0x150 drivers/tty/n_tty.c:1914
tty_ldisc_open drivers/tty/tty_ldisc.c:464 [inline]
tty_ldisc_setup+0xcf/0x3c0 drivers/tty/tty_ldisc.c:781
tty_init_dev+0x271/0x4c0 drivers/tty/tty_io.c:1461
tty_open_by_driver drivers/tty/tty_io.c:2102 [inline]
tty_open+0x89a/0xdd0 drivers/tty/tty_io.c:2150
chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
do_dentry_open+0x7cb/0x1010 fs/open.c:826
do_open fs/namei.c:3361 [inline]
path_openat+0x28e6/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1195
do_sys_open fs/open.c:1211 [inline]
__do_sys_openat fs/open.c:1227 [inline]
__se_sys_openat fs/open.c:1222 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1222
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(lock#2);
lock(fs_reclaim);
lock(lock#2);
lock(fs_reclaim);
*** DEADLOCK ***
4 locks held by syz-executor.3/21469:
#0: ffffffff8d5ca708 (tty_mutex){+.+.}-{3:3}, at: tty_open_by_driver drivers/tty/tty_io.c:2066 [inline]
#0: ffffffff8d5ca708 (tty_mutex){+.+.}-{3:3}, at: tty_open+0x235/0xdd0 drivers/tty/tty_io.c:2150
#1: ffff8880257541c0 (&tty->legacy_mutex){+.+.}-{3:3}, at: tty_init_dev+0x6a/0x4c0 drivers/tty/tty_io.c:1436
#2: ffff888025754098 (&tty->ldisc_sem){++++}-{0:0}, at: __tty_ldisc_lock drivers/tty/tty_ldisc.c:315 [inline]
#2: ffff888025754098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x6a/0xb0 drivers/tty/tty_ldisc.c:339
#3: ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
stack backtrace:
CPU: 1 PID: 21469 Comm: syz-executor.3 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2009
check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2131
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
__vmalloc_node mm/vmalloc.c:2996 [inline]
vzalloc+0x75/0x80 mm/vmalloc.c:3066
n_tty_open+0x19/0x150 drivers/tty/n_tty.c:1914
tty_ldisc_open drivers/tty/tty_ldisc.c:464 [inline]
tty_ldisc_setup+0xcf/0x3c0 drivers/tty/tty_ldisc.c:781
tty_init_dev+0x271/0x4c0 drivers/tty/tty_io.c:1461
tty_open_by_driver drivers/tty/tty_io.c:2102 [inline]
tty_open+0x89a/0xdd0 drivers/tty/tty_io.c:2150
chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
do_dentry_open+0x7cb/0x1010 fs/open.c:826
do_open fs/namei.c:3361 [inline]
path_openat+0x28e6/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1195
do_sys_open fs/open.c:1211 [inline]
__do_sys_openat fs/open.c:1227 [inline]
__se_sys_openat fs/open.c:1222 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1222
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4196c4
Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
RSP: 002b:00007f7b60ac8cc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004196c4
RDX: 0000000000000002 RSI: 00007f7b60ac8d60 RDI: 00000000ffffff9c
RBP: 00007f7b60ac8d60 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
R13: 00007ffc7de709ef R14: 00007f7b60ac9300 R15: 0000000000022000
BUG: sleeping function called from invalid context at mm/page_alloc.c:5179
in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 21469, name: syz-executor.3
INFO: lockdep is turned off.
irq event stamp: 200
hardirqs last enabled at (199): [<ffffffff89cf038b>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (199): [<ffffffff89cf038b>] _raw_spin_unlock_irqrestore+0x8b/0x120 kernel/locking/spinlock.c:191
hardirqs last disabled at (200): [<ffffffff81be4351>] __alloc_pages_bulk+0x801/0x1090 mm/page_alloc.c:5291
softirqs last enabled at (0): [<ffffffff814b0828>] copy_process+0x1498/0x5b30 kernel/fork.c:2065
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 1 PID: 21469 Comm: syz-executor.3 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
___might_sleep+0x4e5/0x6b0 kernel/sched/core.c:9153
prepare_alloc_pages+0x1c0/0x5a0 mm/page_alloc.c:5179
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
__vmalloc_node mm/vmalloc.c:2996 [inline]
vzalloc+0x75/0x80 mm/vmalloc.c:3066
n_tty_open+0x19/0x150 drivers/tty/n_tty.c:1914
tty_ldisc_open drivers/tty/tty_ldisc.c:464 [inline]
tty_ldisc_setup+0xcf/0x3c0 drivers/tty/tty_ldisc.c:781
tty_init_dev+0x271/0x4c0 drivers/tty/tty_io.c:1461
tty_open_by_driver drivers/tty/tty_io.c:2102 [inline]
tty_open+0x89a/0xdd0 drivers/tty/tty_io.c:2150
chrdev_open+0x53b/0x5f0 fs/char_dev.c:414
do_dentry_open+0x7cb/0x1010 fs/open.c:826
do_open fs/namei.c:3361 [inline]
path_openat+0x28e6/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1195
do_sys_open fs/open.c:1211 [inline]
__do_sys_openat fs/open.c:1227 [inline]
__se_sys_openat fs/open.c:1222 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1222
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4196c4
Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
RSP: 002b:00007f7b60ac8cc0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004196c4
RDX: 0000000000000002 RSI: 00007f7b60ac8d60 RDI: 00000000ffffff9c
RBP: 00007f7b60ac8d60 R08: 0000000000000000 R09: 000000000000000e
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
R13: 00007ffc7de709ef R14: 00007f7b60ac9300 R15: 0000000000022000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Jul 4, 2021, 7:51:21 AM7/4/21
to ak...@linux-foundation.org, and...@kernel.org, a...@kernel.org, ax...@kernel.dk, b...@vger.kernel.org, chri...@brauner.io, dan...@iogearbox.net, ebie...@xmission.com, john.fa...@gmail.com, ka...@fb.com, kps...@kernel.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pet...@infradead.org, shak...@google.com, songliu...@fb.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, y...@fb.com
syzbot has found a reproducer for the following issue on:
console output: https://syzkaller.appspot.com/x/log.txt?x=17e0b9d8300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+127fd7...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.13.0-syzkaller #0 Not tainted
------------------------------------------------------
syz-execprog/8416 is trying to acquire lock:
mm_free_pgd kernel/fork.c:636 [inline]
__mmdrop+0xae/0x3f0 kernel/fork.c:687
mmdrop include/linux/sched/mm.h:49 [inline]
finish_task_switch+0x221/0x630 kernel/sched/core.c:4582
ep_insert fs/eventpoll.c:1468 [inline]
do_epoll_ctl+0x13a7/0x2f70 fs/eventpoll.c:2133
__do_sys_epoll_ctl fs/eventpoll.c:2184 [inline]
__se_sys_epoll_ctl fs/eventpoll.c:2175 [inline]
__x64_sys_epoll_ctl+0x14e/0x190 fs/eventpoll.c:2175
kcov_mmap+0x28/0x130 kernel/kcov.c:465
call_mmap include/linux/fs.h:2119 [inline]
mmap_region+0x1410/0x1df0 mm/mmap.c:1809
do_mmap+0x930/0x11a0 mm/mmap.c:1585
vm_mmap_pgoff+0x19e/0x2b0 mm/util.c:519
ksys_mmap_pgoff+0x504/0x7b0 mm/mmap.c:1636
#0: ffff8880161e0128 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline]
#0: ffff8880161e0128 (&mm->mmap_lock#2){++++}-{3:3}, at: vm_mmap_pgoff+0x14d/0x2b0 mm/util.c:517
#1: ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
stack backtrace:
CPU: 1 PID: 8416 Comm: syz-execprog Not tainted 5.13.0-syzkaller #0
kcov_mmap+0x28/0x130 kernel/kcov.c:465
call_mmap include/linux/fs.h:2119 [inline]
mmap_region+0x1410/0x1df0 mm/mmap.c:1809
do_mmap+0x930/0x11a0 mm/mmap.c:1585
vm_mmap_pgoff+0x19e/0x2b0 mm/util.c:519
ksys_mmap_pgoff+0x504/0x7b0 mm/mmap.c:1636
Code: e8 db 57 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
RSP: 002b:000000c000173a10 EFLAGS: 00000202 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 000000c000020800 RCX: 00000000004b132a
RDX: 0000000000000003 RSI: 0000000000080000 RDI: 0000000000000000
RBP: 000000c000173a70 R08: 0000000000000006 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000727f1a
R13: 00000000000001f6 R14: 0000000000000200 R15: 0000000000000100
hardirqs last enabled at (70645): [<ffffffff89cf038b>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (70645): [<ffffffff89cf038b>] _raw_spin_unlock_irqrestore+0x8b/0x120 kernel/locking/spinlock.c:191
hardirqs last disabled at (70646): [<ffffffff81be4351>] __alloc_pages_bulk+0x801/0x1090 mm/page_alloc.c:5291
softirqs last enabled at (69738): [<ffffffff814d4fbb>] invoke_softirq kernel/softirq.c:432 [inline]
softirqs last enabled at (69738): [<ffffffff814d4fbb>] __irq_exit_rcu+0x21b/0x260 kernel/softirq.c:636
softirqs last disabled at (69687): [<ffffffff814d4fbb>] invoke_softirq kernel/softirq.c:432 [inline]
softirqs last disabled at (69687): [<ffffffff814d4fbb>] __irq_exit_rcu+0x21b/0x260 kernel/softirq.c:636
CPU: 1 PID: 8416 Comm: syz-execprog Not tainted 5.13.0-syzkaller #0
kcov_mmap+0x28/0x130 kernel/kcov.c:465
call_mmap include/linux/fs.h:2119 [inline]
mmap_region+0x1410/0x1df0 mm/mmap.c:1809
do_mmap+0x930/0x11a0 mm/mmap.c:1585
vm_mmap_pgoff+0x19e/0x2b0 mm/util.c:519
ksys_mmap_pgoff+0x504/0x7b0 mm/mmap.c:1636
Code: e8 db 57 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
RSP: 002b:000000c000173a10 EFLAGS: 00000202 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 000000c000020800 RCX: 00000000004b132a
RDX: 0000000000000003 RSI: 0000000000080000 RDI: 0000000000000000
RBP: 000000c000173a70 R08: 0000000000000006 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000727f1a
R13: 00000000000001f6 R14: 0000000000000200 R15: 0000000000000100
console output: https://syzkaller.appspot.com/x/log.txt?x=17e0b9d8300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1700b0b2b41cd52c
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10542f52300000
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+127fd7...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.13.0-syzkaller #0 Not tainted
------------------------------------------------------
ffffffff8cfd6720 (fs_reclaim){+.+.}-{0:0}, at: __fs_reclaim_acquire+0x0/0x30 mm/page_alloc.c:4222
but task is already holding lock:
ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (lock#2){-.-.}-{2:2}:
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
local_lock_acquire+0x23/0x130 include/linux/local_lock_internal.h:42
free_unref_page+0x242/0x550 mm/page_alloc.c:3439
but task is already holding lock:
ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (lock#2){-.-.}-{2:2}:
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
local_lock_acquire+0x23/0x130 include/linux/local_lock_internal.h:42
mm_free_pgd kernel/fork.c:636 [inline]
__mmdrop+0xae/0x3f0 kernel/fork.c:687
mmdrop include/linux/sched/mm.h:49 [inline]
finish_task_switch+0x221/0x630 kernel/sched/core.c:4582
context_switch kernel/sched/core.c:4686 [inline]
__schedule+0xc0f/0x11f0 kernel/sched/core.c:5940
preempt_schedule_notrace+0x12c/0x170 kernel/sched/core.c:6179
preempt_schedule_notrace_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:36
rcu_read_unlock_sched_notrace include/linux/rcupdate.h:809 [inline]
trace_lock_release+0x9f/0x140 include/trace/events/lock.h:58
lock_release+0x81/0x7b0 kernel/locking/lockdep.c:5636
might_alloc include/linux/sched/mm.h:199 [inline]
slab_pre_alloc_hook mm/slab.h:485 [inline]
slab_alloc_node mm/slub.c:2891 [inline]
slab_alloc mm/slub.c:2978 [inline]
kmem_cache_alloc+0x41/0x340 mm/slub.c:2983
kmem_cache_zalloc include/linux/slab.h:711 [inline]
attach_epitem fs/eventpoll.c:1414 [inline]
__schedule+0xc0f/0x11f0 kernel/sched/core.c:5940
preempt_schedule_notrace+0x12c/0x170 kernel/sched/core.c:6179
preempt_schedule_notrace_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:36
rcu_read_unlock_sched_notrace include/linux/rcupdate.h:809 [inline]
trace_lock_release+0x9f/0x140 include/trace/events/lock.h:58
lock_release+0x81/0x7b0 kernel/locking/lockdep.c:5636
might_alloc include/linux/sched/mm.h:199 [inline]
slab_pre_alloc_hook mm/slab.h:485 [inline]
slab_alloc_node mm/slub.c:2891 [inline]
slab_alloc mm/slub.c:2978 [inline]
kmem_cache_alloc+0x41/0x340 mm/slub.c:2983
kmem_cache_zalloc include/linux/slab.h:711 [inline]
ep_insert fs/eventpoll.c:1468 [inline]
do_epoll_ctl+0x13a7/0x2f70 fs/eventpoll.c:2133
__do_sys_epoll_ctl fs/eventpoll.c:2184 [inline]
__se_sys_epoll_ctl fs/eventpoll.c:2175 [inline]
__x64_sys_epoll_ctl+0x14e/0x190 fs/eventpoll.c:2175
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #0 (fs_reclaim){+.+.}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
vmalloc_user+0x70/0x80 mm/vmalloc.c:3082
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
kcov_mmap+0x28/0x130 kernel/kcov.c:465
call_mmap include/linux/fs.h:2119 [inline]
mmap_region+0x1410/0x1df0 mm/mmap.c:1809
do_mmap+0x930/0x11a0 mm/mmap.c:1585
vm_mmap_pgoff+0x19e/0x2b0 mm/util.c:519
ksys_mmap_pgoff+0x504/0x7b0 mm/mmap.c:1636
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(lock#2);
lock(fs_reclaim);
lock(lock#2);
lock(fs_reclaim);
*** DEADLOCK ***
2 locks held by syz-execprog/8416:
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(lock#2);
lock(fs_reclaim);
lock(lock#2);
lock(fs_reclaim);
*** DEADLOCK ***
#0: ffff8880161e0128 (&mm->mmap_lock#2){++++}-{3:3}, at: mmap_write_lock_killable include/linux/mmap_lock.h:87 [inline]
#0: ffff8880161e0128 (&mm->mmap_lock#2){++++}-{3:3}, at: vm_mmap_pgoff+0x14d/0x2b0 mm/util.c:517
#1: ffff8880b9b31088 (lock#2){-.-.}-{2:2}, at: local_lock_acquire+0x7/0x130 include/linux/local_lock_internal.h:41
stack backtrace:
CPU: 1 PID: 8416 Comm: syz-execprog Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2009
check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2131
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
vmalloc_user+0x70/0x80 mm/vmalloc.c:3082
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2009
check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2131
check_prev_add kernel/locking/lockdep.c:3051 [inline]
check_prevs_add+0x4f9/0x5b30 kernel/locking/lockdep.c:3174
validate_chain kernel/locking/lockdep.c:3789 [inline]
__lock_acquire+0x4476/0x6100 kernel/locking/lockdep.c:5015
lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
__fs_reclaim_acquire+0x20/0x30 mm/page_alloc.c:4564
fs_reclaim_acquire+0x59/0xf0 mm/page_alloc.c:4578
prepare_alloc_pages+0x151/0x5a0 mm/page_alloc.c:5176
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
kcov_mmap+0x28/0x130 kernel/kcov.c:465
call_mmap include/linux/fs.h:2119 [inline]
mmap_region+0x1410/0x1df0 mm/mmap.c:1809
do_mmap+0x930/0x11a0 mm/mmap.c:1585
vm_mmap_pgoff+0x19e/0x2b0 mm/util.c:519
ksys_mmap_pgoff+0x504/0x7b0 mm/mmap.c:1636
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4b132a
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Code: e8 db 57 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
RSP: 002b:000000c000173a10 EFLAGS: 00000202 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 000000c000020800 RCX: 00000000004b132a
RDX: 0000000000000003 RSI: 0000000000080000 RDI: 0000000000000000
RBP: 000000c000173a70 R08: 0000000000000006 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000727f1a
R13: 00000000000001f6 R14: 0000000000000200 R15: 0000000000000100
BUG: sleeping function called from invalid context at mm/page_alloc.c:5179
in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 8416, name: syz-execprog
INFO: lockdep is turned off.
irq event stamp: 70646
hardirqs last enabled at (70645): [<ffffffff89cf038b>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last enabled at (70645): [<ffffffff89cf038b>] _raw_spin_unlock_irqrestore+0x8b/0x120 kernel/locking/spinlock.c:191
hardirqs last disabled at (70646): [<ffffffff81be4351>] __alloc_pages_bulk+0x801/0x1090 mm/page_alloc.c:5291
softirqs last enabled at (69738): [<ffffffff814d4fbb>] invoke_softirq kernel/softirq.c:432 [inline]
softirqs last enabled at (69738): [<ffffffff814d4fbb>] __irq_exit_rcu+0x21b/0x260 kernel/softirq.c:636
softirqs last disabled at (69687): [<ffffffff814d4fbb>] invoke_softirq kernel/softirq.c:432 [inline]
softirqs last disabled at (69687): [<ffffffff814d4fbb>] __irq_exit_rcu+0x21b/0x260 kernel/softirq.c:636
CPU: 1 PID: 8416 Comm: syz-execprog Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
___might_sleep+0x4e5/0x6b0 kernel/sched/core.c:9153
prepare_alloc_pages+0x1c0/0x5a0 mm/page_alloc.c:5179
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
vmalloc_user+0x70/0x80 mm/vmalloc.c:3082
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:96
___might_sleep+0x4e5/0x6b0 kernel/sched/core.c:9153
prepare_alloc_pages+0x1c0/0x5a0 mm/page_alloc.c:5179
__alloc_pages+0x14d/0x5f0 mm/page_alloc.c:5375
stack_depot_save+0x361/0x490 lib/stackdepot.c:303
save_stack+0xf9/0x1f0 mm/page_owner.c:120
__set_page_owner+0x42/0x2f0 mm/page_owner.c:181
prep_new_page mm/page_alloc.c:2445 [inline]
__alloc_pages_bulk+0x9f2/0x1090 mm/page_alloc.c:5313
alloc_pages_bulk_array_node include/linux/gfp.h:557 [inline]
vm_area_alloc_pages mm/vmalloc.c:2775 [inline]
__vmalloc_area_node mm/vmalloc.c:2845 [inline]
__vmalloc_node_range+0x3ad/0x7f0 mm/vmalloc.c:2947
kcov_mmap+0x28/0x130 kernel/kcov.c:465
call_mmap include/linux/fs.h:2119 [inline]
mmap_region+0x1410/0x1df0 mm/mmap.c:1809
do_mmap+0x930/0x11a0 mm/mmap.c:1585
vm_mmap_pgoff+0x19e/0x2b0 mm/util.c:519
ksys_mmap_pgoff+0x504/0x7b0 mm/mmap.c:1636
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4b132a
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Code: e8 db 57 fb ff 48 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 4c 8b 54 24 28 4c 8b 44 24 30 4c 8b 4c 24 38 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 40 ff ff ff ff 48 c7 44 24 48
RSP: 002b:000000c000173a10 EFLAGS: 00000202 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 000000c000020800 RCX: 00000000004b132a
RDX: 0000000000000003 RSI: 0000000000080000 RDI: 0000000000000000
RBP: 000000c000173a70 R08: 0000000000000006 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000727f1a
R13: 00000000000001f6 R14: 0000000000000200 R15: 0000000000000100
Desmond Cheong Zhi Xi
Jul 7, 2021, 5:12:09 AM7/7/21
to syzbot+127fd7...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
syzbot
Jul 7, 2021, 5:41:06 AM7/7/21
to desmond...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
driver ath3k
[ 11.819632][ T1] CAPI 2.0 started up with major 68 (middleware)
[ 11.826349][ T1] Modular ISDN core version 1.1.29
[ 11.833144][ T1] NET: Registered PF_ISDN protocol family
[ 11.839703][ T1] DSP module 2.0
[ 11.843341][ T1] mISDN_dsp: DSP clocks every 80 samples. This equals 1 jiffies.
[ 11.855040][ T1] mISDN: Layer-1-over-IP driver Rev. 2.00
[ 11.863124][ T1] 0 virtual devices registered
[ 11.868612][ T1] usbcore: registered new interface driver HFC-S_USB
[ 11.876056][ T1] intel_pstate: CPU model not supported
[ 11.881722][ T1] VUB300 Driver rom wait states = 1C irqpoll timeout = 0400
[ 11.883207][ T1] usbcore: registered new interface driver vub300
[ 11.898235][ T1] usbcore: registered new interface driver ushc
[ 11.913838][ T1] iscsi: registered transport (iser)
[ 11.920795][ T1] SoftiWARP attached
[ 11.925508][ T1] Driver 'framebuffer' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.938207][ T1] Driver 'memconsole' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.950524][ T1] Driver 'vpd' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.973646][ T1] hid: raw HID events driver (C) Jiri Kosina
[ 12.035132][ T1] usbcore: registered new interface driver usbhid
[ 12.042732][ T1] usbhid: USB HID core driver
[ 12.052522][ T1] usbcore: registered new interface driver es2_ap_driver
[ 12.059869][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 12.067368][ T1] usbcore: registered new interface driver dt9812
[ 12.076292][ T1] usbcore: registered new interface driver ni6501
[ 12.085762][ T1] usbcore: registered new interface driver usbdux
[ 12.093429][ T1] usbcore: registered new interface driver usbduxfast
[ 12.101623][ T1] usbcore: registered new interface driver usbduxsigma
[ 12.109803][ T1] usbcore: registered new interface driver vmk80xx
[ 12.117425][ T1] usbcore: registered new interface driver prism2_usb
[ 12.125333][ T1] usbcore: registered new interface driver r8712u
[ 12.133770][ T1] ashmem: initialized
[ 12.138548][ T1] greybus: registered new driver hid
[ 12.146023][ T1] greybus: registered new driver gbphy
[ 12.152388][ T1] gb_gbphy: registered new driver usb
[ 12.157866][ T1] asus_wmi: ASUS WMI generic driver loaded
[ 12.258675][ T1] usbcore: registered new interface driver snd-usb-audio
[ 12.272019][ T1] usbcore: registered new interface driver snd-ua101
[ 12.279889][ T1] usbcore: registered new interface driver snd-usb-usx2y
[ 12.287758][ T1] usbcore: registered new interface driver snd-usb-us122l
[ 12.296311][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 12.304493][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 12.313551][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 12.321878][ T1] usbcore: registered new interface driver snd-bcd2000
[ 12.330483][ T1] usbcore: registered new interface driver snd_usb_pod
[ 12.341542][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 12.349521][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 12.358060][ T1] usbcore: registered new interface driver snd_usb_variax
[ 12.366405][ T1] drop_monitor: Initializing network drop monitor service
[ 12.375163][ T1] NET: Registered PF_LLC protocol family
[ 12.381568][ T1] GACT probability on
[ 12.385632][ T1] Mirror/redirect action on
[ 12.390430][ T1] Simple TC action Loaded
[ 12.397109][ T1] netem: version 1.3
[ 12.401906][ T1] u32 classifier
[ 12.405638][ T1] Performance counters on
[ 12.410876][ T1] input device check on
[ 12.415360][ T1] Actions configured
[ 12.421723][ T1] nf_conntrack_irc: failed to register helpers
[ 12.427957][ T1] nf_conntrack_sane: failed to register helpers
[ 12.482332][ T1] nf_conntrack_sip: failed to register helpers
[ 12.494562][ T1] xt_time: kernel timezone is -0000
[ 12.501312][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 12.508864][ T1] IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
[ 12.518142][ T1] IPVS: ipvs loaded.
[ 12.522395][ T1] IPVS: [rr] scheduler registered.
[ 12.527746][ T1] IPVS: [wrr] scheduler registered.
[ 12.533133][ T1] IPVS: [lc] scheduler registered.
[ 12.538724][ T1] IPVS: [wlc] scheduler registered.
[ 12.543952][ T1] IPVS: [fo] scheduler registered.
[ 12.549319][ T1] IPVS: [ovf] scheduler registered.
[ 12.554869][ T1] IPVS: [lblc] scheduler registered.
[ 12.560260][ T1] IPVS: [lblcr] scheduler registered.
[ 12.565695][ T1] IPVS: [dh] scheduler registered.
[ 12.570955][ T1] IPVS: [sh] scheduler registered.
[ 12.576864][ T1] IPVS: [mh] scheduler registered.
[ 12.582110][ T1] IPVS: [sed] scheduler registered.
[ 12.587923][ T1] IPVS: [nq] scheduler registered.
[ 12.593057][ T1] IPVS: [twos] scheduler registered.
[ 12.598541][ T1] IPVS: [sip] pe registered.
[ 12.603861][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 12.612594][ T1] gre: GRE over IPv4 demultiplexor driver
[ 12.618446][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 12.631706][ T1] IPv4 over IPsec tunneling driver
[ 12.641205][ T1] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[ 12.648941][ T1] Initializing XFRM netlink socket
[ 12.654334][ T1] IPsec XFRM device driver
[ 12.661490][ T1] NET: Registered PF_INET6 protocol family
[ 12.680545][ T1] Segment Routing with IPv6
[ 12.685107][ T1] RPL Segment Routing with IPv6
[ 12.690893][ T1] mip6: Mobile IPv6
[ 12.700694][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 12.713689][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 12.722917][ T1] NET: Registered PF_PACKET protocol family
[ 12.729526][ T1] NET: Registered PF_KEY protocol family
[ 12.736328][ T1] Bridge firewalling registered
[ 12.742907][ T1] NET: Registered PF_X25 protocol family
[ 12.749607][ T1] X25: Linux Version 0.2
[ 12.790970][ T1] NET: Registered PF_NETROM protocol family
[ 12.840832][ T1] NET: Registered PF_ROSE protocol family
[ 12.847127][ T1] NET: Registered PF_AX25 protocol family
[ 12.853066][ T1] can: controller area network core
[ 12.858881][ T1] NET: Registered PF_CAN protocol family
[ 12.864779][ T1] can: raw protocol
[ 12.868865][ T1] can: broadcast manager protocol
[ 12.874523][ T1] can: netlink gateway - max_hops=1
[ 12.881662][ T1] can: SAE J1939
[ 12.885405][ T1] can: isotp protocol
[ 12.890044][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 12.896304][ T1] Bluetooth: RFCOMM socket layer initialized
[ 12.902736][ T1] Bluetooth: RFCOMM ver 1.11
[ 12.907731][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 12.915884][ T1] Bluetooth: BNEP filters: protocol multicast
[ 12.922467][ T1] Bluetooth: BNEP socket layer initialized
[ 12.928903][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 12.935262][ T1] Bluetooth: CMTP socket layer initialized
[ 12.942083][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 12.949394][ T1] Bluetooth: HIDP socket layer initialized
[ 12.960070][ T1] NET: Registered PF_RXRPC protocol family
[ 12.966588][ T1] Key type rxrpc registered
[ 12.971574][ T1] Key type rxrpc_s registered
[ 12.978749][ T1] NET: Registered PF_KCM protocol family
[ 12.985741][ T1] lec:lane_module_init: lec.c: initialized
[ 12.992784][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 12.999253][ T1] l2tp_core: L2TP core driver, V2.0
[ 13.004637][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 13.010721][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 13.017769][ T1] l2tp_netlink: L2TP netlink interface
[ 13.023670][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 13.030742][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 13.038954][ T1] NET: Registered PF_PHONET protocol family
[ 13.045917][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 13.064135][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 13.070761][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 13.081548][ T1] sctp: Hash tables configured (bind 32/56)
[ 13.090672][ T1] NET: Registered PF_RDS protocol family
[ 13.097677][ T1] Registered RDS/infiniband transport
[ 13.104762][ T1] Registered RDS/tcp transport
[ 13.110557][ T1] tipc: Activated (version 2.0.0)
[ 13.117186][ T1] NET: Registered PF_TIPC protocol family
[ 13.124608][ T1] tipc: Started in single node mode
[ 13.132943][ T1] NET: Registered PF_SMC protocol family
[ 13.141127][ T1] 9pnet: Installing 9P2000 support
[ 13.148218][ T1] NET: Registered PF_CAIF protocol family
[ 13.160129][ T1] NET: Registered PF_IEEE802154 protocol family
[ 13.167511][ T1] Key type dns_resolver registered
[ 13.173716][ T1] Key type ceph registered
[ 13.179622][ T1] libceph: loaded (mon/osd proto 15/24)
[ 13.188099][ T1] batman_adv: B.A.T.M.A.N. advanced 2021.2 (compatibility version 15) loaded
[ 13.198081][ T1] openvswitch: Open vSwitch switching datapath
[ 13.208081][ T1] NET: Registered PF_VSOCK protocol family
[ 13.214365][ T1] mpls_gso: MPLS GSO support
[ 13.226416][ T1] IPI shorthand broadcast: enabled
[ 13.231945][ T1] AVX2 version of gcm_enc/dec engaged.
[ 13.238319][ T1] AES CTR mode by8 optimization enabled
[ 13.250904][ T1] sched_clock: Marking stable (13213052806, 37672188)->(13256962977, -6237983)
[ 13.262322][ T1] registered taskstats version 1
[ 13.276398][ T1] Loading compiled-in X.509 certificates
[ 13.284840][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 13.298119][ T1] zswap: loaded using pool lzo/zbud
[ 13.305298][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 13.316573][ T1] Key type ._fscrypt registered
[ 13.321671][ T1] Key type .fscrypt registered
[ 13.326430][ T1] Key type fscrypt-provisioning registered
[ 13.336805][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 13.344760][ T1] FS-Cache: Netfs 'afs' registered for caching
[ 13.362454][ T1] Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes
[ 13.372747][ T1] Key type big_key registered
[ 13.382023][ T1] Key type encrypted registered
[ 13.387375][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 13.394089][ T1] Loading compiled-in module X.509 certificates
[ 13.401411][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 13.412455][ T1] ima: Allocated hash algorithm: sha256
[ 13.418861][ T1] ima: No architecture policies found
[ 13.425046][ T1] evm: Initialising EVM extended attributes:
[ 13.432334][ T1] evm: security.selinux (disabled)
[ 13.438236][ T1] evm: security.SMACK64
[ 13.443967][ T1] evm: security.SMACK64EXEC
[ 13.449607][ T1] evm: security.SMACK64TRANSMUTE
[ 13.454764][ T1] evm: security.SMACK64MMAP
[ 13.459453][ T1] evm: security.apparmor (disabled)
[ 13.464756][ T1] evm: security.ima
[ 13.469237][ T1] evm: security.capability
[ 13.474353][ T1] evm: HMAC attrs: 0x1
[ 13.480999][ T1] PM: Magic number: 13:960:524
[ 13.489461][ T1] printk: console [netcon0] enabled
[ 13.494780][ T1] netconsole: network logging started
[ 13.501010][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 13.510711][ T1] rdma_rxe: loaded
[ 13.514940][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 13.526851][ T1] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 13.536406][ T5] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 13.541303][ T1] ALSA device list:
[ 13.546714][ T5] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 13.550072][ T1] #0: Dummy 1
[ 13.562656][ T1] #1: Loopback 1
[ 13.567375][ T1] #2: Virtual MIDI Card 1
[ 13.578445][ T1] md: Waiting for all devices to be available before autodetect
[ 13.587754][ T1] md: If you don't use raid, use raid=noautodetect
[ 13.594964][ T1] md: Autodetecting RAID arrays.
[ 13.600426][ T1] md: autorun ...
[ 13.604280][ T1] md: ... autorun DONE.
[ 13.612052][ T1] VFS: Cannot open root device "sda1" or unknown-block(0,0): error -6
[ 13.620624][ T1] Please append a correct "root=" boot option; here are the available partitions:
[ 13.630717][ T1] 0100 4096 ram0
[ 13.630732][ T1] (driver?)
[ 13.638724][ T1] 0101 4096 ram1
[ 13.638736][ T1] (driver?)
[ 13.647114][ T1] 0102 4096 ram2
[ 13.647126][ T1] (driver?)
[ 13.655034][ T1] 0103 4096 ram3
[ 13.655045][ T1] (driver?)
[ 13.662895][ T1] 0104 4096 ram4
[ 13.662907][ T1] (driver?)
[ 13.671149][ T1] 0105 4096 ram5
[ 13.671161][ T1] (driver?)
[ 13.679166][ T1] 0106 4096 ram6
[ 13.679185][ T1] (driver?)
[ 13.687227][ T1] 0107 4096 ram7
[ 13.687240][ T1] (driver?)
[ 13.696445][ T1] 0108 4096 ram8
[ 13.696458][ T1] (driver?)
[ 13.705460][ T1] 0109 4096 ram9
[ 13.705472][ T1] (driver?)
[ 13.713485][ T1] 010a 4096 ram10
[ 13.713502][ T1] (driver?)
[ 13.721672][ T1] 010b 4096 ram11
[ 13.721683][ T1] (driver?)
[ 13.730081][ T1] 010c 4096 ram12
[ 13.730093][ T1] (driver?)
[ 13.738081][ T1] 010d 4096 ram13
[ 13.738093][ T1] (driver?)
[ 13.746697][ T1] 010e 4096 ram14
[ 13.746709][ T1] (driver?)
[ 13.754819][ T1] 010f 4096 ram15
[ 13.754832][ T1] (driver?)
[ 13.764647][ T1] 1f00 128 mtdblock0
[ 13.764660][ T1] (driver?)
[ 13.773647][ T1] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 13.783364][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.13.0-syzkaller #0
[ 13.791862][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 13.803273][ T1] Call Trace:
[ 13.806558][ T1] dump_stack_lvl+0x1ae/0x29f
[ 13.812589][ T1] ? show_regs_print_info+0x12/0x12
[ 13.818243][ T1] ? vsnprintf+0x19e/0x1d60
[ 13.822745][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 13.828744][ T1] panic+0x2e1/0x850
[ 13.832720][ T1] ? trace_hardirqs_on+0x30/0x80
[ 13.838347][ T1] ? nmi_panic+0x90/0x90
[ 13.843053][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 13.848895][ T1] ? _raw_read_unlock+0x24/0x40
[ 13.854024][ T1] ? get_filesystem_list+0x11e/0x12c
[ 13.859597][ T1] ? do_mount_root+0x164/0x3c3
[ 13.864509][ T1] mount_block_root+0x3ab/0x4f5
[ 13.869552][ T1] ? root_delay_setup+0x22/0x22
[ 13.875213][ T1] ? memcpy+0x3c/0x60
[ 13.879669][ T1] prepare_namespace+0x1f3/0x22d
[ 13.884704][ T1] kernel_init_freeable+0x432/0x57e
[ 13.890431][ T1] ? report_meminit+0x64/0x64
[ 13.895218][ T1] ? _raw_spin_lock_irq+0xba/0xf0
[ 13.900514][ T1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 13.905710][ T1] ? lockdep_hardirqs_on+0x8d/0x130
[ 13.911353][ T1] ? rest_init+0x2e0/0x2e0
[ 13.916072][ T1] kernel_init+0x19/0x2a0
[ 13.920421][ T1] ? rest_init+0x2e0/0x2e0
[ 13.925194][ T1] ret_from_fork+0x1f/0x30
[ 13.932095][ T1] Kernel Offset: disabled
[ 13.936545][ T1] Rebooting in 86400 seconds..
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=15769a9c300000
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=3c33df3504e4c7c0
syzbot tried to test the proposed patch but the build/boot failed:
driver ath3k
[ 11.819632][ T1] CAPI 2.0 started up with major 68 (middleware)
[ 11.826349][ T1] Modular ISDN core version 1.1.29
[ 11.833144][ T1] NET: Registered PF_ISDN protocol family
[ 11.839703][ T1] DSP module 2.0
[ 11.843341][ T1] mISDN_dsp: DSP clocks every 80 samples. This equals 1 jiffies.
[ 11.855040][ T1] mISDN: Layer-1-over-IP driver Rev. 2.00
[ 11.863124][ T1] 0 virtual devices registered
[ 11.868612][ T1] usbcore: registered new interface driver HFC-S_USB
[ 11.876056][ T1] intel_pstate: CPU model not supported
[ 11.881722][ T1] VUB300 Driver rom wait states = 1C irqpoll timeout = 0400
[ 11.883207][ T1] usbcore: registered new interface driver vub300
[ 11.898235][ T1] usbcore: registered new interface driver ushc
[ 11.913838][ T1] iscsi: registered transport (iser)
[ 11.920795][ T1] SoftiWARP attached
[ 11.925508][ T1] Driver 'framebuffer' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.938207][ T1] Driver 'memconsole' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.950524][ T1] Driver 'vpd' was unable to register with bus_type 'coreboot' because the bus was not initialized.
[ 11.973646][ T1] hid: raw HID events driver (C) Jiri Kosina
[ 12.035132][ T1] usbcore: registered new interface driver usbhid
[ 12.042732][ T1] usbhid: USB HID core driver
[ 12.052522][ T1] usbcore: registered new interface driver es2_ap_driver
[ 12.059869][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 12.067368][ T1] usbcore: registered new interface driver dt9812
[ 12.076292][ T1] usbcore: registered new interface driver ni6501
[ 12.085762][ T1] usbcore: registered new interface driver usbdux
[ 12.093429][ T1] usbcore: registered new interface driver usbduxfast
[ 12.101623][ T1] usbcore: registered new interface driver usbduxsigma
[ 12.109803][ T1] usbcore: registered new interface driver vmk80xx
[ 12.117425][ T1] usbcore: registered new interface driver prism2_usb
[ 12.125333][ T1] usbcore: registered new interface driver r8712u
[ 12.133770][ T1] ashmem: initialized
[ 12.138548][ T1] greybus: registered new driver hid
[ 12.146023][ T1] greybus: registered new driver gbphy
[ 12.152388][ T1] gb_gbphy: registered new driver usb
[ 12.157866][ T1] asus_wmi: ASUS WMI generic driver loaded
[ 12.258675][ T1] usbcore: registered new interface driver snd-usb-audio
[ 12.272019][ T1] usbcore: registered new interface driver snd-ua101
[ 12.279889][ T1] usbcore: registered new interface driver snd-usb-usx2y
[ 12.287758][ T1] usbcore: registered new interface driver snd-usb-us122l
[ 12.296311][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 12.304493][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 12.313551][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 12.321878][ T1] usbcore: registered new interface driver snd-bcd2000
[ 12.330483][ T1] usbcore: registered new interface driver snd_usb_pod
[ 12.341542][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 12.349521][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 12.358060][ T1] usbcore: registered new interface driver snd_usb_variax
[ 12.366405][ T1] drop_monitor: Initializing network drop monitor service
[ 12.375163][ T1] NET: Registered PF_LLC protocol family
[ 12.381568][ T1] GACT probability on
[ 12.385632][ T1] Mirror/redirect action on
[ 12.390430][ T1] Simple TC action Loaded
[ 12.397109][ T1] netem: version 1.3
[ 12.401906][ T1] u32 classifier
[ 12.405638][ T1] Performance counters on
[ 12.410876][ T1] input device check on
[ 12.415360][ T1] Actions configured
[ 12.421723][ T1] nf_conntrack_irc: failed to register helpers
[ 12.427957][ T1] nf_conntrack_sane: failed to register helpers
[ 12.482332][ T1] nf_conntrack_sip: failed to register helpers
[ 12.494562][ T1] xt_time: kernel timezone is -0000
[ 12.501312][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 12.508864][ T1] IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
[ 12.518142][ T1] IPVS: ipvs loaded.
[ 12.522395][ T1] IPVS: [rr] scheduler registered.
[ 12.527746][ T1] IPVS: [wrr] scheduler registered.
[ 12.533133][ T1] IPVS: [lc] scheduler registered.
[ 12.538724][ T1] IPVS: [wlc] scheduler registered.
[ 12.543952][ T1] IPVS: [fo] scheduler registered.
[ 12.549319][ T1] IPVS: [ovf] scheduler registered.
[ 12.554869][ T1] IPVS: [lblc] scheduler registered.
[ 12.560260][ T1] IPVS: [lblcr] scheduler registered.
[ 12.565695][ T1] IPVS: [dh] scheduler registered.
[ 12.570955][ T1] IPVS: [sh] scheduler registered.
[ 12.576864][ T1] IPVS: [mh] scheduler registered.
[ 12.582110][ T1] IPVS: [sed] scheduler registered.
[ 12.587923][ T1] IPVS: [nq] scheduler registered.
[ 12.593057][ T1] IPVS: [twos] scheduler registered.
[ 12.598541][ T1] IPVS: [sip] pe registered.
[ 12.603861][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 12.612594][ T1] gre: GRE over IPv4 demultiplexor driver
[ 12.618446][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 12.631706][ T1] IPv4 over IPsec tunneling driver
[ 12.641205][ T1] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[ 12.648941][ T1] Initializing XFRM netlink socket
[ 12.654334][ T1] IPsec XFRM device driver
[ 12.661490][ T1] NET: Registered PF_INET6 protocol family
[ 12.680545][ T1] Segment Routing with IPv6
[ 12.685107][ T1] RPL Segment Routing with IPv6
[ 12.690893][ T1] mip6: Mobile IPv6
[ 12.700694][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 12.713689][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 12.722917][ T1] NET: Registered PF_PACKET protocol family
[ 12.729526][ T1] NET: Registered PF_KEY protocol family
[ 12.736328][ T1] Bridge firewalling registered
[ 12.742907][ T1] NET: Registered PF_X25 protocol family
[ 12.749607][ T1] X25: Linux Version 0.2
[ 12.790970][ T1] NET: Registered PF_NETROM protocol family
[ 12.840832][ T1] NET: Registered PF_ROSE protocol family
[ 12.847127][ T1] NET: Registered PF_AX25 protocol family
[ 12.853066][ T1] can: controller area network core
[ 12.858881][ T1] NET: Registered PF_CAN protocol family
[ 12.864779][ T1] can: raw protocol
[ 12.868865][ T1] can: broadcast manager protocol
[ 12.874523][ T1] can: netlink gateway - max_hops=1
[ 12.881662][ T1] can: SAE J1939
[ 12.885405][ T1] can: isotp protocol
[ 12.890044][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 12.896304][ T1] Bluetooth: RFCOMM socket layer initialized
[ 12.902736][ T1] Bluetooth: RFCOMM ver 1.11
[ 12.907731][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 12.915884][ T1] Bluetooth: BNEP filters: protocol multicast
[ 12.922467][ T1] Bluetooth: BNEP socket layer initialized
[ 12.928903][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 12.935262][ T1] Bluetooth: CMTP socket layer initialized
[ 12.942083][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 12.949394][ T1] Bluetooth: HIDP socket layer initialized
[ 12.960070][ T1] NET: Registered PF_RXRPC protocol family
[ 12.966588][ T1] Key type rxrpc registered
[ 12.971574][ T1] Key type rxrpc_s registered
[ 12.978749][ T1] NET: Registered PF_KCM protocol family
[ 12.985741][ T1] lec:lane_module_init: lec.c: initialized
[ 12.992784][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 12.999253][ T1] l2tp_core: L2TP core driver, V2.0
[ 13.004637][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 13.010721][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 13.017769][ T1] l2tp_netlink: L2TP netlink interface
[ 13.023670][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 13.030742][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 13.038954][ T1] NET: Registered PF_PHONET protocol family
[ 13.045917][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 13.064135][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 13.070761][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 13.081548][ T1] sctp: Hash tables configured (bind 32/56)
[ 13.090672][ T1] NET: Registered PF_RDS protocol family
[ 13.097677][ T1] Registered RDS/infiniband transport
[ 13.104762][ T1] Registered RDS/tcp transport
[ 13.110557][ T1] tipc: Activated (version 2.0.0)
[ 13.117186][ T1] NET: Registered PF_TIPC protocol family
[ 13.124608][ T1] tipc: Started in single node mode
[ 13.132943][ T1] NET: Registered PF_SMC protocol family
[ 13.141127][ T1] 9pnet: Installing 9P2000 support
[ 13.148218][ T1] NET: Registered PF_CAIF protocol family
[ 13.160129][ T1] NET: Registered PF_IEEE802154 protocol family
[ 13.167511][ T1] Key type dns_resolver registered
[ 13.173716][ T1] Key type ceph registered
[ 13.179622][ T1] libceph: loaded (mon/osd proto 15/24)
[ 13.188099][ T1] batman_adv: B.A.T.M.A.N. advanced 2021.2 (compatibility version 15) loaded
[ 13.198081][ T1] openvswitch: Open vSwitch switching datapath
[ 13.208081][ T1] NET: Registered PF_VSOCK protocol family
[ 13.214365][ T1] mpls_gso: MPLS GSO support
[ 13.226416][ T1] IPI shorthand broadcast: enabled
[ 13.231945][ T1] AVX2 version of gcm_enc/dec engaged.
[ 13.238319][ T1] AES CTR mode by8 optimization enabled
[ 13.250904][ T1] sched_clock: Marking stable (13213052806, 37672188)->(13256962977, -6237983)
[ 13.262322][ T1] registered taskstats version 1
[ 13.276398][ T1] Loading compiled-in X.509 certificates
[ 13.284840][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 13.298119][ T1] zswap: loaded using pool lzo/zbud
[ 13.305298][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 13.316573][ T1] Key type ._fscrypt registered
[ 13.321671][ T1] Key type .fscrypt registered
[ 13.326430][ T1] Key type fscrypt-provisioning registered
[ 13.336805][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 13.344760][ T1] FS-Cache: Netfs 'afs' registered for caching
[ 13.362454][ T1] Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes
[ 13.372747][ T1] Key type big_key registered
[ 13.382023][ T1] Key type encrypted registered
[ 13.387375][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 13.394089][ T1] Loading compiled-in module X.509 certificates
[ 13.401411][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: f850c787ad998c396ae089c083b940ff0a9abb77'
[ 13.412455][ T1] ima: Allocated hash algorithm: sha256
[ 13.418861][ T1] ima: No architecture policies found
[ 13.425046][ T1] evm: Initialising EVM extended attributes:
[ 13.432334][ T1] evm: security.selinux (disabled)
[ 13.438236][ T1] evm: security.SMACK64
[ 13.443967][ T1] evm: security.SMACK64EXEC
[ 13.449607][ T1] evm: security.SMACK64TRANSMUTE
[ 13.454764][ T1] evm: security.SMACK64MMAP
[ 13.459453][ T1] evm: security.apparmor (disabled)
[ 13.464756][ T1] evm: security.ima
[ 13.469237][ T1] evm: security.capability
[ 13.474353][ T1] evm: HMAC attrs: 0x1
[ 13.480999][ T1] PM: Magic number: 13:960:524
[ 13.489461][ T1] printk: console [netcon0] enabled
[ 13.494780][ T1] netconsole: network logging started
[ 13.501010][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 13.510711][ T1] rdma_rxe: loaded
[ 13.514940][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 13.526851][ T1] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 13.536406][ T5] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 13.541303][ T1] ALSA device list:
[ 13.546714][ T5] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 13.550072][ T1] #0: Dummy 1
[ 13.562656][ T1] #1: Loopback 1
[ 13.567375][ T1] #2: Virtual MIDI Card 1
[ 13.578445][ T1] md: Waiting for all devices to be available before autodetect
[ 13.587754][ T1] md: If you don't use raid, use raid=noautodetect
[ 13.594964][ T1] md: Autodetecting RAID arrays.
[ 13.600426][ T1] md: autorun ...
[ 13.604280][ T1] md: ... autorun DONE.
[ 13.612052][ T1] VFS: Cannot open root device "sda1" or unknown-block(0,0): error -6
[ 13.620624][ T1] Please append a correct "root=" boot option; here are the available partitions:
[ 13.630717][ T1] 0100 4096 ram0
[ 13.630732][ T1] (driver?)
[ 13.638724][ T1] 0101 4096 ram1
[ 13.638736][ T1] (driver?)
[ 13.647114][ T1] 0102 4096 ram2
[ 13.647126][ T1] (driver?)
[ 13.655034][ T1] 0103 4096 ram3
[ 13.655045][ T1] (driver?)
[ 13.662895][ T1] 0104 4096 ram4
[ 13.662907][ T1] (driver?)
[ 13.671149][ T1] 0105 4096 ram5
[ 13.671161][ T1] (driver?)
[ 13.679166][ T1] 0106 4096 ram6
[ 13.679185][ T1] (driver?)
[ 13.687227][ T1] 0107 4096 ram7
[ 13.687240][ T1] (driver?)
[ 13.696445][ T1] 0108 4096 ram8
[ 13.696458][ T1] (driver?)
[ 13.705460][ T1] 0109 4096 ram9
[ 13.705472][ T1] (driver?)
[ 13.713485][ T1] 010a 4096 ram10
[ 13.713502][ T1] (driver?)
[ 13.721672][ T1] 010b 4096 ram11
[ 13.721683][ T1] (driver?)
[ 13.730081][ T1] 010c 4096 ram12
[ 13.730093][ T1] (driver?)
[ 13.738081][ T1] 010d 4096 ram13
[ 13.738093][ T1] (driver?)
[ 13.746697][ T1] 010e 4096 ram14
[ 13.746709][ T1] (driver?)
[ 13.754819][ T1] 010f 4096 ram15
[ 13.754832][ T1] (driver?)
[ 13.764647][ T1] 1f00 128 mtdblock0
[ 13.764660][ T1] (driver?)
[ 13.773647][ T1] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 13.783364][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.13.0-syzkaller #0
[ 13.791862][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 13.803273][ T1] Call Trace:
[ 13.806558][ T1] dump_stack_lvl+0x1ae/0x29f
[ 13.812589][ T1] ? show_regs_print_info+0x12/0x12
[ 13.818243][ T1] ? vsnprintf+0x19e/0x1d60
[ 13.822745][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 13.828744][ T1] panic+0x2e1/0x850
[ 13.832720][ T1] ? trace_hardirqs_on+0x30/0x80
[ 13.838347][ T1] ? nmi_panic+0x90/0x90
[ 13.843053][ T1] ? log_buf_vmcoreinfo_setup+0x498/0x498
[ 13.848895][ T1] ? _raw_read_unlock+0x24/0x40
[ 13.854024][ T1] ? get_filesystem_list+0x11e/0x12c
[ 13.859597][ T1] ? do_mount_root+0x164/0x3c3
[ 13.864509][ T1] mount_block_root+0x3ab/0x4f5
[ 13.869552][ T1] ? root_delay_setup+0x22/0x22
[ 13.875213][ T1] ? memcpy+0x3c/0x60
[ 13.879669][ T1] prepare_namespace+0x1f3/0x22d
[ 13.884704][ T1] kernel_init_freeable+0x432/0x57e
[ 13.890431][ T1] ? report_meminit+0x64/0x64
[ 13.895218][ T1] ? _raw_spin_lock_irq+0xba/0xf0
[ 13.900514][ T1] ? _raw_spin_unlock_irq+0x1f/0x40
[ 13.905710][ T1] ? lockdep_hardirqs_on+0x8d/0x130
[ 13.911353][ T1] ? rest_init+0x2e0/0x2e0
[ 13.916072][ T1] kernel_init+0x19/0x2a0
[ 13.920421][ T1] ? rest_init+0x2e0/0x2e0
[ 13.925194][ T1] ret_from_fork+0x1f/0x30
[ 13.932095][ T1] Kernel Offset: disabled
[ 13.936545][ T1] Rebooting in 86400 seconds..
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=15769a9c300000
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=3c33df3504e4c7c0
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
patch: https://syzkaller.appspot.com/x/patch.diff?x=17dc5ee4300000
compiler: Debian clang version 11.0.1-2
Desmond Cheong Zhi Xi
Jul 7, 2021, 5:48:09 AM7/7/21
to syzbot, syzkall...@googlegroups.com
Best,
Desmond
syzbot
Jul 7, 2021, 6:16:12 AM7/7/21
to desmond...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: sleeping function called from invalid context in lock_sock_nested
BUG: sleeping function called from invalid context at net/core/sock.c:3100
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8831, name: syz-executor.2
1 lock held by syz-executor.2/8831:
#0: ffffffff8d899000 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x2b6/0x630 net/bluetooth/hci_sock.c:763
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 8831 Comm: syz-executor.2 Not tainted 5.13.0-syzkaller #0
___might_sleep+0x4e5/0x6b0 kernel/sched/core.c:9153
lock_sock_nested+0x34/0x110 net/core/sock.c:3100
lock_sock include/net/sock.h:1610 [inline]
hci_sock_dev_event+0x30a/0x630 net/bluetooth/hci_sock.c:765
hci_unregister_dev+0x487/0x19b0 net/bluetooth/hci_core.c:4033
vhci_release+0x73/0xc0 drivers/bluetooth/hci_vhci.c:340
__fput+0x352/0x7b0 fs/file_table.c:280
task_work_run+0x146/0x1c0 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0x72b/0x2510 kernel/exit.c:825
do_group_exit+0x168/0x2d0 kernel/exit.c:922
__do_sys_exit_group+0x13/0x20 kernel/exit.c:933
__se_sys_exit_group+0x10/0x10 kernel/exit.c:931
__x64_sys_exit_group+0x37/0x40 kernel/exit.c:931
Code: Unable to access opcode bytes at RIP 0x4665af.
RSP: 002b:00007ffc469de068 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffc469de828 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffc469de828
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef54
R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538
======================================================
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10759efbd00000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: sleeping function called from invalid context in lock_sock_nested
BUG: sleeping function called from invalid context at net/core/sock.c:3100
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 8831, name: syz-executor.2
1 lock held by syz-executor.2/8831:
#0: ffffffff8d899000 (hci_sk_list.lock){++++}-{2:2}, at: hci_sock_dev_event+0x2b6/0x630 net/bluetooth/hci_sock.c:763
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 8831 Comm: syz-executor.2 Not tainted 5.13.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack_lvl+0x1d3/0x29f lib/dump_stack.c:96
__dump_stack lib/dump_stack.c:79 [inline]
___might_sleep+0x4e5/0x6b0 kernel/sched/core.c:9153
lock_sock_nested+0x34/0x110 net/core/sock.c:3100
lock_sock include/net/sock.h:1610 [inline]
hci_sock_dev_event+0x30a/0x630 net/bluetooth/hci_sock.c:765
hci_unregister_dev+0x487/0x19b0 net/bluetooth/hci_core.c:4033
vhci_release+0x73/0xc0 drivers/bluetooth/hci_vhci.c:340
__fput+0x352/0x7b0 fs/file_table.c:280
task_work_run+0x146/0x1c0 kernel/task_work.c:164
exit_task_work include/linux/task_work.h:32 [inline]
do_exit+0x72b/0x2510 kernel/exit.c:825
do_group_exit+0x168/0x2d0 kernel/exit.c:922
__do_sys_exit_group+0x13/0x20 kernel/exit.c:933
__se_sys_exit_group+0x10/0x10 kernel/exit.c:931
__x64_sys_exit_group+0x37/0x40 kernel/exit.c:931
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665d9
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
Code: Unable to access opcode bytes at RIP 0x4665af.
RSP: 002b:00007ffc469de068 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffc469de828 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
RBP: 0000000000000000 R08: 0000000000000025 R09: 00007ffc469de828
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000004bef54
R13: 0000000000000010 R14: 0000000000000000 R15: 0000000000400538
======================================================
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=3c33df3504e4c7c0
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
patch: https://syzkaller.appspot.com/x/patch.diff?x=14994628300000
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
Desmond Cheong Zhi Xi
Jul 7, 2021, 6:21:14 AM7/7/21
to syzbot, syzkall...@googlegroups.com
invalid context in lock_sock_nested (2).
Best,
Desmond
syzbot
Jul 7, 2021, 6:53:10 AM7/7/21
to desmond...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+127fd7...@syzkaller.appspotmail.com
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+127fd7...@syzkaller.appspotmail.com
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=3c33df3504e4c7c0
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
patch: https://syzkaller.appspot.com/x/patch.diff?x=156869c4300000
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
Note: testing is done by a robot and is best-effort only.
Desmond Cheong Zhi Xi
Jul 7, 2021, 9:20:18 AM7/7/21
to syzbot, syzkall...@googlegroups.com
Testing Mel Gorman's patch.
Best,
Desmond
Best,
Desmond
syzbot
Jul 7, 2021, 2:29:10 PM7/7/21
to desmond...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+127fd7...@syzkaller.appspotmail.com
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=3c33df3504e4c7c0
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
patch: https://syzkaller.appspot.com/x/patch.diff?x=142d30d2300000
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+127fd7...@syzkaller.appspotmail.com
Tested on:
commit: 77d34a46 Merge tag 'for-linus' of git://git.armlinux.org.u..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=3c33df3504e4c7c0
dashboard link: https://syzkaller.appspot.com/bug?extid=127fd7828d6eeb611703
compiler: Debian clang version 11.0.1-2
Reply all
Reply to author
Forward
0 new messages