[v6.1] BUG: sleeping function called from invalid context in get_dist_table
2 views
Skip to first unread message
syzbot
Jun 28, 2023, 8:49:55 AM6/28/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a1c449d00ff8 Linux 6.1.36
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17219c9f280000
kernel config: https://syzkaller.appspot.com/x/.config?x=88fba5343539f90e
dashboard link: https://syzkaller.appspot.com/bug?extid=8f0d418a958eee1a9131
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c419b02b39/disk-a1c449d0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cc8fc6c3c06c/vmlinux-a1c449d0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7ed5c1022bfe/Image-a1c449d0.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8f0d41...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4350, name: syz-executor.2
preempt_count: 201, expected: 0
RCU nest depth: 0, expected: 0
2 locks held by syz-executor.2/4350:
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
#1: ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
Preemption disabled at:
[<ffff8000106bed08>] sch_tree_lock+0x120/0x1d4
CPU: 0 PID: 4350 Comm: syz-executor.2 Not tainted 6.1.36-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__might_resched+0x37c/0x4d8 kernel/sched/core.c:9941
__might_sleep+0x90/0xe4 kernel/sched/core.c:9870
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:710 [inline]
slab_alloc_node mm/slub.c:3318 [inline]
__kmem_cache_alloc_node+0x74/0x388 mm/slub.c:3437
__do_kmalloc_node mm/slab_common.c:954 [inline]
__kmalloc_node+0xcc/0x1d0 mm/slab_common.c:962
kmalloc_node include/linux/slab.h:579 [inline]
kvmalloc_node+0x84/0x1e4 mm/util.c:581
kvmalloc include/linux/slab.h:706 [inline]
get_dist_table+0xa0/0x354 net/sched/sch_netem.c:788
netem_change+0x754/0x1900 net/sched/sch_netem.c:985
netem_init+0x54/0xb8 net/sched/sch_netem.c:1072
qdisc_create+0x70c/0xe64 net/sched/sch_api.c:1314
tc_modify_qdisc+0x9f0/0x1840
rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6097
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2524
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6115
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1354
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1902
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
____sys_sendmsg+0x558/0x844 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
============================================
WARNING: possible recursive locking detected
6.1.36-syzkaller #0 Tainted: G W
--------------------------------------------
syz-executor.2/4350 is trying to acquire lock:
ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline]
ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: get_dist_table+0x240/0x354 net/sched/sch_netem.c:798
but task is already holding lock:
ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sch->q.lock);
lock(&sch->q.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syz-executor.2/4350:
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
#1: ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
stack backtrace:
CPU: 0 PID: 4350 Comm: syz-executor.2 Tainted: G W 6.1.36-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__lock_acquire+0x6310/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x54/0x6c kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:355 [inline]
get_dist_table+0x240/0x354 net/sched/sch_netem.c:798
netem_change+0x754/0x1900 net/sched/sch_netem.c:985
netem_init+0x54/0xb8 net/sched/sch_netem.c:1072
qdisc_create+0x70c/0xe64 net/sched/sch_api.c:1314
tc_modify_qdisc+0x9f0/0x1840
rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6097
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2524
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6115
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1354
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1902
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
____sys_sendmsg+0x558/0x844 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: a1c449d00ff8 Linux 6.1.36
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17219c9f280000
kernel config: https://syzkaller.appspot.com/x/.config?x=88fba5343539f90e
dashboard link: https://syzkaller.appspot.com/bug?extid=8f0d418a958eee1a9131
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c419b02b39/disk-a1c449d0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cc8fc6c3c06c/vmlinux-a1c449d0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7ed5c1022bfe/Image-a1c449d0.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8f0d41...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4350, name: syz-executor.2
preempt_count: 201, expected: 0
RCU nest depth: 0, expected: 0
2 locks held by syz-executor.2/4350:
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
#1: ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
Preemption disabled at:
[<ffff8000106bed08>] sch_tree_lock+0x120/0x1d4
CPU: 0 PID: 4350 Comm: syz-executor.2 Not tainted 6.1.36-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__might_resched+0x37c/0x4d8 kernel/sched/core.c:9941
__might_sleep+0x90/0xe4 kernel/sched/core.c:9870
might_alloc include/linux/sched/mm.h:274 [inline]
slab_pre_alloc_hook mm/slab.h:710 [inline]
slab_alloc_node mm/slub.c:3318 [inline]
__kmem_cache_alloc_node+0x74/0x388 mm/slub.c:3437
__do_kmalloc_node mm/slab_common.c:954 [inline]
__kmalloc_node+0xcc/0x1d0 mm/slab_common.c:962
kmalloc_node include/linux/slab.h:579 [inline]
kvmalloc_node+0x84/0x1e4 mm/util.c:581
kvmalloc include/linux/slab.h:706 [inline]
get_dist_table+0xa0/0x354 net/sched/sch_netem.c:788
netem_change+0x754/0x1900 net/sched/sch_netem.c:985
netem_init+0x54/0xb8 net/sched/sch_netem.c:1072
qdisc_create+0x70c/0xe64 net/sched/sch_api.c:1314
tc_modify_qdisc+0x9f0/0x1840
rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6097
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2524
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6115
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1354
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1902
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
____sys_sendmsg+0x558/0x844 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
============================================
WARNING: possible recursive locking detected
6.1.36-syzkaller #0 Tainted: G W
--------------------------------------------
syz-executor.2/4350 is trying to acquire lock:
ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline]
ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: get_dist_table+0x240/0x354 net/sched/sch_netem.c:798
but task is already holding lock:
ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sch->q.lock);
lock(&sch->q.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syz-executor.2/4350:
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
#1: ffff0000cb3c4108 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
stack backtrace:
CPU: 0 PID: 4350 Comm: syz-executor.2 Tainted: G W 6.1.36-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__lock_acquire+0x6310/0x764c kernel/locking/lockdep.c:5056
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5669
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x54/0x6c kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:355 [inline]
get_dist_table+0x240/0x354 net/sched/sch_netem.c:798
netem_change+0x754/0x1900 net/sched/sch_netem.c:985
netem_init+0x54/0xb8 net/sched/sch_netem.c:1072
qdisc_create+0x70c/0xe64 net/sched/sch_api.c:1314
tc_modify_qdisc+0x9f0/0x1840
rtnetlink_rcv_msg+0x72c/0xd94 net/core/rtnetlink.c:6097
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2524
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:6115
netlink_unicast_kernel net/netlink/af_netlink.c:1328 [inline]
netlink_unicast+0x660/0x8d4 net/netlink/af_netlink.c:1354
netlink_sendmsg+0x834/0xb18 net/netlink/af_netlink.c:1902
sock_sendmsg_nosec net/socket.c:716 [inline]
sock_sendmsg net/socket.c:736 [inline]
____sys_sendmsg+0x558/0x844 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x26c/0x33c net/socket.c:2565
__do_sys_sendmsg net/socket.c:2574 [inline]
__se_sys_sendmsg net/socket.c:2572 [inline]
__arm64_sys_sendmsg+0x80/0x94 net/socket.c:2572
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 28, 2023, 11:16:51 AM6/28/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4af60700a60c Linux 5.15.119
syzbot found the following issue on:
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14e005e0a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=ba2032bf87adc4c7
dashboard link: https://syzkaller.appspot.com/bug?extid=a449d7295ec805524294
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/5a37f09fce32/disk-4af60700.raw.xz
Downloadable assets:
vmlinux: https://storage.googleapis.com/syzbot-assets/28ef8a07cc8f/vmlinux-4af60700.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ff6087a74939/bzImage-4af60700.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5511, name: syz-executor.4
2 locks held by syz-executor.4/5511:
#0: ffffffff8d9de208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9de208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5590
#1: ffff88802a762108 (&sch->q.lock){+...}-{2:2}, at: netem_change+0x257/0x20c0 net/sched/sch_netem.c:972
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 5511 Comm: syz-executor.4 Not tainted 5.15.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
___might_sleep+0x547/0x6a0 kernel/sched/core.c:9625
might_alloc include/linux/sched/mm.h:209 [inline]
slab_pre_alloc_hook+0x44/0xc0 mm/slab.h:492
slab_alloc_node mm/slub.c:3134 [inline]
__kmalloc_node+0x71/0x390 mm/slub.c:4451
kmalloc_node include/linux/slab.h:614 [inline]
kvmalloc_node+0x80/0x140 mm/util.c:619
kvmalloc include/linux/mm.h:805 [inline]
get_dist_table+0x83/0x2c0 net/sched/sch_netem.c:788
netem_change+0xa05/0x20c0 net/sched/sch_netem.c:988
netem_init+0x58/0xb0 net/sched/sch_netem.c:1075
qdisc_create+0x8ae/0x1390 net/sched/sch_api.c:1264
tc_modify_qdisc+0xac5/0x1710
rtnetlink_rcv_msg+0x993/0xee0 net/core/rtnetlink.c:5593
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2504
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1923
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2412
___sys_sendmsg+0x252/0x2e0 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2502
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f840af20389
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8409492168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f840b03ff80 RCX: 00007f840af20389
RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 000000000000000a
RBP: 00007f840af6b493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffde12562bf R14: 00007f8409492300 R15: 0000000000022000
</TASK>
============================================
WARNING: possible recursive locking detected
--------------------------------------------
syz-executor.4/5511 is trying to acquire lock:
ffff88802a762108 (&sch->q.lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:368 [inline]
ffff88802a762108 (&sch->q.lock){+...}-{2:2}, at: get_dist_table+0x1fa/0x2c0 net/sched/sch_netem.c:798
but task is already holding lock:
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sch->q.lock);
lock(&sch->q.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
#0: ffffffff8d9de208 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffffffff8d9de208 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x94c/0xee0 net/core/rtnetlink.c:5590
#1: ffff88802a762108 (&sch->q.lock){+...}-{2:2}, at: netem_change+0x257/0x20c0 net/sched/sch_netem.c:972
stack backtrace:
CPU: 1 PID: 5511 Comm: syz-executor.4 Tainted: G W 5.15.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
print_deadlock_bug kernel/locking/lockdep.c:2946 [inline]
check_deadlock kernel/locking/lockdep.c:2989 [inline]
validate_chain+0x46cf/0x58b0 kernel/locking/lockdep.c:3774
__lock_acquire+0x1295/0x1ff0 kernel/locking/lockdep.c:5011
lock_acquire+0x1db/0x4f0 kernel/locking/lockdep.c:5622
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:368 [inline]
get_dist_table+0x1fa/0x2c0 net/sched/sch_netem.c:798
netem_change+0xa05/0x20c0 net/sched/sch_netem.c:988
netem_init+0x58/0xb0 net/sched/sch_netem.c:1075
qdisc_create+0x8ae/0x1390 net/sched/sch_api.c:1264
tc_modify_qdisc+0xac5/0x1710
rtnetlink_rcv_msg+0x993/0xee0 net/core/rtnetlink.c:5593
netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2504
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x7b6/0x980 net/netlink/af_netlink.c:1356
netlink_sendmsg+0xa30/0xd60 net/netlink/af_netlink.c:1923
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x59e/0x8f0 net/socket.c:2412
___sys_sendmsg+0x252/0x2e0 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg+0x19a/0x260 net/socket.c:2502
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f840af20389
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8409492168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f840b03ff80 RCX: 00007f840af20389
RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 000000000000000a
RBP: 00007f840af6b493 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffde12562bf R14: 00007f8409492300 R15: 0000000000022000
</TASK>
syzbot
Jun 29, 2023, 1:35:00 AM6/29/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 4af60700a60c Linux 5.15.119
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1342849f280000
kernel config: https://syzkaller.appspot.com/x/.config?x=f95d07036b0504a8
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=122b41e0a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d96f50a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1a4abe225b30/disk-4af60700.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c57a50e7d39b/vmlinux-4af60700.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c21012530aba/Image-4af60700.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a449d7...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3960, name: syz-executor633
2 locks held by syz-executor633/3960:
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac net/core/rtnetlink.c:5590
#1: ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: netem_change+0x22c/0x1a90 net/sched/sch_netem.c:972
Preemption disabled at:
[<ffff800010049c20>] netem_change+0x22c/0x1a90 net/sched/sch_netem.c:972
CPU: 1 PID: 3960 Comm: syz-executor633 Not tainted 5.15.119-syzkaller #0
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__might_sleep+0x98/0xf0 kernel/sched/core.c:9579
might_alloc include/linux/sched/mm.h:209 [inline]
slab_pre_alloc_hook+0x58/0xe8 mm/slab.h:492
slab_alloc_node mm/slub.c:3134 [inline]
__kmalloc_node+0xbc/0x5b8 mm/slub.c:4451
kmalloc_node include/linux/slab.h:614 [inline]
kvmalloc_node+0x88/0x204 mm/util.c:619
kvmalloc include/linux/mm.h:805 [inline]
get_dist_table+0x9c/0x2a4 net/sched/sch_netem.c:788
netem_change+0x7cc/0x1a90 net/sched/sch_netem.c:988
netem_init+0x54/0xb8 net/sched/sch_netem.c:1075
qdisc_create+0x6fc/0xf44 net/sched/sch_api.c:1264
tc_modify_qdisc+0x8dc/0x1344
rtnetlink_rcv_msg+0xa74/0xdac net/core/rtnetlink.c:5593
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2504
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:5611
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x664/0x938 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x844/0xb38 net/netlink/af_netlink.c:1923
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
============================================
WARNING: possible recursive locking detected
5.15.119-syzkaller #0 Tainted: G W
--------------------------------------------
syz-executor633/3960 is trying to acquire lock:
ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:368 [inline]
ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: get_dist_table+0x1f0/0x2a4 net/sched/sch_netem.c:798
but task is already holding lock:
ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: netem_change+0x22c/0x1a90 net/sched/sch_netem.c:972
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sch->q.lock);
lock(&sch->q.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syz-executor633/3960:
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac net/core/rtnetlink.c:5590
#1: ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: netem_change+0x22c/0x1a90 net/sched/sch_netem.c:972
stack backtrace:
CPU: 1 PID: 3960 Comm: syz-executor633 Tainted: G W 5.15.119-syzkaller #0
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x124/0x1c4 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:368 [inline]
get_dist_table+0x1f0/0x2a4 net/sched/sch_netem.c:798
netem_change+0x7cc/0x1a90 net/sched/sch_netem.c:988
netem_init+0x54/0xb8 net/sched/sch_netem.c:1075
qdisc_create+0x6fc/0xf44 net/sched/sch_api.c:1264
tc_modify_qdisc+0x8dc/0x1344
rtnetlink_rcv_msg+0xa74/0xdac net/core/rtnetlink.c:5593
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2504
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:5611
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x664/0x938 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x844/0xb38 net/netlink/af_netlink.c:1923
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 4af60700a60c Linux 5.15.119
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=f95d07036b0504a8
dashboard link: https://syzkaller.appspot.com/bug?extid=a449d7295ec805524294
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=122b41e0a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d96f50a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1a4abe225b30/disk-4af60700.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c57a50e7d39b/vmlinux-4af60700.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c21012530aba/Image-4af60700.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a449d7...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209
2 locks held by syz-executor633/3960:
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac net/core/rtnetlink.c:5590
#1: ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: netem_change+0x22c/0x1a90 net/sched/sch_netem.c:972
Preemption disabled at:
[<ffff800010049c20>] netem_change+0x22c/0x1a90 net/sched/sch_netem.c:972
CPU: 1 PID: 3960 Comm: syz-executor633 Not tainted 5.15.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
___might_sleep+0x380/0x4dc kernel/sched/core.c:9625
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__might_sleep+0x98/0xf0 kernel/sched/core.c:9579
might_alloc include/linux/sched/mm.h:209 [inline]
slab_pre_alloc_hook+0x58/0xe8 mm/slab.h:492
slab_alloc_node mm/slub.c:3134 [inline]
__kmalloc_node+0xbc/0x5b8 mm/slub.c:4451
kmalloc_node include/linux/slab.h:614 [inline]
kvmalloc_node+0x88/0x204 mm/util.c:619
kvmalloc include/linux/mm.h:805 [inline]
get_dist_table+0x9c/0x2a4 net/sched/sch_netem.c:788
netem_change+0x7cc/0x1a90 net/sched/sch_netem.c:988
netem_init+0x54/0xb8 net/sched/sch_netem.c:1075
qdisc_create+0x6fc/0xf44 net/sched/sch_api.c:1264
tc_modify_qdisc+0x8dc/0x1344
rtnetlink_rcv_msg+0xa74/0xdac net/core/rtnetlink.c:5593
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2504
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:5611
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x664/0x938 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x844/0xb38 net/netlink/af_netlink.c:1923
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x584/0x870 net/socket.c:2412
sock_sendmsg net/socket.c:724 [inline]
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg net/socket.c:2502 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
============================================
WARNING: possible recursive locking detected
5.15.119-syzkaller #0 Tainted: G W
--------------------------------------------
ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:368 [inline]
ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: get_dist_table+0x1f0/0x2a4 net/sched/sch_netem.c:798
but task is already holding lock:
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sch->q.lock);
lock(&sch->q.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:72 [inline]
#0: ffff8000169d6ea8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac net/core/rtnetlink.c:5590
#1: ffff0000c120e108 (&sch->q.lock){+...}-{2:2}, at: netem_change+0x22c/0x1a90 net/sched/sch_netem.c:972
stack backtrace:
CPU: 1 PID: 3960 Comm: syz-executor633 Tainted: G W 5.15.119-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__lock_acquire+0x62b4/0x7620 kernel/locking/lockdep.c:5011
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5622
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x124/0x1c4 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:368 [inline]
get_dist_table+0x1f0/0x2a4 net/sched/sch_netem.c:798
netem_change+0x7cc/0x1a90 net/sched/sch_netem.c:988
netem_init+0x54/0xb8 net/sched/sch_netem.c:1075
qdisc_create+0x6fc/0xf44 net/sched/sch_api.c:1264
tc_modify_qdisc+0x8dc/0x1344
rtnetlink_rcv_msg+0xa74/0xdac net/core/rtnetlink.c:5593
netlink_rcv_skb+0x20c/0x3b8 net/netlink/af_netlink.c:2504
rtnetlink_rcv+0x28/0x38 net/core/rtnetlink.c:5611
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x664/0x938 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x844/0xb38 net/netlink/af_netlink.c:1923
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg net/socket.c:724 [inline]
____sys_sendmsg+0x584/0x870 net/socket.c:2412
sock_sendmsg net/socket.c:724 [inline]
___sys_sendmsg+0x214/0x294 net/socket.c:2466
__sys_sendmsg net/socket.c:2495 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__se_sys_sendmsg net/socket.c:2502 [inline]
__do_sys_sendmsg net/socket.c:2504 [inline]
__arm64_sys_sendmsg+0x1ac/0x25c net/socket.c:2502
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:596
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Jun 29, 2023, 3:39:13 AM6/29/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: a1c449d00ff8 Linux 6.1.36
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=150c4370a80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=122f70f7280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c419b02b39/disk-a1c449d0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cc8fc6c3c06c/vmlinux-a1c449d0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7ed5c1022bfe/Image-a1c449d0.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8f0d41...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4218, name: syz-executor220
syz-executor220/4218 is trying to acquire lock:
ffff0000d4537908 (&sch->q.lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline]
ffff0000d4537908 (&sch->q.lock){+...}-{2:2}, at: get_dist_table+0x240/0x354 net/sched/sch_netem.c:798
but task is already holding lock:
ffff0000d4537908 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sch->q.lock);
lock(&sch->q.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
2 locks held by syz-executor220/4218:
stack backtrace:
CPU: 0 PID: 4218 Comm: syz-executor220 Tainted: G W 6.1.36-syzkaller #0
HEAD commit: a1c449d00ff8 Linux 6.1.36
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=88fba5343539f90e
dashboard link: https://syzkaller.appspot.com/bug?extid=8f0d418a958eee1a9131
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10ed18f7280000
dashboard link: https://syzkaller.appspot.com/bug?extid=8f0d418a958eee1a9131
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=122f70f7280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/46c419b02b39/disk-a1c449d0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cc8fc6c3c06c/vmlinux-a1c449d0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/7ed5c1022bfe/Image-a1c449d0.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8f0d41...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274
preempt_count: 201, expected: 0
RCU nest depth: 0, expected: 0
2 locks held by syz-executor220/4218:
RCU nest depth: 0, expected: 0
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
#1: ffff0000d4537908 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
Preemption disabled at:
[<ffff8000106bed08>] sch_tree_lock+0x120/0x1d4
CPU: 0 PID: 4218 Comm: syz-executor220 Not tainted 6.1.36-syzkaller #0
[<ffff8000106bed08>] sch_tree_lock+0x120/0x1d4
ffff0000d4537908 (&sch->q.lock){+...}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:355 [inline]
ffff0000d4537908 (&sch->q.lock){+...}-{2:2}, at: get_dist_table+0x240/0x354 net/sched/sch_netem.c:798
but task is already holding lock:
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&sch->q.lock);
lock(&sch->q.lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_lock net/core/rtnetlink.c:74 [inline]
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
#1: ffff0000d4537908 (&sch->q.lock){+...}-{2:2}, at: sch_tree_lock+0x120/0x1d4
#0: ffff800017b8e848 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e8/0xd94 net/core/rtnetlink.c:6094
stack backtrace:
CPU: 0 PID: 4218 Comm: syz-executor220 Tainted: G W 6.1.36-syzkaller #0
Reply all
Reply to author
Forward
0 new messages