BUG: sleeping function called from invalid context in tpk_write

16 views

Skip to first unread message

syzbot

unread,

Dec 5, 2019, 10:25:10 AM12/5/19

to syzkaller...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: fb683b5e Linux 4.19.88
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1640f42ae00000
kernel config: https://syzkaller.appspot.com/x/.config?x=598969d2888c3fa1
dashboard link: https://syzkaller.appspot.com/bug?extid=2564499426f9e3e7b6df
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+256449...@syzkaller.appspotmail.com

BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:908
in_atomic(): 1, irqs_disabled(): 0, pid: 10086, name: syz-executor.4
4 locks held by syz-executor.4/10086:
#0: 000000006d299571 (sb_writers#4){.+.+}, at: file_start_write
include/linux/fs.h:2775 [inline]
#0: 000000006d299571 (sb_writers#4){.+.+}, at: vfs_write+0x429/0x560
fs/read_write.c:548
#1: 00000000dd6e15f0 (&sb->s_type->i_mutex_key#9){++++}, at: inode_trylock
include/linux/fs.h:767 [inline]
#1: 00000000dd6e15f0 (&sb->s_type->i_mutex_key#9){++++}, at:
ext4_file_write_iter+0x23f/0x1060 fs/ext4/file.c:236
#2: 00000000d0a3284d (fs_reclaim){+.+.}, at:
fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
#3: 00000000d8075760 ((&sp->resync_t)){+.-.}, at: lockdep_copy_map
include/linux/lockdep.h:168 [inline]
#3: 00000000d8075760 ((&sp->resync_t)){+.-.}, at: call_timer_fn+0xda/0x720
kernel/time/timer.c:1316
Preemption disabled at:
[<ffffffff878000f3>] __do_softirq+0xf3/0x921 kernel/softirq.c:269
CPU: 1 PID: 10086 Comm: syz-executor.4 Not tainted 4.19.88-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
___might_sleep.cold+0x1bd/0x1f6 kernel/sched/core.c:6191
__might_sleep+0x95/0x190 kernel/sched/core.c:6144
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xc8/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x1b6/0x320 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789
[inline]
RIP: 0010:lock_acquire+0x1ea/0x3f0 kernel/locking/lockdep.c:3906
Code: 7c 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 c4 01 00 00 48
83 3d ba 0c a0 07 00 0f 84 38 01 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00
48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 8b
RSP: 0018:ffff888047907660 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff11e4b71 RBX: ffff8880a03ca080 RCX: 000000008b02ee34
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000286
RBP: ffff8880479076a8 R08: 0000000000006f2e R09: 0000000000000002
R10: ffff8880a03ca950 R11: ffffffff8a7991f0 R12: ffffffff89006780
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
__fs_reclaim_acquire mm/page_alloc.c:3757 [inline]
fs_reclaim_acquire.part.0+0x24/0x30 mm/page_alloc.c:3768
fs_reclaim_acquire mm/page_alloc.c:4342 [inline]
prepare_alloc_pages mm/page_alloc.c:4339 [inline]
__alloc_pages_nodemask+0x4fc/0x750 mm/page_alloc.c:4391
alloc_pages_current+0x107/0x210 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__page_cache_alloc mm/filemap.c:969 [inline]
__page_cache_alloc+0x2bd/0x450 mm/filemap.c:954
pagecache_get_page+0x231/0xcf0 mm/filemap.c:1600
grab_cache_page_write_begin+0x7b/0xb0 mm/filemap.c:3112
ext4_da_write_begin+0x2d7/0x1180 fs/ext4/inode.c:3058
generic_perform_write+0x22a/0x520 mm/filemap.c:3162
__generic_file_write_iter+0x25e/0x630 mm/filemap.c:3287
ext4_file_write_iter+0x32b/0x1060 fs/ext4/file.c:270
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x587/0x810 fs/read_write.c:487
vfs_write+0x20c/0x560 fs/read_write.c:549
ksys_write+0x14f/0x2d0 fs/read_write.c:599
__do_sys_write fs/read_write.c:611 [inline]
__se_sys_write fs/read_write.c:608 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:608
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a679
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6da93a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
RDX: 00000000fffffff4 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da93a36d4
R13: 00000000004cb5c6 R14: 00000000004e4ed8 R15: 00000000ffffffff

kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
================================
WARNING: inconsistent lock state
4.19.88-syzkaller #0 Tainted: G W
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
syz-executor.4/10086 [HC0[0]:SC1[1]:HE1:SE0] takes:
0000000090bc507f (&tpk_port.port_write_mutex){+.?.}, at:
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
{SOFTIRQ-ON-W} state was registered at:
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
tnc_init drivers/net/hamradio/6pack.c:536 [inline]
sixpack_open+0x9d3/0xbf5 drivers/net/hamradio/6pack.c:632
tty_ldisc_open.isra.0+0x89/0xd0 drivers/tty/tty_ldisc.c:462
tty_set_ldisc+0x2e3/0x690 drivers/tty/tty_ldisc.c:587
tiocsetd drivers/tty/tty_io.c:2359 [inline]
tty_ioctl+0x65e/0x1510 drivers/tty/tty_io.c:2603
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688
ksys_ioctl+0xab/0xd0 fs/ioctl.c:705
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
irq event stamp: 31102
hardirqs last enabled at (31102): [<ffffffff81006693>]
trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (31101): [<ffffffff810066af>]
trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (29060): [<ffffffff87800633>]
__do_softirq+0x633/0x921 kernel/softirq.c:318
softirqs last disabled at (30967): [<ffffffff81404a60>] invoke_softirq
kernel/softirq.c:372 [inline]
softirqs last disabled at (30967): [<ffffffff81404a60>]
irq_exit+0x180/0x1d0 kernel/softirq.c:412

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&tpk_port.port_write_mutex);
<Interrupt>
lock(&tpk_port.port_write_mutex);

*** DEADLOCK ***

4 locks held by syz-executor.4/10086:
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
#0: 000000006d299571 (sb_writers#4){.+.+}, at: file_start_write
include/linux/fs.h:2775 [inline]
#0: 000000006d299571 (sb_writers#4){.+.+}, at: vfs_write+0x429/0x560
fs/read_write.c:548
#1: 00000000dd6e15f0 (&sb->s_type->i_mutex_key#9){++++}, at: inode_trylock
include/linux/fs.h:767 [inline]
#1: 00000000dd6e15f0 (&sb->s_type->i_mutex_key#9){++++}, at:
ext4_file_write_iter+0x23f/0x1060 fs/ext4/file.c:236
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
#2: 00000000d0a3284d (fs_reclaim){+.+.}, at:
fs_reclaim_acquire.part.0+0x0/0x30 include/linux/compiler.h:193
#3: 00000000d8075760 ((&sp->resync_t)){+.-.}, at: lockdep_copy_map
include/linux/lockdep.h:168 [inline]
#3: 00000000d8075760 ((&sp->resync_t)){+.-.}, at: call_timer_fn+0xda/0x720
kernel/time/timer.c:1316

stack backtrace:
CPU: 1 PID: 10086 Comm: syz-executor.4 Tainted: G W
4.19.88-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
print_usage_bug.cold+0x330/0x42a kernel/locking/lockdep.c:2540
valid_state kernel/locking/lockdep.c:2553 [inline]
mark_lock_irq kernel/locking/lockdep.c:2747 [inline]
mark_lock+0xd1b/0x1370 kernel/locking/lockdep.c:3127
mark_irqflags kernel/locking/lockdep.c:3005 [inline]
__lock_acquire+0xc62/0x49c0 kernel/locking/lockdep.c:3368
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x1b6/0x320 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789
[inline]
RIP: 0010:lock_acquire+0x1ea/0x3f0 kernel/locking/lockdep.c:3906
Code: 7c 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 c4 01 00 00 48
83 3d ba 0c a0 07 00 0f 84 38 01 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00
48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 8b
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
RSP: 0018:ffff888047907660 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff11e4b71 RBX: ffff8880a03ca080 RCX: 000000008b02ee34
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000286
RBP: ffff8880479076a8 R08: 0000000000006f2e R09: 0000000000000002
R10: ffff8880a03ca950 R11: ffffffff8a7991f0 R12: ffffffff89006780
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
__fs_reclaim_acquire mm/page_alloc.c:3757 [inline]
fs_reclaim_acquire.part.0+0x24/0x30 mm/page_alloc.c:3768
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
fs_reclaim_acquire mm/page_alloc.c:4342 [inline]
prepare_alloc_pages mm/page_alloc.c:4339 [inline]
__alloc_pages_nodemask+0x4fc/0x750 mm/page_alloc.c:4391
alloc_pages_current+0x107/0x210 mm/mempolicy.c:2197
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
alloc_pages include/linux/gfp.h:532 [inline]
__page_cache_alloc mm/filemap.c:969 [inline]
__page_cache_alloc+0x2bd/0x450 mm/filemap.c:954
pagecache_get_page+0x231/0xcf0 mm/filemap.c:1600
grab_cache_page_write_begin+0x7b/0xb0 mm/filemap.c:3112
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
ext4_da_write_begin+0x2d7/0x1180 fs/ext4/inode.c:3058
generic_perform_write+0x22a/0x520 mm/filemap.c:3162
__generic_file_write_iter+0x25e/0x630 mm/filemap.c:3287
ext4_file_write_iter+0x32b/0x1060 fs/ext4/file.c:270
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x587/0x810 fs/read_write.c:487
vfs_write+0x20c/0x560 fs/read_write.c:549
ksys_write+0x14f/0x2d0 fs/read_write.c:599
__do_sys_write fs/read_write.c:611 [inline]
__se_sys_write fs/read_write.c:608 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:608
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a679
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6da93a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
RDX: 00000000fffffff4 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da93a36d4
R13: 00000000004cb5c6 R14: 00000000004e4ed8 R15: 00000000ffffffff
BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:908
in_atomic(): 1, irqs_disabled(): 0, pid: 10086, name: syz-executor.4
INFO: lockdep is turned off.
Preemption disabled at:
[<ffffffff878000f3>] __do_softirq+0xf3/0x921 kernel/softirq.c:269
CPU: 1 PID: 10086 Comm: syz-executor.4 Tainted: G W
4.19.88-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
___might_sleep.cold+0x1bd/0x1f6 kernel/sched/core.c:6191
__might_sleep+0x95/0x190 kernel/sched/core.c:6144
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xc8/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x22e/0x320 drivers/net/hamradio/6pack.c:523
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789
[inline]
RIP: 0010:lock_acquire+0x1ea/0x3f0 kernel/locking/lockdep.c:3906
Code: 7c 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 c4 01 00 00 48
83 3d ba 0c a0 07 00 0f 84 38 01 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00
48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 8b
RSP: 0018:ffff888047907660 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff11e4b71 RBX: ffff8880a03ca080 RCX: 000000008b02ee34
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000286
RBP: ffff8880479076a8 R08: 0000000000006f2e R09: 0000000000000002
R10: ffff8880a03ca950 R11: ffffffff8a7991f0 R12: ffffffff89006780
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
__fs_reclaim_acquire mm/page_alloc.c:3757 [inline]
fs_reclaim_acquire.part.0+0x24/0x30 mm/page_alloc.c:3768
fs_reclaim_acquire mm/page_alloc.c:4342 [inline]
prepare_alloc_pages mm/page_alloc.c:4339 [inline]
__alloc_pages_nodemask+0x4fc/0x750 mm/page_alloc.c:4391
alloc_pages_current+0x107/0x210 mm/mempolicy.c:2197
alloc_pages include/linux/gfp.h:532 [inline]
__page_cache_alloc mm/filemap.c:969 [inline]
__page_cache_alloc+0x2bd/0x450 mm/filemap.c:954
pagecache_get_page+0x231/0xcf0 mm/filemap.c:1600
grab_cache_page_write_begin+0x7b/0xb0 mm/filemap.c:3112
ext4_da_write_begin+0x2d7/0x1180 fs/ext4/inode.c:3058
generic_perform_write+0x22a/0x520 mm/filemap.c:3162
__generic_file_write_iter+0x25e/0x630 mm/filemap.c:3287
ext4_file_write_iter+0x32b/0x1060 fs/ext4/file.c:270
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x587/0x810 fs/read_write.c:487
vfs_write+0x20c/0x560 fs/read_write.c:549
ksys_write+0x14f/0x2d0 fs/read_write.c:599
__do_sys_write fs/read_write.c:611 [inline]
__se_sys_write fs/read_write.c:608 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:608
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a679
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6da93a2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
RDX: 00000000fffffff4 RSI: 0000000020000080 RDI: 0000000000000004
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6da93a36d4
R13: 00000000004cb5c6 R14: 00000000004e4ed8 R15: 00000000ffffffff
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
sock: process `syz-executor.0' is using obsolete setsockopt SO_BSDCOMPAT
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'rx-0' (00000000343d2f70): kobject_cleanup, parent 000000002c4906da
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (00000000343d2f70): auto cleanup 'remove' event
kobject: 'rx-0' (00000000343d2f70): kobject_uevent_env
kobject: 'rx-0' (00000000343d2f70): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (00000000343d2f70): auto cleanup kobject_del
kobject: 'rx-0' (00000000343d2f70): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (000000001b808194): kobject_cleanup, parent 000000002c4906da
kobject: 'tx-0' (000000001b808194): auto cleanup 'remove' event
kobject: 'tx-0' (000000001b808194): kobject_uevent_env
kobject: 'tx-0' (000000001b808194): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'tx-0' (000000001b808194): auto cleanup kobject_del
kobject: 'tx-0' (000000001b808194): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (000000002c4906da): kobject_cleanup, parent
(null)
kobject: 'queues' (000000002c4906da): calling ktype release
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'queues' (000000002c4906da): kset_release
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'queues': free name
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'ip6gre0' (0000000060073451): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'ip6gre0' (0000000060073451): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'ip6gre0' (0000000060073451): kobject_cleanup, parent
(null)
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'ip6gre0' (0000000060073451): calling ktype release
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'ip6gre0': free name
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'rx-0' (00000000c5ce84e6): kobject_cleanup, parent 00000000255e77fb
kobject: 'rx-0' (00000000c5ce84e6): auto cleanup 'remove' event
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'rx-0' (00000000c5ce84e6): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'rx-0' (00000000c5ce84e6): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'rx-0' (00000000c5ce84e6): auto cleanup kobject_del
kobject: 'rx-0' (00000000c5ce84e6): calling ktype release
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'rx-0': free name
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (00000000c1f8c9c5): kobject_cleanup, parent 00000000255e77fb
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'tx-0' (00000000c1f8c9c5): auto cleanup 'remove' event
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'tx-0' (00000000c1f8c9c5): kobject_uevent_env
kobject: 'tx-0' (00000000c1f8c9c5): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'tx-0' (00000000c1f8c9c5): auto cleanup kobject_del
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'tx-0' (00000000c1f8c9c5): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (00000000255e77fb): kobject_cleanup, parent
(null)
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'queues' (00000000255e77fb): calling ktype release
kobject: 'queues' (00000000255e77fb): kset_release
kobject: 'queues': free name
kobject: 'ip6tnl0' (0000000093a1cf2f): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'ip6tnl0' (0000000093a1cf2f): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'ip6tnl0' (0000000093a1cf2f): kobject_cleanup, parent
(null)
kobject: 'ip6tnl0' (0000000093a1cf2f): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'ip6tnl0': free name
kobject: 'rx-0' (000000004f826c29): kobject_cleanup, parent 0000000035799ea8
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (000000004f826c29): auto cleanup 'remove' event
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'rx-0' (000000004f826c29): kobject_uevent_env
kobject: 'rx-0' (000000004f826c29): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'rx-0' (000000004f826c29): auto cleanup kobject_del
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (000000004f826c29): calling ktype release
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'rx-0': free name
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (00000000f689af51): kobject_cleanup, parent 0000000035799ea8
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'tx-0' (00000000f689af51): auto cleanup 'remove' event
kobject: 'tx-0' (00000000f689af51): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'tx-0' (00000000f689af51): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tx-0' (00000000f689af51): auto cleanup kobject_del
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'tx-0' (00000000f689af51): calling ktype release
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'tx-0': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'queues' (0000000035799ea8): kobject_cleanup, parent
(null)
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'queues' (0000000035799ea8): calling ktype release
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'queues' (0000000035799ea8): kset_release
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'queues': free name
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'sit0' (00000000ce661712): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'sit0' (00000000ce661712): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'sit0' (00000000ce661712): kobject_cleanup, parent (null)
kobject: 'sit0' (00000000ce661712): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'sit0': free name
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (00000000df96ac95): kobject_cleanup, parent 00000000bc262ad2
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'rx-0' (00000000df96ac95): auto cleanup 'remove' event
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'rx-0' (00000000df96ac95): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'rx-0' (00000000df96ac95): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'rx-0' (00000000df96ac95): auto cleanup kobject_del
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'rx-0' (00000000df96ac95): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'rx-0': free name
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0' (00000000d1f9ed84): kobject_cleanup, parent 00000000bc262ad2
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'tx-0' (00000000d1f9ed84): auto cleanup 'remove' event
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'tx-0' (00000000d1f9ed84): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'tx-0' (00000000d1f9ed84): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (00000000d1f9ed84): auto cleanup kobject_del
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tx-0' (00000000d1f9ed84): calling ktype release
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'queues' (00000000bc262ad2): kobject_cleanup, parent
(null)
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'queues' (00000000bc262ad2): calling ktype release
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'queues' (00000000bc262ad2): kset_release
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'queues': free name
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'ip6_vti0' (00000000f356b1f4): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'ip6_vti0' (00000000f356b1f4): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'ip6_vti0' (00000000f356b1f4): kobject_cleanup, parent
(null)
kobject: 'ip6_vti0' (00000000f356b1f4): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'ip6_vti0': free name
kobject: 'rx-0' (00000000f7e4fb7b): kobject_cleanup, parent 00000000f1a256ad
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (00000000f7e4fb7b): auto cleanup 'remove' event
kobject: 'rx-0' (00000000f7e4fb7b): kobject_uevent_env
kobject: 'rx-0' (00000000f7e4fb7b): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'rx-0' (00000000f7e4fb7b): auto cleanup kobject_del
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'rx-0' (00000000f7e4fb7b): calling ktype release
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'rx-0': free name
kobject: 'tx-0' (00000000107171eb): kobject_cleanup, parent 00000000f1a256ad
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'tx-0' (00000000107171eb): auto cleanup 'remove' event
kobject: 'tx-0' (00000000107171eb): kobject_uevent_env
kobject: 'tx-0' (00000000107171eb): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (00000000107171eb): auto cleanup kobject_del
kobject: 'tx-0' (00000000107171eb): calling ktype release
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'tx-0': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'queues' (00000000f1a256ad): kobject_cleanup, parent
(null)
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'queues' (00000000f1a256ad): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'queues' (00000000f1a256ad): kset_release
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'queues': free name
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'ip_vti0' (00000000d0b90e3f): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'ip_vti0' (00000000d0b90e3f): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'ip_vti0' (00000000d0b90e3f): kobject_cleanup, parent
(null)
kobject: 'ip_vti0' (00000000d0b90e3f): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'ip_vti0': free name
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'batman_adv' (000000003e3bfb81): kobject_uevent_env
kobject: 'batman_adv' (000000003e3bfb81): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'batman_adv' (000000003e3bfb81): kobject_cleanup, parent
(null)
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'batman_adv' (000000003e3bfb81): calling ktype release
kobject: (000000003e3bfb81): dynamic_kobj_release
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'batman_adv': free name
kobject: 'rx-0' (00000000a3385abf): kobject_cleanup, parent 00000000718928a8
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'rx-0' (00000000a3385abf): auto cleanup 'remove' event
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'rx-0' (00000000a3385abf): kobject_uevent_env
kobject: 'rx-0' (00000000a3385abf): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'rx-0' (00000000a3385abf): auto cleanup kobject_del
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'rx-0' (00000000a3385abf): calling ktype release
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'rx-0': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'tx-0' (000000004595dda1): kobject_cleanup, parent 00000000718928a8
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tx-0' (000000004595dda1): auto cleanup 'remove' event
kobject: 'tx-0' (000000004595dda1): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tx-0' (000000004595dda1): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0' (000000004595dda1): auto cleanup kobject_del
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'tx-0' (000000004595dda1): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tx-0': free name
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'queues' (00000000718928a8): kobject_cleanup, parent
(null)
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'queues' (00000000718928a8): calling ktype release
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'queues' (00000000718928a8): kset_release
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'queues': free name
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'erspan0' (00000000cba2f318): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'erspan0' (00000000cba2f318): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'erspan0' (00000000cba2f318): kobject_cleanup, parent
(null)
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'erspan0' (00000000cba2f318): calling ktype release
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'erspan0': free name
kobject: 'batman_adv' (00000000223cbfbc): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'batman_adv' (00000000223cbfbc): kobject_uevent_env: filter
function caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'batman_adv' (00000000223cbfbc): kobject_cleanup, parent
(null)
kobject: 'batman_adv' (00000000223cbfbc): calling ktype release
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: (00000000223cbfbc): dynamic_kobj_release
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'batman_adv': free name
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'rx-0' (00000000d06114d8): kobject_cleanup, parent 00000000c6851b60
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'rx-0' (00000000d06114d8): auto cleanup 'remove' event
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'rx-0' (00000000d06114d8): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'rx-0' (00000000d06114d8): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'rx-0' (00000000d06114d8): auto cleanup kobject_del
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'rx-0' (00000000d06114d8): calling ktype release
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'rx-0': free name
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tx-0' (00000000d6b26e86): kobject_cleanup, parent 00000000c6851b60
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0' (00000000d6b26e86): auto cleanup 'remove' event
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'tx-0' (00000000d6b26e86): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'tx-0' (00000000d6b26e86): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'tx-0' (00000000d6b26e86): auto cleanup kobject_del
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (00000000d6b26e86): calling ktype release
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'tx-0': free name
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'queues' (00000000c6851b60): kobject_cleanup, parent
(null)
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'queues' (00000000c6851b60): calling ktype release
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'queues' (00000000c6851b60): kset_release
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'queues': free name
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'gretap0' (000000003e0594e1): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'gretap0' (000000003e0594e1): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'gretap0' (000000003e0594e1): kobject_cleanup, parent
(null)
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'gretap0' (000000003e0594e1): calling ktype release
kobject: 'gretap0': free name
kobject: 'rx-0' (00000000d6c4c47a): kobject_cleanup, parent 000000001f458de7
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (00000000d6c4c47a): auto cleanup 'remove' event
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'rx-0' (00000000d6c4c47a): kobject_uevent_env
kobject: 'rx-0' (00000000d6c4c47a): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'rx-0' (00000000d6c4c47a): auto cleanup kobject_del
kobject: 'rx-0' (00000000d6c4c47a): calling ktype release
kobject: 'rx-0': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'tx-0' (000000007c031f2f): kobject_cleanup, parent 000000001f458de7
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tx-0' (000000007c031f2f): auto cleanup 'remove' event
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'tx-0' (000000007c031f2f): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'tx-0' (000000007c031f2f): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'tx-0' (000000007c031f2f): auto cleanup kobject_del
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'tx-0' (000000007c031f2f): calling ktype release
kobject: 'tx-0': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'queues' (000000001f458de7): kobject_cleanup, parent
(null)
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'queues' (000000001f458de7): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'queues' (000000001f458de7): kset_release
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'queues': free name
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'gre0' (0000000052312c7a): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'gre0' (0000000052312c7a): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'gre0' (0000000052312c7a): kobject_cleanup, parent (null)
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'gre0' (0000000052312c7a): calling ktype release
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'gre0': free name
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'rx-0' (00000000e98f7084): kobject_cleanup, parent 00000000187748c7
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'rx-0' (00000000e98f7084): auto cleanup 'remove' event
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'rx-0' (00000000e98f7084): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'rx-0' (00000000e98f7084): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'rx-0' (00000000e98f7084): auto cleanup kobject_del
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'rx-0' (00000000e98f7084): calling ktype release
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'rx-0': free name
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'tx-0' (00000000112c9aa3): kobject_cleanup, parent 00000000187748c7
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tx-0' (00000000112c9aa3): auto cleanup 'remove' event
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0' (00000000112c9aa3): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'tx-0' (00000000112c9aa3): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'tx-0' (00000000112c9aa3): auto cleanup kobject_del
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tx-0' (00000000112c9aa3): calling ktype release
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'tx-0': free name
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'queues' (00000000187748c7): kobject_cleanup, parent
(null)
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'queues' (00000000187748c7): calling ktype release
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'queues' (00000000187748c7): kset_release
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'queues': free name
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tunl0' (00000000990afadd): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tunl0' (00000000990afadd): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'tunl0' (00000000990afadd): kobject_cleanup, parent
(null)
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tunl0' (00000000990afadd): calling ktype release
kobject: 'tunl0': free name
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'rx-0' (00000000ce3ee279): kobject_cleanup, parent 00000000e3647e05
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'rx-0' (00000000ce3ee279): auto cleanup 'remove' event
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:908
in_atomic(): 1, irqs_disabled(): 0, pid: 3668, name: udevd
INFO: lockdep is turned off.
Preemption disabled at:
[<ffffffff81556482>] vprintk_emit+0x262/0x6d0 kernel/printk/printk.c:1930
CPU: 1 PID: 3668 Comm: udevd Tainted: G W 4.19.88-syzkaller
#0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
___might_sleep.cold+0x1bd/0x1f6 kernel/sched/core.c:6191
__might_sleep+0x95/0x190 kernel/sched/core.c:6144
__mutex_lock_common kernel/locking/mutex.c:908 [inline]
__mutex_lock+0xc8/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
resync_tnc+0x1b6/0x320 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789
[inline]
RIP: 0010:console_unlock+0xc26/0x10d0 kernel/printk/printk.c:2437
Code: fc ff df 48 c1 e8 03 80 3c 08 00 0f 85 56 04 00 00 48 83 3d 63 30 9d
07 00 0f 84 b6 02 00 00 e8 d0 e8 15 00 48 8b 7d 98 57 9d <0f> 1f 44 00 00
e9 64 ff ff ff e8 bb e8 15 00 48 8b 7d 08 c7 05 8d
RSP: 0018:ffff888095df77f0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13
RAX: ffff888095de83c0 RBX: 0000000000000200 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: ffffffff81552b30 RDI: 0000000000000293
RBP: ffff888095df7878 R08: ffff888095de83c0 R09: fffffbfff11f1705
R10: fffffbfff11f1704 R11: ffffffff88f8b823 R12: 0000000000000000
R13: ffffffff84622dc0 R14: 000000000000006a R15: ffffffff89654910
vprintk_emit+0x280/0x6d0 kernel/printk/printk.c:1937
vprintk_default+0x28/0x30 kernel/printk/printk.c:1979
vprintk_func+0x7e/0x189 kernel/printk/printk_safe.c:398
printk+0xba/0xed kernel/printk/printk.c:2012
fill_kobj_path lib/kobject.c:151 [inline]
kobject_get_path.cold+0x38/0x47 lib/kobject.c:174
kobject_uevent_env+0x3ab/0x101f lib/kobject_uevent.c:526
kobject_synth_uevent.cold+0xa0/0xfe lib/kobject_uevent.c:208
uevent_store+0x26/0x80 drivers/base/core.c:1073
dev_attr_store+0x59/0x80 drivers/base/core.c:782
sysfs_kf_write+0x116/0x170 fs/sysfs/file.c:139
kernfs_fop_write+0x2b8/0x480 fs/kernfs/file.c:316
__vfs_write+0x114/0x810 fs/read_write.c:485
vfs_write+0x20c/0x560 fs/read_write.c:549
ksys_write+0x14f/0x2d0 fs/read_write.c:599
__do_sys_write fs/read_write.c:611 [inline]
__se_sys_write fs/read_write.c:608 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:608
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fb06901f370
Code: 73 01 c3 48 8b 0d c8 4a 2b 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb
ea 90 90 83 3d 85 a2 2b 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 73 31 c3 48 83 ec 08 e8 0e 8a 01 00 48 89 04 24
RSP: 002b:00007ffcc44865d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000002164c20 RCX: 00007fb06901f370
RDX: 0000000000000006 RSI: 000000000041f4f9 RDI: 000000000000000b
RBP: 0000000002165240 R08: 000000000041f4f1 R09: 00007fb0690757d0
R10: 7269762f73656369 R11: 0000000000000246 R12: 000000000000000b
R13: 0000000000000040 R14: 0000000002164be0 R15: 000000000211b030
kobject: 'rx-0' (00000000ce3ee279): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'rx-0' (00000000ce3ee279): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'rx-0' (00000000ce3ee279): auto cleanup kobject_del
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'rx-0' (00000000ce3ee279): calling ktype release
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'rx-0': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'tx-0' (000000000266e05b): kobject_cleanup, parent 00000000e3647e05
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'tx-0' (000000000266e05b): auto cleanup 'remove' event
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'tx-0' (000000000266e05b): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'tx-0' (000000000266e05b): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'tx-0' (000000000266e05b): auto cleanup kobject_del
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'tx-0' (000000000266e05b): calling ktype release
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'tx-0': free name
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'queues' (00000000e3647e05): kobject_cleanup, parent
(null)
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'queues' (00000000e3647e05): calling ktype release
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'queues' (00000000e3647e05): kset_release
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'queues': free name
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'lo' (000000004aedcab4): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'lo' (000000004aedcab4): kobject_uevent_env: uevent_suppress
caused the event to drop!
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'lo' (000000004aedcab4): kobject_cleanup, parent (null)
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'lo' (000000004aedcab4): calling ktype release
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'lo': free name
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop2' (00000000cfb63f3c): kobject_uevent_env
kobject: 'loop2' (00000000cfb63f3c): fill_kobj_path: path
= '/devices/virtual/block/loop2'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop0' (0000000059c11d5e): kobject_uevent_env
kobject: 'loop0' (0000000059c11d5e): fill_kobj_path: path
= '/devices/virtual/block/loop0'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env
kobject: 'loop3' (00000000a3e71365): fill_kobj_path: path
= '/devices/virtual/block/loop3'
kobject: 'loop1' (00000000ccc88cfa): kobject_uevent_env
kobject: 'loop1' (00000000ccc88cfa): fill_kobj_path: path
= '/devices/virtual/block/loop1'
kobject: 'loop4' (000000009bad1a5c): kobject_uevent_env
kobject: 'loop4' (000000009bad1a5c): fill_kobj_path: path
= '/devices/virtual/block/loop4'
kobject: 'loop5' (00000000175be7b7): kobject_uevent_env
kobject: 'loop5' (00000000175be7b7): fill_kobj_path: path
= '/devices/virtual/block/loop5'
kobject: 'loop3' (00000000a3e71365): kobject_uevent_env

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot

unread,

Dec 5, 2019, 11:21:09 AM12/5/19

to syzkaller...@googlegroups.com

syzbot has found a reproducer for the following crash on:

HEAD commit: fb683b5e Linux 4.19.88
git tree: linux-4.19.y

console output: https://syzkaller.appspot.com/x/log.txt?x=1356bb7ae00000

kernel config: https://syzkaller.appspot.com/x/.config?x=598969d2888c3fa1
dashboard link: https://syzkaller.appspot.com/bug?extid=2564499426f9e3e7b6df
compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10e32e41e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=110d090ee00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+256449...@syzkaller.appspotmail.com

BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:908

in_atomic(): 1, irqs_disabled(): 0, pid: 7806, name: syz-executor338
1 lock held by syz-executor338/7806:
#0: 00000000eb3bd0a7 ((&sp->resync_t)){+.-.}, at: lockdep_copy_map
include/linux/lockdep.h:168 [inline]
#0: 00000000eb3bd0a7 ((&sp->resync_t)){+.-.}, at: call_timer_fn+0xda/0x720

kernel/time/timer.c:1316
Preemption disabled at:
[<ffffffff878000f3>] __do_softirq+0xf3/0x921 kernel/softirq.c:269

CPU: 0 PID: 7806 Comm: syz-executor338 Not tainted 4.19.88-syzkaller #0

RIP: 0033:0x444fc0
Code: c0 5b 5d c3 66 0f 1f 44 00 00 8b 04 24 48 83 c4 18 5b 5d c3 66 0f 1f
44 00 00 83 3d 31 d0 29 00 00 75 14 b8 23 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 64 1f fc ff c3 48 83 ec 08 e8 9a 42 00 00
RSP: 002b:00007ffddeb733c8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000000 RBX: 0000000000002d77 RCX: 0000000000444fc0
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffddeb733d0
RBP: 0000000000011e8d R08: 0000000000001e7e R09: 0000000001e48880
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004073b0
R13: 0000000000407440 R14: 0000000000000000 R15: 0000000000000000

================================
WARNING: inconsistent lock state
4.19.88-syzkaller #0 Tainted: G W
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.

syz-executor338/7806 [HC0[0]:SC1[1]:HE1:SE0] takes:
000000007165adc8 (&tpk_port.port_write_mutex){+.?.}, at:

tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
{SOFTIRQ-ON-W} state was registered at:
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123
tnc_init drivers/net/hamradio/6pack.c:536 [inline]
sixpack_open+0x9d3/0xbf5 drivers/net/hamradio/6pack.c:632
tty_ldisc_open.isra.0+0x89/0xd0 drivers/tty/tty_ldisc.c:462
tty_set_ldisc+0x2e3/0x690 drivers/tty/tty_ldisc.c:587
tiocsetd drivers/tty/tty_io.c:2359 [inline]
tty_ioctl+0x65e/0x1510 drivers/tty/tty_io.c:2603

vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:501 [inline]
do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:688
ksys_ioctl+0xab/0xd0 fs/ioctl.c:705

__do_sys_ioctl fs/ioctl.c:712 [inline]
__se_sys_ioctl fs/ioctl.c:710 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:710
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe

irq event stamp: 151266
hardirqs last enabled at (151266): [<ffffffff81006693>]
trace_hardirqs_on_thunk+0x1a/0x1c
hardirqs last disabled at (151265): [<ffffffff810066af>]
trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last enabled at (147902): [<ffffffff87800633>]
__do_softirq+0x633/0x921 kernel/softirq.c:318
softirqs last disabled at (151193): [<ffffffff81404a60>] invoke_softirq
kernel/softirq.c:372 [inline]
softirqs last disabled at (151193): [<ffffffff81404a60>]

irq_exit+0x180/0x1d0 kernel/softirq.c:412

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&tpk_port.port_write_mutex);
<Interrupt>
lock(&tpk_port.port_write_mutex);

*** DEADLOCK ***

1 lock held by syz-executor338/7806:
#0: 00000000eb3bd0a7 ((&sp->resync_t)){+.-.}, at: lockdep_copy_map
include/linux/lockdep.h:168 [inline]
#0: 00000000eb3bd0a7 ((&sp->resync_t)){+.-.}, at: call_timer_fn+0xda/0x720
kernel/time/timer.c:1316

stack backtrace:
CPU: 0 PID: 7806 Comm: syz-executor338 Tainted: G W

4.19.88-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118

print_usage_bug.cold+0x330/0x42a kernel/locking/lockdep.c:2540
valid_state kernel/locking/lockdep.c:2553 [inline]
mark_lock_irq kernel/locking/lockdep.c:2747 [inline]
mark_lock+0xd1b/0x1370 kernel/locking/lockdep.c:3127
mark_irqflags kernel/locking/lockdep.c:3005 [inline]
__lock_acquire+0xc62/0x49c0 kernel/locking/lockdep.c:3368

lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:3903
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xf7/0x1300 kernel/locking/mutex.c:1072
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1087
tpk_write+0x5d/0x340 drivers/char/ttyprintk.c:123

resync_tnc+0x1b6/0x320 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x18d/0x720 kernel/time/timer.c:1326
expire_timers kernel/time/timer.c:1363 [inline]
__run_timers kernel/time/timer.c:1684 [inline]
__run_timers kernel/time/timer.c:1652 [inline]
run_timer_softirq+0x64f/0x16a0 kernel/time/timer.c:1697
__do_softirq+0x25c/0x921 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x180/0x1d0 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x13b/0x550 arch/x86/kernel/apic/apic.c:1094
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:893
</IRQ>

BUG: sleeping function called from invalid context at
kernel/locking/mutex.c:908

in_atomic(): 1, irqs_disabled(): 0, pid: 17881, name: syz-executor338

INFO: lockdep is turned off.
Preemption disabled at:

[<ffffffff813fc4ed>] mm_update_next_owner+0xdd/0x660 kernel/exit.c:429
CPU: 0 PID: 17881 Comm: syz-executor338 Tainted: G W

RIP: 0010:mm_update_next_owner+0x466/0x660 kernel/exit.c:453
Code: d3 fe ff ff e8 ab 4b 2b 00 4d 8d 84 24 20 04 00 00 4c 89 c0 48 c1 e8
03 80 3c 18 00 0f 85 14 01 00 00 4d 8b b4 24 20 04 00 00 <4d> 39 ee 75 90
e9 f4 fc ff ff e8 7b 4b 2b 00 48 c7 c7 c0 90 e0 88
RSP: 0018:ffff8882018d7d18 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: 1ffff1101104acf4 RBX: dffffc0000000000 RCX: ffffffff813fc7ae
RDX: 0000000000000000 RSI: ffffffff813fc855 RDI: ffff888088256a80
RBP: ffff8882018d7d78 R08: ffff8880882567a0 R09: fffffbfff11c1219
R10: fffffbfff11c1218 R11: ffffffff88e090c3 R12: ffff888088256380
R13: ffff8880a10f5900 R14: ffff8880a801a100 R15: ffff888087ed0540
exit_mm kernel/exit.c:545 [inline]
do_exit+0x891/0x3080 kernel/exit.c:863
do_group_exit+0x135/0x370 kernel/exit.c:979
__do_sys_exit_group kernel/exit.c:990 [inline]
__se_sys_exit_group kernel/exit.c:988 [inline]
__x64_sys_exit_group+0x44/0x50 kernel/exit.c:988
do_syscall_64+0xfd/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x445398
Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0
0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff
ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00
RSP: 002b:00007ffddeb733a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000445398
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00000000004cc9b0 R08: 00000000000000e7 R09: ffffffffffffffd0
R10: 00007ffddeb733f0 R11: 0000000000000246 R12: 0000000000000001
R13: 00000000006e0320 R14: 0000000000000004 R15: 0000000000000001
[U] `�

syzbot

unread,

Dec 5, 2019, 2:45:09 PM12/5/19

to syzkaller...@googlegroups.com

Hello,

syzbot found the following crash on:

HEAD commit: a844dc4c Linux 4.14.158
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1739f061e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=e820c54dee153942
dashboard link: https://syzkaller.appspot.com/bug?extid=bfd52992394f1e2fba00

compiler: gcc (GCC) 9.0.0 20181231 (experimental)

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=166c542ae00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1784f446e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:

Reported-by: syzbot+bfd529...@syzkaller.appspotmail.com

sp0: Synchronizing with TNC
Bluetooth: hci0 command 0x1003 tx timeout
Bluetooth: hci0 sending frame failed (-49)
Bluetooth: hci0 command 0x1001 tx timeout
Bluetooth: hci0 sending frame failed (-49)

BUG: sleeping function called from invalid context at

kernel/locking/mutex.c:747
in_atomic(): 1, irqs_disabled(): 0, pid: 0, name: swapper/0
1 lock held by swapper/0/0:
#0: ((&sp->resync_t)){+.-.}, at: [<ffffffff814fc938>] lockdep_copy_map
include/linux/lockdep.h:174 [inline]
#0: ((&sp->resync_t)){+.-.}, at: [<ffffffff814fc938>]
call_timer_fn+0xc8/0x670 kernel/time/timer.c:1269
Preemption disabled at:
[<ffffffff8664213d>] schedule_preempt_disabled+0x1d/0x20
kernel/sched/core.c:3487
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.14.158-syzkaller #0

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>

__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
___might_sleep.cold+0x1bd/0x1f6 kernel/sched/core.c:6040
__might_sleep+0x93/0xb0 kernel/sched/core.c:5993
__mutex_lock_common kernel/locking/mutex.c:747 [inline]
__mutex_lock+0xb9/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
tpk_write+0x5d/0x2c0 drivers/char/ttyprintk.c:123
resync_tnc+0x1bc/0x3d0 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x161/0x670 kernel/time/timer.c:1279
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x5b7/0x1520 kernel/time/timer.c:1649
__do_softirq+0x244/0x9a0 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x160/0x1b0 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x146/0x5e0 arch/x86/kernel/apic/apic.c:1102
apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792
</IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
RSP: 0018:ffffffff87e07de8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff0fe2d2c RBX: ffffffff87e76240 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87e76abc
RBP: ffffffff87e07e10 R08: 1ffffffff1164501 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff87f16950
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff87e76240
arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:557
default_idle_call+0x36/0x90 kernel/sched/idle.c:98
cpuidle_idle_call kernel/sched/idle.c:156 [inline]
do_idle+0x262/0x3d0 kernel/sched/idle.c:246
cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:351
rest_init+0x1d9/0x1e2 init/main.c:434
start_kernel+0x6df/0x6fd init/main.c:708
x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:399
x86_64_start_kernel+0x77/0x7b arch/x86/kernel/head64.c:380
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240

================================
WARNING: inconsistent lock state

4.14.158-syzkaller #0 Tainted: G W

--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.

swapper/0/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
(&tpk_port.port_write_mutex){+.?.}, at: [<ffffffff8356016d>]
tpk_write+0x5d/0x2c0 drivers/char/ttyprintk.c:123

{SOFTIRQ-ON-W} state was registered at:

mark_irqflags kernel/locking/lockdep.c:3086 [inline]
__lock_acquire+0xc33/0x4620 kernel/locking/lockdep.c:3444
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
tpk_write+0x5d/0x2c0 drivers/char/ttyprintk.c:123
tnc_init drivers/net/hamradio/6pack.c:541 [inline]
sixpack_open+0x9b2/0xc85 drivers/net/hamradio/6pack.c:643
tty_ldisc_open.isra.0+0x73/0xb0 drivers/tty/tty_ldisc.c:474
tty_set_ldisc+0x29a/0x610 drivers/tty/tty_ldisc.c:599
tiocsetd drivers/tty/tty_io.c:2351 [inline]
tty_ioctl+0x95b/0x1320 drivers/tty/tty_io.c:2595
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:500 [inline]
do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
SYSC_ioctl fs/ioctl.c:701 [inline]
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
irq event stamp: 263882
hardirqs last enabled at (263882): [<ffffffff865e81d6>]
dump_stack+0x17d/0x197 lib/dump_stack.c:63
hardirqs last disabled at (263881): [<ffffffff865e8102>]
dump_stack+0xa9/0x197 lib/dump_stack.c:40
softirqs last enabled at (263796): [<ffffffff8138e38c>]
_local_bh_enable+0x1c/0x30 kernel/softirq.c:159
softirqs last disabled at (263797): [<ffffffff81390640>] invoke_softirq
kernel/softirq.c:368 [inline]
softirqs last disabled at (263797): [<ffffffff81390640>]
irq_exit+0x160/0x1b0 kernel/softirq.c:409

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&tpk_port.port_write_mutex);
<Interrupt>
lock(&tpk_port.port_write_mutex);

*** DEADLOCK ***

1 lock held by swapper/0/0:
#0: ((&sp->resync_t)){+.-.}, at: [<ffffffff814fc938>] lockdep_copy_map
include/linux/lockdep.h:174 [inline]
#0: ((&sp->resync_t)){+.-.}, at: [<ffffffff814fc938>]
call_timer_fn+0xc8/0x670 kernel/time/timer.c:1269

stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 4.14.158-syzkaller

#0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>

__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x142/0x197 lib/dump_stack.c:58
print_usage_bug.cold+0x330/0x42a kernel/locking/lockdep.c:2585
valid_state kernel/locking/lockdep.c:2598 [inline]
mark_lock_irq kernel/locking/lockdep.c:2792 [inline]
mark_lock+0xdbd/0x1240 kernel/locking/lockdep.c:3190
mark_irqflags kernel/locking/lockdep.c:3068 [inline]
__lock_acquire+0xb57/0x4620 kernel/locking/lockdep.c:3444
lock_acquire+0x16f/0x430 kernel/locking/lockdep.c:3994
__mutex_lock_common kernel/locking/mutex.c:756 [inline]
__mutex_lock+0xe8/0x1470 kernel/locking/mutex.c:893
mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:908
tpk_write+0x5d/0x2c0 drivers/char/ttyprintk.c:123
resync_tnc+0x1bc/0x3d0 drivers/net/hamradio/6pack.c:522
call_timer_fn+0x161/0x670 kernel/time/timer.c:1279
expire_timers kernel/time/timer.c:1318 [inline]
__run_timers kernel/time/timer.c:1636 [inline]
__run_timers kernel/time/timer.c:1604 [inline]
run_timer_softirq+0x5b7/0x1520 kernel/time/timer.c:1649
__do_softirq+0x244/0x9a0 kernel/softirq.c:288
invoke_softirq kernel/softirq.c:368 [inline]
irq_exit+0x160/0x1b0 kernel/softirq.c:409
exiting_irq arch/x86/include/asm/apic.h:648 [inline]
smp_apic_timer_interrupt+0x146/0x5e0 arch/x86/kernel/apic/apic.c:1102
apic_timer_interrupt+0x96/0xa0 arch/x86/entry/entry_64.S:792
</IRQ>
RIP: 0010:native_safe_halt+0xe/0x10 arch/x86/include/asm/irqflags.h:61
RSP: 0018:ffffffff87e07de8 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10
RAX: 1ffffffff0fe2d2c RBX: ffffffff87e76240 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000001 RDI: ffffffff87e76abc
RBP: ffffffff87e07e10 R08: 1ffffffff1164501 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff87f16950
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff87e76240
arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:557
default_idle_call+0x36/0x90 kernel/sched/idle.c:98
cpuidle_idle_call kernel/sched/idle.c:156 [inline]
do_idle+0x262/0x3d0 kernel/sched/idle.c:246
cpu_startup_entry+0x1b/0x20 kernel/sched/idle.c:351
rest_init+0x1d9/0x1e2 init/main.c:434
start_kernel+0x6df/0x6fd init/main.c:708
x86_64_start_reservations+0x29/0x2b arch/x86/kernel/head64.c:399
x86_64_start_kernel+0x77/0x7b arch/x86/kernel/head64.c:380
secondary_startup_64+0xa5/0xb0 arch/x86/kernel/head_64.S:240
Bluetooth: hci0 command 0x1009 tx timeout
kobject: 'rfkill4' (ffff88808e38ef28): kobject_uevent_env
kobject: 'rfkill4' (ffff88808e38ef28): fill_kobj_path: path
= '/devices/virtual/bluetooth/hci0/rfkill4'
kobject: 'rfkill4' (ffff88808e38ef28): kobject_cleanup, parent
(null)
kobject: 'rfkill4' (ffff88808e38ef28): calling ktype release
kobject: 'rfkill4': free name
kobject: 'hci0' (ffff88809388a8a8): kobject_uevent_env
kobject: 'hci0' (ffff88809388a8a8): fill_kobj_path: path
= '/devices/virtual/bluetooth/hci0'
kobject: 'bluetooth' (ffff88809b1c2200): kobject_cleanup, parent
(null)
kobject: 'bluetooth' (ffff88809b1c2200): calling ktype release
kobject: 'bluetooth': free name
kobject: 'hci0' (ffff88809388a8a8): kobject_cleanup, parent (null)
kobject: 'hci0' (ffff88809388a8a8): calling ktype release
kobject: 'hci0': free name
[U] �`�
kobject: 'rx-0' (ffff88809c329250): kobject_cleanup, parent ffff8880a1314348
kobject: 'rx-0' (ffff88809c329250): auto cleanup 'remove' event
kobject: 'rx-0' (ffff88809c329250): kobject_uevent_env
kobject: 'rx-0' (ffff88809c329250): fill_kobj_path: path
= '/devices/virtual/net/sp0/queues/rx-0'
kobject: 'rx-0' (ffff88809c329250): auto cleanup kobject_del
kobject: 'rx-0' (ffff88809c329250): calling ktype release
kobject: 'rx-0': free name
kobject: 'tx-0' (ffff88809d8a87d8): kobject_cleanup, parent ffff8880a1314348
kobject: 'tx-0' (ffff88809d8a87d8): auto cleanup 'remove' event
kobject: 'tx-0' (ffff88809d8a87d8): kobject_uevent_env
kobject: 'tx-0' (ffff88809d8a87d8): fill_kobj_path: path
= '/devices/virtual/net/sp0/queues/tx-0'
kobject: 'tx-0' (ffff88809d8a87d8): auto cleanup kobject_del
kobject: 'tx-0' (ffff88809d8a87d8): calling ktype release
kobject: 'tx-0': free name
kobject: 'queues' (ffff8880a1314348): kobject_cleanup, parent
(null)
kobject: 'queues' (ffff8880a1314348): calling ktype release
kobject: 'queues' (ffff8880a1314348): kset_release
kobject: 'queues': free name
kobject: 'sp0' (ffff88808e2df0f0): kobject_uevent_env
kobject: 'sp0' (ffff88808e2df0f0): fill_kobj_path: path
= '/devices/virtual/net/sp0'
kobject: 'sp0' (ffff88808e2df0f0): kobject_cleanup, parent (null)
kobject: 'sp0' (ffff88808e2df0f0): calling ktype release
kobject: 'sp0': free name

---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

syzbot

unread,

Mar 6, 2020, 11:48:02 AM3/6/20

to syzkaller...@googlegroups.com

syzbot suspects this bug was fixed by commit:

commit fb56687038cfd0e82b6185bdb134d5d7c2b6073f
Author: Zhenzhong Duan <zhenzho...@gmail.com>
Date: Mon Jan 13 03:48:42 2020 +0000

ttyprintk: fix a potential deadlock in interrupt context issue

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16d27145e00000
start commit: fb683b5e Linux 4.19.88
git tree: linux-4.19.y

kernel config: https://syzkaller.appspot.com/x/.config?x=598969d2888c3fa1
dashboard link: https://syzkaller.appspot.com/bug?extid=2564499426f9e3e7b6df

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1144f446e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16fe2861e00000

If the result looks correct, please mark the bug fixed by replying with:

#syz fix: ttyprintk: fix a potential deadlock in interrupt context issue

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

syzbot

unread,

Mar 6, 2020, 3:50:04 PM3/6/20

to syzkaller...@googlegroups.com

syzbot suspects this bug was fixed by commit:

commit ab84fd0d3dc83277d6ab7246a6b2cd45ba924367

Author: Zhenzhong Duan <zhenzho...@gmail.com>
Date: Mon Jan 13 03:48:42 2020 +0000

ttyprintk: fix a potential deadlock in interrupt context issue

bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13257f29e00000
start commit: a844dc4c Linux 4.14.158
git tree: linux-4.14.y

kernel config: https://syzkaller.appspot.com/x/.config?x=e820c54dee153942
dashboard link: https://syzkaller.appspot.com/bug?extid=bfd52992394f1e2fba00

syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1234459ce00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10e7f2eae00000

Reply all

Reply to author

Forward

0 new messages