[v6.1] inconsistent lock state in ppp_input
8 views
Skip to first unread message
syzbot
Oct 3, 2024, 5:17:25 AM10/3/24
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: aa4cd140bba5 Linux 6.1.112
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12a2d927980000
kernel config: https://syzkaller.appspot.com/x/.config?x=853183e9ecc0ae5a
dashboard link: https://syzkaller.appspot.com/bug?extid=af56ddc562f8a9faf90f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f386960d8754/disk-aa4cd140.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a7eceea2ab69/vmlinux-aa4cd140.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b07057222188/Image-aa4cd140.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+af56dd...@syzkaller.appspotmail.com
================================
WARNING: inconsistent lock state
6.1.112-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/1/21 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff0000d5f599e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d5f599e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ffff0000d5f599e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2304
{SOFTIRQ-ON-W} state was registered at:
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2304
pppoe_rcv_core+0xfc/0x310 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv include/net/sock.h:1117 [inline]
__release_sock+0x1a8/0x408 net/core/sock.c:2936
release_sock+0x68/0x1cc net/core/sock.c:3500
pppoe_sendmsg+0xc8/0x5d4 drivers/net/ppp/pppoe.c:903
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x55c/0x848 net/socket.c:2514
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmmsg+0x318/0x7d8 net/socket.c:2654
__do_sys_sendmmsg net/socket.c:2683 [inline]
__se_sys_sendmmsg net/socket.c:2680 [inline]
__arm64_sys_sendmmsg+0xa0/0xbc net/socket.c:2680
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 540198
hardirqs last enabled at (540198): [<ffff8000081c715c>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:401
hardirqs last disabled at (540197): [<ffff8000081c70cc>] __local_bh_enable_ip+0x1a0/0x470 kernel/softirq.c:378
softirqs last enabled at (540186): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (540186): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (540191): [<ffff8000081cabc0>] run_ksoftirqd+0x6c/0x29c kernel/softirq.c:938
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&pch->downl);
<Interrupt>
lock(&pch->downl);
*** DEADLOCK ***
4 locks held by ksoftirqd/1/21:
#0: ffff800015ba4f20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:349
#1: ffff0000dd3930b0 (slock-AF_PPPOX){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#1: ffff0000dd3930b0 (slock-AF_PPPOX){+.-.}-{2:2}, at: __sk_receive_skb+0x164/0x900 net/core/sock.c:562
#2: ffff0000dd393130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: sk_receive_skb include/net/sock.h:2040 [inline]
#2: ffff0000dd393130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppoe_rcv+0x310/0x5b4 drivers/net/ppp/pppoe.c:451
#3: ffff800015ba4f20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
stack backtrace:
CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.1.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_usage_bug+0x654/0x9b0 kernel/locking/lockdep.c:3957
mark_lock_irq+0x980/0xd2c
mark_lock+0x258/0x360 kernel/locking/lockdep.c:4628
__lock_acquire+0xb80/0x7680 kernel/locking/lockdep.c:5003
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2304
pppoe_rcv_core+0xfc/0x310 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv include/net/sock.h:1117 [inline]
__sk_receive_skb+0x3f8/0x900 net/core/sock.c:569
sk_receive_skb include/net/sock.h:2040 [inline]
pppoe_rcv+0x310/0x5b4 drivers/net/ppp/pppoe.c:451
__netif_receive_skb_one_core net/core/dev.c:5528 [inline]
__netif_receive_skb+0x18c/0x400 net/core/dev.c:5642
process_backlog+0x410/0x784 net/core/dev.c:5970
__napi_poll+0xb4/0x3f0 net/core/dev.c:6537
napi_poll net/core/dev.c:6604 [inline]
net_rx_action+0x5cc/0xd3c net/core/dev.c:6718
handle_softirqs+0x318/0xd58 kernel/softirq.c:571
run_ksoftirqd+0x6c/0x29c kernel/softirq.c:938
smpboot_thread_fn+0x4b0/0x96c kernel/smpboot.c:164
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
vkms_vblank_simulate: vblank timer overrun
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: aa4cd140bba5 Linux 6.1.112
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12a2d927980000
kernel config: https://syzkaller.appspot.com/x/.config?x=853183e9ecc0ae5a
dashboard link: https://syzkaller.appspot.com/bug?extid=af56ddc562f8a9faf90f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f386960d8754/disk-aa4cd140.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a7eceea2ab69/vmlinux-aa4cd140.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b07057222188/Image-aa4cd140.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+af56dd...@syzkaller.appspotmail.com
================================
WARNING: inconsistent lock state
6.1.112-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/1/21 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff0000d5f599e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
ffff0000d5f599e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ffff0000d5f599e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2304
{SOFTIRQ-ON-W} state was registered at:
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2304
pppoe_rcv_core+0xfc/0x310 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv include/net/sock.h:1117 [inline]
__release_sock+0x1a8/0x408 net/core/sock.c:2936
release_sock+0x68/0x1cc net/core/sock.c:3500
pppoe_sendmsg+0xc8/0x5d4 drivers/net/ppp/pppoe.c:903
sock_sendmsg_nosec net/socket.c:718 [inline]
__sock_sendmsg net/socket.c:730 [inline]
____sys_sendmsg+0x55c/0x848 net/socket.c:2514
___sys_sendmsg net/socket.c:2568 [inline]
__sys_sendmmsg+0x318/0x7d8 net/socket.c:2654
__do_sys_sendmmsg net/socket.c:2683 [inline]
__se_sys_sendmmsg net/socket.c:2680 [inline]
__arm64_sys_sendmmsg+0xa0/0xbc net/socket.c:2680
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 540198
hardirqs last enabled at (540198): [<ffff8000081c715c>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:401
hardirqs last disabled at (540197): [<ffff8000081c70cc>] __local_bh_enable_ip+0x1a0/0x470 kernel/softirq.c:378
softirqs last enabled at (540186): [<ffff8000081c80cc>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (540186): [<ffff8000081c80cc>] handle_softirqs+0xb84/0xd58 kernel/softirq.c:599
softirqs last disabled at (540191): [<ffff8000081cabc0>] run_ksoftirqd+0x6c/0x29c kernel/softirq.c:938
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&pch->downl);
<Interrupt>
lock(&pch->downl);
*** DEADLOCK ***
4 locks held by ksoftirqd/1/21:
#0: ffff800015ba4f20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:349
#1: ffff0000dd3930b0 (slock-AF_PPPOX){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline]
#1: ffff0000dd3930b0 (slock-AF_PPPOX){+.-.}-{2:2}, at: __sk_receive_skb+0x164/0x900 net/core/sock.c:562
#2: ffff0000dd393130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: sk_receive_skb include/net/sock.h:2040 [inline]
#2: ffff0000dd393130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppoe_rcv+0x310/0x5b4 drivers/net/ppp/pppoe.c:451
#3: ffff800015ba4f20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:349
stack backtrace:
CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.1.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_usage_bug+0x654/0x9b0 kernel/locking/lockdep.c:3957
mark_lock_irq+0x980/0xd2c
mark_lock+0x258/0x360 kernel/locking/lockdep.c:4628
__lock_acquire+0xb80/0x7680 kernel/locking/lockdep.c:5003
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:351 [inline]
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2272 [inline]
ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2304
pppoe_rcv_core+0xfc/0x310 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv include/net/sock.h:1117 [inline]
__sk_receive_skb+0x3f8/0x900 net/core/sock.c:569
sk_receive_skb include/net/sock.h:2040 [inline]
pppoe_rcv+0x310/0x5b4 drivers/net/ppp/pppoe.c:451
__netif_receive_skb_one_core net/core/dev.c:5528 [inline]
__netif_receive_skb+0x18c/0x400 net/core/dev.c:5642
process_backlog+0x410/0x784 net/core/dev.c:5970
__napi_poll+0xb4/0x3f0 net/core/dev.c:6537
napi_poll net/core/dev.c:6604 [inline]
net_rx_action+0x5cc/0xd3c net/core/dev.c:6718
handle_softirqs+0x318/0xd58 kernel/softirq.c:571
run_ksoftirqd+0x6c/0x29c kernel/softirq.c:938
smpboot_thread_fn+0x4b0/0x96c kernel/smpboot.c:164
kthread+0x250/0x2d8 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:864
vkms_vblank_simulate: vblank timer overrun
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jan 23, 2025, 4:01:15 PM1/23/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages