[syzbot] [iommu?] WARNING in iommufd_device_unbind
38 views
Skip to first unread message
syzbot
Nov 22, 2024, 3:17:26 AM11/22/24
to io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org
Hello,
syzbot found the following issue on:
HEAD commit: c6d64479d609 Merge tag 'pull-statx' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=129a0ae8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b3b3b2f3eaae51f9
dashboard link: https://syzkaller.appspot.com/bug?extid=c92878e123785b1fa2db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17da1bf7980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9d212f6bb1af/disk-c6d64479.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/21a14342211b/vmlinux-c6d64479.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f96c41f3e4a6/bzImage-c6d64479.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
iommufd: Time out waiting for iommufd object to become free
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6050 at drivers/iommu/iommufd/iommufd_private.h:208 iommufd_object_destroy_user drivers/iommu/iommufd/iommufd_private.h:208 [inline]
WARNING: CPU: 1 PID: 6050 at drivers/iommu/iommufd/iommufd_private.h:208 iommufd_device_unbind+0x81/0xa0 drivers/iommu/iommufd/device.c:280
Modules linked in:
CPU: 1 UID: 0 PID: 6050 Comm: syz.3.18 Not tainted 6.12.0-syzkaller-00239-gc6d64479d609 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:iommufd_object_destroy_user drivers/iommu/iommufd/iommufd_private.h:208 [inline]
RIP: 0010:iommufd_device_unbind+0x81/0xa0 drivers/iommu/iommufd/device.c:280
Code: 00 e8 83 76 01 00 89 c3 31 ff 89 c6 e8 b8 85 43 fc 85 db 75 0f e8 6f 81 43 fc 5b 41 5e 41 5f c3 cc cc cc cc e8 60 81 43 fc 90 <0f> 0b 90 eb eb 89 f9 80 e1 07 80 c1 03 38 c1 7c b8 e8 d9 44 aa fc
RSP: 0018:ffffc90003017c38 EFLAGS: 00010293
RAX: ffffffff85516f50 RBX: 00000000fffffff0 RCX: ffff88802c693c00
RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 0000000000000000
RBP: ffffc90003017d70 R08: ffffffff85516f38 R09: 1ffff11005b9b140
R10: dffffc0000000000 R11: ffffed1005b9b141 R12: ffff888034149718
R13: ffff888034149700 R14: ffff888028d2c400 R15: dffffc0000000000
FS: 00007f2573c136c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c001633e80 CR3: 0000000032fda000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iommufd_selftest_destroy+0x95/0xe0 drivers/iommu/iommufd/selftest.c:1439
iommufd_object_remove+0x3b6/0x530 drivers/iommu/iommufd/main.c:211
iommufd_fops_ioctl+0x4d6/0x5a0 drivers/iommu/iommufd/main.c:424
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2572d7e759
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2573c13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f2572f36058 RCX: 00007f2572d7e759
RDX: 0000000020000400 RSI: 0000000000003b80 RDI: 0000000000000003
RBP: 00007f2572df175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f2572f36058 R15: 00007ffefd725ea8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c6d64479d609 Merge tag 'pull-statx' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=129a0ae8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=b3b3b2f3eaae51f9
dashboard link: https://syzkaller.appspot.com/bug?extid=c92878e123785b1fa2db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17da1bf7980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/9d212f6bb1af/disk-c6d64479.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/21a14342211b/vmlinux-c6d64479.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f96c41f3e4a6/bzImage-c6d64479.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
iommufd: Time out waiting for iommufd object to become free
------------[ cut here ]------------
WARNING: CPU: 1 PID: 6050 at drivers/iommu/iommufd/iommufd_private.h:208 iommufd_object_destroy_user drivers/iommu/iommufd/iommufd_private.h:208 [inline]
WARNING: CPU: 1 PID: 6050 at drivers/iommu/iommufd/iommufd_private.h:208 iommufd_device_unbind+0x81/0xa0 drivers/iommu/iommufd/device.c:280
Modules linked in:
CPU: 1 UID: 0 PID: 6050 Comm: syz.3.18 Not tainted 6.12.0-syzkaller-00239-gc6d64479d609 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
RIP: 0010:iommufd_object_destroy_user drivers/iommu/iommufd/iommufd_private.h:208 [inline]
RIP: 0010:iommufd_device_unbind+0x81/0xa0 drivers/iommu/iommufd/device.c:280
Code: 00 e8 83 76 01 00 89 c3 31 ff 89 c6 e8 b8 85 43 fc 85 db 75 0f e8 6f 81 43 fc 5b 41 5e 41 5f c3 cc cc cc cc e8 60 81 43 fc 90 <0f> 0b 90 eb eb 89 f9 80 e1 07 80 c1 03 38 c1 7c b8 e8 d9 44 aa fc
RSP: 0018:ffffc90003017c38 EFLAGS: 00010293
RAX: ffffffff85516f50 RBX: 00000000fffffff0 RCX: ffff88802c693c00
RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 0000000000000000
RBP: ffffc90003017d70 R08: ffffffff85516f38 R09: 1ffff11005b9b140
R10: dffffc0000000000 R11: ffffed1005b9b141 R12: ffff888034149718
R13: ffff888034149700 R14: ffff888028d2c400 R15: dffffc0000000000
FS: 00007f2573c136c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c001633e80 CR3: 0000000032fda000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iommufd_selftest_destroy+0x95/0xe0 drivers/iommu/iommufd/selftest.c:1439
iommufd_object_remove+0x3b6/0x530 drivers/iommu/iommufd/main.c:211
iommufd_fops_ioctl+0x4d6/0x5a0 drivers/iommu/iommufd/main.c:424
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f2572d7e759
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2573c13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f2572f36058 RCX: 00007f2572d7e759
RDX: 0000000020000400 RSI: 0000000000003b80 RDI: 0000000000000003
RBP: 00007f2572df175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f2572f36058 R15: 00007ffefd725ea8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Suraj Sonawane
Nov 22, 2024, 11:26:20 AM11/22/24
to syzbot, io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org
#syz test
--
You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/syzkaller-bugs/67403e13.050a0220.3c9d61.018d.GAE%40google.com.
syzbot
Nov 22, 2024, 12:05:05 PM11/22/24
to io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, surajson...@gmail.com, syzkall...@googlegroups.com, wi...@kernel.org
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in iommufd_object_remove
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6664 Comm: syz.3.18 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3-dirty #0
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
assign_lock_key+0x241/0x280 kernel/locking/lockdep.c:981
register_lock_class+0x1cf/0x980 kernel/locking/lockdep.c:1295
__lock_acquire+0xf3/0x2100 kernel/locking/lockdep.c:5101
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
iommufd_object_remove+0x3b7/0x770 drivers/iommu/iommufd/main.c:149
iommufd_fops_ioctl+0x4d6/0x5a0 drivers/iommu/iommufd/main.c:418
RAX: ffffffffffffffda RBX: 00007fd7df736058 RCX: 00007fd7df57e759
</TASK>
Tested on:
commit: 28eb75e1 Merge tag 'drm-next-2024-11-21' of https://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12817ec0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: trying to register non-static key in iommufd_object_remove
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 UID: 0 PID: 6664 Comm: syz.3.18 Not tainted 6.12.0-syzkaller-07749-g28eb75e178d3-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
assign_lock_key+0x241/0x280 kernel/locking/lockdep.c:981
register_lock_class+0x1cf/0x980 kernel/locking/lockdep.c:1295
__lock_acquire+0xf3/0x2100 kernel/locking/lockdep.c:5101
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x1ac/0xee0 kernel/locking/mutex.c:735
iommufd_object_remove+0x3b7/0x770 drivers/iommu/iommufd/main.c:149
iommufd_fops_ioctl+0x4d6/0x5a0 drivers/iommu/iommufd/main.c:418
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd7df57e759
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd7e0445038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fd7df736058 RCX: 00007fd7df57e759
RDX: 0000000020000400 RSI: 0000000000003b80 RDI: 0000000000000003
RBP: 00007fd7df5f175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fd7df736058 R15: 00007ffc4693c708
</TASK>
Tested on:
commit: 28eb75e1 Merge tag 'drm-next-2024-11-21' of https://gi..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12817ec0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
dashboard link: https://syzkaller.appspot.com/bug?extid=c92878e123785b1fa2db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=16933930580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Suraj Sonawane
Nov 23, 2024, 2:18:52 AM11/23/24
to syzbot, io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org
syzbot
Nov 23, 2024, 2:53:05 AM11/23/24
to io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, surajson...@gmail.com, syzkall...@googlegroups.com, wi...@kernel.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f5bb78580000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16f5bb78580000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
dashboard link: https://syzkaller.appspot.com/bug?extid=c92878e123785b1fa2db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1350975f980000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
Suraj Sonawane
Nov 23, 2024, 6:09:08 AM11/23/24
to syzbot, io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org
syzbot
Nov 23, 2024, 6:32:05 AM11/23/24
to io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, surajson...@gmail.com, syzkall...@googlegroups.com, wi...@kernel.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
git tree: upstream
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
console output: https://syzkaller.appspot.com/x/log.txt?x=102a81c0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
dashboard link: https://syzkaller.appspot.com/bug?extid=c92878e123785b1fa2db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1686975f980000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Suraj Sonawane
Nov 23, 2024, 8:24:53 AM11/23/24
to syzbot, io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org
syzbot
Nov 23, 2024, 11:06:04 AM11/23/24
to io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, surajson...@gmail.com, syzkall...@googlegroups.com, wi...@kernel.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
git tree: upstream
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested-by: syzbot+c92878...@syzkaller.appspotmail.com
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
console output: https://syzkaller.appspot.com/x/log.txt?x=17ab7b78580000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
dashboard link: https://syzkaller.appspot.com/bug?extid=c92878e123785b1fa2db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=121981c0580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Suraj Sonawane
Nov 23, 2024, 12:07:07 PM11/23/24
to syzbot, io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, syzkall...@googlegroups.com, wi...@kernel.org
syzbot
Nov 23, 2024, 12:40:04 PM11/23/24
to io...@lists.linux.dev, j...@ziepe.ca, jo...@8bytes.org, kevin...@intel.com, linux-...@vger.kernel.org, robin....@arm.com, surajson...@gmail.com, syzkall...@googlegroups.com, wi...@kernel.org
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in iommufd_device_unbind
iommufd: Time out waiting for iommufd object to become free
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7718 at drivers/iommu/iommufd/iommufd_private.h:190 iommufd_object_destroy_user drivers/iommu/iommufd/iommufd_private.h:190 [inline]
WARNING: CPU: 1 PID: 7718 at drivers/iommu/iommufd/iommufd_private.h:190 iommufd_device_unbind+0x81/0xa0 drivers/iommu/iommufd/device.c:280
Modules linked in:
CPU: 1 UID: 0 PID: 7718 Comm: syz.2.28 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:iommufd_object_destroy_user drivers/iommu/iommufd/iommufd_private.h:190 [inline]
RSP: 0000:ffffc9000558fc38 EFLAGS: 00010293
RAX: ffffffff8548efc0 RBX: 00000000fffffff0 RCX: ffff88802b943c00
R10: dffffc0000000000 R11: ffffed1004af9f01 R12: ffff88803200d698
R13: ffff88803200d680 R14: ffff88807d293c00 R15: dffffc0000000000
FS: 00007f8c8c5a06c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
iommufd_object_remove+0x3b6/0x530 drivers/iommu/iommufd/main.c:185
iommufd_fops_ioctl+0x4d6/0x5a0 drivers/iommu/iommufd/main.c:409
RAX: ffffffffffffffda RBX: 00007f8c8b936058 RCX: 00007f8c8b77e759
</TASK>
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=178f975f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
iommufd: Time out waiting for iommufd object to become free
------------[ cut here ]------------
WARNING: CPU: 1 PID: 7718 at drivers/iommu/iommufd/iommufd_private.h:190 iommufd_device_unbind+0x81/0xa0 drivers/iommu/iommufd/device.c:280
Modules linked in:
CPU: 1 UID: 0 PID: 7718 Comm: syz.2.28 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:iommufd_object_destroy_user drivers/iommu/iommufd/iommufd_private.h:190 [inline]
RIP: 0010:iommufd_device_unbind+0x81/0xa0 drivers/iommu/iommufd/device.c:280
Code: 00 e8 13 a6 01 00 89 c3 31 ff 89 c6 e8 78 61 4c fc 85 db 75 0f e8 2f 5d 4c fc 5b 41 5e 41 5f c3 cc cc cc cc e8 20 5d 4c fc 90 <0f> 0b 90 eb eb 89 f9 80 e1 07 80 c1 03 38 c1 7c b8 e8 a9 f1 b3 fc
RSP: 0000:ffffc9000558fc38 EFLAGS: 00010293
RAX: ffffffff8548efc0 RBX: 00000000fffffff0 RCX: ffff88802b943c00
RDX: 0000000000000000 RSI: 00000000fffffff0 RDI: 0000000000000000
RBP: ffffc9000558fd70 R08: ffffffff8548efa8 R09: 1ffff11004af9f00
R10: dffffc0000000000 R11: ffffed1004af9f01 R12: ffff88803200d698
R13: ffff88803200d680 R14: ffff88807d293c00 R15: dffffc0000000000
FS: 00007f8c8c5a06c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020b04000 CR3: 000000006c9d0000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iommufd_selftest_destroy+0x95/0xe0 drivers/iommu/iommufd/selftest.c:1621
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
iommufd_object_remove+0x3b6/0x530 drivers/iommu/iommufd/main.c:185
iommufd_fops_ioctl+0x4d6/0x5a0 drivers/iommu/iommufd/main.c:409
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8c8b77e759
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8c8c5a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f8c8b936058 RCX: 00007f8c8b77e759
RDX: 0000000020000400 RSI: 0000000000003b80 RDI: 0000000000000003
RBP: 00007f8c8b7f175e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f8c8b936058 R15: 00007fffb80aeab8
</TASK>
Tested on:
commit: 228a1157 Merge tag '6.13-rc-part1-SMB3-client-fixes' o..
console output: https://syzkaller.appspot.com/x/log.txt?x=178f975f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=402159daa216c89d
dashboard link: https://syzkaller.appspot.com/bug?extid=c92878e123785b1fa2db
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1585a9c0580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Reply all
Reply to author
Forward
0 new messages