[syzbot] [mm?] BUG: sleeping function called from invalid context in shmem_inode_acct_blocks
1 view
Skip to first unread message
syzbot
1:20 AM (3 hours ago) 1:20 AM
to ak...@linux-foundation.org, baoli...@linux.alibaba.com, hu...@google.com, linux-...@vger.kernel.org, linu...@kvack.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f2abc305aa93 riscv: Define __riscv_copy_{,vec_}{words,byte..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git for-next
console output: https://syzkaller.appspot.com/x/log.txt?x=15b358c8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1cf93e35eaea44b1
dashboard link: https://syzkaller.appspot.com/bug?extid=7978e769e19888e1171e
compiler: riscv64-linux-gnu-gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
userspace arch: riscv64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-f2abc305.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/94904c75b810/vmlinux-f2abc305.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2195b3067ea1/Image-f2abc305.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7978e7...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at mm/shmem.c:230
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3023, name: syslogd
preempt_count: 0, expected: 0
RCU nest depth: 2, expected: 0
4 locks held by syslogd/3023:
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: __sb_start_write include/linux/fs/super.h:19 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: sb_start_write include/linux/fs/super.h:125 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x8a0/0xc78 fs/read_write.c:684
#1: ffffaf801cacb280 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
#1: ffffaf801cacb280 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: shmem_file_write_iter+0x78/0x138 mm/shmem.c:3468
#2: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#2: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
#3: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#3: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
CPU: 1 UID: 0 PID: 3023 Comm: syslogd Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8007c6da>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:149
[<ffffffff80003284>] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:155
[<ffffffff80060a24>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff80060a24>] dump_stack_lvl+0x114/0x1ac lib/dump_stack.c:120
[<ffffffff80060ad8>] dump_stack+0x1c/0x28 lib/dump_stack.c:129
[<ffffffff8021bac6>] __might_resched+0x556/0x5b4 kernel/sched/core.c:9162
[<ffffffff8021bba4>] __might_sleep+0x80/0xc4 kernel/sched/core.c:9091
[<ffffffff80981e9a>] shmem_inode_acct_blocks+0xaa/0x410 mm/shmem.c:230
[<ffffffff80986cf4>] shmem_alloc_and_add_folio+0x544/0x1a1c mm/shmem.c:2005
[<ffffffff8098b412>] shmem_get_folio_gfp+0x5ea/0x173c mm/shmem.c:2564
[<ffffffff8098e9d6>] shmem_get_folio mm/shmem.c:2670 [inline]
[<ffffffff8098e9d6>] shmem_write_begin+0x17e/0x360 mm/shmem.c:3303
[<ffffffff808c2c7e>] generic_perform_write+0x23e/0x944 mm/filemap.c:4325
[<ffffffff80974aa4>] shmem_file_write_iter+0x110/0x138 mm/shmem.c:3478
[<ffffffff80cbfcac>] new_sync_write fs/read_write.c:595 [inline]
[<ffffffff80cbfcac>] vfs_write+0x648/0xc78 fs/read_write.c:688
[<ffffffff80cc06ce>] ksys_write+0x126/0x238 fs/read_write.c:740
[<ffffffff80cc084e>] __do_sys_write fs/read_write.c:751 [inline]
[<ffffffff80cc084e>] __se_sys_write fs/read_write.c:748 [inline]
[<ffffffff80cc084e>] __riscv_sys_write+0x6e/0x94 fs/read_write.c:748
[<ffffffff80078f0a>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff8648ebf0>] do_trap_ecall_u+0x3dc/0x61c arch/riscv/kernel/traps.c:342
[<ffffffff864b9f62>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Tainted: G W
------------------------------------------------
syslogd/3023 is leaving the kernel with locks still held!
2 locks held by syslogd/3023:
#0: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#0: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
#1: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#1: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
------------[ cut here ]------------
Voluntary context switch within RCU read-side critical section!
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: f2abc305aa93 riscv: Define __riscv_copy_{,vec_}{words,byte..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git for-next
console output: https://syzkaller.appspot.com/x/log.txt?x=15b358c8580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1cf93e35eaea44b1
dashboard link: https://syzkaller.appspot.com/bug?extid=7978e769e19888e1171e
compiler: riscv64-linux-gnu-gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44
userspace arch: riscv64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/a741b348759c/non_bootable_disk-f2abc305.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/94904c75b810/vmlinux-f2abc305.xz
kernel image: https://storage.googleapis.com/syzbot-assets/2195b3067ea1/Image-f2abc305.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7978e7...@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at mm/shmem.c:230
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3023, name: syslogd
preempt_count: 0, expected: 0
RCU nest depth: 2, expected: 0
4 locks held by syslogd/3023:
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: __sb_start_write include/linux/fs/super.h:19 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: sb_start_write include/linux/fs/super.h:125 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
#0: ffffaf801c0dc410 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x8a0/0xc78 fs/read_write.c:684
#1: ffffaf801cacb280 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: inode_lock include/linux/fs.h:1029 [inline]
#1: ffffaf801cacb280 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: shmem_file_write_iter+0x78/0x138 mm/shmem.c:3468
#2: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#2: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
#3: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#3: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
CPU: 1 UID: 0 PID: 3023 Comm: syslogd Tainted: G W syzkaller #0 PREEMPT
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8007c6da>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:149
[<ffffffff80003284>] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:155
[<ffffffff80060a24>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff80060a24>] dump_stack_lvl+0x114/0x1ac lib/dump_stack.c:120
[<ffffffff80060ad8>] dump_stack+0x1c/0x28 lib/dump_stack.c:129
[<ffffffff8021bac6>] __might_resched+0x556/0x5b4 kernel/sched/core.c:9162
[<ffffffff8021bba4>] __might_sleep+0x80/0xc4 kernel/sched/core.c:9091
[<ffffffff80981e9a>] shmem_inode_acct_blocks+0xaa/0x410 mm/shmem.c:230
[<ffffffff80986cf4>] shmem_alloc_and_add_folio+0x544/0x1a1c mm/shmem.c:2005
[<ffffffff8098b412>] shmem_get_folio_gfp+0x5ea/0x173c mm/shmem.c:2564
[<ffffffff8098e9d6>] shmem_get_folio mm/shmem.c:2670 [inline]
[<ffffffff8098e9d6>] shmem_write_begin+0x17e/0x360 mm/shmem.c:3303
[<ffffffff808c2c7e>] generic_perform_write+0x23e/0x944 mm/filemap.c:4325
[<ffffffff80974aa4>] shmem_file_write_iter+0x110/0x138 mm/shmem.c:3478
[<ffffffff80cbfcac>] new_sync_write fs/read_write.c:595 [inline]
[<ffffffff80cbfcac>] vfs_write+0x648/0xc78 fs/read_write.c:688
[<ffffffff80cc06ce>] ksys_write+0x126/0x238 fs/read_write.c:740
[<ffffffff80cc084e>] __do_sys_write fs/read_write.c:751 [inline]
[<ffffffff80cc084e>] __se_sys_write fs/read_write.c:748 [inline]
[<ffffffff80cc084e>] __riscv_sys_write+0x6e/0x94 fs/read_write.c:748
[<ffffffff80078f0a>] syscall_handler+0x92/0x114 arch/riscv/include/asm/syscall.h:112
[<ffffffff8648ebf0>] do_trap_ecall_u+0x3dc/0x61c arch/riscv/kernel/traps.c:342
[<ffffffff864b9f62>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
================================================
WARNING: lock held when returning to user space!
syzkaller #0 Tainted: G W
------------------------------------------------
syslogd/3023 is leaving the kernel with locks still held!
2 locks held by syslogd/3023:
#0: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#0: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
#1: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: folio_pgdat include/linux/mm.h:2495 [inline]
#1: ffffffff887f4120 (rcu_read_lock){....}-{1:3}, at: lruvec_stat_mod_folio+0x5a/0x25c mm/memcontrol.c:971
------------[ cut here ]------------
Voluntary context switch within RCU read-side critical section!
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages