[syzbot] WARNING in print_bfs_bug (2)
11 views
Skip to first unread message
syzbot
Dec 29, 2022, 10:51:40 AM12/29/22
to da...@davemloft.net, edum...@google.com, ji...@resnulli.us, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 72a85e2b0a1e Merge tag 'spi-fix-v6.2-rc1' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10127b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=b0e81c4eb13a67cd
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bf5b7ea54f05/disk-72a85e2b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cd3c30b473ee/vmlinux-72a85e2b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/df9aad922f68/bzImage-72a85e2b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+630f83...@syzkaller.appspotmail.com
device team1929 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device team1929
------------[ cut here ]------------
lockdep bfs error:-1
WARNING: CPU: 0 PID: 17604 at kernel/locking/lockdep.c:2066 print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2066
Modules linked in:
CPU: 0 PID: 17604 Comm: syz-executor.2 Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2066
Code: 84 00 00 00 00 00 66 90 55 89 fd 53 e8 17 67 a5 02 89 c3 e8 60 fd ff ff 85 db 74 10 89 ee 48 c7 c7 20 42 4c 8a e8 c3 48 5c 08 <0f> 0b 5b 5d c3 66 0f 1f 84 00 00 00 00 00 41 57 be fd ff 0f 00 41
RSP: 0018:ffffc90016386800 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff8165927c RDI: fffff52002c70cf2
RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000002 R11: 207065646b636f6c R12: ffff8881bee94d08
R13: ffff8881bee94d30 R14: ffff8881bee94280 R15: ffffc90016386910
FS: 00007f3023c34700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f589d7a6cc4 CR3: 00000001b2879000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_irq_usage+0x69a/0xab0 kernel/locking/lockdep.c:2791
check_prev_add kernel/locking/lockdep.c:3101 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain kernel/locking/lockdep.c:3831 [inline]
__lock_acquire+0x2a5b/0x56d0 kernel/locking/lockdep.c:5055
lock_acquire kernel/locking/lockdep.c:5668 [inline]
lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
psi_group_change+0x138/0xc10 kernel/sched/psi.c:775
psi_task_switch+0x582/0x930 kernel/sched/psi.c:926
psi_sched_switch kernel/sched/stats.h:185 [inline]
__schedule+0x379b/0x5450 kernel/sched/core.c:6550
preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6724
preempt_schedule_thunk+0x1a/0x20 arch/x86/entry/thunk_64.S:34
__mutex_lock_common kernel/locking/mutex.c:728 [inline]
__mutex_lock+0xfff/0x1360 kernel/locking/mutex.c:747
team_vlan_rx_add_vid+0x3c/0x1e0 drivers/net/team/team.c:1906
vlan_add_rx_filter_info+0x149/0x1d0 net/8021q/vlan_core.c:211
__vlan_vid_add net/8021q/vlan_core.c:306 [inline]
vlan_vid_add+0x3f6/0x7f0 net/8021q/vlan_core.c:336
vlan_device_event.cold+0x28/0x2d net/8021q/vlan.c:385
notifier_call_chain+0xb5/0x200 kernel/notifier.c:87
call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1944
call_netdevice_notifiers_extack net/core/dev.c:1982 [inline]
call_netdevice_notifiers net/core/dev.c:1996 [inline]
__dev_notify_flags+0x120/0x2d0 net/core/dev.c:8569
rtnl_configure_link+0x181/0x260 net/core/rtnetlink.c:3241
rtnl_newlink_create net/core/rtnetlink.c:3415 [inline]
__rtnl_newlink+0x10f6/0x1840 net/core/rtnetlink.c:3624
rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3637
rtnetlink_rcv_msg+0x43e/0xca0 net/core/rtnetlink.c:6141
netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
____sys_sendmsg+0x712/0x8c0 net/socket.c:2476
___sys_sendmsg+0x110/0x1b0 net/socket.c:2530
__sys_sendmsg+0xf7/0x1c0 net/socket.c:2559
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3022e8c0a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3023c34168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f3022fabf80 RCX: 00007f3022e8c0a9
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007
RBP: 00007f3022ee7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb966cb2f R14: 00007f3023c34300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 72a85e2b0a1e Merge tag 'spi-fix-v6.2-rc1' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10127b44480000
kernel config: https://syzkaller.appspot.com/x/.config?x=b0e81c4eb13a67cd
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/bf5b7ea54f05/disk-72a85e2b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cd3c30b473ee/vmlinux-72a85e2b.xz
kernel image: https://storage.googleapis.com/syzbot-assets/df9aad922f68/bzImage-72a85e2b.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+630f83...@syzkaller.appspotmail.com
device team1929 entered promiscuous mode
8021q: adding VLAN 0 to HW filter on device team1929
------------[ cut here ]------------
lockdep bfs error:-1
WARNING: CPU: 0 PID: 17604 at kernel/locking/lockdep.c:2066 print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2066
Modules linked in:
CPU: 0 PID: 17604 Comm: syz-executor.2 Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2066
Code: 84 00 00 00 00 00 66 90 55 89 fd 53 e8 17 67 a5 02 89 c3 e8 60 fd ff ff 85 db 74 10 89 ee 48 c7 c7 20 42 4c 8a e8 c3 48 5c 08 <0f> 0b 5b 5d c3 66 0f 1f 84 00 00 00 00 00 41 57 be fd ff 0f 00 41
RSP: 0018:ffffc90016386800 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000040000 RSI: ffffffff8165927c RDI: fffff52002c70cf2
RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000002 R11: 207065646b636f6c R12: ffff8881bee94d08
R13: ffff8881bee94d30 R14: ffff8881bee94280 R15: ffffc90016386910
FS: 00007f3023c34700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f589d7a6cc4 CR3: 00000001b2879000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_irq_usage+0x69a/0xab0 kernel/locking/lockdep.c:2791
check_prev_add kernel/locking/lockdep.c:3101 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain kernel/locking/lockdep.c:3831 [inline]
__lock_acquire+0x2a5b/0x56d0 kernel/locking/lockdep.c:5055
lock_acquire kernel/locking/lockdep.c:5668 [inline]
lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline]
do_write_seqcount_begin include/linux/seqlock.h:541 [inline]
psi_group_change+0x138/0xc10 kernel/sched/psi.c:775
psi_task_switch+0x582/0x930 kernel/sched/psi.c:926
psi_sched_switch kernel/sched/stats.h:185 [inline]
__schedule+0x379b/0x5450 kernel/sched/core.c:6550
preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6724
preempt_schedule_thunk+0x1a/0x20 arch/x86/entry/thunk_64.S:34
__mutex_lock_common kernel/locking/mutex.c:728 [inline]
__mutex_lock+0xfff/0x1360 kernel/locking/mutex.c:747
team_vlan_rx_add_vid+0x3c/0x1e0 drivers/net/team/team.c:1906
vlan_add_rx_filter_info+0x149/0x1d0 net/8021q/vlan_core.c:211
__vlan_vid_add net/8021q/vlan_core.c:306 [inline]
vlan_vid_add+0x3f6/0x7f0 net/8021q/vlan_core.c:336
vlan_device_event.cold+0x28/0x2d net/8021q/vlan.c:385
notifier_call_chain+0xb5/0x200 kernel/notifier.c:87
call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1944
call_netdevice_notifiers_extack net/core/dev.c:1982 [inline]
call_netdevice_notifiers net/core/dev.c:1996 [inline]
__dev_notify_flags+0x120/0x2d0 net/core/dev.c:8569
rtnl_configure_link+0x181/0x260 net/core/rtnetlink.c:3241
rtnl_newlink_create net/core/rtnetlink.c:3415 [inline]
__rtnl_newlink+0x10f6/0x1840 net/core/rtnetlink.c:3624
rtnl_newlink+0x68/0xa0 net/core/rtnetlink.c:3637
rtnetlink_rcv_msg+0x43e/0xca0 net/core/rtnetlink.c:6141
netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2564
netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1356
netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1932
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
____sys_sendmsg+0x712/0x8c0 net/socket.c:2476
___sys_sendmsg+0x110/0x1b0 net/socket.c:2530
__sys_sendmsg+0xf7/0x1c0 net/socket.c:2559
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f3022e8c0a9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f3023c34168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f3022fabf80 RCX: 00007f3022e8c0a9
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007
RBP: 00007f3022ee7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb966cb2f R14: 00007f3023c34300 R15: 0000000000022000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Apr 29, 2023, 9:38:36 AM4/29/23
to da...@davemloft.net, edum...@google.com, ji...@resnulli.us, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 042334a8d424 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11869168280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7205cdba522fe4bc
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1665151c280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e9818e554a99/disk-042334a8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/de8daea0ee8b/vmlinux-042334a8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/71f9842dcf98/bzImage-042334a8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+630f83...@syzkaller.appspotmail.com
netlink: 4 bytes leftover after parsing attributes in process `syz-executor204'.
Modules linked in:
CPU: 0 PID: 10222 Comm: syz-executor204 Not tainted 6.3.0-syzkaller-07921-g042334a8d424 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
Code: 84 00 00 00 00 00 66 90 55 89 fd 53 e8 c7 34 a9 02 89 c3 e8 60 fd ff ff 85 db 74 10 89 ee 48 c7 c7 20 68 4c 8a e8 3e bb e7 ff <0f> 0b 5b 5d c3 66 0f 1f 84 00 00 00 00 00 53 31 c9 31 d2 31 f6 48
RSP: 0018:ffffc9000e906ba0 EFLAGS: 00010082
RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802176a950
R13: 0000000000000037 R14: ffffc9000e906cc8 R15: 0000000000000000
FS: 0000555556212300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
check_prev_add kernel/locking/lockdep.c:3112 [inline]
check_prevs_add kernel/locking/lockdep.c:3227 [inline]
validate_chain kernel/locking/lockdep.c:3842 [inline]
__lock_acquire+0x2f39/0x5df0 kernel/locking/lockdep.c:5074
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
mm_cid_put kernel/sched/sched.h:3270 [inline]
mm_cid_put kernel/sched/sched.h:3265 [inline]
switch_mm_cid kernel/sched/sched.h:3298 [inline]
prepare_task_switch kernel/sched/core.c:5117 [inline]
context_switch kernel/sched/core.c:5258 [inline]
__schedule+0x26a3/0x5770 kernel/sched/core.c:6625
preempt_schedule_common+0x45/0xb0 kernel/sched/core.c:6794
team_nl_team_get+0x10f/0x1c0 drivers/net/team/team.c:2320
team_nl_cmd_options_set+0xa0/0xc80 drivers/net/team/team.c:2543
genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968
genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065
netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2546
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0xde/0x190 net/socket.c:747
____sys_sendmsg+0x71c/0x900 net/socket.c:2503
___sys_sendmsg+0x110/0x1b0 net/socket.c:2557
__sys_sendmsg+0xf7/0x1c0 net/socket.c:2586
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd09390778 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000000eee12 RCX: 00007f6c98a82b29
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffd09390918
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd0939078c
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 042334a8d424 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11869168280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7205cdba522fe4bc
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=147328f8280000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1665151c280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e9818e554a99/disk-042334a8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/de8daea0ee8b/vmlinux-042334a8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/71f9842dcf98/bzImage-042334a8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+630f83...@syzkaller.appspotmail.com
------------[ cut here ]------------
lockdep bfs error:-1
WARNING: CPU: 0 PID: 10222 at kernel/locking/lockdep.c:2077 print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
lockdep bfs error:-1
Modules linked in:
CPU: 0 PID: 10222 Comm: syz-executor204 Not tainted 6.3.0-syzkaller-07921-g042334a8d424 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
Code: 84 00 00 00 00 00 66 90 55 89 fd 53 e8 c7 34 a9 02 89 c3 e8 60 fd ff ff 85 db 74 10 89 ee 48 c7 c7 20 68 4c 8a e8 3e bb e7 ff <0f> 0b 5b 5d c3 66 0f 1f 84 00 00 00 00 00 53 31 c9 31 d2 31 f6 48
RSP: 0018:ffffc9000e906ba0 EFLAGS: 00010082
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff888021769dc0 RSI: ffffffff814bef47 RDI: 0000000000000001
RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88802176a950
R13: 0000000000000037 R14: ffffc9000e906cc8 R15: 0000000000000000
FS: 0000555556212300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f6c98af3140 CR3: 000000002236d000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_irq_usage+0x56c/0x1a40 kernel/locking/lockdep.c:2845
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_prev_add kernel/locking/lockdep.c:3112 [inline]
check_prevs_add kernel/locking/lockdep.c:3227 [inline]
validate_chain kernel/locking/lockdep.c:3842 [inline]
__lock_acquire+0x2f39/0x5df0 kernel/locking/lockdep.c:5074
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
mm_cid_put kernel/sched/sched.h:3270 [inline]
mm_cid_put kernel/sched/sched.h:3265 [inline]
switch_mm_cid kernel/sched/sched.h:3298 [inline]
prepare_task_switch kernel/sched/core.c:5117 [inline]
context_switch kernel/sched/core.c:5258 [inline]
__schedule+0x26a3/0x5770 kernel/sched/core.c:6625
preempt_schedule_common+0x45/0xb0 kernel/sched/core.c:6794
preempt_schedule_thunk+0x1a/0x20 arch/x86/entry/thunk_64.S:34
__mutex_lock_common kernel/locking/mutex.c:728 [inline]
__mutex_lock+0xfe5/0x1350 kernel/locking/mutex.c:747
__mutex_lock_common kernel/locking/mutex.c:728 [inline]
team_nl_team_get+0x10f/0x1c0 drivers/net/team/team.c:2320
team_nl_cmd_options_set+0xa0/0xc80 drivers/net/team/team.c:2543
genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968
genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065
netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2546
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1913
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0xde/0x190 net/socket.c:747
____sys_sendmsg+0x71c/0x900 net/socket.c:2503
___sys_sendmsg+0x110/0x1b0 net/socket.c:2557
__sys_sendmsg+0xf7/0x1c0 net/socket.c:2586
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6c98a82b29
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd09390778 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000000eee12 RCX: 00007f6c98a82b29
RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffd09390918
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd0939078c
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Apr 29, 2023, 6:54:29 PM4/29/23
to bro...@kernel.org, da...@davemloft.net, edum...@google.com, gro...@chromium.org, ji...@resnulli.us, ku...@kernel.org, linm...@gmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, tzu...@kernel.org, vi...@zeniv.linux.org.uk
syzbot has bisected this issue to:
commit 0a034d93ee929a9ea89f3fa5f1d8492435b9ee6e
Author: Miaoqian Lin <linm...@gmail.com>
Date: Fri Jun 3 13:10:43 2022 +0000
ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13d40608280000
start commit: 042334a8d424 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: net-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=10340608280000
console output: https://syzkaller.appspot.com/x/log.txt?x=17d40608280000
Fixes: 0a034d93ee92 ("ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 0a034d93ee929a9ea89f3fa5f1d8492435b9ee6e
Author: Miaoqian Lin <linm...@gmail.com>
Date: Fri Jun 3 13:10:43 2022 +0000
ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=13d40608280000
start commit: 042334a8d424 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: net-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=10340608280000
console output: https://syzkaller.appspot.com/x/log.txt?x=17d40608280000
kernel config: https://syzkaller.appspot.com/x/.config?x=7205cdba522fe4bc
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=147328f8280000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1665151c280000
Reported-by: syzbot+630f83...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1665151c280000
Fixes: 0a034d93ee92 ("ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Hillf Danton
Apr 29, 2023, 7:54:57 PM4/29/23
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On 29 Apr 2023 06:38:35 -0700
Make the cid lock irq safe.
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git 042334a8d424
--- x/kernel/sched/sched.h
+++ y/kernel/sched/sched.h
@@ -3264,22 +3264,25 @@ static inline int __mm_cid_get(struct mm
static inline void mm_cid_put(struct mm_struct *mm, int cid)
{
+ unsigned long flags;
+
lockdep_assert_irqs_disabled();
if (cid < 0)
return;
- raw_spin_lock(&mm->cid_lock);
+ raw_spin_lock_irqsave(&mm->cid_lock, flags);
__cpumask_clear_cpu(cid, mm_cidmask(mm));
- raw_spin_unlock(&mm->cid_lock);
+ raw_spin_unlock_irqrestore(&mm->cid_lock, flags);
}
static inline int mm_cid_get(struct mm_struct *mm)
{
+ unsigned long flags;
int ret;
lockdep_assert_irqs_disabled();
- raw_spin_lock(&mm->cid_lock);
+ raw_spin_lock_irqsave(&mm->cid_lock, flags);
ret = __mm_cid_get(mm);
- raw_spin_unlock(&mm->cid_lock);
+ raw_spin_unlock_irqrestore(&mm->cid_lock, flags);
return ret;
}
--
> HEAD commit: 042334a8d424 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
> git tree: net-next
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1665151c280000
> git tree: net-next
Make the cid lock irq safe.
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git 042334a8d424
--- x/kernel/sched/sched.h
+++ y/kernel/sched/sched.h
@@ -3264,22 +3264,25 @@ static inline int __mm_cid_get(struct mm
static inline void mm_cid_put(struct mm_struct *mm, int cid)
{
+ unsigned long flags;
+
lockdep_assert_irqs_disabled();
if (cid < 0)
return;
- raw_spin_lock(&mm->cid_lock);
+ raw_spin_lock_irqsave(&mm->cid_lock, flags);
__cpumask_clear_cpu(cid, mm_cidmask(mm));
- raw_spin_unlock(&mm->cid_lock);
+ raw_spin_unlock_irqrestore(&mm->cid_lock, flags);
}
static inline int mm_cid_get(struct mm_struct *mm)
{
+ unsigned long flags;
int ret;
lockdep_assert_irqs_disabled();
- raw_spin_lock(&mm->cid_lock);
+ raw_spin_lock_irqsave(&mm->cid_lock, flags);
ret = __mm_cid_get(mm);
- raw_spin_unlock(&mm->cid_lock);
+ raw_spin_unlock_irqrestore(&mm->cid_lock, flags);
return ret;
}
--
syzbot
Apr 29, 2023, 8:12:26 PM4/29/23
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in print_bfs_bug
------------[ cut here ]------------
lockdep bfs error:-1
WARNING: CPU: 0 PID: 13238 at kernel/locking/lockdep.c:2077 print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
Modules linked in:
CPU: 0 PID: 13238 Comm: syz-executor.0 Not tainted 6.3.0-syzkaller-07921-g042334a8d424-dirty #0
RSP: 0018:ffffc9000348efd8 EFLAGS: 00010086
R13: 0000000000000000 R14: ffffc9000348f100 R15: 0000000000000000
FS: 00007f198cdc8700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
lookup_object_or_alloc.part.0+0x392/0xa30 lib/debugobjects.c:578
lookup_object_or_alloc lib/debugobjects.c:558 [inline]
debug_object_activate+0x1ca/0x3f0 lib/debugobjects.c:692
debug_rcu_head_queue kernel/rcu/rcu.h:226 [inline]
__call_rcu_common.constprop.0+0x2c/0x7e0 kernel/rcu/tree.c:2612
dentry_free+0xc3/0x160 fs/dcache.c:377
__dentry_kill+0x4cb/0x640 fs/dcache.c:621
shrink_dentry_list+0x12c/0x4f0 fs/dcache.c:1201
prune_dcache_sb+0xeb/0x150 fs/dcache.c:1282
super_cache_scan+0x33a/0x590 fs/super.c:104
do_shrink_slab+0x428/0xaa0 mm/vmscan.c:853
shrink_slab_memcg mm/vmscan.c:922 [inline]
shrink_slab+0x388/0x660 mm/vmscan.c:1001
shrink_node_memcgs mm/vmscan.c:6439 [inline]
shrink_node+0x7fb/0x35f0 mm/vmscan.c:6473
shrink_zones mm/vmscan.c:6711 [inline]
do_try_to_free_pages+0x3b4/0x17b0 mm/vmscan.c:6773
try_to_free_mem_cgroup_pages+0x368/0x840 mm/vmscan.c:7088
reclaim_high.constprop.0+0x182/0x230 mm/memcontrol.c:2403
mem_cgroup_handle_over_high+0x190/0x520 mm/memcontrol.c:2588
resume_user_mode_work include/linux/resume_user_mode.h:58 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x14c/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f198c08c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f198cdc8168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: 0000000000000005 RBX: 00007f198c1abf80 RCX: 00007f198c08c169
RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 00007f198c0e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdb5d8bedf R14: 00007f198cdc8300 R15: 0000000000022000
</TASK>
Tested on:
commit: 042334a8 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=130c556fc80000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in print_bfs_bug
------------[ cut here ]------------
lockdep bfs error:-1
Modules linked in:
CPU: 0 PID: 13238 Comm: syz-executor.0 Not tainted 6.3.0-syzkaller-07921-g042334a8d424-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
Code: 84 00 00 00 00 00 66 90 55 89 fd 53 e8 b7 34 a9 02 89 c3 e8 60 fd ff ff 85 db 74 10 89 ee 48 c7 c7 20 68 4c 8a e8 0e bb e7 ff <0f> 0b 5b 5d c3 66 0f 1f 84 00 00 00 00 00 53 31 c9 31 d2 31 f6 48
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
RSP: 0018:ffffc9000348efd8 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff888028e08000 RSI: ffffffff814bef47 RDI: 0000000000000001
RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888028e08b40
R13: 0000000000000000 R14: ffffc9000348f100 R15: 0000000000000000
FS: 00007f198cdc8700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f198c1a8000 CR3: 000000004534e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_irq_usage+0x56c/0x1a40 kernel/locking/lockdep.c:2845
check_prev_add kernel/locking/lockdep.c:3112 [inline]
check_prevs_add kernel/locking/lockdep.c:3227 [inline]
validate_chain kernel/locking/lockdep.c:3842 [inline]
__lock_acquire+0x2f39/0x5df0 kernel/locking/lockdep.c:5074
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
alloc_object lib/debugobjects.c:233 [inline]
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_irq_usage+0x56c/0x1a40 kernel/locking/lockdep.c:2845
check_prev_add kernel/locking/lockdep.c:3112 [inline]
check_prevs_add kernel/locking/lockdep.c:3227 [inline]
validate_chain kernel/locking/lockdep.c:3842 [inline]
__lock_acquire+0x2f39/0x5df0 kernel/locking/lockdep.c:5074
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
lookup_object_or_alloc.part.0+0x392/0xa30 lib/debugobjects.c:578
lookup_object_or_alloc lib/debugobjects.c:558 [inline]
debug_object_activate+0x1ca/0x3f0 lib/debugobjects.c:692
debug_rcu_head_queue kernel/rcu/rcu.h:226 [inline]
__call_rcu_common.constprop.0+0x2c/0x7e0 kernel/rcu/tree.c:2612
dentry_free+0xc3/0x160 fs/dcache.c:377
__dentry_kill+0x4cb/0x640 fs/dcache.c:621
shrink_dentry_list+0x12c/0x4f0 fs/dcache.c:1201
prune_dcache_sb+0xeb/0x150 fs/dcache.c:1282
super_cache_scan+0x33a/0x590 fs/super.c:104
do_shrink_slab+0x428/0xaa0 mm/vmscan.c:853
shrink_slab_memcg mm/vmscan.c:922 [inline]
shrink_slab+0x388/0x660 mm/vmscan.c:1001
shrink_node_memcgs mm/vmscan.c:6439 [inline]
shrink_node+0x7fb/0x35f0 mm/vmscan.c:6473
shrink_zones mm/vmscan.c:6711 [inline]
do_try_to_free_pages+0x3b4/0x17b0 mm/vmscan.c:6773
try_to_free_mem_cgroup_pages+0x368/0x840 mm/vmscan.c:7088
reclaim_high.constprop.0+0x182/0x230 mm/memcontrol.c:2403
mem_cgroup_handle_over_high+0x190/0x520 mm/memcontrol.c:2588
resume_user_mode_work include/linux/resume_user_mode.h:58 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x14c/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:286 [inline]
syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:297
do_syscall_64+0x46/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f198c08c169
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f198cdc8168 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
RAX: 0000000000000005 RBX: 00007f198c1abf80 RCX: 00007f198c08c169
RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010
RBP: 00007f198c0e7ca1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdb5d8bedf R14: 00007f198cdc8300 R15: 0000000000022000
</TASK>
Tested on:
commit: 042334a8 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=130c556fc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=7205cdba522fe4bc
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=13398e2c280000
Hillf Danton
Apr 29, 2023, 10:24:13 PM4/29/23
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On 29 Apr 2023 06:38:35 -0700
> HEAD commit: 042334a8d424 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
> git tree: net-next
> git tree: net-next
+++ y/lib/debugobjects.c
@@ -221,6 +221,7 @@ alloc_object(void *addr, struct debug_bu
{
struct debug_percpu_free *percpu_pool = this_cpu_ptr(&percpu_obj_pool);
struct debug_obj *obj;
+ unsigned long flags;
if (likely(obj_cache)) {
obj = __alloc_object(&percpu_pool->free_objs);
@@ -230,7 +231,7 @@ alloc_object(void *addr, struct debug_bu
}
}
- raw_spin_lock(&pool_lock);
+ raw_spin_lock_irqsave(&pool_lock, flags);
obj = __alloc_object(&obj_pool);
if (obj) {
obj_pool_used++;
@@ -263,7 +264,7 @@ alloc_object(void *addr, struct debug_bu
if (obj_pool_free < obj_pool_min_free)
obj_pool_min_free = obj_pool_free;
}
- raw_spin_unlock(&pool_lock);
+ raw_spin_unlock_irqrestore(&pool_lock, flags);
init_obj:
if (obj) {
--
syzbot
Apr 29, 2023, 11:11:22 PM4/29/23
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in print_bfs_bug
------------[ cut here ]------------
lockdep bfs error:-1
WARNING: CPU: 1 PID: 13240 at kernel/locking/lockdep.c:2077 print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in print_bfs_bug
------------[ cut here ]------------
lockdep bfs error:-1
Modules linked in:
CPU: 1 PID: 13240 Comm: syz-executor.0 Not tainted 6.3.0-syzkaller-07921-g042334a8d424-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
Code: 84 00 00 00 00 00 66 90 55 89 fd 53 e8 b7 34 a9 02 89 c3 e8 60 fd ff ff 85 db 74 10 89 ee 48 c7 c7 20 68 4c 8a e8 0e bb e7 ff <0f> 0b 5b 5d c3 66 0f 1f 84 00 00 00 00 00 53 31 c9 31 d2 31 f6 48
RSP: 0018:ffffc900036cefb8 EFLAGS: 00010082
RIP: 0010:print_bfs_bug+0x22/0x30 kernel/locking/lockdep.c:2077
Code: 84 00 00 00 00 00 66 90 55 89 fd 53 e8 b7 34 a9 02 89 c3 e8 60 fd ff ff 85 db 74 10 89 ee 48 c7 c7 20 68 4c 8a e8 0e bb e7 ff <0f> 0b 5b 5d c3 66 0f 1f 84 00 00 00 00 00 53 31 c9 31 d2 31 f6 48
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: ffff888069b48000 RSI: ffffffff814bef47 RDI: 0000000000000001
RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff888069b48b40
R13: 0000000000000000 R14: ffffc900036cf0e0 R15: 0000000000000000
FS: 00007f007ee4d700(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f007e1a8000 CR3: 000000004af80000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_irq_usage+0x56c/0x1a40 kernel/locking/lockdep.c:2845
check_prev_add kernel/locking/lockdep.c:3112 [inline]
check_prevs_add kernel/locking/lockdep.c:3227 [inline]
validate_chain kernel/locking/lockdep.c:3842 [inline]
__lock_acquire+0x2f39/0x5df0 kernel/locking/lockdep.c:5074
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
check_irq_usage+0x56c/0x1a40 kernel/locking/lockdep.c:2845
check_prev_add kernel/locking/lockdep.c:3112 [inline]
check_prevs_add kernel/locking/lockdep.c:3227 [inline]
validate_chain kernel/locking/lockdep.c:3842 [inline]
__lock_acquire+0x2f39/0x5df0 kernel/locking/lockdep.c:5074
lock_acquire kernel/locking/lockdep.c:5691 [inline]
lock_acquire+0x1b1/0x520 kernel/locking/lockdep.c:5656
_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162
alloc_object lib/debugobjects.c:234 [inline]
lookup_object_or_alloc.part.0+0x392/0xa40 lib/debugobjects.c:579
lookup_object_or_alloc lib/debugobjects.c:559 [inline]
debug_object_activate+0x1ca/0x3f0 lib/debugobjects.c:693
debug_rcu_head_queue kernel/rcu/rcu.h:226 [inline]
__call_rcu_common.constprop.0+0x2c/0x7e0 kernel/rcu/tree.c:2612
dentry_free+0xc3/0x160 fs/dcache.c:377
__dentry_kill+0x4cb/0x640 fs/dcache.c:621
shrink_dentry_list+0x12c/0x4f0 fs/dcache.c:1201
prune_dcache_sb+0xeb/0x150 fs/dcache.c:1282
super_cache_scan+0x33a/0x590 fs/super.c:104
do_shrink_slab+0x428/0xaa0 mm/vmscan.c:853
shrink_slab_memcg mm/vmscan.c:922 [inline]
shrink_slab+0x388/0x660 mm/vmscan.c:1001
shrink_node_memcgs mm/vmscan.c:6439 [inline]
shrink_node+0x7fb/0x35f0 mm/vmscan.c:6473
shrink_zones mm/vmscan.c:6711 [inline]
do_try_to_free_pages+0x3b4/0x17b0 mm/vmscan.c:6773
try_to_free_mem_cgroup_pages+0x368/0x840 mm/vmscan.c:7088
reclaim_high.constprop.0+0x182/0x230 mm/memcontrol.c:2403
mem_cgroup_handle_over_high+0x190/0x520 mm/memcontrol.c:2588
resume_user_mode_work include/linux/resume_user_mode.h:58 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x14c/0x240 kernel/entry/common.c:204
irqentry_exit_to_user_mode+0x9/0x40 kernel/entry/common.c:310
__call_rcu_common.constprop.0+0x2c/0x7e0 kernel/rcu/tree.c:2612
dentry_free+0xc3/0x160 fs/dcache.c:377
__dentry_kill+0x4cb/0x640 fs/dcache.c:621
shrink_dentry_list+0x12c/0x4f0 fs/dcache.c:1201
prune_dcache_sb+0xeb/0x150 fs/dcache.c:1282
super_cache_scan+0x33a/0x590 fs/super.c:104
do_shrink_slab+0x428/0xaa0 mm/vmscan.c:853
shrink_slab_memcg mm/vmscan.c:922 [inline]
shrink_slab+0x388/0x660 mm/vmscan.c:1001
shrink_node_memcgs mm/vmscan.c:6439 [inline]
shrink_node+0x7fb/0x35f0 mm/vmscan.c:6473
shrink_zones mm/vmscan.c:6711 [inline]
do_try_to_free_pages+0x3b4/0x17b0 mm/vmscan.c:6773
try_to_free_mem_cgroup_pages+0x368/0x840 mm/vmscan.c:7088
reclaim_high.constprop.0+0x182/0x230 mm/memcontrol.c:2403
mem_cgroup_handle_over_high+0x190/0x520 mm/memcontrol.c:2588
resume_user_mode_work include/linux/resume_user_mode.h:58 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x14c/0x240 kernel/entry/common.c:204
exc_page_fault+0xc0/0x170 arch/x86/mm/fault.c:1557
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f007e03e171
Code: 3d 00 f0 ff ff 77 72 c3 90 55 48 83 ec 30 44 89 4c 24 2c 4c 89 44 24 20 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 89 4c 24 28 <e8> fa fa ff ff 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28
RSP: 002b:00007f007ee4c000 EFLAGS: 00010206
RAX: 0000000000000001 RBX: 00007f007ee4c0f0 RCX: 0000000000000000
RDX: 0000000000000020 RSI: 00007f007ee4c140 RDI: 0000000000000003
RBP: 0000000000000000 R08: 00007f007ee4c054 R09: 000000000000000c
R10: 0000000000000000 R11: 00000000200003cf R12: 00007f007ee4c0a8
R13: 00007f007ee4c140 R14: 0000000000000003 R15: 0000000000000000
</TASK>
Tested on:
commit: 042334a8 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=117d6ffc280000
Tested on:
commit: 042334a8 atlantic:hw_atl2:hw_atl2_utils_fw: Remove unn..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
kernel config: https://syzkaller.appspot.com/x/.config?x=7205cdba522fe4bc
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=10b3bf0c280000
dashboard link: https://syzkaller.appspot.com/bug?extid=630f83b42d801d922b8b
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Tzung-Bi Shih
May 3, 2023, 3:25:42 AM5/3/23
to syzbot, bro...@kernel.org, da...@davemloft.net, edum...@google.com, gro...@chromium.org, ji...@resnulli.us, ku...@kernel.org, linm...@gmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Mark Brown
May 5, 2023, 9:27:48 AM5/5/23
to Tzung-Bi Shih, syzbot, da...@davemloft.net, edum...@google.com, gro...@chromium.org, ji...@resnulli.us, ku...@kernel.org, linm...@gmail.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
of them so it's probably safe to ignore the bisection.
syzbot
Mar 5, 2024, 8:10:11 PMMar 5
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: WARNING in print_bfs_bug
Author: da...@fromorbit.com
Not obviously an XFS bug. This is an error coming from internal
lockdep code and many of the reproducers don't involve XFS at all.
e.g. some are are caused purely by netlink tests. But this isn't a
netlink bug, either, as the error message indicates lockdep failed
to traverse the dependency graph for some reason.
#syz set subsystems: kernel
--
Dave Chinner
da...@fromorbit.com
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: WARNING in print_bfs_bug
Author: da...@fromorbit.com
Not obviously an XFS bug. This is an error coming from internal
lockdep code and many of the reproducers don't involve XFS at all.
e.g. some are are caused purely by netlink tests. But this isn't a
netlink bug, either, as the error message indicates lockdep failed
to traverse the dependency graph for some reason.
#syz set subsystems: kernel
--
Dave Chinner
da...@fromorbit.com
Reply all
Reply to author
Forward
0 new messages