WARNING: locking bug in register_lock_class
2 views
Skip to first unread message
syzbot
Feb 28, 2018, 8:59:05 PM2/28/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot hit the following crash on net-next commit
fb66cb0775609852b812c9bc2bd1589374317410 (Wed Feb 28 14:54:54 2018 +0000)
Merge tag 'mlx5-updates-2018-02-23' of
git://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.
CC: [da...@davemloft.net kuz...@ms2.inr.ac.ru linux-...@vger.kernel.org
net...@vger.kernel.org yosh...@linux-ipv6.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cf0495...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
WARNING: CPU: 1 PID: 12318 at kernel/locking/lockdep.c:700
arch_local_save_flags kernel/locking/lockdep.c:720 [inline]
WARNING: CPU: 1 PID: 12318 at kernel/locking/lockdep.c:700
look_up_lock_class kernel/locking/lockdep.c:691 [inline]
WARNING: CPU: 1 PID: 12318 at kernel/locking/lockdep.c:700
register_lock_class+0x1591/0x2820 kernel/locking/lockdep.c:750
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 12318 Comm: syz-executor2 Not tainted 4.16.0-rc2+ #245
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x24d lib/dump_stack.c:53
panic+0x1e4/0x41c kernel/panic.c:183
__warn+0x1dc/0x200 kernel/panic.c:547
report_bug+0x211/0x2d0 lib/bug.c:184
fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
fixup_bug arch/x86/kernel/traps.c:247 [inline]
do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x58/0x80 arch/x86/entry/entry_64.S:957
RIP: 0010:arch_local_save_flags kernel/locking/lockdep.c:720 [inline]
RIP: 0010:look_up_lock_class kernel/locking/lockdep.c:691 [inline]
RIP: 0010:register_lock_class+0x1591/0x2820 kernel/locking/lockdep.c:750
RSP: 0018:ffff8801b5e86db8 EFLAGS: 00010087
RAX: 0000000000000004 RBX: 1ffff10036bd0dc9 RCX: 1ffffffff10ba860
RDX: ffffffff8683b840 RSI: 1ffffffff1028bb0 RDI: ffff8801c5659338
RBP: ffff8801b5e871d0 R08: 0000000000000003 R09: ffff8801c5659320
R10: 0000000000000000 R11: ffff8801c5659320 R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff88145d60 R15: ffffffff8691bae0
__lock_acquire+0x1de/0x3e00 kernel/locking/lockdep.c:3319
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:315 [inline]
lock_sock_nested+0x44/0x110 net/core/sock.c:2773
lock_sock include/net/sock.h:1464 [inline]
do_ip_getsockopt+0x1b3/0x2170 net/ipv4/ip_sockglue.c:1331
ip_getsockopt+0x90/0x200 net/ipv4/ip_sockglue.c:1562
udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2478
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2938
SYSC_getsockopt net/socket.c:1881 [inline]
SyS_getsockopt+0x178/0x340 net/socket.c:1863
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453d69
RSP: 002b:00007f3b3e8c0c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00007f3b3e8c16d4 RCX: 0000000000453d69
RDX: 000000000000002d RSI: 0000000000000000 RDI: 0000000000000017
RBP: 000000000072bf58 R08: 0000000020000040 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000000f8 R14: 00000000006f17e0 R15: 0000000000000001
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
syzbot hit the following crash on net-next commit
fb66cb0775609852b812c9bc2bd1589374317410 (Wed Feb 28 14:54:54 2018 +0000)
Merge tag 'mlx5-updates-2018-02-23' of
git://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linux
Unfortunately, I don't have any reproducer for this crash yet.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.
CC: [da...@davemloft.net kuz...@ms2.inr.ac.ru linux-...@vger.kernel.org
net...@vger.kernel.org yosh...@linux-ipv6.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cf0495...@syzkaller.appspotmail.com
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.
WARNING: CPU: 1 PID: 12318 at kernel/locking/lockdep.c:700
arch_local_save_flags kernel/locking/lockdep.c:720 [inline]
WARNING: CPU: 1 PID: 12318 at kernel/locking/lockdep.c:700
look_up_lock_class kernel/locking/lockdep.c:691 [inline]
WARNING: CPU: 1 PID: 12318 at kernel/locking/lockdep.c:700
register_lock_class+0x1591/0x2820 kernel/locking/lockdep.c:750
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 12318 Comm: syz-executor2 Not tainted 4.16.0-rc2+ #245
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x194/0x24d lib/dump_stack.c:53
panic+0x1e4/0x41c kernel/panic.c:183
__warn+0x1dc/0x200 kernel/panic.c:547
report_bug+0x211/0x2d0 lib/bug.c:184
fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
fixup_bug arch/x86/kernel/traps.c:247 [inline]
do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
invalid_op+0x58/0x80 arch/x86/entry/entry_64.S:957
RIP: 0010:arch_local_save_flags kernel/locking/lockdep.c:720 [inline]
RIP: 0010:look_up_lock_class kernel/locking/lockdep.c:691 [inline]
RIP: 0010:register_lock_class+0x1591/0x2820 kernel/locking/lockdep.c:750
RSP: 0018:ffff8801b5e86db8 EFLAGS: 00010087
RAX: 0000000000000004 RBX: 1ffff10036bd0dc9 RCX: 1ffffffff10ba860
RDX: ffffffff8683b840 RSI: 1ffffffff1028bb0 RDI: ffff8801c5659338
RBP: ffff8801b5e871d0 R08: 0000000000000003 R09: ffff8801c5659320
R10: 0000000000000000 R11: ffff8801c5659320 R12: 0000000000000000
R13: 0000000000000000 R14: ffffffff88145d60 R15: ffffffff8691bae0
__lock_acquire+0x1de/0x3e00 kernel/locking/lockdep.c:3319
lock_acquire+0x1d5/0x580 kernel/locking/lockdep.c:3920
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:315 [inline]
lock_sock_nested+0x44/0x110 net/core/sock.c:2773
lock_sock include/net/sock.h:1464 [inline]
do_ip_getsockopt+0x1b3/0x2170 net/ipv4/ip_sockglue.c:1331
ip_getsockopt+0x90/0x200 net/ipv4/ip_sockglue.c:1562
udp_getsockopt+0x45/0x80 net/ipv4/udp.c:2478
sock_common_getsockopt+0x95/0xd0 net/core/sock.c:2938
SYSC_getsockopt net/socket.c:1881 [inline]
SyS_getsockopt+0x178/0x340 net/socket.c:1863
do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x453d69
RSP: 002b:00007f3b3e8c0c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
RAX: ffffffffffffffda RBX: 00007f3b3e8c16d4 RCX: 0000000000453d69
RDX: 000000000000002d RSI: 0000000000000000 RDI: 0000000000000017
RBP: 000000000072bf58 R08: 0000000020000040 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000000f8 R14: 00000000006f17e0 R15: 0000000000000001
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzk...@googlegroups.com.
syzbot will keep track of this bug report.
If you forgot to add the Reported-by tag, once the fix for this bug is
merged
into any tree, please reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
To upstream this report, please reply with:
#syz upstream
syzbot
Jun 30, 2018, 6:30:02 AM6/30/18
to syzkaller-upst...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 30408a43a3b5 Merge tag 'mlx5e-updates-2018-06-28' of git:/..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=163e1048400000
kernel config: https://syzkaller.appspot.com/x/.config?x=a63be0c83e84d370
dashboard link: https://syzkaller.appspot.com/bug?extid=cf049549a7ff3b7fc4ad
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=13f42b00400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=126653a8400000
arch_local_save_flags arch/x86/include/asm/paravirt.h:778 [inline]
WARNING: CPU: 0 PID: 21597 at kernel/locking/lockdep.c:704
look_up_lock_class kernel/locking/lockdep.c:695 [inline]
WARNING: CPU: 0 PID: 21597 at kernel/locking/lockdep.c:704
register_lock_class+0xce6/0x2650 kernel/locking/lockdep.c:754
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:778 [inline]
RIP: 0010:look_up_lock_class kernel/locking/lockdep.c:695 [inline]
RIP: 0010:register_lock_class+0xce6/0x2650 kernel/locking/lockdep.c:754
Code: f9 ff ff 4c 89 ff 44 89 85 68 fc ff ff 89 8d 70 fc ff ff e8 dc 99 5b
00 44 8b 85 68 fc ff ff 8b 8d 70 fc ff ff e9 6f f9 ff ff <0f> 0b e9 c8 f6
ff ff 48 8d 50 01 48 89 15 28 22 22 09 48 8d 14 80
RSP: 0018:ffff8801b044ee08 EFLAGS: 00010087
RAX: 0000000000000004 RBX: ffffffff8a5bf1f0 RCX: 0000000000000000
RDX: ffffffff887e05c0 RSI: ffffffff886d66c0 RDI: 1ffffffff154956c
RBP: ffff8801b044f210 R08: 0000000000000000 R09: dffffc0000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff10036089dd1
R13: 0000000000000003 R14: 0000000000000000 R15: ffff8801b50a21e0
__lock_acquire+0x1bd/0x5020 kernel/locking/lockdep.c:3323
lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
lock_sock include/net/sock.h:1474 [inline]
do_ipv6_setsockopt.isra.9+0x5ba/0x4680 net/ipv6/ipv6_sockglue.c:167
ipv6_setsockopt+0xbd/0x170 net/ipv6/ipv6_sockglue.c:922
udpv6_setsockopt+0x62/0xa0 net/ipv6/udp.c:1472
sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3040
__sys_setsockopt+0x1c5/0x3b0 net/socket.c:1947
__do_sys_setsockopt net/socket.c:1958 [inline]
__se_sys_setsockopt net/socket.c:1955 [inline]
__x64_sys_setsockopt+0xbe/0x150 net/socket.c:1955
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x449c59
Code: e8 8c e5 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb fe fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f93ff572ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000070003c RCX: 0000000000449c59
RDX: 0000000000000037 RSI: 0000000000000029 RDI: 0000000000000005
RBP: 0000000000700038 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000080ee3f R14: 00007f93ff5739c0 R15: 000000000000000b
HEAD commit: 30408a43a3b5 Merge tag 'mlx5e-updates-2018-06-28' of git:/..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=163e1048400000
kernel config: https://syzkaller.appspot.com/x/.config?x=a63be0c83e84d370
dashboard link: https://syzkaller.appspot.com/bug?extid=cf049549a7ff3b7fc4ad
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=13f42b00400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=126653a8400000
CC: [da...@davemloft.net kuz...@ms2.inr.ac.ru
linux-...@vger.kernel.org net...@vger.kernel.org yosh...@linux-ipv6.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cf0495...@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 21597 at kernel/locking/lockdep.c:704
linux-...@vger.kernel.org net...@vger.kernel.org yosh...@linux-ipv6.org]
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cf0495...@syzkaller.appspotmail.com
arch_local_save_flags arch/x86/include/asm/paravirt.h:778 [inline]
WARNING: CPU: 0 PID: 21597 at kernel/locking/lockdep.c:704
look_up_lock_class kernel/locking/lockdep.c:695 [inline]
WARNING: CPU: 0 PID: 21597 at kernel/locking/lockdep.c:704
register_lock_class+0xce6/0x2650 kernel/locking/lockdep.c:754
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 21597 Comm: syz-executor008 Not tainted 4.18.0-rc2+ #98
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
Google 01/01/2011
Call Trace:
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:arch_local_save_flags arch/x86/include/asm/paravirt.h:778 [inline]
RIP: 0010:look_up_lock_class kernel/locking/lockdep.c:695 [inline]
RIP: 0010:register_lock_class+0xce6/0x2650 kernel/locking/lockdep.c:754
Code: f9 ff ff 4c 89 ff 44 89 85 68 fc ff ff 89 8d 70 fc ff ff e8 dc 99 5b
00 44 8b 85 68 fc ff ff 8b 8d 70 fc ff ff e9 6f f9 ff ff <0f> 0b e9 c8 f6
ff ff 48 8d 50 01 48 89 15 28 22 22 09 48 8d 14 80
RSP: 0018:ffff8801b044ee08 EFLAGS: 00010087
RAX: 0000000000000004 RBX: ffffffff8a5bf1f0 RCX: 0000000000000000
RDX: ffffffff887e05c0 RSI: ffffffff886d66c0 RDI: 1ffffffff154956c
RBP: ffff8801b044f210 R08: 0000000000000000 R09: dffffc0000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff10036089dd1
R13: 0000000000000003 R14: 0000000000000000 R15: ffff8801b50a21e0
__lock_acquire+0x1bd/0x5020 kernel/locking/lockdep.c:3323
lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:315 [inline]
lock_sock_nested+0x46/0x120 net/core/sock.c:2834
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:315 [inline]
lock_sock include/net/sock.h:1474 [inline]
do_ipv6_setsockopt.isra.9+0x5ba/0x4680 net/ipv6/ipv6_sockglue.c:167
ipv6_setsockopt+0xbd/0x170 net/ipv6/ipv6_sockglue.c:922
udpv6_setsockopt+0x62/0xa0 net/ipv6/udp.c:1472
sock_common_setsockopt+0x9a/0xe0 net/core/sock.c:3040
__sys_setsockopt+0x1c5/0x3b0 net/socket.c:1947
__do_sys_setsockopt net/socket.c:1958 [inline]
__se_sys_setsockopt net/socket.c:1955 [inline]
__x64_sys_setsockopt+0xbe/0x150 net/socket.c:1955
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x449c59
Code: e8 8c e5 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb fe fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f93ff572ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 000000000070003c RCX: 0000000000449c59
RDX: 0000000000000037 RSI: 0000000000000029 RDI: 0000000000000005
RBP: 0000000000700038 R08: 0000000000000010 R09: 0000000000000000
R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000080ee3f R14: 00007f93ff5739c0 R15: 000000000000000b
Dmitry Vyukov
Jul 4, 2018, 11:42:34 AM7/4/18
to syzbot, 'Dmitry Vyukov' via syzkaller-upstream-moderation
#syz upstream
> --
> You received this message because you are subscribed to the Google Groups
> "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-upstream-moderation/0000000000006e9607056fd97245%40google.com.
>
> For more options, visit https://groups.google.com/d/optout.
> You received this message because you are subscribed to the Google Groups
> "syzkaller-upstream-moderation" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to syzkaller-upstream-m...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/syzkaller-upstream-moderation/0000000000006e9607056fd97245%40google.com.
>
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages