From: syzbot <syzbot+edec84a8b77e5a0cae31@syzkaller.appspotmail.com>
To: coreteam@netfilter.org, davem@davemloft.net,
johan.hedberg@gmail.com, kaber@trash.net,
kadlec@blackhole.kfki.hu, kernel@stlinux.com,
linux-arm-kernel@lists.infradead.org,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-media@vger.kernel.org, marcel@holtmann.org,
mchehab@kernel.org, mchehab@s-opensource.com,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
pablo@netfilter.org, patrice.chotard@st.com,
peter.griffin@linaro.org, syzkaller-bugs@googlegroups.com
Subject: WARNING: locking bug in finish_task_switch
Date: Mon, 13 Jan 2020 11:34:11 -0800 [thread overview]
Message-ID: <00000000000048427b059c0a8f9d@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 6c09d7db Add linux-next specific files for 20200110
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=150b6a9ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7dc7ab9739654fbe
dashboard link: https://syzkaller.appspot.com/bug?extid=edec84a8b77e5a0cae31
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d005e1e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1527b6aee00000
The bug was bisected to:
commit 7152c88e556bcbee525689063c260cd296f295a8
Author: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Date: Tue Oct 18 19:44:11 2016 +0000
[media] c8sectpfe: don't break long lines
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10930c21e00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=12930c21e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=14930c21e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+edec84a8b77e5a0cae31@syzkaller.appspotmail.com
Fixes: 7152c88e556b ("[media] c8sectpfe: don't break long lines")
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 1 PID: 9970 at kernel/locking/lockdep.c:167 hlock_class
kernel/locking/lockdep.c:167 [inline]
WARNING: CPU: 1 PID: 9970 at kernel/locking/lockdep.c:167 hlock_class
kernel/locking/lockdep.c:156 [inline]
WARNING: CPU: 1 PID: 9970 at kernel/locking/lockdep.c:167
__lock_acquire+0x21dd/0x4a00 kernel/locking/lockdep.c:3950
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9970 Comm: syz-executor719 Not tainted
5.5.0-rc5-next-20200110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x3e kernel/panic.c:582
report_bug+0x289/0x300 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:176 [inline]
fixup_bug arch/x86/kernel/traps.c:171 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:269
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:288
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:hlock_class kernel/locking/lockdep.c:167 [inline]
RIP: 0010:hlock_class kernel/locking/lockdep.c:156 [inline]
RIP: 0010:__lock_acquire+0x21dd/0x4a00 kernel/locking/lockdep.c:3950
Code: 05 98 39 4a 09 85 c0 75 a0 48 c7 c6 e0 91 4b 88 48 c7 c7 20 92 4b 88
4c 89 9d 30 ff ff ff 4c 89 95 70 ff ff ff e8 b2 ff ea ff <0f> 0b 31 db 4c
8b 95 70 ff ff ff 4c 8b 9d 30 ff ff ff e9 22 f8 ff
RSP: 0018:ffffc90002d87738 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 00000000000005e3 RCX: 0000000000000000
RDX: 0000000040000000 RSI: ffffffff815e8546 RDI: fffff520005b0ed9
RBP: ffffc90002d87850 R08: ffff8880903f8380 R09: fffffbfff13748ed
R10: fffffbfff13748ec R11: ffffffff89ba4763 R12: 000000009ecb23e7
R13: ffffffff8aa50270 R14: ffff8880903f8c48 R15: 0000000000000000
lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4484
finish_lock_switch kernel/sched/core.c:3123 [inline]
finish_task_switch+0x13f/0x750 kernel/sched/core.c:3224
context_switch kernel/sched/core.c:3388 [inline]
__schedule+0x93c/0x1f90 kernel/sched/core.c:4081
preempt_schedule_irq+0xb5/0x160 kernel/sched/core.c:4338
retint_kernel+0x1b/0x2b
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:752
[inline]
RIP: 0010:lock_acquire+0x20b/0x410 kernel/locking/lockdep.c:4487
Code: 9c 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 d3 01 00 00 48
83 3d a9 a4 58 08 00 0f 84 53 01 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00
48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 8b
RSP: 0018:ffffc90002d87ae0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13675eb RBX: ffff8880903f8380 RCX: ffffffff815ad05a
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: 0000000000000286
RBP: ffffc90002d87b28 R08: 0000000000000004 R09: fffffbfff1708c51
R10: fffffbfff1708c50 R11: ffff8880903f8380 R12: ffff888094a93d28
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
flush_workqueue+0x126/0x14c0 kernel/workqueue.c:2775
hci_dev_open+0xe0/0x280 net/bluetooth/hci_core.c:1626
hci_sock_bind+0x4bf/0x12d0 net/bluetooth/hci_sock.c:1189
__sys_bind+0x239/0x290 net/socket.c:1662
__do_sys_bind net/socket.c:1673 [inline]
__se_sys_bind net/socket.c:1671 [inline]
__x64_sys_bind+0x73/0xb0 net/socket.c:1671
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4483b9
Code: e8 9c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 3b 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb43a523d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00000000006e4a18 RCX: 00000000004483b9
RDX: 0000000000000006 RSI: 00000000200007c0 RDI: 0000000000000004
RBP: 00000000006e4a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e4a1c
R13: 00007ffc78f07a4f R14: 00007fb43a5249c0 R15: 20c49ba5e353f7cf
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+edec84a8b77e5a0cae31@syzkaller.appspotmail.com>
To: coreteam@netfilter.org, davem@davemloft.net,
johan.hedberg@gmail.com, kaber@trash.net,
kadlec@blackhole.kfki.hu, kernel@stlinux.com,
linux-arm-kernel@lists.infradead.org,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-media@vger.kernel.org, marcel@holtmann.org,
mchehab@kernel.org, mchehab@s-opensource.com,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
pablo@netfilter.org, patrice.chotard@st.com,
peter.griffin@linaro.org, syzkaller-bugs@googlegroups.com
Subject: WARNING: locking bug in finish_task_switch
Date: Mon, 13 Jan 2020 11:34:11 -0800 [thread overview]
Message-ID: <00000000000048427b059c0a8f9d@google.com> (raw)
Hello,
syzbot found the following crash on:
HEAD commit: 6c09d7db Add linux-next specific files for 20200110
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=150b6a9ee00000
kernel config: https://syzkaller.appspot.com/x/.config?x=7dc7ab9739654fbe
dashboard link: https://syzkaller.appspot.com/bug?extid=edec84a8b77e5a0cae31
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d005e1e00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1527b6aee00000
The bug was bisected to:
commit 7152c88e556bcbee525689063c260cd296f295a8
Author: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Date: Tue Oct 18 19:44:11 2016 +0000
[media] c8sectpfe: don't break long lines
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10930c21e00000
final crash: https://syzkaller.appspot.com/x/report.txt?x=12930c21e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=14930c21e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+edec84a8b77e5a0cae31@syzkaller.appspotmail.com
Fixes: 7152c88e556b ("[media] c8sectpfe: don't break long lines")
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 1 PID: 9970 at kernel/locking/lockdep.c:167 hlock_class
kernel/locking/lockdep.c:167 [inline]
WARNING: CPU: 1 PID: 9970 at kernel/locking/lockdep.c:167 hlock_class
kernel/locking/lockdep.c:156 [inline]
WARNING: CPU: 1 PID: 9970 at kernel/locking/lockdep.c:167
__lock_acquire+0x21dd/0x4a00 kernel/locking/lockdep.c:3950
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 9970 Comm: syz-executor719 Not tainted
5.5.0-rc5-next-20200110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
panic+0x2e3/0x75c kernel/panic.c:221
__warn.cold+0x2f/0x3e kernel/panic.c:582
report_bug+0x289/0x300 lib/bug.c:195
fixup_bug arch/x86/kernel/traps.c:176 [inline]
fixup_bug arch/x86/kernel/traps.c:171 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:269
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:288
invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:hlock_class kernel/locking/lockdep.c:167 [inline]
RIP: 0010:hlock_class kernel/locking/lockdep.c:156 [inline]
RIP: 0010:__lock_acquire+0x21dd/0x4a00 kernel/locking/lockdep.c:3950
Code: 05 98 39 4a 09 85 c0 75 a0 48 c7 c6 e0 91 4b 88 48 c7 c7 20 92 4b 88
4c 89 9d 30 ff ff ff 4c 89 95 70 ff ff ff e8 b2 ff ea ff <0f> 0b 31 db 4c
8b 95 70 ff ff ff 4c 8b 9d 30 ff ff ff e9 22 f8 ff
RSP: 0018:ffffc90002d87738 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 00000000000005e3 RCX: 0000000000000000
RDX: 0000000040000000 RSI: ffffffff815e8546 RDI: fffff520005b0ed9
RBP: ffffc90002d87850 R08: ffff8880903f8380 R09: fffffbfff13748ed
R10: fffffbfff13748ec R11: ffffffff89ba4763 R12: 000000009ecb23e7
R13: ffffffff8aa50270 R14: ffff8880903f8c48 R15: 0000000000000000
lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4484
finish_lock_switch kernel/sched/core.c:3123 [inline]
finish_task_switch+0x13f/0x750 kernel/sched/core.c:3224
context_switch kernel/sched/core.c:3388 [inline]
__schedule+0x93c/0x1f90 kernel/sched/core.c:4081
preempt_schedule_irq+0xb5/0x160 kernel/sched/core.c:4338
retint_kernel+0x1b/0x2b
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:752
[inline]
RIP: 0010:lock_acquire+0x20b/0x410 kernel/locking/lockdep.c:4487
Code: 9c 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 d3 01 00 00 48
83 3d a9 a4 58 08 00 0f 84 53 01 00 00 48 8b 7d c8 57 9d <0f> 1f 44 00 00
48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 65 8b
RSP: 0018:ffffc90002d87ae0 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13675eb RBX: ffff8880903f8380 RCX: ffffffff815ad05a
RDX: dffffc0000000000 RSI: 0000000000000004 RDI: 0000000000000286
RBP: ffffc90002d87b28 R08: 0000000000000004 R09: fffffbfff1708c51
R10: fffffbfff1708c50 R11: ffff8880903f8380 R12: ffff888094a93d28
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
flush_workqueue+0x126/0x14c0 kernel/workqueue.c:2775
hci_dev_open+0xe0/0x280 net/bluetooth/hci_core.c:1626
hci_sock_bind+0x4bf/0x12d0 net/bluetooth/hci_sock.c:1189
__sys_bind+0x239/0x290 net/socket.c:1662
__do_sys_bind net/socket.c:1673 [inline]
__se_sys_bind net/socket.c:1671 [inline]
__x64_sys_bind+0x73/0xb0 net/socket.c:1671
do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4483b9
Code: e8 9c e6 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 3b 05 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fb43a523d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
RAX: ffffffffffffffda RBX: 00000000006e4a18 RCX: 00000000004483b9
RDX: 0000000000000006 RSI: 00000000200007c0 RDI: 0000000000000004
RBP: 00000000006e4a10 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006e4a1c
R13: 00007ffc78f07a4f R14: 00007fb43a5249c0 R15: 20c49ba5e353f7cf
Shutting down cpus with NMI
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2020-01-13 19:34 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-13 19:34 syzbot [this message]
2020-01-13 19:34 ` WARNING: locking bug in finish_task_switch syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000048427b059c0a8f9d@google.com \
--to=syzbot+edec84a8b77e5a0cae31@syzkaller.appspotmail.com \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=johan.hedberg@gmail.com \
--cc=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=kernel@stlinux.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=mchehab@kernel.org \
--cc=mchehab@s-opensource.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=patrice.chotard@st.com \
--cc=peter.griffin@linaro.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.