All of lore.kernel.org
 help / color / mirror / Atom feed
* net/irda: BUG: looking up invalid subclass: 4294967295
@ 2016-02-04  9:13 Dmitry Vyukov
  0 siblings, 0 replies; only message in thread
From: Dmitry Vyukov @ 2016-02-04  9:13 UTC (permalink / raw)
  To: Samuel Ortiz, David S. Miller, netdev, LKML, Dave Jones
  Cc: syzkaller, Kostya Serebryany, Alexander Potapenko, Sasha Levin

Hello,

I am hitting the following BUGs while running syzkaller fuzzer:

BUG: looking up invalid subclass: 4294967295
turning off the locking correctness validator.
CPU: 1 PID: 12344 Comm: syz-executor Not tainted 4.5.0-rc2+ #309
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
 00000000ffffffff ffff88005dcff4a0 ffffffff82be2c8d ffff88006c9b17c0
 00000000ffffffff 0000000000000001 ffff88005dcff630 ffffffff81457780
 ffff88005dcffff8 ffff88005dcf8000 00000000000015f0 ffffffffffff8000
Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:15
 [<ffffffff82be2c8d>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
 [<     inline     >] look_up_lock_class kernel/locking/lockdep.c:694
 [<     inline     >] register_lock_class kernel/locking/lockdep.c:752
 [<ffffffff81457780>] __lock_acquire+0x1110/0x4700 kernel/locking/lockdep.c:3103
 [<ffffffff8145d1bc>] lock_acquire+0x1dc/0x430 kernel/locking/lockdep.c:3587
 [<ffffffff8665e105>] _raw_spin_lock_irqsave_nested+0xa5/0xd0
kernel/locking/spinlock.c:381
 [<ffffffff85cfcff1>] hashbin_delete+0x1b1/0x260 net/irda/irqueue.c:400
 [<ffffffff85d071fb>] __irias_delete_object+0xab/0x170
net/irda/irias_object.c:111
 [<ffffffff85d07331>] irias_delete_object+0x71/0xf0 net/irda/irias_object.c:139
 [<ffffffff85d385b5>] ircomm_tty_detach_cable+0x1d5/0x3f0
net/irda/ircomm/ircomm_tty_attach.c:185
 [<ffffffff85d33d4b>] ircomm_tty_shutdown+0x9b/0x2b0
net/irda/ircomm/ircomm_tty.c:883
 [<ffffffff85d349b7>] ircomm_tty_close+0xa7/0x140
net/irda/ircomm/ircomm_tty.c:489
 [<ffffffff82f85c9d>] tty_release+0x37d/0x1290 drivers/tty/tty_io.c:1793
 [<ffffffff82f881a2>] tty_open+0x3a2/0x1070 drivers/tty/tty_io.c:2117
 [<ffffffff817c864a>] chrdev_open+0x22a/0x4c0 fs/char_dev.c:388
 [<ffffffff817b3e72>] do_dentry_open+0x6a2/0xcb0 fs/open.c:736
 [<ffffffff817b754b>] vfs_open+0x17b/0x1f0 fs/open.c:853
 [<     inline     >] do_last fs/namei.c:3254
 [<ffffffff817ead19>] path_openat+0xde9/0x5e30 fs/namei.c:3386
 [<ffffffff817f359e>] do_filp_open+0x18e/0x250 fs/namei.c:3421
 [<ffffffff817b7ccc>] do_sys_open+0x1fc/0x420 fs/open.c:1022
 [<     inline     >] SYSC_open fs/open.c:1040
 [<ffffffff817b7f1d>] SyS_open+0x2d/0x40 fs/open.c:1035


hashbin_delete() seems to maintain hashbin_lock_depth variable in a
completely thread-unsafe way. hashbin_lock_depth needs to be per-task
or something.

I am on commit 34229b277480f46c1e9a19f027f30b074512e68b.

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2016-02-04  9:14 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-04  9:13 net/irda: BUG: looking up invalid subclass: 4294967295 Dmitry Vyukov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.