* Re: WARNING: locking bug in inet_autobind
2019-05-16 5:46 WARNING: locking bug in inet_autobind syzbot
@ 2019-05-21 8:31 ` syzbot
2019-05-22 3:16 ` syzbot
` (2 subsequent siblings)
3 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2019-05-21 8:31 UTC (permalink / raw)
To: ast, bpf, daniel, davem, kafai, kuznet, linux-kernel, netdev,
songliubraving, syzkaller-bugs, yhs, yoshfuji
syzbot has found a reproducer for the following crash on:
HEAD commit: f49aa1de Merge tag 'for-5.2-rc1-tag' of git://git.kernel.o..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14e5b130a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fc045131472947d7
dashboard link: https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=163731f8a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
WARNING: CPU: 1 PID: 28592 at kernel/locking/lockdep.c:734
arch_local_save_flags arch/x86/include/asm/paravirt.h:762 [inline]
WARNING: CPU: 1 PID: 28592 at kernel/locking/lockdep.c:734
arch_local_save_flags arch/x86/include/asm/paravirt.h:760 [inline]
WARNING: CPU: 1 PID: 28592 at kernel/locking/lockdep.c:734
look_up_lock_class kernel/locking/lockdep.c:725 [inline]
WARNING: CPU: 1 PID: 28592 at kernel/locking/lockdep.c:734
register_lock_class+0xe10/0x1860 kernel/locking/lockdep.c:1078
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 28592 Comm: syz-executor.5 Not tainted 5.2.0-rc1+ #1
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
panic+0x2cb/0x744 kernel/panic.c:218
__warn.cold+0x20/0x4d kernel/panic.c:575
report_bug+0x263/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:179 [inline]
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:986
RIP: 0010:look_up_lock_class kernel/locking/lockdep.c:734 [inline]
RIP: 0010:register_lock_class+0xe10/0x1860 kernel/locking/lockdep.c:1078
Code: 00 48 89 da 4d 8b 76 c0 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80
3c 02 00 0f 85 23 07 00 00 4c 89 33 e9 e3 f4 ff ff 0f 0b <0f> 0b e9 ea f3
ff ff 44 89 e0 4c 8b 95 50 ff ff ff 83 c0 01 4c 8b
RSP: 0018:ffff888093d179e8 EFLAGS: 00010083
RAX: dffffc0000000000 RBX: ffff8880967cd160 RCX: 0000000000000000
RDX: 1ffff11012cf9a2f RSI: 0000000000000000 RDI: ffff8880967cd178
RBP: ffff888093d17ab0 R08: 1ffff110127a2f45 R09: ffffffff8a659d40
R10: ffffffff8a2e8440 R11: 0000000000000000 R12: ffffffff8a323030
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88022ba0
__lock_acquire+0x116/0x5490 kernel/locking/lockdep.c:3673
lock_acquire+0x16f/0x3f0 kernel/locking/lockdep.c:4302
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175
spin_lock_bh include/linux/spinlock.h:343 [inline]
lock_sock_nested+0x41/0x120 net/core/sock.c:2917
lock_sock include/net/sock.h:1525 [inline]
inet_autobind+0x20/0x1a0 net/ipv4/af_inet.c:183
inet_dgram_connect+0x243/0x2d0 net/ipv4/af_inet.c:573
__sys_connect+0x264/0x330 net/socket.c:1840
__do_sys_connect net/socket.c:1851 [inline]
__se_sys_connect net/socket.c:1848 [inline]
__x64_sys_connect+0x73/0xb0 net/socket.c:1848
do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x459279
Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2321b1ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459279
RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2321b1b6d4
R13: 00000000004bf74d R14: 00000000004d0c18 R15: 00000000ffffffff
Kernel Offset: disabled
Rebooting in 86400 seconds..
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING: locking bug in inet_autobind
2019-05-16 5:46 WARNING: locking bug in inet_autobind syzbot
2019-05-21 8:31 ` syzbot
@ 2019-05-22 3:16 ` syzbot
2022-09-18 15:52 ` Tetsuo Handa
2022-12-29 6:26 ` [syzbot] " syzbot
3 siblings, 0 replies; 9+ messages in thread
From: syzbot @ 2019-05-22 3:16 UTC (permalink / raw)
To: Yong.Zhao, airlied, alexander.deucher, amd-gfx, ast, bpf,
christian.koenig, daniel, daniel, davem, david1.zhou, dri-devel,
evan.quan, felix.kuehling, harry.wentland, kafai, kuznet,
linux-kernel, netdev, ozeng, ray.huang, rex.zhu, songliubraving,
syzkaller-bugs, yhs, yong.zhao, yoshfuji
syzbot has bisected this bug to:
commit c0d9271ecbd891cdeb0fad1edcdd99ee717a655f
Author: Yong Zhao <Yong.Zhao@amd.com>
Date: Fri Feb 1 23:36:21 2019 +0000
drm/amdgpu: Delete user queue doorbell variables
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1433ece4a00000
start commit: f49aa1de Merge tag 'for-5.2-rc1-tag' of git://git.kernel.o..
git tree: net-next
final crash: https://syzkaller.appspot.com/x/report.txt?x=1633ece4a00000
console output: https://syzkaller.appspot.com/x/log.txt?x=1233ece4a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=fc045131472947d7
dashboard link: https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=163731f8a00000
Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
Fixes: c0d9271ecbd8 ("drm/amdgpu: Delete user queue doorbell variables")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: WARNING: locking bug in inet_autobind
2019-05-16 5:46 WARNING: locking bug in inet_autobind syzbot
2019-05-21 8:31 ` syzbot
2019-05-22 3:16 ` syzbot
@ 2022-09-18 15:52 ` Tetsuo Handa
2022-12-29 6:26 ` [syzbot] " syzbot
3 siblings, 0 replies; 9+ messages in thread
From: Tetsuo Handa @ 2022-09-18 15:52 UTC (permalink / raw)
To: Peter Zijlstra, Ingo Molnar, Will Deacon, Waiman Long,
Boqun Feng, David S. Miller, Eric Dumazet, Jakub Kicinski,
Paolo Abeni
Cc: netdev, syzbot, syzkaller-bugs
syzbot is reporting locking bug in inet_autobind(), for
commit 37159ef2c1ae1e69 ("l2tp: fix a lockdep splat") started
calling
lockdep_set_class_and_name(&sk->sk_lock.slock, &l2tp_socket_class, "l2tp_sock")
in l2tp_tunnel_create() (which is currently in l2tp_tunnel_register()).
How can we fix this problem?
------------[ cut here ]------------
class->name=slock-AF_INET6 lock->name=l2tp_sock lock->key=l2tp_socket_class
WARNING: CPU: 2 PID: 9237 at kernel/locking/lockdep.c:940 look_up_lock_class+0xcc/0x140
Modules linked in:
CPU: 2 PID: 9237 Comm: a.out Not tainted 6.0.0-rc5-00094-ga335366bad13-dirty #860
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
RIP: 0010:look_up_lock_class+0xcc/0x140
On 2019/05/16 14:46, syzbot wrote:
> HEAD commit: 35c99ffa Merge tag 'for_linus' of git://git.kernel.org/pub..
> git tree: net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=10e970f4a00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=82f0809e8f0a8c87
> dashboard link: https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer is available at
https://syzkaller.appspot.com/text?tag=ReproC&x=15062310080000 .
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] WARNING: locking bug in inet_autobind
2019-05-16 5:46 WARNING: locking bug in inet_autobind syzbot
` (2 preceding siblings ...)
2022-09-18 15:52 ` Tetsuo Handa
@ 2022-12-29 6:26 ` syzbot
2023-01-03 15:39 ` Felix Kuehling
3 siblings, 1 reply; 9+ messages in thread
From: syzbot @ 2022-12-29 6:26 UTC (permalink / raw)
To: Alexander.Deucher, Christian.Koenig, David1.Zhou, Evan.Quan,
Felix.Kuehling, Harry.Wentland, Oak.Zeng, Ray.Huang, Yong.Zhao,
airlied, alexander.deucher, amd-gfx, ast, boqun.feng, bpf,
christian.koenig, daniel, daniel, davem, david1.zhou, dri-devel,
dsahern, edumazet, evan.quan, felix.kuehling, gautammenghani201,
harry.wentland, jakub, kafai, kuba, kuznet, linux-kernel,
longman, mingo, netdev, ozeng, pabeni, penguin-kernel,
penguin-kernel, peterz, ray.huang, rex.zhu, songliubraving,
syzkaller-bugs, will, yhs, yong.zhao, yoshfuji
syzbot has found a reproducer for the following issue on:
HEAD commit: 1b929c02afd3 Linux 6.2-rc1
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=145c6a68480000
kernel config: https://syzkaller.appspot.com/x/.config?x=2651619a26b4d687
dashboard link: https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e13e32480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13790f08480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d1849f1ca322/disk-1b929c02.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/924cb8aa4ada/vmlinux-1b929c02.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8c7330dae0a0/bzImage-1b929c02.xz
The issue was bisected to:
commit c0d9271ecbd891cdeb0fad1edcdd99ee717a655f
Author: Yong Zhao <Yong.Zhao@amd.com>
Date: Fri Feb 1 23:36:21 2019 +0000
drm/amdgpu: Delete user queue doorbell variables
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1433ece4a00000
final oops: https://syzkaller.appspot.com/x/report.txt?x=1633ece4a00000
console output: https://syzkaller.appspot.com/x/log.txt?x=1233ece4a00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
Fixes: c0d9271ecbd8 ("drm/amdgpu: Delete user queue doorbell variables")
------------[ cut here ]------------
Looking for class "l2tp_sock" with key l2tp_socket_class, but found a different class "slock-AF_INET6" with the same key
WARNING: CPU: 0 PID: 7280 at kernel/locking/lockdep.c:937 look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
Modules linked in:
CPU: 0 PID: 7280 Comm: syz-executor835 Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
Code: 17 48 81 fa e0 e5 f6 8f 74 59 80 3d 5d bc 57 04 00 75 50 48 c7 c7 00 4d 4c 8a 48 89 04 24 c6 05 49 bc 57 04 01 e8 a9 42 b9 ff <0f> 0b 48 8b 04 24 eb 31 9c 5a 80 e6 02 74 95 e8 45 38 02 fa 85 c0
RSP: 0018:ffffc9000b5378b8 EFLAGS: 00010082
RAX: 0000000000000000 RBX: ffffffff91c06a00 RCX: 0000000000000000
RDX: ffff8880292d0000 RSI: ffffffff8166721c RDI: fffff520016a6f09
RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080000201 R11: 20676e696b6f6f4c R12: 0000000000000000
R13: ffff88802a5820b0 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f1fd7a97700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000100 CR3: 0000000078ab4000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
register_lock_class+0xbe/0x1120 kernel/locking/lockdep.c:1289
__lock_acquire+0x109/0x56d0 kernel/locking/lockdep.c:4934
lock_acquire kernel/locking/lockdep.c:5668 [inline]
lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
_raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
spin_lock_bh include/linux/spinlock.h:355 [inline]
lock_sock_nested+0x5f/0xf0 net/core/sock.c:3473
lock_sock include/net/sock.h:1725 [inline]
inet_autobind+0x1a/0x190 net/ipv4/af_inet.c:177
inet_send_prepare net/ipv4/af_inet.c:813 [inline]
inet_send_prepare+0x325/0x4e0 net/ipv4/af_inet.c:807
inet6_sendmsg+0x43/0xe0 net/ipv6/af_inet6.c:655
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
__sys_sendto+0x23a/0x340 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__x64_sys_sendto+0xe1/0x1b0 net/socket.c:2125
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f1fd78538b9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1fd7a971f8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007f1fd78f0038 RCX: 00007f1fd78538b9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f1fd78f0030 R08: 0000000020000100 R09: 000000000000001c
R10: 0000000004008000 R11: 0000000000000212 R12: 00007f1fd78f003c
R13: 00007f1fd79ffc8f R14: 00007f1fd7a97300 R15: 0000000000022000
</TASK>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] WARNING: locking bug in inet_autobind
2022-12-29 6:26 ` [syzbot] " syzbot
@ 2023-01-03 15:39 ` Felix Kuehling
2023-01-03 16:05 ` Waiman Long
0 siblings, 1 reply; 9+ messages in thread
From: Felix Kuehling @ 2023-01-03 15:39 UTC (permalink / raw)
To: syzbot, Alexander.Deucher, Christian.Koenig, David1.Zhou,
Evan.Quan, Harry.Wentland, Oak.Zeng, Ray.Huang, Yong.Zhao,
airlied, amd-gfx, ast, boqun.feng, bpf, daniel, daniel, davem,
dri-devel, dsahern, edumazet, gautammenghani201, jakub, kafai,
kuba, kuznet, linux-kernel, longman, mingo, netdev, ozeng,
pabeni, penguin-kernel, peterz, rex.zhu, songliubraving,
syzkaller-bugs, will, yhs, yoshfuji
The regression point doesn't make sense. The kernel config doesn't
enable CONFIG_DRM_AMDGPU, so there is no way that a change in AMDGPU
could have caused this regression.
Regards,
Felix
Am 2022-12-29 um 01:26 schrieb syzbot:
> syzbot has found a reproducer for the following issue on:
>
> HEAD commit: 1b929c02afd3 Linux 6.2-rc1
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=145c6a68480000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2651619a26b4d687
> dashboard link: https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e13e32480000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13790f08480000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/d1849f1ca322/disk-1b929c02.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/924cb8aa4ada/vmlinux-1b929c02.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/8c7330dae0a0/bzImage-1b929c02.xz
>
> The issue was bisected to:
>
> commit c0d9271ecbd891cdeb0fad1edcdd99ee717a655f
> Author: Yong Zhao <Yong.Zhao@amd.com>
> Date: Fri Feb 1 23:36:21 2019 +0000
>
> drm/amdgpu: Delete user queue doorbell variables
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1433ece4a00000
> final oops: https://syzkaller.appspot.com/x/report.txt?x=1633ece4a00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1233ece4a00000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
> Fixes: c0d9271ecbd8 ("drm/amdgpu: Delete user queue doorbell variables")
>
> ------------[ cut here ]------------
> Looking for class "l2tp_sock" with key l2tp_socket_class, but found a different class "slock-AF_INET6" with the same key
> WARNING: CPU: 0 PID: 7280 at kernel/locking/lockdep.c:937 look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
> Modules linked in:
> CPU: 0 PID: 7280 Comm: syz-executor835 Not tainted 6.2.0-rc1-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
> RIP: 0010:look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
> Code: 17 48 81 fa e0 e5 f6 8f 74 59 80 3d 5d bc 57 04 00 75 50 48 c7 c7 00 4d 4c 8a 48 89 04 24 c6 05 49 bc 57 04 01 e8 a9 42 b9 ff <0f> 0b 48 8b 04 24 eb 31 9c 5a 80 e6 02 74 95 e8 45 38 02 fa 85 c0
> RSP: 0018:ffffc9000b5378b8 EFLAGS: 00010082
> RAX: 0000000000000000 RBX: ffffffff91c06a00 RCX: 0000000000000000
> RDX: ffff8880292d0000 RSI: ffffffff8166721c RDI: fffff520016a6f09
> RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
> R10: 0000000080000201 R11: 20676e696b6f6f4c R12: 0000000000000000
> R13: ffff88802a5820b0 R14: 0000000000000000 R15: 0000000000000000
> FS: 00007f1fd7a97700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000020000100 CR3: 0000000078ab4000 CR4: 00000000003506f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <TASK>
> register_lock_class+0xbe/0x1120 kernel/locking/lockdep.c:1289
> __lock_acquire+0x109/0x56d0 kernel/locking/lockdep.c:4934
> lock_acquire kernel/locking/lockdep.c:5668 [inline]
> lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
> __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
> _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
> spin_lock_bh include/linux/spinlock.h:355 [inline]
> lock_sock_nested+0x5f/0xf0 net/core/sock.c:3473
> lock_sock include/net/sock.h:1725 [inline]
> inet_autobind+0x1a/0x190 net/ipv4/af_inet.c:177
> inet_send_prepare net/ipv4/af_inet.c:813 [inline]
> inet_send_prepare+0x325/0x4e0 net/ipv4/af_inet.c:807
> inet6_sendmsg+0x43/0xe0 net/ipv6/af_inet6.c:655
> sock_sendmsg_nosec net/socket.c:714 [inline]
> sock_sendmsg+0xd3/0x120 net/socket.c:734
> __sys_sendto+0x23a/0x340 net/socket.c:2117
> __do_sys_sendto net/socket.c:2129 [inline]
> __se_sys_sendto net/socket.c:2125 [inline]
> __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2125
> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
> do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
> entry_SYSCALL_64_after_hwframe+0x63/0xcd
> RIP: 0033:0x7f1fd78538b9
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007f1fd7a971f8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
> RAX: ffffffffffffffda RBX: 00007f1fd78f0038 RCX: 00007f1fd78538b9
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
> RBP: 00007f1fd78f0030 R08: 0000000020000100 R09: 000000000000001c
> R10: 0000000004008000 R11: 0000000000000212 R12: 00007f1fd78f003c
> R13: 00007f1fd79ffc8f R14: 00007f1fd7a97300 R15: 0000000000022000
> </TASK>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] WARNING: locking bug in inet_autobind
2023-01-03 15:39 ` Felix Kuehling
@ 2023-01-03 16:05 ` Waiman Long
2023-01-03 16:20 ` Felix Kuehling
0 siblings, 1 reply; 9+ messages in thread
From: Waiman Long @ 2023-01-03 16:05 UTC (permalink / raw)
To: Felix Kuehling, syzbot, Alexander.Deucher, Christian.Koenig,
David1.Zhou, Evan.Quan, Harry.Wentland, Oak.Zeng, Ray.Huang,
Yong.Zhao, airlied, amd-gfx, ast, boqun.feng, bpf, daniel,
daniel, davem, dri-devel, dsahern, edumazet, gautammenghani201,
jakub, kafai, kuba, kuznet, linux-kernel, mingo, netdev, ozeng,
pabeni, penguin-kernel, peterz, rex.zhu, songliubraving,
syzkaller-bugs, will, yhs, yoshfuji
On 1/3/23 10:39, Felix Kuehling wrote:
> The regression point doesn't make sense. The kernel config doesn't
> enable CONFIG_DRM_AMDGPU, so there is no way that a change in AMDGPU
> could have caused this regression.
>
I agree. It is likely a pre-existing problem or caused by another commit
that got triggered because of the change in cacheline alignment caused
by commit c0d9271ecbd ("drm/amdgpu: Delete user queue doorbell variable").
Cheers,
Longman
> Regards,
> Felix
>
>
> Am 2022-12-29 um 01:26 schrieb syzbot:
>> syzbot has found a reproducer for the following issue on:
>>
>> HEAD commit: 1b929c02afd3 Linux 6.2-rc1
>> git tree: upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=145c6a68480000
>> kernel config:
>> https://syzkaller.appspot.com/x/.config?x=2651619a26b4d687
>> dashboard link:
>> https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
>> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU
>> Binutils for Debian) 2.35.2
>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e13e32480000
>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13790f08480000
>>
>> Downloadable assets:
>> disk image:
>> https://storage.googleapis.com/syzbot-assets/d1849f1ca322/disk-1b929c02.raw.xz
>> vmlinux:
>> https://storage.googleapis.com/syzbot-assets/924cb8aa4ada/vmlinux-1b929c02.xz
>> kernel image:
>> https://storage.googleapis.com/syzbot-assets/8c7330dae0a0/bzImage-1b929c02.xz
>>
>> The issue was bisected to:
>>
>> commit c0d9271ecbd891cdeb0fad1edcdd99ee717a655f
>> Author: Yong Zhao <Yong.Zhao@amd.com>
>> Date: Fri Feb 1 23:36:21 2019 +0000
>>
>> drm/amdgpu: Delete user queue doorbell variables
>>
>> bisection log:
>> https://syzkaller.appspot.com/x/bisect.txt?x=1433ece4a00000
>> final oops: https://syzkaller.appspot.com/x/report.txt?x=1633ece4a00000
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1233ece4a00000
>>
>> IMPORTANT: if you fix the issue, please add the following tag to the
>> commit:
>> Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
>> Fixes: c0d9271ecbd8 ("drm/amdgpu: Delete user queue doorbell variables")
>>
>> ------------[ cut here ]------------
>> Looking for class "l2tp_sock" with key l2tp_socket_class, but found a
>> different class "slock-AF_INET6" with the same key
>> WARNING: CPU: 0 PID: 7280 at kernel/locking/lockdep.c:937
>> look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
>> Modules linked in:
>> CPU: 0 PID: 7280 Comm: syz-executor835 Not tainted
>> 6.2.0-rc1-syzkaller #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine,
>> BIOS Google 10/26/2022
>> RIP: 0010:look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
>> Code: 17 48 81 fa e0 e5 f6 8f 74 59 80 3d 5d bc 57 04 00 75 50 48 c7
>> c7 00 4d 4c 8a 48 89 04 24 c6 05 49 bc 57 04 01 e8 a9 42 b9 ff <0f>
>> 0b 48 8b 04 24 eb 31 9c 5a 80 e6 02 74 95 e8 45 38 02 fa 85 c0
>> RSP: 0018:ffffc9000b5378b8 EFLAGS: 00010082
>> RAX: 0000000000000000 RBX: ffffffff91c06a00 RCX: 0000000000000000
>> RDX: ffff8880292d0000 RSI: ffffffff8166721c RDI: fffff520016a6f09
>> RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
>> R10: 0000000080000201 R11: 20676e696b6f6f4c R12: 0000000000000000
>> R13: ffff88802a5820b0 R14: 0000000000000000 R15: 0000000000000000
>> FS: 00007f1fd7a97700(0000) GS:ffff8880b9800000(0000)
>> knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000020000100 CR3: 0000000078ab4000 CR4: 00000000003506f0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> Call Trace:
>> <TASK>
>> register_lock_class+0xbe/0x1120 kernel/locking/lockdep.c:1289
>> __lock_acquire+0x109/0x56d0 kernel/locking/lockdep.c:4934
>> lock_acquire kernel/locking/lockdep.c:5668 [inline]
>> lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
>> __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
>> _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
>> spin_lock_bh include/linux/spinlock.h:355 [inline]
>> lock_sock_nested+0x5f/0xf0 net/core/sock.c:3473
>> lock_sock include/net/sock.h:1725 [inline]
>> inet_autobind+0x1a/0x190 net/ipv4/af_inet.c:177
>> inet_send_prepare net/ipv4/af_inet.c:813 [inline]
>> inet_send_prepare+0x325/0x4e0 net/ipv4/af_inet.c:807
>> inet6_sendmsg+0x43/0xe0 net/ipv6/af_inet6.c:655
>> sock_sendmsg_nosec net/socket.c:714 [inline]
>> sock_sendmsg+0xd3/0x120 net/socket.c:734
>> __sys_sendto+0x23a/0x340 net/socket.c:2117
>> __do_sys_sendto net/socket.c:2129 [inline]
>> __se_sys_sendto net/socket.c:2125 [inline]
>> __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2125
>> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>> do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
>> entry_SYSCALL_64_after_hwframe+0x63/0xcd
>> RIP: 0033:0x7f1fd78538b9
>> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48
>> 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48>
>> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
>> RSP: 002b:00007f1fd7a971f8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
>> RAX: ffffffffffffffda RBX: 00007f1fd78f0038 RCX: 00007f1fd78538b9
>> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
>> RBP: 00007f1fd78f0030 R08: 0000000020000100 R09: 000000000000001c
>> R10: 0000000004008000 R11: 0000000000000212 R12: 00007f1fd78f003c
>> R13: 00007f1fd79ffc8f R14: 00007f1fd7a97300 R15: 0000000000022000
>> </TASK>
>>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] WARNING: locking bug in inet_autobind
2023-01-03 16:05 ` Waiman Long
@ 2023-01-03 16:20 ` Felix Kuehling
2023-01-03 22:07 ` Tetsuo Handa
0 siblings, 1 reply; 9+ messages in thread
From: Felix Kuehling @ 2023-01-03 16:20 UTC (permalink / raw)
To: Waiman Long, syzbot, Alexander.Deucher, Christian.Koenig,
David1.Zhou, Evan.Quan, Harry.Wentland, Oak.Zeng, Ray.Huang,
Yong.Zhao, airlied, amd-gfx, ast, boqun.feng, bpf, daniel,
daniel, davem, dri-devel, dsahern, edumazet, gautammenghani201,
jakub, kafai, kuba, kuznet, linux-kernel, mingo, netdev, ozeng,
pabeni, penguin-kernel, peterz, rex.zhu, songliubraving,
syzkaller-bugs, will, yhs, yoshfuji
Am 2023-01-03 um 11:05 schrieb Waiman Long:
> On 1/3/23 10:39, Felix Kuehling wrote:
>> The regression point doesn't make sense. The kernel config doesn't
>> enable CONFIG_DRM_AMDGPU, so there is no way that a change in AMDGPU
>> could have caused this regression.
>>
> I agree. It is likely a pre-existing problem or caused by another
> commit that got triggered because of the change in cacheline alignment
> caused by commit c0d9271ecbd ("drm/amdgpu: Delete user queue doorbell
> variable").
I don't think the change can affect cache line alignment. The entire
amdgpu driver doesn't even get compiled in the kernel config that was
used, and the change doesn't touch any files outside
drivers/gpu/drm/amd/amdgpu:
# CONFIG_DRM_AMDGPU is not set
My guess would be that it's an intermittent bug that is confusing bisect.
Regards,
Felix
>
> Cheers,
> Longman
>
>
>> Regards,
>> Felix
>>
>>
>> Am 2022-12-29 um 01:26 schrieb syzbot:
>>> syzbot has found a reproducer for the following issue on:
>>>
>>> HEAD commit: 1b929c02afd3 Linux 6.2-rc1
>>> git tree: upstream
>>> console output:
>>> https://syzkaller.appspot.com/x/log.txt?x=145c6a68480000
>>> kernel config:
>>> https://syzkaller.appspot.com/x/.config?x=2651619a26b4d687
>>> dashboard link:
>>> https://syzkaller.appspot.com/bug?extid=94cc2a66fc228b23f360
>>> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU
>>> Binutils for Debian) 2.35.2
>>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e13e32480000
>>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13790f08480000
>>>
>>> Downloadable assets:
>>> disk image:
>>> https://storage.googleapis.com/syzbot-assets/d1849f1ca322/disk-1b929c02.raw.xz
>>> vmlinux:
>>> https://storage.googleapis.com/syzbot-assets/924cb8aa4ada/vmlinux-1b929c02.xz
>>> kernel image:
>>> https://storage.googleapis.com/syzbot-assets/8c7330dae0a0/bzImage-1b929c02.xz
>>>
>>> The issue was bisected to:
>>>
>>> commit c0d9271ecbd891cdeb0fad1edcdd99ee717a655f
>>> Author: Yong Zhao <Yong.Zhao@amd.com>
>>> Date: Fri Feb 1 23:36:21 2019 +0000
>>>
>>> drm/amdgpu: Delete user queue doorbell variables
>>>
>>> bisection log:
>>> https://syzkaller.appspot.com/x/bisect.txt?x=1433ece4a00000
>>> final oops: https://syzkaller.appspot.com/x/report.txt?x=1633ece4a00000
>>> console output:
>>> https://syzkaller.appspot.com/x/log.txt?x=1233ece4a00000
>>>
>>> IMPORTANT: if you fix the issue, please add the following tag to the
>>> commit:
>>> Reported-by: syzbot+94cc2a66fc228b23f360@syzkaller.appspotmail.com
>>> Fixes: c0d9271ecbd8 ("drm/amdgpu: Delete user queue doorbell
>>> variables")
>>>
>>> ------------[ cut here ]------------
>>> Looking for class "l2tp_sock" with key l2tp_socket_class, but found
>>> a different class "slock-AF_INET6" with the same key
>>> WARNING: CPU: 0 PID: 7280 at kernel/locking/lockdep.c:937
>>> look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
>>> Modules linked in:
>>> CPU: 0 PID: 7280 Comm: syz-executor835 Not tainted
>>> 6.2.0-rc1-syzkaller #0
>>> Hardware name: Google Google Compute Engine/Google Compute Engine,
>>> BIOS Google 10/26/2022
>>> RIP: 0010:look_up_lock_class+0x97/0x110 kernel/locking/lockdep.c:937
>>> Code: 17 48 81 fa e0 e5 f6 8f 74 59 80 3d 5d bc 57 04 00 75 50 48 c7
>>> c7 00 4d 4c 8a 48 89 04 24 c6 05 49 bc 57 04 01 e8 a9 42 b9 ff <0f>
>>> 0b 48 8b 04 24 eb 31 9c 5a 80 e6 02 74 95 e8 45 38 02 fa 85 c0
>>> RSP: 0018:ffffc9000b5378b8 EFLAGS: 00010082
>>> RAX: 0000000000000000 RBX: ffffffff91c06a00 RCX: 0000000000000000
>>> RDX: ffff8880292d0000 RSI: ffffffff8166721c RDI: fffff520016a6f09
>>> RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
>>> R10: 0000000080000201 R11: 20676e696b6f6f4c R12: 0000000000000000
>>> R13: ffff88802a5820b0 R14: 0000000000000000 R15: 0000000000000000
>>> FS: 00007f1fd7a97700(0000) GS:ffff8880b9800000(0000)
>>> knlGS:0000000000000000
>>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>>> CR2: 0000000020000100 CR3: 0000000078ab4000 CR4: 00000000003506f0
>>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>>> Call Trace:
>>> <TASK>
>>> register_lock_class+0xbe/0x1120 kernel/locking/lockdep.c:1289
>>> __lock_acquire+0x109/0x56d0 kernel/locking/lockdep.c:4934
>>> lock_acquire kernel/locking/lockdep.c:5668 [inline]
>>> lock_acquire+0x1e3/0x630 kernel/locking/lockdep.c:5633
>>> __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline]
>>> _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178
>>> spin_lock_bh include/linux/spinlock.h:355 [inline]
>>> lock_sock_nested+0x5f/0xf0 net/core/sock.c:3473
>>> lock_sock include/net/sock.h:1725 [inline]
>>> inet_autobind+0x1a/0x190 net/ipv4/af_inet.c:177
>>> inet_send_prepare net/ipv4/af_inet.c:813 [inline]
>>> inet_send_prepare+0x325/0x4e0 net/ipv4/af_inet.c:807
>>> inet6_sendmsg+0x43/0xe0 net/ipv6/af_inet6.c:655
>>> sock_sendmsg_nosec net/socket.c:714 [inline]
>>> sock_sendmsg+0xd3/0x120 net/socket.c:734
>>> __sys_sendto+0x23a/0x340 net/socket.c:2117
>>> __do_sys_sendto net/socket.c:2129 [inline]
>>> __se_sys_sendto net/socket.c:2125 [inline]
>>> __x64_sys_sendto+0xe1/0x1b0 net/socket.c:2125
>>> do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>>> do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
>>> entry_SYSCALL_64_after_hwframe+0x63/0xcd
>>> RIP: 0033:0x7f1fd78538b9
>>> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 15 00 00 90 48 89 f8 48
>>> 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48>
>>> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
>>> RSP: 002b:00007f1fd7a971f8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
>>> RAX: ffffffffffffffda RBX: 00007f1fd78f0038 RCX: 00007f1fd78538b9
>>> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
>>> RBP: 00007f1fd78f0030 R08: 0000000020000100 R09: 000000000000001c
>>> R10: 0000000004008000 R11: 0000000000000212 R12: 00007f1fd78f003c
>>> R13: 00007f1fd79ffc8f R14: 00007f1fd7a97300 R15: 0000000000022000
>>> </TASK>
>>>
>>
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [syzbot] WARNING: locking bug in inet_autobind
2023-01-03 16:20 ` Felix Kuehling
@ 2023-01-03 22:07 ` Tetsuo Handa
0 siblings, 0 replies; 9+ messages in thread
From: Tetsuo Handa @ 2023-01-03 22:07 UTC (permalink / raw)
To: Felix Kuehling, Waiman Long, edumazet, jakub
Cc: syzkaller-bugs, netdev, syzbot, Alexander.Deucher,
Christian.Koenig, David1.Zhou, Evan.Quan, Harry.Wentland,
Oak.Zeng, Ray.Huang, Yong.Zhao, airlied, ast, boqun.feng, daniel,
daniel, davem, dsahern, gautammenghani201, kafai, kuba, kuznet,
mingo, ozeng, pabeni, peterz, rex.zhu, songliubraving, will, yhs,
yoshfuji
On 2023/01/04 1:20, Felix Kuehling wrote:
>
> Am 2023-01-03 um 11:05 schrieb Waiman Long:
>> On 1/3/23 10:39, Felix Kuehling wrote:
>>> The regression point doesn't make sense. The kernel config doesn't enable CONFIG_DRM_AMDGPU, so there is no way that a change in AMDGPU could have caused this regression.
>>>
>> I agree. It is likely a pre-existing problem or caused by another commit that got triggered because of the change in cacheline alignment caused by commit c0d9271ecbd ("drm/amdgpu: Delete user queue doorbell variable").
> I don't think the change can affect cache line alignment. The entire amdgpu driver doesn't even get compiled in the kernel config that was used, and the change doesn't touch any files outside drivers/gpu/drm/amd/amdgpu:
>
> # CONFIG_DRM_AMDGPU is not set
>
> My guess would be that it's an intermittent bug that is confusing bisect.
>
> Regards,
> Felix
This was already explained in https://groups.google.com/g/syzkaller-bugs/c/1rmGDmbXWIw/m/nIQm0EmxBAAJ .
Jakub Sitnicki suggested
What if we revisit Eric's lockdep splat fix in 37159ef2c1ae ("l2tp: fix
a lockdep splat") and:
1. remove the lockdep_set_class_and_name(...) call in l2tp; it looks
like an odd case within the network stack, and
2. switch to bh_lock_sock_nested in l2tp_xmit_core so that we don't
break what has been fixed in 37159ef2c1ae.
and we are waiting for response from Eric Dumazet.
^ permalink raw reply [flat|nested] 9+ messages in thread