[syzbot] BUG: sleeping function called from invalid context in kernfs_walk_and_get_ns

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+9baaae5fc5795e2e6acf@syzkaller.appspotmail.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com, tj@kernel.org
Subject: [syzbot] BUG: sleeping function called from invalid context in kernfs_walk_and_get_ns
Date: Wed, 12 Oct 2022 07:14:35 -0700	[thread overview]
Message-ID: <0000000000002b89b205ead703ff@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    282342f2dc97 Add linux-next specific files for 20220830
git tree:       linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=14b47c63080000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c7b70bd555c649f4
dashboard link: https://syzkaller.appspot.com/bug?extid=9baaae5fc5795e2e6acf
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12acb375080000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1718658b080000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9baaae5fc5795e2e6acf@syzkaller.appspotmail.com

BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1498
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 3603, name: syz-executor323
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
INFO: lockdep is turned off.
irq event stamp: 0
hardirqs last  enabled at (0): [<0000000000000000>] 0x0
hardirqs last disabled at (0): [<ffffffff814710e0>] copy_process+0x20f0/0x7120 kernel/fork.c:2199
softirqs last  enabled at (0): [<ffffffff81471128>] copy_process+0x2138/0x7120 kernel/fork.c:2203
softirqs last disabled at (0): [<0000000000000000>] 0x0
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 3603 Comm: syz-executor323 Not tainted 6.0.0-rc3-next-20220830-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 __might_resched.cold+0x222/0x26b kernel/sched/core.c:9896
 down_read+0x71/0x450 kernel/locking/rwsem.c:1498
 kernfs_walk_and_get_ns+0xcc/0x3a0 fs/kernfs/dir.c:897
 kernfs_walk_and_get include/linux/kernfs.h:600 [inline]
 cgroup_get_from_path+0x61/0x610 kernel/cgroup/cgroup.c:6647
 cgroup_mt_check_v1+0x19a/0x2f0 net/netfilter/xt_cgroup.c:56
 xt_check_match+0x275/0x9f0 net/netfilter/x_tables.c:523
 check_match net/ipv6/netfilter/ip6_tables.c:490 [inline]
 find_check_match net/ipv6/netfilter/ip6_tables.c:507 [inline]
 find_check_entry.constprop.0+0x342/0x9e0 net/ipv6/netfilter/ip6_tables.c:558
 translate_table+0xc8b/0x1750 net/ipv6/netfilter/ip6_tables.c:735
 do_replace net/ipv6/netfilter/ip6_tables.c:1153 [inline]
 do_ip6t_set_ctl+0x56e/0xb90 net/ipv6/netfilter/ip6_tables.c:1639
 nf_setsockopt+0x83/0xe0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x127/0x190 net/ipv6/ipv6_sockglue.c:1026
 udpv6_setsockopt+0x76/0xc0 net/ipv6/udp.c:1652
 __sys_setsockopt+0x2d6/0x690 net/socket.c:2252
 __do_sys_setsockopt net/socket.c:2263 [inline]
 __se_sys_setsockopt net/socket.c:2260 [inline]
 __x64_sys_setsockopt+0xba/0x150 net/socket.c:2260
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fbfdc6eeb09
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffed2b8f58 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbfdc6eeb09
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 00007fbfdc6b2cb0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000020000300 R11: 0000000000000246 R12: 00007fbfdc6b2d40
R13: 000000


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

next             reply	other threads:[~2022-10-12 14:14 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-12 14:14 syzbot [this message]
2022-10-12 18:30 ` [syzbot] BUG: sleeping function called from invalid context in kernfs_walk_and_get_ns Tejun Heo
2022-10-13  7:38   ` Dmitry Vyukov
2022-10-13 17:39     ` Tejun Heo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000002b89b205ead703ff@google.com \
    --to=syzbot+9baaae5fc5795e2e6acf@syzkaller.appspotmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.