From: syzbot <syzbot+f3298e634aa801f1327e@syzkaller.appspotmail.com>
To: gregkh@linuxfoundation.org, len.brown@intel.com,
linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
pavel@ucw.cz, rafael@kernel.org,
syzkaller-bugs@googlegroups.com
Subject: [syzbot] [pm?] WARNING: locking bug in netdev_unregister_kobject (2)
Date: Mon, 22 Apr 2024 18:11:35 -0700 [thread overview]
Message-ID: <000000000000367b800616b93c64@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 6a71d2909427 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=1321c763180000
kernel config: https://syzkaller.appspot.com/x/.config?x=fca646cf17cc616b
dashboard link: https://syzkaller.appspot.com/bug?extid=f3298e634aa801f1327e
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c77d21fa1405/disk-6a71d290.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/429fcd369816/vmlinux-6a71d290.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d3d8a4b85112/Image-6a71d290.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f3298e634aa801f1327e@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 0 PID: 8958 at kernel/locking/lockdep.c:232 check_wait_context kernel/locking/lockdep.c:4773 [inline]
WARNING: CPU: 0 PID: 8958 at kernel/locking/lockdep.c:232 __lock_acquire+0x78c/0x763c kernel/locking/lockdep.c:5087
Modules linked in:
CPU: 0 PID: 8958 Comm: kbnepd bnep0 Not tainted 6.9.0-rc4-syzkaller-g6a71d2909427 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 604010c5 (nZCv daIF +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : check_wait_context kernel/locking/lockdep.c:4773 [inline]
pc : __lock_acquire+0x78c/0x763c kernel/locking/lockdep.c:5087
lr : hlock_class kernel/locking/lockdep.c:232 [inline]
lr : check_wait_context kernel/locking/lockdep.c:4773 [inline]
lr : __lock_acquire+0x780/0x763c kernel/locking/lockdep.c:5087
sp : ffff8000987272c0
x29: ffff800098727580 x28: ffff0000cc9bbc80 x27: ffff0000cc9bc788
x26: 1fffe000199378f1 x25: ffff0000cc9bc6f0 x24: 0000000000000001
x23: 0000000000000003 x22: 0000000000001df5 x21: ffff8000924bc7b8
x20: 0000000000000000 x19: ffff0000cc9bc78c x18: 0000000000000008
x17: 0000000000000000 x16: ffff80008ae725bc x15: 0000000000000001
x14: 1fffe000367b9602 x13: 0000000000000000 x12: dfff800000000000
x11: 0000000000000003 x10: 0000000000ff0100 x9 : 8484f82778db8800
x8 : 0000000000000000 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800098726a38 x4 : ffff80008ef650a0 x3 : ffff8000805e616c
x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000
Call trace:
check_wait_context kernel/locking/lockdep.c:4773 [inline]
__lock_acquire+0x78c/0x763c kernel/locking/lockdep.c:5087
lock_acquire+0x248/0x73c kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
klist_next+0x8c/0x2e4 lib/klist.c:382
next_device drivers/base/core.c:3970 [inline]
device_for_each_child+0xc0/0x174 drivers/base/core.c:4048
pm_runtime_set_memalloc_noio+0xf0/0x210 drivers/base/power/runtime.c:248
netdev_unregister_kobject+0x148/0x208 net/core/net-sysfs.c:2106
unregister_netdevice_many_notify+0x117c/0x1770 net/core/dev.c:11129
unregister_netdevice_many net/core/dev.c:11157 [inline]
unregister_netdevice_queue net/core/dev.c:11036 [inline]
unregister_netdevice include/linux/netdevice.h:3115 [inline]
unregister_netdev+0x180/0x1f8 net/core/dev.c:11175
bnep_session+0x23bc/0x257c net/bluetooth/bnep/core.c:525
kthread+0x288/0x310 kernel/kthread.c:388
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
irq event stamp: 9402
hardirqs last enabled at (9401): [<ffff80008af65274>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (9401): [<ffff80008af65274>] _raw_spin_unlock_irq+0x30/0x80 kernel/locking/spinlock.c:202
hardirqs last disabled at (9402): [<ffff80008af65014>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (9402): [<ffff80008af65014>] _raw_spin_lock_irqsave+0x2c/0x7c kernel/locking/spinlock.c:162
softirqs last enabled at (9230): [<ffff8000890615e4>] spin_unlock_bh include/linux/spinlock.h:396 [inline]
softirqs last enabled at (9230): [<ffff8000890615e4>] netif_addr_unlock_bh include/linux/netdevice.h:4534 [inline]
softirqs last enabled at (9230): [<ffff8000890615e4>] dev_mc_flush+0x1b4/0x1f8 net/core/dev_addr_lists.c:1036
softirqs last disabled at (9228): [<ffff800089061b1c>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
Unable to handle kernel paging request at virtual address dfff800000000018
KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
Mem abort info:
ESR = 0x0000000096000005
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x05: level 1 translation fault
Data abort info:
ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000018] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 8958 Comm: kbnepd bnep0 Tainted: G W 6.9.0-rc4-syzkaller-g6a71d2909427 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 604010c5 (nZCv daIF +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : check_wait_context kernel/locking/lockdep.c:4773 [inline]
pc : __lock_acquire+0x568/0x763c kernel/locking/lockdep.c:5087
lr : hlock_class kernel/locking/lockdep.c:232 [inline]
lr : check_wait_context kernel/locking/lockdep.c:4773 [inline]
lr : __lock_acquire+0x780/0x763c kernel/locking/lockdep.c:5087
sp : ffff8000987272c0
x29: ffff800098727580 x28: ffff0000cc9bbc80 x27: ffff0000cc9bc788
x26: 1fffe000199378f1 x25: ffff0000cc9bc6f0 x24: 0000000000000001
x23: 0000000000000003 x22: 0000000000001df5 x21: ffff8000924bc7b8
x20: 0000000000000000 x19: 00000000000000c4 x18: 0000000000000008
x17: 0000000000000000 x16: ffff80008ae725bc x15: 0000000000000001
x14: 1fffe000367b9602 x13: 0000000000000000 x12: dfff800000000000
x11: 0000000000000003 x10: 0000000000ff0100 x9 : 8484f82778db8800
x8 : 0000000000000018 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff800098726a38 x4 : ffff80008ef650a0 x3 : ffff8000805e616c
x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000
Call trace:
check_wait_context kernel/locking/lockdep.c:4773 [inline]
__lock_acquire+0x568/0x763c kernel/locking/lockdep.c:5087
lock_acquire+0x248/0x73c kernel/locking/lockdep.c:5754
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x5c/0x7c kernel/locking/spinlock.c:162
klist_next+0x8c/0x2e4 lib/klist.c:382
next_device drivers/base/core.c:3970 [inline]
device_for_each_child+0xc0/0x174 drivers/base/core.c:4048
pm_runtime_set_memalloc_noio+0xf0/0x210 drivers/base/power/runtime.c:248
netdev_unregister_kobject+0x148/0x208 net/core/net-sysfs.c:2106
unregister_netdevice_many_notify+0x117c/0x1770 net/core/dev.c:11129
unregister_netdevice_many net/core/dev.c:11157 [inline]
unregister_netdevice_queue net/core/dev.c:11036 [inline]
unregister_netdevice include/linux/netdevice.h:3115 [inline]
unregister_netdev+0x180/0x1f8 net/core/dev.c:11175
bnep_session+0x23bc/0x257c net/bluetooth/bnep/core.c:525
kthread+0x288/0x310 kernel/kthread.c:388
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
Code: 34000ee8 aa1f03e8 91031113 d343fe68 (38ec6908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 34000ee8 cbz w8, 0x1dc
4: aa1f03e8 mov x8, xzr
8: 91031113 add x19, x8, #0xc4
c: d343fe68 lsr x8, x19, #3
* 10: 38ec6908 ldrsb w8, [x8, x12] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
reply other threads:[~2024-04-23 1:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000367b800616b93c64@google.com \
--to=syzbot+f3298e634aa801f1327e@syzkaller.appspotmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=rafael@kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.