From: syzbot <syzbot+dd9906bb8e89b22b1be7@syzkaller.appspotmail.com>
To: davem@davemloft.net, edumazet@google.com,
johan.hedberg@gmail.com, kuba@kernel.org,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org,
luiz.dentz@gmail.com, marcel@holtmann.org,
netdev@vger.kernel.org, pabeni@redhat.com,
syzkaller-bugs@googlegroups.com
Subject: [syzbot] WARNING in cancel_delayed_work_sync
Date: Sun, 30 Oct 2022 22:42:37 -0700 [thread overview]
Message-ID: <00000000000039e9d105ec4e13ed@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=131b44ac880000
kernel config: https://syzkaller.appspot.com/x/.config?x=3a4a45d2d827c1e
dashboard link: https://syzkaller.appspot.com/bug?extid=dd9906bb8e89b22b1be7
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e8e91bc79312/disk-bbed346d.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/c1cb3fb3b77e/vmlinux-bbed346d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+dd9906bb8e89b22b1be7@syzkaller.appspotmail.com
ODEBUG: assert_init not available (active state 0) object type: timer_list hint: 0x0
WARNING: CPU: 1 PID: 25883 at lib/debugobjects.c:505 debug_print_object lib/debugobjects.c:502 [inline]
WARNING: CPU: 1 PID: 25883 at lib/debugobjects.c:505 debug_object_assert_init+0x144/0x198 lib/debugobjects.c:892
Modules linked in:
CPU: 1 PID: 25883 Comm: syz-executor.0 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : debug_print_object lib/debugobjects.c:502 [inline]
pc : debug_object_assert_init+0x144/0x198 lib/debugobjects.c:892
lr : debug_print_object lib/debugobjects.c:502 [inline]
lr : debug_object_assert_init+0x144/0x198 lib/debugobjects.c:892
sp : ffff8000157f3ae0
x29: ffff8000157f3ae0 x28: ffff0000c55b1a80 x27: 0000000000000024
x26: ffff8000157f3be8 x25: ffff800008134bec x24: ffff0000c55b1a80
x23: ffff80000efab740 x22: ffff80000d30c000 x21: ffff80000f0a5000
x20: ffff80000bfff5b8 x19: ffff0000ca0749d0 x18: 00000000000000c0
x17: 203a657079742074 x16: ffff80000db49158 x15: ffff0000c55b1a80
x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000
x11: 0000000000003457 x10: ffff800012a3d000 x9 : db08ffd6148ab200
x8 : db08ffd6148ab200 x7 : ffff80000819545c x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000100000000 x0 : 0000000000000054
Call trace:
debug_print_object lib/debugobjects.c:502 [inline]
debug_object_assert_init+0x144/0x198 lib/debugobjects.c:892
debug_timer_assert_init kernel/time/timer.c:792 [inline]
debug_assert_init kernel/time/timer.c:837 [inline]
del_timer+0x34/0x1a8 kernel/time/timer.c:1257
try_to_grab_pending+0x84/0x54c kernel/workqueue.c:1275
__cancel_work_timer+0x74/0x2ac kernel/workqueue.c:3119
cancel_delayed_work_sync+0x24/0x38 kernel/workqueue.c:3301
mgmt_index_removed+0x158/0x198 net/bluetooth/mgmt.c:8952
hci_sock_bind+0x710/0xb1c net/bluetooth/hci_sock.c:1218
__sys_bind+0x148/0x1b0 net/socket.c:1776
__do_sys_bind net/socket.c:1787 [inline]
__se_sys_bind net/socket.c:1785 [inline]
__arm64_sys_bind+0x28/0x3c net/socket.c:1785
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 286
hardirqs last enabled at (285): [<ffff80000bfc89b4>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last enabled at (285): [<ffff80000bfc89b4>] _raw_spin_unlock_irqrestore+0x48/0x8c kernel/locking/spinlock.c:194
hardirqs last disabled at (286): [<ffff80000812cb28>] try_to_grab_pending+0xac/0x54c kernel/workqueue.c:1264
softirqs last enabled at (264): [<ffff80000b1c7458>] spin_unlock_bh include/linux/spinlock.h:394 [inline]
softirqs last enabled at (264): [<ffff80000b1c7458>] lock_sock_nested+0xc0/0xd8 net/core/sock.c:3400
softirqs last disabled at (262): [<ffff80000b1c7420>] spin_lock_bh include/linux/spinlock.h:354 [inline]
softirqs last disabled at (262): [<ffff80000b1c7420>] lock_sock_nested+0x88/0xd8 net/core/sock.c:3396
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 25883 at kernel/workqueue.c:635 set_work_data kernel/workqueue.c:635 [inline]
WARNING: CPU: 0 PID: 25883 at kernel/workqueue.c:635 clear_work_data kernel/workqueue.c:698 [inline]
WARNING: CPU: 0 PID: 25883 at kernel/workqueue.c:635 __cancel_work_timer+0x29c/0x2ac kernel/workqueue.c:3162
Modules linked in:
CPU: 0 PID: 25883 Comm: syz-executor.0 Tainted: G W 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : set_work_data kernel/workqueue.c:635 [inline]
pc : clear_work_data kernel/workqueue.c:698 [inline]
pc : __cancel_work_timer+0x29c/0x2ac kernel/workqueue.c:3162
lr : set_work_data kernel/workqueue.c:635 [inline]
lr : clear_work_data kernel/workqueue.c:698 [inline]
lr : __cancel_work_timer+0x29c/0x2ac kernel/workqueue.c:3162
sp : ffff8000157f3bd0
x29: ffff8000157f3c10 x28: ffff0000c55b1a80 x27: 0000000000000024
x26: ffff8000157f3be8 x25: ffff800008134bec x24: ffff0000c55b1a80
x23: ffff000112628600 x22: 0000000000000000 x21: 0000001fffffffc0
x20: 0000000000000000 x19: ffff0000ca074988 x18: 00000000000000c0
x17: ffff80000dd0b198 x16: ffff80000db49158 x15: ffff0000c55b1a80
x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000
x11: 000000000001dc58 x10: ffff800012a3d000 x9 : ffff80000812e20c
x8 : 000000000001dc59 x7 : ffff80000813754c x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
set_work_data kernel/workqueue.c:635 [inline]
clear_work_data kernel/workqueue.c:698 [inline]
__cancel_work_timer+0x29c/0x2ac kernel/workqueue.c:3162
cancel_delayed_work_sync+0x24/0x38 kernel/workqueue.c:3301
mgmt_index_removed+0x158/0x198 net/bluetooth/mgmt.c:8952
hci_sock_bind+0x710/0xb1c net/bluetooth/hci_sock.c:1218
__sys_bind+0x148/0x1b0 net/socket.c:1776
__do_sys_bind net/socket.c:1787 [inline]
__se_sys_bind net/socket.c:1785 [inline]
__arm64_sys_bind+0x28/0x3c net/socket.c:1785
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
irq event stamp: 366
hardirqs last enabled at (365): [<ffff80000bfb8138>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (365): [<ffff80000bfb8138>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (366): [<ffff80000bfb5fbc>] el1_dbg+0x24/0x5c arch/arm64/kernel/entry-common.c:404
softirqs last enabled at (360): [<ffff8000080102e4>] _stext+0x2e4/0x37c
softirqs last disabled at (289): [<ffff800008017c14>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
reply other threads:[~2022-10-31 5:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000039e9d105ec4e13ed@google.com \
--to=syzbot+dd9906bb8e89b22b1be7@syzkaller.appspotmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=johan.hedberg@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.