From: syzbot <syzbot+703d9e154b3b58277261@syzkaller.appspotmail.com>
To: Jason@zx2c4.com, davem@davemloft.net, edumazet@google.com,
frederic@kernel.org, jacob.e.keller@intel.com, jiri@nvidia.com,
juri.lelli@redhat.com, kirill.shutemov@linux.intel.com,
kuba@kernel.org, linux-kernel@vger.kernel.org,
mark.rutland@arm.com, netdev@vger.kernel.org,
nicolas.dichtel@6wind.com, pabeni@redhat.com,
paul@paul-moore.com, peterz@infradead.org, razor@blackwall.org,
sathyanarayanan.kuppuswamy@linux.intel.com, steven.price@arm.com,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de
Subject: Re: [syzbot] BUG: sleeping function called from invalid context in static_key_slow_inc
Date: Thu, 17 Nov 2022 04:03:31 -0800 [thread overview]
Message-ID: <000000000000bef99e05eda9604a@google.com> (raw)
In-Reply-To: <0000000000004e78ec05eda79749@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: 064bc7312bd0 netdevsim: Fix memory leak of nsim_dev->fa_co..
git tree: net
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16b2b231880000
kernel config: https://syzkaller.appspot.com/x/.config?x=a33ac7bbc22a8c35
dashboard link: https://syzkaller.appspot.com/bug?extid=703d9e154b3b58277261
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13cd2f79880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=109e1695880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/0634e1c0e4cb/disk-064bc731.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/fe1039d2de22/vmlinux-064bc731.xz
kernel image: https://storage.googleapis.com/syzbot-assets/5a0d673875fa/bzImage-064bc731.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+703d9e154b3b58277261@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at include/linux/percpu-rwsem.h:49
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3634, name: syz-executor167
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
3 locks held by syz-executor167/3634:
#0: ffffffff8df6b530 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:860
#1: ffffffff8df6b5e8 (genl_mutex){+.+.}-{3:3}, at: genl_lock net/netlink/genetlink.c:33 [inline]
#1: ffffffff8df6b5e8 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x50d/0x780 net/netlink/genetlink.c:848
#2: ffff8880182fa0b8 (k-clock-AF_INET){+++.}-{2:2}, at: l2tp_tunnel_register+0x126/0x1210 net/l2tp/l2tp_core.c:1477
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 1 PID: 3634 Comm: syz-executor167 Not tainted 6.1.0-rc4-syzkaller-00212-g064bc7312bd0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd1/0x138 lib/dump_stack.c:106
__might_resched.cold+0x222/0x26b kernel/sched/core.c:9890
percpu_down_read include/linux/percpu-rwsem.h:49 [inline]
cpus_read_lock+0x1b/0x140 kernel/cpu.c:310
static_key_slow_inc+0x12/0x20 kernel/jump_label.c:158
udp_tunnel_encap_enable include/net/udp_tunnel.h:189 [inline]
setup_udp_tunnel_sock+0x3e1/0x550 net/ipv4/udp_tunnel_core.c:81
l2tp_tunnel_register+0xc51/0x1210 net/l2tp/l2tp_core.c:1509
l2tp_nl_cmd_tunnel_create+0x3d6/0x8b0 net/l2tp/l2tp_netlink.c:245
genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:756
genl_family_rcv_msg net/netlink/genetlink.c:833 [inline]
genl_rcv_msg+0x445/0x780 net/netlink/genetlink.c:850
netlink_rcv_skb+0x157/0x430 net/netlink/af_netlink.c:2540
genl_rcv+0x28/0x40 net/netlink/genetlink.c:861
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x91b/0xe10 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
sock_no_sendpage+0x10c/0x160 net/core/sock.c:3219
kernel_sendpage.part.0+0x1d5/0x700 net/socket.c:3561
kernel_sendpage net/socket.c:3558 [inline]
sock_sendpage+0xe3/0x140 net/socket.c:1054
pipe_to_sendpage+0x2b1/0x380 fs/splice.c:361
splice_from_pipe_feed fs/splice.c:415 [inline]
__splice_from_pipe+0x449/0x8a0 fs/splice.c:559
splice_from_pipe fs/splice.c:594 [inline]
generic_splice_sendpage+0xd8/0x140 fs/splice.c:743
do_splice_from fs/splice.c:764 [inline]
direct_splice_actor+0x114/0x180 fs/splice.c:931
splice_direct_to_actor+0x335/0x8a0 fs/splice.c:886
do_splice_direct+0x1ab/0x280 fs/splice.c:974
do_sendfile+0xb19/0x1270 fs/read_write.c:1255
__do_sys_sendfile64 fs/read_write.c:1323 [inline]
__se_sys_sendfile64 fs/read_write.c:1309 [inline]
__x64_sys_sendfile64+0x1d0/0x210 fs/read_write.c:1309
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f93d1567cb9
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdd8ae4a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f93d1567cb9
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
RBP: 00007f93d152b680 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000100000000 R11: 0000000000000246 R12: 00007f93d152b710
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
next prev parent reply other threads:[~2022-11-17 12:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-17 9:55 [syzbot] BUG: sleeping function called from invalid context in static_key_slow_inc syzbot
2022-11-17 12:03 ` syzbot [this message]
2022-11-18 1:56 ` syzbot
2022-11-18 11:51 ` [PATCH 6.1-rc6] l2tp: call udp_tunnel_encap_enable() and sock_release() without sk_callback_lock Tetsuo Handa
2022-11-18 12:36 ` Eric Dumazet
2022-11-18 13:19 ` Tetsuo Handa
2022-11-18 15:04 ` Eric Dumazet
2022-11-18 17:50 ` Jakub Sitnicki
2022-11-19 10:08 ` Tetsuo Handa
2022-11-19 13:13 ` Jakub Sitnicki
[not found] ` <a2199ab7c03e71af3ac791e119e52c94e9f023f56c8b0d8014dd70aceee2784e@mu>
2022-11-18 22:10 ` Jakub Sitnicki
[not found] <20221118030902.3924-1-hdanton@sina.com>
2022-11-18 15:02 ` [syzbot] BUG: sleeping function called from invalid context in static_key_slow_inc syzbot
[not found] <20221119030519.4257-1-hdanton@sina.com>
2022-11-19 9:25 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000bef99e05eda9604a@google.com \
--to=syzbot+703d9e154b3b58277261@syzkaller.appspotmail.com \
--cc=Jason@zx2c4.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=frederic@kernel.org \
--cc=jacob.e.keller@intel.com \
--cc=jiri@nvidia.com \
--cc=juri.lelli@redhat.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=netdev@vger.kernel.org \
--cc=nicolas.dichtel@6wind.com \
--cc=pabeni@redhat.com \
--cc=paul@paul-moore.com \
--cc=peterz@infradead.org \
--cc=razor@blackwall.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=steven.price@arm.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.