* [syzbot] [nfs?] BUG: sleeping function called from invalid context in dput
@ 2024-08-27 0:10 syzbot
0 siblings, 0 replies; only message in thread
From: syzbot @ 2024-08-27 0:10 UTC (permalink / raw)
To: Dai.Ngo, chuck.lever, jlayton, linux-kernel, linux-nfs, neilb,
okorniev, syzkaller-bugs, tom
Hello,
syzbot found the following issue on:
HEAD commit: 6a7917c89f21 Add linux-next specific files for 20240822
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17e90a7b980000
kernel config: https://syzkaller.appspot.com/x/.config?x=897bd7c53a10fcfc
dashboard link: https://syzkaller.appspot.com/bug?extid=b7d499d78290e9ee5882
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/47820545bc51/disk-6a7917c8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e300f3a38860/vmlinux-6a7917c8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/9146afef58aa/bzImage-6a7917c8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b7d499d78290e9ee5882@syzkaller.appspotmail.com
BUG: sleeping function called from invalid context at fs/dcache.c:844
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9077, name: syz.3.713
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
6 locks held by syz.3.713/9077:
#0: ffffffff8fd2ac70 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 net/netlink/genetlink.c:1218
#1: ffffffff8ec0f9c8 (nfsd_mutex){+.+.}-{3:3}, at: nfsd_nl_listener_set_doit+0x12d/0x1a90 fs/nfsd/nfsctl.c:1963
#2: ffffffff8fe82868 (rpcb_create_local_mutex){+.+.}-{3:3}, at: rpcb_create_local+0x15d/0x800 net/sunrpc/rpcb_clnt.c:353
#3: ffff88801fc03558 (&x->wait#13){-.-.}-{2:2}, at: complete_with_flags kernel/sched/completion.c:20 [inline]
#3: ffff88801fc03558 (&x->wait#13){-.-.}-{2:2}, at: complete+0x28/0x1c0 kernel/sched/completion.c:47
#4: ffff88802392a818 (&p->pi_lock){-.-.}-{2:2}, at: class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
#4: ffff88802392a818 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xb0/0x1480 kernel/sched/core.c:4150
#5: ffff8880b903ea58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:595
irq event stamp: 2182
hardirqs last enabled at (2181): [<ffffffff816414a5>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1500 [inline]
hardirqs last enabled at (2181): [<ffffffff816414a5>] finish_lock_switch kernel/sched/core.c:5065 [inline]
hardirqs last enabled at (2181): [<ffffffff816414a5>] finish_task_switch+0x1e5/0x870 kernel/sched/core.c:5183
hardirqs last disabled at (2182): [<ffffffff8bbf00a3>] common_interrupt+0x13/0xd0 arch/x86/kernel/irq.c:278
softirqs last enabled at (2128): [<ffffffff8aca8bc3>] xs_local_finish_connecting net/sunrpc/xprtsock.c:1978 [inline]
softirqs last enabled at (2128): [<ffffffff8aca8bc3>] xs_local_setup_socket net/sunrpc/xprtsock.c:2016 [inline]
softirqs last enabled at (2128): [<ffffffff8aca8bc3>] xs_local_connect+0x633/0x8e0 net/sunrpc/xprtsock.c:2070
softirqs last disabled at (2126): [<ffffffff89831ad0>] spin_lock_bh include/linux/spinlock.h:356 [inline]
softirqs last disabled at (2126): [<ffffffff89831ad0>] release_sock+0x30/0x1f0 net/core/sock.c:3556
Preemption disabled at:
[<ffffffff8bc75d51>] preempt_schedule+0xe1/0xf0 kernel/sched/core.c:6880
CPU: 0 UID: 0 PID: 9077 Comm: syz.3.713 Not tainted 6.11.0-rc4-next-20240822-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
__might_resched+0x5d4/0x780 kernel/sched/core.c:8629
dput+0x26/0x2b0 fs/dcache.c:844
path_put fs/namei.c:568 [inline]
terminate_walk+0x189/0x430 fs/namei.c:692
path_lookupat+0x328/0x450 fs/namei.c:2597
filename_lookup+0x256/0x610 fs/namei.c:2609
kern_path+0x35/0x50 fs/namei.c:2717
unix_find_bsd net/unix/af_unix.c:1124 [inline]
unix_find_other+0x123/0x910 net/unix/af_unix.c:1185
unix_stream_connect+0x3ba/0x10e0 net/unix/af_unix.c:1587
kernel_connect+0x10b/0x160 net/socket.c:3642
xs_local_finish_connecting net/sunrpc/xprtsock.c:1983 [inline]
xs_local_setup_socket net/sunrpc/xprtsock.c:2016 [inline]
xs_local_connect+0x6f0/0x8e0 net/sunrpc/xprtsock.c:2070
xprt_connect+0x63f/0x880 net/sunrpc/xprt.c:948
__rpc_execute+0x51f/0x1460 net/sunrpc/sched.c:949
rpc_execute+0x1ec/0x3f0 net/sunrpc/sched.c:1025
rpc_run_task+0x562/0x6c0 net/sunrpc/clnt.c:1250
rpc_call_null_helper net/sunrpc/clnt.c:2873 [inline]
rpc_ping net/sunrpc/clnt.c:2890 [inline]
rpc_create_xprt+0x534/0xa10 net/sunrpc/clnt.c:492
rpc_create+0x815/0xb10 net/sunrpc/clnt.c:621
rpcb_create_af_local+0x2f9/0x520 net/sunrpc/rpcb_clnt.c:258
rpcb_create_local_unix net/sunrpc/rpcb_clnt.c:291 [inline]
rpcb_create_local+0x263/0x800 net/sunrpc/rpcb_clnt.c:358
svc_rpcb_setup net/sunrpc/svc.c:425 [inline]
svc_bind+0x187/0x1e0 net/sunrpc/svc.c:462
nfsd_create_serv+0x631/0xae0 fs/nfsd/nfssvc.c:607
nfsd_nl_listener_set_doit+0x135/0x1a90 fs/nfsd/nfsctl.c:1965
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357
netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2597
___sys_sendmsg net/socket.c:2651 [inline]
__sys_sendmsg+0x298/0x390 net/socket.c:2680
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8bbd379e79
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8bbe0d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f8bbd516058 RCX: 00007f8bbd379e79
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
RBP: 00007f8bbd3e7916 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f8bbd516058 R15: 00007ffd232873a8
</TASK>
------------[ cut here ]------------
WARNING: CPU: 0 PID: 9077 at kernel/softirq.c:362 __local_bh_enable_ip+0x1be/0x200 kernel/softirq.c:362
Modules linked in:
CPU: 0 UID: 0 PID: 9077 Comm: syz.3.713 Tainted: G W 6.11.0-rc4-next-20240822-syzkaller #0
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:__local_bh_enable_ip+0x1be/0x200 kernel/softirq.c:362
Code: 3b 44 24 60 75 52 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 90 0f 0b 90 e9 ca fe ff ff e8 55 00 00 00 eb 9c 90 <0f> 0b 90 e9 fa fe ff ff 48 c7 c1 4c 43 1c 90 80 e1 07 80 c1 03 38
RSP: 0018:ffffc900041be220 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 1ffff92000837c48 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000201 RDI: ffffffff8a5b29a8
RBP: ffffc900041be2d0 R08: ffffffff901c12ef R09: 1ffffffff203825d
R10: dffffc0000000000 R11: fffffbfff203825e R12: dffffc0000000000
R13: ffff88807da93800 R14: ffffc900041be260 R15: 0000000000000201
FS: 00007f8bbe0d76c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f69e04e52d8 CR3: 00000000686c0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
sock_orphan include/net/sock.h:2003 [inline]
unix_release_sock+0x4b8/0xd00 net/unix/af_unix.c:682
unix_stream_connect+0x94d/0x10e0 net/unix/af_unix.c:1710
kernel_connect+0x10b/0x160 net/socket.c:3642
xs_local_finish_connecting net/sunrpc/xprtsock.c:1983 [inline]
xs_local_setup_socket net/sunrpc/xprtsock.c:2016 [inline]
xs_local_connect+0x6f0/0x8e0 net/sunrpc/xprtsock.c:2070
xprt_connect+0x63f/0x880 net/sunrpc/xprt.c:948
__rpc_execute+0x51f/0x1460 net/sunrpc/sched.c:949
rpc_execute+0x1ec/0x3f0 net/sunrpc/sched.c:1025
rpc_run_task+0x562/0x6c0 net/sunrpc/clnt.c:1250
rpc_call_null_helper net/sunrpc/clnt.c:2873 [inline]
rpc_ping net/sunrpc/clnt.c:2890 [inline]
rpc_create_xprt+0x534/0xa10 net/sunrpc/clnt.c:492
rpc_create+0x815/0xb10 net/sunrpc/clnt.c:621
rpcb_create_af_local+0x2f9/0x520 net/sunrpc/rpcb_clnt.c:258
rpcb_create_local_unix net/sunrpc/rpcb_clnt.c:291 [inline]
rpcb_create_local+0x263/0x800 net/sunrpc/rpcb_clnt.c:358
svc_rpcb_setup net/sunrpc/svc.c:425 [inline]
svc_bind+0x187/0x1e0 net/sunrpc/svc.c:462
nfsd_create_serv+0x631/0xae0 fs/nfsd/nfssvc.c:607
nfsd_nl_listener_set_doit+0x135/0x1a90 fs/nfsd/nfsctl.c:1965
genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357
netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x221/0x270 net/socket.c:745
____sys_sendmsg+0x525/0x7d0 net/socket.c:2597
___sys_sendmsg net/socket.c:2651 [inline]
__sys_sendmsg+0x298/0x390 net/socket.c:2680
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8bbd379e79
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8bbe0d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f8bbd516058 RCX: 00007f8bbd379e79
RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
RBP: 00007f8bbd3e7916 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f8bbd516058 R15: 00007ffd232873a8
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-08-27 0:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-27 0:10 [syzbot] [nfs?] BUG: sleeping function called from invalid context in dput syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.