From: syzbot <syzbot+622acb507894a48b2ce9@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [cgroups?] possible deadlock in console_lock_spinning_enable (5)
Date: Wed, 22 Jan 2025 02:54:03 -0800 [thread overview]
Message-ID: <6790ce4b.050a0220.15cac.020c.GAE@google.com> (raw)
In-Reply-To: <20250122103542.1719-1-hdanton@sina.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in console_lock_spinning_enable
FAULT_INJECTION: forcing a failure.
name fail_usercopy, interval 1, probability 0, space 0, times 1
======================================================
WARNING: possible circular locking dependency detected
6.13.0-syzkaller-gc4b9570cfb63-dirty #0 Not tainted
------------------------------------------------------
syz.1.427/7673 is trying to acquire lock:
ffffffff8e0cb740 (console_owner){-...}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0 kernel/printk/printk.c:1924
but task is already holding lock:
ffff8880b863ec18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #4 (&rq->__lock){-.-.}-{2:2}:
_raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598
raw_spin_rq_lock kernel/sched/sched.h:1519 [inline]
task_rq_lock+0xcf/0x3b0 kernel/sched/core.c:700
cgroup_move_task+0x82/0x250 kernel/sched/psi.c:1161
css_set_move_task+0x288/0x5f0 kernel/cgroup/cgroup.c:898
cgroup_post_fork+0x1c6/0x910 kernel/cgroup/cgroup.c:6691
copy_process+0x5034/0x8d10 kernel/fork.c:2617
kernel_clone+0xfd/0x960 kernel/fork.c:2803
user_mode_thread+0xb4/0xf0 kernel/fork.c:2881
rest_init+0x23/0x2b0 init/main.c:712
start_kernel+0x3e9/0x4d0 init/main.c:1103
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x148
-> #3 (&p->pi_lock){-.-.}-{2:2}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
try_to_wake_up+0xb6/0x1490 kernel/sched/core.c:4209
__wake_up_common+0x131/0x1e0 kernel/sched/wait.c:89
__wake_up_common_lock kernel/sched/wait.c:106 [inline]
__wake_up+0x31/0x60 kernel/sched/wait.c:127
tty_port_default_wakeup+0x2a/0x40 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x68e/0x860 drivers/tty/serial/8250/8250_port.c:1841
serial8250_handle_irq+0x74d/0xc80 drivers/tty/serial/8250/8250_port.c:1949
serial8250_default_handle_irq+0x9a/0x210 drivers/tty/serial/8250/8250_port.c:1969
serial8250_interrupt+0x103/0x210 drivers/tty/serial/8250/8250_core.c:86
__handle_irq_event_percpu+0x229/0x7d0 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x263/0xd10 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
handle_irq arch/x86/kernel/irq.c:247 [inline]
call_irq_handler arch/x86/kernel/irq.c:259 [inline]
__common_interrupt+0xdf/0x250 arch/x86/kernel/irq.c:285
common_interrupt+0x61/0xe0 arch/x86/kernel/irq.c:278
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
variable_ffs arch/x86/include/asm/bitops.h:321 [inline]
handle_softirqs+0x1da/0x8f0 kernel/softirq.c:549
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
native_safe_halt arch/x86/include/asm/irqflags.h:48 [inline]
arch_safe_halt arch/x86/include/asm/irqflags.h:106 [inline]
acpi_safe_halt+0x1a/0x20 drivers/acpi/processor_idle.c:111
acpi_idle_enter+0xc5/0x160 drivers/acpi/processor_idle.c:699
cpuidle_enter_state+0xaa/0x4f0 drivers/cpuidle/cpuidle.c:268
cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:389
cpuidle_idle_call kernel/sched/idle.c:230 [inline]
do_idle+0x310/0x3f0 kernel/sched/idle.c:325
cpu_startup_entry+0x4f/0x60 kernel/sched/idle.c:423
start_secondary+0x222/0x2b0 arch/x86/kernel/smpboot.c:315
common_startup_64+0x13e/0x148
-> #2 (&tty->write_wait){-.-.}-{3:3}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
__wake_up_common_lock kernel/sched/wait.c:105 [inline]
__wake_up+0x1c/0x60 kernel/sched/wait.c:127
tty_port_default_wakeup+0x2a/0x40 drivers/tty/tty_port.c:69
serial8250_tx_chars+0x68e/0x860 drivers/tty/serial/8250/8250_port.c:1841
serial8250_handle_irq+0x74d/0xc80 drivers/tty/serial/8250/8250_port.c:1949
serial8250_default_handle_irq+0x9a/0x210 drivers/tty/serial/8250/8250_port.c:1969
serial8250_interrupt+0x103/0x210 drivers/tty/serial/8250/8250_core.c:86
__handle_irq_event_percpu+0x229/0x7d0 kernel/irq/handle.c:158
handle_irq_event_percpu kernel/irq/handle.c:193 [inline]
handle_irq_event+0xab/0x1e0 kernel/irq/handle.c:210
handle_edge_irq+0x263/0xd10 kernel/irq/chip.c:831
generic_handle_irq_desc include/linux/irqdesc.h:173 [inline]
handle_irq arch/x86/kernel/irq.c:247 [inline]
call_irq_handler arch/x86/kernel/irq.c:259 [inline]
__common_interrupt+0xdf/0x250 arch/x86/kernel/irq.c:285
common_interrupt+0x61/0xe0 arch/x86/kernel/irq.c:278
asm_common_interrupt+0x26/0x40 arch/x86/include/asm/idtentry.h:693
variable_ffs arch/x86/include/asm/bitops.h:321 [inline]
handle_softirqs+0x1da/0x8f0 kernel/softirq.c:549
__do_softirq kernel/softirq.c:595 [inline]
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu+0x109/0x170 kernel/softirq.c:662
irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
_raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
uart_port_unlock_irqrestore include/linux/serial_core.h:786 [inline]
uart_write+0x2a4/0xb30 drivers/tty/serial/serial_core.c:636
process_output_block drivers/tty/n_tty.c:574 [inline]
n_tty_write+0x419/0x1140 drivers/tty/n_tty.c:2389
iterate_tty_write drivers/tty/tty_io.c:1015 [inline]
file_tty_write.constprop.0+0x506/0x9a0 drivers/tty/tty_io.c:1090
tty_write drivers/tty/tty_io.c:1111 [inline]
redirected_tty_write drivers/tty/tty_io.c:1134 [inline]
redirected_tty_write+0xcc/0x140 drivers/tty/tty_io.c:1114
new_sync_write fs/read_write.c:586 [inline]
vfs_write+0x5ae/0x1150 fs/read_write.c:679
ksys_write+0x12b/0x250 fs/read_write.c:731
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&port_lock_key){-.-.}-{3:3}:
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162
uart_port_lock_irqsave include/linux/serial_core.h:715 [inline]
serial8250_console_write+0xb56/0x17c0 drivers/tty/serial/8250/8250_port.c:3372
console_emit_next_record kernel/printk/printk.c:3122 [inline]
console_flush_all+0x803/0xc60 kernel/printk/printk.c:3210
__console_flush_and_unlock kernel/printk/printk.c:3269 [inline]
console_unlock+0xd9/0x210 kernel/printk/printk.c:3309
vprintk_emit+0x424/0x6f0 kernel/printk/printk.c:2432
_printk+0xc8/0x100 kernel/printk/printk.c:2457
register_console+0xbfd/0x1170 kernel/printk/printk.c:4099
univ8250_console_init+0x5f/0x90 drivers/tty/serial/8250/8250_core.c:513
console_init+0x154/0x690 kernel/printk/printk.c:4292
start_kernel+0x29f/0x4d0 init/main.c:1038
x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0xb2/0xc0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x148
-> #0 (console_owner){-...}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain kernel/locking/lockdep.c:3906 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5228
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
console_lock_spinning_enable+0xb0/0xd0 kernel/printk/printk.c:1924
console_emit_next_record kernel/printk/printk.c:3116 [inline]
console_flush_all+0x7ac/0xc60 kernel/printk/printk.c:3210
__console_flush_and_unlock kernel/printk/printk.c:3269 [inline]
console_unlock+0xd9/0x210 kernel/printk/printk.c:3309
vprintk_emit+0x424/0x6f0 kernel/printk/printk.c:2432
_printk+0xc8/0x100 kernel/printk/printk.c:2457
fail_dump lib/fault-inject.c:46 [inline]
should_fail_ex+0x46c/0x5b0 lib/fault-inject.c:154
__copy_to_user_inatomic include/linux/uaccess.h:132 [inline]
copy_to_user_nofault+0xac/0x180 mm/maccess.c:156
____bpf_probe_write_user kernel/trace/bpf_trace.c:348 [inline]
bpf_probe_write_user+0xaf/0xf0 kernel/trace/bpf_trace.c:326
bpf_prog_6303d92f98284ad8+0x44/0x48
bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
__bpf_prog_run include/linux/filter.h:701 [inline]
bpf_prog_run include/linux/filter.h:708 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
bpf_trace_run4+0x245/0x5a0 kernel/trace/bpf_trace.c:2406
__bpf_trace_sched_switch+0x13e/0x190 include/trace/events/sched.h:222
__traceiter_sched_switch+0x6c/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x180b/0x5b60 kernel/sched/core.c:6757
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7082
irqentry_exit+0x36/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
arch_local_irq_restore arch/x86/include/asm/irqflags.h:154 [inline]
lock_acquire.part.0+0x155/0x380 kernel/locking/lockdep.c:5854
rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
rcu_read_lock include/linux/rcupdate.h:849 [inline]
__fget_files+0x46/0x3a0 fs/file.c:1049
__fget_light fs/file.c:1152 [inline]
fdget fs/file.c:1160 [inline]
fdget_pos+0x2fc/0x390 fs/file.c:1187
class_fd_pos_constructor include/linux/file.h:85 [inline]
ksys_write+0x72/0x250 fs/read_write.c:722
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
console_owner --> &p->pi_lock --> &rq->__lock
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&rq->__lock);
lock(&p->pi_lock);
lock(&rq->__lock);
lock(console_owner);
*** DEADLOCK ***
5 locks held by syz.1.427/7673:
#0: ffffffff8e1be440 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#0: ffffffff8e1be440 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#0: ffffffff8e1be440 (rcu_read_lock){....}-{1:3}, at: __fget_files+0x40/0x3a0 fs/file.c:1049
#1: ffff8880b863ec18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598
#2: ffffffff8e1be440 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
#2: ffffffff8e1be440 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
#2: ffffffff8e1be440 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2362 [inline]
#2: ffffffff8e1be440 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1d6/0x5a0 kernel/trace/bpf_trace.c:2406
#3: ffffffff8e1abb80 (console_lock){+.+.}-{0:0}, at: _printk+0xc8/0x100 kernel/printk/printk.c:2457
#4: ffffffff8e1abbf0 (console_srcu){....}-{0:0}, at: rcu_try_lock_acquire include/linux/rcupdate.h:342 [inline]
#4: ffffffff8e1abbf0 (console_srcu){....}-{0:0}, at: srcu_read_lock_nmisafe include/linux/srcu.h:304 [inline]
#4: ffffffff8e1abbf0 (console_srcu){....}-{0:0}, at: console_srcu_read_lock kernel/printk/printk.c:288 [inline]
#4: ffffffff8e1abbf0 (console_srcu){....}-{0:0}, at: console_flush_all+0x159/0xc60 kernel/printk/printk.c:3187
stack backtrace:
CPU: 0 UID: 0 PID: 7673 Comm: syz.1.427 Not tainted 6.13.0-syzkaller-gc4b9570cfb63-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_circular_bug+0x490/0x760 kernel/locking/lockdep.c:2076
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2208
check_prev_add kernel/locking/lockdep.c:3163 [inline]
check_prevs_add kernel/locking/lockdep.c:3282 [inline]
validate_chain kernel/locking/lockdep.c:3906 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5228
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851
console_lock_spinning_enable+0xb0/0xd0 kernel/printk/printk.c:1924
console_emit_next_record kernel/printk/printk.c:3116 [inline]
console_flush_all+0x7ac/0xc60 kernel/printk/printk.c:3210
__console_flush_and_unlock kernel/printk/printk.c:3269 [inline]
console_unlock+0xd9/0x210 kernel/printk/printk.c:3309
vprintk_emit+0x424/0x6f0 kernel/printk/printk.c:2432
_printk+0xc8/0x100 kernel/printk/printk.c:2457
fail_dump lib/fault-inject.c:46 [inline]
should_fail_ex+0x46c/0x5b0 lib/fault-inject.c:154
__copy_to_user_inatomic include/linux/uaccess.h:132 [inline]
copy_to_user_nofault+0xac/0x180 mm/maccess.c:156
____bpf_probe_write_user kernel/trace/bpf_trace.c:348 [inline]
bpf_probe_write_user+0xaf/0xf0 kernel/trace/bpf_trace.c:326
bpf_prog_6303d92f98284ad8+0x44/0x48
bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
__bpf_prog_run include/linux/filter.h:701 [inline]
bpf_prog_run include/linux/filter.h:708 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
bpf_trace_run4+0x245/0x5a0 kernel/trace/bpf_trace.c:2406
__bpf_trace_sched_switch+0x13e/0x190 include/trace/events/sched.h:222
__traceiter_sched_switch+0x6c/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x180b/0x5b60 kernel/sched/core.c:6757
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7082
irqentry_exit+0x36/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire.part.0+0x155/0x380 kernel/locking/lockdep.c:5816
Code: b8 ff ff ff ff 65 0f c1 05 00 a8 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffffc900046c7d28 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 1ffff920008d8fa6 RCX: 00000000d439196c
RDX: 0000000000000001 RSI: ffffffff8b6cdcc0 RDI: ffffffff8bd2c740
RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dd0d98
R10: ffffffff96e86cc7 R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff8e1be440 R14: 0000000000000000 R15: 0000000000000000
rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
rcu_read_lock include/linux/rcupdate.h:849 [inline]
__fget_files+0x46/0x3a0 fs/file.c:1049
__fget_light fs/file.c:1152 [inline]
fdget fs/file.c:1160 [inline]
fdget_pos+0x2fc/0x390 fs/file.c:1187
class_fd_pos_constructor include/linux/file.h:85 [inline]
ksys_write+0x72/0x250 fs/read_write.c:722
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f751a1847df
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
RSP: 002b:00007f751b083030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f751a1847df
RDX: 0000000000000001 RSI: 00007f751b0830a0 RDI: 0000000000000005
RBP: 00007f751b083090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f751a375fa0 R15: 00007fff4f6d3d38
</TASK>
CPU: 0 UID: 0 PID: 7673 Comm: syz.1.427 Not tainted 6.13.0-syzkaller-gc4b9570cfb63-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
fail_dump lib/fault-inject.c:53 [inline]
should_fail_ex+0x497/0x5b0 lib/fault-inject.c:154
__copy_to_user_inatomic include/linux/uaccess.h:132 [inline]
copy_to_user_nofault+0xac/0x180 mm/maccess.c:156
____bpf_probe_write_user kernel/trace/bpf_trace.c:348 [inline]
bpf_probe_write_user+0xaf/0xf0 kernel/trace/bpf_trace.c:326
bpf_prog_6303d92f98284ad8+0x44/0x48
bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
__bpf_prog_run include/linux/filter.h:701 [inline]
bpf_prog_run include/linux/filter.h:708 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]
bpf_trace_run4+0x245/0x5a0 kernel/trace/bpf_trace.c:2406
__bpf_trace_sched_switch+0x13e/0x190 include/trace/events/sched.h:222
__traceiter_sched_switch+0x6c/0xc0 include/trace/events/sched.h:222
trace_sched_switch include/trace/events/sched.h:222 [inline]
__schedule+0x180b/0x5b60 kernel/sched/core.c:6757
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:7082
irqentry_exit+0x36/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire.part.0+0x155/0x380 kernel/locking/lockdep.c:5816
Code: b8 ff ff ff ff 65 0f c1 05 00 a8 8b 7e 83 f8 01 0f 85 d0 01 00 00 9c 58 f6 c4 02 0f 85 e5 01 00 00 48 85 ed 0f 85 b6 01 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7
RSP: 0018:ffffc900046c7d28 EFLAGS: 00000206
RAX: 0000000000000046 RBX: 1ffff920008d8fa6 RCX: 00000000d439196c
RDX: 0000000000000001 RSI: ffffffff8b6cdcc0 RDI: ffffffff8bd2c740
RBP: 0000000000000200 R08: 0000000000000000 R09: fffffbfff2dd0d98
R10: ffffffff96e86cc7 R11: 0000000000000000 R12: 0000000000000000
R13: ffffffff8e1be440 R14: 0000000000000000 R15: 0000000000000000
rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
rcu_read_lock include/linux/rcupdate.h:849 [inline]
__fget_files+0x46/0x3a0 fs/file.c:1049
__fget_light fs/file.c:1152 [inline]
fdget fs/file.c:1160 [inline]
fdget_pos+0x2fc/0x390 fs/file.c:1187
class_fd_pos_constructor include/linux/file.h:85 [inline]
ksys_write+0x72/0x250 fs/read_write.c:722
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f751a1847df
Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
RSP: 002b:00007f751b083030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f751a1847df
RDX: 0000000000000001 RSI: 00007f751b0830a0 RDI: 0000000000000005
RBP: 00007f751b083090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
R13: 0000000000000000 R14: 00007f751a375fa0 R15: 00007fff4f6d3d38
</TASK>
----------------
Code disassembly (best guess):
0: b8 ff ff ff ff mov $0xffffffff,%eax
5: 65 0f c1 05 00 a8 8b xadd %eax,%gs:0x7e8ba800(%rip) # 0x7e8ba80d
c: 7e
d: 83 f8 01 cmp $0x1,%eax
10: 0f 85 d0 01 00 00 jne 0x1e6
16: 9c pushf
17: 58 pop %rax
18: f6 c4 02 test $0x2,%ah
1b: 0f 85 e5 01 00 00 jne 0x206
21: 48 85 ed test %rbp,%rbp
24: 0f 85 b6 01 00 00 jne 0x1e0
* 2a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax <-- trapping instruction
31: fc ff df
34: 48 01 c3 add %rax,%rbx
37: 48 c7 03 00 00 00 00 movq $0x0,(%rbx)
3e: 48 rex.W
3f: c7 .byte 0xc7
Tested on:
commit: c4b9570c Merge tag 'audit-pr-20250121' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=135a1824580000
kernel config: https://syzkaller.appspot.com/x/.config?x=899f38f532606c8e
dashboard link: https://syzkaller.appspot.com/bug?extid=622acb507894a48b2ce9
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1343c5df980000
next prev parent reply other threads:[~2025-01-22 10:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-17 16:39 [syzbot] [serial?] possible deadlock in console_lock_spinning_enable (5) syzbot
2024-10-03 20:37 ` [syzbot] [cgroups?] " syzbot
2025-01-22 10:35 ` Hillf Danton
2025-01-22 10:54 ` syzbot [this message]
2025-01-17 12:34 ` syzbot
2025-01-21 18:29 ` Michal Koutný
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6790ce4b.050a0220.15cac.020c.GAE@google.com \
--to=syzbot+622acb507894a48b2ce9@syzkaller.appspotmail.com \
--cc=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.