* [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
@ 2024-10-19 15:37 syzbot
2024-10-22 7:51 ` Edward Adam Davis
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: syzbot @ 2024-10-19 15:37 UTC (permalink / raw)
To: brauner, gregkh, jack, linux-fsdevel, linux-kernel, linux-serial,
linux-usb, syzkaller-bugs, viro
Hello,
syzbot found the following issue on:
HEAD commit: 07b887f8236e xhci: add helper to stop endpoint and wait fo..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
console output: https://syzkaller.appspot.com/x/log.txt?x=1101fc5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=9878fe11046ea2c6
dashboard link: https://syzkaller.appspot.com/bug?extid=a234c2d63e0c171ca10e
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e64430580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/c447438ae517/disk-07b887f8.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1430abb44ca1/vmlinux-07b887f8.xz
kernel image: https://storage.googleapis.com/syzbot-assets/53e62be3705b/bzImage-07b887f8.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a234c2d63e0c171ca10e@syzkaller.appspotmail.com
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: {
0-...D
} 2645 jiffies s: 773 root: 0x1/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 5465 Comm: udevd Not tainted 6.12.0-rc3-syzkaller-00051-g07b887f8236e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:io_serial_in+0x87/0xb0 drivers/tty/serial/8250/8250_port.c:407
Code: 72 b5 fe 48 8d 7d 40 44 89 e1 48 b8 00 00 00 00 00 fc ff df 48 89 fa d3 e3 48 c1 ea 03 80 3c 02 00 75 1a 66 03 5d 40 89 da ec <5b> 0f b6 c0 5d 41 5c c3 cc cc cc cc e8 f8 ee 0d ff eb a2 e8 81 ef
RSP: 0018:ffffc90000006f08 EFLAGS: 00000002
RAX: dffffc0000000060 RBX: 00000000000003fd RCX: 0000000000000000
RDX: 00000000000003fd RSI: ffffffff82a06c30 RDI: ffffffff93635660
RBP: ffffffff93635620 R08: 0000000000000001 R09: 000000000000001f
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000020 R14: fffffbfff26c6b1e R15: dffffc0000000000
FS: 00007fefb97f9c80(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2dd5ffff CR3: 000000011c53e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<IRQ>
serial_in drivers/tty/serial/8250/8250.h:137 [inline]
serial_lsr_in drivers/tty/serial/8250/8250.h:159 [inline]
wait_for_lsr+0xda/0x180 drivers/tty/serial/8250/8250_port.c:2068
serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3315 [inline]
serial8250_console_write+0xf5a/0x17c0 drivers/tty/serial/8250/8250_port.c:3393
console_emit_next_record kernel/printk/printk.c:3092 [inline]
console_flush_all+0x800/0xc60 kernel/printk/printk.c:3180
__console_flush_and_unlock kernel/printk/printk.c:3239 [inline]
console_unlock+0xd9/0x210 kernel/printk/printk.c:3279
vprintk_emit+0x424/0x6f0 kernel/printk/printk.c:2407
vprintk+0x7f/0xa0 kernel/printk/printk_safe.c:68
_printk+0xc8/0x100 kernel/printk/printk.c:2432
printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
show_trace_log_lvl+0x1b7/0x3d0 arch/x86/kernel/dumpstack.c:285
sched_show_task kernel/sched/core.c:7589 [inline]
sched_show_task+0x3f0/0x5f0 kernel/sched/core.c:7564
show_state_filter+0xee/0x320 kernel/sched/core.c:7634
k_spec drivers/tty/vt/keyboard.c:667 [inline]
k_spec+0xed/0x150 drivers/tty/vt/keyboard.c:656
kbd_keycode drivers/tty/vt/keyboard.c:1522 [inline]
kbd_event+0xcbd/0x17a0 drivers/tty/vt/keyboard.c:1541
input_handler_events_default+0x116/0x1b0 drivers/input/input.c:2549
input_pass_values+0x777/0x8e0 drivers/input/input.c:126
input_event_dispose drivers/input/input.c:352 [inline]
input_handle_event+0xb30/0x14d0 drivers/input/input.c:369
input_event drivers/input/input.c:398 [inline]
input_event+0x83/0xa0 drivers/input/input.c:390
hidinput_hid_event+0xa12/0x2410 drivers/hid/hid-input.c:1719
hid_process_event+0x4b7/0x5e0 drivers/hid/hid-core.c:1540
hid_input_array_field+0x535/0x710 drivers/hid/hid-core.c:1652
hid_process_report drivers/hid/hid-core.c:1694 [inline]
hid_report_raw_event+0xa02/0x11c0 drivers/hid/hid-core.c:2040
__hid_input_report.constprop.0+0x341/0x440 drivers/hid/hid-core.c:2110
hid_irq_in+0x35e/0x870 drivers/hid/usbhid/hid-core.c:285
__usb_hcd_giveback_urb+0x389/0x6e0 drivers/usb/core/hcd.c:1650
usb_hcd_giveback_urb+0x396/0x450 drivers/usb/core/hcd.c:1734
dummy_timer+0x17c3/0x38d0 drivers/usb/gadget/udc/dummy_hcd.c:1988
__run_hrtimer kernel/time/hrtimer.c:1691 [inline]
__hrtimer_run_queues+0x20a/0xae0 kernel/time/hrtimer.c:1755
hrtimer_run_softirq+0x17d/0x350 kernel/time/hrtimer.c:1772
handle_softirqs+0x206/0x8d0 kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0xac/0x110 kernel/softirq.c:649
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
sysvec_apic_timer_interrupt+0x90/0xb0 arch/x86/kernel/apic/apic.c:1037
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194
Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 76 80 42 fa 48 89 df e8 8e fd 42 fa f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 d5 3f 37 fa 65 8b 05 b6 fd 12 79 85 c0 74 16 5b
RSP: 0018:ffffc90001abfbd8 EFLAGS: 00000246
RAX: 0000000000000002 RBX: ffffffff935bf3e0 RCX: 1ffffffff14ac291
RDX: 0000000000000000 RSI: ffffffff8727f1c0 RDI: ffffffff8746ea80
RBP: 0000000000000286 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff8a564d8f R11: 0000000000000000 R12: ffffffff935bf3d8
R13: 0000000000000000 R14: 0000000000000000 R15: ffff888102e9c000
__debug_check_no_obj_freed lib/debugobjects.c:998 [inline]
debug_check_no_obj_freed+0x328/0x600 lib/debugobjects.c:1019
slab_free_hook mm/slub.c:2273 [inline]
slab_free mm/slub.c:4579 [inline]
kfree+0x294/0x480 mm/slub.c:4727
do_delayed_call include/linux/delayed_call.h:28 [inline]
vfs_readlink+0x149/0x380 fs/namei.c:5272
do_readlinkat+0x24c/0x390 fs/stat.c:551
__do_sys_readlink fs/stat.c:574 [inline]
__se_sys_readlink fs/stat.c:571 [inline]
__x64_sys_readlink+0x78/0xc0 fs/stat.c:571
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fefb9925d47
Code: 73 01 c3 48 8b 0d e1 90 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 59 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b1 90 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffee0fa4b98 EFLAGS: 00000206 ORIG_RAX: 0000000000000059
RAX: ffffffffffffffda RBX: 00000000000000ff RCX: 00007fefb9925d47
RDX: 0000000000000400 RSI: 00007ffee0fa4fa8 RDI: 00007ffee0fa4ba8
RBP: 00007ffee0fa53e8 R08: 0000562cf15ca1fd R09: 0000000000000000
R10: 0000000000000010 R11: 0000000000000206 R12: 0000000000000200
R13: 00007ffee0fa4fa8 R14: 00007ffee0fa4ba8 R15: 00007ffee0fa5aa9
</TASK>
</TASK>
task:kworker/u8:6 state:R running task stack:32568 pid:6065 tgid:6065 ppid:282 flags:0x00004000
Call Trace:
<TASK>
__switch_to_asm+0x70/0x70
</TASK>
task:modprobe state:R running task stack:25408 pid:6080 tgid:6080 ppid:243 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:kworker/u8:7 state:R running task stack:32568 pid:6082 tgid:6082 ppid:1112 flags:0x00004000
Call Trace:
<TASK>
__switch_to_asm+0x70/0x70
</TASK>
task:modprobe state:R running task stack:25136 pid:6087 tgid:6087 ppid:243 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f175529ea90
RSP: 002b:00007ffd1fc1f4a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f175538f860 RCX: 00007f175529ea90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f175538f860 R08: 0000000000000001 R09: 8d0dcd55e87a9e27
R10: 00007ffd1fc1f360 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f1755393658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:24704 pid:6091 tgid:6091 ppid:1168 flags:0x00000000
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:26016 pid:6097 tgid:6097 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:modprobe state:R running task stack:23984 pid:6100 tgid:6100 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:modprobe state:R running task stack:24704 pid:6105 tgid:6105 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f347a9efa90
RSP: 002b:00007ffe0433c488 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f347aae0860 RCX: 00007f347a9efa90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f347aae0860 R08: 0000000000000001 R09: 1c55e6acb1b2b457
R10: 00007ffe0433c340 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f347aae4658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:25408 pid:6109 tgid:6109 ppid:243 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:kworker/u8:3 state:R running task stack:32568 pid:6115 tgid:6115 ppid:46 flags:0x00004000
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6116 tgid:6116 ppid:243 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6861
__cond_resched+0x1b/0x30 kernel/sched/core.c:7199
might_resched include/linux/kernel.h:73 [inline]
remove_vma+0x32/0x1a0 mm/vma.c:328
exit_mmap+0x4e0/0xb30 mm/mmap.c:1888
</TASK>
task:modprobe state:R running task stack:25408 pid:6119 tgid:6119 ppid:46 flags:0x00000000
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6124 tgid:6124 ppid:1168 flags:0x00004002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb260c95a90
RSP: 002b:00007fffa19bd598 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fb260d86860 RCX: 00007fb260c95a90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007fb260d86860 R08: 0000000000000001 R09: c8beb5f7eefeb567
R10: 00007fffa19bd450 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fb260d8a658 R15: 0000000000000001
</TASK>
task:kworker/u8:3 state:R running task stack:28784 pid:6128 tgid:6128 ppid:46 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6861
</TASK>
task:modprobe state:R running task stack:24416 pid:6135 tgid:6135 ppid:1168 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:modprobe state:R running task stack:24720 pid:6142 tgid:6142 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7623e7aa90
RSP: 002b:00007ffc42b305a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f7623f6b860 RCX: 00007f7623e7aa90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f7623f6b860 R08: 0000000000000001 R09: e2a4624ea37f7418
R10: 00007ffc42b30460 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f7623f6f658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:25408 pid:6147 tgid:6147 ppid:37 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f09bda7aa90
RSP: 002b:00007ffcfb5d2bc8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f09bdb6b860 RCX: 00007f09bda7aa90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f09bdb6b860 R08: 0000000000000001 R09: e9ee8b4e2d520c1d
R10: 00007ffcfb5d2a80 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f09bdb6f658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:24704 pid:6152 tgid:6152 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6155 tgid:6155 ppid:37 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:24704 pid:6162 tgid:6162 ppid:243 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6ae101ca90
RSP: 002b:00007ffe8a140c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f6ae110d860 RCX: 00007f6ae101ca90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f6ae110d860 R08: 0000000000000001 R09: 881cc29ae1fba195
R10: 00007ffe8a140b10 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f6ae1111658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:23984 pid:6164 tgid:6164 ppid:1168 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6861
</TASK>
task:modprobe state:R running task stack:25408 pid:6172 tgid:6172 ppid:243 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5ee9af4a90
RSP: 002b:00007ffc18c668c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5ee9be5860 RCX: 00007f5ee9af4a90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f5ee9be5860 R08: 0000000000000001 R09: 6ac5e88e10cb51a5
R10: 00007ffc18c66780 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f5ee9be9658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:24704 pid:6175 tgid:6175 ppid:46 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbcf9197a90
RSP: 002b:00007ffeb25b2738 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fbcf9288860 RCX: 00007fbcf9197a90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007fbcf9288860 R08: 0000000000000001 R09: 203a0cb64f1957e4
R10: 00007ffeb25b25f0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fbcf928c658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:24416 pid:6183 tgid:6183 ppid:243 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:24704 pid:6184 tgid:6184 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:24704 pid:6186 tgid:6186 ppid:37 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd04e702a90
RSP: 002b:00007ffc879c8398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fd04e7f3860 RCX: 00007fd04e702a90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007fd04e7f3860 R08: 0000000000000001 R09: 03af5961ba57cc0e
R10: 00007ffc879c8250 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fd04e7f7658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:23984 pid:6187 tgid:6187 ppid:243 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fe935edaa90
RSP: 002b:00007ffcfdc96a28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fe935fcb860 RCX: 00007fe935edaa90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007fe935fcb860 R08: 0000000000000001 R09: 2e026b9deafd7ace
R10: 00007ffcfdc968e0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007fe935fcf658 R15: 0000000000000001
</TASK>
task:kworker/u8:8 state:R running task stack:28784 pid:6196 tgid:6196 ppid:1168 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6861
</TASK>
task:modprobe state:R running task stack:25136 pid:6200 tgid:6200 ppid:37 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:kworker/u8:2 state:R running task stack:32568 pid:6204 tgid:6204 ppid:37 flags:0x00004000
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:24704 pid:6206 tgid:6206 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:kworker/u8:3 state:R running task stack:32568 pid:6213 tgid:6213 ppid:46 flags:0x00004000
Call Trace:
<TASK>
</TASK>
task:kworker/u8:8 state:R running task stack:32568 pid:6224 tgid:6224 ppid:1168 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:kworker/u8:5 state:R running task stack:32568 pid:6232 tgid:6232 ppid:243 flags:0x00004000
Call Trace:
<TASK>
__switch_to_asm+0x70/0x70
</TASK>
task:modprobe state:R running task stack:23984 pid:6233 tgid:6233 ppid:1112 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:kworker/u8:5 state:R running task stack:32568 pid:6242 tgid:6242 ppid:243 flags:0x00004000
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6243 tgid:6243 ppid:46 flags:0x00000000
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6253 tgid:6253 ppid:1112 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:modprobe state:R running task stack:25408 pid:6256 tgid:6256 ppid:243 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1aa73c7a90
RSP: 002b:00007ffd822968f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f1aa74b8860 RCX: 00007f1aa73c7a90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f1aa74b8860 R08: 0000000000000001 R09: 772b712b87a2229b
R10: 00007ffd822967b0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f1aa74bc658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:24704 pid:6261 tgid:6261 ppid:1112 flags:0x00004002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f24fe1afa90
RSP: 002b:00007fffa5d033a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f24fe2a0860 RCX: 00007f24fe1afa90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f24fe2a0860 R08: 0000000000000001 R09: a3709c33888e2dfd
R10: 00007fffa5d03260 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f24fe2a4658 R15: 0000000000000001
</TASK>
task:kworker/u8:2 state:R running task stack:28784 pid:6264 tgid:6264 ppid:37 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6861
__cond_resched+0x1b/0x30 kernel/sched/core.c:7199
_cond_resched include/linux/sched.h:2031 [inline]
stop_one_cpu+0x112/0x190 kernel/stop_machine.c:151
</TASK>
task:modprobe state:R running task stack:24416 pid:6273 tgid:6273 ppid:46 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6282 tgid:6282 ppid:1168 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:modprobe state:R running task stack:24704 pid:6285 tgid:6285 ppid:243 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:kworker/u8:8 state:R running task stack:32568 pid:6292 tgid:6292 ppid:1168 flags:0x00004000
Call Trace:
<TASK>
__switch_to_asm+0x70/0x70
</TASK>
task:modprobe state:R running task stack:25408 pid:6295 tgid:6295 ppid:243 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
</TASK>
task:modprobe state:R running task stack:25408 pid:6296 tgid:6296 ppid:37 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
</TASK>
task:modprobe state:R running task stack:25408 pid:6298 tgid:6298 ppid:243 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:modprobe state:R running task stack:25408 pid:6300 tgid:6300 ppid:37 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f19326fba90
RSP: 002b:00007ffc90dba708 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f19327ec860 RCX: 00007f19326fba90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f19327ec860 R08: 0000000000000001 R09: 468f387cc50540c0
R10: 00007ffc90dba5c0 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f19327f0658 R15: 0000000000000001
</TASK>
task:modprobe state:R running task stack:25136 pid:6306 tgid:6306 ppid:243 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6313 tgid:6313 ppid:243 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
do_task_dead+0xd6/0x110 kernel/sched/core.c:6698
do_exit+0x1de7/0x2ce0 kernel/exit.c:990
do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5bdbbcfa90
RSP: 002b:00007ffc0f4a1fa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f5bdbcc0860 RCX: 00007f5bdbbcfa90
RDX: 00000000000000e7 RSI: 000000000000003c RDI: 0000000000000001
RBP: 00007f5bdbcc0860 R08: 0000000000000001 R09: 94314777406a5a21
R10: 00007ffc0f4a1e60 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000001 R14: 00007f5bdbcc4658 R15: 0000000000000001
</TASK>
task:kworker/u8:2 state:R running task stack:32568 pid:6321 tgid:6321 ppid:37 flags:0x00004000
Call Trace:
<TASK>
__switch_to_asm+0x70/0x70
</TASK>
task:modprobe state:R running task stack:24704 pid:6322 tgid:6322 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:25408 pid:6330 tgid:6330 ppid:1168 flags:0x00000002
Call Trace:
<TASK>
kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
</TASK>
task:modprobe state:R running task stack:25408 pid:6336 tgid:6336 ppid:37 flags:0x00000002
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
</TASK>
task:modprobe state:R running task stack:25408 pid:6340 tgid:6340 ppid:1168 flags:0x00000000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5322 [inline]
__schedule+0x105f/0x34b0 kernel/sched/core.c:6682
</TASK>
task:kworker/u8:2 state:R running task stack:32568 pid:6345 tgid:6345 ppid:37 flags:0x00004000
Call Trace:
<TASK>
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
task:modprobe state:R running task stack:24704 pid:6348 tgid:6348 ppid:1168 flags:0x00000000
Call Trace:
<TASK>
</TASK>
task:modprobe state:R running task stack:23984 pid:6352 tgid:6352 ppid:46 flags:0x00000002
Call Trace:
<TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
2024-10-19 15:37 [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed syzbot
@ 2024-10-22 7:51 ` Edward Adam Davis
2024-10-22 8:07 ` syzbot
2024-10-22 8:14 ` Edward Adam Davis
` (2 subsequent siblings)
3 siblings, 1 reply; 8+ messages in thread
From: Edward Adam Davis @ 2024-10-22 7:51 UTC (permalink / raw)
To: syzbot+a234c2d63e0c171ca10e; +Cc: linux-kernel, syzkaller-bugs
directly use the simpler _irq() lock/unlock calls instead of the more
complex _irqsave/_irqrestore variants
#syz test
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 5ce473ad499b..936c94655e35 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -958,7 +958,7 @@ EXPORT_SYMBOL_GPL(debug_object_active_state);
#ifdef CONFIG_DEBUG_OBJECTS_FREE
static void __debug_check_no_obj_freed(const void *address, unsigned long size)
{
- unsigned long flags, oaddr, saddr, eaddr, paddr, chunks;
+ unsigned long oaddr, saddr, eaddr, paddr, chunks;
int cnt, objs_checked = 0;
struct debug_obj *obj, o;
struct debug_bucket *db;
@@ -975,7 +975,7 @@ static void __debug_check_no_obj_freed(const void *address, unsigned long size)
repeat:
cnt = 0;
- raw_spin_lock_irqsave(&db->lock, flags);
+ raw_spin_lock_irq(&db->lock);
hlist_for_each_entry_safe(obj, tmp, &db->list, node) {
cnt++;
oaddr = (unsigned long) obj->object;
@@ -985,7 +985,7 @@ static void __debug_check_no_obj_freed(const void *address, unsigned long size)
switch (obj->state) {
case ODEBUG_STATE_ACTIVE:
o = *obj;
- raw_spin_unlock_irqrestore(&db->lock, flags);
+ raw_spin_unlock_irq(&db->lock);
debug_print_object(&o, "free");
debug_object_fixup(o.descr->fixup_free, (void *)oaddr, o.state);
goto repeat;
@@ -995,7 +995,7 @@ static void __debug_check_no_obj_freed(const void *address, unsigned long size)
break;
}
}
- raw_spin_unlock_irqrestore(&db->lock, flags);
+ raw_spin_unlock_irq(&db->lock);
if (cnt > debug_objects_maxchain)
debug_objects_maxchain = cnt;
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
2024-10-22 7:51 ` Edward Adam Davis
@ 2024-10-22 8:07 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2024-10-22 8:07 UTC (permalink / raw)
To: eadavis, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
RAT 00000001 GOOG 00000001)
[ 0.046496][ T0] ACPI: APIC 0x00000000BFFFFDB0 000076 (v05 Google GOOGAPIC 00000001 GOOG 00000001)
[ 0.048654][ T0] ACPI: SSDT 0x00000000BFFFF430 000980 (v01 Google GOOGSSDT 00000001 GOOG 00000001)
[ 0.051656][ T0] ACPI: WAET 0x00000000BFFFFE30 000028 (v01 Google GOOGWAET 00000001 GOOG 00000001)
[ 0.053804][ T0] ACPI: Reserving FACP table memory at [mem 0xbffff330-0xbffff423]
[ 0.055989][ T0] ACPI: Reserving DSDT table memory at [mem 0xbfffd8c0-0xbffff323]
[ 0.057616][ T0] ACPI: Reserving FACS table memory at [mem 0xbfffd880-0xbfffd8bf]
[ 0.058943][ T0] ACPI: Reserving FACS table memory at [mem 0xbfffd880-0xbfffd8bf]
[ 0.060591][ T0] ACPI: Reserving SRAT table memory at [mem 0xbffffe60-0xbfffff27]
[ 0.062145][ T0] ACPI: Reserving APIC table memory at [mem 0xbffffdb0-0xbffffe25]
[ 0.064394][ T0] ACPI: Reserving SSDT table memory at [mem 0xbffff430-0xbffffdaf]
[ 0.065814][ T0] ACPI: Reserving WAET table memory at [mem 0xbffffe30-0xbffffe57]
[ 0.067863][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0x0009ffff]
[ 0.070253][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00100000-0xbfffffff]
[ 0.071420][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0x23fffffff]
[ 0.073158][ T0] NUMA: Node 0 [mem 0x00001000-0x0009ffff] + [mem 0x00100000-0xbfffffff] -> [mem 0x00001000-0xbfffffff]
[ 0.075325][ T0] NUMA: Node 0 [mem 0x00001000-0xbfffffff] + [mem 0x100000000-0x23fffffff] -> [mem 0x00001000-0x23fffffff]
[ 0.078325][ T0] NODE_DATA(0) allocated [mem 0x23fff9e00-0x23fffddff]
[ 0.117884][ T0] Zone ranges:
[ 0.118729][ T0] DMA [mem 0x0000000000001000-0x0000000000ffffff]
[ 0.120123][ T0] DMA32 [mem 0x0000000001000000-0x00000000ffffffff]
[ 0.121166][ T0] Normal [mem 0x0000000100000000-0x000000023fffffff]
[ 0.122385][ T0] Movable zone start for each node
[ 0.123307][ T0] Early memory node ranges
[ 0.124149][ T0] node 0: [mem 0x0000000000001000-0x000000000009efff]
[ 0.125227][ T0] node 0: [mem 0x0000000000100000-0x00000000bfffcfff]
[ 0.126650][ T0] node 0: [mem 0x0000000100000000-0x000000023fffffff]
[ 0.128118][ T0] Initmem setup node 0 [mem 0x0000000000001000-0x000000023fffffff]
[ 0.130187][ T0] On node 0, zone DMA: 1 pages in unavailable ranges
[ 0.132026][ T0] On node 0, zone DMA: 97 pages in unavailable ranges
[ 0.272214][ T0] On node 0, zone Normal: 3 pages in unavailable ranges
[ 0.591782][ T0] kasan: KernelAddressSanitizer initialized
[ 0.594155][ T0] ACPI: PM-Timer IO Port: 0xb008
[ 0.595456][ T0] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1])
[ 0.596918][ T0] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23
[ 0.598543][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level)
[ 0.600551][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
[ 0.602046][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level)
[ 0.604180][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level)
[ 0.606070][ T0] ACPI: Using ACPI (MADT) for SMP configuration information
[ 0.607926][ T0] CPU topo: Max. logical packages: 1
[ 0.608974][ T0] CPU topo: Max. logical dies: 1
[ 0.610008][ T0] CPU topo: Max. dies per package: 1
[ 0.610933][ T0] CPU topo: Max. threads per core: 2
[ 0.612361][ T0] CPU topo: Num. cores per package: 1
[ 0.613460][ T0] CPU topo: Num. threads per package: 2
[ 0.614535][ T0] CPU topo: Allowing 2 present CPUs plus 0 hotplug CPUs
[ 0.616471][ T0] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff]
[ 0.618396][ T0] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
[ 0.620038][ T0] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000effff]
[ 0.621426][ T0] PM: hibernation: Registered nosave memory: [mem 0x000f0000-0x000fffff]
[ 0.622954][ T0] PM: hibernation: Registered nosave memory: [mem 0xbfffd000-0xbfffffff]
[ 0.624961][ T0] PM: hibernation: Registered nosave memory: [mem 0xc0000000-0xfffbbfff]
[ 0.626150][ T0] PM: hibernation: Registered nosave memory: [mem 0xfffbc000-0xffffffff]
[ 0.627592][ T0] [mem 0xc0000000-0xfffbbfff] available for PCI devices
[ 0.629426][ T0] Booting paravirtualized kernel on KVM
[ 0.630453][ T0] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[ 0.677816][ T0] setup_percpu: NR_CPUS:8 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:1
[ 0.680682][ T0] percpu: Embedded 72 pages/cpu s258000 r8192 d28720 u1048576
[ 0.682715][ T0] kvm-guest: PV spinlocks enabled
[ 0.683539][ T0] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear)
[ 0.685241][ T0] Kernel command line: earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff root=/dev/sda console=ttyS0 vsyscall=native numa=fake=2 kvm-intel.nested=1 spec_store_bypass_disable=prctl nopcid vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 netrom.nr_ndevs=16 rose.rose_ndevs=16 smp.csd_lock_timeout=100000 watchdog_thresh=55 workqueue.watchdog_thresh=140 sysctl.net.core.netdev_unregister_timeout_secs=140 dummy_hcd.num=8 panic_on_warn=1 BOOT_IMAGE=/boot/bzImage root=/dev/sda1 console=ttyS0
[ 0.706673][ T0] Unknown kernel command line parameters "ima_policy=tcb spec_store_bypass_disable=prctl BOOT_IMAGE=/boot/bzImage", will be passed to user space.
[ 0.710164][ T0] random: crng init done
[ 0.714069][ T0] Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes, linear)
[ 0.717136][ T0] Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes, linear)
[ 0.719528][ T0] Fallback order for Node 0: 0
[ 0.719568][ T0] Built 1 zonelists, mobility grouping on. Total pages: 2097051
[ 0.721930][ T0] Policy zone: Normal
[ 0.723098][ T0] mem auto-init: stack:all(zero), heap alloc:on, heap free:off
[ 0.724900][ T0] stackdepot: allocating hash table via alloc_large_system_hash
[ 0.727068][ T0] stackdepot hash table entries: 1048576 (order: 12, 16777216 bytes, linear)
[ 0.733916][ T0] software IO TLB: area num 2.
[ 0.908126][ T0] ------------[ cut here ]------------
[ 0.909262][ T0] DEBUG_LOCKS_WARN_ON(early_boot_irqs_disabled)
[ 0.909305][ T0] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:4393 lockdep_hardirqs_on_prepare+0x3c6/0x420
[ 0.911749][ T0] Modules linked in:
[ 0.912323][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 0.913743][ T0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 0.915988][ T0] RIP: 0010:lockdep_hardirqs_on_prepare+0x3c6/0x420
[ 0.917185][ T0] Code: c7 c7 40 f1 27 87 e8 19 97 e7 ff 90 0f 0b 90 90 e9 7a ff ff ff 90 48 c7 c6 e0 21 28 87 48 c7 c7 40 f1 27 87 e8 fb 96 e7 ff 90 <0f> 0b 90 90 eb a3 e8 0f 63 7b 00 e9 09 fd ff ff e8 f5 63 7b 00 e9
[ 0.920840][ T0] RSP: 0000:ffffffff88c07be0 EFLAGS: 00010082
[ 0.922264][ T0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff811aafe9
[ 0.924240][ T0] RDX: ffffffff88c2c7c0 RSI: ffffffff811aaff6 RDI: 0000000000000001
[ 0.925353][ T0] RBP: ffffffff88c07d38 R08: 0000000000000001 R09: 0000000000000000
[ 0.926922][ T0] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888000100000
[ 0.928419][ T0] R13: ffffffff9357fc30 R14: 0000000000000000 R15: 0000000000000000
[ 0.929557][ T0] FS: 0000000000000000(0000) GS:ffff8881f5800000(0000) knlGS:0000000000000000
[ 0.930911][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.931966][ T0] CR2: ffff88823ffff000 CR3: 0000000008ca0000 CR4: 00000000000000b0
[ 0.933236][ T0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 0.934520][ T0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 0.935652][ T0] Call Trace:
[ 0.936173][ T0] <TASK>
[ 0.936605][ T0] ? __warn+0xea/0x3d0
[ 0.937268][ T0] ? lockdep_hardirqs_on_prepare+0x3c6/0x420
[ 0.938086][ T0] ? report_bug+0x3c0/0x580
[ 0.938791][ T0] ? handle_bug+0x54/0xa0
[ 0.939424][ T0] ? exc_invalid_op+0x17/0x50
[ 0.940087][ T0] ? asm_exc_invalid_op+0x1a/0x20
[ 0.941088][ T0] ? __warn_printk+0x199/0x350
[ 0.942223][ T0] ? __warn_printk+0x1a6/0x350
[ 0.942904][ T0] ? lockdep_hardirqs_on_prepare+0x3c6/0x420
[ 0.943814][ T0] trace_hardirqs_on+0x14/0x40
[ 0.944477][ T0] _raw_spin_unlock_irq+0x23/0x50
[ 0.945145][ T0] debug_check_no_obj_freed+0x31e/0x5f0
[ 0.945900][ T0] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 0.947024][ T0] ? should_skip_region.isra.0+0x117/0x130
[ 0.947907][ T0] __free_pages_ok+0x244/0xa20
[ 0.948674][ T0] memblock_free_all+0x43c/0x610
[ 0.949511][ T0] ? __pfx_memblock_free_all+0x10/0x10
[ 0.950569][ T0] ? __asan_memset+0x23/0x50
[ 0.951210][ T0] ? swiotlb_init_io_tlb_pool.constprop.0+0x256/0x2c0
[ 0.952133][ T0] ? swiotlb_init_remap+0x2fc/0x470
[ 0.952838][ T0] mem_init+0x1d/0x370
[ 0.953390][ T0] mm_core_init+0x10a/0x240
[ 0.954116][ T0] start_kernel+0x197/0x4c0
[ 0.954708][ T0] x86_64_start_reservations+0x18/0x30
[ 0.955496][ T0] x86_64_start_kernel+0xb2/0xc0
[ 0.956225][ T0] common_startup_64+0x12c/0x138
[ 0.956879][ T0] </TASK>
[ 0.957305][ T0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 0.958450][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 0.960114][ T0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 0.961655][ T0] Call Trace:
[ 0.962225][ T0] <TASK>
[ 0.962632][ T0] dump_stack_lvl+0x3d/0x1f0
[ 0.963277][ T0] panic+0x71d/0x800
[ 0.963801][ T0] ? __pfx_panic+0x10/0x10
[ 0.964467][ T0] ? show_trace_log_lvl+0x29d/0x3d0
[ 0.965214][ T0] ? check_panic_on_warn+0x1f/0xb0
[ 0.966102][ T0] ? lockdep_hardirqs_on_prepare+0x3c6/0x420
[ 0.967262][ T0] check_panic_on_warn+0xab/0xb0
[ 0.967984][ T0] __warn+0xf6/0x3d0
[ 0.968518][ T0] ? lockdep_hardirqs_on_prepare+0x3c6/0x420
[ 0.969391][ T0] report_bug+0x3c0/0x580
[ 0.970077][ T0] handle_bug+0x54/0xa0
[ 0.970688][ T0] exc_invalid_op+0x17/0x50
[ 0.971472][ T0] asm_exc_invalid_op+0x1a/0x20
[ 0.972430][ T0] RIP: 0010:lockdep_hardirqs_on_prepare+0x3c6/0x420
[ 0.973347][ T0] Code: c7 c7 40 f1 27 87 e8 19 97 e7 ff 90 0f 0b 90 90 e9 7a ff ff ff 90 48 c7 c6 e0 21 28 87 48 c7 c7 40 f1 27 87 e8 fb 96 e7 ff 90 <0f> 0b 90 90 eb a3 e8 0f 63 7b 00 e9 09 fd ff ff e8 f5 63 7b 00 e9
[ 0.976395][ T0] RSP: 0000:ffffffff88c07be0 EFLAGS: 00010082
[ 0.977327][ T0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff811aafe9
[ 0.978440][ T0] RDX: ffffffff88c2c7c0 RSI: ffffffff811aaff6 RDI: 0000000000000001
[ 0.979776][ T0] RBP: ffffffff88c07d38 R08: 0000000000000001 R09: 0000000000000000
[ 0.980888][ T0] R10: 0000000000000000 R11: 0000000000000001 R12: ffff888000100000
[ 0.982105][ T0] R13: ffffffff9357fc30 R14: 0000000000000000 R15: 0000000000000000
[ 0.983253][ T0] ? __warn_printk+0x199/0x350
[ 0.983911][ T0] ? __warn_printk+0x1a6/0x350
[ 0.984601][ T0] trace_hardirqs_on+0x14/0x40
[ 0.985321][ T0] _raw_spin_unlock_irq+0x23/0x50
[ 0.986072][ T0] debug_check_no_obj_freed+0x31e/0x5f0
[ 0.986989][ T0] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 0.988219][ T0] ? should_skip_region.isra.0+0x117/0x130
[ 0.989179][ T0] __free_pages_ok+0x244/0xa20
[ 0.990210][ T0] memblock_free_all+0x43c/0x610
[ 0.990970][ T0] ? __pfx_memblock_free_all+0x10/0x10
[ 0.991836][ T0] ? __asan_memset+0x23/0x50
[ 0.992725][ T0] ? swiotlb_init_io_tlb_pool.constprop.0+0x256/0x2c0
[ 0.993707][ T0] ? swiotlb_init_remap+0x2fc/0x470
[ 0.994498][ T0] mem_init+0x1d/0x370
[ 0.995089][ T0] mm_core_init+0x10a/0x240
[ 0.995747][ T0] start_kernel+0x197/0x4c0
[ 0.996490][ T0] x86_64_start_reservations+0x18/0x30
[ 0.997404][ T0] x86_64_start_kernel+0xb2/0xc0
[ 0.998318][ T0] common_startup_64+0x12c/0x138
[ 0.999061][ T0] </TASK>
[ 0.999501][ T0] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2571341281=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at cd6fc0a301
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cd6fc0a3018e5d793bdcca6530622493f5e88307 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241018-123137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"cd6fc0a3018e5d793bdcca6530622493f5e88307\"
/usr/bin/ld: /tmp/ccoP4YcL.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccoP4YcL.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=10828a5f980000
Tested on:
commit: c6d9e439 Merge 6.12-rc4 into usb-next
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
kernel config: https://syzkaller.appspot.com/x/.config?x=4a2bb21f91d75c65
dashboard link: https://syzkaller.appspot.com/bug?extid=a234c2d63e0c171ca10e
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=13ac8a5f980000
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
2024-10-19 15:37 [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed syzbot
2024-10-22 7:51 ` Edward Adam Davis
@ 2024-10-22 8:14 ` Edward Adam Davis
2024-10-22 8:31 ` syzbot
2024-10-22 8:53 ` Edward Adam Davis
2024-10-27 9:33 ` Thomas Gleixner
3 siblings, 1 reply; 8+ messages in thread
From: Edward Adam Davis @ 2024-10-22 8:14 UTC (permalink / raw)
To: syzbot+a234c2d63e0c171ca10e; +Cc: linux-kernel, syzkaller-bugs
maybe we can insert cond_resched()
#syz test
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 5ce473ad499b..82cbd7a68994 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -975,6 +975,7 @@ static void __debug_check_no_obj_freed(const void *address, unsigned long size)
repeat:
cnt = 0;
+ cond_resched();
raw_spin_lock_irqsave(&db->lock, flags);
hlist_for_each_entry_safe(obj, tmp, &db->list, node) {
cnt++;
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
2024-10-22 8:14 ` Edward Adam Davis
@ 2024-10-22 8:31 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2024-10-22 8:31 UTC (permalink / raw)
To: eadavis, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
653] 1 lock held by syz-execprog/2653:
[ 61.434232][ T2653] #0: ffff888112418958 (&sighand->siglock){....}-{2:2}, at: get_signal+0x25a/0x2770
[ 61.443766][ T2653] irq event stamp: 48556
[ 61.448017][ T2653] hardirqs last enabled at (48555): [<ffffffff86eea633>] irqentry_exit_to_user_mode+0x113/0x240
[ 61.458527][ T2653] hardirqs last disabled at (48556): [<ffffffff86f0d365>] _raw_spin_lock_irq+0x45/0x50
[ 61.468174][ T2653] softirqs last enabled at (48542): [<ffffffff811caf83>] handle_softirqs+0x5a3/0x8d0
[ 61.477893][ T2653] softirqs last disabled at (48537): [<ffffffff811cb9ec>] irq_exit_rcu+0xac/0x110
[ 61.487192][ T2653] Preemption disabled at:
[ 61.487201][ T2653] [<0000000000000000>] 0x0
[ 61.496255][ T2653] CPU: 1 UID: 0 PID: 2653 Comm: syz-execprog Tainted: G W 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 61.508883][ T2653] Tainted: [W]=WARN
[ 61.512710][ T2653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.522769][ T2653] Call Trace:
[ 61.526056][ T2653] <TASK>
[ 61.528996][ T2653] dump_stack_lvl+0x116/0x1f0
[ 61.533718][ T2653] __might_resched+0x3c0/0x5e0
[ 61.538585][ T2653] ? mark_lock+0xb5/0xc60
[ 61.542930][ T2653] ? __pfx___might_resched+0x10/0x10
[ 61.548267][ T2653] ? __pfx_mark_lock+0x10/0x10
[ 61.553043][ T2653] debug_check_no_obj_freed+0x1d9/0x620
[ 61.558627][ T2653] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 61.564815][ T2653] ? put_ucounts+0x1e4/0x290
[ 61.569459][ T2653] kmem_cache_free+0x27d/0x480
[ 61.574418][ T2653] ? collect_signal+0x315/0x630
[ 61.579304][ T2653] collect_signal+0x315/0x630
[ 61.584620][ T2653] dequeue_signal+0x27e/0x720
[ 61.589657][ T2653] ? do_raw_spin_lock+0x12d/0x2c0
[ 61.594772][ T2653] ? __pfx_dequeue_signal+0x10/0x10
[ 61.600066][ T2653] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 61.605530][ T2653] ? lock_acquire+0x2f/0xb0
[ 61.610044][ T2653] ? get_signal+0x25a/0x2770
[ 61.614641][ T2653] get_signal+0x5fb/0x2770
[ 61.619071][ T2653] ? __pfx_get_signal+0x10/0x10
[ 61.624016][ T2653] ? ktime_get+0xfb/0x1a0
[ 61.628439][ T2653] arch_do_signal_or_restart+0x90/0x7e0
[ 61.634093][ T2653] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 61.640364][ T2653] irqentry_exit_to_user_mode+0x136/0x240
[ 61.646182][ T2653] asm_sysvec_reschedule_ipi+0x1a/0x20
[ 61.651680][ T2653] RIP: 0033:0x41a8cb
[ 61.655579][ T2653] Code: 8b 50 20 48 c1 e2 0d 48 89 d6 48 c1 ea 06 48 8b 78 68 48 c1 ef 03 4c 8b 40 18 4c 01 c6 48 29 d6 4c 29 c3 48 89 d9 48 c1 eb 09 <48> c1 e9 03 48 89 ca 83 e2 3f 4c 8d 04 3a 4c 8d 0c de 90 90 48 8d
[ 61.675288][ T2653] RSP: 002b:000000c001e35e58 EFLAGS: 00000207
[ 61.681359][ T2653] RAX: 00007ffa93044e58 RBX: 0000000000000009 RCX: 00000000000013e0
[ 61.689336][ T2653] RDX: 0000000000000080 RSI: 000000c002547f80 RDI: 0000000000000006
[ 61.697310][ T2653] RBP: 000000c001e35e70 R08: 000000c002546000 R09: 000000c000066508
[ 61.705378][ T2653] R10: 000000c001ca5800 R11: 0000000000000024 R12: 000000c001e35f00
[ 61.713369][ T2653] R13: 0000000000000001 R14: 000000c001c77c00 R15: 000000c0020bd0e8
[ 61.721354][ T2653] </TASK>
[ 61.893622][ T29] kauditd_printk_skb: 9 callbacks suppressed
[ 61.893645][ T29] audit: type=1400 audit(1729585852.299:102): avc: denied { execmem } for pid=2660 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 61.969213][ T29] audit: type=1400 audit(1729585852.359:103): avc: denied { read } for pid=2665 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 62.017211][ T29] audit: type=1400 audit(1729585852.359:104): avc: denied { open } for pid=2665 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 62.097311][ T29] audit: type=1400 audit(1729585852.359:105): avc: denied { mounton } for pid=2665 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 62.169505][ T29] audit: type=1400 audit(1729585852.379:106): avc: denied { create } for pid=2664 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 62.196383][ T2665] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 62.237242][ T29] audit: type=1400 audit(1729585852.399:107): avc: denied { sys_admin } for pid=2664 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 62.298760][ T29] audit: type=1400 audit(1729585852.419:108): avc: denied { mounton } for pid=2665 comm="syz-executor" path="/root/syzkaller.CmWlf6/syz-tmp" dev="sda1" ino=1945 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 62.363987][ T29] audit: type=1400 audit(1729585852.419:109): avc: denied { mount } for pid=2665 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 62.408172][ T29] audit: type=1400 audit(1729585852.419:110): avc: denied { mounton } for pid=2665 comm="syz-executor" path="/root/syzkaller.CmWlf6/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 62.416550][ T1356] BUG: sleeping function called from invalid context at lib/debugobjects.c:978
[ 62.442502][ T1356] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1356, name: kworker/u8:7
[ 62.451716][ T1356] preempt_count: 1, expected: 0
[ 62.456779][ T1356] RCU nest depth: 0, expected: 0
[ 62.461726][ T1356] 3 locks held by kworker/u8:7/1356:
[ 62.467108][ T1356] #0: ffff888100089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0
[ 62.478473][ T1356] #1: ffffc900026afd80 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[ 62.490007][ T1356] #2: ffffffff88c0a098 (tasklist_lock){.+.+}-{2:2}, at: release_task+0x20c/0x1b00
[ 62.499451][ T1356] irq event stamp: 15692
[ 62.503787][ T1356] hardirqs last enabled at (15691): [<ffffffff86f0d633>] _raw_spin_unlock_irq+0x23/0x50
[ 62.513611][ T1356] hardirqs last disabled at (15692): [<ffffffff86f0da65>] _raw_write_lock_irq+0x45/0x50
[ 62.523347][ T1356] softirqs last enabled at (7630): [<ffffffff811caf83>] handle_softirqs+0x5a3/0x8d0
[ 62.532827][ T1356] softirqs last disabled at (7533): [<ffffffff811cb9ec>] irq_exit_rcu+0xac/0x110
[ 62.541954][ T1356] Preemption disabled at:
[ 62.541965][ T1356] [<0000000000000000>] 0x0
[ 62.550730][ T1356] CPU: 1 UID: 0 PID: 1356 Comm: kworker/u8:7 Tainted: G W 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 62.563074][ T1356] Tainted: [W]=WARN
[ 62.566885][ T1356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 62.576956][ T1356] Workqueue: events_unbound call_usermodehelper_exec_work
[ 62.584103][ T1356] Call Trace:
[ 62.587392][ T1356] <TASK>
[ 62.590335][ T1356] dump_stack_lvl+0x116/0x1f0
[ 62.595041][ T1356] __might_resched+0x3c0/0x5e0
[ 62.599838][ T1356] ? __pfx___might_resched+0x10/0x10
[ 62.605599][ T1356] debug_check_no_obj_freed+0x1d9/0x620
[ 62.611180][ T1356] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 62.617279][ T1356] ? find_held_lock+0x2d/0x110
[ 62.622068][ T1356] ? release_task+0xd24/0x1b00
[ 62.626860][ T1356] kmem_cache_free+0x27d/0x480
[ 62.631646][ T1356] ? __cleanup_sighand+0x73/0xa0
[ 62.636613][ T1356] __cleanup_sighand+0x73/0xa0
[ 62.641397][ T1356] release_task+0xd2c/0x1b00
[ 62.646017][ T1356] ? __pfx_release_task+0x10/0x10
[ 62.651067][ T1356] ? mark_held_locks+0x9f/0xe0
[ 62.655952][ T1356] wait_consider_task+0x1812/0x4100
[ 62.661187][ T1356] ? rcu_is_watching+0x12/0xc0
[ 62.665972][ T1356] ? __pfx_wait_consider_task+0x10/0x10
[ 62.671565][ T1356] ? do_wait+0x1e9/0x570
[ 62.675838][ T1356] __do_wait+0x744/0x890
[ 62.680131][ T1356] ? do_wait+0x1e9/0x570
[ 62.684493][ T1356] do_wait+0x219/0x570
[ 62.688588][ T1356] kernel_wait+0xa0/0x160
[ 62.693208][ T1356] ? __pfx_kernel_wait+0x10/0x10
[ 62.698178][ T1356] ? __pfx_child_wait_callback+0x10/0x10
[ 62.703948][ T1356] ? lock_acquire+0x2f/0xb0
[ 62.708481][ T1356] call_usermodehelper_exec_work+0xf1/0x170
[ 62.714439][ T1356] process_one_work+0x9c5/0x1ba0
[ 62.719521][ T1356] ? __pfx_lock_acquire.part.0+0x10/0x10
[ 62.725190][ T1356] ? __pfx_process_one_work+0x10/0x10
[ 62.730949][ T1356] ? assign_work+0x1a0/0x250
[ 62.735658][ T1356] worker_thread+0x6c8/0xf00
[ 62.740297][ T1356] ? __kthread_parkme+0x148/0x220
[ 62.745435][ T1356] ? __pfx_worker_thread+0x10/0x10
[ 62.750664][ T1356] kthread+0x2c1/0x3a0
[ 62.754751][ T1356] ? _raw_spin_unlock_irq+0x23/0x50
[ 62.759972][ T1356] ? __pfx_kthread+0x10/0x10
[ 62.764597][ T1356] ret_from_fork+0x45/0x80
[ 62.769132][ T1356] ? __pfx_kthread+0x10/0x10
[ 62.773833][ T1356] ret_from_fork_asm+0x1a/0x30
[ 62.779002][ T1356] </TASK>
[ 62.782387][ T29] audit: type=1400 audit(1729585852.429:111): avc: denied { mount } for pid=2665 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 63.412330][ T2647] BUG: sleeping function called from invalid context at lib/debugobjects.c:978
[ 63.421682][ T2647] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2647, name: syz-execprog
[ 63.430982][ T2647] preempt_count: 1, expected: 0
[ 63.435870][ T2647] RCU nest depth: 0, expected: 0
[ 63.440891][ T2647] no locks held by syz-execprog/2647.
[ 63.446309][ T2647] Preemption disabled at:
[ 63.446326][ T2647] [<ffffffff86ef85c0>] schedule+0xe0/0x350
[ 63.456663][ T2647] CPU: 0 UID: 0 PID: 2647 Comm: syz-execprog Tainted: G W 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 63.469062][ T2647] Tainted: [W]=WARN
[ 63.472905][ T2647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.483092][ T2647] Call Trace:
[ 63.486409][ T2647] <TASK>
[ 63.489380][ T2647] dump_stack_lvl+0x16c/0x1f0
[ 63.494153][ T2647] __might_resched+0x3c0/0x5e0
[ 63.498995][ T2647] ? __pfx___might_resched+0x10/0x10
[ 63.504347][ T2647] debug_check_no_obj_freed+0x1d9/0x620
[ 63.509957][ T2647] ? page_ext_put+0x3e/0xd0
[ 63.514521][ T2647] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 63.520741][ T2647] ? page_ext_put+0x48/0xd0
[ 63.525322][ T2647] free_unref_page+0x1cc/0xb50
[ 63.530155][ T2647] __mmdrop+0xd5/0x460
[ 63.534294][ T2647] finish_task_switch.isra.0+0x584/0xa40
[ 63.539995][ T2647] ? __switch_to+0x749/0x1180
[ 63.544828][ T2647] __schedule+0x1067/0x34b0
[ 63.549406][ T2647] ? __pfx___schedule+0x10/0x10
[ 63.554322][ T2647] ? schedule+0x298/0x350
[ 63.558719][ T2647] ? __pfx_lock_release+0x10/0x10
[ 63.563806][ T2647] ? trace_lock_acquire+0x14a/0x1d0
[ 63.569156][ T2647] ? lock_acquire+0x2f/0xb0
[ 63.573822][ T2647] ? schedule+0x1fd/0x350
[ 63.578214][ T2647] ? do_nanosleep+0x18a/0x510
[ 63.583000][ T2647] schedule+0xe7/0x350
[ 63.587126][ T2647] do_nanosleep+0x216/0x510
[ 63.591767][ T2647] ? __pfx___debug_object_init+0x10/0x10
[ 63.597475][ T2647] ? __pfx_do_nanosleep+0x10/0x10
[ 63.602559][ T2647] ? __asan_memset+0x23/0x50
[ 63.607303][ T2647] ? __hrtimer_init+0x106/0x2c0
[ 63.612237][ T2647] hrtimer_nanosleep+0x146/0x370
[ 63.617262][ T2647] ? __pfx_hrtimer_nanosleep+0x10/0x10
[ 63.622788][ T2647] ? __pfx_hrtimer_wakeup+0x10/0x10
[ 63.628143][ T2647] ? __pfx_get_timespec64+0x10/0x10
[ 63.633406][ T2647] ? __x64_sys_futex+0x1e1/0x4c0
[ 63.638398][ T2647] ? __x64_sys_futex+0x1ea/0x4c0
[ 63.643396][ T2647] __x64_sys_nanosleep+0x21d/0x2b0
[ 63.648582][ T2647] ? __pfx___x64_sys_nanosleep+0x10/0x10
[ 63.654297][ T2647] do_syscall_64+0xcd/0x250
[ 63.658881][ T2647] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 63.664844][ T2647] RIP: 0033:0x475d57
[ 63.668792][ T2647] Code: 8b 44 24 20 b9 40 42 0f 00 f7 f1 48 89 04 24 b8 e8 03 00 00 f7 e2 48 89 44 24 08 48 89 e7 be 00 00 00 00 b8 23 00 00 00 0f 05 <48> 83 c4 10 5d c3 cc cc cc b8 ba 00 00 00 0f 05 89 44 24 08 c3 cc
[ 63.688549][ T2647] RSP: 002b:000000c00005ff18 EFLAGS: 00000202 ORIG_RAX: 0000000000000023
[ 63.697029][ T2647] RAX: ffffffffffffffda RBX: 0000000000002710 RCX: 0000000000475d57
[ 63.705056][ T2647] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00005ff18
[ 63.713088][ T2647] RBP: 000000c00005ff28 R08: 0000000000001c52 R09: 00007ffad9faf080
[ 63.721114][ T2647] R10: 0000000000000001 R11: 0000000000000202 R12: 000000c00005ff18
[ 63.729176][ T2647] R13: 000000c00007c008 R14: 000000c000006540 R15: 0fffffffffffffff
[ 63.737225][ T2647] </TASK>
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1854706326=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at cd6fc0a301
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cd6fc0a3018e5d793bdcca6530622493f5e88307 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241018-123137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"cd6fc0a3018e5d793bdcca6530622493f5e88307\"
/usr/bin/ld: /tmp/ccRbnj4N.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccRbnj4N.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=17f28a5f980000
Tested on:
commit: c6d9e439 Merge 6.12-rc4 into usb-next
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
kernel config: https://syzkaller.appspot.com/x/.config?x=4a2bb21f91d75c65
dashboard link: https://syzkaller.appspot.com/bug?extid=a234c2d63e0c171ca10e
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=13a390a7980000
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
2024-10-19 15:37 [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed syzbot
2024-10-22 7:51 ` Edward Adam Davis
2024-10-22 8:14 ` Edward Adam Davis
@ 2024-10-22 8:53 ` Edward Adam Davis
2024-10-22 9:11 ` syzbot
2024-10-27 9:33 ` Thomas Gleixner
3 siblings, 1 reply; 8+ messages in thread
From: Edward Adam Davis @ 2024-10-22 8:53 UTC (permalink / raw)
To: syzbot+a234c2d63e0c171ca10e; +Cc: linux-kernel, syzkaller-bugs
maybe we can insert cond_resched()
#syz test
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 5ce473ad499b..5cc5b21ae71f 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -975,6 +975,10 @@ static void __debug_check_no_obj_freed(const void *address, unsigned long size)
repeat:
cnt = 0;
+
+ if (in_task())
+ cond_resched();
+
raw_spin_lock_irqsave(&db->lock, flags);
hlist_for_each_entry_safe(obj, tmp, &db->list, node) {
cnt++;
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
2024-10-22 8:53 ` Edward Adam Davis
@ 2024-10-22 9:11 ` syzbot
0 siblings, 0 replies; 8+ messages in thread
From: syzbot @ 2024-10-22 9:11 UTC (permalink / raw)
To: eadavis, linux-kernel, syzkaller-bugs
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
dm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 48.861396][ T2667] BUG: sleeping function called from invalid context at lib/debugobjects.c:980
[ 48.877826][ T2667] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2667, name: syz-executor
[ 48.890544][ T2667] preempt_count: 1, expected: 0
[ 48.898231][ T2667] RCU nest depth: 0, expected: 0
[ 48.904686][ T2667] 4 locks held by syz-executor/2667:
[ 48.911218][ T2667] #0: ffff888114445278 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: do_lock_mount+0xb0/0x5b0
[ 48.924655][ T2667] #1: ffffffff89081290 (namespace_sem){++++}-{3:3}, at: do_lock_mount+0xfc/0x5b0
[ 48.935892][ T2667] #2: ffffffff88c147d0 (mount_lock){+.+.}-{2:2}, at: attach_recursive_mnt+0x3c2/0x1390
[ 48.948526][ T2667] #3: ffffffff88c14788 (mount_lock.seqcount){+.+.}-{0:0}, at: graft_tree+0x189/0x210
[ 48.960552][ T2667] Preemption disabled at:
[ 48.960567][ T2667] [<0000000000000000>] 0x0
[ 48.970864][ T2667] CPU: 0 UID: 0 PID: 2667 Comm: syz-executor Tainted: G W 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 48.985996][ T2667] Tainted: [W]=WARN
[ 48.991724][ T2667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.005223][ T2667] Call Trace:
[ 49.008776][ T2667] <TASK>
[ 49.012127][ T2667] dump_stack_lvl+0x16c/0x1f0
[ 49.018075][ T2667] __might_resched+0x3c0/0x5e0
[ 49.023869][ T2667] ? __pfx___might_resched+0x10/0x10
[ 49.029728][ T2667] ? __pfx___lock_acquire+0x10/0x10
[ 49.036238][ T2667] debug_check_no_obj_freed+0x53c/0x630
[ 49.043451][ T2667] ? lock_acquire.part.0+0x11b/0x380
[ 49.049655][ T2667] ? find_held_lock+0x2d/0x110
[ 49.054935][ T2667] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 49.061395][ T2667] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 49.067070][ T2667] ? lock_acquire+0x2f/0xb0
[ 49.072430][ T2667] kfree+0x294/0x480
[ 49.077721][ T2667] ? dput_to_list+0xcb/0x620
[ 49.083416][ T2667] ? attach_recursive_mnt+0x81e/0x1390
[ 49.089902][ T2667] attach_recursive_mnt+0x81e/0x1390
[ 49.096318][ T2667] ? __pfx_attach_recursive_mnt+0x10/0x10
[ 49.102547][ T2667] ? do_raw_spin_lock+0x12d/0x2c0
[ 49.108084][ T2667] ? rcu_is_watching+0x12/0xc0
[ 49.113238][ T2667] ? kfree+0x255/0x480
[ 49.117674][ T2667] ? lockref_get+0x15/0x50
[ 49.122409][ T2667] graft_tree+0x189/0x210
[ 49.127635][ T2667] do_add_mount+0x1ca/0x320
[ 49.132594][ T2667] path_mount+0x1a55/0x1f20
[ 49.137597][ T2667] ? kmem_cache_free+0x133/0x480
[ 49.142592][ T2667] ? __pfx_path_mount+0x10/0x10
[ 49.148066][ T2667] ? putname+0x12e/0x170
[ 49.152345][ T2667] __x64_sys_mount+0x294/0x320
[ 49.157339][ T2667] ? __pfx___x64_sys_mount+0x10/0x10
[ 49.162856][ T2667] do_syscall_64+0xcd/0x250
[ 49.167666][ T2667] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 49.173754][ T2667] RIP: 0033:0x7fa944d2f79a
[ 49.178378][ T2667] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 49.199423][ T2667] RSP: 002b:00007fffc0b53128 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 49.207960][ T2667] RAX: ffffffffffffffda RBX: 00007fa944da0685 RCX: 00007fa944d2f79a
[ 49.216037][ T2667] RDX: 00007fa944db1e82 RSI: 00007fa944da0685 RDI: 00007fa944dd6142
[ 49.224417][ T2667] RBP: 00007fffc0b531c0 R08: 0000000000000000 R09: 0000000000000000
[ 49.232670][ T2667] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffc0b531c0
[ 49.241111][ T2667] R13: 00007fffc0b531c8 R14: 0000000000000009 R15: 0000000000000000
[ 49.250017][ T2667] </TASK>
[ 49.276465][ T29] audit: type=1400 audit(1729588219.617:104): avc: denied { open } for pid=2667 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 49.306676][ T29] audit: type=1400 audit(1729588219.617:105): avc: denied { mounton } for pid=2667 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 49.330945][ T29] audit: type=1400 audit(1729588219.667:106): avc: denied { create } for pid=2664 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 49.369864][ T29] audit: type=1400 audit(1729588219.667:107): avc: denied { sys_admin } for pid=2664 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 49.394939][ T29] audit: type=1400 audit(1729588219.677:108): avc: denied { mounton } for pid=2667 comm="syz-executor" path="/root/syzkaller.BUEqlw/syz-tmp" dev="sda1" ino=1945 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 49.436103][ T29] audit: type=1400 audit(1729588219.677:109): avc: denied { mount } for pid=2667 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 49.468685][ T29] audit: type=1400 audit(1729588220.087:110): avc: denied { mounton } for pid=2670 comm="syz-executor" path="/root/syzkaller.Oc9e9i/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 49.528778][ T2670] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 49.556665][ T29] audit: type=1400 audit(1729588220.097:111): avc: denied { mount } for pid=2670 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 49.879856][ T2694] BUG: sleeping function called from invalid context at lib/debugobjects.c:980
[ 49.889038][ T2694] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2694, name: syz-executor
[ 49.898916][ T2694] preempt_count: 1, expected: 0
[ 49.903970][ T2694] RCU nest depth: 0, expected: 0
[ 49.909388][ T2694] 4 locks held by syz-executor/2694:
[ 49.916059][ T2694] #0: ffff888114446fe8 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: do_lock_mount+0xb0/0x5b0
[ 49.927597][ T2694] #1: ffffffff89081290 (namespace_sem){++++}-{3:3}, at: do_lock_mount+0xfc/0x5b0
[ 49.938187][ T2694] #2: ffffffff88c147d0 (mount_lock){+.+.}-{2:2}, at: attach_recursive_mnt+0x3c2/0x1390
[ 49.950112][ T2694] #3: ffffffff88c14788 (mount_lock.seqcount){+.+.}-{0:0}, at: graft_tree+0x189/0x210
[ 49.961153][ T2694] Preemption disabled at:
[ 49.961167][ T2694] [<0000000000000000>] 0x0
[ 49.971018][ T2694] CPU: 0 UID: 0 PID: 2694 Comm: syz-executor Tainted: G W 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 49.983652][ T2694] Tainted: [W]=WARN
[ 49.988417][ T2694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 50.001247][ T2694] Call Trace:
[ 50.006329][ T2694] <TASK>
[ 50.009559][ T2694] dump_stack_lvl+0x16c/0x1f0
[ 50.015178][ T2694] __might_resched+0x3c0/0x5e0
[ 50.020783][ T2694] ? __pfx___might_resched+0x10/0x10
[ 50.026571][ T2694] ? __pfx___lock_acquire+0x10/0x10
[ 50.032495][ T2694] debug_check_no_obj_freed+0x53c/0x630
[ 50.038401][ T2694] ? lock_acquire.part.0+0x11b/0x380
[ 50.043967][ T2694] ? find_held_lock+0x2d/0x110
[ 50.049009][ T2694] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 50.056534][ T2694] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 50.063524][ T2694] ? lock_acquire+0x2f/0xb0
[ 50.069512][ T2694] kfree+0x294/0x480
[ 50.073942][ T2694] ? dput_to_list+0xcb/0x620
[ 50.078993][ T2694] ? attach_recursive_mnt+0x81e/0x1390
[ 50.084650][ T2694] attach_recursive_mnt+0x81e/0x1390
[ 50.090375][ T2694] ? __pfx_attach_recursive_mnt+0x10/0x10
[ 50.096406][ T2694] ? do_raw_spin_lock+0x12d/0x2c0
[ 50.101639][ T2694] ? rcu_is_watching+0x12/0xc0
[ 50.107048][ T2694] ? kfree+0x255/0x480
[ 50.111527][ T2694] ? lockref_get+0x15/0x50
[ 50.116322][ T2694] graft_tree+0x189/0x210
[ 50.120999][ T2694] do_add_mount+0x1ca/0x320
[ 50.125642][ T2694] path_mount+0x1a55/0x1f20
[ 50.130719][ T2694] ? kmem_cache_free+0x133/0x480
[ 50.136047][ T2694] ? __pfx_path_mount+0x10/0x10
[ 50.141031][ T2694] ? putname+0x12e/0x170
[ 50.145439][ T2694] __x64_sys_mount+0x294/0x320
[ 50.150405][ T2694] ? __pfx___x64_sys_mount+0x10/0x10
[ 50.155833][ T2694] do_syscall_64+0xcd/0x250
[ 50.160621][ T2694] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 50.166720][ T2694] RIP: 0033:0x7f0800fbf79a
[ 50.171157][ T2694] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 50.192471][ T2694] RSP: 002b:00007fffa61824c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 50.201814][ T2694] RAX: ffffffffffffffda RBX: 00007f0801030685 RCX: 00007f0800fbf79a
[ 50.210350][ T2694] RDX: 00007f0801041e82 RSI: 00007f0801030685 RDI: 00007f0801066142
[ 50.218627][ T2694] RBP: 00007fffa6182560 R08: 0000000000000000 R09: 0000000000000000
[ 50.226813][ T2694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffa6182560
[ 50.235377][ T2694] R13: 00007fffa6182568 R14: 0000000000000009 R15: 0000000000000000
[ 50.244127][ T2694] </TASK>
[ 50.896859][ T2653] BUG: sleeping function called from invalid context at lib/debugobjects.c:980
[ 50.907013][ T2653] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 2653, name: syz-executor
[ 50.916798][ T2653] preempt_count: 1, expected: 0
[ 50.922192][ T2653] RCU nest depth: 0, expected: 0
[ 50.927337][ T2653] 1 lock held by syz-executor/2653:
[ 50.932920][ T2653] #0: ffffffff88c0a098 (tasklist_lock){.+.+}-{2:2}, at: release_task+0x20c/0x1b00
[ 50.942394][ T2653] irq event stamp: 270764
[ 50.946827][ T2653] hardirqs last enabled at (270763): [<ffffffff86f0d633>] _raw_spin_unlock_irq+0x23/0x50
[ 50.957663][ T2653] hardirqs last disabled at (270764): [<ffffffff86f0da65>] _raw_write_lock_irq+0x45/0x50
[ 50.967761][ T2653] softirqs last enabled at (270736): [<ffffffff861312d8>] tcp_sendmsg+0x38/0x50
[ 50.977328][ T2653] softirqs last disabled at (270734): [<ffffffff85d1969b>] __release_sock+0x28b/0x400
[ 50.987418][ T2653] Preemption disabled at:
[ 50.987427][ T2653] [<0000000000000000>] 0x0
[ 50.996480][ T2653] CPU: 0 UID: 0 PID: 2653 Comm: syz-executor Tainted: G W 6.12.0-rc4-syzkaller-gc6d9e43954bf-dirty #0
[ 51.009719][ T2653] Tainted: [W]=WARN
[ 51.013983][ T2653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 51.024137][ T2653] Call Trace:
[ 51.027455][ T2653] <TASK>
[ 51.030617][ T2653] dump_stack_lvl+0x116/0x1f0
[ 51.035498][ T2653] __might_resched+0x3c0/0x5e0
[ 51.040663][ T2653] ? __pfx___might_resched+0x10/0x10
[ 51.046499][ T2653] debug_check_no_obj_freed+0x53c/0x630
[ 51.052798][ T2653] ? __pfx_debug_check_no_obj_freed+0x10/0x10
[ 51.059186][ T2653] ? find_held_lock+0x2d/0x110
[ 51.065306][ T2653] ? release_task+0xd24/0x1b00
[ 51.071852][ T2653] kmem_cache_free+0x27d/0x480
[ 51.076943][ T2653] ? __cleanup_sighand+0x73/0xa0
[ 51.082519][ T2653] __cleanup_sighand+0x73/0xa0
[ 51.087562][ T2653] release_task+0xd2c/0x1b00
[ 51.093620][ T2653] ? __pfx_release_task+0x10/0x10
[ 51.098928][ T2653] ? trace_lock_acquire+0x14a/0x1d0
[ 51.104523][ T2653] wait_consider_task+0x1812/0x4100
[ 51.109776][ T2653] ? rcu_is_watching+0x12/0xc0
[ 51.115012][ T2653] ? __pfx_wait_consider_task+0x10/0x10
[ 51.120889][ T2653] ? do_wait+0x1e9/0x570
[ 51.125215][ T2653] __do_wait+0x744/0x890
[ 51.129478][ T2653] ? do_wait+0x1e9/0x570
[ 51.133950][ T2653] do_wait+0x219/0x570
[ 51.138247][ T2653] kernel_wait4+0x16c/0x280
[ 51.142849][ T2653] ? __pfx_kernel_wait4+0x10/0x10
[ 51.147984][ T2653] ? __pfx_child_wait_callback+0x10/0x10
[ 51.153757][ T2653] __do_sys_wait4+0x15f/0x170
[ 51.158549][ T2653] ? __pfx___do_sys_wait4+0x10/0x10
[ 51.163781][ T2653] do_syscall_64+0xcd/0x250
[ 51.168601][ T2653] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 51.174804][ T2653] RIP: 0033:0x7fd1d73a4213
[ 51.179334][ T2653] Code: 00 00 0f 1f 44 00 00 31 c9 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 80 3d 31 83 19 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48
[ 51.199767][ T2653] RSP: 002b:00007ffeeea6b488 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
[ 51.209094][ T2653] RAX: ffffffffffffffda RBX: 000055559498b650 RCX: 00007fd1d73a4213
[ 51.217993][ T2653] RDX: 0000000040000000 RSI: 00007ffeeea6b49c RDI: 0000000000000a67
[ 51.227133][ T2653] RBP: 000055559498c030 R08: 0000000000000007 R09: 000055559498bdc0
[ 51.235697][ T2653] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffeeea6b49c
[ 51.243852][ T2653] R13: 0000555594998340 R14: 0000000000000004 R15: 000055559498b650
[ 51.253794][ T2653] </TASK>
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build162586199=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at cd6fc0a301
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=cd6fc0a3018e5d793bdcca6530622493f5e88307 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241018-123137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"cd6fc0a3018e5d793bdcca6530622493f5e88307\"
/usr/bin/ld: /tmp/cc2MMZ1Z.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/cc2MMZ1Z.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=109ac640580000
Tested on:
commit: c6d9e439 Merge 6.12-rc4 into usb-next
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
kernel config: https://syzkaller.appspot.com/x/.config?x=4a2bb21f91d75c65
dashboard link: https://syzkaller.appspot.com/bug?extid=a234c2d63e0c171ca10e
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=11110287980000
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed
2024-10-19 15:37 [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed syzbot
` (2 preceding siblings ...)
2024-10-22 8:53 ` Edward Adam Davis
@ 2024-10-27 9:33 ` Thomas Gleixner
3 siblings, 0 replies; 8+ messages in thread
From: Thomas Gleixner @ 2024-10-27 9:33 UTC (permalink / raw)
To: syzbot, brauner, gregkh, jack, linux-fsdevel, linux-kernel,
linux-serial, linux-usb, syzkaller-bugs, viro
On Sat, Oct 19 2024 at 08:37, syzbot wrote:
That's not a soft lockup in debug_check_no_obj_freed().
What actually happens is:
> serial_in drivers/tty/serial/8250/8250.h:137 [inline]
> serial_lsr_in drivers/tty/serial/8250/8250.h:159 [inline]
> wait_for_lsr+0xda/0x180 drivers/tty/serial/8250/8250_port.c:2068
> serial8250_console_fifo_write drivers/tty/serial/8250/8250_port.c:3315 [inline]
> serial8250_console_write+0xf5a/0x17c0 drivers/tty/serial/8250/8250_port.c:3393
> console_emit_next_record kernel/printk/printk.c:3092 [inline]
> console_flush_all+0x800/0xc60 kernel/printk/printk.c:3180
> __console_flush_and_unlock kernel/printk/printk.c:3239 [inline]
> console_unlock+0xd9/0x210 kernel/printk/printk.c:3279
> vprintk_emit+0x424/0x6f0 kernel/printk/printk.c:2407
> vprintk+0x7f/0xa0 kernel/printk/printk_safe.c:68
> _printk+0xc8/0x100 kernel/printk/printk.c:2432
> printk_stack_address arch/x86/kernel/dumpstack.c:72 [inline]
> show_trace_log_lvl+0x1b7/0x3d0 arch/x86/kernel/dumpstack.c:285
> sched_show_task kernel/sched/core.c:7589 [inline]
> sched_show_task+0x3f0/0x5f0 kernel/sched/core.c:7564
> show_state_filter+0xee/0x320 kernel/sched/core.c:7634
> k_spec drivers/tty/vt/keyboard.c:667 [inline]
> k_spec+0xed/0x150 drivers/tty/vt/keyboard.c:656
HID injects a sysrq-t and the task dump takes ages, which is what stalls
RCU.
There is not much what can be done about this as the dump is initiated
from soft interrupt context at interrupt return.
Thanks,
tglx
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2024-10-27 9:33 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-19 15:37 [syzbot] [serial?] BUG: soft lockup in debug_check_no_obj_freed syzbot
2024-10-22 7:51 ` Edward Adam Davis
2024-10-22 8:07 ` syzbot
2024-10-22 8:14 ` Edward Adam Davis
2024-10-22 8:31 ` syzbot
2024-10-22 8:53 ` Edward Adam Davis
2024-10-22 9:11 ` syzbot
2024-10-27 9:33 ` Thomas Gleixner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).