* WARNING in print_bfs_bug @ 2019-10-29 8:36 syzbot 2019-10-31 20:39 ` syzbot 2019-11-01 1:02 ` syzbot 0 siblings, 2 replies; 5+ messages in thread From: syzbot @ 2019-10-29 8:36 UTC (permalink / raw) To: ast, bpf, daniel, davem, dsahern, f.fainelli, hawk, idosch, jakub.kicinski, jiri, johannes.berg, john.fastabend, kafai, linux-kernel, mkubecek, netdev, petrm, roopa, songliubraving, syzkaller-bugs, yhs Hello, syzbot found the following crash on: HEAD commit: 65921376 Merge branch 'net-fix-nested-device-bugs' git tree: net console output: https://syzkaller.appspot.com/x/log.txt?x=13ee0a97600000 kernel config: https://syzkaller.appspot.com/x/.config?x=e0ac4d9b35046343 dashboard link: https://syzkaller.appspot.com/bug?extid=62ebe501c1ce9a91f68c compiler: gcc (GCC) 9.0.0 20181231 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+62ebe501c1ce9a91f68c@syzkaller.appspotmail.com ------------[ cut here ]------------ lockdep bfs error:-1 WARNING: CPU: 0 PID: 27915 at kernel/locking/lockdep.c:1696 print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 27915 Comm: syz-executor.1 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 panic+0x2e3/0x75c kernel/panic.c:221 __warn.cold+0x2f/0x35 kernel/panic.c:582 report_bug+0x289/0x300 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:179 [inline] fixup_bug arch/x86/kernel/traps.c:174 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1028 RIP: 0010:print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 Code: 07 00 74 2d 48 c7 c7 00 5f aa 8a c6 07 00 0f 1f 40 00 85 db 75 05 5b 41 5c 5d c3 44 89 e6 48 c7 c7 e0 17 ac 87 e8 cc e0 eb ff <0f> 0b 5b 41 5c 5d c3 0f 0b 48 c7 c7 d8 1f f3 88 e8 bf fc 55 00 eb RSP: 0018:ffff88801a307688 EFLAGS: 00010082 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 00000000000135ee RSI: ffffffff815cb646 RDI: ffffed1003460ec3 RBP: ffff88801a307698 R08: ffff88809b026340 R09: ffffed1015d04101 R10: ffffed1015d04100 R11: ffff8880ae820807 R12: 00000000ffffffff R13: ffff88809b026bd8 R14: ffff88801a307710 R15: 00000000000003b0 check_path+0x36/0x40 kernel/locking/lockdep.c:1772 check_noncircular+0x16d/0x3e0 kernel/locking/lockdep.c:1797 check_prev_add kernel/locking/lockdep.c:2476 [inline] check_prevs_add kernel/locking/lockdep.c:2581 [inline] validate_chain kernel/locking/lockdep.c:2971 [inline] __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 __mutex_lock_common kernel/locking/mutex.c:956 [inline] __mutex_lock+0x156/0x13c0 kernel/locking/mutex.c:1103 mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1118 rtnl_lock+0x17/0x20 net/core/rtnetlink.c:72 vlan_ioctl_handler+0xd2/0xf93 net/8021q/vlan.c:554 sock_ioctl+0x518/0x790 net/socket.c:1147 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:509 [inline] do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696 ksys_ioctl+0xab/0xd0 fs/ioctl.c:713 __do_sys_ioctl fs/ioctl.c:720 [inline] __se_sys_ioctl fs/ioctl.c:718 [inline] __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459f39 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f81d8fbec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459f39 RDX: 0000000020000000 RSI: 0800000000008982 RDI: 0000000000000003 RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f81d8fbf6d4 R13: 00000000004c1521 R14: 00000000004d4dc0 R15: 00000000ffffffff Kernel Offset: disabled Rebooting in 86400 seconds.. --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in print_bfs_bug 2019-10-29 8:36 WARNING in print_bfs_bug syzbot @ 2019-10-31 20:39 ` syzbot 2020-09-27 8:57 ` Dmitry Vyukov 2019-11-01 1:02 ` syzbot 1 sibling, 1 reply; 5+ messages in thread From: syzbot @ 2019-10-31 20:39 UTC (permalink / raw) To: ast, bpf, daniel, davem, dsahern, f.fainelli, hawk, idosch, jakub.kicinski, jiri, johannes.berg, john.fastabend, kafai, kuznet, linux-kernel, mkubecek, netdev, petrm, roopa, songliubraving, syzkaller-bugs, yhs, yoshfuji syzbot has found a reproducer for the following crash on: HEAD commit: 49afce6d Add linux-next specific files for 20191031 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=11eea36ce00000 kernel config: https://syzkaller.appspot.com/x/.config?x=3c5f119b33031056 dashboard link: https://syzkaller.appspot.com/bug?extid=62ebe501c1ce9a91f68c compiler: gcc (GCC) 9.0.0 20181231 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c162f4e00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=131b5eb8e00000 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+62ebe501c1ce9a91f68c@syzkaller.appspotmail.com ------------[ cut here ]------------ lockdep bfs error:-1 WARNING: CPU: 0 PID: 12077 at kernel/locking/lockdep.c:1696 print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 12077 Comm: syz-executor941 Not tainted 5.4.0-rc5-next-20191031 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 panic+0x2e3/0x75c kernel/panic.c:221 __warn.cold+0x2f/0x35 kernel/panic.c:582 report_bug+0x289/0x300 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 Code: 07 00 74 2d 48 c7 c7 00 5f ac 8a c6 07 00 0f 1f 40 00 85 db 75 05 5b 41 5c 5d c3 44 89 e6 48 c7 c7 60 1e ac 87 e8 fc ba eb ff <0f> 0b 5b 41 5c 5d c3 0f 0b 48 c7 c7 58 23 f3 88 e8 1f 95 56 00 eb RSP: 0018:ffff88813c747288 EFLAGS: 00010082 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815d0816 RDI: ffffed10278e8e43 RBP: ffff88813c747298 R08: ffff8880935244c0 R09: fffffbfff11f41ed R10: fffffbfff11f41ec R11: ffffffff88fa0f63 R12: 00000000ffffffff R13: ffff888093524d88 R14: ffff88813c747310 R15: 00000000000000de check_path+0x36/0x40 kernel/locking/lockdep.c:1772 check_noncircular+0x16d/0x3e0 kernel/locking/lockdep.c:1797 check_prev_add kernel/locking/lockdep.c:2476 [inline] check_prevs_add kernel/locking/lockdep.c:2581 [inline] validate_chain kernel/locking/lockdep.c:2971 [inline] __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:343 [inline] igmp6_group_dropped+0x15b/0x8c0 net/ipv6/mcast.c:704 ipv6_mc_down+0x64/0xf0 net/ipv6/mcast.c:2541 ipv6_mc_destroy_dev+0x21/0x180 net/ipv6/mcast.c:2603 addrconf_ifdown+0xca2/0x1220 net/ipv6/addrconf.c:3842 addrconf_notify+0x5db/0x23b0 net/ipv6/addrconf.c:3633 notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 __raw_notifier_call_chain kernel/notifier.c:361 [inline] raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:368 call_netdevice_notifiers_info net/core/dev.c:1893 [inline] call_netdevice_notifiers_info+0xba/0x130 net/core/dev.c:1878 call_netdevice_notifiers_extack net/core/dev.c:1905 [inline] call_netdevice_notifiers net/core/dev.c:1919 [inline] rollback_registered_many+0x850/0x10d0 net/core/dev.c:8743 rollback_registered+0x109/0x1d0 net/core/dev.c:8788 register_netdevice+0xbac/0x1020 net/core/dev.c:9347 register_netdev+0x30/0x50 net/core/dev.c:9437 ip6gre_init_net+0x3ac/0x5f0 net/ipv6/ip6_gre.c:1582 ops_init+0xb3/0x420 net/core/net_namespace.c:137 setup_net+0x2d5/0x8b0 net/core/net_namespace.c:335 copy_net_ns+0x29e/0x520 net/core/net_namespace.c:476 create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:103 unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:202 ksys_unshare+0x444/0x980 kernel/fork.c:2889 __do_sys_unshare kernel/fork.c:2957 [inline] __se_sys_unshare kernel/fork.c:2955 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:2955 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4439c9 Code: Bad RIP value. RSP: 002b:00007ffc2b2cd878 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004439c9 RDX: 00000000004439c9 RSI: 0000000000000000 RDI: 000000006c060000 RBP: 0000000000000000 R08: 00000000004aaeff R09: 00000000004aaeff R10: 00000000004aaeff R11: 0000000000000246 R12: 0000000000000b5b R13: 00000000004047d0 R14: 0000000000000000 R15: 0000000000000000 ------------[ cut here ]------------ WARNING: CPU: 0 PID: 12077 at kernel/locking/mutex.c:1419 mutex_trylock+0x279/0x2f0 kernel/locking/mutex.c:1427 Modules linked in: CPU: 0 PID: 12077 Comm: syz-executor941 Not tainted 5.4.0-rc5-next-20191031 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:mutex_trylock+0x279/0x2f0 kernel/locking/mutex.c:1419 Code: c9 41 b8 01 00 00 00 31 c9 ba 01 00 00 00 31 f6 e8 3c b8 03 fa 58 48 8d 65 d8 b8 01 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b e9 0c fe ff ff 48 c7 c7 a0 a1 b0 8a 48 89 4d d0 e8 f0 78 59 RSP: 0018:ffff88813c746e48 EFLAGS: 00010006 RAX: 0000000080000403 RBX: 1ffff110278e8dd1 RCX: 0000000000000004 RDX: 0000000000000000 RSI: ffffffff816a6cf5 RDI: ffffffff88fc9fa0 RBP: ffff88813c746e78 R08: 0000000000000001 R09: fffffbfff11f4751 R10: fffffbfff11f4750 R11: ffffffff88fa3a83 R12: ffffffff8ab0a1a0 R13: 0000000000000000 R14: ffffffff8158bb00 R15: ffffffff88fc9fa0 FS: 00000000013d6940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000044399f CR3: 000000013c5bf000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __crash_kexec+0x91/0x200 kernel/kexec_core.c:948 panic+0x308/0x75c kernel/panic.c:241 __warn.cold+0x2f/0x35 kernel/panic.c:582 report_bug+0x289/0x300 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 Code: 07 00 74 2d 48 c7 c7 00 5f ac 8a c6 07 00 0f 1f 40 00 85 db 75 05 5b 41 5c 5d c3 44 89 e6 48 c7 c7 60 1e ac 87 e8 fc ba eb ff <0f> 0b 5b 41 5c 5d c3 0f 0b 48 c7 c7 58 23 f3 88 e8 1f 95 56 00 eb RSP: 0018:ffff88813c747288 EFLAGS: 00010082 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815d0816 RDI: ffffed10278e8e43 RBP: ffff88813c747298 R08: ffff8880935244c0 R09: fffffbfff11f41ed R10: fffffbfff11f41ec R11: ffffffff88fa0f63 R12: 00000000ffffffff R13: ffff888093524d88 R14: ffff88813c747310 R15: 00000000000000de check_path+0x36/0x40 kernel/locking/lockdep.c:1772 check_noncircular+0x16d/0x3e0 kernel/locking/lockdep.c:1797 check_prev_add kernel/locking/lockdep.c:2476 [inline] check_prevs_add kernel/locking/lockdep.c:2581 [inline] validate_chain kernel/locking/lockdep.c:2971 [inline] __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:343 [inline] igmp6_group_dropped+0x15b/0x8c0 net/ipv6/mcast.c:704 ipv6_mc_down+0x64/0xf0 net/ipv6/mcast.c:2541 ipv6_mc_destroy_dev+0x21/0x180 net/ipv6/mcast.c:2603 addrconf_ifdown+0xca2/0x1220 net/ipv6/addrconf.c:3842 addrconf_notify+0x5db/0x23b0 net/ipv6/addrconf.c:3633 notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 __raw_notifier_call_chain kernel/notifier.c:361 [inline] raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:368 call_netdevice_notifiers_info net/core/dev.c:1893 [inline] call_netdevice_notifiers_info+0xba/0x130 net/core/dev.c:1878 call_netdevice_notifiers_extack net/core/dev.c:1905 [inline] call_netdevice_notifiers net/core/dev.c:1919 [inline] rollback_registered_many+0x850/0x10d0 net/core/dev.c:8743 rollback_registered+0x109/0x1d0 net/core/dev.c:8788 register_netdevice+0xbac/0x1020 net/core/dev.c:9347 register_netdev+0x30/0x50 net/core/dev.c:9437 ip6gre_init_net+0x3ac/0x5f0 net/ipv6/ip6_gre.c:1582 ops_init+0xb3/0x420 net/core/net_namespace.c:137 setup_net+0x2d5/0x8b0 net/core/net_namespace.c:335 copy_net_ns+0x29e/0x520 net/core/net_namespace.c:476 create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:103 unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:202 ksys_unshare+0x444/0x980 kernel/fork.c:2889 __do_sys_unshare kernel/fork.c:2957 [inline] __se_sys_unshare kernel/fork.c:2955 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:2955 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4439c9 Code: Bad RIP value. RSP: 002b:00007ffc2b2cd878 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004439c9 RDX: 00000000004439c9 RSI: 0000000000000000 RDI: 000000006c060000 RBP: 0000000000000000 R08: 00000000004aaeff R09: 00000000004aaeff R10: 00000000004aaeff R11: 0000000000000246 R12: 0000000000000b5b R13: 00000000004047d0 R14: 0000000000000000 R15: 0000000000000000 irq event stamp: 149354 hardirqs last enabled at (149353): [<ffffffff8146110a>] __local_bh_enable_ip+0x15a/0x270 kernel/softirq.c:194 hardirqs last disabled at (149351): [<ffffffff814610ca>] __local_bh_enable_ip+0x11a/0x270 kernel/softirq.c:171 softirqs last enabled at (149352): [<ffffffff864ee3d4>] ipv6_ac_destroy_dev+0x144/0x1b0 net/ipv6/anycast.c:402 softirqs last disabled at (149354): [<ffffffff865cbc13>] ipv6_mc_down+0x23/0xf0 net/ipv6/mcast.c:2538 ---[ end trace c8d5cabde4ea777a ]--- ------------[ cut here ]------------ WARNING: CPU: 0 PID: 12077 at kernel/locking/mutex.c:737 mutex_unlock+0x1d/0x30 kernel/locking/mutex.c:744 Modules linked in: CPU: 0 PID: 12077 Comm: syz-executor941 Tainted: G W 5.4.0-rc5-next-20191031 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:mutex_unlock+0x1d/0x30 kernel/locking/mutex.c:737 Code: 4c 89 ff e8 45 84 59 fa e9 8c fb ff ff 55 65 8b 05 80 31 ac 78 a9 00 ff 1f 00 48 89 e5 75 0b 48 8b 75 08 e8 45 f9 ff ff 5d c3 <0f> 0b 48 8b 75 08 e8 38 f9 ff ff 5d c3 66 0f 1f 44 00 00 48 b8 00 RSP: 0018:ffff88813c746e78 EFLAGS: 00010006 RAX: 0000000080000403 RBX: 1ffff110278e8dd1 RCX: ffffffff816a6d0d RDX: 0000000000000000 RSI: ffffffff816a6d6f RDI: ffffffff88fc9fa0 RBP: ffff88813c746e78 R08: ffff8880935244c0 R09: 0000000000000000 R10: fffffbfff11f93f4 R11: ffffffff88fc9fa7 R12: 0000000000000001 R13: 0000000000000000 R14: ffffffff8158bb00 R15: 00000000000006a0 FS: 00000000013d6940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000044399f CR3: 000000013c5bf000 CR4: 00000000001406f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __crash_kexec+0x10b/0x200 kernel/kexec_core.c:957 panic+0x308/0x75c kernel/panic.c:241 __warn.cold+0x2f/0x35 kernel/panic.c:582 report_bug+0x289/0x300 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 Code: 07 00 74 2d 48 c7 c7 00 5f ac 8a c6 07 00 0f 1f 40 00 85 db 75 05 5b 41 5c 5d c3 44 89 e6 48 c7 c7 60 1e ac 87 e8 fc ba eb ff <0f> 0b 5b 41 5c 5d c3 0f 0b 48 c7 c7 58 23 f3 88 e8 1f 95 56 00 eb RSP: 0018:ffff88813c747288 EFLAGS: 00010082 RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815d0816 RDI: ffffed10278e8e43 RBP: ffff88813c747298 R08: ffff8880935244c0 R09: fffffbfff11f41ed R10: fffffbfff11f41ec R11: ffffffff88fa0f63 R12: 00000000ffffffff R13: ffff888093524d88 R14: ffff88813c747310 R15: 00000000000000de check_path+0x36/0x40 kernel/locking/lockdep.c:1772 check_noncircular+0x16d/0x3e0 kernel/locking/lockdep.c:1797 check_prev_add kernel/locking/lockdep.c:2476 [inline] check_prevs_add kernel/locking/lockdep.c:2581 [inline] validate_chain kernel/locking/lockdep.c:2971 [inline] __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175 spin_lock_bh include/linux/spinlock.h:343 [inline] igmp6_group_dropped+0x15b/0x8c0 net/ipv6/mcast.c:704 ipv6_mc_down+0x64/0xf0 net/ipv6/mcast.c:2541 ipv6_mc_destroy_dev+0x21/0x180 net/ipv6/mcast.c:2603 addrconf_ifdown+0xca2/0x1220 net/ipv6/addrconf.c:3842 addrconf_notify+0x5db/0x23b0 net/ipv6/addrconf.c:3633 notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 __raw_notifier_call_chain kernel/notifier.c:361 [inline] raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:368 call_netdevice_notifiers_info net/core/dev.c:1893 [inline] call_netdevice_notifiers_info+0xba/0x130 net/core/dev.c:1878 call_netdevice_notifiers_extack net/core/dev.c:1905 [inline] call_netdevice_notifiers net/core/dev.c:1919 [inline] rollback_registered_many+0x850/0x10d0 net/core/dev.c:8743 rollback_registered+0x109/0x1d0 net/core/dev.c:8788 register_netdevice+0xbac/0x1020 net/core/dev.c:9347 register_netdev+0x30/0x50 net/core/dev.c:9437 ip6gre_init_net+0x3ac/0x5f0 net/ipv6/ip6_gre.c:1582 ops_init+0xb3/0x420 net/core/net_namespace.c:137 setup_net+0x2d5/0x8b0 net/core/net_namespace.c:335 copy_net_ns+0x29e/0x520 net/core/net_namespace.c:476 create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:103 unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:202 ksys_unshare+0x444/0x980 kernel/fork.c:2889 __do_sys_unshare kernel/fork.c:2957 [inline] __se_sys_unshare kernel/fork.c:2955 [inline] __x64_sys_unshare+0x31/0x40 kernel/fork.c:2955 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4439c9 Code: Bad RIP value. RSP: 002b:00007ffc2b2cd878 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004439c9 RDX: 00000000004439c9 RSI: 0000000000000000 RDI: 000000006c060000 RBP: 0000000000000000 R08: 00000000004aaeff R09: 00000000004aaeff R10: 00000000004aaeff R11: 0000000000000246 R12: 0000000000000b5b R13: 00000000004047d0 R14: 0000000000000000 R15: 0000000000000000 irq event stamp: 149354 hardirqs last enabled at (149353): [<ffffffff8146110a>] __local_bh_enable_ip+0x15a/0x270 kernel/softirq.c:194 hardirqs last disabled at (149351): [<ffffffff814610ca>] __local_bh_enable_ip+0x11a/0x270 kernel/softirq.c:171 softirqs last enabled at (149352): [<ffffffff864ee3d4>] ipv6_ac_destroy_dev+0x144/0x1b0 net/ipv6/anycast.c:402 softirqs last disabled at (149354): [<ffffffff865cbc13>] ipv6_mc_down+0x23/0xf0 net/ipv6/mcast.c:2538 ---[ end trace c8d5cabde4ea777b ]--- Kernel Offset: disabled Rebooting in 86400 seconds.. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in print_bfs_bug 2019-10-31 20:39 ` syzbot @ 2020-09-27 8:57 ` Dmitry Vyukov 2020-09-28 7:56 ` Peter Zijlstra 0 siblings, 1 reply; 5+ messages in thread From: Dmitry Vyukov @ 2020-09-27 8:57 UTC (permalink / raw) To: syzbot, Peter Zijlstra, Ingo Molnar, Will Deacon Cc: Alexei Starovoitov, bpf, Daniel Borkmann, David Miller, David Ahern, Florian Fainelli, hawk, Ido Schimmel, Jakub Kicinski, Jiri Pirko, Johannes Berg, John Fastabend, Martin KaFai Lau, Alexey Kuznetsov, LKML, Michal Kubecek, netdev, petrm, Roopa Prabhu, Song Liu, syzkaller-bugs, Yonghong Song, Hideaki YOSHIFUJI, Tetsuo Handa On Thu, Oct 31, 2019 at 9:39 PM syzbot <syzbot+62ebe501c1ce9a91f68c@syzkaller.appspotmail.com> wrote: > > syzbot has found a reproducer for the following crash on: > > HEAD commit: 49afce6d Add linux-next specific files for 20191031 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=11eea36ce00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=3c5f119b33031056 > dashboard link: https://syzkaller.appspot.com/bug?extid=62ebe501c1ce9a91f68c > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c162f4e00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=131b5eb8e00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+62ebe501c1ce9a91f68c@syzkaller.appspotmail.com This is another LOCKDEP-related top crasher. syzkaller finds just this one (see below). I think we need to disable LOCKDEP temporary until this and other LOCKDEP issues are resolved. I've filed https://github.com/google/syzkaller/issues/2140 to track disabling/enabling. 2020/09/27 10:37:03 vm-12: crash: WARNING in print_bfs_bug 2020/09/27 10:37:04 VMs 33, executed 179314, corpus cover 286148, corpus signal 641880, max signal 648495, crashes 81, repro 0 2020/09/27 10:37:13 vm-19: crash: WARNING in print_bfs_bug 2020/09/27 10:37:14 VMs 34, executed 180675, corpus cover 286544, corpus signal 643551, max signal 650103, crashes 82, repro 0 2020/09/27 10:37:18 vm-0: crash: WARNING in print_bfs_bug 2020/09/27 10:37:19 vm-15: crash: WARNING in print_bfs_bug 2020/09/27 10:37:21 vm-10: crash: WARNING in print_bfs_bug 2020/09/27 10:37:23 vm-35: crash: WARNING in print_bfs_bug 2020/09/27 10:37:24 VMs 30, executed 181609, corpus cover 286707, corpus signal 644444, max signal 651199, crashes 86, repro 0 2020/09/27 10:37:27 vm-21: crash: WARNING in print_bfs_bug 2020/09/27 10:37:34 VMs 29, executed 182783, corpus cover 286926, corpus signal 645948, max signal 652593, crashes 88, repro 0 2020/09/27 10:37:44 VMs 29, executed 184015, corpus cover 287197, corpus signal 647205, max signal 653953, crashes 88, repro 0 2020/09/27 10:37:54 VMs 29, executed 185065, corpus cover 287474, corpus signal 648346, max signal 655028, crashes 88, repro 0 2020/09/27 10:38:06 VMs 30, executed 185678, corpus cover 287600, corpus signal 648876, max signal 655519, crashes 88, repro 0 2020/09/27 10:38:16 VMs 35, executed 187635, corpus cover 288154, corpus signal 652110, max signal 659120, crashes 88, repro 0 2020/09/27 10:38:19 vm-14: crash: WARNING in print_bfs_bug 2020/09/27 10:38:26 VMs 35, executed 189507, corpus cover 288492, corpus signal 654412, max signal 661260, crashes 89, repro 0 2020/09/27 10:38:36 VMs 35, executed 190825, corpus cover 288828, corpus signal 655751, max signal 662985, crashes 89, repro 0 2020/09/27 10:38:46 VMs 35, executed 191924, corpus cover 289050, corpus signal 657265, max signal 664188, crashes 89, repro 0 2020/09/27 10:38:50 vm-20: crash: WARNING in print_bfs_bug 2020/09/27 10:38:52 vm-26: crash: WARNING in print_bfs_bug 2020/09/27 10:38:53 vm-22: crash: WARNING in print_bfs_bug > ------------[ cut here ]------------ > lockdep bfs error:-1 > WARNING: CPU: 0 PID: 12077 at kernel/locking/lockdep.c:1696 > print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 > Kernel panic - not syncing: panic_on_warn set ... > CPU: 0 PID: 12077 Comm: syz-executor941 Not tainted 5.4.0-rc5-next-20191031 > #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:77 [inline] > dump_stack+0x172/0x1f0 lib/dump_stack.c:113 > panic+0x2e3/0x75c kernel/panic.c:221 > __warn.cold+0x2f/0x35 kernel/panic.c:582 > report_bug+0x289/0x300 lib/bug.c:195 > fixup_bug arch/x86/kernel/traps.c:174 [inline] > fixup_bug arch/x86/kernel/traps.c:169 [inline] > do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 > do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286 > invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 > RIP: 0010:print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 > Code: 07 00 74 2d 48 c7 c7 00 5f ac 8a c6 07 00 0f 1f 40 00 85 db 75 05 5b > 41 5c 5d c3 44 89 e6 48 c7 c7 60 1e ac 87 e8 fc ba eb ff <0f> 0b 5b 41 5c > 5d c3 0f 0b 48 c7 c7 58 23 f3 88 e8 1f 95 56 00 eb > RSP: 0018:ffff88813c747288 EFLAGS: 00010082 > RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 > RDX: 0000000000000000 RSI: ffffffff815d0816 RDI: ffffed10278e8e43 > RBP: ffff88813c747298 R08: ffff8880935244c0 R09: fffffbfff11f41ed > R10: fffffbfff11f41ec R11: ffffffff88fa0f63 R12: 00000000ffffffff > R13: ffff888093524d88 R14: ffff88813c747310 R15: 00000000000000de > check_path+0x36/0x40 kernel/locking/lockdep.c:1772 > check_noncircular+0x16d/0x3e0 kernel/locking/lockdep.c:1797 > check_prev_add kernel/locking/lockdep.c:2476 [inline] > check_prevs_add kernel/locking/lockdep.c:2581 [inline] > validate_chain kernel/locking/lockdep.c:2971 [inline] > __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 > lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 > __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] > _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175 > spin_lock_bh include/linux/spinlock.h:343 [inline] > igmp6_group_dropped+0x15b/0x8c0 net/ipv6/mcast.c:704 > ipv6_mc_down+0x64/0xf0 net/ipv6/mcast.c:2541 > ipv6_mc_destroy_dev+0x21/0x180 net/ipv6/mcast.c:2603 > addrconf_ifdown+0xca2/0x1220 net/ipv6/addrconf.c:3842 > addrconf_notify+0x5db/0x23b0 net/ipv6/addrconf.c:3633 > notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 > __raw_notifier_call_chain kernel/notifier.c:361 [inline] > raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:368 > call_netdevice_notifiers_info net/core/dev.c:1893 [inline] > call_netdevice_notifiers_info+0xba/0x130 net/core/dev.c:1878 > call_netdevice_notifiers_extack net/core/dev.c:1905 [inline] > call_netdevice_notifiers net/core/dev.c:1919 [inline] > rollback_registered_many+0x850/0x10d0 net/core/dev.c:8743 > rollback_registered+0x109/0x1d0 net/core/dev.c:8788 > register_netdevice+0xbac/0x1020 net/core/dev.c:9347 > register_netdev+0x30/0x50 net/core/dev.c:9437 > ip6gre_init_net+0x3ac/0x5f0 net/ipv6/ip6_gre.c:1582 > ops_init+0xb3/0x420 net/core/net_namespace.c:137 > setup_net+0x2d5/0x8b0 net/core/net_namespace.c:335 > copy_net_ns+0x29e/0x520 net/core/net_namespace.c:476 > create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:103 > unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:202 > ksys_unshare+0x444/0x980 kernel/fork.c:2889 > __do_sys_unshare kernel/fork.c:2957 [inline] > __se_sys_unshare kernel/fork.c:2955 [inline] > __x64_sys_unshare+0x31/0x40 kernel/fork.c:2955 > do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x4439c9 > Code: Bad RIP value. > RSP: 002b:00007ffc2b2cd878 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004439c9 > RDX: 00000000004439c9 RSI: 0000000000000000 RDI: 000000006c060000 > RBP: 0000000000000000 R08: 00000000004aaeff R09: 00000000004aaeff > R10: 00000000004aaeff R11: 0000000000000246 R12: 0000000000000b5b > R13: 00000000004047d0 R14: 0000000000000000 R15: 0000000000000000 > ------------[ cut here ]------------ > WARNING: CPU: 0 PID: 12077 at kernel/locking/mutex.c:1419 > mutex_trylock+0x279/0x2f0 kernel/locking/mutex.c:1427 > Modules linked in: > CPU: 0 PID: 12077 Comm: syz-executor941 Not tainted 5.4.0-rc5-next-20191031 > #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:mutex_trylock+0x279/0x2f0 kernel/locking/mutex.c:1419 > Code: c9 41 b8 01 00 00 00 31 c9 ba 01 00 00 00 31 f6 e8 3c b8 03 fa 58 48 > 8d 65 d8 b8 01 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b e9 0c fe > ff ff 48 c7 c7 a0 a1 b0 8a 48 89 4d d0 e8 f0 78 59 > RSP: 0018:ffff88813c746e48 EFLAGS: 00010006 > RAX: 0000000080000403 RBX: 1ffff110278e8dd1 RCX: 0000000000000004 > RDX: 0000000000000000 RSI: ffffffff816a6cf5 RDI: ffffffff88fc9fa0 > RBP: ffff88813c746e78 R08: 0000000000000001 R09: fffffbfff11f4751 > R10: fffffbfff11f4750 R11: ffffffff88fa3a83 R12: ffffffff8ab0a1a0 > R13: 0000000000000000 R14: ffffffff8158bb00 R15: ffffffff88fc9fa0 > FS: 00000000013d6940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000000000044399f CR3: 000000013c5bf000 CR4: 00000000001406f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > __crash_kexec+0x91/0x200 kernel/kexec_core.c:948 > panic+0x308/0x75c kernel/panic.c:241 > __warn.cold+0x2f/0x35 kernel/panic.c:582 > report_bug+0x289/0x300 lib/bug.c:195 > fixup_bug arch/x86/kernel/traps.c:174 [inline] > fixup_bug arch/x86/kernel/traps.c:169 [inline] > do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 > do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286 > invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 > RIP: 0010:print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 > Code: 07 00 74 2d 48 c7 c7 00 5f ac 8a c6 07 00 0f 1f 40 00 85 db 75 05 5b > 41 5c 5d c3 44 89 e6 48 c7 c7 60 1e ac 87 e8 fc ba eb ff <0f> 0b 5b 41 5c > 5d c3 0f 0b 48 c7 c7 58 23 f3 88 e8 1f 95 56 00 eb > RSP: 0018:ffff88813c747288 EFLAGS: 00010082 > RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 > RDX: 0000000000000000 RSI: ffffffff815d0816 RDI: ffffed10278e8e43 > RBP: ffff88813c747298 R08: ffff8880935244c0 R09: fffffbfff11f41ed > R10: fffffbfff11f41ec R11: ffffffff88fa0f63 R12: 00000000ffffffff > R13: ffff888093524d88 R14: ffff88813c747310 R15: 00000000000000de > check_path+0x36/0x40 kernel/locking/lockdep.c:1772 > check_noncircular+0x16d/0x3e0 kernel/locking/lockdep.c:1797 > check_prev_add kernel/locking/lockdep.c:2476 [inline] > check_prevs_add kernel/locking/lockdep.c:2581 [inline] > validate_chain kernel/locking/lockdep.c:2971 [inline] > __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 > lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 > __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] > _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175 > spin_lock_bh include/linux/spinlock.h:343 [inline] > igmp6_group_dropped+0x15b/0x8c0 net/ipv6/mcast.c:704 > ipv6_mc_down+0x64/0xf0 net/ipv6/mcast.c:2541 > ipv6_mc_destroy_dev+0x21/0x180 net/ipv6/mcast.c:2603 > addrconf_ifdown+0xca2/0x1220 net/ipv6/addrconf.c:3842 > addrconf_notify+0x5db/0x23b0 net/ipv6/addrconf.c:3633 > notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 > __raw_notifier_call_chain kernel/notifier.c:361 [inline] > raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:368 > call_netdevice_notifiers_info net/core/dev.c:1893 [inline] > call_netdevice_notifiers_info+0xba/0x130 net/core/dev.c:1878 > call_netdevice_notifiers_extack net/core/dev.c:1905 [inline] > call_netdevice_notifiers net/core/dev.c:1919 [inline] > rollback_registered_many+0x850/0x10d0 net/core/dev.c:8743 > rollback_registered+0x109/0x1d0 net/core/dev.c:8788 > register_netdevice+0xbac/0x1020 net/core/dev.c:9347 > register_netdev+0x30/0x50 net/core/dev.c:9437 > ip6gre_init_net+0x3ac/0x5f0 net/ipv6/ip6_gre.c:1582 > ops_init+0xb3/0x420 net/core/net_namespace.c:137 > setup_net+0x2d5/0x8b0 net/core/net_namespace.c:335 > copy_net_ns+0x29e/0x520 net/core/net_namespace.c:476 > create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:103 > unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:202 > ksys_unshare+0x444/0x980 kernel/fork.c:2889 > __do_sys_unshare kernel/fork.c:2957 [inline] > __se_sys_unshare kernel/fork.c:2955 [inline] > __x64_sys_unshare+0x31/0x40 kernel/fork.c:2955 > do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x4439c9 > Code: Bad RIP value. > RSP: 002b:00007ffc2b2cd878 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004439c9 > RDX: 00000000004439c9 RSI: 0000000000000000 RDI: 000000006c060000 > RBP: 0000000000000000 R08: 00000000004aaeff R09: 00000000004aaeff > R10: 00000000004aaeff R11: 0000000000000246 R12: 0000000000000b5b > R13: 00000000004047d0 R14: 0000000000000000 R15: 0000000000000000 > irq event stamp: 149354 > hardirqs last enabled at (149353): [<ffffffff8146110a>] > __local_bh_enable_ip+0x15a/0x270 kernel/softirq.c:194 > hardirqs last disabled at (149351): [<ffffffff814610ca>] > __local_bh_enable_ip+0x11a/0x270 kernel/softirq.c:171 > softirqs last enabled at (149352): [<ffffffff864ee3d4>] > ipv6_ac_destroy_dev+0x144/0x1b0 net/ipv6/anycast.c:402 > softirqs last disabled at (149354): [<ffffffff865cbc13>] > ipv6_mc_down+0x23/0xf0 net/ipv6/mcast.c:2538 > ---[ end trace c8d5cabde4ea777a ]--- > ------------[ cut here ]------------ > WARNING: CPU: 0 PID: 12077 at kernel/locking/mutex.c:737 > mutex_unlock+0x1d/0x30 kernel/locking/mutex.c:744 > Modules linked in: > CPU: 0 PID: 12077 Comm: syz-executor941 Tainted: G W > 5.4.0-rc5-next-20191031 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:mutex_unlock+0x1d/0x30 kernel/locking/mutex.c:737 > Code: 4c 89 ff e8 45 84 59 fa e9 8c fb ff ff 55 65 8b 05 80 31 ac 78 a9 00 > ff 1f 00 48 89 e5 75 0b 48 8b 75 08 e8 45 f9 ff ff 5d c3 <0f> 0b 48 8b 75 > 08 e8 38 f9 ff ff 5d c3 66 0f 1f 44 00 00 48 b8 00 > RSP: 0018:ffff88813c746e78 EFLAGS: 00010006 > RAX: 0000000080000403 RBX: 1ffff110278e8dd1 RCX: ffffffff816a6d0d > RDX: 0000000000000000 RSI: ffffffff816a6d6f RDI: ffffffff88fc9fa0 > RBP: ffff88813c746e78 R08: ffff8880935244c0 R09: 0000000000000000 > R10: fffffbfff11f93f4 R11: ffffffff88fc9fa7 R12: 0000000000000001 > R13: 0000000000000000 R14: ffffffff8158bb00 R15: 00000000000006a0 > FS: 00000000013d6940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000000000044399f CR3: 000000013c5bf000 CR4: 00000000001406f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > __crash_kexec+0x10b/0x200 kernel/kexec_core.c:957 > panic+0x308/0x75c kernel/panic.c:241 > __warn.cold+0x2f/0x35 kernel/panic.c:582 > report_bug+0x289/0x300 lib/bug.c:195 > fixup_bug arch/x86/kernel/traps.c:174 [inline] > fixup_bug arch/x86/kernel/traps.c:169 [inline] > do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 > do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286 > invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 > RIP: 0010:print_bfs_bug+0x5c/0x80 kernel/locking/lockdep.c:1696 > Code: 07 00 74 2d 48 c7 c7 00 5f ac 8a c6 07 00 0f 1f 40 00 85 db 75 05 5b > 41 5c 5d c3 44 89 e6 48 c7 c7 60 1e ac 87 e8 fc ba eb ff <0f> 0b 5b 41 5c > 5d c3 0f 0b 48 c7 c7 58 23 f3 88 e8 1f 95 56 00 eb > RSP: 0018:ffff88813c747288 EFLAGS: 00010082 > RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 > RDX: 0000000000000000 RSI: ffffffff815d0816 RDI: ffffed10278e8e43 > RBP: ffff88813c747298 R08: ffff8880935244c0 R09: fffffbfff11f41ed > R10: fffffbfff11f41ec R11: ffffffff88fa0f63 R12: 00000000ffffffff > R13: ffff888093524d88 R14: ffff88813c747310 R15: 00000000000000de > check_path+0x36/0x40 kernel/locking/lockdep.c:1772 > check_noncircular+0x16d/0x3e0 kernel/locking/lockdep.c:1797 > check_prev_add kernel/locking/lockdep.c:2476 [inline] > check_prevs_add kernel/locking/lockdep.c:2581 [inline] > validate_chain kernel/locking/lockdep.c:2971 [inline] > __lock_acquire+0x2596/0x4a00 kernel/locking/lockdep.c:3955 > lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4487 > __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] > _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175 > spin_lock_bh include/linux/spinlock.h:343 [inline] > igmp6_group_dropped+0x15b/0x8c0 net/ipv6/mcast.c:704 > ipv6_mc_down+0x64/0xf0 net/ipv6/mcast.c:2541 > ipv6_mc_destroy_dev+0x21/0x180 net/ipv6/mcast.c:2603 > addrconf_ifdown+0xca2/0x1220 net/ipv6/addrconf.c:3842 > addrconf_notify+0x5db/0x23b0 net/ipv6/addrconf.c:3633 > notifier_call_chain+0xc2/0x230 kernel/notifier.c:83 > __raw_notifier_call_chain kernel/notifier.c:361 [inline] > raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:368 > call_netdevice_notifiers_info net/core/dev.c:1893 [inline] > call_netdevice_notifiers_info+0xba/0x130 net/core/dev.c:1878 > call_netdevice_notifiers_extack net/core/dev.c:1905 [inline] > call_netdevice_notifiers net/core/dev.c:1919 [inline] > rollback_registered_many+0x850/0x10d0 net/core/dev.c:8743 > rollback_registered+0x109/0x1d0 net/core/dev.c:8788 > register_netdevice+0xbac/0x1020 net/core/dev.c:9347 > register_netdev+0x30/0x50 net/core/dev.c:9437 > ip6gre_init_net+0x3ac/0x5f0 net/ipv6/ip6_gre.c:1582 > ops_init+0xb3/0x420 net/core/net_namespace.c:137 > setup_net+0x2d5/0x8b0 net/core/net_namespace.c:335 > copy_net_ns+0x29e/0x520 net/core/net_namespace.c:476 > create_new_namespaces+0x400/0x7b0 kernel/nsproxy.c:103 > unshare_nsproxy_namespaces+0xc2/0x200 kernel/nsproxy.c:202 > ksys_unshare+0x444/0x980 kernel/fork.c:2889 > __do_sys_unshare kernel/fork.c:2957 [inline] > __se_sys_unshare kernel/fork.c:2955 [inline] > __x64_sys_unshare+0x31/0x40 kernel/fork.c:2955 > do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x4439c9 > Code: Bad RIP value. > RSP: 002b:00007ffc2b2cd878 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004439c9 > RDX: 00000000004439c9 RSI: 0000000000000000 RDI: 000000006c060000 > RBP: 0000000000000000 R08: 00000000004aaeff R09: 00000000004aaeff > R10: 00000000004aaeff R11: 0000000000000246 R12: 0000000000000b5b > R13: 00000000004047d0 R14: 0000000000000000 R15: 0000000000000000 > irq event stamp: 149354 > hardirqs last enabled at (149353): [<ffffffff8146110a>] > __local_bh_enable_ip+0x15a/0x270 kernel/softirq.c:194 > hardirqs last disabled at (149351): [<ffffffff814610ca>] > __local_bh_enable_ip+0x11a/0x270 kernel/softirq.c:171 > softirqs last enabled at (149352): [<ffffffff864ee3d4>] > ipv6_ac_destroy_dev+0x144/0x1b0 net/ipv6/anycast.c:402 > softirqs last disabled at (149354): [<ffffffff865cbc13>] > ipv6_mc_down+0x23/0xf0 net/ipv6/mcast.c:2538 > ---[ end trace c8d5cabde4ea777b ]--- > Kernel Offset: disabled > Rebooting in 86400 seconds.. > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/000000000000568a9105963ad7ac%40google.com. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in print_bfs_bug 2020-09-27 8:57 ` Dmitry Vyukov @ 2020-09-28 7:56 ` Peter Zijlstra 0 siblings, 0 replies; 5+ messages in thread From: Peter Zijlstra @ 2020-09-28 7:56 UTC (permalink / raw) To: Dmitry Vyukov Cc: syzbot, Ingo Molnar, Will Deacon, Alexei Starovoitov, bpf, Daniel Borkmann, David Miller, David Ahern, Florian Fainelli, hawk, Ido Schimmel, Jakub Kicinski, Jiri Pirko, Johannes Berg, John Fastabend, Martin KaFai Lau, Alexey Kuznetsov, LKML, Michal Kubecek, netdev, petrm, Roopa Prabhu, Song Liu, syzkaller-bugs, Yonghong Song, Hideaki YOSHIFUJI, Tetsuo Handa, Boqun Feng On Sun, Sep 27, 2020 at 10:57:24AM +0200, Dmitry Vyukov wrote: > On Thu, Oct 31, 2019 at 9:39 PM syzbot > <syzbot+62ebe501c1ce9a91f68c@syzkaller.appspotmail.com> wrote: > > > > syzbot has found a reproducer for the following crash on: > > > > HEAD commit: 49afce6d Add linux-next specific files for 20191031 > > git tree: linux-next > > console output: https://syzkaller.appspot.com/x/log.txt?x=11eea36ce00000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=3c5f119b33031056 > > dashboard link: https://syzkaller.appspot.com/bug?extid=62ebe501c1ce9a91f68c > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c162f4e00000 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=131b5eb8e00000 > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+62ebe501c1ce9a91f68c@syzkaller.appspotmail.com > > This is another LOCKDEP-related top crasher. syzkaller finds just this > one (see below). > I think we need to disable LOCKDEP temporary until this and other > LOCKDEP issues are resolved. I've filed > https://github.com/google/syzkaller/issues/2140 to track > disabling/enabling. There is a potential patch for it: https://lkml.kernel.org/r/20200917080210.108095-1-boqun.feng@gmail.com Let me try and digest it. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: WARNING in print_bfs_bug 2019-10-29 8:36 WARNING in print_bfs_bug syzbot 2019-10-31 20:39 ` syzbot @ 2019-11-01 1:02 ` syzbot 1 sibling, 0 replies; 5+ messages in thread From: syzbot @ 2019-11-01 1:02 UTC (permalink / raw) To: akpm, ast, bpf, daniel, davem, dsahern, f.fainelli, hannes, hawk, hughd, idosch, jakub.kicinski, jglisse, jiri, johannes.berg, john.fastabend, kafai, kirill.shutemov, kuznet, linux-kernel, linux-mm, mkubecek, netdev, petrm, roopa, sfr, songliubraving, syzkaller-bugs, william.kucharski, willy, yhs, yoshfuji syzbot has bisected this bug to: commit 9c61acffe2b8833152041f7b6a02d1d0a17fd378 Author: Song Liu <songliubraving@fb.com> Date: Wed Oct 23 00:24:28 2019 +0000 mm,thp: recheck each page before collapsing file THP bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15be4e14e00000 start commit: 49afce6d Add linux-next specific files for 20191031 git tree: linux-next final crash: https://syzkaller.appspot.com/x/report.txt?x=17be4e14e00000 console output: https://syzkaller.appspot.com/x/log.txt?x=13be4e14e00000 kernel config: https://syzkaller.appspot.com/x/.config?x=3c5f119b33031056 dashboard link: https://syzkaller.appspot.com/bug?extid=62ebe501c1ce9a91f68c syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c162f4e00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=131b5eb8e00000 Reported-by: syzbot+62ebe501c1ce9a91f68c@syzkaller.appspotmail.com Fixes: 9c61acffe2b8 ("mm,thp: recheck each page before collapsing file THP") For information about bisection process see: https://goo.gl/tpsmEJ#bisection ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-09-28 7:56 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-10-29 8:36 WARNING in print_bfs_bug syzbot 2019-10-31 20:39 ` syzbot 2020-09-27 8:57 ` Dmitry Vyukov 2020-09-28 7:56 ` Peter Zijlstra 2019-11-01 1:02 ` syzbot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).