[PATCH] netdevsim: Fix task hung by releasing bus lock before device ops

[PATCH] netdevsim: Fix task hung by releasing bus lock before device ops

[Jiakai Xu]

The new_device_store and del_device_store sysfs handlers hold
nsim_bus_dev_list_lock across device_register() and device_unregister()
calls, which in turn acquire rtnl_lock and devl_lock. This creates
a lock hold-time inversion: while one thread holds nsim_bus_dev_list_lock
and waits for rtnl_lock (acquired during probe), all other threads
attempting new_device_store or del_device_store are blocked on
nsim_bus_dev_list_lock, and threads waiting for rtnl_lock are also
blocked.

Fix by:
1. Moving nsim_bus_dev_new() (which calls device_register()) outside
   the nsim_bus_dev_list_lock critical section in new_device_store
2. Releasing nsim_bus_dev_list_lock before calling nsim_bus_dev_del()
   (which calls device_unregister()) in del_device_store
3. Moving refcount_inc(&nsim_bus_devs) into nsim_bus_dev_new() before
   device_register(), so the refcount correctly accounts for the
   device even if the bus is being torn down concurrently

Signed-off-by: Jiakai Xu <xujiakai24@mails.ucas.ac.cn>
---
 drivers/net/netdevsim/bus.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/drivers/net/netdevsim/bus.c b/drivers/net/netdevsim/bus.c
index 41483e371f05..0e15c8605997 100644
--- a/drivers/net/netdevsim/bus.c
+++ b/drivers/net/netdevsim/bus.c
@@ -181,20 +181,18 @@ new_device_store(const struct bus_type *bus, const char *buf, size_t count)
 		return -EINVAL;
 	}
 
+	nsim_bus_dev = nsim_bus_dev_new(id, port_count, num_queues);
+	if (IS_ERR(nsim_bus_dev))
+		return PTR_ERR(nsim_bus_dev);
+
 	mutex_lock(&nsim_bus_dev_list_lock);
 	/* Prevent to use resource before initialization. */
 	if (!smp_load_acquire(&nsim_bus_enable)) {
-		err = -EBUSY;
-		goto err;
-	}
-
-	nsim_bus_dev = nsim_bus_dev_new(id, port_count, num_queues);
-	if (IS_ERR(nsim_bus_dev)) {
-		err = PTR_ERR(nsim_bus_dev);
-		goto err;
+		mutex_unlock(&nsim_bus_dev_list_lock);
+		nsim_bus_dev_del(nsim_bus_dev);
+		return -EBUSY;
 	}
 
-	refcount_inc(&nsim_bus_devs);
 	/* Allow using nsim_bus_dev */
 	smp_store_release(&nsim_bus_dev->init, true);
 
@@ -202,9 +200,6 @@ new_device_store(const struct bus_type *bus, const char *buf, size_t count)
 	mutex_unlock(&nsim_bus_dev_list_lock);
 
 	return count;
-err:
-	mutex_unlock(&nsim_bus_dev_list_lock);
-	return err;
 }
 static BUS_ATTR_WO(new_device);
 
@@ -241,9 +236,9 @@ del_device_store(const struct bus_type *bus, const char *buf, size_t count)
 		if (nsim_bus_dev->dev.id != id)
 			continue;
 		list_del(&nsim_bus_dev->list);
+		mutex_unlock(&nsim_bus_dev_list_lock);
 		nsim_bus_dev_del(nsim_bus_dev);
-		err = 0;
-		break;
+		return count;
 	}
 	mutex_unlock(&nsim_bus_dev_list_lock);
 	return !err ? count : err;
@@ -468,6 +463,11 @@ nsim_bus_dev_new(unsigned int id, unsigned int port_count, unsigned int num_queu
 	/* Disallow using nsim_bus_dev */
 	smp_store_release(&nsim_bus_dev->init, false);
 
+	/* Increment refcount before device_register() so that the device
+	 * is accounted for even if the bus is being torn down concurrently.
+	 */
+	refcount_inc(&nsim_bus_devs);
+
 	err = device_register(&nsim_bus_dev->dev);
 	if (err)
 		goto err_nsim_bus_dev_id_free;
-- 
2.34.1

Re: [PATCH] netdevsim: Fix task hung by releasing bus lock before device ops

[Jiakai Xu]

I found this issue through fuzzing.

Here is the full crash report produced by the fuzzer:

INFO: task syz-executor:15504 blocked for more than 424 seconds.
      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15504 tgid:15504 ppid:1      task_flags:0x400140 flags:0x00000002
Call Trace:
[<ffffffff867069b0>] context_switch kernel/sched/core.c:5387 [inline]
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c kernel/sched/core.c:7188
[<ffffffff8670a182>] __schedule_loop kernel/sched/core.c:7267 [inline]
[<ffffffff8670a182>] schedule+0xc4/0x35e kernel/sched/core.c:7282
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28 kernel/sched/core.c:7339
[<ffffffff86712a14>] __mutex_lock_common kernel/locking/mutex.c:726 [inline]
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e kernel/locking/mutex.c:820
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:873
[<ffffffff839164cc>] new_device_store+0x10a/0x6c2 drivers/net/netdevsim/bus.c:184
[<ffffffff82d41b12>] bus_attr_store+0x6a/0x9e drivers/base/bus.c:172
[<ffffffff80fb8126>] sysfs_kf_write+0xc2/0x11c fs/sysfs/file.c:142
[<ffffffff80fb17fc>] kernfs_fop_write_iter+0x32a/0x4c8 fs/kernfs/file.c:352
[<ffffffff80ceb5c8>] new_sync_write fs/read_write.c:595 [inline]
[<ffffffff80ceb5c8>] vfs_write+0x776/0xc9e fs/read_write.c:688
[<ffffffff80cebeea>] ksys_write+0x126/0x234 fs/read_write.c:740
[<ffffffff80cec066>] __do_sys_write fs/read_write.c:751 [inline]
[<ffffffff80cec066>] __se_sys_write fs/read_write.c:748 [inline]
[<ffffffff80cec066>] __riscv_sys_write+0x6e/0xa0 fs/read_write.c:748
[<ffffffff80078fb2>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:112
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de arch/riscv/kernel/traps.c:342
[<ffffffff867267f6>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
INFO: task syz-executor:15582 blocked for more than 433 seconds.
      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15582 tgid:15582 ppid:15557  task_flags:0x400140 flags:0x00000000
Call Trace:
[<ffffffff867069b0>] context_switch kernel/sched/core.c:5387 [inline]
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c kernel/sched/core.c:7188
[<ffffffff8670a182>] __schedule_loop kernel/sched/core.c:7267 [inline]
[<ffffffff8670a182>] schedule+0xc4/0x35e kernel/sched/core.c:7282
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28 kernel/sched/core.c:7339
[<ffffffff86712a14>] __mutex_lock_common kernel/locking/mutex.c:726 [inline]
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e kernel/locking/mutex.c:820
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:873
[<ffffffff83915a5e>] del_device_store+0xf0/0x48c drivers/net/netdevsim/bus.c:234
[<ffffffff82d41b12>] bus_attr_store+0x6a/0x9e drivers/base/bus.c:172
[<ffffffff80fb8126>] sysfs_kf_write+0xc2/0x11c fs/sysfs/file.c:142
[<ffffffff80fb17fc>] kernfs_fop_write_iter+0x32a/0x4c8 fs/kernfs/file.c:352
[<ffffffff80ceb5c8>] new_sync_write fs/read_write.c:595 [inline]
[<ffffffff80ceb5c8>] vfs_write+0x776/0xc9e fs/read_write.c:688
[<ffffffff80cebeea>] ksys_write+0x126/0x234 fs/read_write.c:740
[<ffffffff80cec066>] __do_sys_write fs/read_write.c:751 [inline]
[<ffffffff80cec066>] __se_sys_write fs/read_write.c:748 [inline]
[<ffffffff80cec066>] __riscv_sys_write+0x6e/0xa0 fs/read_write.c:748
[<ffffffff80078fb2>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:112
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de arch/riscv/kernel/traps.c:342
[<ffffffff867267f6>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
INFO: task syz-executor:15597 blocked for more than 422 seconds.
      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15597 tgid:15597 ppid:15595  task_flags:0x400140 flags:0x00000000
Call Trace:
[<ffffffff867069b0>] context_switch kernel/sched/core.c:5387 [inline]
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c kernel/sched/core.c:7188
[<ffffffff8670a182>] __schedule_loop kernel/sched/core.c:7267 [inline]
[<ffffffff8670a182>] schedule+0xc4/0x35e kernel/sched/core.c:7282
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28 kernel/sched/core.c:7339
[<ffffffff86712a14>] __mutex_lock_common kernel/locking/mutex.c:726 [inline]
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e kernel/locking/mutex.c:820
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c kernel/locking/mutex.c:873
[<ffffffff8549fd26>] rtnl_lock net/core/rtnetlink.c:80 [inline]
[<ffffffff8549fd26>] rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
[<ffffffff8549fd26>] rtnl_newlink+0x64c/0x1dc6 net/core/rtnetlink.c:4108
[<ffffffff854a34e0>] rtnetlink_rcv_msg+0x9e2/0xdbe net/core/rtnetlink.c:6995
[<ffffffff858203ca>] netlink_rcv_skb+0x206/0x3be net/netlink/af_netlink.c:2550
[<ffffffff8548fe9a>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:7022
[<ffffffff8581e6a8>] netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
[<ffffffff8581e6a8>] netlink_unicast+0x52a/0x888 net/netlink/af_netlink.c:1344
[<ffffffff8581f386>] netlink_sendmsg+0x980/0xd8a net/netlink/af_netlink.c:1894
[<ffffffff85365c18>] sock_sendmsg_nosec net/socket.c:787 [inline]
[<ffffffff85365c18>] __sock_sendmsg+0xcc/0x162 net/socket.c:802
[<ffffffff8536f6a0>] __sys_sendto+0x27a/0x34e net/socket.c:2265
[<ffffffff8536f834>] __do_sys_sendto net/socket.c:2272 [inline]
[<ffffffff8536f834>] __se_sys_sendto net/socket.c:2268 [inline]
[<ffffffff8536f834>] __riscv_sys_sendto+0xc0/0x158 net/socket.c:2268
[<ffffffff80078fb2>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:112
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de arch/riscv/kernel/traps.c:342
[<ffffffff867267f6>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232

Showing all locks held in the system:
1 lock held by khungtaskd/43:
 #0: ffffffff889e8f60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2a/0x1a0 kernel/locking/lockdep.c:6771
3 locks held by kworker/u16:7/950:
 #0: ff60000080134140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x886/0x21ba kernel/workqueue.c:3277
 #1: ff20000003057b50 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x21ba kernel/workqueue.c:3277
 #2: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a net/core/rtnetlink.c:80
2 locks held by syslogd/3051:
2 locks held by getty/3104:
 #0: ff600000926110a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 drivers/tty/tty_ldsem.c:340
 #1: ff200000000bb2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x3e4/0x12d6 drivers/tty/n_tty.c:2211
6 locks held by kworker/u16:3/3136:
2 locks held by syz-executor/3139:
3 locks held by kworker/u16:10/4765:
 #0: ff6000008d5a6140 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x886/0x21ba kernel/workqueue.c:3277
 #1: ff20000002377b50 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x21ba kernel/workqueue.c:3277
 #2: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a net/core/rtnetlink.c:80
7 locks held by syz-executor/15475:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: __sb_start_write include/linux/fs/super.h:19 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: sb_start_write include/linux/fs/super.h:125 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e fs/read_write.c:684
 #1: ff6000008d69bc80 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8 fs/kernfs/file.c:343
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8 fs/kernfs/file.c:344
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x10a/0x6c2 drivers/net/netdevsim/bus.c:184
 #4: ff600000b0c0b128 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:1040 [inline]
 #4: ff600000b0c0b128 (&dev->mutex){....}-{4:4}, at: __device_attach+0x8e/0x490 drivers/base/dd.c:1076
 #5: ff6000008e375258 (&devlink->lock_key#22){+.+.}-{4:4}, at: devl_lock+0x22/0x2c net/devlink/core.c:292
 #6: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a net/core/rtnetlink.c:80
4 locks held by syz-executor/15504:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: __sb_start_write include/linux/fs/super.h:19 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: sb_start_write include/linux/fs/super.h:125 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e fs/read_write.c:684
 #1: ff600000aa105480 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8 fs/kernfs/file.c:343
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8 fs/kernfs/file.c:344
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x10a/0x6c2 drivers/net/netdevsim/bus.c:184
4 locks held by syz-executor/15575:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: __sb_start_write include/linux/fs/super.h:19 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: sb_start_write include/linux/fs/super.h:125 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e fs/read_write.c:684
 #1: ff6000009624e880 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8 fs/kernfs/file.c:343
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8 fs/kernfs/file.c:344
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xf0/0x48c drivers/net/netdevsim/bus.c:234
4 locks held by syz-executor/15582:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: percpu_down_read_freezable include/linux/percpu-rwsem.h:83 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: __sb_start_write include/linux/fs/super.h:19 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: sb_start_write include/linux/fs/super.h:125 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: file_start_write include/linux/fs.h:2724 [inline]
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e fs/read_write.c:684
 #1: ff600000b1aba480 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8 fs/kernfs/file.c:343
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_get_active_of fs/kernfs/file.c:80 [inline]
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8 fs/kernfs/file.c:344
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xf0/0x48c drivers/net/netdevsim/bus.c:234
2 locks held by syz-executor/15597:
 #0: ffffffff896a4b48 (&ops->srcu){.+.+}-{0:0}, at: rtnl_link_ops_get+0xea/0x31c net/core/rtnetlink.c:573
 #1: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]
 #1: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock net/core/rtnetlink.c:341 [inline]
 #1: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x64c/0x1dc6 net/core/rtnetlink.c:4108
3 locks held by kworker/2:3/17058:
4 locks held by syz-executor/17064:
1 lock held by syz-executor/17066:
 #0: ffffffff88e31ad8 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_check_open_permission+0x144/0x3d6 security/tomoyo/file.c:766
2 locks held by syz-executor/17067:
1 lock held by syz-executor/17070:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 43 Comm: khungtaskd Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8007c91c>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:149
[<ffffffff800032ce>] show_stack+0x30/0x3c arch/riscv/kernel/stacktrace.c:155
[<ffffffff80060fbe>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff80060fbe>] dump_stack_lvl+0x12a/0x1a2 lib/dump_stack.c:120
[<ffffffff80061052>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff866ba6bc>] nmi_cpu_backtrace+0x3b0/0x3b2 lib/nmi_backtrace.c:113
[<ffffffff866ba974>] nmi_trigger_cpumask_backtrace+0x2b6/0x45a lib/nmi_backtrace.c:62
[<ffffffff8008aae0>] arch_trigger_cpumask_backtrace+0x2c/0x38 arch/riscv/kernel/smp.c:350
[<ffffffff866cee94>] trigger_all_cpu_backtrace include/linux/nmi.h:162 [inline]
[<ffffffff866cee94>] __sys_info lib/sys_info.c:157 [inline]
[<ffffffff866cee94>] sys_info+0x20c/0x24e lib/sys_info.c:165
[<ffffffff8053fe46>] check_hung_uninterruptible_tasks kernel/hung_task.c:353 [inline]
[<ffffffff8053fe46>] watchdog+0x920/0x137c kernel/hung_task.c:561
[<ffffffff801f7d58>] kthread+0x336/0x47e kernel/kthread.c:436
[<ffffffff8006a302>] ret_from_fork_kernel+0x94/0xfce arch/riscv/kernel/process.c:230
[<ffffffff86726926>] ret_from_fork_kernel_asm+0x16/0x18 arch/riscv/kernel/entry.S:363
Sending NMI from CPU 1 to CPUs 0,2-3:
NMI backtrace for cpu 2
CPU: 2 UID: 0 PID: 3139 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : mod_node_page_state+0x28/0x6a mm/vmstat.c:731
 ra : mod_node_page_state+0x58/0x6a mm/vmstat.c:730
epc : ffffffff809bb55e ra : ffffffff809bb58e sp : ff200000063a7600
 gp : ffffffff8a395420 tp : ff6000008b193580 t0 : ffebffff15c2c000
 t1 : 0000000000000001 t2 : 0000000000000000 s0 : ff200000063a7630
 s1 : 0000000000000002 a0 : 0000000000000002 a1 : 0000000000000000
 a2 : 0000000000000000 a3 : ffffffff8193bb24 a4 : 0000000000000001
 a5 : 0000000000000000 a6 : 0000000000000003 a7 : ffffffff80c62208
 s2 : ff600000fffe99c0 s3 : 0000000000000024 s4 : ffffffffffffffff
 s5 : 0000000000000000 s6 : 0000000000000007 s7 : ffebffff11077215
 s8 : 0000000000000160 s9 : ff1c000002b85800 s10: 1fec000011077215
 s11: ff600000883b9080 t3 : 4b952e4d00000000 t4 : 0000000000000000
 t5 : 0000000000000000 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff809bb55e>] arch_local_irq_restore arch/riscv/include/asm/irqflags.h:51 [inline]
[<ffffffff809bb55e>] mod_node_page_state+0x28/0x6a mm/vmstat.c:730
[<ffffffff80c623ae>] lruvec_stat_mod_folio+0x200/0x25a mm/memcontrol.c:979
[<ffffffff80addf62>] mod_lruvec_page_state include/linux/vmstat.h:528 [inline]
[<ffffffff80addf62>] vfree+0x272/0xca8 mm/vmalloc.c:3471
[<ffffffff8053dea8>] kcov_put kernel/kcov.c:442 [inline]
[<ffffffff8053dea8>] kcov_put kernel/kcov.c:438 [inline]
[<ffffffff8053dea8>] kcov_close+0x42/0x70 kernel/kcov.c:543
[<ffffffff80cf2748>] __fput+0x382/0xac6 fs/file_table.c:510
[<ffffffff80cf2f3a>] ____fput+0x1c/0x26 fs/file_table.c:538
[<ffffffff801f13b2>] task_work_run+0x16a/0x25e kernel/task_work.c:233
[<ffffffff80169d02>] exit_task_work include/linux/task_work.h:40 [inline]
[<ffffffff80169d02>] do_exit+0x8e4/0x2a6c kernel/exit.c:975
[<ffffffff8016c3ea>] do_group_exit+0xd4/0x26c kernel/exit.c:1117
[<ffffffff801a6fb0>] get_signal+0x2070/0x22aa kernel/signal.c:3037
[<ffffffff80073742>] arch_do_signal_or_restart+0xcc4/0x1d72 arch/riscv/kernel/signal.c:534
[<ffffffff803eca40>] __exit_to_user_mode_loop kernel/entry/common.c:64 [inline]
[<ffffffff803eca40>] exit_to_user_mode_loop+0x9c/0x7a4 kernel/entry/common.c:98
[<ffffffff866faa3c>] __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
[<ffffffff866faa3c>] syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
[<ffffffff866faa3c>] syscall_exit_to_user_mode include/linux/entry-common.h:318 [inline]
[<ffffffff866faa3c>] do_trap_ecall_u+0x490/0x5de arch/riscv/kernel/traps.c:345
[<ffffffff867267f6>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
NMI backtrace for cpu 3
CPU: 3 UID: 0 PID: 17070 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : kasan_quarantine_put+0x8a/0x1fa mm/kasan/quarantine.c:236
 ra : kasan_quarantine_put+0x198/0x1fa mm/kasan/quarantine.c:234
epc : ffffffff80becf0a ra : ffffffff80bed018 sp : ff200000062279b0
 gp : ffffffff8a395420 tp : ff60000093cab580 t0 : ff20000006227990
 t1 : 0000000000000008 t2 : 5f726573755f776f s0 : ff200000062279f0
 s1 : 00000000000f1a70 a0 : 0000000000000003 a1 : 0000000000000000
 a2 : 0000000000000000 a3 : ffffffff8193bb24 a4 : 0000000000000001
 a5 : 0000000000000000 a6 : 0000000000000003 a7 : 0000000039dd5796
 s2 : ff60000096170400 s3 : 0000000000000002 s4 : ff60000080002c80
 s5 : 0000000000000000 s6 : 0000000000000000 s7 : 0000000000001000
 s8 : 0000000000000000 s9 : ff60000096170400 s10: ff600000b124c000
 s11: ff600000b124e000 t3 : 1243f8b800000000 t4 : 0000000000001fff
 t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff80becf0a>] arch_local_irq_restore arch/riscv/include/asm/irqflags.h:51 [inline]
[<ffffffff80becf0a>] kasan_quarantine_put+0x8a/0x1fa mm/kasan/quarantine.c:234
[<ffffffff80be8d24>] __kasan_slab_free+0x6a/0x7e mm/kasan/common.c:295
[<ffffffff80b39284>] kasan_slab_free include/linux/kasan.h:235 [inline]
[<ffffffff80b39284>] slab_free_hook mm/slub.c:2689 [inline]
[<ffffffff80b39284>] slab_free mm/slub.c:6246 [inline]
[<ffffffff80b39284>] kfree+0x30a/0x6e2 mm/slub.c:6561
[<ffffffff8149f2ee>] tomoyo_find_next_domain+0x7d0/0x1e48 security/tomoyo/domain.c:893
[<ffffffff814b1224>] tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
[<ffffffff814b1224>] tomoyo_bprm_check_security+0x128/0x1c4 security/tomoyo/tomoyo.c:92
[<ffffffff81461316>] security_bprm_check+0x278/0x28e security/security.c:820
[<ffffffff80d085b8>] search_binary_handler fs/exec.c:1654 [inline]
[<ffffffff80d085b8>] exec_binprm fs/exec.c:1696 [inline]
[<ffffffff80d085b8>] bprm_execve fs/exec.c:1748 [inline]
[<ffffffff80d085b8>] bprm_execve+0x80c/0x1878 fs/exec.c:1724
[<ffffffff80d0acda>] do_execveat_common.isra.0+0x45e/0x59e fs/exec.c:1846
[<ffffffff80d0ef52>] __do_sys_execve fs/exec.c:1930 [inline]
[<ffffffff80d0ef52>] __se_sys_execve fs/exec.c:1924 [inline]
[<ffffffff80d0ef52>] __riscv_sys_execve+0x8c/0xc4 fs/exec.c:1924
[<ffffffff80078fb2>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:112
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de arch/riscv/kernel/traps.c:342
[<ffffffff867267f6>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 17064 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : arch_local_irq_restore arch/riscv/include/asm/irqflags.h:52 [inline]
epc : lock_acquire kernel/locking/lockdep.c:5871 [inline]
epc : lock_acquire+0x2a8/0x50e kernel/locking/lockdep.c:5825
 ra : lockdep_recursion_finish kernel/locking/lockdep.c:470 [inline]
 ra : lock_acquire kernel/locking/lockdep.c:5870 [inline]
 ra : lock_acquire+0x276/0x50e kernel/locking/lockdep.c:5825
epc : ffffffff802fe96a ra : ffffffff802fe938 sp : ff200000000e7030
 gp : ffffffff8a395420 tp : ff6000008e4eb580 t0 : 0000000000000000
 t1 : 0000000000000001 t2 : 0000000000000000 s0 : ff200000000e7110
 s1 : ffffffff9176ce80 a0 : 0000000000000000 a1 : ffffffff88169438
 a2 : 0000000000000016 a3 : ffffffff8a4a70a0 a4 : 0000000000000000
 a5 : 0000000000000000 a6 : 0000000000000050 a7 : ffffffff80aa2f74
 s2 : ff600000ffa29788 s3 : 0000000000000001 s4 : 0000000000000000
 s5 : 0000000000000000 s6 : 0000000000000000 s7 : ffffffff80aa2f74
 s8 : ffffffff86a68788 s9 : 0000000000000002 s10: ffffffff9176ce80
 s11: ff600000ffa29788 t3 : fbb730c400000000 t4 : 0000000000001fff
 t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff802fe96a>] arch_local_irq_restore arch/riscv/include/asm/irqflags.h:51 [inline]
[<ffffffff802fe96a>] lock_acquire kernel/locking/lockdep.c:5871 [inline]
[<ffffffff802fe96a>] lock_acquire+0x2a8/0x50e kernel/locking/lockdep.c:5825
[<ffffffff86721cd2>] __raw_spin_lock include/linux/spinlock_api_smp.h:158 [inline]
[<ffffffff86721cd2>] _raw_spin_lock+0x32/0x48 kernel/locking/spinlock.c:158
[<ffffffff80aa2f74>] spin_lock include/linux/spinlock.h:342 [inline]
[<ffffffff80aa2f74>] pte_offset_map_lock+0x1d6/0x3d2 mm/pgtable-generic.c:404
[<ffffffff80a5258e>] get_locked_pte+0x70/0xc2 mm/memory.c:2284
[<ffffffff80a526fc>] insert_page+0x11c/0x232 mm/memory.c:2387
[<ffffffff80a52a96>] vm_insert_page+0x284/0x3ae mm/memory.c:2575
[<ffffffff8053dc36>] kcov_mmap+0xb4/0x11c kernel/kcov.c:514
[<ffffffff80af0dfe>] vfs_mmap include/linux/fs.h:2071 [inline]
[<ffffffff80af0dfe>] mmap_file mm/internal.h:168 [inline]
[<ffffffff80af0dfe>] __mmap_new_file_vma mm/vma.c:2496 [inline]
[<ffffffff80af0dfe>] __mmap_new_vma mm/vma.c:2562 [inline]
[<ffffffff80af0dfe>] __mmap_region+0x10b4/0x2800 mm/vma.c:2771
[<ffffffff80af6c24>] mmap_region+0x3e8/0x500 mm/vma.c:2856
[<ffffffff80a7c7d0>] do_mmap+0x944/0x1048 mm/mmap.c:560
[<ffffffff809b7d5a>] vm_mmap_pgoff+0x27c/0x41e mm/util.c:581
[<ffffffff80a7959c>] ksys_mmap_pgoff+0x2ce/0x6fa mm/mmap.c:606
[<ffffffff800749f4>] riscv_sys_mmap arch/riscv/kernel/sys_riscv.c:29 [inline]
[<ffffffff800749f4>] __do_sys_mmap arch/riscv/kernel/sys_riscv.c:38 [inline]
[<ffffffff800749f4>] __se_sys_mmap arch/riscv/kernel/sys_riscv.c:34 [inline]
[<ffffffff800749f4>] __riscv_sys_mmap+0x11c/0x18c arch/riscv/kernel/sys_riscv.c:34
[<ffffffff80078fb2>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:112
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de arch/riscv/kernel/traps.c:342
[<ffffffff867267f6>] handle_exception+0x15e/0x16a arch/riscv/kernel/entry.S:232

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15504 tgid:15504 ppid:1      task_flags:0x400140 flags:0x00000002
Call Trace:
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c
[<ffffffff8670a182>] schedule+0xc4/0x35e
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c
[<ffffffff839164cc>] new_device_store+0x10a/0x6c2
[<ffffffff82d41b12>] bus_attr_store+0x6a/0x9e
[<ffffffff80fb8126>] sysfs_kf_write+0xc2/0x11c
[<ffffffff80fb17fc>] kernfs_fop_write_iter+0x32a/0x4c8
[<ffffffff80ceb5c8>] vfs_write+0x776/0xc9e
[<ffffffff80cebeea>] ksys_write+0x126/0x234
[<ffffffff80cec066>] __riscv_sys_write+0x6e/0xa0
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a
INFO: task syz-executor:15582 blocked for more than 433 seconds.
      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15582 tgid:15582 ppid:15557  task_flags:0x400140 flags:0x00000000
Call Trace:
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c
[<ffffffff8670a182>] schedule+0xc4/0x35e
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c
[<ffffffff83915a5e>] del_device_store+0xf0/0x48c
[<ffffffff82d41b12>] bus_attr_store+0x6a/0x9e
[<ffffffff80fb8126>] sysfs_kf_write+0xc2/0x11c
[<ffffffff80fb17fc>] kernfs_fop_write_iter+0x32a/0x4c8
[<ffffffff80ceb5c8>] vfs_write+0x776/0xc9e
[<ffffffff80cebeea>] ksys_write+0x126/0x234
[<ffffffff80cec066>] __riscv_sys_write+0x6e/0xa0
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a
INFO: task syz-executor:15597 blocked for more than 422 seconds.
      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15597 tgid:15597 ppid:15595  task_flags:0x400140 flags:0x00000000
Call Trace:
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c
[<ffffffff8670a182>] schedule+0xc4/0x35e
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c
[<ffffffff8549fd26>] rtnl_newlink+0x64c/0x1dc6
[<ffffffff854a34e0>] rtnetlink_rcv_msg+0x9e2/0xdbe
[<ffffffff858203ca>] netlink_rcv_skb+0x206/0x3be
[<ffffffff8548fe9a>] rtnetlink_rcv+0x26/0x30
[<ffffffff8581e6a8>] netlink_unicast+0x52a/0x888
[<ffffffff8581f386>] netlink_sendmsg+0x980/0xd8a
[<ffffffff85365c18>] __sock_sendmsg+0xcc/0x162
[<ffffffff8536f6a0>] __sys_sendto+0x27a/0x34e
[<ffffffff8536f834>] __riscv_sys_sendto+0xc0/0x158
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a

Showing all locks held in the system:
1 lock held by khungtaskd/43:
 #0: ffffffff889e8f60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2a/0x1a0
3 locks held by kworker/u16:7/950:
 #0: ff60000080134140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x886/0x21ba
 #1: ff20000003057b50 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x21ba
 #2: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a
2 locks held by syslogd/3051:
2 locks held by getty/3104:
 #0: ff600000926110a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46
 #1: ff200000000bb2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x3e4/0x12d6
6 locks held by kworker/u16:3/3136:
2 locks held by syz-executor/3139:
3 locks held by kworker/u16:10/4765:
 #0: ff6000008d5a6140 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x886/0x21ba
 #1: ff20000002377b50 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x21ba
 #2: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a
7 locks held by syz-executor/15475:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff6000008d69bc80 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x10a/0x6c2
 #4: ff600000b0c0b128 (&dev->mutex){....}-{4:4}, at: __device_attach+0x8e/0x490
 #5: ff6000008e375258 (&devlink->lock_key#22){+.+.}-{4:4}, at: devl_lock+0x22/0x2c
 #6: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a
4 locks held by syz-executor/15504:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff600000aa105480 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x10a/0x6c2
4 locks held by syz-executor/15575:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff6000009624e880 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xf0/0x48c
4 locks held by syz-executor/15582:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff600000b1aba480 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xf0/0x48c
2 locks held by syz-executor/15597:
 #0: ffffffff896a4b48 (&ops->srcu){.+.+}-{0:0}, at: rtnl_link_ops_get+0xea/0x31c
 #1: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x64c/0x1dc6
3 locks held by kworker/2:3/17058:
4 locks held by syz-executor/17064:
1 lock held by syz-executor/17066:
 #0: ffffffff88e31ad8 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_check_open_permission+0x144/0x3d6
2 locks held by syz-executor/17067:
1 lock held by syz-executor/17070:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 43 Comm: khungtaskd Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8007c91c>] dump_backtrace+0x2e/0x3c
[<ffffffff800032ce>] show_stack+0x30/0x3c
[<ffffffff80060fbe>] dump_stack_lvl+0x12a/0x1a2
[<ffffffff80061052>] dump_stack+0x1c/0x24
[<ffffffff866ba6bc>] nmi_cpu_backtrace+0x3b0/0x3b2
[<ffffffff866ba974>] nmi_trigger_cpumask_backtrace+0x2b6/0x45a
[<ffffffff8008aae0>] arch_trigger_cpumask_backtrace+0x2c/0x38
[<ffffffff866cee94>] sys_info+0x20c/0x24e
[<ffffffff8053fe46>] watchdog+0x920/0x137c
[<ffffffff801f7d58>] kthread+0x336/0x47e
[<ffffffff8006a302>] ret_from_fork_kernel+0x94/0xfce
[<ffffffff86726926>] ret_from_fork_kernel_asm+0x16/0x18
Sending NMI from CPU 1 to CPUs 0,2-3:
NMI backtrace for cpu 2
CPU: 2 UID: 0 PID: 3139 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : mod_node_page_state+0x28/0x6a
 ra : mod_node_page_state+0x58/0x6a
epc : ffffffff809bb55e ra : ffffffff809bb58e sp : ff200000063a7600
 gp : ffffffff8a395420 tp : ff6000008b193580 t0 : ffebffff15c2c000
 t1 : 0000000000000001 t2 : 0000000000000000 s0 : ff200000063a7630
 s1 : 0000000000000002 a0 : 0000000000000002 a1 : 0000000000000000
 a2 : 0000000000000000 a3 : ffffffff8193bb24 a4 : 0000000000000001
 a5 : 0000000000000000 a6 : 0000000000000003 a7 : ffffffff80c62208
 s2 : ff600000fffe99c0 s3 : 0000000000000024 s4 : ffffffffffffffff
 s5 : 0000000000000000 s6 : 0000000000000007 s7 : ffebffff11077215
 s8 : 0000000000000160 s9 : ff1c000002b85800 s10: 1fec000011077215
 s11: ff600000883b9080 t3 : 4b952e4d00000000 t4 : 0000000000000000
 t5 : 0000000000000000 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff809bb55e>] mod_node_page_state+0x28/0x6a
[<ffffffff80c623ae>] lruvec_stat_mod_folio+0x200/0x25a
[<ffffffff80addf62>] vfree+0x272/0xca8
[<ffffffff8053dea8>] kcov_close+0x42/0x70
[<ffffffff80cf2748>] __fput+0x382/0xac6
[<ffffffff80cf2f3a>] ____fput+0x1c/0x26
[<ffffffff801f13b2>] task_work_run+0x16a/0x25e
[<ffffffff80169d02>] do_exit+0x8e4/0x2a6c
[<ffffffff8016c3ea>] do_group_exit+0xd4/0x26c
[<ffffffff801a6fb0>] get_signal+0x2070/0x22aa
[<ffffffff80073742>] arch_do_signal_or_restart+0xcc4/0x1d72
[<ffffffff803eca40>] exit_to_user_mode_loop+0x9c/0x7a4
[<ffffffff866faa3c>] do_trap_ecall_u+0x490/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a
NMI backtrace for cpu 3
CPU: 3 UID: 0 PID: 17070 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : kasan_quarantine_put+0x8a/0x1fa
 ra : kasan_quarantine_put+0x198/0x1fa
epc : ffffffff80becf0a ra : ffffffff80bed018 sp : ff200000062279b0
 gp : ffffffff8a395420 tp : ff60000093cab580 t0 : ff20000006227990
 t1 : 0000000000000008 t2 : 5f726573755f776f s0 : ff200000062279f0
 s1 : 00000000000f1a70 a0 : 0000000000000003 a1 : 0000000000000000
 a2 : 0000000000000000 a3 : ffffffff8193bb24 a4 : 0000000000000001
 a5 : 0000000000000000 a6 : 0000000000000003 a7 : 0000000039dd5796
 s2 : ff60000096170400 s3 : 0000000000000002 s4 : ff60000080002c80
 s5 : 0000000000000000 s6 : 0000000000000000 s7 : 0000000000001000
 s8 : 0000000000000000 s9 : ff60000096170400 s10: ff600000b124c000
 s11: ff600000b124e000 t3 : 1243f8b800000000 t4 : 0000000000001fff
 t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff80becf0a>] kasan_quarantine_put+0x8a/0x1fa
[<ffffffff80be8d24>] __kasan_slab_free+0x6a/0x7e
[<ffffffff80b39284>] kfree+0x30a/0x6e2
[<ffffffff8149f2ee>] tomoyo_find_next_domain+0x7d0/0x1e48
[<ffffffff814b1224>] tomoyo_bprm_check_security+0x128/0x1c4
[<ffffffff81461316>] security_bprm_check+0x278/0x28e
[<ffffffff80d085b8>] bprm_execve+0x80c/0x1878
[<ffffffff80d0acda>] do_execveat_common.isra.0+0x45e/0x59e
[<ffffffff80d0ef52>] __riscv_sys_execve+0x8c/0xc4
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 17064 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : lock_acquire+0x2a8/0x50e
 ra : lock_acquire+0x276/0x50e
epc : ffffffff802fe96a ra : ffffffff802fe938 sp : ff200000000e7030
 gp : ffffffff8a395420 tp : ff6000008e4eb580 t0 : 0000000000000000
 t1 : 0000000000000001 t2 : 0000000000000000 s0 : ff200000000e7110
 s1 : ffffffff9176ce80 a0 : 0000000000000000 a1 : ffffffff88169438
 a2 : 0000000000000016 a3 : ffffffff8a4a70a0 a4 : 0000000000000000
 a5 : 0000000000000000 a6 : 0000000000000050 a7 : ffffffff80aa2f74
 s2 : ff600000ffa29788 s3 : 0000000000000001 s4 : 0000000000000000
 s5 : 0000000000000000 s6 : 0000000000000000 s7 : ffffffff80aa2f74
 s8 : ffffffff86a68788 s9 : 0000000000000002 s10: ffffffff9176ce80
 s11: ff600000ffa29788 t3 : fbb730c400000000 t4 : 0000000000001fff
 t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff802fe96a>] lock_acquire+0x2a8/0x50e
[<ffffffff86721cd2>] _raw_spin_lock+0x32/0x48
[<ffffffff80aa2f74>] pte_offset_map_lock+0x1d6/0x3d2
[<ffffffff80a5258e>] get_locked_pte+0x70/0xc2
[<ffffffff80a526fc>] insert_page+0x11c/0x232
[<ffffffff80a52a96>] vm_insert_page+0x284/0x3ae
[<ffffffff8053dc36>] kcov_mmap+0xb4/0x11c
[<ffffffff80af0dfe>] __mmap_region+0x10b4/0x2800
[<ffffffff80af6c24>] mmap_region+0x3e8/0x500
[<ffffffff80a7c7d0>] do_mmap+0x944/0x1048
[<ffffffff809b7d5a>] vm_mmap_pgoff+0x27c/0x41e
[<ffffffff80a7959c>] ksys_mmap_pgoff+0x2ce/0x6fa
[<ffffffff800749f4>] __riscv_sys_mmap+0x11c/0x18c
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15582 tgid:15582 ppid:15557  task_flags:0x400140 flags:0x00000000
Call Trace:
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c
[<ffffffff8670a182>] schedule+0xc4/0x35e
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c
[<ffffffff83915a5e>] del_device_store+0xf0/0x48c
[<ffffffff82d41b12>] bus_attr_store+0x6a/0x9e
[<ffffffff80fb8126>] sysfs_kf_write+0xc2/0x11c
[<ffffffff80fb17fc>] kernfs_fop_write_iter+0x32a/0x4c8
[<ffffffff80ceb5c8>] vfs_write+0x776/0xc9e
[<ffffffff80cebeea>] ksys_write+0x126/0x234
[<ffffffff80cec066>] __riscv_sys_write+0x6e/0xa0
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a
INFO: task syz-executor:15597 blocked for more than 422 seconds.
      Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor    state:D stack:0     pid:15597 tgid:15597 ppid:15595  task_flags:0x400140 flags:0x00000000
Call Trace:
[<ffffffff867069b0>] __schedule+0x1a2e/0x513c
[<ffffffff8670a182>] schedule+0xc4/0x35e
[<ffffffff8670a518>] schedule_preempt_disabled+0x16/0x28
[<ffffffff86712a14>] __mutex_lock+0xbee/0x1b0e
[<ffffffff86713948>] mutex_lock_nested+0x14/0x1c
[<ffffffff8549fd26>] rtnl_newlink+0x64c/0x1dc6
[<ffffffff854a34e0>] rtnetlink_rcv_msg+0x9e2/0xdbe
[<ffffffff858203ca>] netlink_rcv_skb+0x206/0x3be
[<ffffffff8548fe9a>] rtnetlink_rcv+0x26/0x30
[<ffffffff8581e6a8>] netlink_unicast+0x52a/0x888
[<ffffffff8581f386>] netlink_sendmsg+0x980/0xd8a
[<ffffffff85365c18>] __sock_sendmsg+0xcc/0x162
[<ffffffff8536f6a0>] __sys_sendto+0x27a/0x34e
[<ffffffff8536f834>] __riscv_sys_sendto+0xc0/0x158
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a

Showing all locks held in the system:
1 lock held by khungtaskd/43:
 #0: ffffffff889e8f60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2a/0x1a0
3 locks held by kworker/u16:7/950:
 #0: ff60000080134140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x886/0x21ba
 #1: ff20000003057b50 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8ae/0x21ba
 #2: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a
2 locks held by syslogd/3051:
2 locks held by getty/3104:
 #0: ff600000926110a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46
 #1: ff200000000bb2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x3e4/0x12d6
6 locks held by kworker/u16:3/3136:
2 locks held by syz-executor/3139:
3 locks held by kworker/u16:10/4765:
 #0: ff6000008d5a6140 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x886/0x21ba
 #1: ff20000002377b50 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x21ba
 #2: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a
7 locks held by syz-executor/15475:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff6000008d69bc80 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x10a/0x6c2
 #4: ff600000b0c0b128 (&dev->mutex){....}-{4:4}, at: __device_attach+0x8e/0x490
 #5: ff6000008e375258 (&devlink->lock_key#22){+.+.}-{4:4}, at: devl_lock+0x22/0x2c
 #6: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x22/0x2a
4 locks held by syz-executor/15504:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff600000aa105480 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946a58 (kn->active#5){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x10a/0x6c2
4 locks held by syz-executor/15575:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff6000009624e880 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xf0/0x48c
4 locks held by syz-executor/15582:
 #0: ff6000009335a410 (sb_writers#6){.+.+}-{0:0}, at: vfs_write+0x9d0/0xc9e
 #1: ff600000b1aba480 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x252/0x4c8
 #2: ff6000008b946968 (kn->active#4){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2aa/0x4c8
 #3: ffffffff8979c780 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xf0/0x48c
2 locks held by syz-executor/15597:
 #0: ffffffff896a4b48 (&ops->srcu){.+.+}-{0:0}, at: rtnl_link_ops_get+0xea/0x31c
 #1: ffffffff89f64220 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x64c/0x1dc6
3 locks held by kworker/2:3/17058:
4 locks held by syz-executor/17064:
1 lock held by syz-executor/17066:
 #0: ffffffff88e31ad8 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_check_open_permission+0x144/0x3d6
2 locks held by syz-executor/17067:
1 lock held by syz-executor/17070:

=============================================

NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 43 Comm: khungtaskd Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8007c91c>] dump_backtrace+0x2e/0x3c
[<ffffffff800032ce>] show_stack+0x30/0x3c
[<ffffffff80060fbe>] dump_stack_lvl+0x12a/0x1a2
[<ffffffff80061052>] dump_stack+0x1c/0x24
[<ffffffff866ba6bc>] nmi_cpu_backtrace+0x3b0/0x3b2
[<ffffffff866ba974>] nmi_trigger_cpumask_backtrace+0x2b6/0x45a
[<ffffffff8008aae0>] arch_trigger_cpumask_backtrace+0x2c/0x38
[<ffffffff866cee94>] sys_info+0x20c/0x24e
[<ffffffff8053fe46>] watchdog+0x920/0x137c
[<ffffffff801f7d58>] kthread+0x336/0x47e
[<ffffffff8006a302>] ret_from_fork_kernel+0x94/0xfce
[<ffffffff86726926>] ret_from_fork_kernel_asm+0x16/0x18
Sending NMI from CPU 1 to CPUs 0,2-3:
NMI backtrace for cpu 2
CPU: 2 UID: 0 PID: 3139 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : mod_node_page_state+0x28/0x6a
 ra : mod_node_page_state+0x58/0x6a
epc : ffffffff809bb55e ra : ffffffff809bb58e sp : ff200000063a7600
 gp : ffffffff8a395420 tp : ff6000008b193580 t0 : ffebffff15c2c000
 t1 : 0000000000000001 t2 : 0000000000000000 s0 : ff200000063a7630
 s1 : 0000000000000002 a0 : 0000000000000002 a1 : 0000000000000000
 a2 : 0000000000000000 a3 : ffffffff8193bb24 a4 : 0000000000000001
 a5 : 0000000000000000 a6 : 0000000000000003 a7 : ffffffff80c62208
 s2 : ff600000fffe99c0 s3 : 0000000000000024 s4 : ffffffffffffffff
 s5 : 0000000000000000 s6 : 0000000000000007 s7 : ffebffff11077215
 s8 : 0000000000000160 s9 : ff1c000002b85800 s10: 1fec000011077215
 s11: ff600000883b9080 t3 : 4b952e4d00000000 t4 : 0000000000000000
 t5 : 0000000000000000 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff809bb55e>] mod_node_page_state+0x28/0x6a
[<ffffffff80c623ae>] lruvec_stat_mod_folio+0x200/0x25a
[<ffffffff80addf62>] vfree+0x272/0xca8
[<ffffffff8053dea8>] kcov_close+0x42/0x70
[<ffffffff80cf2748>] __fput+0x382/0xac6
[<ffffffff80cf2f3a>] ____fput+0x1c/0x26
[<ffffffff801f13b2>] task_work_run+0x16a/0x25e
[<ffffffff80169d02>] do_exit+0x8e4/0x2a6c
[<ffffffff8016c3ea>] do_group_exit+0xd4/0x26c
[<ffffffff801a6fb0>] get_signal+0x2070/0x22aa
[<ffffffff80073742>] arch_do_signal_or_restart+0xcc4/0x1d72
[<ffffffff803eca40>] exit_to_user_mode_loop+0x9c/0x7a4
[<ffffffff866faa3c>] do_trap_ecall_u+0x490/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a
NMI backtrace for cpu 3
CPU: 3 UID: 0 PID: 17070 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : kasan_quarantine_put+0x8a/0x1fa
 ra : kasan_quarantine_put+0x198/0x1fa
epc : ffffffff80becf0a ra : ffffffff80bed018 sp : ff200000062279b0
 gp : ffffffff8a395420 tp : ff60000093cab580 t0 : ff20000006227990
 t1 : 0000000000000008 t2 : 5f726573755f776f s0 : ff200000062279f0
 s1 : 00000000000f1a70 a0 : 0000000000000003 a1 : 0000000000000000
 a2 : 0000000000000000 a3 : ffffffff8193bb24 a4 : 0000000000000001
 a5 : 0000000000000000 a6 : 0000000000000003 a7 : 0000000039dd5796
 s2 : ff60000096170400 s3 : 0000000000000002 s4 : ff60000080002c80
 s5 : 0000000000000000 s6 : 0000000000000000 s7 : 0000000000001000
 s8 : 0000000000000000 s9 : ff60000096170400 s10: ff600000b124c000
 s11: ff600000b124e000 t3 : 1243f8b800000000 t4 : 0000000000001fff
 t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff80becf0a>] kasan_quarantine_put+0x8a/0x1fa
[<ffffffff80be8d24>] __kasan_slab_free+0x6a/0x7e
[<ffffffff80b39284>] kfree+0x30a/0x6e2
[<ffffffff8149f2ee>] tomoyo_find_next_domain+0x7d0/0x1e48
[<ffffffff814b1224>] tomoyo_bprm_check_security+0x128/0x1c4
[<ffffffff81461316>] security_bprm_check+0x278/0x28e
[<ffffffff80d085b8>] bprm_execve+0x80c/0x1878
[<ffffffff80d0acda>] do_execveat_common.isra.0+0x45e/0x59e
[<ffffffff80d0ef52>] __riscv_sys_execve+0x8c/0xc4
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 17064 Comm: syz-executor Tainted: G        W           7.1.0-rc1-gdb909bd7986c #1 PREEMPT 
Tainted: [W]=WARN
Hardware name: riscv-virtio,qemu (DT)
epc : lock_acquire+0x2a8/0x50e
 ra : lock_acquire+0x276/0x50e
epc : ffffffff802fe96a ra : ffffffff802fe938 sp : ff200000000e7030
 gp : ffffffff8a395420 tp : ff6000008e4eb580 t0 : 0000000000000000
 t1 : 0000000000000001 t2 : 0000000000000000 s0 : ff200000000e7110
 s1 : ffffffff9176ce80 a0 : 0000000000000000 a1 : ffffffff88169438
 a2 : 0000000000000016 a3 : ffffffff8a4a70a0 a4 : 0000000000000000
 a5 : 0000000000000000 a6 : 0000000000000050 a7 : ffffffff80aa2f74
 s2 : ff600000ffa29788 s3 : 0000000000000001 s4 : 0000000000000000
 s5 : 0000000000000000 s6 : 0000000000000000 s7 : ffffffff80aa2f74
 s8 : ffffffff86a68788 s9 : 0000000000000002 s10: ffffffff9176ce80
 s11: ff600000ffa29788 t3 : fbb730c400000000 t4 : 0000000000001fff
 t5 : 00000000000000c8 t6 : 0000000000000002 ssp : 0000000000000000
status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000009
[<ffffffff802fe96a>] lock_acquire+0x2a8/0x50e
[<ffffffff86721cd2>] _raw_spin_lock+0x32/0x48
[<ffffffff80aa2f74>] pte_offset_map_lock+0x1d6/0x3d2
[<ffffffff80a5258e>] get_locked_pte+0x70/0xc2
[<ffffffff80a526fc>] insert_page+0x11c/0x232
[<ffffffff80a52a96>] vm_insert_page+0x284/0x3ae
[<ffffffff8053dc36>] kcov_mmap+0xb4/0x11c
[<ffffffff80af0dfe>] __mmap_region+0x10b4/0x2800
[<ffffffff80af6c24>] mmap_region+0x3e8/0x500
[<ffffffff80a7c7d0>] do_mmap+0x944/0x1048
[<ffffffff809b7d5a>] vm_mmap_pgoff+0x27c/0x41e
[<ffffffff80a7959c>] ksys_mmap_pgoff+0x2ce/0x6fa
[<ffffffff800749f4>] __riscv_sys_mmap+0x11c/0x18c
[<ffffffff80078fb2>] syscall_handler+0x94/0x118
[<ffffffff866fa9ea>] do_trap_ecall_u+0x43e/0x5de
[<ffffffff867267f6>] handle_exception+0x15e/0x16a

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>

Re: [PATCH] netdevsim: Fix task hung by releasing bus lock before device ops

[kernel test robot]

Hi Jiakai,

kernel test robot noticed the following build errors:

[auto build test ERROR on linus/master]
[also build test ERROR on v7.1-rc2 next-20260508]
[cannot apply to horms-ipvs/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Jiakai-Xu/netdevsim-Fix-task-hung-by-releasing-bus-lock-before-device-ops/20260510-070550
base:   linus/master
patch link:    https://lore.kernel.org/r/20260509092837.3432281-1-xujiakai24%40mails.ucas.ac.cn
patch subject: [PATCH] netdevsim: Fix task hung by releasing bus lock before device ops
config: m68k-allmodconfig (https://download.01.org/0day-ci/archive/20260510/202605101038.mxF4QH95-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 15.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260510/202605101038.mxF4QH95-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202605101038.mxF4QH95-lkp@intel.com/

All error/warnings (new ones prefixed by >>):

   drivers/net/netdevsim/bus.c: In function 'new_device_store':
>> drivers/net/netdevsim/bus.c:192:17: error: implicit declaration of function 'nsim_bus_dev_del'; did you mean 'nsim_bus_dev_new'? [-Wimplicit-function-declaration]
     192 |                 nsim_bus_dev_del(nsim_bus_dev);
         |                 ^~~~~~~~~~~~~~~~
         |                 nsim_bus_dev_new
   drivers/net/netdevsim/bus.c: At top level:
>> drivers/net/netdevsim/bus.c:206:13: warning: conflicting types for 'nsim_bus_dev_del'; have 'void(struct nsim_bus_dev *)'
     206 | static void nsim_bus_dev_del(struct nsim_bus_dev *nsim_bus_dev);
         |             ^~~~~~~~~~~~~~~~
>> drivers/net/netdevsim/bus.c:206:13: error: static declaration of 'nsim_bus_dev_del' follows non-static declaration
   drivers/net/netdevsim/bus.c:192:17: note: previous implicit declaration of 'nsim_bus_dev_del' with type 'void(struct nsim_bus_dev *)'
     192 |                 nsim_bus_dev_del(nsim_bus_dev);
         |                 ^~~~~~~~~~~~~~~~


vim +192 drivers/net/netdevsim/bus.c

   157	
   158	static ssize_t
   159	new_device_store(const struct bus_type *bus, const char *buf, size_t count)
   160	{
   161		unsigned int id, port_count, num_queues;
   162		struct nsim_bus_dev *nsim_bus_dev;
   163		int err;
   164	
   165		err = sscanf(buf, "%u %u %u", &id, &port_count, &num_queues);
   166		switch (err) {
   167		case 1:
   168			port_count = 1;
   169			fallthrough;
   170		case 2:
   171			num_queues = 1;
   172			fallthrough;
   173		case 3:
   174			if (id > INT_MAX) {
   175				pr_err("Value of \"id\" is too big.\n");
   176				return -EINVAL;
   177			}
   178			break;
   179		default:
   180			pr_err("Format for adding new device is \"id port_count num_queues\" (uint uint uint).\n");
   181			return -EINVAL;
   182		}
   183	
   184		nsim_bus_dev = nsim_bus_dev_new(id, port_count, num_queues);
   185		if (IS_ERR(nsim_bus_dev))
   186			return PTR_ERR(nsim_bus_dev);
   187	
   188		mutex_lock(&nsim_bus_dev_list_lock);
   189		/* Prevent to use resource before initialization. */
   190		if (!smp_load_acquire(&nsim_bus_enable)) {
   191			mutex_unlock(&nsim_bus_dev_list_lock);
 > 192			nsim_bus_dev_del(nsim_bus_dev);
   193			return -EBUSY;
   194		}
   195	
   196		/* Allow using nsim_bus_dev */
   197		smp_store_release(&nsim_bus_dev->init, true);
   198	
   199		list_add_tail(&nsim_bus_dev->list, &nsim_bus_dev_list);
   200		mutex_unlock(&nsim_bus_dev_list_lock);
   201	
   202		return count;
   203	}
   204	static BUS_ATTR_WO(new_device);
   205	
 > 206	static void nsim_bus_dev_del(struct nsim_bus_dev *nsim_bus_dev);
   207	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH] netdevsim: Fix task hung by releasing bus lock before device ops

[kernel test robot]

Hi Jiakai,

kernel test robot noticed the following build errors:

[auto build test ERROR on linus/master]
[also build test ERROR on v7.1-rc2 next-20260508]
[cannot apply to horms-ipvs/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Jiakai-Xu/netdevsim-Fix-task-hung-by-releasing-bus-lock-before-device-ops/20260510-070550
base:   linus/master
patch link:    https://lore.kernel.org/r/20260509092837.3432281-1-xujiakai24%40mails.ucas.ac.cn
patch subject: [PATCH] netdevsim: Fix task hung by releasing bus lock before device ops
config: hexagon-allmodconfig (https://download.01.org/0day-ci/archive/20260510/202605101358.RCmpCsFR-lkp@intel.com/config)
compiler: clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260510/202605101358.RCmpCsFR-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202605101358.RCmpCsFR-lkp@intel.com/

All errors (new ones prefixed by >>):

>> drivers/net/netdevsim/bus.c:192:3: error: call to undeclared function 'nsim_bus_dev_del'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
     192 |                 nsim_bus_dev_del(nsim_bus_dev);
         |                 ^
   drivers/net/netdevsim/bus.c:192:3: note: did you mean 'nsim_bus_dev_new'?
   drivers/net/netdevsim/bus.c:156:1: note: 'nsim_bus_dev_new' declared here
     156 | nsim_bus_dev_new(unsigned int id, unsigned int port_count, unsigned int num_queues);
         | ^
>> drivers/net/netdevsim/bus.c:206:13: error: conflicting types for 'nsim_bus_dev_del'
     206 | static void nsim_bus_dev_del(struct nsim_bus_dev *nsim_bus_dev);
         |             ^
   drivers/net/netdevsim/bus.c:192:3: note: previous implicit declaration is here
     192 |                 nsim_bus_dev_del(nsim_bus_dev);
         |                 ^
   2 errors generated.


vim +/nsim_bus_dev_del +192 drivers/net/netdevsim/bus.c

   157	
   158	static ssize_t
   159	new_device_store(const struct bus_type *bus, const char *buf, size_t count)
   160	{
   161		unsigned int id, port_count, num_queues;
   162		struct nsim_bus_dev *nsim_bus_dev;
   163		int err;
   164	
   165		err = sscanf(buf, "%u %u %u", &id, &port_count, &num_queues);
   166		switch (err) {
   167		case 1:
   168			port_count = 1;
   169			fallthrough;
   170		case 2:
   171			num_queues = 1;
   172			fallthrough;
   173		case 3:
   174			if (id > INT_MAX) {
   175				pr_err("Value of \"id\" is too big.\n");
   176				return -EINVAL;
   177			}
   178			break;
   179		default:
   180			pr_err("Format for adding new device is \"id port_count num_queues\" (uint uint uint).\n");
   181			return -EINVAL;
   182		}
   183	
   184		nsim_bus_dev = nsim_bus_dev_new(id, port_count, num_queues);
   185		if (IS_ERR(nsim_bus_dev))
   186			return PTR_ERR(nsim_bus_dev);
   187	
   188		mutex_lock(&nsim_bus_dev_list_lock);
   189		/* Prevent to use resource before initialization. */
   190		if (!smp_load_acquire(&nsim_bus_enable)) {
   191			mutex_unlock(&nsim_bus_dev_list_lock);
 > 192			nsim_bus_dev_del(nsim_bus_dev);
   193			return -EBUSY;
   194		}
   195	
   196		/* Allow using nsim_bus_dev */
   197		smp_store_release(&nsim_bus_dev->init, true);
   198	
   199		list_add_tail(&nsim_bus_dev->list, &nsim_bus_dev_list);
   200		mutex_unlock(&nsim_bus_dev_list_lock);
   201	
   202		return count;
   203	}
   204	static BUS_ATTR_WO(new_device);
   205	
 > 206	static void nsim_bus_dev_del(struct nsim_bus_dev *nsim_bus_dev);
   207	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH] netdevsim: Fix task hung by releasing bus lock before device ops

[kernel test robot]

Hi Jiakai,

kernel test robot noticed the following build warnings:

[auto build test WARNING on linus/master]
[also build test WARNING on v7.1-rc2 next-20260508]
[cannot apply to horms-ipvs/master]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Jiakai-Xu/netdevsim-Fix-task-hung-by-releasing-bus-lock-before-device-ops/20260510-070550
base:   linus/master
patch link:    https://lore.kernel.org/r/20260509092837.3432281-1-xujiakai24%40mails.ucas.ac.cn
patch subject: [PATCH] netdevsim: Fix task hung by releasing bus lock before device ops
config: riscv-randconfig-001 (https://download.01.org/0day-ci/archive/20260510/202605101318.qbesSR5H-lkp@intel.com/config)
compiler: riscv64-linux-gcc (GCC) 8.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260510/202605101318.qbesSR5H-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202605101318.qbesSR5H-lkp@intel.com/

All warnings (new ones prefixed by >>):

   drivers/net/netdevsim/bus.c: In function 'new_device_store':
   drivers/net/netdevsim/bus.c:192:3: error: implicit declaration of function 'nsim_bus_dev_del'; did you mean 'nsim_bus_dev_new'? [-Werror=implicit-function-declaration]
      nsim_bus_dev_del(nsim_bus_dev);
      ^~~~~~~~~~~~~~~~
      nsim_bus_dev_new
   drivers/net/netdevsim/bus.c: At top level:
>> drivers/net/netdevsim/bus.c:206:13: warning: conflicting types for 'nsim_bus_dev_del'
    static void nsim_bus_dev_del(struct nsim_bus_dev *nsim_bus_dev);
                ^~~~~~~~~~~~~~~~
   drivers/net/netdevsim/bus.c:206:13: error: static declaration of 'nsim_bus_dev_del' follows non-static declaration
   drivers/net/netdevsim/bus.c:192:3: note: previous implicit declaration of 'nsim_bus_dev_del' was here
      nsim_bus_dev_del(nsim_bus_dev);
      ^~~~~~~~~~~~~~~~
   cc1: some warnings being treated as errors


vim +/nsim_bus_dev_del +206 drivers/net/netdevsim/bus.c

f9d9db47d3ba873 Jiri Pirko 2019-04-25  205  
e05b2d141fef22c Jiri Pirko 2019-04-25 @206  static void nsim_bus_dev_del(struct nsim_bus_dev *nsim_bus_dev);
e05b2d141fef22c Jiri Pirko 2019-04-25  207  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki