syzbot


WARNING: locking bug in __schedule

Status: upstream: reported on 2024/06/08 16:12
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+46b40e354b532433eeef@syzkaller.appspotmail.com
First crash: 11d, last: 9h57m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [kernel?] WARNING: locking bug in __schedule 0 (1) 2024/06/08 16:12

Sample crash report:
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 1 PID: 10852 at kernel/locking/lockdep.c:232 hlock_class kernel/locking/lockdep.c:232 [inline]
WARNING: CPU: 1 PID: 10852 at kernel/locking/lockdep.c:232 check_wait_context kernel/locking/lockdep.c:4773 [inline]
WARNING: CPU: 1 PID: 10852 at kernel/locking/lockdep.c:232 __lock_acquire+0x573/0x1fd0 kernel/locking/lockdep.c:5087
Modules linked in:
CPU: 1 PID: 10852 Comm: syz-executor.5 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:hlock_class kernel/locking/lockdep.c:232 [inline]
RIP: 0010:check_wait_context kernel/locking/lockdep.c:4773 [inline]
RIP: 0010:__lock_acquire+0x573/0x1fd0 kernel/locking/lockdep.c:5087
Code: 00 00 83 3d ee 11 3b 0e 00 75 23 90 48 c7 c7 20 ba ca 8b 48 c7 c6 c0 bc ca 8b e8 78 e4 e5 ff 48 ba 00 00 00 00 00 fc ff df 90 <0f> 0b 90 90 90 31 db 48 81 c3 c4 00 00 00 48 89 d8 48 c1 e8 03 0f
RSP: 0018:ffffc9000528ec90 EFLAGS: 00010046
RAX: d11ab7f5aab3d000 RBX: 0000000000000e50 RCX: ffff888028228000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff81585822 R09: fffffbfff1c39994
R10: dffffc0000000000 R11: fffffbfff1c39994 R12: 0000000000000001
R13: ffff888028228000 R14: 0000000000000000 R15: ffff888028228b00
FS:  0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555587371938 CR3: 0000000026274000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5754
 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378
 raw_spin_rq_lock_nested+0xb0/0x140 kernel/sched/core.c:567
 raw_spin_rq_lock kernel/sched/sched.h:1406 [inline]
 rq_lock kernel/sched/sched.h:1702 [inline]
 __schedule+0x357/0x4a20 kernel/sched/core.c:6653
 preempt_schedule_irq+0xfb/0x1c0 kernel/sched/core.c:7067
 irqentry_exit+0x5e/0x90 kernel/entry/common.c:354
 asm_sysvec_reschedule_ipi+0x1a/0x20 arch/x86/include/asm/idtentry.h:707
RIP: 0010:instrument_atomic_read include/linux/instrumented.h:68 [inline]
RIP: 0010:_test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
RIP: 0010:folio_test_dirty include/linux/page-flags.h:518 [inline]
RIP: 0010:folio_cancel_dirty include/linux/pagemap.h:1160 [inline]
RIP: 0010:truncate_cleanup_folio+0x165/0x3d0 mm/truncate.c:185
Code: 29 00 49 8b 2e 48 89 ee 48 83 e6 01 31 ff e8 d2 88 c3 ff 48 83 e5 01 0f 85 b4 00 00 00 0f 1f 44 00 00 e8 de 83 c3 ff 4c 89 ff <be> 08 00 00 00 e8 b1 4a 29 00 48 b8 00 00 00 00 00 fc ff df 41 80
RSP: 0018:ffffc9000528f2c8 EFLAGS: 00000293
RAX: ffffffff81d2a322 RBX: 1ffffd40005ff631 RCX: ffff888028228000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffea0002ffb180
RBP: 0000000000000000 R08: ffffffff81d2a30e R09: 1ffffd40005ff636
R10: dffffc0000000000 R11: fffff940005ff637 R12: 0000000000000016
R13: 1ffffd40005ff630 R14: ffffea0002ffb188 R15: ffffea0002ffb180
 truncate_inode_folio+0x55/0x70 mm/truncate.c:194
 shmem_undo_range+0x45d/0x1df0 mm/shmem.c:1001
 shmem_truncate_range mm/shmem.c:1114 [inline]
 shmem_evict_inode+0x29b/0xa60 mm/shmem.c:1242
 evict+0x2aa/0x630 fs/inode.c:667
 __dentry_kill+0x20d/0x630 fs/dcache.c:603
 dput+0x19f/0x2b0 fs/dcache.c:845
 __fput+0x68c/0x8b0 fs/file_table.c:430
 task_work_run+0x251/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa27/0x27e0 kernel/exit.c:874
 do_group_exit+0x207/0x2c0 kernel/exit.c:1023
 get_signal+0x16a1/0x1740 kernel/signal.c:2909
 arch_do_signal_or_restart+0x96/0x860 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0xc9/0x370 kernel/entry/common.c:218
 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f5e8107bbef
Code: Unable to access opcode bytes at 0x7f5e8107bbc5.
RSP: 002b:00007f5e81d46e80 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
RAX: 0000000000c17000 RBX: 00000000013bd7ef RCX: 00007f5e8107bbef
RDX: 00000000013bd7ef RSI: 00007f5e76e00000 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000550d
R10: 00000000000003ca R11: 0000000000000293 R12: 0000000000000005
R13: 00007f5e81d46f80 R14: 00007f5e81d46f40 R15: 00007f5e76e00000
 </TASK>
----------------
Code disassembly (best guess):
   0:	29 00                	sub    %eax,(%rax)
   2:	49 8b 2e             	mov    (%r14),%rbp
   5:	48 89 ee             	mov    %rbp,%rsi
   8:	48 83 e6 01          	and    $0x1,%rsi
   c:	31 ff                	xor    %edi,%edi
   e:	e8 d2 88 c3 ff       	call   0xffc388e5
  13:	48 83 e5 01          	and    $0x1,%rbp
  17:	0f 85 b4 00 00 00    	jne    0xd1
  1d:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  22:	e8 de 83 c3 ff       	call   0xffc38405
  27:	4c 89 ff             	mov    %r15,%rdi
* 2a:	be 08 00 00 00       	mov    $0x8,%esi <-- trapping instruction
  2f:	e8 b1 4a 29 00       	call   0x294ae5
  34:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  3b:	fc ff df
  3e:	41                   	rex.B
  3f:	80                   	.byte 0x80

Crashes (12):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/15 07:26 upstream 2ccbdf43d5e7 8d849073 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/13 09:17 upstream cea2a26553ac 2aa5052f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/12 13:14 upstream 2ef5971ff345 4d75f4f7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/10 03:44 upstream 771ed66105de 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/10 02:00 upstream 771ed66105de 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/08 16:09 upstream dc772f8237f9 82c05ab8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/07 10:26 upstream 8a92980606e3 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/06 14:27 upstream 2df0193e62cf 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/06 03:33 upstream 71d7b52cc33b 121701b6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/05 04:23 upstream 32f88d65f01b e1e2c66e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/04 18:56 upstream 2ab795141095 a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
2024/06/04 16:10 upstream 2ab795141095 a1feae05 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING: locking bug in __schedule
* Struck through repros no longer work on HEAD.