syzbot

 sign-in | mailing list | source | docs
🐞 Open [750]
🐞 Fixed [50]
🐞 Invalid [462]
Missing Backports [60]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
💬 Send us feedback

inconsistent lock state in ppp_input

Status: upstream: reported C repro on 2024/09/22 06:33
Bug presence: origin:lts-only
[Documentation on labels]
Reported-by: syzbot+bfa482d65300d46e4576@syzkaller.appspotmail.com
First crash: 6d10h, last: 3d02h
Bug presence (2)
Date Name Commit Repro Result
2024/09/22 linux-5.15.y (ToT) 3a5928702e71 C [report] inconsistent lock state in ppp_input
2024/09/22 upstream (ToT) 88264981f208 C Didn't crash
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream inconsistent lock state in ppp_input ppp C 5 18h55m 1d09h 0/28 upstream: reported C repro on 2024/09/27 07:42

Sample crash report:
================================
WARNING: inconsistent lock state
5.15.167-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/0/14 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff0000d975b9e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
ffff0000d975b9e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2271 [inline]
ffff0000d975b9e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2303
{SOFTIRQ-ON-W} state was registered at:
  lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
  __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
  _raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154
  spin_lock include/linux/spinlock.h:363 [inline]
  ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2271 [inline]
  ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2303
  pppoe_rcv_core+0xf8/0x330 drivers/net/ppp/pppoe.c:379
  sk_backlog_rcv include/net/sock.h:1059 [inline]
  __release_sock+0x1a8/0x408 net/core/sock.c:2724
  release_sock+0x68/0x270 net/core/sock.c:3265
  pppoe_sendmsg+0xc8/0x5d0 drivers/net/ppp/pppoe.c:903
  sock_sendmsg_nosec net/socket.c:704 [inline]
  __sock_sendmsg net/socket.c:716 [inline]
  ____sys_sendmsg+0x584/0x870 net/socket.c:2431
  ___sys_sendmsg+0x214/0x294 net/socket.c:2485
  __sys_sendmmsg+0x23c/0x648 net/socket.c:2571
  __do_sys_sendmmsg net/socket.c:2600 [inline]
  __se_sys_sendmmsg net/socket.c:2597 [inline]
  __arm64_sys_sendmmsg+0xa0/0xbc net/socket.c:2597
  __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
  invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
  el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
  do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
  el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
  el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
  el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 264422
hardirqs last  enabled at (264422): [<ffff8000081b5dfc>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:388
hardirqs last disabled at (264421): [<ffff8000081b5d6c>] __local_bh_enable_ip+0x1a0/0x470 kernel/softirq.c:365
softirqs last  enabled at (264340): [<ffff8000081b6d74>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last  enabled at (264340): [<ffff8000081b6d74>] handle_softirqs+0xb88/0xdbc kernel/softirq.c:586
softirqs last disabled at (264345): [<ffff8000081b98a4>] run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(&pch->downl);
  <Interrupt>
    lock(&pch->downl);

 *** DEADLOCK ***

4 locks held by ksoftirqd/0/14:
 #0: ffff800014c917e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
 #1: ffff0000d8fe00a0 (slock-AF_PPPOX){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
 #1: ffff0000d8fe00a0 (slock-AF_PPPOX){+.-.}-{2:2}, at: __sk_receive_skb+0x168/0x960 net/core/sock.c:521
 #2: ffff0000d8fe0120 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: sk_receive_skb include/net/sock.h:1933 [inline]
 #2: ffff0000d8fe0120 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppoe_rcv+0x2c0/0x508 drivers/net/ppp/pppoe.c:451
 #3: ffff800014c917e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:311

stack backtrace:
CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
 dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
 dump_stack+0x1c/0x58 lib/dump_stack.c:113
 print_usage_bug+0x64c/0x9a8 kernel/locking/lockdep.c:3920
 mark_lock_irq+0x980/0xd2c
 mark_lock+0x258/0x360 kernel/locking/lockdep.c:4591
 __lock_acquire+0xb84/0x7638 kernel/locking/lockdep.c:4966
 lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:363 [inline]
 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2271 [inline]
 ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2303
 pppoe_rcv_core+0xf8/0x330 drivers/net/ppp/pppoe.c:379
 sk_backlog_rcv include/net/sock.h:1059 [inline]
 __sk_receive_skb+0x3f0/0x960 net/core/sock.c:528
 sk_receive_skb include/net/sock.h:1933 [inline]
 pppoe_rcv+0x2c0/0x508 drivers/net/ppp/pppoe.c:451
 __netif_receive_skb_one_core net/core/dev.c:5485 [inline]
 __netif_receive_skb+0x18c/0x400 net/core/dev.c:5599
 process_backlog+0x3ec/0x7e0 net/core/dev.c:6476
 __napi_poll+0xb4/0x624 net/core/dev.c:7035
 napi_poll net/core/dev.c:7102 [inline]
 net_rx_action+0x500/0xc10 net/core/dev.c:7192
 handle_softirqs+0x384/0xdbc kernel/softirq.c:558
 run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
 smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
 kthread+0x37c/0x45c kernel/kthread.c:334
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/09/23 04:22 linux-5.15.y 3a5928702e71 6f888b75 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 inconsistent lock state in ppp_input
2024/09/22 08:10 linux-5.15.y 3a5928702e71 6f888b75 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 inconsistent lock state in ppp_input
2024/09/23 02:31 linux-5.15.y 3a5928702e71 6f888b75 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 inconsistent lock state in ppp_input
2024/09/22 20:56 linux-5.15.y 3a5928702e71 6f888b75 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 inconsistent lock state in ppp_input
2024/09/22 14:42 linux-5.15.y 3a5928702e71 6f888b75 .config console log report syz / log [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 inconsistent lock state in ppp_input
2024/09/25 14:33 linux-5.15.y 3a5928702e71 349a68c4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 inconsistent lock state in ppp_input
2024/09/22 06:32 linux-5.15.y 3a5928702e71 6f888b75 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 inconsistent lock state in ppp_input
* Struck through repros no longer work on HEAD.