syzbot

 sign-in | mailing list | source | docs
🐞 Open [212] 🐞 Fixed [22] 🐞 Invalid [61] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: scheduling while atomic in __kernfs_remove

Status: premoderation: reported on 2024/04/04 08:36
Reported-by: syzbot+c029a08ec5b663797b3d@syzkaller.appspotmail.com
First crash: 30d, last: 30d

Sample crash report:
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered disabled state
device bridge_slave_1 entered promiscuous mode
BUG: scheduling while atomic: syz-executor.2/8160/0x00000002
Modules linked in:
Preemption disabled at:
[<ffffffff8165ea9a>] is_module_text_address+0x1a/0x140 kernel/module.c:4811
CPU: 0 PID: 8160 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
 dump_stack+0x15/0x17 lib/dump_stack.c:113
 __schedule_bug+0x195/0x260 kernel/sched/core.c:5707
 schedule_debug kernel/sched/core.c:5734 [inline]
 __schedule+0xd19/0x1590 kernel/sched/core.c:6402
 schedule+0x11f/0x1e0 kernel/sched/core.c:6595
 rwsem_down_write_slowpath+0xde4/0x1d70 kernel/locking/rwsem.c:1207
 __down_write_common kernel/locking/rwsem.c:1341 [inline]
 __down_write kernel/locking/rwsem.c:1350 [inline]
 down_write+0x29/0x30 kernel/locking/rwsem.c:1603
 kernfs_drain fs/kernfs/dir.c:494 [inline]
 __kernfs_remove+0x5f0/0x9d0 fs/kernfs/dir.c:1378
 kernfs_remove_by_name_ns+0xec/0x160 fs/kernfs/dir.c:1582
 kernfs_remove_by_name include/linux/kernfs.h:619 [inline]
 remove_files fs/sysfs/group.c:28 [inline]
 sysfs_remove_group+0x10c/0x2a0 fs/sysfs/group.c:289
 netdev_queue_update_kobjects+0x388/0x400 net/core/net-sysfs.c:1724
 netif_set_real_num_tx_queues+0x16b/0x7c0 net/core/dev.c:2947
 veth_init_queues+0x89/0x190 drivers/net/veth.c:1626
 veth_newlink+0xb2f/0xe20 drivers/net/veth.c:1750
 __rtnl_newlink net/core/rtnetlink.c:3501 [inline]
 rtnl_newlink+0x1495/0x2050 net/core/rtnetlink.c:3549
 rtnetlink_rcv_msg+0x951/0xc40 net/core/rtnetlink.c:5630
 netlink_rcv_skb+0x1cf/0x410 net/netlink/af_netlink.c:2505
 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:5648
 netlink_unicast_kernel net/netlink/af_netlink.c:1330 [inline]
 netlink_unicast+0x8df/0xac0 net/netlink/af_netlink.c:1356
 netlink_sendmsg+0xa0a/0xd20 net/netlink/af_netlink.c:1924
 sock_sendmsg_nosec net/socket.c:704 [inline]
 __sock_sendmsg net/socket.c:716 [inline]
 __sys_sendto+0x564/0x720 net/socket.c:2058
 __do_sys_sendto net/socket.c:2070 [inline]
 __se_sys_sendto net/socket.c:2066 [inline]
 __x64_sys_sendto+0xe5/0x100 net/socket.c:2066
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fbbfd051a83
Code: 64 89 02 48 c7 c0 ff ff ff ff eb b7 66 2e 0f 1f 84 00 00 00 00 00 90 80 3d 81 04 10 00 00 41 89 ca 74 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 55 48 83 ec 30 44 89 4c 24
RSP: 002b:00007ffc7b2e6e18 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fbbfdca6620 RCX: 00007fbbfd051a83
RDX: 0000000000000068 RSI: 00007fbbfdca6670 RDI: 0000000000000003
RBP: 0000000000000001 R08: 00007ffc7b2e6e34 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003
R13: 0000000000000000 R14: 00007fbbfdca6670 R15: 0000000000000000
 </TASK>
device veth0_vlan entered promiscuous mode
device veth1_macvtap entered promiscuous mode

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/04 08:35 android13-5.15-lts 993bed180178 51c4dcff .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-5-15-perf BUG: scheduling while atomic in __kernfs_remove
* Struck through repros no longer work on HEAD.