Extracting prog: 7m11.606429422s
Minimizing prog: 56m24.289808574s
Simplifying prog options: 0s
Extracting C: 4m17.320684537s
Simplifying C: 28m32.999586409s
1 programs, timeouts [30s 6m0s]
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(r1, 0xb)
program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(r1, 0xb)
program crashed: WARNING in print_bfs_bug
single: successfully extracted reproducer
found reproducer with 5 syscalls
minimizing guilty program
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
program did not crash
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-tkill
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
tkill(r1, 0xb)
program did not crash
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(0x0, 0xb)
program did not crash
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(r1, 0xb)
program did not crash
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r0 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
tkill(r0, 0xb)
program did not crash
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(r1, 0xb)
program did not crash
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(r1, 0xb)
program did not crash
testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
detailed listing:
executing program 0:
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', 0x0, 0x0)
r1 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
tkill(r1, 0xb)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: WARNING in print_bfs_bug
simplifying C reproducer
testing compiled C program (duration=6m32.579458126s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: WARNING in print_bfs_bug
testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: WARNING in print_bfs_bug
testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: WARNING in print_bfs_bug
testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: WARNING in print_bfs_bug
testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill
program crashed: WARNING in print_bfs_bug
reproducing took 1h36m26.216535886s
repro crashed as (corrupted=false):
ceph: No mds server is up or the cluster is laggy
------------[ cut here ]------------
lockdep bfs error:-1
WARNING: CPU: 0 PID: 19916 at kernel/locking/lockdep.c:2070 print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070
Modules linked in:
CPU: 0 UID: 0 PID: 19916 Comm: syz-executor358 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070
Code: 90 90 90 90 90 90 55 89 fd 53 e8 87 91 1b 03 89 c3 e8 50 fd ff ff 85 db 74 14 90 48 c7 c7 40 dc 4c 8b 89 ee e8 6d 3e e5 ff 90 <0f> 0b 90 90 5b 5d c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000dd0f228 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff814e0d09
RDX: ffff888031fe5a00 RSI: ffffffff814e0d16 RDI: 0000000000000001
RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: fffffffffffeae98 R12: ffff888031fe6558
R13: ffff888031fe6580 R14: ffffc9000dd0f340 R15: dffffc0000000000
FS: 00007f1db30cb6c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000280 CR3: 00000000259b8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
check_irq_usage+0xe4a/0x1490 kernel/locking/lockdep.c:2823
check_prev_add kernel/locking/lockdep.c:3137 [inline]
check_prevs_add kernel/locking/lockdep.c:3252 [inline]
validate_chain kernel/locking/lockdep.c:3868 [inline]
__lock_acquire+0x2503/0x3cb0 kernel/locking/lockdep.c:5142
lock_acquire kernel/locking/lockdep.c:5759 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
update_cfs_rq_load_avg kernel/sched/fair.c:4587 [inline]
update_load_avg+0xeec/0x20d0 kernel/sched/fair.c:4746
put_prev_entity+0xc2/0x180 kernel/sched/fair.c:5503
pick_next_task_fair+0x5c9/0x1220 kernel/sched/fair.c:8542
__pick_next_task+0xc2/0x3e0 kernel/sched/core.c:5812
pick_next_task kernel/sched/core.c:5914 [inline]
__schedule+0x40a/0x5490 kernel/sched/core.c:6484
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:6851
irqentry_exit+0x36/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x1f2/0x560 kernel/locking/lockdep.c:5727
Code: c1 05 1a ca 98 7e 83 f8 01 0f 85 ea 02 00 00 9c 58 f6 c4 02 0f 85 d5 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffffc9000dd0fa78 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff92001ba1f51 RCX: 0000000000000001
RDX: 0000000000000001 RSI: ffffffff8b4cda40 RDI: ffffffff8bb0f980
RBP: 0000000000000200 R08: 0000000000227f98 R09: fffffbfff2d577fa
R10: ffffffff96abbfd7 R11: 1ffffffff2bc42f0 R12: 0000000000000001
R13: 0000000000000000 R14: ffff888076ef1548 R15: 0000000000000000
touch_wq_lockdep_map+0x78/0x120 kernel/workqueue.c:3875
__flush_workqueue+0x129/0x1200 kernel/workqueue.c:3917
flush_fs_workqueues fs/ceph/super.c:882 [inline]
ceph_kill_sb+0xf9/0x5a0 fs/ceph/super.c:1537
deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
ceph_get_tree+0x14e1/0x1e10 fs/ceph/super.c:1362
vfs_get_tree+0x8f/0x380 fs/super.c:1800
vfs_cmd_create+0xd7/0x2a0 fs/fsopen.c:226
vfs_fsconfig_locked fs/fsopen.c:290 [inline]
__do_sys_fsconfig+0x88e/0xbe0 fs/fsopen.c:473
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1db3110419
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1db30cb238 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f1db319a328 RCX: 00007f1db3110419
RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 00007f1db319a320 R08: 0000000000000000 R09: 00007f1db30cb6c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1db3167074
R13: 0000000000000000 R14: 00007ffe49b8d790 R15: 00007ffe49b8d878
----------------
Code disassembly (best guess):
0: c1 05 1a ca 98 7e 83 roll $0x83,0x7e98ca1a(%rip) # 0x7e98ca21
7: f8 clc
8: 01 0f add %ecx,(%rdi)
a: 85 ea test %ebp,%edx
c: 02 00 add (%rax),%al
e: 00 9c 58 f6 c4 02 0f add %bl,0xf02c4f6(%rax,%rbx,2)
15: 85 d5 test %edx,%ebp
17: 02 00 add (%rax),%al
19: 00 48 85 add %cl,-0x7b(%rax)
1c: ed in (%dx),%eax
1d: 74 01 je 0x20
1f: fb sti
20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
27: fc ff df
* 2a: 48 01 c3 add %rax,%rbx <-- trapping instruction
2d: 48 c7 03 00 00 00 00 movq $0x0,(%rbx)
34: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx)
3b: 00
3c: 48 rex.W
3d: 8b .byte 0x8b
3e: 84 .byte 0x84
3f: 24 .byte 0x24
final repro crashed as (corrupted=false):
ceph: No mds server is up or the cluster is laggy
------------[ cut here ]------------
lockdep bfs error:-1
WARNING: CPU: 0 PID: 19916 at kernel/locking/lockdep.c:2070 print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070
Modules linked in:
CPU: 0 UID: 0 PID: 19916 Comm: syz-executor358 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070
Code: 90 90 90 90 90 90 55 89 fd 53 e8 87 91 1b 03 89 c3 e8 50 fd ff ff 85 db 74 14 90 48 c7 c7 40 dc 4c 8b 89 ee e8 6d 3e e5 ff 90 <0f> 0b 90 90 5b 5d c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000dd0f228 EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff814e0d09
RDX: ffff888031fe5a00 RSI: ffffffff814e0d16 RDI: 0000000000000001
RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: fffffffffffeae98 R12: ffff888031fe6558
R13: ffff888031fe6580 R14: ffffc9000dd0f340 R15: dffffc0000000000
FS: 00007f1db30cb6c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000280 CR3: 00000000259b8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
check_irq_usage+0xe4a/0x1490 kernel/locking/lockdep.c:2823
check_prev_add kernel/locking/lockdep.c:3137 [inline]
check_prevs_add kernel/locking/lockdep.c:3252 [inline]
validate_chain kernel/locking/lockdep.c:3868 [inline]
__lock_acquire+0x2503/0x3cb0 kernel/locking/lockdep.c:5142
lock_acquire kernel/locking/lockdep.c:5759 [inline]
lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154
update_cfs_rq_load_avg kernel/sched/fair.c:4587 [inline]
update_load_avg+0xeec/0x20d0 kernel/sched/fair.c:4746
put_prev_entity+0xc2/0x180 kernel/sched/fair.c:5503
pick_next_task_fair+0x5c9/0x1220 kernel/sched/fair.c:8542
__pick_next_task+0xc2/0x3e0 kernel/sched/core.c:5812
pick_next_task kernel/sched/core.c:5914 [inline]
__schedule+0x40a/0x5490 kernel/sched/core.c:6484
preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:6851
irqentry_exit+0x36/0x90 kernel/entry/common.c:354
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lock_acquire+0x1f2/0x560 kernel/locking/lockdep.c:5727
Code: c1 05 1a ca 98 7e 83 f8 01 0f 85 ea 02 00 00 9c 58 f6 c4 02 0f 85 d5 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24
RSP: 0018:ffffc9000dd0fa78 EFLAGS: 00000206
RAX: dffffc0000000000 RBX: 1ffff92001ba1f51 RCX: 0000000000000001
RDX: 0000000000000001 RSI: ffffffff8b4cda40 RDI: ffffffff8bb0f980
RBP: 0000000000000200 R08: 0000000000227f98 R09: fffffbfff2d577fa
R10: ffffffff96abbfd7 R11: 1ffffffff2bc42f0 R12: 0000000000000001
R13: 0000000000000000 R14: ffff888076ef1548 R15: 0000000000000000
touch_wq_lockdep_map+0x78/0x120 kernel/workqueue.c:3875
__flush_workqueue+0x129/0x1200 kernel/workqueue.c:3917
flush_fs_workqueues fs/ceph/super.c:882 [inline]
ceph_kill_sb+0xf9/0x5a0 fs/ceph/super.c:1537
deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
ceph_get_tree+0x14e1/0x1e10 fs/ceph/super.c:1362
vfs_get_tree+0x8f/0x380 fs/super.c:1800
vfs_cmd_create+0xd7/0x2a0 fs/fsopen.c:226
vfs_fsconfig_locked fs/fsopen.c:290 [inline]
__do_sys_fsconfig+0x88e/0xbe0 fs/fsopen.c:473
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1db3110419
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1db30cb238 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
RAX: ffffffffffffffda RBX: 00007f1db319a328 RCX: 00007f1db3110419
RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
RBP: 00007f1db319a320 R08: 0000000000000000 R09: 00007f1db30cb6c0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1db3167074
R13: 0000000000000000 R14: 00007ffe49b8d790 R15: 00007ffe49b8d878
----------------
Code disassembly (best guess):
0: c1 05 1a ca 98 7e 83 roll $0x83,0x7e98ca1a(%rip) # 0x7e98ca21
7: f8 clc
8: 01 0f add %ecx,(%rdi)
a: 85 ea test %ebp,%edx
c: 02 00 add (%rax),%al
e: 00 9c 58 f6 c4 02 0f add %bl,0xf02c4f6(%rax,%rbx,2)
15: 85 d5 test %edx,%ebp
17: 02 00 add (%rax),%al
19: 00 48 85 add %cl,-0x7b(%rax)
1c: ed in (%dx),%eax
1d: 74 01 je 0x20
1f: fb sti
20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
27: fc ff df
* 2a: 48 01 c3 add %rax,%rbx <-- trapping instruction
2d: 48 c7 03 00 00 00 00 movq $0x0,(%rbx)
34: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx)
3b: 00
3c: 48 rex.W
3d: 8b .byte 0x8b
3e: 84 .byte 0x84
3f: 24 .byte 0x24