Extracting prog: 7m11.606429422s Minimizing prog: 56m24.289808574s Simplifying prog options: 0s Extracting C: 4m17.320684537s Simplifying C: 28m32.999586409s 1 programs, timeouts [30s 6m0s] extracting reproducer from 1 programs testing a last program of every proc single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) program did not crash single: failed to extract reproducer single: executing 1 programs separately with timeout 6m0s testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) program crashed: WARNING in print_bfs_bug single: successfully extracted reproducer found reproducer with 5 syscalls minimizing guilty program testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) program did not crash testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-tkill detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() tkill(r1, 0xb) program did not crash testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(0x0, 0xb) program did not crash testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) program did not crash testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r0 = gettid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) tkill(r0, 0xb) program did not crash testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: r0 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) program did not crash testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) program did not crash testing program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill detailed listing: executing program 0: r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', 0x0, 0x0) r1 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) tkill(r1, 0xb) program did not crash extracting C reproducer testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: WARNING in print_bfs_bug simplifying C reproducer testing compiled C program (duration=6m32.579458126s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: no output from test machine a never seen crash title: no output from test machine, ignore testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: WARNING in print_bfs_bug testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: WARNING in print_bfs_bug testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: WARNING in print_bfs_bug testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: WARNING in print_bfs_bug testing compiled C program (duration=6m32.579458126s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): fsopen-fsconfig$FSCONFIG_SET_STRING-gettid-fsconfig$FSCONFIG_CMD_CREATE-tkill program crashed: WARNING in print_bfs_bug reproducing took 1h36m26.216535886s repro crashed as (corrupted=false): ceph: No mds server is up or the cluster is laggy ------------[ cut here ]------------ lockdep bfs error:-1 WARNING: CPU: 0 PID: 19916 at kernel/locking/lockdep.c:2070 print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070 Modules linked in: CPU: 0 UID: 0 PID: 19916 Comm: syz-executor358 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070 Code: 90 90 90 90 90 90 55 89 fd 53 e8 87 91 1b 03 89 c3 e8 50 fd ff ff 85 db 74 14 90 48 c7 c7 40 dc 4c 8b 89 ee e8 6d 3e e5 ff 90 <0f> 0b 90 90 5b 5d c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc9000dd0f228 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff814e0d09 RDX: ffff888031fe5a00 RSI: ffffffff814e0d16 RDI: 0000000000000001 RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fffffffffffeae98 R12: ffff888031fe6558 R13: ffff888031fe6580 R14: ffffc9000dd0f340 R15: dffffc0000000000 FS: 00007f1db30cb6c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000280 CR3: 00000000259b8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: check_irq_usage+0xe4a/0x1490 kernel/locking/lockdep.c:2823 check_prev_add kernel/locking/lockdep.c:3137 [inline] check_prevs_add kernel/locking/lockdep.c:3252 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x2503/0x3cb0 kernel/locking/lockdep.c:5142 lock_acquire kernel/locking/lockdep.c:5759 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 update_cfs_rq_load_avg kernel/sched/fair.c:4587 [inline] update_load_avg+0xeec/0x20d0 kernel/sched/fair.c:4746 put_prev_entity+0xc2/0x180 kernel/sched/fair.c:5503 pick_next_task_fair+0x5c9/0x1220 kernel/sched/fair.c:8542 __pick_next_task+0xc2/0x3e0 kernel/sched/core.c:5812 pick_next_task kernel/sched/core.c:5914 [inline] __schedule+0x40a/0x5490 kernel/sched/core.c:6484 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:6851 irqentry_exit+0x36/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x1f2/0x560 kernel/locking/lockdep.c:5727 Code: c1 05 1a ca 98 7e 83 f8 01 0f 85 ea 02 00 00 9c 58 f6 c4 02 0f 85 d5 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 RSP: 0018:ffffc9000dd0fa78 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: 1ffff92001ba1f51 RCX: 0000000000000001 RDX: 0000000000000001 RSI: ffffffff8b4cda40 RDI: ffffffff8bb0f980 RBP: 0000000000000200 R08: 0000000000227f98 R09: fffffbfff2d577fa R10: ffffffff96abbfd7 R11: 1ffffffff2bc42f0 R12: 0000000000000001 R13: 0000000000000000 R14: ffff888076ef1548 R15: 0000000000000000 touch_wq_lockdep_map+0x78/0x120 kernel/workqueue.c:3875 __flush_workqueue+0x129/0x1200 kernel/workqueue.c:3917 flush_fs_workqueues fs/ceph/super.c:882 [inline] ceph_kill_sb+0xf9/0x5a0 fs/ceph/super.c:1537 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473 ceph_get_tree+0x14e1/0x1e10 fs/ceph/super.c:1362 vfs_get_tree+0x8f/0x380 fs/super.c:1800 vfs_cmd_create+0xd7/0x2a0 fs/fsopen.c:226 vfs_fsconfig_locked fs/fsopen.c:290 [inline] __do_sys_fsconfig+0x88e/0xbe0 fs/fsopen.c:473 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1db3110419 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1db30cb238 EFLAGS: 00000246 ORIG_RAX: 00000000000001af RAX: ffffffffffffffda RBX: 00007f1db319a328 RCX: 00007f1db3110419 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 RBP: 00007f1db319a320 R08: 0000000000000000 R09: 00007f1db30cb6c0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1db3167074 R13: 0000000000000000 R14: 00007ffe49b8d790 R15: 00007ffe49b8d878 ---------------- Code disassembly (best guess): 0: c1 05 1a ca 98 7e 83 roll $0x83,0x7e98ca1a(%rip) # 0x7e98ca21 7: f8 clc 8: 01 0f add %ecx,(%rdi) a: 85 ea test %ebp,%edx c: 02 00 add (%rax),%al e: 00 9c 58 f6 c4 02 0f add %bl,0xf02c4f6(%rax,%rbx,2) 15: 85 d5 test %edx,%ebp 17: 02 00 add (%rax),%al 19: 00 48 85 add %cl,-0x7b(%rax) 1c: ed in (%dx),%eax 1d: 74 01 je 0x20 1f: fb sti 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 48 01 c3 add %rax,%rbx <-- trapping instruction 2d: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) 34: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx) 3b: 00 3c: 48 rex.W 3d: 8b .byte 0x8b 3e: 84 .byte 0x84 3f: 24 .byte 0x24 final repro crashed as (corrupted=false): ceph: No mds server is up or the cluster is laggy ------------[ cut here ]------------ lockdep bfs error:-1 WARNING: CPU: 0 PID: 19916 at kernel/locking/lockdep.c:2070 print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070 Modules linked in: CPU: 0 UID: 0 PID: 19916 Comm: syz-executor358 Not tainted 6.11.0-rc6-syzkaller-00019-g67784a74e258 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 RIP: 0010:print_bfs_bug+0x24/0x30 kernel/locking/lockdep.c:2070 Code: 90 90 90 90 90 90 55 89 fd 53 e8 87 91 1b 03 89 c3 e8 50 fd ff ff 85 db 74 14 90 48 c7 c7 40 dc 4c 8b 89 ee e8 6d 3e e5 ff 90 <0f> 0b 90 90 5b 5d c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc9000dd0f228 EFLAGS: 00010086 RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff814e0d09 RDX: ffff888031fe5a00 RSI: ffffffff814e0d16 RDI: 0000000000000001 RBP: 00000000ffffffff R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fffffffffffeae98 R12: ffff888031fe6558 R13: ffff888031fe6580 R14: ffffc9000dd0f340 R15: dffffc0000000000 FS: 00007f1db30cb6c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000280 CR3: 00000000259b8000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: check_irq_usage+0xe4a/0x1490 kernel/locking/lockdep.c:2823 check_prev_add kernel/locking/lockdep.c:3137 [inline] check_prevs_add kernel/locking/lockdep.c:3252 [inline] validate_chain kernel/locking/lockdep.c:3868 [inline] __lock_acquire+0x2503/0x3cb0 kernel/locking/lockdep.c:5142 lock_acquire kernel/locking/lockdep.c:5759 [inline] lock_acquire+0x1b1/0x560 kernel/locking/lockdep.c:5724 __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline] _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154 update_cfs_rq_load_avg kernel/sched/fair.c:4587 [inline] update_load_avg+0xeec/0x20d0 kernel/sched/fair.c:4746 put_prev_entity+0xc2/0x180 kernel/sched/fair.c:5503 pick_next_task_fair+0x5c9/0x1220 kernel/sched/fair.c:8542 __pick_next_task+0xc2/0x3e0 kernel/sched/core.c:5812 pick_next_task kernel/sched/core.c:5914 [inline] __schedule+0x40a/0x5490 kernel/sched/core.c:6484 preempt_schedule_irq+0x51/0x90 kernel/sched/core.c:6851 irqentry_exit+0x36/0x90 kernel/entry/common.c:354 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:lock_acquire+0x1f2/0x560 kernel/locking/lockdep.c:5727 Code: c1 05 1a ca 98 7e 83 f8 01 0f 85 ea 02 00 00 9c 58 f6 c4 02 0f 85 d5 02 00 00 48 85 ed 74 01 fb 48 b8 00 00 00 00 00 fc ff df <48> 01 c3 48 c7 03 00 00 00 00 48 c7 43 08 00 00 00 00 48 8b 84 24 RSP: 0018:ffffc9000dd0fa78 EFLAGS: 00000206 RAX: dffffc0000000000 RBX: 1ffff92001ba1f51 RCX: 0000000000000001 RDX: 0000000000000001 RSI: ffffffff8b4cda40 RDI: ffffffff8bb0f980 RBP: 0000000000000200 R08: 0000000000227f98 R09: fffffbfff2d577fa R10: ffffffff96abbfd7 R11: 1ffffffff2bc42f0 R12: 0000000000000001 R13: 0000000000000000 R14: ffff888076ef1548 R15: 0000000000000000 touch_wq_lockdep_map+0x78/0x120 kernel/workqueue.c:3875 __flush_workqueue+0x129/0x1200 kernel/workqueue.c:3917 flush_fs_workqueues fs/ceph/super.c:882 [inline] ceph_kill_sb+0xf9/0x5a0 fs/ceph/super.c:1537 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473 ceph_get_tree+0x14e1/0x1e10 fs/ceph/super.c:1362 vfs_get_tree+0x8f/0x380 fs/super.c:1800 vfs_cmd_create+0xd7/0x2a0 fs/fsopen.c:226 vfs_fsconfig_locked fs/fsopen.c:290 [inline] __do_sys_fsconfig+0x88e/0xbe0 fs/fsopen.c:473 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f1db3110419 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f1db30cb238 EFLAGS: 00000246 ORIG_RAX: 00000000000001af RAX: ffffffffffffffda RBX: 00007f1db319a328 RCX: 00007f1db3110419 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 RBP: 00007f1db319a320 R08: 0000000000000000 R09: 00007f1db30cb6c0 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1db3167074 R13: 0000000000000000 R14: 00007ffe49b8d790 R15: 00007ffe49b8d878 ---------------- Code disassembly (best guess): 0: c1 05 1a ca 98 7e 83 roll $0x83,0x7e98ca1a(%rip) # 0x7e98ca21 7: f8 clc 8: 01 0f add %ecx,(%rdi) a: 85 ea test %ebp,%edx c: 02 00 add (%rax),%al e: 00 9c 58 f6 c4 02 0f add %bl,0xf02c4f6(%rax,%rbx,2) 15: 85 d5 test %edx,%ebp 17: 02 00 add (%rax),%al 19: 00 48 85 add %cl,-0x7b(%rax) 1c: ed in (%dx),%eax 1d: 74 01 je 0x20 1f: fb sti 20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 27: fc ff df * 2a: 48 01 c3 add %rax,%rbx <-- trapping instruction 2d: 48 c7 03 00 00 00 00 movq $0x0,(%rbx) 34: 48 c7 43 08 00 00 00 movq $0x0,0x8(%rbx) 3b: 00 3c: 48 rex.W 3d: 8b .byte 0x8b 3e: 84 .byte 0x84 3f: 24 .byte 0x24