[syzbot] [input?] possible deadlock in input_ff_flush
6 views
Skip to first unread message
syzbot
Jan 5, 2025, 3:40:21 PMJan 5
Hello,
syzbot found the following issue on:
HEAD commit: ccb98ccef0e5 Merge tag 'platform-drivers-x86-v6.13-4' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1613fac4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dc863cc90857c683
dashboard link: https://syzkaller.appspot.com/bug?extid=ed7c6209f62eba1565aa
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17bd56df980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-ccb98cce.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1f85617cae1e/vmlinux-ccb98cce.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0dc4d6c6c931/bzImage-ccb98cce.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 Not tainted
------------------------------------------------------
udevd/5941 is trying to acquire lock:
ffff8880293600b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
but task is already holding lock:
ffff88804d45b2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x4b/0xd0 drivers/input/input.c:647
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&dev->mutex#2){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_register_handle+0xca/0x5e0 drivers/input/input.c:2725
kbd_connect+0xca/0x160 drivers/tty/vt/keyboard.c:1587
input_attach_handler.isra.0+0x181/0x260 drivers/input/input.c:1032
input_register_device+0xa84/0x1110 drivers/input/input.c:2475
acpi_button_add+0x57a/0xb70 drivers/acpi/button.c:615
acpi_device_probe+0xc6/0x330 drivers/acpi/bus.c:1076
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__driver_attach+0x283/0x580 drivers/base/dd.c:1216
bus_for_each_dev+0x13c/0x1d0 drivers/base/bus.c:370
bus_add_driver+0x2e9/0x690 drivers/base/bus.c:675
driver_register+0x15c/0x4b0 drivers/base/driver.c:246
__acpi_bus_register_driver+0xdf/0x130 drivers/acpi/bus.c:1027
acpi_button_register_driver drivers/acpi/button.c:745 [inline]
acpi_button_driver_init+0x82/0x110 drivers/acpi/button.c:754
do_one_initcall+0x128/0x700 init/main.c:1266
do_initcall_level init/main.c:1328 [inline]
do_initcalls init/main.c:1344 [inline]
do_basic_setup init/main.c:1363 [inline]
kernel_init_freeable+0x5c7/0x900 init/main.c:1577
kernel_init+0x1c/0x2b0 init/main.c:1466
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #2 (input_mutex){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_register_device+0x98a/0x1110 drivers/input/input.c:2468
uinput_create_device drivers/input/misc/uinput.c:365 [inline]
uinput_ioctl_handler.isra.0+0x130c/0x1d70 drivers/input/misc/uinput.c:918
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&newdev->mutex){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
uinput_request_send drivers/input/misc/uinput.c:151 [inline]
uinput_request_submit.part.0+0x25/0x2e0 drivers/input/misc/uinput.c:182
uinput_request_submit drivers/input/misc/uinput.c:179 [inline]
uinput_dev_upload_effect+0x175/0x1f0 drivers/input/misc/uinput.c:257
input_ff_upload+0x55b/0xbf0 drivers/input/ff-core.c:152
evdev_do_ioctl+0xf45/0x1ae0 drivers/input/evdev.c:1181
evdev_ioctl_handler drivers/input/evdev.c:1270 [inline]
evdev_ioctl+0x16a/0x1a0 drivers/input/evdev.c:1279
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&ff->mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
input_flush_device+0x97/0xd0 drivers/input/input.c:652
evdev_release+0x33d/0x400 drivers/input/evdev.c:435
__fput+0x3f8/0xb60 fs/file_table.c:450
__fput_sync+0xa1/0xc0 fs/file_table.c:535
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x86/0x100 fs/open.c:1539
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&ff->mutex --> input_mutex --> &dev->mutex#2
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&dev->mutex#2);
lock(input_mutex);
lock(&dev->mutex#2);
lock(&ff->mutex);
*** DEADLOCK ***
2 locks held by udevd/5941:
#0: ffff888024d58118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_release+0x77/0x400 drivers/input/evdev.c:432
#1: ffff88804d45b2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x4b/0xd0 drivers/input/input.c:647
stack backtrace:
CPU: 2 UID: 0 PID: 5941 Comm: udevd Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_circular_bug+0x419/0x5d0 kernel/locking/lockdep.c:2074
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
input_flush_device+0x97/0xd0 drivers/input/input.c:652
evdev_release+0x33d/0x400 drivers/input/evdev.c:435
__fput+0x3f8/0xb60 fs/file_table.c:450
__fput_sync+0xa1/0xc0 fs/file_table.c:535
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x86/0x100 fs/open.c:1539
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1d757850a8
Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007fffb61bcef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 00007f1d756b10e0 RCX: 00007f1d757850a8
RDX: fffffffffffffe60 RSI: 0000000080184540 RDI: 0000000000000008
RBP: 00005620d7ea5160 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: ccb98ccef0e5 Merge tag 'platform-drivers-x86-v6.13-4' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1613fac4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=dc863cc90857c683
dashboard link: https://syzkaller.appspot.com/bug?extid=ed7c6209f62eba1565aa
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17bd56df980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-ccb98cce.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1f85617cae1e/vmlinux-ccb98cce.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0dc4d6c6c931/bzImage-ccb98cce.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: [email protected]
======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 Not tainted
------------------------------------------------------
udevd/5941 is trying to acquire lock:
ffff8880293600b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
but task is already holding lock:
ffff88804d45b2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x4b/0xd0 drivers/input/input.c:647
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (&dev->mutex#2){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_register_handle+0xca/0x5e0 drivers/input/input.c:2725
kbd_connect+0xca/0x160 drivers/tty/vt/keyboard.c:1587
input_attach_handler.isra.0+0x181/0x260 drivers/input/input.c:1032
input_register_device+0xa84/0x1110 drivers/input/input.c:2475
acpi_button_add+0x57a/0xb70 drivers/acpi/button.c:615
acpi_device_probe+0xc6/0x330 drivers/acpi/bus.c:1076
call_driver_probe drivers/base/dd.c:579 [inline]
really_probe+0x23e/0xa90 drivers/base/dd.c:658
__driver_probe_device+0x1de/0x440 drivers/base/dd.c:800
driver_probe_device+0x4c/0x1b0 drivers/base/dd.c:830
__driver_attach+0x283/0x580 drivers/base/dd.c:1216
bus_for_each_dev+0x13c/0x1d0 drivers/base/bus.c:370
bus_add_driver+0x2e9/0x690 drivers/base/bus.c:675
driver_register+0x15c/0x4b0 drivers/base/driver.c:246
__acpi_bus_register_driver+0xdf/0x130 drivers/acpi/bus.c:1027
acpi_button_register_driver drivers/acpi/button.c:745 [inline]
acpi_button_driver_init+0x82/0x110 drivers/acpi/button.c:754
do_one_initcall+0x128/0x700 init/main.c:1266
do_initcall_level init/main.c:1328 [inline]
do_initcalls init/main.c:1344 [inline]
do_basic_setup init/main.c:1363 [inline]
kernel_init_freeable+0x5c7/0x900 init/main.c:1577
kernel_init+0x1c/0x2b0 init/main.c:1466
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
-> #2 (input_mutex){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_register_device+0x98a/0x1110 drivers/input/input.c:2468
uinput_create_device drivers/input/misc/uinput.c:365 [inline]
uinput_ioctl_handler.isra.0+0x130c/0x1d70 drivers/input/misc/uinput.c:918
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&newdev->mutex){+.+.}-{4:4}:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
uinput_request_send drivers/input/misc/uinput.c:151 [inline]
uinput_request_submit.part.0+0x25/0x2e0 drivers/input/misc/uinput.c:182
uinput_request_submit drivers/input/misc/uinput.c:179 [inline]
uinput_dev_upload_effect+0x175/0x1f0 drivers/input/misc/uinput.c:257
input_ff_upload+0x55b/0xbf0 drivers/input/ff-core.c:152
evdev_do_ioctl+0xf45/0x1ae0 drivers/input/evdev.c:1181
evdev_ioctl_handler drivers/input/evdev.c:1270 [inline]
evdev_ioctl+0x16a/0x1a0 drivers/input/evdev.c:1279
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&ff->mutex){+.+.}-{4:4}:
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
input_flush_device+0x97/0xd0 drivers/input/input.c:652
evdev_release+0x33d/0x400 drivers/input/evdev.c:435
__fput+0x3f8/0xb60 fs/file_table.c:450
__fput_sync+0xa1/0xc0 fs/file_table.c:535
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x86/0x100 fs/open.c:1539
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&ff->mutex --> input_mutex --> &dev->mutex#2
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&dev->mutex#2);
lock(input_mutex);
lock(&dev->mutex#2);
lock(&ff->mutex);
*** DEADLOCK ***
2 locks held by udevd/5941:
#0: ffff888024d58118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_release+0x77/0x400 drivers/input/evdev.c:432
#1: ffff88804d45b2c0 (&dev->mutex#2){+.+.}-{4:4}, at: input_flush_device+0x4b/0xd0 drivers/input/input.c:647
stack backtrace:
CPU: 2 UID: 0 PID: 5941 Comm: udevd Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_circular_bug+0x419/0x5d0 kernel/locking/lockdep.c:2074
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
input_flush_device+0x97/0xd0 drivers/input/input.c:652
evdev_release+0x33d/0x400 drivers/input/evdev.c:435
__fput+0x3f8/0xb60 fs/file_table.c:450
__fput_sync+0xa1/0xc0 fs/file_table.c:535
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x86/0x100 fs/open.c:1539
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1d757850a8
Code: 48 8b 05 83 9d 0d 00 64 c7 00 16 00 00 00 83 c8 ff 48 83 c4 20 5b c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 5b 48 8b 15 51 9d 0d 00 f7 d8 64 89 02 48 83
RSP: 002b:00007fffb61bcef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: ffffffffffffffda RBX: 00007f1d756b10e0 RCX: 00007f1d757850a8
RDX: fffffffffffffe60 RSI: 0000000080184540 RDI: 0000000000000008
RBP: 00005620d7ea5160 R08: 00000000ffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at [email protected].
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Hillf Danton
Jan 6, 2025, 1:29:54 PMJan 6
to syzbot, [email protected], [email protected]
On Sun, 05 Jan 2025 04:40:19 -0800
#syz test
--- x/drivers/input/input.c
+++ y/drivers/input/input.c
@@ -642,17 +642,11 @@ EXPORT_SYMBOL(input_open_device);
int input_flush_device(struct input_handle *handle, struct file *file)
{
struct input_dev *dev = handle->dev;
- int retval;
-
- retval = mutex_lock_interruptible(&dev->mutex);
- if (retval)
- return retval;
if (dev->flush)
- retval = dev->flush(dev, file);
+ return dev->flush(dev, file);
- mutex_unlock(&dev->mutex);
- return retval;
+ return 0;
}
EXPORT_SYMBOL(input_flush_device);
--
> syzbot found the following issue on:
>
> HEAD commit: ccb98ccef0e5 Merge tag 'platform-drivers-x86-v6.13-4' of g..
> git tree: upstream
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17bd56df980000
>
> HEAD commit: ccb98ccef0e5 Merge tag 'platform-drivers-x86-v6.13-4' of g..
> git tree: upstream
#syz test
--- x/drivers/input/input.c
+++ y/drivers/input/input.c
@@ -642,17 +642,11 @@ EXPORT_SYMBOL(input_open_device);
int input_flush_device(struct input_handle *handle, struct file *file)
{
struct input_dev *dev = handle->dev;
- int retval;
-
- retval = mutex_lock_interruptible(&dev->mutex);
- if (retval)
- return retval;
if (dev->flush)
- retval = dev->flush(dev, file);
+ return dev->flush(dev, file);
- mutex_unlock(&dev->mutex);
- return retval;
+ return 0;
}
EXPORT_SYMBOL(input_flush_device);
--
syzbot
Jan 6, 2025, 1:50:05 PMJan 6
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
RCU Tasks: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=8.
[ 1.320011][ T0] RCU Tasks Trace: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=8.
[ 1.413544][ T0] NR_IRQS: 4352, nr_irqs: 488, preallocated irqs: 16
[ 1.417998][ T0] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[ 1.422501][ T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88816da00000-0xffff88816dc00000
[ 1.452776][ T0] Console: colour VGA+ 80x25
[ 1.455468][ T0] printk: legacy console [ttyS0] enabled
[ 1.455468][ T0] printk: legacy console [ttyS0] enabled
[ 1.461552][ T0] printk: legacy bootconsole [earlyser0] disabled
[ 1.461552][ T0] printk: legacy bootconsole [earlyser0] disabled
[ 1.468502][ T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar
[ 1.473211][ T0] ... MAX_LOCKDEP_SUBCLASSES: 8
[ 1.475923][ T0] ... MAX_LOCK_DEPTH: 48
[ 1.478695][ T0] ... MAX_LOCKDEP_KEYS: 8192
[ 1.481553][ T0] ... CLASSHASH_SIZE: 4096
[ 1.484403][ T0] ... MAX_LOCKDEP_ENTRIES: 1048576
[ 1.487406][ T0] ... MAX_LOCKDEP_CHAINS: 1048576
[ 1.490409][ T0] ... CHAINHASH_SIZE: 524288
[ 1.493349][ T0] memory used by lock dependency info: 106625 kB
[ 1.496847][ T0] memory used for stack traces: 8320 kB
[ 1.499919][ T0] per task-struct memory footprint: 1920 bytes
[ 1.503473][ T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl
[ 1.510107][ T0] ACPI: Core revision 20240827
[ 1.513638][ T0] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
[ 1.519704][ T0] APIC: Switch to symmetric I/O mode setup
[ 1.522913][ T0] DMAR: Host address width 39
[ 1.525474][ T0] DMAR: DRHD base: 0x000000fed90000 flags: 0x0
[ 1.528986][ T0] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap d2008c22260206 ecap f00f5e
[ 1.534044][ T0] DMAR: ATSR flags: 0x1
[ 1.536335][ T0] DMAR-IR: IOAPIC id 0 under DRHD base 0xfed90000 IOMMU 0
[ 1.540418][ T0] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping.
[ 1.548667][ T0] DMAR-IR: Enabled IRQ remapping in x2apic mode
[ 1.552114][ T0] x2apic enabled
[ 1.554491][ T0] APIC: Switched APIC routing to: cluster x2apic
[ 1.557962][ T0] kvm-guest: APIC: send_IPI_mask() replaced with kvm_send_ipi_mask()
[ 1.562568][ T0] kvm-guest: APIC: send_IPI_mask_allbutself() replaced with kvm_send_ipi_mask_allbutself()
[ 1.567982][ T0] kvm-guest: setup PV IPIs
[ 1.581704][ T0] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[ 1.585771][ T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x257a52d4118, max_idle_ns: 440795307231 ns
[ 1.592018][ T0] Calibrating delay loop (skipped) preset value.. 5200.04 BogoMIPS (lpj=26000240)
[ 1.598053][ T0] x86/cpu: User Mode Instruction Prevention (UMIP) activated
[ 1.602772][ T0] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[ 1.606122][ T0] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0
[ 1.612067][ T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 1.617214][ T0] Spectre V2 : WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!
[ 1.622026][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on syscall and VM exit
[ 1.626659][ T0] Spectre V2 : Mitigation: Enhanced / Automatic IBRS
[ 1.632013][ T0] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 1.636821][ T0] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT
[ 1.641224][ T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[ 1.642068][ T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
[ 1.647090][ T0] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[ 1.652014][ T0] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[ 1.655416][ T0] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[ 1.662016][ T0] x86/fpu: Supporting XSAVE feature 0x020: 'AVX-512 opmask'
[ 1.665506][ T0] x86/fpu: Supporting XSAVE feature 0x040: 'AVX-512 Hi256'
[ 1.668910][ T0] x86/fpu: Supporting XSAVE feature 0x080: 'AVX-512 ZMM_Hi256'
[ 1.672015][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
[ 1.675340][ T0] x86/fpu: xstate_offset[5]: 832, xstate_sizes[5]: 64
[ 1.678673][ T0] x86/fpu: xstate_offset[6]: 896, xstate_sizes[6]: 512
[ 1.682014][ T0] x86/fpu: xstate_offset[7]: 1408, xstate_sizes[7]: 1024
[ 1.685374][ T0] x86/fpu: Enabled xstate features 0xe7, context size is 2432 bytes, using 'compacted' format.
[ 1.879449][ T0] Freeing SMP alternatives memory: 124K
[ 1.882022][ T0] pid_max: default: 32768 minimum: 301
[ 1.884916][ T0] LSM: initializing lsm=lockdown,capability,landlock,yama,safesetid,tomoyo,selinux,bpf,ima,evm
[ 1.890201][ T0] landlock: Up and running.
[ 1.892017][ T0] Yama: becoming mindful.
[ 1.894319][ T0] TOMOYO Linux initialized
[ 1.896440][ T0] SELinux: Initializing.
[ 1.900834][ T0] LSM support for eBPF active
[ 1.904266][ T0] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage)
[ 1.909837][ T0] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, vmalloc hugepage)
[ 1.912180][ T0] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc)
[ 1.916220][ T0] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc)
[ 1.924405][ T0] Running RCU synchronous self tests
[ 1.926906][ T0] Running RCU synchronous self tests
[ 1.932624][ T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.60GHz (family: 0x6, model: 0x6a, stepping: 0x6)
[ 1.939802][ T1] Running RCU Tasks wait API self tests
[ 2.052170][ T1] Running RCU Tasks Trace wait API self tests
[ 2.055195][ T1] Performance Events: unsupported p6 CPU model 106 no PMU driver, software events only.
[ 2.059975][ T1] signal: max sigframe size: 3632
[ 2.062509][ T1] rcu: Hierarchical SRCU implementation.
[ 2.065211][ T1] rcu: Max phase no-delay instances is 1000.
[ 2.068674][ T1] Timer migration: 2 hierarchy levels; 8 children per group; 1 crossnode level
[ 2.072179][ T15] Callback from call_rcu_tasks_trace() invoked.
[ 2.078054][ T1] NMI watchdog: Perf NMI watchdog permanently disabled
[ 2.082536][ T1] smp: Bringing up secondary CPUs ...
[ 2.086533][ T1] smpboot: x86: Booting SMP configuration:
[ 2.089356][ T1] .... node #0, CPUs: #2
[ 2.092529][ T22] ------------[ cut here ]------------
[ 2.096008][ T22] workqueue: work disable count underflowed
[ 2.099729][ T22] WARNING: CPU: 2 PID: 22 at kernel/workqueue.c:4317 enable_work+0x2fa/0x340
[ 2.102006][ T22] Modules linked in:
[ 2.102006][ T22] CPU: 2 UID: 0 PID: 22 Comm: cpuhp/2 Not tainted 6.13.0-rc6-syzkaller-g9d89551994a4-dirty #0
[ 2.102006][ T22] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2.102006][ T22] RIP: 0010:enable_work+0x2fa/0x340
[ 2.102006][ T22] Code: 89 ee e8 49 d6 36 00 45 84 ed 0f 85 28 fe ff ff e8 9b db 36 00 c6 05 f2 9f e4 0e 01 90 48 c7 c7 00 da 6b 8b e8 57 12 f7 ff 90 <0f> 0b 90 90 e9 05 fe ff ff 48 89 ef e8 e5 7f 99 00 e9 a9 fe ff ff
[ 2.102006][ T22] RSP: 0000:ffffc9000060fca0 EFLAGS: 00010082
[ 2.102006][ T22] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a5139
[ 2.102006][ T22] RDX: ffff88801d6dc880 RSI: ffffffff815a5146 RDI: 0000000000000001
[ 2.102006][ T22] RBP: ffff88806a838660 R08: 0000000000000001 R09: 0000000000000000
[ 2.102006][ T22] R10: 0000000000000000 R11: 0000000000000002 R12: 1ffff920000c1f95
[ 2.102006][ T22] R13: 0000000000000000 R14: 00000000000000c5 R15: ffffffff81dbfd90
[ 2.102006][ T22] FS: 0000000000000000(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000
[ 2.102006][ T22] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.102006][ T22] CR2: 0000000000000000 CR3: 000000000df7e000 CR4: 0000000000350ef0
[ 2.102006][ T22] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2.102006][ T22] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2.102006][ T22] Call Trace:
[ 2.102006][ T22] <TASK>
[ 2.102006][ T22] ? __warn+0xea/0x3c0
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] ? report_bug+0x3c0/0x580
[ 2.102006][ T22] ? handle_bug+0x54/0xa0
[ 2.102006][ T22] ? exc_invalid_op+0x17/0x50
[ 2.102006][ T22] ? asm_exc_invalid_op+0x1a/0x20
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? __warn_printk+0x199/0x350
[ 2.102006][ T22] ? __warn_printk+0x1a6/0x350
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] ? __pfx_enable_work+0x10/0x10
[ 2.102006][ T22] vmstat_cpu_online+0x83/0xf0
[ 2.102006][ T22] cpuhp_invoke_callback+0x3d0/0xa10
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? lock_acquire.part.0+0x350/0x380
[ 2.102006][ T22] ? cpuhp_next_state+0x100/0x1c0
[ 2.102006][ T22] cpuhp_thread_fun+0x480/0x6f0
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? smpboot_thread_fn+0x59d/0xa30
[ 2.102006][ T22] smpboot_thread_fn+0x661/0xa30
[ 2.102006][ T22] ? __kthread_parkme+0x148/0x220
[ 2.102006][ T22] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 2.102006][ T22] kthread+0x2c1/0x3a0
[ 2.102006][ T22] ? _raw_spin_unlock_irq+0x23/0x50
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork+0x45/0x80
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork_asm+0x1a/0x30
[ 2.102006][ T22] </TASK>
[ 2.102006][ T22] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2.102006][ T22] CPU: 2 UID: 0 PID: 22 Comm: cpuhp/2 Not tainted 6.13.0-rc6-syzkaller-g9d89551994a4-dirty #0
[ 2.102006][ T22] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2.102006][ T22] Call Trace:
[ 2.102006][ T22] <TASK>
[ 2.102006][ T22] dump_stack_lvl+0x3d/0x1f0
[ 2.102006][ T22] panic+0x71d/0x800
[ 2.102006][ T22] ? __pfx_panic+0x10/0x10
[ 2.102006][ T22] ? show_trace_log_lvl+0x29d/0x3d0
[ 2.102006][ T22] ? check_panic_on_warn+0x1f/0xb0
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] check_panic_on_warn+0xab/0xb0
[ 2.102006][ T22] __warn+0xf6/0x3c0
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] report_bug+0x3c0/0x580
[ 2.102006][ T22] handle_bug+0x54/0xa0
[ 2.102006][ T22] exc_invalid_op+0x17/0x50
[ 2.102006][ T22] asm_exc_invalid_op+0x1a/0x20
[ 2.102006][ T22] RIP: 0010:enable_work+0x2fa/0x340
[ 2.102006][ T22] Code: 89 ee e8 49 d6 36 00 45 84 ed 0f 85 28 fe ff ff e8 9b db 36 00 c6 05 f2 9f e4 0e 01 90 48 c7 c7 00 da 6b 8b e8 57 12 f7 ff 90 <0f> 0b 90 90 e9 05 fe ff ff 48 89 ef e8 e5 7f 99 00 e9 a9 fe ff ff
[ 2.102006][ T22] RSP: 0000:ffffc9000060fca0 EFLAGS: 00010082
[ 2.102006][ T22] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a5139
[ 2.102006][ T22] RDX: ffff88801d6dc880 RSI: ffffffff815a5146 RDI: 0000000000000001
[ 2.102006][ T22] RBP: ffff88806a838660 R08: 0000000000000001 R09: 0000000000000000
[ 2.102006][ T22] R10: 0000000000000000 R11: 0000000000000002 R12: 1ffff920000c1f95
[ 2.102006][ T22] R13: 0000000000000000 R14: 00000000000000c5 R15: ffffffff81dbfd90
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? __warn_printk+0x199/0x350
[ 2.102006][ T22] ? __warn_printk+0x1a6/0x350
[ 2.102006][ T22] ? __pfx_enable_work+0x10/0x10
[ 2.102006][ T22] vmstat_cpu_online+0x83/0xf0
[ 2.102006][ T22] cpuhp_invoke_callback+0x3d0/0xa10
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? lock_acquire.part.0+0x350/0x380
[ 2.102006][ T22] ? cpuhp_next_state+0x100/0x1c0
[ 2.102006][ T22] cpuhp_thread_fun+0x480/0x6f0
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? smpboot_thread_fn+0x59d/0xa30
[ 2.102006][ T22] smpboot_thread_fn+0x661/0xa30
[ 2.102006][ T22] ? __kthread_parkme+0x148/0x220
[ 2.102006][ T22] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 2.102006][ T22] kthread+0x2c1/0x3a0
[ 2.102006][ T22] ? _raw_spin_unlock_irq+0x23/0x50
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork+0x45/0x80
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork_asm+0x1a/0x30
[ 2.102006][ T22] </TASK>
[ 2.102006][ T22] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3770409158=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at d3ccff6372
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=d3ccff6372e07c6aabd02b5da419aa6492b5f0ad -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241226-091248'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d3ccff6372e07c6aabd02b5da419aa6492b5f0ad\"
/usr/bin/ld: /tmp/cc7jjcOI.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1270c4b0580000
Tested on:
commit: 9d895519 Linux 6.13-rc6
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=7bdfbaac3fbb90d6
syzbot tried to test the proposed patch but the build/boot failed:
RCU Tasks: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=8.
[ 1.320011][ T0] RCU Tasks Trace: Setting shift to 3 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=8.
[ 1.413544][ T0] NR_IRQS: 4352, nr_irqs: 488, preallocated irqs: 16
[ 1.417998][ T0] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[ 1.422501][ T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88816da00000-0xffff88816dc00000
[ 1.452776][ T0] Console: colour VGA+ 80x25
[ 1.455468][ T0] printk: legacy console [ttyS0] enabled
[ 1.455468][ T0] printk: legacy console [ttyS0] enabled
[ 1.461552][ T0] printk: legacy bootconsole [earlyser0] disabled
[ 1.461552][ T0] printk: legacy bootconsole [earlyser0] disabled
[ 1.468502][ T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar
[ 1.473211][ T0] ... MAX_LOCKDEP_SUBCLASSES: 8
[ 1.475923][ T0] ... MAX_LOCK_DEPTH: 48
[ 1.478695][ T0] ... MAX_LOCKDEP_KEYS: 8192
[ 1.481553][ T0] ... CLASSHASH_SIZE: 4096
[ 1.484403][ T0] ... MAX_LOCKDEP_ENTRIES: 1048576
[ 1.487406][ T0] ... MAX_LOCKDEP_CHAINS: 1048576
[ 1.490409][ T0] ... CHAINHASH_SIZE: 524288
[ 1.493349][ T0] memory used by lock dependency info: 106625 kB
[ 1.496847][ T0] memory used for stack traces: 8320 kB
[ 1.499919][ T0] per task-struct memory footprint: 1920 bytes
[ 1.503473][ T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl
[ 1.510107][ T0] ACPI: Core revision 20240827
[ 1.513638][ T0] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns
[ 1.519704][ T0] APIC: Switch to symmetric I/O mode setup
[ 1.522913][ T0] DMAR: Host address width 39
[ 1.525474][ T0] DMAR: DRHD base: 0x000000fed90000 flags: 0x0
[ 1.528986][ T0] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap d2008c22260206 ecap f00f5e
[ 1.534044][ T0] DMAR: ATSR flags: 0x1
[ 1.536335][ T0] DMAR-IR: IOAPIC id 0 under DRHD base 0xfed90000 IOMMU 0
[ 1.540418][ T0] DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping.
[ 1.548667][ T0] DMAR-IR: Enabled IRQ remapping in x2apic mode
[ 1.552114][ T0] x2apic enabled
[ 1.554491][ T0] APIC: Switched APIC routing to: cluster x2apic
[ 1.557962][ T0] kvm-guest: APIC: send_IPI_mask() replaced with kvm_send_ipi_mask()
[ 1.562568][ T0] kvm-guest: APIC: send_IPI_mask_allbutself() replaced with kvm_send_ipi_mask_allbutself()
[ 1.567982][ T0] kvm-guest: setup PV IPIs
[ 1.581704][ T0] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[ 1.585771][ T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x257a52d4118, max_idle_ns: 440795307231 ns
[ 1.592018][ T0] Calibrating delay loop (skipped) preset value.. 5200.04 BogoMIPS (lpj=26000240)
[ 1.598053][ T0] x86/cpu: User Mode Instruction Prevention (UMIP) activated
[ 1.602772][ T0] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[ 1.606122][ T0] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0
[ 1.612067][ T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 1.617214][ T0] Spectre V2 : WARNING: Unprivileged eBPF is enabled with eIBRS on, data leaks possible via Spectre v2 BHB attacks!
[ 1.622026][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on syscall and VM exit
[ 1.626659][ T0] Spectre V2 : Mitigation: Enhanced / Automatic IBRS
[ 1.632013][ T0] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 1.636821][ T0] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT
[ 1.641224][ T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[ 1.642068][ T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
[ 1.647090][ T0] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[ 1.652014][ T0] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[ 1.655416][ T0] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[ 1.662016][ T0] x86/fpu: Supporting XSAVE feature 0x020: 'AVX-512 opmask'
[ 1.665506][ T0] x86/fpu: Supporting XSAVE feature 0x040: 'AVX-512 Hi256'
[ 1.668910][ T0] x86/fpu: Supporting XSAVE feature 0x080: 'AVX-512 ZMM_Hi256'
[ 1.672015][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
[ 1.675340][ T0] x86/fpu: xstate_offset[5]: 832, xstate_sizes[5]: 64
[ 1.678673][ T0] x86/fpu: xstate_offset[6]: 896, xstate_sizes[6]: 512
[ 1.682014][ T0] x86/fpu: xstate_offset[7]: 1408, xstate_sizes[7]: 1024
[ 1.685374][ T0] x86/fpu: Enabled xstate features 0xe7, context size is 2432 bytes, using 'compacted' format.
[ 1.879449][ T0] Freeing SMP alternatives memory: 124K
[ 1.882022][ T0] pid_max: default: 32768 minimum: 301
[ 1.884916][ T0] LSM: initializing lsm=lockdown,capability,landlock,yama,safesetid,tomoyo,selinux,bpf,ima,evm
[ 1.890201][ T0] landlock: Up and running.
[ 1.892017][ T0] Yama: becoming mindful.
[ 1.894319][ T0] TOMOYO Linux initialized
[ 1.896440][ T0] SELinux: Initializing.
[ 1.900834][ T0] LSM support for eBPF active
[ 1.904266][ T0] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage)
[ 1.909837][ T0] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, vmalloc hugepage)
[ 1.912180][ T0] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc)
[ 1.916220][ T0] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, vmalloc)
[ 1.924405][ T0] Running RCU synchronous self tests
[ 1.926906][ T0] Running RCU synchronous self tests
[ 1.932624][ T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.60GHz (family: 0x6, model: 0x6a, stepping: 0x6)
[ 1.939802][ T1] Running RCU Tasks wait API self tests
[ 2.052170][ T1] Running RCU Tasks Trace wait API self tests
[ 2.055195][ T1] Performance Events: unsupported p6 CPU model 106 no PMU driver, software events only.
[ 2.059975][ T1] signal: max sigframe size: 3632
[ 2.062509][ T1] rcu: Hierarchical SRCU implementation.
[ 2.065211][ T1] rcu: Max phase no-delay instances is 1000.
[ 2.068674][ T1] Timer migration: 2 hierarchy levels; 8 children per group; 1 crossnode level
[ 2.072179][ T15] Callback from call_rcu_tasks_trace() invoked.
[ 2.078054][ T1] NMI watchdog: Perf NMI watchdog permanently disabled
[ 2.082536][ T1] smp: Bringing up secondary CPUs ...
[ 2.086533][ T1] smpboot: x86: Booting SMP configuration:
[ 2.089356][ T1] .... node #0, CPUs: #2
[ 2.092529][ T22] ------------[ cut here ]------------
[ 2.096008][ T22] workqueue: work disable count underflowed
[ 2.099729][ T22] WARNING: CPU: 2 PID: 22 at kernel/workqueue.c:4317 enable_work+0x2fa/0x340
[ 2.102006][ T22] Modules linked in:
[ 2.102006][ T22] CPU: 2 UID: 0 PID: 22 Comm: cpuhp/2 Not tainted 6.13.0-rc6-syzkaller-g9d89551994a4-dirty #0
[ 2.102006][ T22] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2.102006][ T22] RIP: 0010:enable_work+0x2fa/0x340
[ 2.102006][ T22] Code: 89 ee e8 49 d6 36 00 45 84 ed 0f 85 28 fe ff ff e8 9b db 36 00 c6 05 f2 9f e4 0e 01 90 48 c7 c7 00 da 6b 8b e8 57 12 f7 ff 90 <0f> 0b 90 90 e9 05 fe ff ff 48 89 ef e8 e5 7f 99 00 e9 a9 fe ff ff
[ 2.102006][ T22] RSP: 0000:ffffc9000060fca0 EFLAGS: 00010082
[ 2.102006][ T22] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a5139
[ 2.102006][ T22] RDX: ffff88801d6dc880 RSI: ffffffff815a5146 RDI: 0000000000000001
[ 2.102006][ T22] RBP: ffff88806a838660 R08: 0000000000000001 R09: 0000000000000000
[ 2.102006][ T22] R10: 0000000000000000 R11: 0000000000000002 R12: 1ffff920000c1f95
[ 2.102006][ T22] R13: 0000000000000000 R14: 00000000000000c5 R15: ffffffff81dbfd90
[ 2.102006][ T22] FS: 0000000000000000(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000
[ 2.102006][ T22] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.102006][ T22] CR2: 0000000000000000 CR3: 000000000df7e000 CR4: 0000000000350ef0
[ 2.102006][ T22] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2.102006][ T22] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2.102006][ T22] Call Trace:
[ 2.102006][ T22] <TASK>
[ 2.102006][ T22] ? __warn+0xea/0x3c0
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] ? report_bug+0x3c0/0x580
[ 2.102006][ T22] ? handle_bug+0x54/0xa0
[ 2.102006][ T22] ? exc_invalid_op+0x17/0x50
[ 2.102006][ T22] ? asm_exc_invalid_op+0x1a/0x20
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? __warn_printk+0x199/0x350
[ 2.102006][ T22] ? __warn_printk+0x1a6/0x350
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] ? __pfx_enable_work+0x10/0x10
[ 2.102006][ T22] vmstat_cpu_online+0x83/0xf0
[ 2.102006][ T22] cpuhp_invoke_callback+0x3d0/0xa10
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? lock_acquire.part.0+0x350/0x380
[ 2.102006][ T22] ? cpuhp_next_state+0x100/0x1c0
[ 2.102006][ T22] cpuhp_thread_fun+0x480/0x6f0
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? smpboot_thread_fn+0x59d/0xa30
[ 2.102006][ T22] smpboot_thread_fn+0x661/0xa30
[ 2.102006][ T22] ? __kthread_parkme+0x148/0x220
[ 2.102006][ T22] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 2.102006][ T22] kthread+0x2c1/0x3a0
[ 2.102006][ T22] ? _raw_spin_unlock_irq+0x23/0x50
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork+0x45/0x80
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork_asm+0x1a/0x30
[ 2.102006][ T22] </TASK>
[ 2.102006][ T22] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 2.102006][ T22] CPU: 2 UID: 0 PID: 22 Comm: cpuhp/2 Not tainted 6.13.0-rc6-syzkaller-g9d89551994a4-dirty #0
[ 2.102006][ T22] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 2.102006][ T22] Call Trace:
[ 2.102006][ T22] <TASK>
[ 2.102006][ T22] dump_stack_lvl+0x3d/0x1f0
[ 2.102006][ T22] panic+0x71d/0x800
[ 2.102006][ T22] ? __pfx_panic+0x10/0x10
[ 2.102006][ T22] ? show_trace_log_lvl+0x29d/0x3d0
[ 2.102006][ T22] ? check_panic_on_warn+0x1f/0xb0
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] check_panic_on_warn+0xab/0xb0
[ 2.102006][ T22] __warn+0xf6/0x3c0
[ 2.102006][ T22] ? enable_work+0x2fa/0x340
[ 2.102006][ T22] report_bug+0x3c0/0x580
[ 2.102006][ T22] handle_bug+0x54/0xa0
[ 2.102006][ T22] exc_invalid_op+0x17/0x50
[ 2.102006][ T22] asm_exc_invalid_op+0x1a/0x20
[ 2.102006][ T22] RIP: 0010:enable_work+0x2fa/0x340
[ 2.102006][ T22] Code: 89 ee e8 49 d6 36 00 45 84 ed 0f 85 28 fe ff ff e8 9b db 36 00 c6 05 f2 9f e4 0e 01 90 48 c7 c7 00 da 6b 8b e8 57 12 f7 ff 90 <0f> 0b 90 90 e9 05 fe ff ff 48 89 ef e8 e5 7f 99 00 e9 a9 fe ff ff
[ 2.102006][ T22] RSP: 0000:ffffc9000060fca0 EFLAGS: 00010082
[ 2.102006][ T22] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff815a5139
[ 2.102006][ T22] RDX: ffff88801d6dc880 RSI: ffffffff815a5146 RDI: 0000000000000001
[ 2.102006][ T22] RBP: ffff88806a838660 R08: 0000000000000001 R09: 0000000000000000
[ 2.102006][ T22] R10: 0000000000000000 R11: 0000000000000002 R12: 1ffff920000c1f95
[ 2.102006][ T22] R13: 0000000000000000 R14: 00000000000000c5 R15: ffffffff81dbfd90
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? __warn_printk+0x199/0x350
[ 2.102006][ T22] ? __warn_printk+0x1a6/0x350
[ 2.102006][ T22] ? __pfx_enable_work+0x10/0x10
[ 2.102006][ T22] vmstat_cpu_online+0x83/0xf0
[ 2.102006][ T22] cpuhp_invoke_callback+0x3d0/0xa10
[ 2.102006][ T22] ? __pfx_vmstat_cpu_online+0x10/0x10
[ 2.102006][ T22] ? lock_acquire.part.0+0x350/0x380
[ 2.102006][ T22] ? cpuhp_next_state+0x100/0x1c0
[ 2.102006][ T22] cpuhp_thread_fun+0x480/0x6f0
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? __pfx_cpuhp_thread_fun+0x10/0x10
[ 2.102006][ T22] ? smpboot_thread_fn+0x59d/0xa30
[ 2.102006][ T22] smpboot_thread_fn+0x661/0xa30
[ 2.102006][ T22] ? __kthread_parkme+0x148/0x220
[ 2.102006][ T22] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 2.102006][ T22] kthread+0x2c1/0x3a0
[ 2.102006][ T22] ? _raw_spin_unlock_irq+0x23/0x50
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork+0x45/0x80
[ 2.102006][ T22] ? __pfx_kthread+0x10/0x10
[ 2.102006][ T22] ret_from_fork_asm+0x1a/0x30
[ 2.102006][ T22] </TASK>
[ 2.102006][ T22] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3770409158=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at d3ccff6372
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=d3ccff6372e07c6aabd02b5da419aa6492b5f0ad -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241226-091248'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d3ccff6372e07c6aabd02b5da419aa6492b5f0ad\"
/usr/bin/ld: /tmp/cc7jjcOI.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1270c4b0580000
Tested on:
commit: 9d895519 Linux 6.13-rc6
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=7bdfbaac3fbb90d6
dashboard link: https://syzkaller.appspot.com/bug?extid=ed7c6209f62eba1565aa
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1120c4b0580000
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Hillf Danton
Jan 6, 2025, 2:08:45 PMJan 6
to syzbot, [email protected], [email protected]
On Sun, 05 Jan 2025 04:40:19 -0800
> syzbot found the following issue on:
>
> HEAD commit: ccb98ccef0e5 Merge tag 'platform-drivers-x86-v6.13-4' of g..
> git tree: upstream
>
> HEAD commit: ccb98ccef0e5 Merge tag 'platform-drivers-x86-v6.13-4' of g..
> git tree: upstream
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17bd56df980000
#syz test
--- x/drivers/input/input.c
+++ y/drivers/input/input.c
@@ -642,17 +642,11 @@ EXPORT_SYMBOL(input_open_device);
int input_flush_device(struct input_handle *handle, struct file *file)
{
struct input_dev *dev = handle->dev;
- int retval;
-
- retval = mutex_lock_interruptible(&dev->mutex);
- if (retval)
- return retval;
if (dev->flush)
- retval = dev->flush(dev, file);
+ return dev->flush(dev, file);
- mutex_unlock(&dev->mutex);
- return retval;
+ return 0;
}
EXPORT_SYMBOL(input_flush_device);
--- x/mm/vmstat.c
#syz test
--- x/drivers/input/input.c
+++ y/drivers/input/input.c
@@ -642,17 +642,11 @@ EXPORT_SYMBOL(input_open_device);
int input_flush_device(struct input_handle *handle, struct file *file)
{
struct input_dev *dev = handle->dev;
- int retval;
-
- retval = mutex_lock_interruptible(&dev->mutex);
- if (retval)
- return retval;
if (dev->flush)
- retval = dev->flush(dev, file);
+ return dev->flush(dev, file);
- mutex_unlock(&dev->mutex);
- return retval;
+ return 0;
}
EXPORT_SYMBOL(input_flush_device);
+++ y/mm/vmstat.c
@@ -2122,9 +2122,11 @@ static void __init start_shepherd_timer(
{
int cpu;
- for_each_possible_cpu(cpu)
+ for_each_possible_cpu(cpu) {
INIT_DEFERRABLE_WORK(per_cpu_ptr(&vmstat_work, cpu),
vmstat_update);
+ disable_delayed_work(per_cpu_ptr(&vmstat_work, cpu));
+ }
schedule_delayed_work(&shepherd,
round_jiffies_relative(sysctl_stat_interval));
--
syzbot
Jan 6, 2025, 2:27:06 PMJan 6
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in evdev_cleanup
======================================================
WARNING: possible circular locking dependency detected
6.13.0-rc6-syzkaller-g9d89551994a4-dirty #0 Not tainted
------------------------------------------------------
syz.1.17/6488 is trying to acquire lock:
ffff888035d51118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_mark_dead drivers/input/evdev.c:1311 [inline]
ffff888035d51118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_cleanup+0x21/0x1a0 drivers/input/evdev.c:1320
but task is already holding lock:
ffffffff8f7250e8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x136/0x450 drivers/input/input.c:2271
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #3 (input_mutex){+.+.}-{4:4}:
evdev_cleanup+0x21/0x1a0 drivers/input/evdev.c:1320
evdev_disconnect+0x48/0xb0 drivers/input/evdev.c:1404
__input_unregister_device+0x1d5/0x450 drivers/input/input.c:2274
input_unregister_device+0xb9/0x100 drivers/input/input.c:2510
uinput_destroy_device+0x1f4/0x260 drivers/input/misc/uinput.c:299
uinput_release+0x34/0x50 drivers/input/misc/uinput.c:758
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(input_mutex);
lock(&newdev->mutex);
lock(input_mutex);
lock(&evdev->mutex);
*** DEADLOCK ***
1 lock held by syz.1.17/6488:
#0: ffffffff8f7250e8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x136/0x450 drivers/input/input.c:2271
stack backtrace:
CPU: 1 UID: 0 PID: 6488 Comm: syz.1.17 Not tainted 6.13.0-rc6-syzkaller-g9d89551994a4-dirty #0
evdev_cleanup+0x21/0x1a0 drivers/input/evdev.c:1320
evdev_disconnect+0x48/0xb0 drivers/input/evdev.c:1404
__input_unregister_device+0x1d5/0x450 drivers/input/input.c:2274
input_unregister_device+0xb9/0x100 drivers/input/input.c:2510
uinput_destroy_device+0x1f4/0x260 drivers/input/misc/uinput.c:299
uinput_release+0x34/0x50 drivers/input/misc/uinput.c:758
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f00f5385d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdc4d0ae08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f00f5577ba0 RCX: 00007f00f5385d29
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f00f5577ba0 R08: 0000000000000000 R09: 00007ffdc4d0b0ff
R10: 00007f00f5577ac0 R11: 0000000000000246 R12: 0000000000012434
R13: 00007ffdc4d0af10 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
Tested on:
commit: 9d895519 Linux 6.13-rc6
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=172936f8580000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
possible deadlock in evdev_cleanup
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz.1.17/6488 is trying to acquire lock:
ffff888035d51118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_mark_dead drivers/input/evdev.c:1311 [inline]
ffff888035d51118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_cleanup+0x21/0x1a0 drivers/input/evdev.c:1320
but task is already holding lock:
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_register_device+0x98a/0x1110 drivers/input/input.c:2462
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
uinput_create_device drivers/input/misc/uinput.c:365 [inline]
uinput_ioctl_handler.isra.0+0x130c/0x1d70 drivers/input/misc/uinput.c:918
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #2 (&newdev->mutex){+.+.}-{4:4}:
uinput_ioctl_handler.isra.0+0x130c/0x1d70 drivers/input/misc/uinput.c:918
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
uinput_request_send drivers/input/misc/uinput.c:151 [inline]
uinput_request_submit.part.0+0x25/0x2e0 drivers/input/misc/uinput.c:182
uinput_request_submit drivers/input/misc/uinput.c:179 [inline]
uinput_dev_upload_effect+0x175/0x1f0 drivers/input/misc/uinput.c:257
input_ff_upload+0x55b/0xbf0 drivers/input/ff-core.c:152
evdev_do_ioctl+0xf45/0x1ae0 drivers/input/evdev.c:1181
evdev_ioctl_handler drivers/input/evdev.c:1270 [inline]
evdev_ioctl+0x16a/0x1a0 drivers/input/evdev.c:1279
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #1 (&ff->mutex){+.+.}-{4:4}:
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
uinput_request_send drivers/input/misc/uinput.c:151 [inline]
uinput_request_submit.part.0+0x25/0x2e0 drivers/input/misc/uinput.c:182
uinput_request_submit drivers/input/misc/uinput.c:179 [inline]
uinput_dev_upload_effect+0x175/0x1f0 drivers/input/misc/uinput.c:257
input_ff_upload+0x55b/0xbf0 drivers/input/ff-core.c:152
evdev_do_ioctl+0xf45/0x1ae0 drivers/input/evdev.c:1181
evdev_ioctl_handler drivers/input/evdev.c:1270 [inline]
evdev_ioctl+0x16a/0x1a0 drivers/input/evdev.c:1279
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl fs/ioctl.c:892 [inline]
__x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
input_flush_device+0x6e/0xa0 drivers/input/input.c:647
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
input_ff_flush+0x63/0x170 drivers/input/ff-core.c:242
uinput_dev_flush+0x2a/0x40 drivers/input/misc/uinput.c:283
evdev_release+0x33d/0x400 drivers/input/evdev.c:435
__fput+0x3f8/0xb60 fs/file_table.c:450
__fput_sync+0xa1/0xc0 fs/file_table.c:535
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x86/0x100 fs/open.c:1539
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
-> #0 (&evdev->mutex){+.+.}-{4:4}:
__fput+0x3f8/0xb60 fs/file_table.c:450
__fput_sync+0xa1/0xc0 fs/file_table.c:535
__do_sys_close fs/open.c:1554 [inline]
__se_sys_close fs/open.c:1539 [inline]
__x64_sys_close+0x86/0x100 fs/open.c:1539
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
evdev_mark_dead drivers/input/evdev.c:1311 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
evdev_cleanup+0x21/0x1a0 drivers/input/evdev.c:1320
evdev_disconnect+0x48/0xb0 drivers/input/evdev.c:1404
__input_unregister_device+0x1d5/0x450 drivers/input/input.c:2274
input_unregister_device+0xb9/0x100 drivers/input/input.c:2510
uinput_destroy_device+0x1f4/0x260 drivers/input/misc/uinput.c:299
uinput_release+0x34/0x50 drivers/input/misc/uinput.c:758
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
other info that might help us debug this:
Chain exists of:
&evdev->mutex --> &newdev->mutex --> input_mutex
other info that might help us debug this:
Chain exists of:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&newdev->mutex);
lock(input_mutex);
lock(&evdev->mutex);
*** DEADLOCK ***
1 lock held by syz.1.17/6488:
#0: ffffffff8f7250e8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x136/0x450 drivers/input/input.c:2271
stack backtrace:
CPU: 1 UID: 0 PID: 6488 Comm: syz.1.17 Not tainted 6.13.0-rc6-syzkaller-g9d89551994a4-dirty #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_circular_bug+0x419/0x5d0 kernel/locking/lockdep.c:2074
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
evdev_mark_dead drivers/input/evdev.c:1311 [inline]
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
print_circular_bug+0x419/0x5d0 kernel/locking/lockdep.c:2074
check_noncircular+0x31a/0x400 kernel/locking/lockdep.c:2206
check_prev_add kernel/locking/lockdep.c:3161 [inline]
check_prevs_add kernel/locking/lockdep.c:3280 [inline]
validate_chain kernel/locking/lockdep.c:3904 [inline]
__lock_acquire+0x249e/0x3c40 kernel/locking/lockdep.c:5226
lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849
__mutex_lock_common kernel/locking/mutex.c:585 [inline]
__mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
evdev_cleanup+0x21/0x1a0 drivers/input/evdev.c:1320
evdev_disconnect+0x48/0xb0 drivers/input/evdev.c:1404
__input_unregister_device+0x1d5/0x450 drivers/input/input.c:2274
input_unregister_device+0xb9/0x100 drivers/input/input.c:2510
uinput_destroy_device+0x1f4/0x260 drivers/input/misc/uinput.c:299
uinput_release+0x34/0x50 drivers/input/misc/uinput.c:758
__fput+0x3f8/0xb60 fs/file_table.c:450
task_work_run+0x14e/0x250 kernel/task_work.c:239
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f00f5385d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdc4d0ae08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
RAX: 0000000000000000 RBX: 00007f00f5577ba0 RCX: 00007f00f5385d29
RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
RBP: 00007f00f5577ba0 R08: 0000000000000000 R09: 00007ffdc4d0b0ff
R10: 00007f00f5577ac0 R11: 0000000000000246 R12: 0000000000012434
R13: 00007ffdc4d0af10 R14: 0000000000000032 R15: ffffffffffffffff
</TASK>
Tested on:
commit: 9d895519 Linux 6.13-rc6
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=7bdfbaac3fbb90d6
dashboard link: https://syzkaller.appspot.com/bug?extid=ed7c6209f62eba1565aa
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=10ab3418580000
dashboard link: https://syzkaller.appspot.com/bug?extid=ed7c6209f62eba1565aa
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
Hillf Danton
Jan 7, 2025, 1:45:20 PMJan 7
to [email protected], Boqun Feng, syzbot, Tetsuo Handa, [email protected], [email protected], [email protected]
On Sun, 05 Jan 2025 04:40:19 -0800
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/input/misc/uinput.c?id=ccb98ccef0e5#n348
> uinput_ioctl_handler.isra.0+0x130c/0x1d70 drivers/input/misc/uinput.c:918
> vfs_ioctl fs/ioctl.c:51 [inline]
> __do_sys_ioctl fs/ioctl.c:906 [inline]
> __se_sys_ioctl fs/ioctl.c:892 [inline]
> __x64_sys_ioctl+0x190/0x200 fs/ioctl.c:892
> do_syscall_x64 arch/x86/entry/common.c:52 [inline]
> do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
> entry_SYSCALL_64_after_hwframe+0x77/0x7f
>
> -> #1 (&newdev->mutex){+.+.}-{4:4}:
> __mutex_lock_common kernel/locking/mutex.c:585 [inline]
> __mutex_lock+0x19b/0xa60 kernel/locking/mutex.c:735
> uinput_request_send drivers/input/misc/uinput.c:151 [inline]
> uinput_request_submit.part.0+0x25/0x2e0 drivers/input/misc/uinput.c:182
> uinput_request_submit drivers/input/misc/uinput.c:179 [inline]
> uinput_dev_upload_effect+0x175/0x1f0 drivers/input/misc/uinput.c:257
> input_ff_upload+0x55b/0xbf0 drivers/input/ff-core.c:152
the upload callback can not be invoked before it is inited. So this
report is false positive.
Reply all
Reply to author
Forward
0 new messages