| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2024/09/22 | linux-5.15.y (ToT) | 3a5928702e71 | C | [report] inconsistent lock state in ppp_input |
| 2024/09/22 | upstream (ToT) | 88264981f208 | C | Didn't crash |
syzbot |
sign-in | mailing list | source | docs |
| Date | Name | Commit | Repro | Result |
|---|---|---|---|---|
| 2024/09/22 | linux-5.15.y (ToT) | 3a5928702e71 | C | [report] inconsistent lock state in ppp_input |
| 2024/09/22 | upstream (ToT) | 88264981f208 | C | Didn't crash |
| Kernel | Title | Rank 🛈 | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|---|
| linux-6.1 | inconsistent lock state in ppp_input | 4 | 5 | 374d | 387d | 0/3 | auto-obsoleted due to no activity on 2025/01/23 21:01 | |||
| upstream | inconsistent lock state in ppp_input ppp | 4 | C | 15 | 374d | 393d | 28/29 | fixed on 2024/11/12 23:31 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2024/12/01 15:02 | 46m | retest repro | linux-5.15.y | OK log | |
| 2024/10/31 23:30 | 20m | retest repro | linux-5.15.y | OK log | |
| 2024/10/31 23:30 | 20m | retest repro | linux-5.15.y | OK log | |
| 2024/10/31 23:30 | 20m | retest repro | linux-5.15.y | OK log | |
| 2024/10/31 23:30 | 25m | retest repro | linux-5.15.y | OK log |
================================
WARNING: inconsistent lock state
5.15.167-syzkaller #0 Not tainted
--------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
ksoftirqd/0/14 [HC0[0]:SC1[1]:HE1:SE0] takes:
ffff0000d115b9e0 (&pch->downl){+.?.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
ffff0000d115b9e0 (&pch->downl){+.?.}-{2:2}, at: ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2271 [inline]
ffff0000d115b9e0 (&pch->downl){+.?.}-{2:2}, at: ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2303
{SOFTIRQ-ON-W} state was registered at:
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:363 [inline]
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2271 [inline]
ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2303
pppoe_rcv_core+0xf8/0x330 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv include/net/sock.h:1059 [inline]
__release_sock+0x1a8/0x408 net/core/sock.c:2724
release_sock+0x68/0x270 net/core/sock.c:3265
pppoe_sendmsg+0xc8/0x5d0 drivers/net/ppp/pppoe.c:903
sock_sendmsg_nosec net/socket.c:704 [inline]
__sock_sendmsg net/socket.c:716 [inline]
____sys_sendmsg+0x584/0x870 net/socket.c:2431
___sys_sendmsg+0x214/0x294 net/socket.c:2485
__sys_sendmmsg+0x23c/0x648 net/socket.c:2571
__do_sys_sendmmsg net/socket.c:2600 [inline]
__se_sys_sendmmsg net/socket.c:2597 [inline]
__arm64_sys_sendmmsg+0xa0/0xbc net/socket.c:2597
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
irq event stamp: 335074
hardirqs last enabled at (335074): [<ffff8000081b5dfc>] __local_bh_enable_ip+0x230/0x470 kernel/softirq.c:388
hardirqs last disabled at (335073): [<ffff8000081b5d6c>] __local_bh_enable_ip+0x1a0/0x470 kernel/softirq.c:365
softirqs last enabled at (335040): [<ffff8000081b6d74>] softirq_handle_end kernel/softirq.c:401 [inline]
softirqs last enabled at (335040): [<ffff8000081b6d74>] handle_softirqs+0xb88/0xdbc kernel/softirq.c:586
softirqs last disabled at (335045): [<ffff8000081b98a4>] run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&pch->downl);
<Interrupt>
lock(&pch->downl);
*** DEADLOCK ***
4 locks held by ksoftirqd/0/14:
#0: ffff800014c917e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x18/0x54 include/linux/rcupdate.h:311
#1: ffff0000db9550a0 (slock-AF_PPPOX){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:363 [inline]
#1: ffff0000db9550a0 (slock-AF_PPPOX){+.-.}-{2:2}, at: __sk_receive_skb+0x168/0x960 net/core/sock.c:521
#2: ffff0000db955120 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: sk_receive_skb include/net/sock.h:1933 [inline]
#2: ffff0000db955120 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppoe_rcv+0x2c0/0x508 drivers/net/ppp/pppoe.c:451
#3: ffff800014c917e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:311
stack backtrace:
CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
Call trace:
dump_backtrace+0x0/0x530 arch/arm64/kernel/stacktrace.c:152
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:216
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
print_usage_bug+0x64c/0x9a8 kernel/locking/lockdep.c:3920
mark_lock_irq+0x980/0xd2c
mark_lock+0x258/0x360 kernel/locking/lockdep.c:4591
__lock_acquire+0xb84/0x7638 kernel/locking/lockdep.c:4966
lock_acquire+0x240/0x77c kernel/locking/lockdep.c:5623
__raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
_raw_spin_lock+0xb0/0x10c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:363 [inline]
ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2271 [inline]
ppp_input+0x168/0x840 drivers/net/ppp/ppp_generic.c:2303
pppoe_rcv_core+0xf8/0x330 drivers/net/ppp/pppoe.c:379
sk_backlog_rcv include/net/sock.h:1059 [inline]
__sk_receive_skb+0x3f0/0x960 net/core/sock.c:528
sk_receive_skb include/net/sock.h:1933 [inline]
pppoe_rcv+0x2c0/0x508 drivers/net/ppp/pppoe.c:451
__netif_receive_skb_one_core net/core/dev.c:5485 [inline]
__netif_receive_skb+0x18c/0x400 net/core/dev.c:5599
process_backlog+0x3ec/0x7e0 net/core/dev.c:6476
__napi_poll+0xb4/0x624 net/core/dev.c:7035
napi_poll net/core/dev.c:7102 [inline]
net_rx_action+0x500/0xc10 net/core/dev.c:7192
handle_softirqs+0x384/0xdbc kernel/softirq.c:558
run_ksoftirqd+0x6c/0x29c kernel/softirq.c:925
smpboot_thread_fn+0x4b0/0x920 kernel/smpboot.c:164
kthread+0x37c/0x45c kernel/kthread.c:334
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:870
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2024/10/17 03:37 | linux-5.15.y | 3a5928702e71 | 666f77ed | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/17 03:31 | linux-5.15.y | 3a5928702e71 | 666f77ed | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/17 03:30 | linux-5.15.y | 3a5928702e71 | 666f77ed | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/15 19:03 | linux-5.15.y | 3a5928702e71 | 7eb57b4a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/11 14:23 | linux-5.15.y | 3a5928702e71 | cd942402 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/11 01:00 | linux-5.15.y | 3a5928702e71 | 8fbfc0c8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/08 10:12 | linux-5.15.y | 3a5928702e71 | 402f1df0 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/03 21:30 | linux-5.15.y | 3a5928702e71 | d7906eff | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/10/02 10:37 | linux-5.15.y | 3a5928702e71 | ea2b66a6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/09/30 18:27 | linux-5.15.y | 3a5928702e71 | bbd4e0a4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/09/25 14:33 | linux-5.15.y | 3a5928702e71 | 349a68c4 | .config | console log | report | info | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | |||
| 2024/09/23 04:22 | linux-5.15.y | 3a5928702e71 | 6f888b75 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | |
| 2024/09/23 02:31 | linux-5.15.y | 3a5928702e71 | 6f888b75 | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/09/22 20:56 | linux-5.15.y | 3a5928702e71 | 6f888b75 | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/09/22 14:42 | linux-5.15.y | 3a5928702e71 | 6f888b75 | .config | console log | report | syz / log | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | ||
| 2024/09/22 08:10 | linux-5.15.y | 3a5928702e71 | 6f888b75 | .config | console log | report | syz / log | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input | |
| 2024/09/22 06:32 | linux-5.15.y | 3a5928702e71 | 6f888b75 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-5-15-kasan-arm64 | inconsistent lock state in ppp_input |