From: Ryan Cai <[email protected]>
In method igmp_mcf_get_next, the lock state->im->lock is not released when likely(psf) returns true.
Signed-off-by: Ryan Cai <[email protected]>
---
net/ipv4/igmp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index d2e2b3d18c66..db6c7bfba1b8 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -2903,6 +2903,7 @@ static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq)
if (likely(psf)) {
state->im = im;
state->idev = idev;
+ spin_unlock_bh(&im->lock);
break;
}
spin_unlock_bh(&im->lock);
--
2.33.0
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 92768196fd46ebfdb7dcae6d62b5fcbe35a6f8f3 ("[PATCH] inet: missing lock releases in igmp.c")
url: https://github.com/0day-ci/linux/commits/ycaibb/inet-missing-lock-releases-in-igmp-c/20220121-112139
base: https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git 8aaaf2f3af2ae212428f4db1af34214225f5cec3
patch link: https://lore.kernel.org/netdev/[email protected]
in testcase: trinity
version: trinity-static-x86_64-x86_64-f93256fb_2019-08-28
with following parameters:
runtime: 300s
group: group-02
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-----------------------------------------------------------------------------+------------+------------+
| | 8aaaf2f3af | 92768196fd |
+-----------------------------------------------------------------------------+------------+------------+
| boot_successes | 82 | 28 |
| boot_failures | 0 | 3 |
| BUG:sleeping_function_called_from_invalid_context_at_lib/iov_iter.c | 0 | 2 |
| WARNING:at_lib/iov_iter.c:#copyout | 0 | 3 |
| RIP:copyout | 0 | 3 |
| WARNING:at_kernel/softirq.c:#__local_bh_enable_ip | 0 | 2 |
| RIP:__local_bh_enable_ip | 0 | 2 |
| WARNING:at_fs/read_write.c:#vfs_read | 0 | 3 |
| RIP:vfs_read | 0 | 3 |
| Kernel_panic-not_syncing:Aiee,killing_interrupt_handler | 0 | 3 |
| BUG:sleeping_function_called_from_invalid_context_at_kernel/locking/mutex.c | 0 | 1 |
+-----------------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>
[ 345.430065][ C0] BUG: sleeping function called from invalid context at lib/iov_iter.c:666
[ 345.430069][ C0] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 7096, name: trinity-c6
[ 345.430071][ C0] preempt_count: 7ffffdff, expected: 0
[ 345.430074][ C0] CPU: 0 PID: 7096 Comm: trinity-c6 Not tainted 5.16.0-rc8-02291-g92768196fd46 #1
[ 345.430077][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 345.430079][ C0] Call Trace:
[ 345.430107][ C0] <TASK>
[ 345.430110][ C0] dump_stack_lvl+0x34/0x44
[ 345.430118][ C0] __might_resched+0x134/0x149
[ 345.430124][ C0] __might_fault+0x1c/0x1d
[ 345.430130][ C0] _copy_to_iter+0x104/0x3e5
[ 345.430136][ C0] ? seq_printf+0x53/0x6a
[ 345.430142][ C0] ? igmp_mcf_get_first+0x6f/0x94
[ 345.430166][ C0] seq_read_iter+0x2f6/0x33e
[ 345.430169][ C0] seq_read+0xfb/0x11e
[ 345.430171][ C0] ? 0xffffffff81000000
[ 345.430174][ C0] proc_reg_read+0x8a/0xa2
[ 345.430178][ C0] do_loop_readv_writev+0x64/0x95
[ 345.430185][ C0] do_iter_read+0x93/0xba
[ 345.430189][ C0] vfs_readv+0x6e/0xa6
[ 345.430193][ C0] ? timerqueue_add+0x62/0x77
[ 345.430198][ C0] ? 0xffffffff81000000
[ 345.430199][ C0] ? __hrtimer_get_remaining+0x4a/0x69
[ 345.430204][ C0] ? __cond_resched+0x25/0x29
[ 345.430209][ C0] ? mutex_lock+0x1f/0x3a
[ 345.430212][ C0] do_readv+0x7e/0xec
[ 345.430216][ C0] do_syscall_64+0x73/0x86
[ 345.430220][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 345.430226][ C0] RIP: 0033:0x453b29
[ 345.430230][ C0] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 84 00 00 c3 66 2e 0f 1f 84 00 00 00 00
[ 345.430232][ C0] RSP: 002b:00007ffe81d7bf48 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 345.430236][ C0] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000000453b29
[ 345.430238][ C0] RDX: 0000000000000016 RSI: 000000000148e390 RDI: 0000000000000105
[ 345.430240][ C0] RBP: 00007ffe81d7bff0 R08: 00000000000000ff R09: ffffffffffffffff
[ 345.430242][ C0] R10: 0000000000000059 R11: 0000000000000246 R12: 0000000000000002
[ 345.430244][ C0] R13: 00007fc5653df058 R14: 00000000010a2830 R15: 00007fc5653df000
[ 345.430247][ C0] </TASK>
[ 345.430272][ C0] ------------[ cut here ]------------
[ 345.430273][ C0] WARNING: CPU: 0 PID: 7096 at lib/iov_iter.c:155 copyout+0x26/0x4d
[ 345.430278][ C0] Modules linked in: can_bcm can_raw can cn scsi_transport_iscsi sr_mod cdrom
[ 345.430287][ C0] CPU: 0 PID: 7096 Comm: trinity-c6 Tainted: G W 5.16.0-rc8-02291-g92768196fd46 #1
[ 345.430289][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 345.430290][ C0] RIP: 0010:copyout+0x26/0x4d
[ 345.430294][ C0] Code: 5e 41 5f c3 49 89 f0 48 89 d1 65 8b 05 f7 46 c0 7e a9 00 01 ff 00 74 14 65 48 8b 04 25 00 ad 01 00 83 b8 20 0a 00 00 00 75 02 <0f> 0b 48 ba 00 f0 ff ff ff 7f 00 00 48 89 ce e8 73 e6 ff ff 84 c0
[ 345.430297][ C0] RSP: 0018:ffffc9000048fbf0 EFLAGS: 00010246
[ 345.430299][ C0] RAX: ffff88812098bd00 RBX: ffff88812051c000 RCX: 0000000000000014
[ 345.430301][ C0] RDX: 0000000000000014 RSI: ffff88812051c000 RDI: 00007fc5652d4000
[ 345.430302][ C0] RBP: 0000000000000014 R08: ffff88812051c000 R09: 0000000000000000
[ 345.430304][ C0] R10: 0000000000000000 R11: 0000000000000004 R12: 0000000000000000
[ 345.430305][ C0] R13: ffffc9000048fcd0 R14: 0000000000000000 R15: ffffc9000048fce0
[ 345.430307][ C0] FS: 00000000010a2880(0000) GS:ffff88842fc00000(0000) knlGS:0000000000000000
[ 345.430310][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 345.430312][ C0] CR2: 00007fc5663555cc CR3: 0000000120e74000 CR4: 00000000000406f0
[ 345.430317][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 345.430319][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 345.430321][ C0] Call Trace:
[ 345.430322][ C0] <TASK>
[ 345.430323][ C0] _copy_to_iter+0x159/0x3e5
[ 345.430328][ C0] ? igmp_mcf_get_first+0x6f/0x94
[ 345.430332][ C0] seq_read_iter+0x2f6/0x33e
[ 345.430335][ C0] seq_read+0xfb/0x11e
[ 345.430337][ C0] ? 0xffffffff81000000
[ 345.430339][ C0] proc_reg_read+0x8a/0xa2
[ 345.430342][ C0] do_loop_readv_writev+0x64/0x95
[ 345.430346][ C0] do_iter_read+0x93/0xba
[ 345.430350][ C0] vfs_readv+0x6e/0xa6
[ 345.430354][ C0] ? timerqueue_add+0x62/0x77
[ 345.430357][ C0] ? 0xffffffff81000000
[ 345.430359][ C0] ? __hrtimer_get_remaining+0x4a/0x69
[ 345.430363][ C0] ? __cond_resched+0x25/0x29
[ 345.430366][ C0] ? mutex_lock+0x1f/0x3a
[ 345.430369][ C0] do_readv+0x7e/0xec
[ 345.430373][ C0] do_syscall_64+0x73/0x86
[ 345.430376][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 345.430380][ C0] RIP: 0033:0x453b29
[ 345.430382][ C0] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 84 00 00 c3 66 2e 0f 1f 84 00 00 00 00
[ 345.430385][ C0] RSP: 002b:00007ffe81d7bf48 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 345.430388][ C0] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000000453b29
[ 345.430390][ C0] RDX: 0000000000000016 RSI: 000000000148e390 RDI: 0000000000000105
[ 345.430392][ C0] RBP: 00007ffe81d7bff0 R08: 00000000000000ff R09: ffffffffffffffff
[ 345.430394][ C0] R10: 0000000000000059 R11: 0000000000000246 R12: 0000000000000002
[ 345.430395][ C0] R13: 00007fc5653df058 R14: 00000000010a2830 R15: 00007fc5653df000
[ 345.430398][ C0] </TASK>
[ 345.430399][ C0] ---[ end trace cf934c2bd26ce80c ]---
To reproduce:
# build kernel
cd linux
cp config-5.16.0-rc8-02291-g92768196fd46 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/[email protected] Intel Corporation
Thanks,
Oliver Sang