【openEuler 22.03】x86的syzkaller环境上发现BUG: sleeping function called from invalid context in console_lock问题

【环境信息】
软件信息：
1） OS版本及分支：openEuler 22.03
2）内核信息：5.10.0
3）发现问题的组件版本信息：syzkaller
【问题复现步骤】
复现程序：

r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x0)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xd)
sendfile(r1, r0, 0x0, 0x3)
ioctl$TCXONC(r1, 0x540a, 0x1)

出现概率(是否必现，概率性错误)：概率出现
【预期结果】
问题不出现
【实际结果】
发现BUG: sleeping function called from invalid context in console_lock问题
【附件信息】
BUG: sleeping function called from invalid context at kernel/printk/printk.c:2332
in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9373, name: syz-executor699
3 locks held by syz-executor699/9373:
#0: ffff88801e63c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 drivers/tty/tty_ldisc.c:266
#1: ffff88801e63c3f8 (&tty->flow_lock){....}-{2:2}, at: spin_lock_irq include/linux/spinlock.h:379 [inline]
#1: ffff88801e63c3f8 (&tty->flow_lock){....}-{2:2}, at: n_tty_ioctl_helper+0x2ff/0x680 drivers/tty/tty_ioctl.c:914
#2: ffff88801e63c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 drivers/tty/tty_ldisc.c:287
irq event stamp: 6804
hardirqs last enabled at (6803): [] quarantine_put+0xa0/0x1d0 mm/kasan/quarantine.c:217
hardirqs last disabled at (6804): [] __raw_spin_lock_irq include/linux/spinlock_api_smp.h:126 [inline]
hardirqs last disabled at (6804): [] _raw_spin_lock_irq+0x49/0xa0 kernel/locking/spinlock.c:167
softirqs last enabled at (5962): [] asm_call_irq_on_stack+0xf/0x20
softirqs last disabled at (5909): [] asm_call_irq_on_stack+0xf/0x20
Preemption disabled at:
[<0000000000000000>] 0x0
CPU: 2 PID: 9373 Comm: syz-executor699 Not tainted 5.10.0 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x137/0x1be lib/dump_stack.c:118
___might_sleep+0x3ef/0x530 kernel/sched/core.c:7300
console_lock+0x18/0x70 kernel/printk/printk.c:2332
do_con_write+0x71/0xddb0 drivers/tty/vt/vt.c:2868
con_write+0x20/0x40 drivers/tty/vt/vt.c:3255
n_hdlc_send_frames+0x34e/0xb20 drivers/tty/n_hdlc.c:289
tty_wakeup drivers/tty/tty_io.c:534 [inline]
__start_tty+0x164/0x1e0 drivers/tty/tty_io.c:806
n_tty_ioctl_helper+0x403/0x680 drivers/tty/tty_ioctl.c:917
tty_ioctl+0xe0b/0x1590 drivers/tty/tty_io.c:2682
vfs_ioctl fs/ioctl.c:48 [inline]
__do_sys_ioctl fs/ioctl.c:753 [inline]
__se_sys_ioctl+0xfb/0x170 fs/ioctl.c:739
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4409b9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 11 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffed813da08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004409b9
RDX: 0000000000000001 RSI: 000000000000540a RDI: 0000000000000004
RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000401fd0
R13: 0000000000402060 R14: 0000000000000000 R15: 0000000000000000

Hi zou_xian_sen, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers: @YangYingliang , @pi3orama , @成坚 (CHENG Jian) , @Qiuuuuu , @zhengzengkai , @gogooo , @Xie XiuQi

经查主线这个问题还没修复。

GVP openEuler / kernel

内容风险标识

评论 (2)

GVPopenEuler / kernel

内容风险标识