lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 5 Apr 2018 20:54:50 +0200
From:   Dmitry Vyukov <>
To:     Dave Chinner <>
Cc:     syzbot <>,, LKML <>,,
Subject: Re: WARNING: bad unlock balance in xfs_iunlock

On Tue, Apr 3, 2018 at 6:38 AM, Dave Chinner <> wrote:
> On Mon, Apr 02, 2018 at 07:01:02PM -0700, syzbot wrote:
>> Hello,
>> syzbot hit the following crash on upstream commit
>> 86bbbebac1933e6e95e8234c4f7d220c5ddd38bc (Mon Apr 2 18:47:07 2018 +0000)
>> Merge branch 'ras-core-for-linus' of
>> git://
>> syzbot dashboard link:
>> C reproducer:
>> syzkaller reproducer:
> What a mess. A hand built, hopelessly broken filesystem image made
> up of hex dumps, written into a mmap()d region of memory, then
> copied into a tmpfs file and mounted with the loop device.
> Engineers that can debug broken filesystems don't grow on trees.  If
> we are to have any hope of understanding what the hell this test is
> doing, the bot needs to supply us with a copy of the built
> filesystem image the test uses. We need to be able to point forensic
> tools at the image to decode all the structures into human readable
> format - if we are forced to do that by hand or jump through hoops
> to create our own filesystem image than I'm certainly not going to
> waste time looking at these reports...

Hi Dave,

Here is the image:
(took me about a minute to extract from test by replacing memfd_create
with open and running the program).
Then do the following to trigger the bug:
losetup /dev/loop0 xfs.repro
mkdir xfs
mount -t xfs -o nouuid,prjquota,noikeep,quota /dev/loop0 xfs

To answer your more general question: syzbot is not a system to test
solely file systems, it finds bugs in hundreds of kernel subsystems.
Generating image for file systems, media files for sound and
FaceDancer programs that crash host when  FaceDancer device is plugged
into USB is not feasible. And in the end it's not even clear what
kernel subsystem is at fault and even if it somehow figures out that
it's a filesystem, it's unclear that it's exactly an image that
provokes the bug. syzbot provides C reproducers which is a reasonable
common ground for bug reports. At this point the bug needs human
attention. Some bugs are trivial enough that a developer does not even
need to look at the reproducer. Some bugs are so involved that only an
expert in a particular subsystem can figure out what happens there.

Powered by blists - more mailing lists