| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Jun 2019 05:37:05 -0700
From: syzbot <syzbot+f9545ab3e9f85cd43a3a@...kaller.appspotmail.com>
To: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk
Subject: WARNING: bad unlock balance in rcu_lock_release
Hello,
syzbot found the following crash on:
HEAD commit: bed3c0d8 Merge tag 'for-5.2-rc5-tag' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=148ef681a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=28ec3437a5394ee0
dashboard link: https://syzkaller.appspot.com/bug?extid=f9545ab3e9f85cd43a3a
compiler: clang version 9.0.0 (/home/glider/llvm/clang
80fee25776c2fb61e74c1ecb1a523375c2500b69)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+f9545ab3e9f85cd43a3a@...kaller.appspotmail.com
=====================================
WARNING: bad unlock balance detected!
5.2.0-rc5+ #3 Not tainted
-------------------------------------
syz-executor.3/1203 is trying to release lock (rcu_callback) at:
[<ffffffff81636ec4>] rcu_lock_release+0x4/0x20 include/linux/rcupdate.h:212
but there are no more locks to release!
other info that might help us debug this:
1 lock held by syz-executor.3/1203:
#0: 00000000ae396ab9 (&type->s_umount_key#48/1){+.+.}, at:
alloc_super+0x15f/0x740 fs/super.c:228
stack backtrace:
CPU: 0 PID: 1203 Comm: syz-executor.3 Not tainted 5.2.0-rc5+ #3
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1d8/0x2f8 lib/dump_stack.c:113
print_unlock_imbalance_bug+0x26d/0x2b0 kernel/locking/lockdep.c:3846
__lock_release kernel/locking/lockdep.c:4062 [inline]
lock_release+0x435/0x790 kernel/locking/lockdep.c:4322
rcu_lock_release+0x1c/0x20 include/linux/rcupdate.h:214
__rcu_reclaim kernel/rcu/rcu.h:223 [inline]
rcu_do_batch kernel/rcu/tree.c:2092 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2310 [inline]
rcu_core+0x8e2/0xf90 kernel/rcu/tree.c:2291
__do_softirq+0x340/0x7b0 arch/x86/include/asm/paravirt.h:777
invoke_softirq kernel/softirq.c:373 [inline]
irq_exit+0x21a/0x230 kernel/softirq.c:413
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0xf8/0x260 arch/x86/kernel/apic/apic.c:1068
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:806
</IRQ>
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:767
[inline]
RIP: 0010:console_unlock+0xa65/0xf20 kernel/printk/printk.c:2471
Code: 20 00 74 0c 48 c7 c7 90 63 aa 88 e8 a5 44 50 00 48 83 3d fd cc 4b 07
00 0f 84 7d 04 00 00 e8 52 1b 17 00 48 8b 7c 24 28 57 9d <0f> 1f 44 00 00
f6 44 24 1f 01 75 52 e8 3a 1b 17 00 eb 63 0f 1f 84
RSP: 0018:ffff88805b6c7540 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13
RAX: ffffffff815e969e RBX: 0000000000000200 RCX: 0000000000040000
RDX: ffffc9000c450000 RSI: 000000000002643c RDI: 0000000000000282
RBP: ffff88805b6c7670 R08: ffff88805cb14040 R09: fffffbfff115a505
R10: fffffbfff115a505 R11: 1ffffffff115a504 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff88c31298
vprintk_emit+0x239/0x3a0 kernel/printk/printk.c:1986
vprintk_default+0x28/0x30 kernel/printk/printk.c:2013
vprintk_func+0x158/0x170 kernel/printk/printk_safe.c:386
printk+0xc4/0x11d kernel/printk/printk.c:2046
__ntfs_error+0x21b/0x230 fs/ntfs/debug.c:89
parse_options+0x481/0x1f80 fs/ntfs/super.c:234
ntfs_fill_super+0x19b/0x2940 fs/ntfs/super.c:2748
mount_bdev+0x31c/0x440 fs/super.c:1346
ntfs_mount+0x34/0x40 fs/ntfs/super.c:3051
legacy_get_tree+0xf9/0x1a0 fs/fs_context.c:661
vfs_get_tree+0x8f/0x360 fs/super.c:1476
do_new_mount fs/namespace.c:2791 [inline]
do_mount+0x1813/0x2730 fs/namespace.c:3111
ksys_mount+0xcc/0x100 fs/namespace.c:3320
__do_sys_mount fs/namespace.c:3334 [inline]
__se_sys_mount fs/namespace.c:3331 [inline]
__x64_sys_mount+0xbf/0xd0 fs/namespace.c:3331
do_syscall_64+0xfe/0x140 arch/x86/entry/common.c:301
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45bd1a
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f
1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007f49071c9a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f49071c9b40 RCX: 000000000045bd1a
RDX: 00007f49071c9ae0 RSI: 0000000020000140 RDI: 00007f49071c9b00
RBP: 0000000000000000 R08: 00007f49071c9b40 R09: 00007f49071c9ae0
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
R13: 00000000004c82e2 R14: 00000000004deb40 R15: 00000000ffffffff
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
net_ratelimit: 21 callbacks suppressed
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
protocol 88fb is buggy, dev hsr_slave_0
protocol 88fb is buggy, dev hsr_slave_1
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Powered by blists - more mailing lists