lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sat, 04 Feb 2023 19:53:17 -0800
From:   syzbot <syzbot+9be7b6c4b696be5d83ef@...kaller.appspotmail.com>
To:     hdanton@...a.com, linux-kernel@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] WARNING in kernfs_get (4)

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

, MinObjects=0, CPUs=2, Nodes=2
[    1.717501][    T0] allocated 134217728 bytes of page_ext
[    1.718540][    T0] Node 0, zone      DMA: page owner found early allocated 0 pages
[    1.734855][    T0] Node 0, zone    DMA32: page owner found early allocated 16480 pages
[    1.749210][    T0] Node 0, zone   Normal: page owner found early allocated 0 pages
[    1.761271][    T0] Node 1, zone   Normal: page owner found early allocated 16387 pages
[    1.765251][    T0] Dynamic Preempt: full
[    1.768283][    T0] Running RCU self tests
[    1.769110][    T0] Running RCU synchronous self tests
[    1.770405][    T0] rcu: Preemptible hierarchical RCU implementation.
[    1.771628][    T0] rcu: 	RCU lockdep checking is enabled.
[    1.772927][    T0] rcu: 	RCU restricting CPUs from NR_CPUS=8 to nr_cpu_ids=2.
[    1.774914][    T0] rcu: 	RCU callback double-/use-after-free debug is enabled.
[    1.778891][    T0] rcu: 	RCU debug extended QS entry/exit.
[    1.780014][    T0] 	All grace periods are expedited (rcu_expedited).
[    1.781966][    T0] 	Trampoline variant of Tasks RCU enabled.
[    1.783245][    T0] 	Tracing variant of Tasks RCU enabled.
[    1.784739][    T0] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies.
[    1.786570][    T0] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
[    1.787814][    T0] Running RCU synchronous self tests
[    1.838925][    T0] NR_IRQS: 4352, nr_irqs: 440, preallocated irqs: 16
[    1.841535][    T0] rcu: srcu_init: Setting srcu_struct sizes based on contention.
[    1.843893][    T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88823bc00000-0xffff88823be00000
[    1.848775][    T0] Console: colour VGA+ 80x25
[    1.850276][    T0] printk: console [ttyS0] enabled
[    1.850276][    T0] printk: console [ttyS0] enabled
[    1.853413][    T0] printk: bootconsole [earlyser0] disabled
[    1.853413][    T0] printk: bootconsole [earlyser0] disabled
[    1.855838][    T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar
[    1.858426][    T0] ... MAX_LOCKDEP_SUBCLASSES:  8
[    1.859376][    T0] ... MAX_LOCK_DEPTH:          48
[    1.860552][    T0] ... MAX_LOCKDEP_KEYS:        8192
[    1.861693][    T0] ... CLASSHASH_SIZE:          4096
[    1.863082][    T0] ... MAX_LOCKDEP_ENTRIES:     131072
[    1.864096][    T0] ... MAX_LOCKDEP_CHAINS:      262144
[    1.864989][    T0] ... CHAINHASH_SIZE:          131072
[    1.866080][    T0]  memory used by lock dependency info: 20657 kB
[    1.871691][    T0]  memory used for stack traces: 8320 kB
[    1.873559][    T0]  per task-struct memory footprint: 1920 bytes
[    1.875136][    T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl
[    1.877636][    T0] ACPI: Core revision 20221020
[    1.879981][    T0] APIC: Switch to symmetric I/O mode setup
[    1.881638][    T0] x2apic enabled
[    1.885803][    T0] Switched APIC routing to physical x2apic.
[    1.893298][    T0] ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1
[    1.895225][    T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x1fb722e6169, max_idle_ns: 440795315647 ns
[    1.897819][    T0] Calibrating delay loop (skipped) preset value.. 4400.50 BogoMIPS (lpj=22002540)
[    1.907869][    T0] pid_max: default: 32768 minimum: 301
[    1.909069][    T0] LSM: initializing lsm=lockdown,capability,landlock,yama,safesetid,integrity,tomoyo,apparmor,bpf
[    1.911604][    T0] landlock: Up and running.
[    1.912502][    T0] Yama: becoming mindful.
[    1.913463][    T0] TOMOYO Linux initialized
[    1.914930][    T0] AppArmor: AppArmor initialized
[    1.915865][    T0] LSM support for eBPF active
[    1.922407][    T0] Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes, vmalloc hugepage)
[    1.928135][    T0] Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage)
[    1.932994][    T0] Mount-cache hash table entries: 16384 (order: 5, 131072 bytes, vmalloc)
[    1.935952][    T0] Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes, vmalloc)
[    1.941258][    T0] Last level iTLB entries: 4KB 64, 2MB 8, 4MB 8
[    1.943936][    T0] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0, 1GB 4
[    1.945781][    T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[    1.947867][    T0] Spectre V2 : Mitigation: IBRS
[    1.949618][    T0] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[    1.952093][    T0] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT
[    1.953984][    T0] RETBleed: Mitigation: IBRS
[    1.957848][    T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
[    1.960347][    T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl
[    1.962099][    T0] MDS: Mitigation: Clear CPU buffers
[    1.964603][    T0] TAA: Mitigation: Clear CPU buffers
[    1.965867][    T0] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode
[    1.981330][    T0] Freeing SMP alternatives memory: 116K
[    1.984341][    T0] Running RCU synchronous self tests
[    1.987821][    T0] Running RCU synchronous self tests
[    2.111432][    T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.20GHz (family: 0x6, model: 0x4f, stepping: 0x0)
[    2.117493][    T1] cblist_init_generic: Setting adjustable number of callback queues.
[    2.117793][    T1] cblist_init_generic: Setting shift to 1 and lim to 1.
[    2.118358][    T1] cblist_init_generic: Setting shift to 1 and lim to 1.
[    2.120842][    T1] Running RCU-tasks wait API self tests
[    2.238098][    T1] Performance Events: unsupported p6 CPU model 79 no PMU driver, software events only.
[    2.248777][    T1] rcu: Hierarchical SRCU implementation.
[    2.250923][    T1] rcu: 	Max phase no-delay instances is 1000.
[    2.258590][   T14] Callback from call_rcu_tasks_trace() invoked.
[    2.261457][    T1] NMI watchdog: Perf NMI watchdog permanently disabled
[    2.263689][    T1] smp: Bringing up secondary CPUs ...
[    2.267943][    T1] x86: Booting SMP configuration:
[    2.269141][    T1] .... node  #0, CPUs:      #1
[    2.271428][    T1] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.
[    2.271428][    T1] TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details.
[    2.277943][    T1] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details.
[    2.280865][    T1] smp: Brought up 2 nodes, 2 CPUs
[    2.281814][    T1] smpboot: Max logical packages: 1
[    2.283214][    T1] smpboot: Total of 2 processors activated (8801.01 BogoMIPS)
[    2.289093][    T1] devtmpfs: initialized
[    2.290610][    T1] sysfs: cannot create duplicate filename '//platform'
[    2.290610][    T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.2.0-rc6-next-20230131-syzkaller-09515-g80bd9028feca-dirty #0
[    2.292379][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[    2.293844][    T1] Call Trace:
[    2.294334][    T1]  <TASK>
[    2.294828][    T1]  dump_stack_lvl+0x136/0x150
[    2.295942][    T1]  sysfs_warn_dup+0x80/0xa0
[    2.297243][    T1]  sysfs_create_dir_ns+0x237/0x290
[    2.297793][    T1]  ? sysfs_create_mount_point+0xb0/0xb0
[    2.297793][    T1]  ? spin_bug+0x1c0/0x1c0
[    2.297793][    T1]  ? kobject_add_internal+0x12d/0x9e0
[    2.297793][    T1]  ? do_raw_spin_unlock+0x175/0x230
[    2.297793][    T1]  kobject_add_internal+0x2c7/0x9e0
[    2.297793][    T1]  kset_register+0x169/0x260
[    2.297793][    T1]  bus_register+0x230/0xc20
[    2.297793][    T1]  platform_bus_init+0x3e/0xa0
[    2.297793][    T1]  driver_init+0x38/0x60
[    2.297793][    T1]  kernel_init_freeable+0x42b/0x900
[    2.297793][    T1]  ? rest_init+0x2b0/0x2b0
[    2.297793][    T1]  kernel_init+0x1e/0x2c0
[    2.297793][    T1]  ? rest_init+0x2b0/0x2b0
[    2.297793][    T1]  ret_from_fork+0x1f/0x30
[    2.297793][    T1]  </TASK>
[    2.307843][    T1] kobject_add_internal failed for platform with -EEXIST, don't try to register things with the same name in the same directory.
[    2.310575][    T1] ------------[ cut here ]------------
[    2.311327][    T1] Device 'platform' does not have a release() function, it is broken and must be fixed. See Documentation/core-api/kobject.rst.
[    2.313636][    T1] WARNING: CPU: 1 PID: 1 at drivers/base/core.c:2291 device_release+0x1b5/0x240
[    2.317815][    T1] Modules linked in:
[    2.318583][    T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.2.0-rc6-next-20230131-syzkaller-09515-g80bd9028feca-dirty #0
[    2.320242][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[    2.321651][    T1] RIP: 0010:device_release+0x1b5/0x240
[    2.322452][    T1] Code: c1 ea 03 80 3c 02 00 0f 85 96 00 00 00 4c 8b 6d 50 4d 85 ed 74 1b e8 0a 3e 6a fc 4c 89 ee 48 c7 c7 a0 94 cd 8a e8 0b d9 31 fc <0f> 0b e9 e7 fe ff ff e8 ef 3d 6a fc 48 89 ea 48 b8 00 00 00 00 00
[    2.327815][    T1] RSP: 0000:ffffc90000067e58 EFLAGS: 00010282
[    2.329139][    T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[    2.330511][    T1] RDX: ffff8881400a8000 RSI: ffffffff81692aec RDI: 0000000000000005
[    2.331965][    T1] RBP: ffffffff8d40ccc0 R08: 0000000000000005 R09: 0000000000000000
[    2.333427][    T1] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888144a28000
[    2.334702][    T1] R13: ffffffff8acde860 R14: ffffffff8acde860 R15: 0000000000000000
[    2.336135][    T1] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[    2.337810][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    2.339203][    T1] CR2: 0000000000000000 CR3: 000000000c571000 CR4: 00000000003506e0
[    2.340338][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    2.341852][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    2.343006][    T1] Call Trace:
[    2.343585][    T1]  <TASK>
[    2.348082][    T1]  kobject_put+0x1c2/0x4d0
[    2.348082][    T1]  device_unregister+0x30/0xc0
[    2.348082][    T1]  platform_bus_init+0x6b/0xa0
[    2.348082][    T1]  driver_init+0x38/0x60
[    2.349919][    T1]  kernel_init_freeable+0x42b/0x900
[    2.351030][    T1]  ? rest_init+0x2b0/0x2b0
[    2.351733][    T1]  kernel_init+0x1e/0x2c0
[    2.353339][    T1]  ? rest_init+0x2b0/0x2b0
[    2.354220][    T1]  ret_from_fork+0x1f/0x30
[    2.355137][    T1]  </TASK>
[    2.359190][    T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[    2.359190][    T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.2.0-rc6-next-20230131-syzkaller-09515-g80bd9028feca-dirty #0
[    2.359190][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[    2.359190][    T1] Call Trace:
[    2.359190][    T1]  <TASK>
[    2.359190][    T1]  dump_stack_lvl+0xd9/0x150
[    2.367824][    T1]  panic+0x61b/0x6c0
[    2.367824][    T1]  ? panic_smp_self_stop+0x90/0x90
[    2.367824][    T1]  ? show_trace_log_lvl+0x285/0x390
[    2.367824][    T1]  ? device_release+0x1b5/0x240
[    2.367824][    T1]  check_panic_on_warn+0xb1/0xc0
[    2.367824][    T1]  __warn+0xf2/0x4f0
[    2.367824][    T1]  ? device_release+0x1b5/0x240
[    2.367824][    T1]  report_bug+0x206/0x2b0
[    2.377836][    T1]  handle_bug+0x3c/0x70
[    2.377836][    T1]  exc_invalid_op+0x18/0x50
[    2.377836][    T1]  asm_exc_invalid_op+0x1a/0x20
[    2.377836][    T1] RIP: 0010:device_release+0x1b5/0x240
[    2.377836][    T1] Code: c1 ea 03 80 3c 02 00 0f 85 96 00 00 00 4c 8b 6d 50 4d 85 ed 74 1b e8 0a 3e 6a fc 4c 89 ee 48 c7 c7 a0 94 cd 8a e8 0b d9 31 fc <0f> 0b e9 e7 fe ff ff e8 ef 3d 6a fc 48 89 ea 48 b8 00 00 00 00 00
[    2.377836][    T1] RSP: 0000:ffffc90000067e58 EFLAGS: 00010282
[    2.377836][    T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[    2.387900][    T1] RDX: ffff8881400a8000 RSI: ffffffff81692aec RDI: 0000000000000005
[    2.387900][    T1] RBP: ffffffff8d40ccc0 R08: 0000000000000005 R09: 0000000000000000
[    2.387900][    T1] R10: 0000000080000000 R11: 0000000000000000 R12: ffff888144a28000
[    2.387900][    T1] R13: ffffffff8acde860 R14: ffffffff8acde860 R15: 0000000000000000
[    2.387900][    T1]  ? vprintk+0x8c/0xa0
[    2.387900][    T1]  ? device_release+0x1b5/0x240
[    2.397826][    T1]  kobject_put+0x1c2/0x4d0
[    2.397826][    T1]  device_unregister+0x30/0xc0
[    2.397826][    T1]  platform_bus_init+0x6b/0xa0
[    2.397826][    T1]  driver_init+0x38/0x60
[    2.397826][    T1]  kernel_init_freeable+0x42b/0x900
[    2.397826][    T1]  ? rest_init+0x2b0/0x2b0
[    2.397826][    T1]  kernel_init+0x1e/0x2c0
[    2.397826][    T1]  ? rest_init+0x2b0/0x2b0
[    2.397826][    T1]  ret_from_fork+0x1f/0x30
[    2.407859][    T1]  </TASK>
[    2.407859][    T1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build4151365248=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at 9dfcf09cf
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=9dfcf09cf38eb123a007af28c5ee2562718893a0 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230123-142548'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=9dfcf09cf38eb123a007af28c5ee2562718893a0 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230123-142548'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=9dfcf09cf38eb123a007af28c5ee2562718893a0 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230123-142548'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"9dfcf09cf38eb123a007af28c5ee2562718893a0\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=15b247a5480000


Tested on:

commit:         80bd9028 Add linux-next specific files for 20230131
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
kernel config:  https://syzkaller.appspot.com/x/.config?x=904dc2f450eaad4a
dashboard link: https://syzkaller.appspot.com/bug?extid=9be7b6c4b696be5d83ef
compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch:          https://syzkaller.appspot.com/x/patch.diff?x=153e4c5d480000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ