lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000000000000ea74310605f257d9@google.com>
Date:   Fri, 22 Sep 2023 06:11:15 -0700
From:   syzbot <syzbot+062317ea1d0a6d5e29e7@...kaller.appspotmail.com>
To:     hdanton@...a.com, linux-kernel@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [reiserfs?] possible deadlock in super_lock

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

: Allocated hash algorithm: sha256
[   27.035992][    T1] ima: No architecture policies found
[   27.042240][    T1] evm: Initialising EVM extended attributes:
[   27.048580][    T1] evm: security.selinux
[   27.052744][    T1] evm: security.SMACK64 (disabled)
[   27.058061][    T1] evm: security.SMACK64EXEC (disabled)
[   27.063553][    T1] evm: security.SMACK64TRANSMUTE (disabled)
[   27.069527][    T1] evm: security.SMACK64MMAP (disabled)
[   27.075116][    T1] evm: security.apparmor (disabled)
[   27.080399][    T1] evm: security.ima
[   27.084710][    T1] evm: security.capability
[   27.090479][    T1] evm: HMAC attrs: 0x1
[   27.097685][    T1] PM:   Magic number: 7:13:29
[   27.103531][    T1] tty ttydc: hash matches
[   27.108483][    T1] memory memory69: hash matches
[   27.115959][    T1] printk: console [netcon0] enabled
[   27.121787][    T1] netconsole: network logging started
[   27.128754][    T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[   27.137889][    T1] rdma_rxe: loaded
[   27.142619][    T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[   27.155065][    T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[   27.165314][    T1] clk: Disabling unused clocks
[   27.165914][  T921] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[   27.170274][    T1] ALSA device list:
[   27.180256][  T921] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[   27.184543][    T1]   #0: Dummy 1
[   27.184558][    T1]   #1: Loopback 1
[   27.184570][    T1]   #2: Virtual MIDI Card 1
[   27.212250][    T1] md: Waiting for all devices to be available before autodetect
[   27.220507][    T1] md: If you don't use raid, use raid=noautodetect
[   27.227162][    T1] md: Autodetecting RAID arrays.
[   27.232319][    T1] md: autorun ...
[   27.236020][    T1] md: ... autorun DONE.
[   27.282766][    T1] 
[   27.285112][    T1] =====================================
[   27.290728][    T1] WARNING: bad unlock balance detected!
[   27.296371][    T1] 6.6.0-rc2-syzkaller-00018-g2cf0f7156238-dirty #0 Not tainted
[   27.304445][    T1] -------------------------------------
[   27.310421][    T1] swapper/0/1 is trying to release lock (&type->s_umount_key) at:
[   27.318241][    T1] [<ffffffff81eb7734>] generic_shutdown_super+0x1e4/0x3c0
[   27.325454][    T1] but there are no more locks to release!
[   27.331175][    T1] 
[   27.331175][    T1] other info that might help us debug this:
[   27.339755][    T1] no locks held by swapper/0/1.
[   27.344702][    T1] 
[   27.344702][    T1] stack backtrace:
[   27.351193][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc2-syzkaller-00018-g2cf0f7156238-dirty #0
[   27.361550][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   27.371784][    T1] Call Trace:
[   27.375057][    T1]  <TASK>
[   27.377991][    T1]  dump_stack_lvl+0xd9/0x1b0
[   27.382775][    T1]  lock_release+0x4b5/0x680
[   27.387307][    T1]  ? generic_shutdown_super+0x1e4/0x3c0
[   27.393046][    T1]  ? reacquire_held_locks+0x4b0/0x4b0
[   27.399133][    T1]  ? reacquire_held_locks+0x4b0/0x4b0
[   27.404517][    T1]  ? __wake_up_sync+0x20/0x20
[   27.409379][    T1]  up_write+0x2a/0x510
[   27.413447][    T1]  ? reiserfs_remount+0x1640/0x1640
[   27.418761][    T1]  generic_shutdown_super+0x1e4/0x3c0
[   27.424293][    T1]  ? reiserfs_remount+0x1640/0x1640
[   27.429818][    T1]  kill_block_super+0x3b/0x70
[   27.434502][    T1]  deactivate_locked_super+0xa6/0x180
[   27.439882][    T1]  mount_bdev+0x2a6/0x300
[   27.444306][    T1]  ? sget+0x610/0x610
[   27.448361][    T1]  ? vfs_parse_fs_param+0x3c0/0x3c0
[   27.453617][    T1]  ? cap_capable+0x1d8/0x240
[   27.458237][    T1]  ? reiserfs_kill_sb+0x1e0/0x1e0
[   27.463792][    T1]  legacy_get_tree+0x109/0x220
[   27.468671][    T1]  vfs_get_tree+0x8c/0x370
[   27.473205][    T1]  path_mount+0x1492/0x1ed0
[   27.477749][    T1]  ? kmem_cache_free+0x223/0x380
[   27.482713][    T1]  ? finish_automount+0xa40/0xa40
[   27.487868][    T1]  ? putname+0x101/0x140
[   27.492574][    T1]  init_mount+0xbf/0x110
[   27.497105][    T1]  ? nsfs_init+0xb0/0xb0
[   27.501361][    T1]  do_mount_root+0xdd/0x2c0
[   27.506048][    T1]  mount_root_generic+0x19a/0x460
[   27.511083][    T1]  ? init_rootfs+0x60/0x60
[   27.515515][    T1]  ? getname_kernel+0x21c/0x360
[   27.520369][    T1]  mount_root+0x241/0x480
[   27.524697][    T1]  ? kmem_cache_alloc+0x338/0x400
[   27.529717][    T1]  ? mount_root_generic+0x460/0x460
[   27.535001][    T1]  ? getname_kernel+0x21c/0x360
[   27.539945][    T1]  prepare_namespace+0xe3/0x3f0
[   27.544896][    T1]  ? mount_root+0x480/0x480
[   27.549494][    T1]  ? fput+0x30/0x1a0
[   27.553394][    T1]  kernel_init_freeable+0x703/0x8f0
[   27.558596][    T1]  ? rest_init+0x2b0/0x2b0
[   27.563016][    T1]  kernel_init+0x1c/0x2a0
[   27.567351][    T1]  ? rest_init+0x2b0/0x2b0
[   27.571769][    T1]  ret_from_fork+0x45/0x80
[   27.576365][    T1]  ? rest_init+0x2b0/0x2b0
[   27.580799][    T1]  ret_from_fork_asm+0x11/0x20
[   27.585674][    T1]  </TASK>
[   27.588872][    T1] ------------[ cut here ]------------
[   27.594557][    T1] DEBUG_RWSEMS_WARN_ON((rwsem_owner(sem) != current) && !rwsem_test_oflags(sem, RWSEM_NONSPINNABLE)): count = 0x0, magic = 0xffff88814be20070, owner = 0x0, curr 0xffff888019644040, list empty
[   27.613588][    T1] WARNING: CPU: 0 PID: 1 at kernel/locking/rwsem.c:1369 up_write+0x458/0x510
[   27.622528][    T1] Modules linked in:
[   27.626442][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc2-syzkaller-00018-g2cf0f7156238-dirty #0
[   27.637061][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   27.648689][    T1] RIP: 0010:up_write+0x458/0x510
[   27.653883][    T1] Code: c1 ea 03 80 3c 02 00 75 50 48 8b 13 4d 89 f1 41 55 4d 89 f8 4c 89 e1 48 c7 c6 e0 93 8c 8a 48 c7 c7 00 93 8c 8a e8 e8 e1 e6 ff <0f> 0b 5a e9 aa fc ff ff 48 89 ef e8 28 9f 75 00 e9 17 fd ff ff 48
[   27.674317][    T1] RSP: 0000:ffffc9000027f910 EFLAGS: 00010286
[   27.680635][    T1] RAX: 0000000000000000 RBX: ffff88814be20070 RCX: 0000000000000000
[   27.688711][    T1] RDX: ffff888019644040 RSI: ffffffff814cf096 RDI: 0000000000000001
[   27.696725][    T1] RBP: ffff88814be20078 R08: 0000000000000001 R09: 0000000000000000
[   27.704906][    T1] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88814be20070
[   27.713404][    T1] R13: ffffffff8a8c9240 R14: ffff888019644040 R15: 0000000000000000
[   27.721412][    T1] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[   27.730905][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   27.737626][    T1] CR2: ffff88823ffff000 CR3: 000000000c976000 CR4: 00000000003506f0
[   27.746689][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   27.754948][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   27.762933][    T1] Call Trace:
[   27.766295][    T1]  <TASK>
[   27.769274][    T1]  ? show_regs+0x8f/0xa0
[   27.773712][    T1]  ? __warn+0xe6/0x380
[   27.777946][    T1]  ? up_write+0x458/0x510
[   27.782348][    T1]  ? report_bug+0x3bc/0x580
[   27.786873][    T1]  ? handle_bug+0x3c/0x70
[   27.791192][    T1]  ? exc_invalid_op+0x17/0x40
[   27.795896][    T1]  ? asm_exc_invalid_op+0x1a/0x20
[   27.800980][    T1]  ? __warn_printk+0x1a6/0x350
[   27.805772][    T1]  ? up_write+0x458/0x510
[   27.810110][    T1]  ? reiserfs_remount+0x1640/0x1640
[   27.815343][    T1]  generic_shutdown_super+0x1e4/0x3c0
[   27.820737][    T1]  ? reiserfs_remount+0x1640/0x1640
[   27.826056][    T1]  kill_block_super+0x3b/0x70
[   27.830828][    T1]  deactivate_locked_super+0xa6/0x180
[   27.836220][    T1]  mount_bdev+0x2a6/0x300
[   27.840537][    T1]  ? sget+0x610/0x610
[   27.844534][    T1]  ? vfs_parse_fs_param+0x3c0/0x3c0
[   27.849831][    T1]  ? cap_capable+0x1d8/0x240
[   27.854439][    T1]  ? reiserfs_kill_sb+0x1e0/0x1e0
[   27.859490][    T1]  legacy_get_tree+0x109/0x220
[   27.864358][    T1]  vfs_get_tree+0x8c/0x370
[   27.868886][    T1]  path_mount+0x1492/0x1ed0
[   27.873441][    T1]  ? kmem_cache_free+0x223/0x380
[   27.878456][    T1]  ? finish_automount+0xa40/0xa40
[   27.883647][    T1]  ? putname+0x101/0x140
[   27.887917][    T1]  init_mount+0xbf/0x110
[   27.892230][    T1]  ? nsfs_init+0xb0/0xb0
[   27.896498][    T1]  do_mount_root+0xdd/0x2c0
[   27.901004][    T1]  mount_root_generic+0x19a/0x460
[   27.906042][    T1]  ? init_rootfs+0x60/0x60
[   27.910526][    T1]  ? getname_kernel+0x21c/0x360
[   27.915727][    T1]  mount_root+0x241/0x480
[   27.920314][    T1]  ? kmem_cache_alloc+0x338/0x400
[   27.925350][    T1]  ? mount_root_generic+0x460/0x460
[   27.930895][    T1]  ? getname_kernel+0x21c/0x360
[   27.936002][    T1]  prepare_namespace+0xe3/0x3f0
[   27.941118][    T1]  ? mount_root+0x480/0x480
[   27.945751][    T1]  ? fput+0x30/0x1a0
[   27.949754][    T1]  kernel_init_freeable+0x703/0x8f0
[   27.954988][    T1]  ? rest_init+0x2b0/0x2b0
[   27.959460][    T1]  kernel_init+0x1c/0x2a0
[   27.963999][    T1]  ? rest_init+0x2b0/0x2b0
[   27.969519][    T1]  ret_from_fork+0x45/0x80
[   27.974142][    T1]  ? rest_init+0x2b0/0x2b0
[   27.978650][    T1]  ret_from_fork_asm+0x11/0x20
[   27.983604][    T1]  </TASK>
[   27.986619][    T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   27.994750][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc2-syzkaller-00018-g2cf0f7156238-dirty #0
[   28.005187][    T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[   28.015864][    T1] Call Trace:
[   28.019651][    T1]  <TASK>
[   28.022839][    T1]  dump_stack_lvl+0xd9/0x1b0
[   28.027529][    T1]  panic+0x6a6/0x750
[   28.032304][    T1]  ? panic_smp_self_stop+0xa0/0xa0
[   28.037525][    T1]  ? up_write+0x458/0x510
[   28.042116][    T1]  check_panic_on_warn+0xab/0xb0
[   28.047062][    T1]  __warn+0xf2/0x380
[   28.050976][    T1]  ? up_write+0x458/0x510
[   28.055569][    T1]  report_bug+0x3bc/0x580
[   28.060442][    T1]  handle_bug+0x3c/0x70
[   28.065044][    T1]  exc_invalid_op+0x17/0x40
[   28.070109][    T1]  asm_exc_invalid_op+0x1a/0x20
[   28.074971][    T1] RIP: 0010:up_write+0x458/0x510
[   28.080204][    T1] Code: c1 ea 03 80 3c 02 00 75 50 48 8b 13 4d 89 f1 41 55 4d 89 f8 4c 89 e1 48 c7 c6 e0 93 8c 8a 48 c7 c7 00 93 8c 8a e8 e8 e1 e6 ff <0f> 0b 5a e9 aa fc ff ff 48 89 ef e8 28 9f 75 00 e9 17 fd ff ff 48
[   28.101200][    T1] RSP: 0000:ffffc9000027f910 EFLAGS: 00010286
[   28.108760][    T1] RAX: 0000000000000000 RBX: ffff88814be20070 RCX: 0000000000000000
[   28.117095][    T1] RDX: ffff888019644040 RSI: ffffffff814cf096 RDI: 0000000000000001
[   28.126618][    T1] RBP: ffff88814be20078 R08: 0000000000000001 R09: 0000000000000000
[   28.135129][    T1] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88814be20070
[   28.143194][    T1] R13: ffffffff8a8c9240 R14: ffff888019644040 R15: 0000000000000000
[   28.151661][    T1]  ? __warn_printk+0x1a6/0x350
[   28.156636][    T1]  ? reiserfs_remount+0x1640/0x1640
[   28.162549][    T1]  generic_shutdown_super+0x1e4/0x3c0
[   28.168079][    T1]  ? reiserfs_remount+0x1640/0x1640
[   28.173469][    T1]  kill_block_super+0x3b/0x70
[   28.178141][    T1]  deactivate_locked_super+0xa6/0x180
[   28.185001][    T1]  mount_bdev+0x2a6/0x300
[   28.189343][    T1]  ? sget+0x610/0x610
[   28.193358][    T1]  ? vfs_parse_fs_param+0x3c0/0x3c0
[   28.198655][    T1]  ? cap_capable+0x1d8/0x240
[   28.203381][    T1]  ? reiserfs_kill_sb+0x1e0/0x1e0
[   28.208422][    T1]  legacy_get_tree+0x109/0x220
[   28.213330][    T1]  vfs_get_tree+0x8c/0x370
[   28.217759][    T1]  path_mount+0x1492/0x1ed0
[   28.222264][    T1]  ? kmem_cache_free+0x223/0x380
[   28.227628][    T1]  ? finish_automount+0xa40/0xa40
[   28.232783][    T1]  ? putname+0x101/0x140
[   28.237039][    T1]  init_mount+0xbf/0x110
[   28.241283][    T1]  ? nsfs_init+0xb0/0xb0
[   28.245522][    T1]  do_mount_root+0xdd/0x2c0
[   28.250046][    T1]  mount_root_generic+0x19a/0x460
[   28.255065][    T1]  ? init_rootfs+0x60/0x60
[   28.259488][    T1]  ? getname_kernel+0x21c/0x360
[   28.264366][    T1]  mount_root+0x241/0x480
[   28.268693][    T1]  ? kmem_cache_alloc+0x338/0x400
[   28.273700][    T1]  ? mount_root_generic+0x460/0x460
[   28.278888][    T1]  ? getname_kernel+0x21c/0x360
[   28.283735][    T1]  prepare_namespace+0xe3/0x3f0
[   28.288575][    T1]  ? mount_root+0x480/0x480
[   28.293225][    T1]  ? fput+0x30/0x1a0
[   28.297134][    T1]  kernel_init_freeable+0x703/0x8f0
[   28.302361][    T1]  ? rest_init+0x2b0/0x2b0
[   28.306831][    T1]  kernel_init+0x1c/0x2a0
[   28.311182][    T1]  ? rest_init+0x2b0/0x2b0
[   28.315698][    T1]  ret_from_fork+0x45/0x80
[   28.320147][    T1]  ? rest_init+0x2b0/0x2b0
[   28.324661][    T1]  ret_from_fork_asm+0x11/0x20
[   28.329423][    T1]  </TASK>
[   28.332714][    T1] Kernel Offset: disabled
[   28.337046][    T1] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build4053167018=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at 0b6a67ac4
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"0b6a67ac4b0dc26f43030c5edd01c9175f13b784\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1688a642680000


Tested on:

commit:         2cf0f715 Merge tag 'nfs-for-6.6-2' of git://git.linux-..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config:  https://syzkaller.appspot.com/x/.config?x=710dc49bece494df
dashboard link: https://syzkaller.appspot.com/bug?extid=062317ea1d0a6d5e29e7
compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch:          https://syzkaller.appspot.com/x/patch.diff?x=1656035a680000

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ