lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <0000000000009f0651061647bd5e@google.com>
Date: Wed, 17 Apr 2024 02:47:20 -0700
From: syzbot <syzbot+e25ef173c0758ea764de@...kaller.appspotmail.com>
To: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: [syzbot] [fs?] WARNING in stashed_dentry_prune (2)

Hello,

syzbot found the following issue on:

HEAD commit:    443574b03387 riscv, bpf: Fix kfunc parameters incompatibil..
git tree:       bpf
console+strace: https://syzkaller.appspot.com/x/log.txt?x=130e2add180000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6fb1be60a193d440
dashboard link: https://syzkaller.appspot.com/bug?extid=e25ef173c0758ea764de
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=12fb63f3180000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14e68f6d180000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/3f355021a085/disk-443574b0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/44cf4de7472a/vmlinux-443574b0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a99a36c7ad65/bzImage-443574b0.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e25ef173c0758ea764de@...kaller.appspotmail.com

RDX: 0000000000000002 RSI: 00007ffd10172950 RDI: 00000000ffffff9c
RBP: 00007ffd10172950 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
 </TASK>
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5067 at fs/libfs.c:2117 stashed_dentry_prune+0x97/0xa0 fs/libfs.c:2117
Modules linked in:
CPU: 0 PID: 5067 Comm: syz-executor252 Not tainted 6.8.0-syzkaller-05236-g443574b03387 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:stashed_dentry_prune+0x97/0xa0 fs/libfs.c:2117
Code: 00 00 e8 ac c1 e2 ff 31 c9 4c 89 f0 f0 49 0f b1 0f eb 05 e8 7b 77 7f ff 5b 41 5c 41 5e 41 5f c3 cc cc cc cc e8 6a 77 7f ff 90 <0f> 0b 90 eb e9 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000394f4c8 EFLAGS: 00010293
RAX: ffffffff82157906 RBX: ffff888075d4b588 RCX: ffff8880221c1e00
RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffff888075d4b490
RBP: 0000000000000001 R08: ffffffff820fa354 R09: 1ffff1100eba96a5
R10: dffffc0000000000 R11: ffffffff82157870 R12: dffffc0000000000
R13: dffffc0000000000 R14: ffff888075d4b490 R15: 0000000000000000
FS:  000055555a374380(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7c10b02c00 CR3: 0000000011176000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __dentry_kill+0xa9/0x630 fs/dcache.c:594
 dput+0x19f/0x2b0 fs/dcache.c:845
 prepare_anon_dentry fs/libfs.c:2018 [inline]
 path_from_stashed+0x695/0xb00 fs/libfs.c:2094
 proc_ns_get_link+0xf9/0x230 fs/proc/namespaces.c:61
 pick_link+0x631/0xd50
 step_into+0xca9/0x1080 fs/namei.c:1875
 open_last_lookups fs/namei.c:3590 [inline]
 path_openat+0x18b0/0x3240 fs/namei.c:3797
 do_filp_open+0x235/0x490 fs/namei.c:3827
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1407
 do_sys_open fs/open.c:1422 [inline]
 __do_sys_openat fs/open.c:1438 [inline]
 __se_sys_openat fs/open.c:1433 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1433
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f7c10aceda1
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d ca 92 07 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffd101728a0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f7c10aceda1
RDX: 0000000000000002 RSI: 00007ffd10172950 RDI: 00000000ffffff9c
RBP: 00007ffd10172950 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002
R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
 </TASK>


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ