lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHB1NajxyF5mBEqcuhRh6FdizNizoFsdUgBOGu=StFwUoByYAQ@mail.gmail.com>
Date: Fri, 1 Nov 2024 13:33:32 +0800
From: Julian Sun <sunjunchao2870@...il.com>
To: syzbot <syzbot+2665d678fffcc4608e18@...kaller.appspotmail.com>
Cc: clm@...com, dsterba@...e.com, josef@...icpanda.com, 
	linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [btrfs?] kernel BUG in close_ctree

#syz test

syzbot <syzbot+2665d678fffcc4608e18@...kaller.appspotmail.com>
于2024年11月1日周五 12:21写道:
>
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> ss_scheduled_works+0xa2c/0x1830
> [   73.327092][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
> [   73.333107][   T35]  ? assign_work+0x364/0x3d0
> [   73.338035][   T35]  worker_thread+0x86d/0xd70
> [   73.342932][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
> [   73.348918][   T35]  ? __kthread_parkme+0x169/0x1d0
> [   73.354380][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.359663][   T35]  kthread+0x2f0/0x390
> [   73.364017][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.369795][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.374478][   T35]  ret_from_fork+0x4b/0x80
> [   73.378997][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.383608][   T35]  ret_from_fork_asm+0x1a/0x30
> [   73.388385][   T35]  </TASK>
> [   73.393498][   T35]
> [   73.396306][   T35] =============================
> [   73.401993][   T35] WARNING: suspicious RCU usage
> [   73.407119][   T35] 6.10.0-rc4-syzkaller-00003-gd31e86ef6377 #0 Not tainted
> [   73.414474][   T35] -----------------------------
> [   73.419426][   T35] net/netfilter/ipset/ip_set_core.c:1211 suspicious rcu_dereference_protected() usage!
> [   73.429512][   T35]
> [   73.429512][   T35] other info that might help us debug this:
> [   73.429512][   T35]
> [   73.440230][   T35]
> [   73.440230][   T35] rcu_scheduler_active = 2, debug_locks = 1
> [   73.448892][   T35] 3 locks held by kworker/u8:2/35:
> [   73.454197][   T35]  #0: ffff88801b6e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
> [   73.465331][   T35]  #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
> [   73.476037][   T35]  #2: ffffffff8f83e650 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
> [   73.485586][   T35]
> [   73.485586][   T35] stack backtrace:
> [   73.491593][   T35] CPU: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc4-syzkaller-00003-gd31e86ef6377 #0
> [   73.502691][   T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
> [   73.513716][   T35] Workqueue: netns cleanup_net
> [   73.518809][   T35] Call Trace:
> [   73.523025][   T35]  <TASK>
> [   73.526175][   T35]  dump_stack_lvl+0x241/0x360
> [   73.531256][   T35]  ? __pfx_dump_stack_lvl+0x10/0x10
> [   73.536637][   T35]  ? __pfx__printk+0x10/0x10
> [   73.541357][   T35]  lockdep_rcu_suspicious+0x221/0x340
> [   73.546777][   T35]  _destroy_all_sets+0x53f/0x5f0
> [   73.551742][   T35]  ip_set_net_exit+0x20/0x50
> [   73.556358][   T35]  cleanup_net+0x802/0xcc0
> [   73.561075][   T35]  ? __pfx_cleanup_net+0x10/0x10
> [   73.566478][   T35]  ? process_scheduled_works+0x945/0x1830
> [   73.572218][   T35]  process_scheduled_works+0xa2c/0x1830
> [   73.577987][   T35]  ? __pfx_process_scheduled_works+0x10/0x10
> [   73.584088][   T35]  ? assign_work+0x364/0x3d0
> [   73.588812][   T35]  worker_thread+0x86d/0xd70
> [   73.593517][   T35]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
> [   73.599856][   T35]  ? __kthread_parkme+0x169/0x1d0
> [   73.605099][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.610568][   T35]  kthread+0x2f0/0x390
> [   73.614847][   T35]  ? __pfx_worker_thread+0x10/0x10
> [   73.620047][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.624822][   T35]  ret_from_fork+0x4b/0x80
> [   73.629506][   T35]  ? __pfx_kthread+0x10/0x10
> [   73.634200][   T35]  ret_from_fork_asm+0x1a/0x30
> [   73.639333][   T35]  </TASK>
> [   73.837536][ T1018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [   73.846609][ T1018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [   73.881180][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [   73.889451][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [   74.764101][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
> [   74.774581][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
> [   74.787132][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
> [   74.795836][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
> [   74.804209][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
> [   74.816388][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
> [   76.110885][ T5269] chnl_net:caif_netlink_parms(): no params data found
> [   76.202433][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state
> [   76.209738][ T5269] bridge0: port 1(bridge_slave_0) entered disabled state
> [   76.217802][ T5269] bridge_slave_0: entered allmulticast mode
> [   76.232096][ T5269] bridge_slave_0: entered promiscuous mode
> [   76.248093][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state
> [   76.255436][ T5269] bridge0: port 2(bridge_slave_1) entered disabled state
> [   76.263723][ T5269] bridge_slave_1: entered allmulticast mode
> [   76.270778][ T5269] bridge_slave_1: entered promiscuous mode
> [   76.307733][ T5269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> [   76.319630][ T5269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> [   76.352955][ T5269] team0: Port device team_slave_0 added
> [   76.365037][ T5269] team0: Port device team_slave_1 added
> [   76.393595][ T5269] batman_adv: batadv0: Adding interface: batadv_slave_0
> [   76.400676][ T5269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   76.428714][ T5269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> [   76.444591][ T5269] batman_adv: batadv0: Adding interface: batadv_slave_1
> [   76.452810][ T5269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   76.479277][ T5269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> [   76.518718][ T5269] hsr_slave_0: entered promiscuous mode
> [   76.526127][ T5269] hsr_slave_1: entered promiscuous mode
> [   76.644065][ T5269] netdevsim netdevsim0 netdevsim0: renamed from eth0
> [   76.656191][ T5269] netdevsim netdevsim0 netdevsim1: renamed from eth1
> [   76.666601][ T5269] netdevsim netdevsim0 netdevsim2: renamed from eth2
> [   76.677174][ T5269] netdevsim netdevsim0 netdevsim3: renamed from eth3
> [   76.705301][ T5269] bridge0: port 2(bridge_slave_1) entered blocking state
> [   76.713063][ T5269] bridge0: port 2(bridge_slave_1) entered forwarding state
> [   76.721178][ T5269] bridge0: port 1(bridge_slave_0) entered blocking state
> [   76.728612][ T5269] bridge0: port 1(bridge_slave_0) entered forwarding state
> [   76.793408][ T5269] 8021q: adding VLAN 0 to HW filter on device bond0
> [   76.813501][   T25] bridge0: port 1(bridge_slave_0) entered disabled state
> [   76.824694][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
> [   76.847764][ T5269] 8021q: adding VLAN 0 to HW filter on device team0
> [   76.864992][ T5276] bridge0: port 1(bridge_slave_0) entered blocking state
> [   76.872724][ T5276] bridge0: port 1(bridge_slave_0) entered forwarding state
> [   76.888966][ T5277] bridge0: port 2(bridge_slave_1) entered blocking state
> [   76.896454][ T5277] bridge0: port 2(bridge_slave_1) entered forwarding state
> [   76.934240][ T5269] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
> [   76.946752][ T5269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
> [   77.085939][ T5269] 8021q: adding VLAN 0 to HW filter on device batadv0
> [   77.138427][ T5269] veth0_vlan: entered promiscuous mode
> [   77.155530][ T5269] veth1_vlan: entered promiscuous mode
> [   77.199855][ T5269] veth0_macvtap: entered promiscuous mode
> [   77.216097][ T5269] veth1_macvtap: entered promiscuous mode
> [   77.241139][ T5269] batman_adv: batadv0: Interface activated: batadv_slave_0
> [   77.265095][ T5269] batman_adv: batadv0: Interface activated: batadv_slave_1
> [   77.280957][ T5269] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.293499][ T5269] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.302863][ T5269] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.314571][ T5269] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
> [   77.503942][ T5269] syz-executor (5269) used greatest stack depth: 18704 bytes left
> [   77.557203][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> 2024/11/01 04:20:05 executed programs: 0
> [   77.656155][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [   77.729378][ T4592] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
> [   77.746402][ T4592] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
> [   77.747184][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [   77.762998][ T4592] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
> [   77.775774][ T4592] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
> [   77.785232][ T4592] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
> [   77.793548][ T4592] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
> [   77.820026][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [   77.956684][ T5291] chnl_net:caif_netlink_parms(): no params data found
> [   78.025169][ T5291] bridge0: port 1(bridge_slave_0) entered blocking state
> [   78.032601][ T5291] bridge0: port 1(bridge_slave_0) entered disabled state
> [   78.039953][ T5291] bridge_slave_0: entered allmulticast mode
> [   78.047981][ T5291] bridge_slave_0: entered promiscuous mode
> [   78.056275][ T5291] bridge0: port 2(bridge_slave_1) entered blocking state
> [   78.063812][ T5291] bridge0: port 2(bridge_slave_1) entered disabled state
> [   78.070975][ T5291] bridge_slave_1: entered allmulticast mode
> [   78.078397][ T5291] bridge_slave_1: entered promiscuous mode
> [   78.108847][ T5291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> [   78.123105][ T5291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> [   78.158143][ T5291] team0: Port device team_slave_0 added
> [   78.168279][ T5291] team0: Port device team_slave_1 added
> [   78.198300][ T5291] batman_adv: batadv0: Adding interface: batadv_slave_0
> [   78.205463][ T5291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   78.235902][ T5291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> [   78.249282][ T5291] batman_adv: batadv0: Adding interface: batadv_slave_1
> [   78.257256][ T5291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [   78.283977][ T5291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> [   78.334156][ T5291] hsr_slave_0: entered promiscuous mode
> [   78.340571][ T5291] hsr_slave_1: entered promiscuous mode
> [   78.348761][ T5291] debugfs: Directory 'hsr0' with parent 'hsr' already present!
> [   78.357164][ T5291] Cannot create hsr debugfs directory
> [   79.832991][   T54] Bluetooth: hci0: command tx timeout
> [   81.912093][   T54] Bluetooth: hci0: command tx timeout
> [   82.159166][  T786] cfg80211: failed to load regulatory.db
> [   82.197063][   T35] bridge_slave_1: left allmulticast mode
> [   82.204459][   T35] bridge_slave_1: left promiscuous mode
> [   82.211112][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
> [   82.223520][   T35] bridge_slave_0: left allmulticast mode
> [   82.229353][   T35] bridge_slave_0: left promiscuous mode
> [   82.237641][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
> [   82.488532][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
> [   82.500105][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
> [   82.510830][   T35] bond0 (unregistering): Released all slaves
> [   82.646242][   T35] hsr_slave_0: left promiscuous mode
> [   82.656470][   T35] hsr_slave_1: left promiscuous mode
> [   82.665484][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
> [   82.673171][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
> [   82.681803][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
> [   82.693548][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
> [   82.717176][   T35] veth1_macvtap: left promiscuous mode
> [   82.723507][   T35] veth0_macvtap: left promiscuous mode
> [   82.729270][   T35] veth1_vlan: left promiscuous mode
> [   82.738660][   T35] veth0_vlan: left promiscuous mode
>
>
> syzkaller build log:
> go env (err=<nil>)
> GO111MODULE='auto'
> GOARCH='amd64'
> GOBIN=''
> GOCACHE='/syzkaller/.cache/go-build'
> GOENV='/syzkaller/.config/go/env'
> GOEXE=''
> GOEXPERIMENT=''
> GOFLAGS=''
> GOHOSTARCH='amd64'
> GOHOSTOS='linux'
> GOINSECURE=''
> GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
> GONOPROXY=''
> GONOSUMDB=''
> GOOS='linux'
> GOPATH='/syzkaller/jobs/linux/gopath'
> GOPRIVATE=''
> GOPROXY='https://proxy.golang.org,direct'
> GOROOT='/usr/local/go'
> GOSUMDB='sum.golang.org'
> GOTMPDIR=''
> GOTOOLCHAIN='auto'
> GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
> GOVCS=''
> GOVERSION='go1.22.7'
> GCCGO='gccgo'
> GOAMD64='v1'
> AR='ar'
> CC='gcc'
> CXX='g++'
> CGO_ENABLED='1'
> GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
> GOWORK=''
> CGO_CFLAGS='-O2 -g'
> CGO_CPPFLAGS=''
> CGO_CXXFLAGS='-O2 -g'
> CGO_FFLAGS='-O2 -g'
> CGO_LDFLAGS='-O2 -g'
> PKG_CONFIG='pkg-config'
> GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2237638905=/tmp/go-build -gno-record-gcc-switches'
>
> git status (err=<nil>)
> HEAD detached at 666f77ed02
> nothing to commit, working tree clean
>
>
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
> make .descriptions
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> bin/syz-sysgen
> go fmt ./sys/... >/dev/null
> touch .descriptions
> GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=666f77ed02b98b834393ff84c646a8d611605f6f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241016-170423'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
> mkdir -p ./bin/linux_amd64
> g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
>         -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
>         -DHOSTGOOS_linux=1 -DGIT_REVISION=\"666f77ed02b98b834393ff84c646a8d611605f6f\"
> /usr/bin/ld: /tmp/cc65bbgo.o: in function `test_cover_filter()':
> executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
> /usr/bin/ld: /tmp/cc65bbgo.o: in function `Connection::Connect(char const*, char const*)':
> executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
>
>
> Error text is too large and was truncated, full error text is at:
> https://syzkaller.appspot.com/x/error.txt?x=105d32a7980000
>
>
> Tested on:
>
> commit:         d31e86ef arm64: access_ok() optimization
> git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --
> kernel config:  https://syzkaller.appspot.com/x/.config?x=7db415dfa086046c
> dashboard link: https://syzkaller.appspot.com/bug?extid=2665d678fffcc4608e18
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
>
> Note: no patches were applied.



-- 
Julian Sun <sunjunchao2870@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ