| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67830dc0.050a0220.216c54.0029.GAE@google.com>
Date: Sat, 11 Jan 2025 16:33:04 -0800
From: syzbot <syzbot+799a2d4576c454ac2693@...kaller.appspotmail.com>
To: hdanton@...a.com, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [kernel?] possible deadlock in binder_alloc_free_page
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
WARNING in __debugfs_file_get
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5834 at fs/debugfs/file.c:90 __debugfs_file_get+0x5e3/0x6f0 fs/debugfs/file.c:90
Modules linked in:
CPU: 1 UID: 0 PID: 5834 Comm: syz-executor Not tainted 6.13.0-rc6-next-20250110-syzkaller-g2b88851f583d-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__debugfs_file_get+0x5e3/0x6f0 fs/debugfs/file.c:90
Code: 3f 01 48 b8 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 0f 85 e9 00 00 00 44 8b 74 24 40 e9 4f ff ff ff e8 2e 90 19 fe 90 <0f> 0b 90 b8 ea ff ff ff 4c 8b 3c 24 e9 5c ff ff ff 44 89 e9 80 e1
RSP: 0018:ffffc900040ff720 EFLAGS: 00010293
RAX: ffffffff83a5b0b2 RBX: 1ffff11004680fc2 RCX: ffff888027e38000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc900040ff7d0 R08: ffffffff83a5abc7 R09: ffffffff8235b45d
R10: 0000000000000002 R11: ffffffff83a5b7b0 R12: 0000000000000000
R13: ffff888023407e10 R14: dffffc0000000000 R15: ffffffff8c47e761
FS: 00005555811cc500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0a441e34c8 CR3: 0000000078ba8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
debugfs_file_get fs/debugfs/file.c:152 [inline]
open_proxy_open+0x4f/0x4c0 fs/debugfs/file.c:283
do_dentry_open+0xdec/0x1960 fs/open.c:955
vfs_open+0x3b/0x370 fs/open.c:1085
do_open fs/namei.c:3828 [inline]
path_openat+0x2c74/0x3580 fs/namei.c:3987
do_filp_open+0x27f/0x4e0 fs/namei.c:4014
do_sys_openat2+0x13e/0x1d0 fs/open.c:1427
do_sys_open fs/open.c:1442 [inline]
__do_sys_openat fs/open.c:1458 [inline]
__se_sys_openat fs/open.c:1453 [inline]
__x64_sys_openat+0x247/0x2a0 fs/open.c:1453
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0a44184611
Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 3a 7f 1c 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
RSP: 002b:00007ffefaf48b90 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007f0a44184611
RDX: 0000000000080001 RSI: 00007f0a441e34c8 RDI: 00000000ffffff9c
RBP: 00007f0a441e34c8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000b
R13: 00007ffefaf48c30 R14: 00007f0a44201a6d R15: 00005555811e6010
</TASK>
Warning: Permanently added '10.128.1.98' (ED25519) to the list of known hosts.
2025/01/12 00:31:45 ignoring optional flag "sandboxArg"="0"
2025/01/12 00:31:45 parsed 1 programs
[ 65.085843][ T5834] ------------[ cut here ]------------
[ 65.091402][ T5834] WARNING: CPU: 1 PID: 5834 at fs/debugfs/file.c:90 __debugfs_file_get+0x5e3/0x6f0
[ 65.100743][ T5834] Modules linked in:
[ 65.104667][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor Not tainted 6.13.0-rc6-next-20250110-syzkaller-g2b88851f583d-dirty #0
[ 65.116850][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 65.127029][ T5834] RIP: 0010:__debugfs_file_get+0x5e3/0x6f0
[ 65.132936][ T5834] Code: 3f 01 48 b8 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 0f 85 e9 00 00 00 44 8b 74 24 40 e9 4f ff ff ff e8 2e 90 19 fe 90 <0f> 0b 90 b8 ea ff ff ff 4c 8b 3c 24 e9 5c ff ff ff 44 89 e9 80 e1
[ 65.152788][ T5834] RSP: 0018:ffffc900040ff720 EFLAGS: 00010293
[ 65.158858][ T5834] RAX: ffffffff83a5b0b2 RBX: 1ffff11004680fc2 RCX: ffff888027e38000
[ 65.166875][ T5834] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 65.174980][ T5834] RBP: ffffc900040ff7d0 R08: ffffffff83a5abc7 R09: ffffffff8235b45d
[ 65.183044][ T5834] R10: 0000000000000002 R11: ffffffff83a5b7b0 R12: 0000000000000000
[ 65.191090][ T5834] R13: ffff888023407e10 R14: dffffc0000000000 R15: ffffffff8c47e761
[ 65.199056][ T5834] FS: 00005555811cc500(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 65.208020][ T5834] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 65.214659][ T5834] CR2: 00007f0a441e34c8 CR3: 0000000078ba8000 CR4: 00000000003526f0
[ 65.222668][ T5834] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 65.230697][ T5834] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 65.238662][ T5834] Call Trace:
[ 65.241982][ T5834] <TASK>
[ 65.244921][ T5834] ? __warn+0x165/0x4d0
[ 65.249069][ T5834] ? __debugfs_file_get+0x5e3/0x6f0
[ 65.254331][ T5834] ? report_bug+0x2b3/0x500
[ 65.258872][ T5834] ? __debugfs_file_get+0x5e3/0x6f0
[ 65.264138][ T5834] ? handle_bug+0x60/0x90
[ 65.268512][ T5834] ? exc_invalid_op+0x1a/0x50
[ 65.273268][ T5834] ? asm_exc_invalid_op+0x1a/0x20
[ 65.278305][ T5834] ? __pfx_open_proxy_open+0x10/0x10
[ 65.283636][ T5834] ? do_dentry_open+0x65d/0x1960
[ 65.288584][ T5834] ? __debugfs_file_get+0xf7/0x6f0
[ 65.293754][ T5834] ? __debugfs_file_get+0x5e2/0x6f0
[ 65.298964][ T5834] ? __debugfs_file_get+0x5e3/0x6f0
[ 65.304258][ T5834] ? __pfx___debugfs_file_get+0x10/0x10
[ 65.309817][ T5834] ? __pfx_apparmor_file_open+0x10/0x10
[ 65.315611][ T5834] ? mnt_get_write_access+0x68/0x2b0
[ 65.320969][ T5834] ? mnt_get_write_access+0x68/0x2b0
[ 65.326282][ T5834] open_proxy_open+0x4f/0x4c0
[ 65.331042][ T5834] ? do_dentry_open+0xde0/0x1960
[ 65.336000][ T5834] ? __pfx_open_proxy_open+0x10/0x10
[ 65.341336][ T5834] do_dentry_open+0xdec/0x1960
[ 65.346116][ T5834] ? vfs_open+0x31/0x370
[ 65.350613][ T5834] vfs_open+0x3b/0x370
[ 65.354693][ T5834] path_openat+0x2c74/0x3580
[ 65.359295][ T5834] ? count_memcg_event_mm+0x94/0x420
[ 65.364639][ T5834] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 65.370765][ T5834] ? __pfx_path_openat+0x10/0x10
[ 65.375709][ T5834] do_filp_open+0x27f/0x4e0
[ 65.380201][ T5834] ? __pfx_do_filp_open+0x10/0x10
[ 65.385285][ T5834] ? do_raw_spin_lock+0x14f/0x370
[ 65.390343][ T5834] do_sys_openat2+0x13e/0x1d0
[ 65.395105][ T5834] ? __pfx_do_sys_openat2+0x10/0x10
[ 65.400334][ T5834] ? __pfx_lock_acquire+0x10/0x10
[ 65.405419][ T5834] __x64_sys_openat+0x247/0x2a0
[ 65.410366][ T5834] ? __pfx___x64_sys_openat+0x10/0x10
[ 65.415809][ T5834] ? exc_page_fault+0x590/0x8b0
[ 65.420701][ T5834] ? do_syscall_64+0xb6/0x230
[ 65.425367][ T5834] do_syscall_64+0xf3/0x230
[ 65.429850][ T5834] ? clear_bhb_loop+0x35/0x90
[ 65.434588][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.440638][ T5834] RIP: 0033:0x7f0a44184611
[ 65.445169][ T5834] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 3a 7f 1c 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 65.465236][ T5834] RSP: 002b:00007ffefaf48b90 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 65.473715][ T5834] RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007f0a44184611
[ 65.481783][ T5834] RDX: 0000000000080001 RSI: 00007f0a441e34c8 RDI: 00000000ffffff9c
[ 65.489766][ T5834] RBP: 00007f0a441e34c8 R08: 0000000000000000 R09: 0000000000000000
[ 65.497775][ T5834] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000b
[ 65.505824][ T5834] R13: 00007ffefaf48c30 R14: 00007f0a44201a6d R15: 00005555811e6010
[ 65.513863][ T5834] </TASK>
[ 65.516994][ T5834] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 65.524276][ T5834] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor Not tainted 6.13.0-rc6-next-20250110-syzkaller-g2b88851f583d-dirty #0
[ 65.536331][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 65.546493][ T5834] Call Trace:
[ 65.549767][ T5834] <TASK>
[ 65.552703][ T5834] dump_stack_lvl+0x241/0x360
[ 65.557389][ T5834] ? __pfx_dump_stack_lvl+0x10/0x10
[ 65.562754][ T5834] ? __pfx__printk+0x10/0x10
[ 65.567621][ T5834] ? _printk+0xd5/0x120
[ 65.571781][ T5834] ? __init_begin+0x41000/0x41000
[ 65.576798][ T5834] ? vscnprintf+0x5d/0x90
[ 65.581117][ T5834] panic+0x349/0x880
[ 65.585016][ T5834] ? __warn+0x174/0x4d0
[ 65.589177][ T5834] ? __pfx_panic+0x10/0x10
[ 65.593615][ T5834] __warn+0x344/0x4d0
[ 65.597603][ T5834] ? __debugfs_file_get+0x5e3/0x6f0
[ 65.602797][ T5834] report_bug+0x2b3/0x500
[ 65.607125][ T5834] ? __debugfs_file_get+0x5e3/0x6f0
[ 65.612332][ T5834] handle_bug+0x60/0x90
[ 65.616488][ T5834] exc_invalid_op+0x1a/0x50
[ 65.620993][ T5834] asm_exc_invalid_op+0x1a/0x20
[ 65.625841][ T5834] RIP: 0010:__debugfs_file_get+0x5e3/0x6f0
[ 65.631641][ T5834] Code: 3f 01 48 b8 00 00 00 00 00 fc ff df 41 0f b6 44 05 00 84 c0 0f 85 e9 00 00 00 44 8b 74 24 40 e9 4f ff ff ff e8 2e 90 19 fe 90 <0f> 0b 90 b8 ea ff ff ff 4c 8b 3c 24 e9 5c ff ff ff 44 89 e9 80 e1
[ 65.651239][ T5834] RSP: 0018:ffffc900040ff720 EFLAGS: 00010293
[ 65.657312][ T5834] RAX: ffffffff83a5b0b2 RBX: 1ffff11004680fc2 RCX: ffff888027e38000
[ 65.665277][ T5834] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 65.673245][ T5834] RBP: ffffc900040ff7d0 R08: ffffffff83a5abc7 R09: ffffffff8235b45d
[ 65.681210][ T5834] R10: 0000000000000002 R11: ffffffff83a5b7b0 R12: 0000000000000000
[ 65.689178][ T5834] R13: ffff888023407e10 R14: dffffc0000000000 R15: ffffffff8c47e761
[ 65.697147][ T5834] ? __pfx_open_proxy_open+0x10/0x10
[ 65.702429][ T5834] ? do_dentry_open+0x65d/0x1960
[ 65.707352][ T5834] ? __debugfs_file_get+0xf7/0x6f0
[ 65.712450][ T5834] ? __debugfs_file_get+0x5e2/0x6f0
[ 65.717644][ T5834] ? __pfx___debugfs_file_get+0x10/0x10
[ 65.723182][ T5834] ? __pfx_apparmor_file_open+0x10/0x10
[ 65.728720][ T5834] ? mnt_get_write_access+0x68/0x2b0
[ 65.733995][ T5834] ? mnt_get_write_access+0x68/0x2b0
[ 65.739270][ T5834] open_proxy_open+0x4f/0x4c0
[ 65.743937][ T5834] ? do_dentry_open+0xde0/0x1960
[ 65.748866][ T5834] ? __pfx_open_proxy_open+0x10/0x10
[ 65.754146][ T5834] do_dentry_open+0xdec/0x1960
[ 65.758903][ T5834] ? vfs_open+0x31/0x370
[ 65.763146][ T5834] vfs_open+0x3b/0x370
[ 65.767204][ T5834] path_openat+0x2c74/0x3580
[ 65.771786][ T5834] ? count_memcg_event_mm+0x94/0x420
[ 65.777074][ T5834] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 65.783059][ T5834] ? __pfx_path_openat+0x10/0x10
[ 65.787998][ T5834] do_filp_open+0x27f/0x4e0
[ 65.792669][ T5834] ? __pfx_do_filp_open+0x10/0x10
[ 65.797684][ T5834] ? do_raw_spin_lock+0x14f/0x370
[ 65.802720][ T5834] do_sys_openat2+0x13e/0x1d0
[ 65.807389][ T5834] ? __pfx_do_sys_openat2+0x10/0x10
[ 65.812588][ T5834] ? __pfx_lock_acquire+0x10/0x10
[ 65.817609][ T5834] __x64_sys_openat+0x247/0x2a0
[ 65.823062][ T5834] ? __pfx___x64_sys_openat+0x10/0x10
[ 65.828425][ T5834] ? exc_page_fault+0x590/0x8b0
[ 65.833270][ T5834] ? do_syscall_64+0xb6/0x230
[ 65.837941][ T5834] do_syscall_64+0xf3/0x230
[ 65.842435][ T5834] ? clear_bhb_loop+0x35/0x90
[ 65.847106][ T5834] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 65.852995][ T5834] RIP: 0033:0x7f0a44184611
[ 65.857407][ T5834] Code: 75 57 89 f0 25 00 00 41 00 3d 00 00 41 00 74 49 80 3d 3a 7f 1c 00 00 74 6d 89 da 48 89 ee bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 93 00 00 00 48 8b 54 24 28 64 48 2b 14 25
[ 65.877436][ T5834] RSP: 002b:00007ffefaf48b90 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 65.885845][ T5834] RAX: ffffffffffffffda RBX: 0000000000080001 RCX: 00007f0a44184611
[ 65.893806][ T5834] RDX: 0000000000080001 RSI: 00007f0a441e34c8 RDI: 00000000ffffff9c
[ 65.901765][ T5834] RBP: 00007f0a441e34c8 R08: 0000000000000000 R09: 0000000000000000
[ 65.909726][ T5834] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000b
[ 65.917687][ T5834] R13: 00007ffefaf48c30 R14: 00007f0a44201a6d R15: 00005555811e6010
[ 65.925657][ T5834] </TASK>
[ 65.928921][ T5834] Kernel Offset: disabled
[ 65.933292][ T5834] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build4067228094=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 6dbc6a9bc
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6dbc6a9bc76e06852841ed5c5bdbb78409b17f53 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250110-142744'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"6dbc6a9bc76e06852841ed5c5bdbb78409b17f53\"
/usr/bin/ld: /tmp/ccwLE3p3.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Tested on:
commit: 2b88851f Add linux-next specific files for 20250110
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=2c9d32675cb8d2a5
dashboard link: https://syzkaller.appspot.com/bug?extid=799a2d4576c454ac2693
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=15bc2bc4580000
Powered by blists - more mailing lists