lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <67c30164.050a0220.dc10f.0167.GAE@google.com>
Date: Sat, 01 Mar 2025 04:45:24 -0800
From: syzbot <syzbot+d9da13b17db05637e02d@...kaller.appspotmail.com>
To: anna-maria@...utronix.de, frederic@...nel.org, 
	linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, 
	tglx@...utronix.de
Subject: [syzbot] [kernel?] WARNING in exit_itimers

Hello,

syzbot found the following issue on:

HEAD commit:    d082ecbc71e9 Linux 6.14-rc4
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=173537a4580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=299fb852e91f4f3c
dashboard link: https://syzkaller.appspot.com/bug?extid=d9da13b17db05637e02d
compiler:       aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-d082ecbc.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/bdb92972b307/vmlinux-d082ecbc.xz
kernel image: https://storage.googleapis.com/syzbot-assets/15450a9ada87/Image-d082ecbc.gz.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d9da13b17db05637e02d@...kaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 0 PID: 21835 at kernel/time/posix-timers.c:1109 exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109
Modules linked in:
CPU: 0 UID: 0 PID: 21835 Comm: syz.0.5419 Not tainted 6.14.0-rc4-syzkaller #0
Hardware name: linux,dummy-virt (DT)
pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109
lr : itimer_delete kernel/time/posix-timers.c:1081 [inline]
lr : exit_itimers+0x17c/0x34c kernel/time/posix-timers.c:1103
sp : ffff800088ffbbf0
x29: ffff800088ffbbf0 x28: 0000000000000001 x27: f0f0000007b99a38
x26: 0000000000000000 x25: 0000000000000000 x24: f0f0000007b99240
x23: 0000000000000000 x22: f0f0000007b99240 x21: f0f0000007b99240
x20: 0000000000000001 x19: f0f0000007b99240 x18: 0000000000000000
x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffea2d02c8
x14: f0f0000007b992c0 x13: ffff8000828500c8 x12: 0000000000000001
x11: 00000355b7b9e14b x10: 5d48c5ec52c2bb1a x9 : b4052c63a0d52864
x8 : ffff800088ffbe38 x7 : fdf0000003263488 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000001000001 x3 : 00000000000001f4
x2 : fff000007f8d0758 x1 : f0f0000007b99240 x0 : fdf0000016d5fb60
Call trace:
 exit_itimers+0x238/0x34c kernel/time/posix-timers.c:1109 (P)
 do_exit+0x17c/0x98c kernel/exit.c:912
 do_group_exit+0x34/0x90 kernel/exit.c:1087
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:3036
 do_signal+0x94/0x360 arch/arm64/kernel/signal.c:1658
 do_notify_resume+0xd8/0x164 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc0/0xe0 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
rcuref - imbalanced put()
WARNING: CPU: 0 PID: 21835 at lib/rcuref.c:267 rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
Modules linked in:
CPU: 0 UID: 0 PID: 21835 Comm: syz.0.5419 Tainted: G        W          6.14.0-rc4-syzkaller #0
Tainted: [W]=WARN
Hardware name: linux,dummy-virt (DT)
pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
lr : rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267
sp : ffff800088ffbbd0
x29: ffff800088ffbbd0 x28: 0000000000000001 x27: f0f0000007b99a38
x26: 0000000000000000 x25: 0000000000000000 x24: f0f0000007b99240
x23: 0000000000000000 x22: f0f0000007b99240 x21: f0f0000007b99240
x20: 00000000ffffffff x19: fdf0000016d5fc28 x18: 000000000001cf9f
x17: 0000000000000000 x16: 0000000000000000 x15: ffff800088ffb560
x14: 00000000ffffffea x13: ffff800088ffb988 x12: ffff80008292d920
x11: fffffffffffd8010 x10: fffffffffffd7fe8 x9 : 0000000000009be8
x8 : c0000000ffffe67f x7 : ffff80008287d898 x6 : 0000000000023ba8
x5 : ffff8000828a14c8 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 0000000000000000 x1 : 0000000000000000 x0 : f0f0000007b99240
Call trace:
 rcuref_put_slowpath+0xbc/0xd0 lib/rcuref.c:267 (P)
 __rcuref_put include/linux/rcuref.h:94 [inline]
 rcuref_put include/linux/rcuref.h:150 [inline]
 posixtimer_putref include/linux/posix-timers.h:226 [inline]
 posix_timer_cleanup_ignored kernel/time/posix-timers.c:977 [inline]
 exit_itimers+0x334/0x34c kernel/time/posix-timers.c:1114
 do_exit+0x17c/0x98c kernel/exit.c:912
 do_group_exit+0x34/0x90 kernel/exit.c:1087
 copy_siginfo_to_user+0x0/0xec kernel/signal.c:3036
 do_signal+0x94/0x360 arch/arm64/kernel/signal.c:1658
 do_notify_resume+0xd8/0x164 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xc0/0xe0 arch/arm64/kernel/entry-common.c:745
 el0t_64_sync_handler+0x10c/0x138 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x1a4/0x1a8 arch/arm64/kernel/entry.S:600
---[ end trace 0000000000000000 ]---


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ