[syzbot] possible deadlock in mnt_want_write (2)
24 views
Skip to first unread message
syzbot
Jun 15, 2021, 12:59:25 PM6/15/21
to linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Hello,
syzbot found the following issue on:
HEAD commit: 06af8679 coredump: Limit what can interrupt coredumps
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=162f99afd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=547a5e42ca601229
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 11.0.1-2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b42fe6...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.13.0-rc5-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/21398 is trying to acquire lock:
ffff8881485a6460 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:375
but task is already holding lock:
ffff888034945bc0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x75a/0x1ba0 security/integrity/ima/ima_main.c:253
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&iint->mutex){+.+.}-{3:3}:
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
__mutex_lock_common+0x1bf/0x3100 kernel/locking/mutex.c:959
__mutex_lock kernel/locking/mutex.c:1104 [inline]
mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1119
process_measurement+0x75a/0x1ba0 security/integrity/ima/ima_main.c:253
ima_file_check+0xe0/0x130 security/integrity/ima/ima_main.c:499
do_open fs/namei.c:3363 [inline]
path_openat+0x293d/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1187
do_sys_open fs/open.c:1203 [inline]
__do_sys_open fs/open.c:1211 [inline]
__se_sys_open fs/open.c:1207 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1207
do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #0 (sb_writers#5){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:2938 [inline]
check_prevs_add+0x4f9/0x5b60 kernel/locking/lockdep.c:3061
validate_chain kernel/locking/lockdep.c:3676 [inline]
__lock_acquire+0x4307/0x6040 kernel/locking/lockdep.c:4902
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1763 [inline]
sb_start_write+0x4f/0x180 include/linux/fs.h:1833
mnt_want_write+0x3b/0x80 fs/namespace.c:375
ovl_maybe_copy_up+0x117/0x180 fs/overlayfs/copy_up.c:996
ovl_open+0xa2/0x200 fs/overlayfs/file.c:149
do_dentry_open+0x7cb/0x1010 fs/open.c:826
vfs_open fs/open.c:940 [inline]
dentry_open+0xc6/0x120 fs/open.c:956
ima_calc_file_hash+0x157/0x1b00 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x283/0x520 security/integrity/ima/ima_api.c:252
process_measurement+0xf79/0x1ba0 security/integrity/ima/ima_main.c:330
ima_file_check+0xe0/0x130 security/integrity/ima/ima_main.c:499
do_open fs/namei.c:3363 [inline]
path_openat+0x293d/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1187
do_sys_open fs/open.c:1203 [inline]
__do_sys_open fs/open.c:1211 [inline]
__se_sys_open fs/open.c:1207 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1207
do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&iint->mutex);
lock(sb_writers#5);
lock(&iint->mutex);
lock(sb_writers#5);
*** DEADLOCK ***
1 lock held by syz-executor.1/21398:
#0: ffff888034945bc0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x75a/0x1ba0 security/integrity/ima/ima_main.c:253
stack backtrace:
CPU: 0 PID: 21398 Comm: syz-executor.1 Not tainted 5.13.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x202/0x31e lib/dump_stack.c:120
print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2007
check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2129
check_prev_add kernel/locking/lockdep.c:2938 [inline]
check_prevs_add+0x4f9/0x5b60 kernel/locking/lockdep.c:3061
validate_chain kernel/locking/lockdep.c:3676 [inline]
__lock_acquire+0x4307/0x6040 kernel/locking/lockdep.c:4902
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1763 [inline]
sb_start_write+0x4f/0x180 include/linux/fs.h:1833
mnt_want_write+0x3b/0x80 fs/namespace.c:375
ovl_maybe_copy_up+0x117/0x180 fs/overlayfs/copy_up.c:996
ovl_open+0xa2/0x200 fs/overlayfs/file.c:149
do_dentry_open+0x7cb/0x1010 fs/open.c:826
vfs_open fs/open.c:940 [inline]
dentry_open+0xc6/0x120 fs/open.c:956
ima_calc_file_hash+0x157/0x1b00 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x283/0x520 security/integrity/ima/ima_api.c:252
process_measurement+0xf79/0x1ba0 security/integrity/ima/ima_main.c:330
ima_file_check+0xe0/0x130 security/integrity/ima/ima_main.c:499
do_open fs/namei.c:3363 [inline]
path_openat+0x293d/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1187
do_sys_open fs/open.c:1203 [inline]
__do_sys_open fs/open.c:1211 [inline]
__se_sys_open fs/open.c:1207 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1207
do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665d9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f28cc64c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000200
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffdd1759cef R14: 00007f28cc64c300 R15: 0000000000022000
overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 06af8679 coredump: Limit what can interrupt coredumps
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=162f99afd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=547a5e42ca601229
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 11.0.1-2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b42fe6...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.13.0-rc5-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.1/21398 is trying to acquire lock:
ffff8881485a6460 (sb_writers#5){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:375
but task is already holding lock:
ffff888034945bc0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x75a/0x1ba0 security/integrity/ima/ima_main.c:253
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&iint->mutex){+.+.}-{3:3}:
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
__mutex_lock_common+0x1bf/0x3100 kernel/locking/mutex.c:959
__mutex_lock kernel/locking/mutex.c:1104 [inline]
mutex_lock_nested+0x1a/0x20 kernel/locking/mutex.c:1119
process_measurement+0x75a/0x1ba0 security/integrity/ima/ima_main.c:253
ima_file_check+0xe0/0x130 security/integrity/ima/ima_main.c:499
do_open fs/namei.c:3363 [inline]
path_openat+0x293d/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1187
do_sys_open fs/open.c:1203 [inline]
__do_sys_open fs/open.c:1211 [inline]
__se_sys_open fs/open.c:1207 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1207
do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
-> #0 (sb_writers#5){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:2938 [inline]
check_prevs_add+0x4f9/0x5b60 kernel/locking/lockdep.c:3061
validate_chain kernel/locking/lockdep.c:3676 [inline]
__lock_acquire+0x4307/0x6040 kernel/locking/lockdep.c:4902
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1763 [inline]
sb_start_write+0x4f/0x180 include/linux/fs.h:1833
mnt_want_write+0x3b/0x80 fs/namespace.c:375
ovl_maybe_copy_up+0x117/0x180 fs/overlayfs/copy_up.c:996
ovl_open+0xa2/0x200 fs/overlayfs/file.c:149
do_dentry_open+0x7cb/0x1010 fs/open.c:826
vfs_open fs/open.c:940 [inline]
dentry_open+0xc6/0x120 fs/open.c:956
ima_calc_file_hash+0x157/0x1b00 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x283/0x520 security/integrity/ima/ima_api.c:252
process_measurement+0xf79/0x1ba0 security/integrity/ima/ima_main.c:330
ima_file_check+0xe0/0x130 security/integrity/ima/ima_main.c:499
do_open fs/namei.c:3363 [inline]
path_openat+0x293d/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1187
do_sys_open fs/open.c:1203 [inline]
__do_sys_open fs/open.c:1211 [inline]
__se_sys_open fs/open.c:1207 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1207
do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&iint->mutex);
lock(sb_writers#5);
lock(&iint->mutex);
lock(sb_writers#5);
*** DEADLOCK ***
1 lock held by syz-executor.1/21398:
#0: ffff888034945bc0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x75a/0x1ba0 security/integrity/ima/ima_main.c:253
stack backtrace:
CPU: 0 PID: 21398 Comm: syz-executor.1 Not tainted 5.13.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0x202/0x31e lib/dump_stack.c:120
print_circular_bug+0xb17/0xdc0 kernel/locking/lockdep.c:2007
check_noncircular+0x2cc/0x390 kernel/locking/lockdep.c:2129
check_prev_add kernel/locking/lockdep.c:2938 [inline]
check_prevs_add+0x4f9/0x5b60 kernel/locking/lockdep.c:3061
validate_chain kernel/locking/lockdep.c:3676 [inline]
__lock_acquire+0x4307/0x6040 kernel/locking/lockdep.c:4902
lock_acquire+0x17f/0x720 kernel/locking/lockdep.c:5512
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1763 [inline]
sb_start_write+0x4f/0x180 include/linux/fs.h:1833
mnt_want_write+0x3b/0x80 fs/namespace.c:375
ovl_maybe_copy_up+0x117/0x180 fs/overlayfs/copy_up.c:996
ovl_open+0xa2/0x200 fs/overlayfs/file.c:149
do_dentry_open+0x7cb/0x1010 fs/open.c:826
vfs_open fs/open.c:940 [inline]
dentry_open+0xc6/0x120 fs/open.c:956
ima_calc_file_hash+0x157/0x1b00 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x283/0x520 security/integrity/ima/ima_api.c:252
process_measurement+0xf79/0x1ba0 security/integrity/ima/ima_main.c:330
ima_file_check+0xe0/0x130 security/integrity/ima/ima_main.c:499
do_open fs/namei.c:3363 [inline]
path_openat+0x293d/0x39b0 fs/namei.c:3494
do_filp_open+0x221/0x460 fs/namei.c:3521
do_sys_openat2+0x124/0x460 fs/open.c:1187
do_sys_open fs/open.c:1203 [inline]
__do_sys_open fs/open.c:1211 [inline]
__se_sys_open fs/open.c:1207 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1207
do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x4665d9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f28cc64c188 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000020000200
RBP: 00000000004bfcb9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80
R13: 00007ffdd1759cef R14: 00007f28cc64c300 R15: 0000000000022000
overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Hillf Danton
Jun 16, 2021, 5:02:01 AM6/16/21
to syzbot, linux-...@vger.kernel.org, Mimi Zohar, Hillf Danton, syzkall...@googlegroups.com
On Tue, 15 Jun 2021 09:59:24 -0700
s/mutex_lock/mutex_trylock/ to fix the deadlock above.
Add completion to iint to wait in case of failure of trylock and to do wakeup
after unlock.
It is now only for thoughts.
+++ x/security/integrity/ima/ima_main.c
@@ -250,7 +250,11 @@ static int process_measurement(struct fi
if (!action)
goto out;
- mutex_lock(&iint->mutex);
+ for (;;) {
+ if (mutex_trylock(&iint->mutex))
+ break;
+ wait_for_completion(&iint->compl);
+ }
if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
/* reset appraisal flags if ima_inode_post_setattr was called */
@@ -361,6 +365,7 @@ out_locked:
!(iint->flags & IMA_NEW_FILE))
rc = -EACCES;
mutex_unlock(&iint->mutex);
+ complete(&iint->compl);
kfree(xattr_value);
ima_free_modsig(modsig);
out:
Add completion to iint to wait in case of failure of trylock and to do wakeup
after unlock.
It is now only for thoughts.
+++ x/security/integrity/ima/ima_main.c
@@ -250,7 +250,11 @@ static int process_measurement(struct fi
if (!action)
goto out;
- mutex_lock(&iint->mutex);
+ for (;;) {
+ if (mutex_trylock(&iint->mutex))
+ break;
+ wait_for_completion(&iint->compl);
+ }
if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
/* reset appraisal flags if ima_inode_post_setattr was called */
@@ -361,6 +365,7 @@ out_locked:
!(iint->flags & IMA_NEW_FILE))
rc = -EACCES;
mutex_unlock(&iint->mutex);
+ complete(&iint->compl);
kfree(xattr_value);
ima_free_modsig(modsig);
out:
Hillf Danton
Jun 16, 2021, 11:12:11 PM6/16/21
to syzbot, linux-...@vger.kernel.org, Mimi Zohar, Hillf Danton, syzkall...@googlegroups.com
On Tue, 15 Jun 2021 09:59:24 -0700
case of failure if it is now difficult to add changes to the call site of
ima_file_check where in long run we should detect EAGAIN from ima_file_check
and retry with sb_writers released.
Thoughts are welcome.
+++ x/security/integrity/ima/ima_main.c
@@ -250,7 +250,10 @@ static int process_measurement(struct fi
if (!action)
goto out;
- mutex_lock(&iint->mutex);
+ if (!mutex_trylock(&iint->mutex)) {
goto out;
- mutex_lock(&iint->mutex);
+ rc = -EAGAIN;
+ goto out;
Miklos Szeredi
Jul 19, 2021, 11:11:42 AM7/19/21
to syzbot, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkaller-bugs, Al Viro, linux-integrity
[CC: linux-intergrity]
Mimi Zohar
Jul 22, 2021, 9:50:17 AM7/22/21
to Miklos Szeredi, syzbot, Hillf Danton, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkaller-bugs, Al Viro, linux-integrity
[CC'ing Hillf Danton <hda...@sina.com>]
Hi Miklos,
On Mon, 2021-07-19 at 17:11 +0200, Miklos Szeredi wrote:
> [CC: linux-intergrity]
>
> On Tue, 15 Jun 2021 at 18:59, syzbot
> <syzbot+b42fe6...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: 06af8679 coredump: Limit what can interrupt coredumps
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=162f99afd00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=547a5e42ca601229
> > dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
> > compiler: Debian clang version 11.0.1-2
> >
> > Unfortunately, I don't have any reproducer for this issue yet.
There was a similar syzbot report and followup discussion [1].
According to Amir Goldstein, it's a false positive lockdep warning.
At this point we understand how to fix the problem, but are waiting for
a reproducer.
thanks,
Mimi
[1] Message-Id: <20210616090142...@sina.com>
Hi Miklos,
On Mon, 2021-07-19 at 17:11 +0200, Miklos Szeredi wrote:
> [CC: linux-intergrity]
>
> On Tue, 15 Jun 2021 at 18:59, syzbot
> <syzbot+b42fe6...@syzkaller.appspotmail.com> wrote:
> >
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: 06af8679 coredump: Limit what can interrupt coredumps
> > git tree: upstream
> > console output: https://syzkaller.appspot.com/x/log.txt?x=162f99afd00000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=547a5e42ca601229
> > dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
> > compiler: Debian clang version 11.0.1-2
> >
> > Unfortunately, I don't have any reproducer for this issue yet.
According to Amir Goldstein, it's a false positive lockdep warning.
At this point we understand how to fix the problem, but are waiting for
a reproducer.
thanks,
Mimi
[1] Message-Id: <20210616090142...@sina.com>
syzbot
Jul 2, 2022, 1:27:31 PM7/2/22
to hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, zo...@linux.ibm.com, zo...@us.ibm.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 089866061428 Merge tag 'libnvdimm-fixes-5.19-rc5' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11dd91f0080000
kernel config: https://syzkaller.appspot.com/x/.config?x=75c9ff14e1db87c0
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=167bafc0080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11aad3e0080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b42fe6...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
5.19.0-rc4-syzkaller-00187-g089866061428 #0 Not tainted
------------------------------------------------------
syz-executor450/3829 is trying to acquire lock:
ffff88807e574460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:393
but task is already holding lock:
ffff888074de91a0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7d2/0x1c10 security/integrity/ima/ima_main.c:260
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&iint->mutex){+.+.}-{3:3}:
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
__mutex_lock_common+0x1de/0x26c0 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
process_measurement+0x7d2/0x1c10 security/integrity/ima/ima_main.c:260
ima_file_check+0xe7/0x160 security/integrity/ima/ima_main.c:517
do_open fs/namei.c:3522 [inline]
path_openat+0x2705/0x2ec0 fs/namei.c:3653
do_filp_open+0x277/0x4f0 fs/namei.c:3680
do_sys_openat2+0x13b/0x500 fs/open.c:1278
do_sys_open fs/open.c:1294 [inline]
__do_sys_open fs/open.c:1302 [inline]
__se_sys_open fs/open.c:1298 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1298
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
-> #0 (sb_writers#4){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain+0x185c/0x65c0 kernel/locking/lockdep.c:3829
__lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5053
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1699 [inline]
sb_start_write+0x4d/0x1a0 include/linux/fs.h:1774
mnt_want_write+0x3b/0x80 fs/namespace.c:393
ovl_maybe_copy_up+0x124/0x190 fs/overlayfs/copy_up.c:1078
ovl_open+0x106/0x2a0 fs/overlayfs/file.c:152
do_dentry_open+0x789/0x1040 fs/open.c:848
vfs_open fs/open.c:981 [inline]
dentry_open+0xc1/0x120 fs/open.c:997
ima_calc_file_hash+0x157/0x1cb0 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x3de/0x850 security/integrity/ima/ima_api.c:292
process_measurement+0xf87/0x1c10 security/integrity/ima/ima_main.c:337
ima_file_check+0xe7/0x160 security/integrity/ima/ima_main.c:517
do_open fs/namei.c:3522 [inline]
path_openat+0x2705/0x2ec0 fs/namei.c:3653
do_filp_open+0x277/0x4f0 fs/namei.c:3680
do_sys_openat2+0x13b/0x500 fs/open.c:1278
do_sys_open fs/open.c:1294 [inline]
__do_sys_open fs/open.c:1302 [inline]
__se_sys_open fs/open.c:1298 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1298
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&iint->mutex);
lock(sb_writers#4);
lock(&iint->mutex);
lock(sb_writers#4);
*** DEADLOCK ***
1 lock held by syz-executor450/3829:
#0: ffff888074de91a0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7d2/0x1c10 security/integrity/ima/ima_main.c:260
stack backtrace:
CPU: 1 PID: 3829 Comm: syz-executor450 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
check_noncircular+0x2f7/0x3b0 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain+0x185c/0x65c0 kernel/locking/lockdep.c:3829
__lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5053
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1699 [inline]
sb_start_write+0x4d/0x1a0 include/linux/fs.h:1774
mnt_want_write+0x3b/0x80 fs/namespace.c:393
ovl_maybe_copy_up+0x124/0x190 fs/overlayfs/copy_up.c:1078
ovl_open+0x106/0x2a0 fs/overlayfs/file.c:152
do_dentry_open+0x789/0x1040 fs/open.c:848
vfs_open fs/open.c:981 [inline]
dentry_open+0xc1/0x120 fs/open.c:997
ima_calc_file_hash+0x157/0x1cb0 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x3de/0x850 security/integrity/ima/ima_api.c:292
process_measurement+0xf87/0x1c10 security/integrity/ima/ima_main.c:337
ima_file_check+0xe7/0x160 security/integrity/ima/ima_main.c:517
do_open fs/namei.c:3522 [inline]
path_openat+0x2705/0x2ec0 fs/namei.c:3653
do_filp_open+0x277/0x4f0 fs/namei.c:3680
do_sys_openat2+0x13b/0x500 fs/open.c:1278
do_sys_open fs/open.c:1294 [inline]
__do_sys_open fs/open.c:1302 [inline]
__se_sys_open fs/open.c:1298 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1298
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7faf98402749
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 16 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faf9838e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007faf98491270 RCX: 00007faf98402749
RDX: 0000000000000000 RSI: 000000000000000b RDI: 00000000200000c0
RBP: 00007faf98458504 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
R13: 3d7269647265776f R14: 0079616c7265766f R15: 00007faf98491278
</TASK>
HEAD commit: 089866061428 Merge tag 'libnvdimm-fixes-5.19-rc5' of git:/..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11dd91f0080000
kernel config: https://syzkaller.appspot.com/x/.config?x=75c9ff14e1db87c0
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=167bafc0080000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11aad3e0080000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b42fe6...@syzkaller.appspotmail.com
======================================================
WARNING: possible circular locking dependency detected
------------------------------------------------------
syz-executor450/3829 is trying to acquire lock:
ffff88807e574460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 fs/namespace.c:393
but task is already holding lock:
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&iint->mutex){+.+.}-{3:3}:
__mutex_lock_common+0x1de/0x26c0 kernel/locking/mutex.c:603
__mutex_lock kernel/locking/mutex.c:747 [inline]
mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:799
process_measurement+0x7d2/0x1c10 security/integrity/ima/ima_main.c:260
ima_file_check+0xe7/0x160 security/integrity/ima/ima_main.c:517
do_open fs/namei.c:3522 [inline]
path_openat+0x2705/0x2ec0 fs/namei.c:3653
do_filp_open+0x277/0x4f0 fs/namei.c:3680
do_sys_openat2+0x13b/0x500 fs/open.c:1278
do_sys_open fs/open.c:1294 [inline]
__do_sys_open fs/open.c:1302 [inline]
__se_sys_open fs/open.c:1298 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1298
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
-> #0 (sb_writers#4){.+.+}-{0:0}:
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain+0x185c/0x65c0 kernel/locking/lockdep.c:3829
__lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5053
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1699 [inline]
sb_start_write+0x4d/0x1a0 include/linux/fs.h:1774
mnt_want_write+0x3b/0x80 fs/namespace.c:393
ovl_maybe_copy_up+0x124/0x190 fs/overlayfs/copy_up.c:1078
ovl_open+0x106/0x2a0 fs/overlayfs/file.c:152
do_dentry_open+0x789/0x1040 fs/open.c:848
vfs_open fs/open.c:981 [inline]
dentry_open+0xc1/0x120 fs/open.c:997
ima_calc_file_hash+0x157/0x1cb0 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x3de/0x850 security/integrity/ima/ima_api.c:292
process_measurement+0xf87/0x1c10 security/integrity/ima/ima_main.c:337
ima_file_check+0xe7/0x160 security/integrity/ima/ima_main.c:517
do_open fs/namei.c:3522 [inline]
path_openat+0x2705/0x2ec0 fs/namei.c:3653
do_filp_open+0x277/0x4f0 fs/namei.c:3680
do_sys_openat2+0x13b/0x500 fs/open.c:1278
do_sys_open fs/open.c:1294 [inline]
__do_sys_open fs/open.c:1302 [inline]
__se_sys_open fs/open.c:1298 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1298
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(&iint->mutex);
lock(&iint->mutex);
lock(sb_writers#4);
*** DEADLOCK ***
1 lock held by syz-executor450/3829:
#0: ffff888074de91a0 (&iint->mutex){+.+.}-{3:3}, at: process_measurement+0x7d2/0x1c10 security/integrity/ima/ima_main.c:260
stack backtrace:
CPU: 1 PID: 3829 Comm: syz-executor450 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
check_noncircular+0x2f7/0x3b0 kernel/locking/lockdep.c:2175
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain+0x185c/0x65c0 kernel/locking/lockdep.c:3829
__lock_acquire+0x129a/0x1f80 kernel/locking/lockdep.c:5053
lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5665
percpu_down_read include/linux/percpu-rwsem.h:51 [inline]
__sb_start_write include/linux/fs.h:1699 [inline]
sb_start_write+0x4d/0x1a0 include/linux/fs.h:1774
mnt_want_write+0x3b/0x80 fs/namespace.c:393
ovl_maybe_copy_up+0x124/0x190 fs/overlayfs/copy_up.c:1078
ovl_open+0x106/0x2a0 fs/overlayfs/file.c:152
do_dentry_open+0x789/0x1040 fs/open.c:848
vfs_open fs/open.c:981 [inline]
dentry_open+0xc1/0x120 fs/open.c:997
ima_calc_file_hash+0x157/0x1cb0 security/integrity/ima/ima_crypto.c:557
ima_collect_measurement+0x3de/0x850 security/integrity/ima/ima_api.c:292
process_measurement+0xf87/0x1c10 security/integrity/ima/ima_main.c:337
ima_file_check+0xe7/0x160 security/integrity/ima/ima_main.c:517
do_open fs/namei.c:3522 [inline]
path_openat+0x2705/0x2ec0 fs/namei.c:3653
do_filp_open+0x277/0x4f0 fs/namei.c:3680
do_sys_openat2+0x13b/0x500 fs/open.c:1278
do_sys_open fs/open.c:1294 [inline]
__do_sys_open fs/open.c:1302 [inline]
__se_sys_open fs/open.c:1298 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1298
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7faf98402749
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 16 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007faf9838e2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007faf98491270 RCX: 00007faf98402749
RDX: 0000000000000000 RSI: 000000000000000b RDI: 00000000200000c0
RBP: 00007faf98458504 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
R13: 3d7269647265776f R14: 0079616c7265766f R15: 00007faf98491278
</TASK>
Hillf Danton
Jul 2, 2022, 9:34:07 PM7/2/22
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Sat, 02 Jul 2022 10:27:30 -0700
See if the proposal [1] is a fix.
[1] https://lore.kernel.org/lkml/23ba225593be391c384109a...@linux.ibm.com/
#syz test http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git 089866061428
--- y/security/integrity/iint.c
+++ i/security/integrity/iint.c
@@ -85,6 +85,17 @@ static void iint_free(struct integrity_i
kmem_cache_free(iint_cache, iint);
}
+static void iint_annotate_mutex_key(struct integrity_iint_cache *iint, struct inode *inode)
+{
+#ifdef CONFIG_LOCKDEP
+ static struct lock_class_key iint_mutex_key[FILESYSTEM_MAX_STACK_DEPTH];
+
+ int depth = inode->i_sb->s_stack_depth - 1;
+
+ lockdep_set_class(&iint->mutex, &iint_mutex_key[depth]);
+#endif
+}
+
/**
* integrity_inode_get - find or allocate an iint associated with an inode
* @inode: pointer to the inode
@@ -114,6 +125,8 @@ struct integrity_iint_cache *integrity_i
if (!iint)
return NULL;
+ iint_annotate_mutex_key(iint, inode);
+
write_lock(&integrity_iint_lock);
p = &integrity_iint_tree.rb_node;
--
[1] https://lore.kernel.org/lkml/23ba225593be391c384109a...@linux.ibm.com/
#syz test http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git 089866061428
--- y/security/integrity/iint.c
+++ i/security/integrity/iint.c
@@ -85,6 +85,17 @@ static void iint_free(struct integrity_i
kmem_cache_free(iint_cache, iint);
}
+static void iint_annotate_mutex_key(struct integrity_iint_cache *iint, struct inode *inode)
+{
+#ifdef CONFIG_LOCKDEP
+ static struct lock_class_key iint_mutex_key[FILESYSTEM_MAX_STACK_DEPTH];
+
+ int depth = inode->i_sb->s_stack_depth - 1;
+
+ lockdep_set_class(&iint->mutex, &iint_mutex_key[depth]);
+#endif
+}
+
/**
* integrity_inode_get - find or allocate an iint associated with an inode
* @inode: pointer to the inode
@@ -114,6 +125,8 @@ struct integrity_iint_cache *integrity_i
if (!iint)
return NULL;
+ iint_annotate_mutex_key(iint, inode);
+
write_lock(&integrity_iint_lock);
p = &integrity_iint_tree.rb_node;
--
syzbot
Jul 3, 2022, 2:42:08 AM7/3/22
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
[ 10.794756][ T1] Actions configured
[ 10.798980][ T1] nf_conntrack_irc: failed to register helpers
[ 10.800343][ T1] nf_conntrack_sane: failed to register helpers
[ 10.916180][ T1] nf_conntrack_sip: failed to register helpers
[ 10.925334][ T1] xt_time: kernel timezone is -0000
[ 10.926447][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 10.928073][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 10.930247][ T1] IPVS: ipvs loaded.
[ 10.931222][ T1] IPVS: [rr] scheduler registered.
[ 10.932047][ T1] IPVS: [wrr] scheduler registered.
[ 10.933355][ T1] IPVS: [lc] scheduler registered.
[ 10.934246][ T1] IPVS: [wlc] scheduler registered.
[ 10.934951][ T1] IPVS: [fo] scheduler registered.
[ 10.935883][ T1] IPVS: [ovf] scheduler registered.
[ 10.936731][ T1] IPVS: [lblc] scheduler registered.
[ 10.937688][ T1] IPVS: [lblcr] scheduler registered.
[ 10.938722][ T1] IPVS: [dh] scheduler registered.
[ 10.939424][ T1] IPVS: [sh] scheduler registered.
[ 10.940664][ T1] IPVS: [mh] scheduler registered.
[ 10.941647][ T1] IPVS: [sed] scheduler registered.
[ 10.942479][ T1] IPVS: [nq] scheduler registered.
[ 10.943378][ T1] IPVS: [twos] scheduler registered.
[ 10.945063][ T1] IPVS: [sip] pe registered.
[ 10.945914][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 10.949523][ T1] gre: GRE over IPv4 demultiplexor driver
[ 10.950671][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 10.959843][ T1] IPv4 over IPsec tunneling driver
[ 10.963931][ T1] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[ 10.965654][ T1] Initializing XFRM netlink socket
[ 10.966501][ T1] IPsec XFRM device driver
[ 10.969892][ T1] NET: Registered PF_INET6 protocol family
[ 10.983255][ T1] Segment Routing with IPv6
[ 10.984380][ T1] RPL Segment Routing with IPv6
[ 10.985473][ T1] In-situ OAM (IOAM) with IPv6
[ 10.986688][ T1] mip6: Mobile IPv6
[ 10.991973][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 11.000450][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 11.004645][ T1] NET: Registered PF_PACKET protocol family
[ 11.005898][ T1] NET: Registered PF_KEY protocol family
[ 11.007907][ T1] Bridge firewalling registered
[ 11.009408][ T1] NET: Registered PF_X25 protocol family
[ 11.010490][ T1] X25: Linux Version 0.2
[ 11.056697][ T1] NET: Registered PF_NETROM protocol family
[ 11.102477][ T1] NET: Registered PF_ROSE protocol family
[ 11.104096][ T1] NET: Registered PF_AX25 protocol family
[ 11.105175][ T1] can: controller area network core
[ 11.107418][ T1] NET: Registered PF_CAN protocol family
[ 11.108767][ T1] can: raw protocol
[ 11.109525][ T1] can: broadcast manager protocol
[ 11.110776][ T1] can: netlink gateway - max_hops=1
[ 11.112235][ T1] can: SAE J1939
[ 11.112864][ T1] can: isotp protocol
[ 11.114031][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 11.115090][ T1] Bluetooth: RFCOMM socket layer initialized
[ 11.116448][ T1] Bluetooth: RFCOMM ver 1.11
[ 11.117194][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 11.118258][ T1] Bluetooth: BNEP filters: protocol multicast
[ 11.119119][ T1] Bluetooth: BNEP socket layer initialized
[ 11.119936][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 11.120795][ T1] Bluetooth: CMTP socket layer initialized
[ 11.121612][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 11.122979][ T1] Bluetooth: HIDP socket layer initialized
[ 11.128646][ T1] NET: Registered PF_RXRPC protocol family
[ 11.129561][ T1] Key type rxrpc registered
[ 11.130235][ T1] Key type rxrpc_s registered
[ 11.132345][ T1] NET: Registered PF_KCM protocol family
[ 11.134208][ T1] lec:lane_module_init: lec.c: initialized
[ 11.135104][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 11.136035][ T1] l2tp_core: L2TP core driver, V2.0
[ 11.136763][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 11.137521][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 11.138798][ T1] l2tp_netlink: L2TP netlink interface
[ 11.139676][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 11.140591][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 11.142091][ T1] NET: Registered PF_PHONET protocol family
[ 11.144330][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 11.158244][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 11.159895][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 11.164250][ T1] sctp: Hash tables configured (bind 32/56)
[ 11.167526][ T1] NET: Registered PF_RDS protocol family
[ 11.169491][ T1] Registered RDS/infiniband transport
[ 11.171614][ T1] Registered RDS/tcp transport
[ 11.172335][ T1] tipc: Activated (version 2.0.0)
[ 11.173958][ T1] NET: Registered PF_TIPC protocol family
[ 11.175494][ T1] tipc: Started in single node mode
[ 11.177372][ T1] NET: Registered PF_SMC protocol family
[ 11.178657][ T1] 9pnet: Installing 9P2000 support
[ 11.179908][ T1] NET: Registered PF_CAIF protocol family
[ 11.186645][ T1] NET: Registered PF_IEEE802154 protocol family
[ 11.188074][ T1] Key type dns_resolver registered
[ 11.188970][ T1] Key type ceph registered
[ 11.190736][ T1] libceph: loaded (mon/osd proto 15/24)
[ 11.194170][ T1] batman_adv: B.A.T.M.A.N. advanced 2022.2 (compatibility version 15) loaded
[ 11.195538][ T1] openvswitch: Open vSwitch switching datapath
[ 11.200918][ T1] NET: Registered PF_VSOCK protocol family
[ 11.202106][ T1] mpls_gso: MPLS GSO support
[ 11.210879][ T1] IPI shorthand broadcast: enabled
[ 11.211827][ T1] AVX2 version of gcm_enc/dec engaged.
[ 11.212938][ T1] AES CTR mode by8 optimization enabled
[ 11.216937][ T1] sched_clock: Marking stable (11189291508, 27411798)->(11228251728, -11548422)
[ 11.220049][ T1] registered taskstats version 1
[ 11.226325][ T1] Loading compiled-in X.509 certificates
[ 11.232410][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 327992f6769a077bd3f61b5b84c11a0b7686edca'
[ 11.237367][ T1] zswap: loaded using pool lzo/zbud
[ 11.239785][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 13.446441][ T1] Key type ._fscrypt registered
[ 13.447548][ T1] Key type .fscrypt registered
[ 13.448655][ T1] Key type fscrypt-provisioning registered
[ 13.457608][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 13.471332][ T1] Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes, fsverity=yes
[ 13.481315][ T1] Key type big_key registered
[ 13.489809][ T1] Key type encrypted registered
[ 13.495191][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 13.501677][ T1] Loading compiled-in module X.509 certificates
[ 13.510483][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 327992f6769a077bd3f61b5b84c11a0b7686edca'
[ 13.521562][ T1] ima: Allocated hash algorithm: sha256
[ 13.527593][ T1] ima: No architecture policies found
[ 13.533919][ T1] evm: Initialising EVM extended attributes:
[ 13.540125][ T1] evm: security.selinux (disabled)
[ 13.545284][ T1] evm: security.SMACK64
[ 13.549630][ T1] evm: security.SMACK64EXEC
[ 13.554262][ T1] evm: security.SMACK64TRANSMUTE
[ 13.559359][ T1] evm: security.SMACK64MMAP
[ 13.564258][ T1] evm: security.apparmor (disabled)
[ 13.569451][ T1] evm: security.ima
[ 13.573281][ T1] evm: security.capability
[ 13.577912][ T1] evm: HMAC attrs: 0x1
[ 13.667958][ T1] PM: Magic number: 14:892:568
[ 13.674812][ T1] tty ptyb0: hash matches
[ 13.681749][ T1] printk: console [netcon0] enabled
[ 13.687578][ T1] netconsole: network logging started
[ 13.693813][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 13.702896][ T1] rdma_rxe: loaded
[ 13.707226][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 13.718938][ T1] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 13.728511][ T14] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 13.735610][ T1] ALSA device list:
[ 13.739036][ T14] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 13.742820][ T1] #0: Dummy 1
[ 13.754601][ T1] #1: Loopback 1
[ 13.758445][ T1] #2: Virtual MIDI Card 1
[ 13.766195][ T1] md: Waiting for all devices to be available before autodetect
[ 13.773982][ T1] md: If you don't use raid, use raid=noautodetect
[ 13.780525][ T1] md: Autodetecting RAID arrays.
[ 13.785616][ T1] md: autorun ...
[ 13.789260][ T1] md: ... autorun DONE.
[ 13.851436][ T1] EXT4-fs (sda1): mounted filesystem with ordered data mode. Quota mode: none.
[ 13.860907][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 13.871937][ T1] devtmpfs: mounted
[ 13.933201][ T1] Freeing unused kernel image (initmem) memory: 2532K
[ 13.940276][ T1] Write protecting the kernel read-only data: 188416k
[ 13.952095][ T1] Freeing unused kernel image (text/rodata gap) memory: 2016K
[ 13.961388][ T1] Freeing unused kernel image (rodata/data gap) memory: 968K
[ 13.976834][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 13.986636][ T1] Run /sbin/init as init process
[ 14.016105][ T1] ================================================================================
[ 14.026198][ T1] UBSAN: array-index-out-of-bounds in security/integrity/iint.c:95:2
[ 14.034474][ T1] index -1 is out of range for type 'struct lock_class_key [2]'
[ 14.042117][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428-dirty #0
[ 14.052389][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 14.062467][ T1] Call Trace:
[ 14.066465][ T1] <TASK>
[ 14.069409][ T1] dump_stack_lvl+0x1e3/0x2cb
[ 14.074120][ T1] ? bfq_pos_tree_add_move+0x436/0x436
[ 14.079687][ T1] ? panic+0x76e/0x76e
[ 14.083765][ T1] ? rcu_read_lock_sched_held+0x89/0x130
[ 14.089406][ T1] __ubsan_handle_out_of_bounds+0x107/0x150
[ 14.095337][ T1] integrity_inode_get+0x417/0x420
[ 14.100496][ T1] process_measurement+0x444/0x1c10
[ 14.105745][ T1] ? print_irqtrace_events+0x220/0x220
[ 14.111236][ T1] ? ima_file_mmap+0x1b0/0x1b0
[ 14.116014][ T1] ? kasan_quarantine_put+0xd4/0x230
[ 14.121423][ T1] ? smack_current_getsecid_subj+0x19/0xe0
[ 14.127356][ T1] ima_bprm_check+0x11e/0x2a0
[ 14.132103][ T1] ? ima_file_mprotect+0x510/0x510
[ 14.137259][ T1] ? tomoyo_bprm_check_security+0x115/0x130
[ 14.143150][ T1] ? bpf_lsm_bprm_check_security+0x5/0x10
[ 14.148873][ T1] bprm_execve+0x817/0x1590
[ 14.153386][ T1] ? alloc_bprm+0x3b0/0x3b0
[ 14.157892][ T1] ? alloc_bprm+0x353/0x3b0
[ 14.162394][ T1] kernel_execve+0x8eb/0xa00
[ 14.167065][ T1] kernel_init+0xda/0x2b0
[ 14.171391][ T1] ? rest_init+0x270/0x270
[ 14.175801][ T1] ret_from_fork+0x1f/0x30
[ 14.180231][ T1] </TASK>
[ 14.183787][ T1] ================================================================================
[ 14.193269][ T1] Kernel panic - not syncing: panic_on_warn set ...
[ 14.199850][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428-dirty #0
[ 14.210167][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 14.220252][ T1] Call Trace:
[ 14.223537][ T1] <TASK>
[ 14.226571][ T1] dump_stack_lvl+0x1e3/0x2cb
[ 14.231355][ T1] ? bfq_pos_tree_add_move+0x436/0x436
[ 14.236810][ T1] ? panic+0x76e/0x76e
[ 14.240957][ T1] ? preempt_schedule_thunk+0x16/0x18
[ 14.246363][ T1] ? vscnprintf+0x59/0x80
[ 14.250705][ T1] panic+0x312/0x76e
[ 14.254604][ T1] ? __ubsan_handle_out_of_bounds+0x12c/0x150
[ 14.260665][ T1] ? fb_is_primary_device+0xcc/0xcc
[ 14.265939][ T1] ? panic+0x76e/0x76e
[ 14.270008][ T1] ? rcu_read_lock_sched_held+0x89/0x130
[ 14.275730][ T1] __ubsan_handle_out_of_bounds+0x14d/0x150
[ 14.281647][ T1] integrity_inode_get+0x417/0x420
[ 14.286807][ T1] process_measurement+0x444/0x1c10
[ 14.292135][ T1] ? print_irqtrace_events+0x220/0x220
[ 14.297831][ T1] ? ima_file_mmap+0x1b0/0x1b0
[ 14.302633][ T1] ? kasan_quarantine_put+0xd4/0x230
[ 14.307994][ T1] ? smack_current_getsecid_subj+0x19/0xe0
[ 14.313918][ T1] ima_bprm_check+0x11e/0x2a0
[ 14.318661][ T1] ? ima_file_mprotect+0x510/0x510
[ 14.323793][ T1] ? tomoyo_bprm_check_security+0x115/0x130
[ 14.329699][ T1] ? bpf_lsm_bprm_check_security+0x5/0x10
[ 14.335526][ T1] bprm_execve+0x817/0x1590
[ 14.340156][ T1] ? alloc_bprm+0x3b0/0x3b0
[ 14.344935][ T1] ? alloc_bprm+0x353/0x3b0
[ 14.349436][ T1] kernel_execve+0x8eb/0xa00
[ 14.354026][ T1] kernel_init+0xda/0x2b0
[ 14.358519][ T1] ? rest_init+0x270/0x270
[ 14.362929][ T1] ret_from_fork+0x1f/0x30
[ 14.367343][ T1] </TASK>
[ 14.370965][ T1] Kernel Offset: disabled
[ 14.375385][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1808995379=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 1434eec0b
nothing to commit, working tree clean
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1434eec0b84075b7246560cfa89f20cdb3d8077f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220629-111539'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1434eec0b84075b7246560cfa89f20cdb3d8077f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220629-111539'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1434eec0b84075b7246560cfa89f20cdb3d8077f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220629-111539'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"1434eec0b84075b7246560cfa89f20cdb3d8077f\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=15eb7be0080000
Tested on:
commit: 08986606 Merge tag 'libnvdimm-fixes-5.19-rc5' of git:/..
git tree: http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git
syzbot tried to test the proposed patch but the build/boot failed:
[ 10.794756][ T1] Actions configured
[ 10.798980][ T1] nf_conntrack_irc: failed to register helpers
[ 10.800343][ T1] nf_conntrack_sane: failed to register helpers
[ 10.916180][ T1] nf_conntrack_sip: failed to register helpers
[ 10.925334][ T1] xt_time: kernel timezone is -0000
[ 10.926447][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 10.928073][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 10.930247][ T1] IPVS: ipvs loaded.
[ 10.931222][ T1] IPVS: [rr] scheduler registered.
[ 10.932047][ T1] IPVS: [wrr] scheduler registered.
[ 10.933355][ T1] IPVS: [lc] scheduler registered.
[ 10.934246][ T1] IPVS: [wlc] scheduler registered.
[ 10.934951][ T1] IPVS: [fo] scheduler registered.
[ 10.935883][ T1] IPVS: [ovf] scheduler registered.
[ 10.936731][ T1] IPVS: [lblc] scheduler registered.
[ 10.937688][ T1] IPVS: [lblcr] scheduler registered.
[ 10.938722][ T1] IPVS: [dh] scheduler registered.
[ 10.939424][ T1] IPVS: [sh] scheduler registered.
[ 10.940664][ T1] IPVS: [mh] scheduler registered.
[ 10.941647][ T1] IPVS: [sed] scheduler registered.
[ 10.942479][ T1] IPVS: [nq] scheduler registered.
[ 10.943378][ T1] IPVS: [twos] scheduler registered.
[ 10.945063][ T1] IPVS: [sip] pe registered.
[ 10.945914][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 10.949523][ T1] gre: GRE over IPv4 demultiplexor driver
[ 10.950671][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 10.959843][ T1] IPv4 over IPsec tunneling driver
[ 10.963931][ T1] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[ 10.965654][ T1] Initializing XFRM netlink socket
[ 10.966501][ T1] IPsec XFRM device driver
[ 10.969892][ T1] NET: Registered PF_INET6 protocol family
[ 10.983255][ T1] Segment Routing with IPv6
[ 10.984380][ T1] RPL Segment Routing with IPv6
[ 10.985473][ T1] In-situ OAM (IOAM) with IPv6
[ 10.986688][ T1] mip6: Mobile IPv6
[ 10.991973][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 11.000450][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 11.004645][ T1] NET: Registered PF_PACKET protocol family
[ 11.005898][ T1] NET: Registered PF_KEY protocol family
[ 11.007907][ T1] Bridge firewalling registered
[ 11.009408][ T1] NET: Registered PF_X25 protocol family
[ 11.010490][ T1] X25: Linux Version 0.2
[ 11.056697][ T1] NET: Registered PF_NETROM protocol family
[ 11.102477][ T1] NET: Registered PF_ROSE protocol family
[ 11.104096][ T1] NET: Registered PF_AX25 protocol family
[ 11.105175][ T1] can: controller area network core
[ 11.107418][ T1] NET: Registered PF_CAN protocol family
[ 11.108767][ T1] can: raw protocol
[ 11.109525][ T1] can: broadcast manager protocol
[ 11.110776][ T1] can: netlink gateway - max_hops=1
[ 11.112235][ T1] can: SAE J1939
[ 11.112864][ T1] can: isotp protocol
[ 11.114031][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 11.115090][ T1] Bluetooth: RFCOMM socket layer initialized
[ 11.116448][ T1] Bluetooth: RFCOMM ver 1.11
[ 11.117194][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 11.118258][ T1] Bluetooth: BNEP filters: protocol multicast
[ 11.119119][ T1] Bluetooth: BNEP socket layer initialized
[ 11.119936][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 11.120795][ T1] Bluetooth: CMTP socket layer initialized
[ 11.121612][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 11.122979][ T1] Bluetooth: HIDP socket layer initialized
[ 11.128646][ T1] NET: Registered PF_RXRPC protocol family
[ 11.129561][ T1] Key type rxrpc registered
[ 11.130235][ T1] Key type rxrpc_s registered
[ 11.132345][ T1] NET: Registered PF_KCM protocol family
[ 11.134208][ T1] lec:lane_module_init: lec.c: initialized
[ 11.135104][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 11.136035][ T1] l2tp_core: L2TP core driver, V2.0
[ 11.136763][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 11.137521][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 11.138798][ T1] l2tp_netlink: L2TP netlink interface
[ 11.139676][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 11.140591][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 11.142091][ T1] NET: Registered PF_PHONET protocol family
[ 11.144330][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 11.158244][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 11.159895][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 11.164250][ T1] sctp: Hash tables configured (bind 32/56)
[ 11.167526][ T1] NET: Registered PF_RDS protocol family
[ 11.169491][ T1] Registered RDS/infiniband transport
[ 11.171614][ T1] Registered RDS/tcp transport
[ 11.172335][ T1] tipc: Activated (version 2.0.0)
[ 11.173958][ T1] NET: Registered PF_TIPC protocol family
[ 11.175494][ T1] tipc: Started in single node mode
[ 11.177372][ T1] NET: Registered PF_SMC protocol family
[ 11.178657][ T1] 9pnet: Installing 9P2000 support
[ 11.179908][ T1] NET: Registered PF_CAIF protocol family
[ 11.186645][ T1] NET: Registered PF_IEEE802154 protocol family
[ 11.188074][ T1] Key type dns_resolver registered
[ 11.188970][ T1] Key type ceph registered
[ 11.190736][ T1] libceph: loaded (mon/osd proto 15/24)
[ 11.194170][ T1] batman_adv: B.A.T.M.A.N. advanced 2022.2 (compatibility version 15) loaded
[ 11.195538][ T1] openvswitch: Open vSwitch switching datapath
[ 11.200918][ T1] NET: Registered PF_VSOCK protocol family
[ 11.202106][ T1] mpls_gso: MPLS GSO support
[ 11.210879][ T1] IPI shorthand broadcast: enabled
[ 11.211827][ T1] AVX2 version of gcm_enc/dec engaged.
[ 11.212938][ T1] AES CTR mode by8 optimization enabled
[ 11.216937][ T1] sched_clock: Marking stable (11189291508, 27411798)->(11228251728, -11548422)
[ 11.220049][ T1] registered taskstats version 1
[ 11.226325][ T1] Loading compiled-in X.509 certificates
[ 11.232410][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 327992f6769a077bd3f61b5b84c11a0b7686edca'
[ 11.237367][ T1] zswap: loaded using pool lzo/zbud
[ 11.239785][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 13.446441][ T1] Key type ._fscrypt registered
[ 13.447548][ T1] Key type .fscrypt registered
[ 13.448655][ T1] Key type fscrypt-provisioning registered
[ 13.457608][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 13.471332][ T1] Btrfs loaded, crc32c=crc32c-intel, assert=on, zoned=yes, fsverity=yes
[ 13.481315][ T1] Key type big_key registered
[ 13.489809][ T1] Key type encrypted registered
[ 13.495191][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 13.501677][ T1] Loading compiled-in module X.509 certificates
[ 13.510483][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 327992f6769a077bd3f61b5b84c11a0b7686edca'
[ 13.521562][ T1] ima: Allocated hash algorithm: sha256
[ 13.527593][ T1] ima: No architecture policies found
[ 13.533919][ T1] evm: Initialising EVM extended attributes:
[ 13.540125][ T1] evm: security.selinux (disabled)
[ 13.545284][ T1] evm: security.SMACK64
[ 13.549630][ T1] evm: security.SMACK64EXEC
[ 13.554262][ T1] evm: security.SMACK64TRANSMUTE
[ 13.559359][ T1] evm: security.SMACK64MMAP
[ 13.564258][ T1] evm: security.apparmor (disabled)
[ 13.569451][ T1] evm: security.ima
[ 13.573281][ T1] evm: security.capability
[ 13.577912][ T1] evm: HMAC attrs: 0x1
[ 13.667958][ T1] PM: Magic number: 14:892:568
[ 13.674812][ T1] tty ptyb0: hash matches
[ 13.681749][ T1] printk: console [netcon0] enabled
[ 13.687578][ T1] netconsole: network logging started
[ 13.693813][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 13.702896][ T1] rdma_rxe: loaded
[ 13.707226][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 13.718938][ T1] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 13.728511][ T14] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 13.735610][ T1] ALSA device list:
[ 13.739036][ T14] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 13.742820][ T1] #0: Dummy 1
[ 13.754601][ T1] #1: Loopback 1
[ 13.758445][ T1] #2: Virtual MIDI Card 1
[ 13.766195][ T1] md: Waiting for all devices to be available before autodetect
[ 13.773982][ T1] md: If you don't use raid, use raid=noautodetect
[ 13.780525][ T1] md: Autodetecting RAID arrays.
[ 13.785616][ T1] md: autorun ...
[ 13.789260][ T1] md: ... autorun DONE.
[ 13.851436][ T1] EXT4-fs (sda1): mounted filesystem with ordered data mode. Quota mode: none.
[ 13.860907][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 13.871937][ T1] devtmpfs: mounted
[ 13.933201][ T1] Freeing unused kernel image (initmem) memory: 2532K
[ 13.940276][ T1] Write protecting the kernel read-only data: 188416k
[ 13.952095][ T1] Freeing unused kernel image (text/rodata gap) memory: 2016K
[ 13.961388][ T1] Freeing unused kernel image (rodata/data gap) memory: 968K
[ 13.976834][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 13.986636][ T1] Run /sbin/init as init process
[ 14.016105][ T1] ================================================================================
[ 14.026198][ T1] UBSAN: array-index-out-of-bounds in security/integrity/iint.c:95:2
[ 14.034474][ T1] index -1 is out of range for type 'struct lock_class_key [2]'
[ 14.042117][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428-dirty #0
[ 14.052389][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 14.062467][ T1] Call Trace:
[ 14.066465][ T1] <TASK>
[ 14.069409][ T1] dump_stack_lvl+0x1e3/0x2cb
[ 14.074120][ T1] ? bfq_pos_tree_add_move+0x436/0x436
[ 14.079687][ T1] ? panic+0x76e/0x76e
[ 14.083765][ T1] ? rcu_read_lock_sched_held+0x89/0x130
[ 14.089406][ T1] __ubsan_handle_out_of_bounds+0x107/0x150
[ 14.095337][ T1] integrity_inode_get+0x417/0x420
[ 14.100496][ T1] process_measurement+0x444/0x1c10
[ 14.105745][ T1] ? print_irqtrace_events+0x220/0x220
[ 14.111236][ T1] ? ima_file_mmap+0x1b0/0x1b0
[ 14.116014][ T1] ? kasan_quarantine_put+0xd4/0x230
[ 14.121423][ T1] ? smack_current_getsecid_subj+0x19/0xe0
[ 14.127356][ T1] ima_bprm_check+0x11e/0x2a0
[ 14.132103][ T1] ? ima_file_mprotect+0x510/0x510
[ 14.137259][ T1] ? tomoyo_bprm_check_security+0x115/0x130
[ 14.143150][ T1] ? bpf_lsm_bprm_check_security+0x5/0x10
[ 14.148873][ T1] bprm_execve+0x817/0x1590
[ 14.153386][ T1] ? alloc_bprm+0x3b0/0x3b0
[ 14.157892][ T1] ? alloc_bprm+0x353/0x3b0
[ 14.162394][ T1] kernel_execve+0x8eb/0xa00
[ 14.167065][ T1] kernel_init+0xda/0x2b0
[ 14.171391][ T1] ? rest_init+0x270/0x270
[ 14.175801][ T1] ret_from_fork+0x1f/0x30
[ 14.180231][ T1] </TASK>
[ 14.183787][ T1] ================================================================================
[ 14.193269][ T1] Kernel panic - not syncing: panic_on_warn set ...
[ 14.199850][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc4-syzkaller-00187-g089866061428-dirty #0
[ 14.210167][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
[ 14.220252][ T1] Call Trace:
[ 14.223537][ T1] <TASK>
[ 14.226571][ T1] dump_stack_lvl+0x1e3/0x2cb
[ 14.231355][ T1] ? bfq_pos_tree_add_move+0x436/0x436
[ 14.236810][ T1] ? panic+0x76e/0x76e
[ 14.240957][ T1] ? preempt_schedule_thunk+0x16/0x18
[ 14.246363][ T1] ? vscnprintf+0x59/0x80
[ 14.250705][ T1] panic+0x312/0x76e
[ 14.254604][ T1] ? __ubsan_handle_out_of_bounds+0x12c/0x150
[ 14.260665][ T1] ? fb_is_primary_device+0xcc/0xcc
[ 14.265939][ T1] ? panic+0x76e/0x76e
[ 14.270008][ T1] ? rcu_read_lock_sched_held+0x89/0x130
[ 14.275730][ T1] __ubsan_handle_out_of_bounds+0x14d/0x150
[ 14.281647][ T1] integrity_inode_get+0x417/0x420
[ 14.286807][ T1] process_measurement+0x444/0x1c10
[ 14.292135][ T1] ? print_irqtrace_events+0x220/0x220
[ 14.297831][ T1] ? ima_file_mmap+0x1b0/0x1b0
[ 14.302633][ T1] ? kasan_quarantine_put+0xd4/0x230
[ 14.307994][ T1] ? smack_current_getsecid_subj+0x19/0xe0
[ 14.313918][ T1] ima_bprm_check+0x11e/0x2a0
[ 14.318661][ T1] ? ima_file_mprotect+0x510/0x510
[ 14.323793][ T1] ? tomoyo_bprm_check_security+0x115/0x130
[ 14.329699][ T1] ? bpf_lsm_bprm_check_security+0x5/0x10
[ 14.335526][ T1] bprm_execve+0x817/0x1590
[ 14.340156][ T1] ? alloc_bprm+0x3b0/0x3b0
[ 14.344935][ T1] ? alloc_bprm+0x353/0x3b0
[ 14.349436][ T1] kernel_execve+0x8eb/0xa00
[ 14.354026][ T1] kernel_init+0xda/0x2b0
[ 14.358519][ T1] ? rest_init+0x270/0x270
[ 14.362929][ T1] ret_from_fork+0x1f/0x30
[ 14.367343][ T1] </TASK>
[ 14.370965][ T1] Kernel Offset: disabled
[ 14.375385][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1808995379=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at 1434eec0b
nothing to commit, working tree clean
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1434eec0b84075b7246560cfa89f20cdb3d8077f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220629-111539'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1434eec0b84075b7246560cfa89f20cdb3d8077f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220629-111539'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1434eec0b84075b7246560cfa89f20cdb3d8077f -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220629-111539'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"1434eec0b84075b7246560cfa89f20cdb3d8077f\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=15eb7be0080000
Tested on:
commit: 08986606 Merge tag 'libnvdimm-fixes-5.19-rc5' of git:/..
git tree: http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git
kernel config: https://syzkaller.appspot.com/x/.config?x=75c9ff14e1db87c0
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=13ef70ec080000
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Hillf Danton
Jul 3, 2022, 3:07:28 AM7/3/22
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On Sat, 02 Jul 2022 10:27:30 -0700
See if the proposal [1] is a fix.
[1] https://lore.kernel.org/lkml/23ba225593be391c384109a...@linux.ibm.com/
#syz test http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git 089866061428
--- y/security/integrity/iint.c
+++ i/security/integrity/iint.c
@@ -85,6 +85,17 @@ static void iint_free(struct integrity_i
kmem_cache_free(iint_cache, iint);
}
+static void iint_annotate_mutex_key(struct integrity_iint_cache *iint, struct inode *inode)
+{
+#ifdef CONFIG_LOCKDEP
+ static struct lock_class_key iint_mutex_key[FILESYSTEM_MAX_STACK_DEPTH];
+
+ int depth = inode->i_sb->s_stack_depth;
[1] https://lore.kernel.org/lkml/23ba225593be391c384109a...@linux.ibm.com/
#syz test http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git 089866061428
--- y/security/integrity/iint.c
+++ i/security/integrity/iint.c
@@ -85,6 +85,17 @@ static void iint_free(struct integrity_i
kmem_cache_free(iint_cache, iint);
}
+static void iint_annotate_mutex_key(struct integrity_iint_cache *iint, struct inode *inode)
+{
+#ifdef CONFIG_LOCKDEP
+ static struct lock_class_key iint_mutex_key[FILESYSTEM_MAX_STACK_DEPTH];
+
syzbot
Jul 3, 2022, 3:40:08 AM7/3/22
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+b42fe6...@syzkaller.appspotmail.com
Tested on:
commit: 08986606 Merge tag 'libnvdimm-fixes-5.19-rc5' of git:/..
git tree: http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1479f7fff00000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+b42fe6...@syzkaller.appspotmail.com
Tested on:
commit: 08986606 Merge tag 'libnvdimm-fixes-5.19-rc5' of git:/..
git tree: http://kernel.source.codeaurora.cn/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1479f7fff00000
kernel config: https://syzkaller.appspot.com/x/.config?x=75c9ff14e1db87c0
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11e05fd4080000
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
Mimi Zohar
Jul 5, 2022, 8:53:27 AM7/5/22
to syzbot, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, Hillf Danton
Thank you for the reproducer. This seems to be a similar false
positive as was discussed:
https://lore.kernel.org/linux-unionfs/000000000000c5...@google.com/
thanks,
Mimi
positive as was discussed:
https://lore.kernel.org/linux-unionfs/000000000000c5...@google.com/
thanks,
Mimi
Hillf Danton
Jul 6, 2022, 8:10:51 AM7/6/22
to Mimi Zohar, syzbot, linux-...@vger.kernel.org, linu...@kvack.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com, syzbot, Amir Goldstein, Hillf Danton
On Tue, 05 Jul 2022 08:53:15 -0400 Mimi Zohar wrote:
>
> Thank you for the reproducer. This seems to be a similar false
> positive as was discussed:
> https://lore.kernel.org/linux-unionfs/000000000000c5...@google.com/
>
> thanks,
>
Hi Mimi
>
> Thank you for the reproducer. This seems to be a similar false
> positive as was discussed:
> https://lore.kernel.org/linux-unionfs/000000000000c5...@google.com/
>
> thanks,
>
Please pick up the patch attached if it makes sense to you.
Hillf
From: Hillf Danton <hda...@sina.com>
Subject: [PATCH] integrity: lockdep annotate of iint->mutex
This fixes a reported lockdep splat
CPU0 CPU1
---- ----
lock(&iint->mutex);
lock(sb_writers#4);
lock(&iint->mutex);
lock(sb_writers#4);
*** DEADLOCK ***
Links: https://lore.kernel.org/linux-unionfs/CAOQ4uxjk4XYuwz5HCmN-Ge=Ld=tM1f7ZxVrd5U...@mail.gmail.com/
Reported-and-tested-by: syzbot <syzbot+b42fe6...@syzkaller.appspotmail.com>
Cc: Mimi Zohar <zo...@linux.ibm.com>
Cc: Amir Goldstein <amir...@gmail.com>
Signed-off-by: Hillf Danton <hda...@sina.com>
---
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
Mimi Zohar
Jul 6, 2022, 6:24:40 PM7/6/22
to Hillf Danton, syzbot, linux-...@vger.kernel.org, linu...@kvack.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, mik...@szeredi.hu, syzkall...@googlegroups.com, syzbot, Amir Goldstein
Hi Hillf,g
On Wed, 2022-07-06 at 20:10 +0800, Hillf Danton wrote:
> On Tue, 05 Jul 2022 08:53:15 -0400 Mimi Zohar wrote:
> >
> > Thank you for the reproducer. This seems to be a similar false
> > positive as was discussed:
> > https://lore.kernel.org/linux-unionfs/000000000000c5...@google.com/
> >
> > thanks,
> >
>
> Hi Mimi
>
> Please pick up the patch attached if it makes sense to you.
The patch itself looks good, but missing from the patch description is
an indication that the lockdep warning is a false positive. Perhaps
add a "Suggested-by" line crediting Amir. I'd appreciate your posting
the patch on the mailing list.
thanks!
Mimi
On Wed, 2022-07-06 at 20:10 +0800, Hillf Danton wrote:
> On Tue, 05 Jul 2022 08:53:15 -0400 Mimi Zohar wrote:
> >
> > Thank you for the reproducer. This seems to be a similar false
> > positive as was discussed:
> > https://lore.kernel.org/linux-unionfs/000000000000c5...@google.com/
> >
> > thanks,
> >
>
> Hi Mimi
>
> Please pick up the patch attached if it makes sense to you.
an indication that the lockdep warning is a false positive. Perhaps
add a "Suggested-by" line crediting Amir. I'd appreciate your posting
the patch on the mailing list.
thanks!
Mimi
Miklos Szeredi
Jun 6, 2023, 5:12:37 AM6/6/23
to syzbot, syzkall...@googlegroups.com, linux-integrity, overlayfs
#syz set subsystems: intergrity, overlayfs
syzbot
Oct 4, 2023, 12:45:39 PM10/4/23
to amir...@gmail.com, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, zo...@linux.ibm.com, zo...@us.ibm.com
syzbot has bisected this issue to:
commit 708fa01597fa002599756bf56a96d0de1677375c
Author: Miklos Szeredi <msze...@redhat.com>
Date: Mon Apr 12 10:00:37 2021 +0000
ovl: allow upperdir inside lowerdir
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17ad11b2680000
start commit: 3aba70aed91f Merge tag 'gpio-fixes-for-v6.6-rc3' of git://..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=146d11b2680000
console output: https://syzkaller.appspot.com/x/log.txt?x=106d11b2680000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4ca82a1bedd37e4
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1304fba6680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13cec0dc680000
Reported-by: syzbot+b42fe6...@syzkaller.appspotmail.com
Fixes: 708fa01597fa ("ovl: allow upperdir inside lowerdir")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 708fa01597fa002599756bf56a96d0de1677375c
Author: Miklos Szeredi <msze...@redhat.com>
Date: Mon Apr 12 10:00:37 2021 +0000
ovl: allow upperdir inside lowerdir
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17ad11b2680000
start commit: 3aba70aed91f Merge tag 'gpio-fixes-for-v6.6-rc3' of git://..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=146d11b2680000
console output: https://syzkaller.appspot.com/x/log.txt?x=106d11b2680000
kernel config: https://syzkaller.appspot.com/x/.config?x=e4ca82a1bedd37e4
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1304fba6680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13cec0dc680000
Reported-by: syzbot+b42fe6...@syzkaller.appspotmail.com
Fixes: 708fa01597fa ("ovl: allow upperdir inside lowerdir")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Amir Goldstein
Oct 5, 2023, 5:36:16 AM10/5/23
to syzbot, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, zo...@linux.ibm.com, zo...@us.ibm.com
syzbot
Oct 5, 2023, 5:59:31 AM10/5/23
to amir...@gmail.com, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, zo...@linux.ibm.com, zo...@us.ibm.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
.11
syzbot tried to test the proposed patch but the build/boot failed:
[ 11.711476][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 11.717652][ T1] Bluetooth: BNEP filters: protocol multicast
[ 11.723764][ T1] Bluetooth: BNEP socket layer initialized
[ 11.729798][ T1] Bluetooth: CMTP (CAPI Emulation) ver 1.0
[ 11.735800][ T1] Bluetooth: CMTP socket layer initialized
[ 11.741657][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 11.748518][ T1] Bluetooth: HIDP socket layer initialized
[ 11.758808][ T1] NET: Registered PF_RXRPC protocol family
[ 11.764714][ T1] Key type rxrpc registered
[ 11.769426][ T1] Key type rxrpc_s registered
[ 11.774975][ T1] NET: Registered PF_KCM protocol family
[ 11.781399][ T1] lec:lane_module_init: lec.c: initialized
[ 11.787210][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 11.793325][ T1] l2tp_core: L2TP core driver, V2.0
[ 11.798593][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 11.804282][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 11.810911][ T1] l2tp_netlink: L2TP netlink interface
[ 11.816532][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 11.823862][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 11.831528][ T1] NET: Registered PF_PHONET protocol family
[ 11.837777][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 11.855888][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 11.861493][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 11.868489][ T1] DCCP is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 11.879600][ T1] sctp: Hash tables configured (bind 32/56)
[ 11.886970][ T1] NET: Registered PF_RDS protocol family
[ 11.893414][ T1] Registered RDS/infiniband transport
[ 11.900057][ T1] Registered RDS/tcp transport
[ 11.904815][ T1] tipc: Activated (version 2.0.0)
[ 11.910959][ T1] NET: Registered PF_TIPC protocol family
[ 11.917541][ T1] tipc: Started in single node mode
[ 11.923606][ T1] NET: Registered PF_SMC protocol family
[ 11.929592][ T1] 9pnet: Installing 9P2000 support
[ 11.935356][ T1] NET: Registered PF_CAIF protocol family
[ 11.948223][ T1] NET: Registered PF_IEEE802154 protocol family
[ 11.954672][ T1] Key type dns_resolver registered
[ 11.959869][ T1] Key type ceph registered
[ 11.964886][ T1] libceph: loaded (mon/osd proto 15/24)
[ 11.971970][ T1] batman_adv: B.A.T.M.A.N. advanced 2023.3 (compatibility version 15) loaded
[ 11.981263][ T1] openvswitch: Open vSwitch switching datapath
[ 11.991164][ T1] NET: Registered PF_VSOCK protocol family
[ 11.997270][ T1] mpls_gso: MPLS GSO support
[ 12.019850][ T1] IPI shorthand broadcast: enabled
[ 12.025183][ T1] AVX2 version of gcm_enc/dec engaged.
[ 12.031096][ T1] AES CTR mode by8 optimization enabled
[ 13.986311][ T1] sched_clock: Marking stable (13940030159, 37368238)->(13987518566, -10120169)
[ 14.000622][ T1] registered taskstats version 1
[ 14.020069][ T1] Loading compiled-in X.509 certificates
[ 14.031543][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 2d553f2396bceba4be328de3fad0b481a51ca3cf'
[ 14.045807][ T1] zswap: loaded using pool lzo/zbud
[ 14.257081][ T1] debug_vm_pgtable: [debug_vm_pgtable ]: Validating architecture page table helpers
[ 16.606589][ T1] Key type .fscrypt registered
[ 16.611425][ T1] Key type fscrypt-provisioning registered
[ 16.624007][ T1] kAFS: Red Hat AFS client v0.1 registering.
[ 16.646715][ T1] Btrfs loaded, assert=on, ref-verify=on, zoned=yes, fsverity=yes
[ 16.656542][ T1] Key type big_key registered
[ 16.664108][ T1] Key type encrypted registered
[ 16.669211][ T1] ima: No TPM chip found, activating TPM-bypass!
[ 16.675572][ T1] Loading compiled-in module X.509 certificates
[ 16.684589][ T1] Loaded X.509 cert 'Build time autogenerated kernel key: 2d553f2396bceba4be328de3fad0b481a51ca3cf'
[ 16.695647][ T1] ima: Allocated hash algorithm: sha256
[ 16.701654][ T1] ima: No architecture policies found
[ 16.707848][ T1] evm: Initialising EVM extended attributes:
[ 16.714189][ T1] evm: security.selinux (disabled)
[ 16.719369][ T1] evm: security.SMACK64
[ 16.723503][ T1] evm: security.SMACK64EXEC
[ 16.728365][ T1] evm: security.SMACK64TRANSMUTE
[ 16.733278][ T1] evm: security.SMACK64MMAP
[ 16.737801][ T1] evm: security.apparmor (disabled)
[ 16.742978][ T1] evm: security.ima
[ 16.746763][ T1] evm: security.capability
[ 16.751272][ T1] evm: HMAC attrs: 0x1
[ 16.757582][ T1] PM: Magic number: 11:141:828
[ 16.762692][ T1] video4linux v4l-touch6: hash matches
[ 16.768621][ T1] tty ptyt8: hash matches
[ 16.772947][ T1] tty ptyqb: hash matches
[ 16.779976][ T1] printk: console [netcon0] enabled
[ 16.785201][ T1] netconsole: network logging started
[ 16.791177][ T1] gtp: GTP module loaded (pdp ctx size 104 bytes)
[ 16.799026][ T1] rdma_rxe: loaded
[ 16.803522][ T1] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 16.814312][ T1] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
[ 16.821808][ T1] clk: Disabling unused clocks
[ 16.822972][ T2520] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 16.826718][ T1] ALSA device list:
[ 16.836181][ T2520] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 16.849196][ T1] #0: Dummy 1
[ 16.852687][ T1] #1: Loopback 1
[ 16.856406][ T1] #2: Virtual MIDI Card 1
[ 16.864429][ T1] md: Waiting for all devices to be available before autodetect
[ 16.872287][ T1] md: If you don't use raid, use raid=noautodetect
[ 16.878935][ T1] md: Autodetecting RAID arrays.
[ 16.883975][ T1] md: autorun ...
[ 16.887676][ T1] md: ... autorun DONE.
[ 16.961157][ T1] EXT4-fs (sda1): mounted filesystem 5941fea2-f5fa-4b4e-b5ef-9af118b27b95 ro with ordered data mode. Quota mode: none.
[ 16.973957][ T1] VFS: Mounted root (ext4 filesystem) readonly on device 8:1.
[ 17.007193][ T1] devtmpfs: mounted
[ 17.026225][ T1] Freeing unused kernel image (initmem) memory: 2884K
[ 17.033318][ T1] Write protecting the kernel read-only data: 196608k
[ 17.044849][ T1] Freeing unused kernel image (rodata/data gap) memory: 1780K
[ 17.152701][ T1] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 17.165765][ T1] Failed to set sysctl parameter 'max_rcu_stall_to_panic=1': parameter not found
[ 17.175611][ T1] Run /sbin/init as init process
[ 17.221897][ T1] ------------[ cut here ]------------
[ 17.227549][ T1] WARNING: CPU: 1 PID: 1 at security/integrity/iint.c:85 integrity_inode_get+0x499/0x580
[ 17.237529][ T1] Modules linked in:
[ 17.241431][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc4-syzkaller-00001-g79be50b1a644 #0
[ 17.251093][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 17.261192][ T1] RIP: 0010:integrity_inode_get+0x499/0x580
[ 17.267086][ T1] Code: eb 11 e8 ba 30 8c fd 48 c7 c7 60 e4 92 8d e8 be 1e d6 06 4c 89 e0 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 97 30 8c fd <0f> 0b 31 db e9 b0 fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
[ 17.287095][ T1] RSP: 0000:ffffc900000678f0 EFLAGS: 00010293
[ 17.293214][ T1] RAX: ffffffff8401db19 RBX: 00000000ffffffff RCX: ffff888015e58000
[ 17.301239][ T1] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000001
[ 17.309277][ T1] RBP: ffff88801db8aad8 R08: ffffffff8401d8c4 R09: 0000000000000000
[ 17.317271][ T1] R10: ffff88802871d088 R11: ffffed10050e3a13 R12: ffff88802871d000
[ 17.325268][ T1] R13: ffff88802871d0d0 R14: dffffc0000000000 R15: ffff88801db8aab0
[ 17.333277][ T1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 17.342239][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 17.348852][ T1] CR2: 0000000000000000 CR3: 000000000d130000 CR4: 00000000003506e0
[ 17.356912][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 17.364907][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 17.372924][ T1] Call Trace:
[ 17.376200][ T1] <TASK>
[ 17.379331][ T1] ? __warn+0x162/0x4a0
[ 17.383486][ T1] ? integrity_inode_get+0x499/0x580
[ 17.388813][ T1] ? report_bug+0x2b3/0x500
[ 17.393312][ T1] ? integrity_inode_get+0x499/0x580
[ 17.398712][ T1] ? handle_bug+0x3d/0x70
[ 17.403043][ T1] ? exc_invalid_op+0x1a/0x50
[ 17.407747][ T1] ? asm_exc_invalid_op+0x1a/0x20
[ 17.412768][ T1] ? integrity_inode_get+0x244/0x580
[ 17.418159][ T1] ? integrity_inode_get+0x499/0x580
[ 17.423885][ T1] ? integrity_inode_get+0x499/0x580
[ 17.429210][ T1] process_measurement+0x44d/0x1cf0
[ 17.434430][ T1] ? ima_file_mmap+0x2b0/0x2b0
[ 17.439238][ T1] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 17.445312][ T1] ? print_irqtrace_events+0x220/0x220
[ 17.450839][ T1] ? smack_current_getsecid_subj+0x22/0xf0
[ 17.456665][ T1] ima_bprm_check+0x128/0x2b0
[ 17.461376][ T1] ? ima_file_mprotect+0x630/0x630
[ 17.466596][ T1] ? tomoyo_bprm_check_security+0x157/0x170
[ 17.472718][ T1] ? bpf_lsm_bprm_check_security+0x9/0x10
[ 17.478532][ T1] bprm_execve+0x8c7/0x17c0
[ 17.483078][ T1] ? alloc_bprm+0x900/0x900
[ 17.487748][ T1] ? copy_string_kernel+0x1c9/0x1f0
[ 17.492960][ T1] kernel_execve+0x8ea/0xa10
[ 17.497605][ T1] ? rest_init+0x300/0x300
[ 17.502038][ T1] kernel_init+0xde/0x2a0
[ 17.506364][ T1] ret_from_fork+0x48/0x80
[ 17.510808][ T1] ? rest_init+0x300/0x300
[ 17.515229][ T1] ret_from_fork_asm+0x11/0x20
[ 17.520045][ T1] </TASK>
[ 17.523071][ T1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 17.530373][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc4-syzkaller-00001-g79be50b1a644 #0
[ 17.540081][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 17.550128][ T1] Call Trace:
[ 17.553400][ T1] <TASK>
[ 17.556320][ T1] dump_stack_lvl+0x1e7/0x2d0
[ 17.561004][ T1] ? nf_tcp_handle_invalid+0x650/0x650
[ 17.566476][ T1] ? panic+0x770/0x770
[ 17.570546][ T1] ? vscnprintf+0x5d/0x80
[ 17.574964][ T1] panic+0x30f/0x770
[ 17.578877][ T1] ? __warn+0x171/0x4a0
[ 17.583027][ T1] ? __memcpy_flushcache+0x2b0/0x2b0
[ 17.588307][ T1] ? ret_from_fork_asm+0x11/0x20
[ 17.593262][ T1] __warn+0x314/0x4a0
[ 17.597275][ T1] ? integrity_inode_get+0x499/0x580
[ 17.602597][ T1] report_bug+0x2b3/0x500
[ 17.606935][ T1] ? integrity_inode_get+0x499/0x580
[ 17.612218][ T1] handle_bug+0x3d/0x70
[ 17.616365][ T1] exc_invalid_op+0x1a/0x50
[ 17.620862][ T1] asm_exc_invalid_op+0x1a/0x20
[ 17.625711][ T1] RIP: 0010:integrity_inode_get+0x499/0x580
[ 17.631598][ T1] Code: eb 11 e8 ba 30 8c fd 48 c7 c7 60 e4 92 8d e8 be 1e d6 06 4c 89 e0 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 97 30 8c fd <0f> 0b 31 db e9 b0 fd ff ff 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c
[ 17.651202][ T1] RSP: 0000:ffffc900000678f0 EFLAGS: 00010293
[ 17.657365][ T1] RAX: ffffffff8401db19 RBX: 00000000ffffffff RCX: ffff888015e58000
[ 17.665448][ T1] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000001
[ 17.673405][ T1] RBP: ffff88801db8aad8 R08: ffffffff8401d8c4 R09: 0000000000000000
[ 17.681392][ T1] R10: ffff88802871d088 R11: ffffed10050e3a13 R12: ffff88802871d000
[ 17.689449][ T1] R13: ffff88802871d0d0 R14: dffffc0000000000 R15: ffff88801db8aab0
[ 17.697440][ T1] ? integrity_inode_get+0x244/0x580
[ 17.702744][ T1] ? integrity_inode_get+0x499/0x580
[ 17.708088][ T1] process_measurement+0x44d/0x1cf0
[ 17.713299][ T1] ? ima_file_mmap+0x2b0/0x2b0
[ 17.718152][ T1] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 17.724212][ T1] ? print_irqtrace_events+0x220/0x220
[ 17.729771][ T1] ? smack_current_getsecid_subj+0x22/0xf0
[ 17.735568][ T1] ima_bprm_check+0x128/0x2b0
[ 17.740240][ T1] ? ima_file_mprotect+0x630/0x630
[ 17.745342][ T1] ? tomoyo_bprm_check_security+0x157/0x170
[ 17.751221][ T1] ? bpf_lsm_bprm_check_security+0x9/0x10
[ 17.756946][ T1] bprm_execve+0x8c7/0x17c0
[ 17.761458][ T1] ? alloc_bprm+0x900/0x900
[ 17.765952][ T1] ? copy_string_kernel+0x1c9/0x1f0
[ 17.771134][ T1] kernel_execve+0x8ea/0xa10
[ 17.775738][ T1] ? rest_init+0x300/0x300
[ 17.780153][ T1] kernel_init+0xde/0x2a0
[ 17.784472][ T1] ret_from_fork+0x48/0x80
[ 17.788876][ T1] ? rest_init+0x300/0x300
[ 17.793276][ T1] ret_from_fork_asm+0x11/0x20
[ 17.798036][ T1] </TASK>
[ 17.801282][ T1] Kernel Offset: disabled
[ 17.805673][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3394607480=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
make .descriptions
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=0b6a67ac4b0dc26f43030c5edd01c9175f13b784 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230913-073137'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"0b6a67ac4b0dc26f43030c5edd01c9175f13b784\"
Error text is too large and was truncated, full error text is at:
Tested on:
commit: 79be50b1 ima: annotate iint mutex to avoid lockdep fal..
git tree: https://github.com/amir73il/linux ima-ovl-fix
kernel config: https://syzkaller.appspot.com/x/.config?x=57da1ac039c4c78a
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
Amir Goldstein
Oct 5, 2023, 6:26:18 AM10/5/23
to syzbot, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, zo...@linux.ibm.com, zo...@us.ibm.com
On Thu, Oct 5, 2023 at 12:59 PM syzbot
<syzbot+b42fe6...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
My mistake. Please try again:
<syzbot+b42fe6...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
syzbot
Oct 5, 2023, 6:46:30 AM10/5/23
to amir...@gmail.com, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk, zo...@linux.ibm.com, zo...@us.ibm.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+b42fe6...@syzkaller.appspotmail.com
Tested on:
commit: 42555f30 ima: annotate iint mutex to avoid lockdep fal..
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+b42fe6...@syzkaller.appspotmail.com
Tested on:
git tree: https://github.com/amir73il/linux ima-ovl-fix
console output: https://syzkaller.appspot.com/x/log.txt?x=16889486680000
kernel config: https://syzkaller.appspot.com/x/.config?x=57da1ac039c4c78a
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
dashboard link: https://syzkaller.appspot.com/bug?extid=b42fe626038981fb7bfa
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
Mimi Zohar
Oct 5, 2023, 9:14:13 AM10/5/23
to Amir Goldstein, syzbot, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
initialization lines 161-166 were dropped. They're needed by IMA-
appraisal for signature verification.
iint->ima_file_status = INTEGRITY_UNKNOWN;
iint->ima_mmap_status = INTEGRITY_UNKNOWN;
iint->ima_bprm_status = INTEGRITY_UNKNOWN;
iint->ima_read_status = INTEGRITY_UNKNOWN;
iint->ima_creds_status = INTEGRITY_UNKNOWN;
iint->evm_status = INTEGRITY_UNKNOWN;
Amir Goldstein
Oct 5, 2023, 9:22:33 AM10/5/23
to Mimi Zohar, syzbot, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
They are not needed there because there are now set
in every iint allocation in iint_init_always()
instead of being set in iint_free()
This is the standard practice for slab objects.
See inode_init_once()/inode_init_always().
Thanks,
Amir.
Mimi Zohar
Oct 5, 2023, 9:41:51 AM10/5/23
to Amir Goldstein, hda...@sina.com, linux-...@vger.kernel.org, linux-i...@vger.kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, linux-...@vger.kernel.org, mik...@szeredi.hu, msze...@redhat.com, syz...@syzkalhler.appspotmail.com, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
looks good.
Mimi
Reply all
Reply to author
Forward
0 new messages