[Peilin Ye]

From 14092ec408328bd00f4a5bb06997ac0bd8cbe7c4 Mon Sep 17 00:00:00 2001
From: Peilin Ye <peil...@bytedance.com>
Date: Tue, 13 Sep 2022 17:52:36 -0700
Subject: [PATCH] btf: Fix WARNING

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

Signed-off-by: Peilin Ye <peil...@bytedance.com>
---
kernel/bpf/btf.c | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 903719b89238..cad4657ba2ce 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -674,6 +674,21 @@ static bool btf_type_has_size(const struct btf_type *t)
return false;
}

+/* t->name_off can be non-zero */
+static bool btf_type_has_name(const struct btf_type *t)
+{
+ switch (BTF_INFO_KIND(t->info)) {
+ case BTF_KIND_ARRAY:
+ case BTF_KIND_VOLATILE:
+ case BTF_KIND_CONST:
+ case BTF_KIND_RESTRICT:
+ case BTF_KIND_FUNC_PROTO:
+ return false;
+ }
+
+ return true;
+}
+
static const char *btf_int_encoding_str(u8 encoding)
{
if (encoding == 0)
@@ -2495,11 +2510,6 @@ static int btf_ref_type_check_meta(struct btf_verifier_env *env,
btf_verifier_log_type(env, t, "Invalid name");
return -EINVAL;
}
- } else {
- if (t->name_off) {
- btf_verifier_log_type(env, t, "Invalid name");
- return -EINVAL;
- }
}

btf_verifier_log_type(env, t, NULL);
@@ -2800,12 +2810,6 @@ static s32 btf_array_check_meta(struct btf_verifier_env *env,
return -EINVAL;
}

- /* array type should not have a name */
- if (t->name_off) {
- btf_verifier_log_type(env, t, "Invalid name");
- return -EINVAL;
- }
-
if (btf_type_vlen(t)) {
btf_verifier_log_type(env, t, "vlen != 0");
return -EINVAL;
@@ -3896,11 +3900,6 @@ static s32 btf_func_proto_check_meta(struct btf_verifier_env *env,
return -EINVAL;
}

- if (t->name_off) {
- btf_verifier_log_type(env, t, "Invalid name");
- return -EINVAL;
- }
-
if (btf_type_kflag(t)) {
btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
return -EINVAL;
@@ -4579,6 +4578,12 @@ static s32 btf_check_meta(struct btf_verifier_env *env,
return -EINVAL;
}

+ if (!btf_type_has_name(t) && t->name_off) {
+ btf_verifier_log(env, "[%u] %s kind should not have a name",
+ env->log_type_id, btf_type_str(t));
+ return -EINVAL;
+ }
+
if (!btf_name_offset_valid(env->btf, t->name_off)) {
btf_verifier_log(env, "[%u] Invalid name_offset:%u",
env->log_type_id, t->name_off);
--
2.20.1

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+8b2a08...@syzkaller.appspotmail.com

Tested on:

commit: d1221cea Merge tag 'pull-fixes' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1664d3af080000
kernel config: https://syzkaller.appspot.com/x/.config?x=21f69a9380d79ca9
dashboard link: https://syzkaller.appspot.com/bug?extid=8b2a08dfbd25fd933d75
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=13035ce8880000

Note: testing is done by a robot and is best-effort only.

[Peilin Ye]

From 54784a72aa48fa3c8e1f08114d674a2d2d2d5140 Mon Sep 17 00:00:00 2001
From: Peilin Ye <peil...@bytedance.com>
Date: Fri, 16 Sep 2022 14:38:40 -0700
Subject: [PATCH] test

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

Signed-off-by: Peilin Ye <peil...@bytedance.com>
---

kernel/bpf/btf.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index b3940c605aac..0f4090837908 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -1410,14 +1410,15 @@ __printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,
if (log->level == BPF_LOG_KERNEL && !fmt)
return;

- __btf_verifier_log(log, "[%u] %s %s%s",
+ __btf_verifier_log(log, "[%u] %s",
env->log_type_id,
- btf_type_str(t),
- __btf_name_by_offset(btf, t->name_off),
- log_details ? " " : "");
+ btf_type_str(t));

- if (log_details)
+ if (log_details) {
+ __btf_verifier_log(log, " %s",
+ __btf_name_by_offset(btf, t->name_off));
btf_type_ops(t)->log_details(env, t);
+ }

if (fmt && *fmt) {
__btf_verifier_log(log, " ");
@@ -3897,7 +3898,7 @@ static s32 btf_func_proto_check_meta(struct btf_verifier_env *env,

}

if (t->name_off) {
- btf_verifier_log_type(env, t, "Invalid name");

+ btf_verifier_log_basic(env, t, "Should not have a name");
return -EINVAL;
}

--
2.20.1

[Peilin Ye]

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
checking file kernel/bpf/btf.c
patch: **** unexpected end of file in patch



Tested on:

commit: a335366b Merge tag 'gpio-fixes-for-v6.0-rc6' of git://..
git tree: upstream

dashboard link: https://syzkaller.appspot.com/bug?extid=8b2a08dfbd25fd933d75
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=1011ded8880000

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
checking file kernel/bpf/btf.c

Hunk #1 FAILED at 1410.
1 out of 2 hunks FAILED

Tested on:

commit: a335366b Merge tag 'gpio-fixes-for-v6.0-rc6' of git://..
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=8b2a08dfbd25fd933d75
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=169c5144880000

[Peilin Ye]

From 15b7404bdcf996234803f7d51497de8420d52a04 Mon Sep 17 00:00:00 2001
From: Peilin Ye <peil...@bytedance.com>
Date: Fri, 16 Sep 2022 13:28:00 -0700
Subject: [PATCH] bpf/btf: fix

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master

Signed-off-by: Peilin Ye <peil...@bytedance.com>
---

kernel/bpf/btf.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 98be25d13325..0f4090837908 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -1397,7 +1397,6 @@ __printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,
const char *fmt, ...)
{
struct bpf_verifier_log *log = &env->log;
- u8 kind = BTF_INFO_KIND(t->info);
struct btf *btf = env->btf;
va_list args;

@@ -1411,14 +1410,15 @@ __printf(4, 5) static void __btf_verifier_log_type(struct btf_verifier_env *env,

if (log->level == BPF_LOG_KERNEL && !fmt)
return;

- __btf_verifier_log(log, "[%u] %s %s%s",
+ __btf_verifier_log(log, "[%u] %s",
env->log_type_id,

- btf_kind_str[kind],

- __btf_name_by_offset(btf, t->name_off),
- log_details ? " " : "");
+ btf_type_str(t));

- if (log_details)
+ if (log_details) {
+ __btf_verifier_log(log, " %s",
+ __btf_name_by_offset(btf, t->name_off));
btf_type_ops(t)->log_details(env, t);
+ }

if (fmt && *fmt) {
__btf_verifier_log(log, " ");

@@ -3898,7 +3898,7 @@ static s32 btf_func_proto_check_meta(struct btf_verifier_env *env,

}

if (t->name_off) {
- btf_verifier_log_type(env, t, "Invalid name");
+ btf_verifier_log_basic(env, t, "Should not have a name");
return -EINVAL;
}

@@ -5427,7 +5427,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
if (!btf_type_is_small_int(t)) {
bpf_log(log,
"ret type %s not allowed for fmod_ret\n",
- btf_kind_str[BTF_INFO_KIND(t->info)]);
+ btf_type_str(t));
return false;
}
break;
@@ -5454,7 +5454,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
"func '%s' arg%d '%s' has type %s. Only pointer access is allowed\n",
tname, arg,
__btf_name_by_offset(btf, t->name_off),
- btf_kind_str[BTF_INFO_KIND(t->info)]);
+ btf_type_str(t));
return false;
}

@@ -5538,11 +5538,11 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
if (!btf_type_is_struct(t)) {
bpf_log(log,
"func '%s' arg%d type %s is not a struct\n",
- tname, arg, btf_kind_str[BTF_INFO_KIND(t->info)]);
+ tname, arg, btf_type_str(t));
return false;
}
bpf_log(log, "func '%s' arg%d has btf_id %d type %s '%s'\n",
- tname, arg, info->btf_id, btf_kind_str[BTF_INFO_KIND(t->info)],
+ tname, arg, info->btf_id, btf_type_str(t),
__btf_name_by_offset(btf, t->name_off));
return true;
}
@@ -5950,7 +5950,7 @@ int btf_distill_func_proto(struct bpf_verifier_log *log,
if (ret < 0 || __btf_type_is_struct(t)) {
bpf_log(log,
"The function %s return type %s is unsupported.\n",
- tname, btf_kind_str[BTF_INFO_KIND(t->info)]);
+ tname, btf_type_str(t));
return -EINVAL;
}
m->ret_size = ret;
@@ -5968,7 +5968,7 @@ int btf_distill_func_proto(struct bpf_verifier_log *log,
if (ret < 0 || ret > 16) {
bpf_log(log,
"The function %s arg%d type %s is unsupported.\n",
- tname, i, btf_kind_str[BTF_INFO_KIND(t->info)]);
+ tname, i, btf_type_str(t));
return -EINVAL;
}
if (ret == 0) {
@@ -6727,7 +6727,7 @@ int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog,
continue;
}
bpf_log(log, "Arg#%d type %s in %s() is not supported yet.\n",
- i, btf_kind_str[BTF_INFO_KIND(t->info)], tname);
+ i, btf_type_str(t), tname);
return -EINVAL;
}
return 0;
--
2.20.1

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+8b2a08...@syzkaller.appspotmail.com

Tested on:

commit: dc567045 libbpf: Clean up legacy bpf maps declaration ..
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=10adb9d8880000
kernel config: https://syzkaller.appspot.com/x/.config?x=d5eefee9f402f52d
dashboard link: https://syzkaller.appspot.com/bug?extid=8b2a08dfbd25fd933d75

compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

patch: https://syzkaller.appspot.com/x/patch.diff?x=16558c6f080000

[Peilin Ye]

From 65831414869cd5da4af6b40c2fcfd8cf2f9def3c Mon Sep 17 00:00:00 2001
From: Peilin Ye <peil...@bytedance.com>
Date: Tue, 20 Sep 2022 17:23:12 -0700
Subject: [PATCH] Fix memleak

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

Signed-off-by: Peilin Ye <peil...@bytedance.com>
---

drivers/net/usb/usbnet.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index aaa89b4cfd50..bb8803168002 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1448,6 +1448,7 @@ netdev_tx_t usbnet_start_xmit (struct sk_buff *skb,
usb_put_urb(urb);
spin_unlock_irqrestore(&dev->txq.lock, flags);
netdev_dbg(dev->net, "Delaying transmission for resumption\n");
+ dev_kfree_skb_any(skb);
goto deferred;
}
#endif
--
2.20.1

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+dcd3e1...@syzkaller.appspotmail.com

Tested on:

commit: 60891ec9 Merge tag 'for-6.0-rc6-tag' of git://git.kern..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=150a8dd5080000
kernel config: https://syzkaller.appspot.com/x/.config?x=3a17ef673fa12765
dashboard link: https://syzkaller.appspot.com/bug?extid=dcd3e13cf4472f2e0ba1

compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

patch: https://syzkaller.appspot.com/x/patch.diff?x=119e2618880000

[Peilin Ye]

From a397648fc0d90531896efa74895e76d42bed7859 Mon Sep 17 00:00:00 2001
From: Peilin Ye <peil...@bytedance.com>
Date: Tue, 20 Sep 2022 23:23:39 -0700
Subject: [PATCH] Fix

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

Signed-off-by: Peilin Ye <peil...@bytedance.com>
---

drivers/usb/core/urb.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/drivers/usb/core/urb.c b/drivers/usb/core/urb.c
index 33d62d7e3929..666626580a9b 100644
--- a/drivers/usb/core/urb.c
+++ b/drivers/usb/core/urb.c
@@ -12,6 +12,7 @@
#include <linux/wait.h>
#include <linux/usb/hcd.h>
#include <linux/scatterlist.h>
+#include <linux/netdevice.h>

#define to_urb(d) container_of(d, struct urb, kref)

@@ -1019,6 +1020,7 @@ void usb_scuttle_anchored_urbs(struct usb_anchor *anchor)
{
struct urb *victim;
unsigned long flags;
+ struct sk_buff *skb;
int surely_empty;

do {
@@ -1026,6 +1028,9 @@ void usb_scuttle_anchored_urbs(struct usb_anchor *anchor)
while (!list_empty(&anchor->urb_list)) {
victim = list_entry(anchor->urb_list.prev,
struct urb, anchor_list);
+ skb = victim->context;
+ if (skb)
+ dev_kfree_skb_any(skb);
__usb_unanchor_urb(victim, anchor);
}
surely_empty = usb_anchor_check_wakeup(anchor);
--
2.20.1

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+dcd3e1...@syzkaller.appspotmail.com

Tested on:

commit: 60891ec9 Merge tag 'for-6.0-rc6-tag' of git://git.kern..
git tree: upstream

console output: https://syzkaller.appspot.com/x/log.txt?x=126481cf080000

kernel config: https://syzkaller.appspot.com/x/.config?x=3a17ef673fa12765
dashboard link: https://syzkaller.appspot.com/bug?extid=dcd3e13cf4472f2e0ba1
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

patch: https://syzkaller.appspot.com/x/patch.diff?x=13b3f1cf080000

[Peilin Ye]

From 3efa1073021a4a75698bb4700b827690479813f4 Mon Sep 17 00:00:00 2001
From: Peilin Ye <peil...@bytedance.com>
Date: Thu, 22 Sep 2022 16:11:04 -0700
Subject: [PATCH] usbnet: Fix memory leak

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

Signed-off-by: Peilin Ye <peil...@bytedance.com>
---

drivers/net/usb/usbnet.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index fd399a8ed973..64a9a80b2309 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1598,6 +1598,7 @@ void usbnet_disconnect (struct usb_interface *intf)
struct usbnet *dev;
struct usb_device *xdev;
struct net_device *net;
+ struct urb *urb;

dev = usb_get_intfdata(intf);
usb_set_intfdata(intf, NULL);
@@ -1614,7 +1615,11 @@ void usbnet_disconnect (struct usb_interface *intf)
net = dev->net;
unregister_netdev (net);

- usb_scuttle_anchored_urbs(&dev->deferred);
+ while ((urb = usb_get_from_anchor(&dev->deferred))) {
+ dev_kfree_skb(urb->context);
+ kfree(urb->sg);
+ usb_free_urb(urb);
+ }

if (dev->driver_info->unbind)
dev->driver_info->unbind(dev, intf);
--
2.20.1

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+dcd3e1...@syzkaller.appspotmail.com

Tested on:

commit: bf682942 Merge tag 'scsi-fixes' of git://git.kernel.or..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16b720df080000

kernel config: https://syzkaller.appspot.com/x/.config?x=3a17ef673fa12765
dashboard link: https://syzkaller.appspot.com/bug?extid=dcd3e13cf4472f2e0ba1
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

patch: https://syzkaller.appspot.com/x/patch.diff?x=15411c88880000

[Dongliang Mu]

#syz fix: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
--
My best regards to you.

No System Is Safe!
Dongliang Mu

[Dongliang Mu]

#syz unfix

[Dongliang Mu]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

[Dongliang Mu]

#syz dup: UBSAN: shift-out-of-bounds in dbAllocAG

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

fs/jfs/jfs_dmap.c:174:3: error: label 'err_kfree_bmp' used but not defined


Tested on:

commit: c3e0e1e2 Merge tag 'irq_urgent_for_v6.0' of git://git...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --
dashboard link: https://syzkaller.appspot.com/bug?extid=15342c1aa6a00fb7a438

compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

patch: https://syzkaller.appspot.com/x/patch.diff?x=1492b7f8880000

[Dongliang Mu]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-and-tested-by: syzbot+15342c...@syzkaller.appspotmail.com

Tested on:

commit: c3e0e1e2 Merge tag 'irq_urgent_for_v6.0' of git://git...
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --

console output: https://syzkaller.appspot.com/x/log.txt?x=1556f824880000
kernel config: https://syzkaller.appspot.com/x/.config?x=755695d26ad09807

dashboard link: https://syzkaller.appspot.com/bug?extid=15342c1aa6a00fb7a438
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2

patch: https://syzkaller.appspot.com/x/patch.diff?x=1540e8f4880000

[syzbot]

> #syz test: https://github.com/Paragon-Software-Group/linux-ntfs3.git master

This crash does not have a reproducer. I cannot test it.

[Dongliang Mu]

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

asset storage also requires dashboard client

syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.17"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build1859859021=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)
HEAD detached at feb563518
nothing to commit, working tree clean


go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=feb5635181eb12a6e3516172a3f5af06a3bc93e1 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220930-160315'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=feb5635181eb12a6e3516172a3f5af06a3bc93e1 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220930-160315'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=feb5635181eb12a6e3516172a3f5af06a3bc93e1 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20220930-160315'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"feb5635181eb12a6e3516172a3f5af06a3bc93e1\"



Tested on:

commit: 725737e7 Merge tag 'statx-dioalign-for-linus' of git:/..

git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --

kernel config: https://syzkaller.appspot.com/x/.config?x=992427ab850b1843
dashboard link: https://syzkaller.appspot.com/bug?extid=e7c25a1325c6112704be
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1089610a880000

[Dongliang Mu]

On Tue, Oct 4, 2022 at 7:26 PM syzbot
<syzbot+e7c25a...@syzkaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> asset storage also requires dashboard client
>

@Dmitry, I don't quite understand this building error. It seems not
like my patch has some errors.

[Aleksandr Nogikh]

Hi,

It looks like you sent the patch testing request exactly within the
several hours when it was broken :(
Please try to send the request again, it should work now.

Best Regards
Aleksandr

> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAD-N9QXBS4aqDhRW6SECG2Z8DzwKXnMgjYEiHsA_Cm-JHCsETQ%40mail.gmail.com.

[Dongliang Mu]

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

d [mem 0x00000000b5a00000-0x00000000b9a00000] (64MB)
[ 2.451930][ T1] ACPI: bus type thunderbolt registered
[ 2.461150][ T56] kworker/u4:3 (56) used greatest stack depth: 27296 bytes left
[ 2.469939][ T1] kvm: no hardware support for 'kvm_intel'
[ 2.471032][ T1] has_svm: svm not available
[ 2.471715][ T1] kvm: no hardware support for 'kvm_amd'
[ 2.472485][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x206eb2111f5, max_idle_ns: 440795222471 ns
[ 2.474059][ T1] clocksource: Switched to clocksource tsc
[ 5.639415][ T1] Initialise system trusted keyrings
[ 5.642563][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 5.679289][ T1] zbud: loaded
[ 5.687435][ T1] DLM installed
[ 5.693812][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 5.702153][ T106] kworker/u4:2 (106) used greatest stack depth: 27144 bytes left
[ 5.703995][ T1] NFS: Registering the id_resolver key type
[ 5.705668][ T1] Key type id_resolver registered
[ 5.706856][ T1] Key type id_legacy registered
[ 5.707913][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 5.709340][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 5.718331][ T1] Key type cifs.spnego registered
[ 5.719170][ T1] Key type cifs.idmap registered
[ 5.720747][ T1] ntfs: driver 2.1.32 [Flags: R/W].
[ 5.722981][ T1] ntfs3: Max link count 4000
[ 5.723620][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 5.724468][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 5.726465][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 5.727550][ T1] jffs2: version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat, Inc.
[ 5.732068][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 5.733571][ T1] QNX4 filesystem 0.2.3 registered.
[ 5.734619][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 5.736377][ T1] fuse: init (API version 7.37)
[ 5.741172][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 5.742921][ T1] orangefs_init: module version upstream loaded
[ 5.744575][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 5.758292][ T1] SGI XFS with ACLs, security attributes, realtime, quota, fatal assert, debug enabled
[ 5.771036][ T1] 9p: Installing v9fs 9p2000 file system support
[ 5.773458][ T1] NILFS version 2 loaded
[ 5.774076][ T1] befs: version: 0.9.3
[ 5.776023][ T1] ocfs2: Registered cluster interface o2cb
[ 5.777385][ T1] ocfs2: Registered cluster interface user
[ 5.778879][ T1] OCFS2 User DLM kernel interface loaded
[ 5.789868][ T1] gfs2: GFS2 installed
[ 5.801406][ T1] ceph: loaded (mds proto 32)
[ 5.813163][ T1] NET: Registered PF_ALG protocol family
[ 5.814174][ T1] xor: automatically using best checksumming function avx
[ 5.815683][ T1] async_tx: api initialized (async)
[ 5.816585][ T1] Key type asymmetric registered
[ 5.817319][ T1] Asymmetric key parser 'x509' registered
[ 5.818175][ T1] Asymmetric key parser 'pkcs8' registered
[ 5.819092][ T1] Key type pkcs7_test registered
[ 5.823005][ T1] alg: self-tests for CTR-KDF (hmac(sha256)) passed
[ 5.824440][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 240)
[ 5.826498][ T1] io scheduler mq-deadline registered
[ 5.827648][ T1] io scheduler kyber registered
[ 5.829045][ T1] io scheduler bfq registered
[ 5.836454][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 5.847153][ T1] ACPI: button: Power Button [PWRF]
[ 5.849357][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 5.851446][ T1] ACPI: button: Sleep Button [SLPF]
[ 5.873288][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 5.874470][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 5.892851][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 5.894487][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 5.913424][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 5.914548][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 5.942888][ T232] kworker/u4:2 (232) used greatest stack depth: 27032 bytes left
[ 6.048461][ T403] kworker/u4:0 (403) used greatest stack depth: 26624 bytes left
[ 6.240570][ T1] N_HDLC line discipline registered with maxframe=4096
[ 6.241676][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 6.243218][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 6.248623][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 6.258248][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 6.263876][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 6.272051][ T1] Non-volatile memory driver v1.3
[ 6.289777][ T1] Linux agpgart interface v0.103
[ 6.292338][ T1] ACPI: bus type drm_connector registered
[ 6.297108][ T1] [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[ 6.303116][ T1] [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
[ 6.361560][ T1] Console: switching to colour frame buffer device 128x48
[ 6.379121][ T1] platform vkms: [drm] fb0: vkmsdrmfb frame buffer device
[ 6.380602][ T1] usbcore: registered new interface driver udl
[ 6.431729][ T1] brd: module loaded
[ 6.486879][ T1] loop: module loaded
[ 6.556565][ T1] zram: Added device: zram0
[ 6.563795][ T1] null_blk: disk nullb0 created
[ 6.564546][ T1] null_blk: module loaded
[ 6.565343][ T1] Guest personality initialized and is inactive
[ 6.566628][ T1] VMCI host device registered (name=vmci, major=10, minor=119)
[ 6.568011][ T1] Initialized host personality
[ 6.569164][ T1] usbcore: registered new interface driver rtsx_usb
[ 6.571222][ T1] usbcore: registered new interface driver viperboard
[ 6.572508][ T1] usbcore: registered new interface driver dln2
[ 6.573870][ T1] usbcore: registered new interface driver pn533_usb
[ 6.578221][ T1] nfcsim 0.2 initialized
[ 6.579155][ T1] usbcore: registered new interface driver port100
[ 6.580679][ T1] usbcore: registered new interface driver nfcmrvl
[ 6.584949][ T1] Loading iSCSI transport class v2.0-870.
[ 6.615015][ T1] scsi host0: Virtio SCSI HBA
[ 6.653960][ T1] st: Version 20160209, fixed bufsize 32768, s/g segs 256
[ 6.657863][ T28] scsi 0:0:1:0: Direct-Access Google PersistentDisk 1 PQ: 0 ANSI: 6
[ 6.682711][ T1] Rounding down aligned max_sectors from 4294967295 to 4294967288
[ 6.684766][ T1] db_root: cannot open: /etc/target
[ 6.687866][ T1] slram: not enough parameters.
[ 6.694251][ T1] ftl_cs: FTL header not found.
[ 6.734983][ T1] wireguard: WireGuard 1.0.0 loaded. See www.wireguard.com for information.
[ 6.736576][ T1] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Ja...@zx2c4.com>. All Rights Reserved.
[ 6.738612][ T1] eql: Equalizer2002: Simon Janes (si...@ncm.com) and David S. Miller (da...@redhat.com)
[ 6.749528][ T1] MACsec IEEE 802.1AE
[ 6.774133][ T1] tun: Universal TUN/TAP device driver, 1.6
[ 6.825758][ T1] ------------[ cut here ]------------
[ 6.827585][ T1] WARNING: CPU: 1 PID: 1 at include/linux/cpumask.h:110 cpumask_next_wrap+0x139/0x1d0
[ 6.829022][ T1] Modules linked in:
[ 6.829801][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.0.0-syzkaller-11973-g9c9155a3509a-dirty #0
[ 6.831214][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 6.832654][ T1] RIP: 0010:cpumask_next_wrap+0x139/0x1d0
[ 6.833556][ T1] Code: df e8 8b 4a 3d f8 39 eb 77 64 e8 32 4e 3d f8 41 8d 6c 24 01 89 de 89 ef e8 74 4a 3d f8 39 dd 0f 82 54 ff ff ff e8 17 4e 3d f8 <0f> 0b e9 48 ff ff ff e8 0b 4e 3d f8 48 c7 c2 00 02 e2 8d 48 b8 00
[ 6.837478][ T1] RSP: 0018:ffffc90000067920 EFLAGS: 00010293
[ 6.839159][ T1] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
[ 6.840875][ T1] RDX: ffff888140170000 RSI: ffffffff893f1c59 RDI: 0000000000000004
[ 6.842624][ T1] RBP: 0000000000000002 R08: 0000000000000004 R09: 0000000000000002
[ 6.844143][ T1] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001
[ 6.845664][ T1] R13: 0000000000000000 R14: 0000000000000002 R15: ffffffff8de20010
[ 6.847288][ T1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[ 6.848892][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6.850240][ T1] CR2: 0000000000000000 CR3: 000000000bc8e000 CR4: 0000000000350ee0
[ 6.851553][ T1] Call Trace:
[ 6.852243][ T1] <TASK>
[ 6.852893][ T1] virtnet_set_affinity+0x35a/0x750
[ 6.854973][ T1] ? skb_recv_done+0x120/0x120
[ 6.856032][ T1] virtnet_probe+0x12ae/0x31e0
[ 6.857110][ T1] ? virtnet_find_vqs+0xc30/0xc30
[ 6.857970][ T1] virtio_dev_probe+0x577/0x870
[ 6.859042][ T1] ? virtio_features_ok+0x1e0/0x1e0
[ 6.859932][ T1] really_probe+0x249/0xb90
[ 6.860675][ T1] __driver_probe_device+0x1df/0x4d0
[ 6.861554][ T1] driver_probe_device+0x4c/0x1a0
[ 6.862857][ T1] __driver_attach+0x1d0/0x550
[ 6.863998][ T1] ? __device_attach_driver+0x2e0/0x2e0
[ 6.864976][ T1] bus_for_each_dev+0x147/0x1d0
[ 6.866097][ T1] ? subsys_dev_iter_exit+0x20/0x20
[ 6.866896][ T1] bus_add_driver+0x4c9/0x640
[ 6.867960][ T1] driver_register+0x220/0x3a0
[ 6.868853][ T1] ? veth_init+0x11/0x11
[ 6.869611][ T1] virtio_net_driver_init+0x93/0xd2
[ 6.870446][ T1] do_one_initcall+0x13d/0x780
[ 6.871188][ T1] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 6.872222][ T1] ? parameq+0xa0/0x170
[ 6.872938][ T1] kernel_init_freeable+0x6ff/0x788
[ 6.873727][ T1] ? rest_init+0x270/0x270
[ 6.874518][ T1] kernel_init+0x1a/0x1d0
[ 6.875193][ T1] ? rest_init+0x270/0x270
[ 6.875890][ T1] ret_from_fork+0x1f/0x30
[ 6.876635][ T1] </TASK>
[ 6.877093][ T1] Kernel panic - not syncing: panic_on_warn set ...
[ 6.877988][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.0.0-syzkaller-11973-g9c9155a3509a-dirty #0
[ 6.879303][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
[ 6.879673][ T1] Call Trace:
[ 6.879673][ T1] <TASK>
[ 6.879673][ T1] dump_stack_lvl+0xcd/0x134
[ 6.879673][ T1] panic+0x2c8/0x622
[ 6.879673][ T1] ? panic_print_sys_info.part.0+0x110/0x110
[ 6.879673][ T1] ? __warn.cold+0x24b/0x350
[ 6.879673][ T1] ? cpumask_next_wrap+0x139/0x1d0
[ 6.879673][ T1] __warn.cold+0x25c/0x350
[ 6.879673][ T1] ? cpumask_next_wrap+0x139/0x1d0
[ 6.879673][ T1] report_bug+0x1bc/0x210
[ 6.879673][ T1] handle_bug+0x3c/0x70
[ 6.879673][ T1] exc_invalid_op+0x14/0x40
[ 6.879673][ T1] asm_exc_invalid_op+0x16/0x20
[ 6.879673][ T1] RIP: 0010:cpumask_next_wrap+0x139/0x1d0
[ 6.879673][ T1] Code: df e8 8b 4a 3d f8 39 eb 77 64 e8 32 4e 3d f8 41 8d 6c 24 01 89 de 89 ef e8 74 4a 3d f8 39 dd 0f 82 54 ff ff ff e8 17 4e 3d f8 <0f> 0b e9 48 ff ff ff e8 0b 4e 3d f8 48 c7 c2 00 02 e2 8d 48 b8 00
[ 6.879673][ T1] RSP: 0018:ffffc90000067920 EFLAGS: 00010293
[ 6.879673][ T1] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
[ 6.879673][ T1] RDX: ffff888140170000 RSI: ffffffff893f1c59 RDI: 0000000000000004
[ 6.879673][ T1] RBP: 0000000000000002 R08: 0000000000000004 R09: 0000000000000002
[ 6.879673][ T1] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000001
[ 6.879673][ T1] R13: 0000000000000000 R14: 0000000000000002 R15: ffffffff8de20010
[ 6.879673][ T1] ? cpumask_next_wrap+0x139/0x1d0
[ 6.879673][ T1] virtnet_set_affinity+0x35a/0x750
[ 6.879673][ T1] ? skb_recv_done+0x120/0x120
[ 6.879673][ T1] virtnet_probe+0x12ae/0x31e0
[ 6.879673][ T1] ? virtnet_find_vqs+0xc30/0xc30
[ 6.879673][ T1] virtio_dev_probe+0x577/0x870
[ 6.879673][ T1] ? virtio_features_ok+0x1e0/0x1e0
[ 6.879673][ T1] really_probe+0x249/0xb90
[ 6.879673][ T1] __driver_probe_device+0x1df/0x4d0
[ 6.879673][ T1] driver_probe_device+0x4c/0x1a0
[ 6.879673][ T1] __driver_attach+0x1d0/0x550
[ 6.879673][ T1] ? __device_attach_driver+0x2e0/0x2e0
[ 6.879673][ T1] bus_for_each_dev+0x147/0x1d0
[ 6.879673][ T1] ? subsys_dev_iter_exit+0x20/0x20
[ 6.879673][ T1] bus_add_driver+0x4c9/0x640
[ 6.879673][ T1] driver_register+0x220/0x3a0
[ 6.879673][ T1] ? veth_init+0x11/0x11
[ 6.879673][ T1] virtio_net_driver_init+0x93/0xd2
[ 6.879673][ T1] do_one_initcall+0x13d/0x780
[ 6.879673][ T1] ? trace_event_raw_event_initcall_level+0x1f0/0x1f0
[ 6.879673][ T1] ? parameq+0xa0/0x170
[ 6.879673][ T1] kernel_init_freeable+0x6ff/0x788
[ 6.879673][ T1] ? rest_init+0x270/0x270
[ 6.879673][ T1] kernel_init+0x1a/0x1d0
[ 6.879673][ T1] ? rest_init+0x270/0x270
[ 6.879673][ T1] ret_from_fork+0x1f/0x30
[ 6.879673][ T1] </TASK>
[ 6.879673][ T1] Kernel Offset: disabled
[ 6.879673][ T1] Rebooting in 86400 seconds..

GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2352153144=/tmp/go-build -gno-record-gcc-switches"

git status (err=<nil>)

HEAD detached at aea5da898

nothing to commit, working tree clean


go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
bin/syz-sysgen
touch .descriptions

GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=aea5da898f473385f3b66c94f8aa49ca9a1c9744 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20221007-214935'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=aea5da898f473385f3b66c94f8aa49ca9a1c9744 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20221007-214935'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=aea5da898f473385f3b66c94f8aa49ca9a1c9744 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20221007-214935'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress

mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \

-DHOSTGOOS_linux=1 -DGIT_REVISION=\"aea5da898f473385f3b66c94f8aa49ca9a1c9744\"


Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=142516aa880000


Tested on:

commit: 9c9155a3 Merge tag 'drm-next-2022-10-14' of git://anon..

git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git --

kernel config: https://syzkaller.appspot.com/x/.config?x=e61a914abce9d3fd
dashboard link: https://syzkaller.appspot.com/bug?extid=15342c1aa6a00fb7a438
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11a43eaa880000