[syzbot] [hfs?] general protection fault in hfs_mdb_commit
11 views
Skip to first unread message
syzbot
Oct 5, 2024, 2:07:23 AMOct 5
to linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: c02d24a5af66 Add linux-next specific files for 20241003
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=111f2b9f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=94f9caf16c0af42d
dashboard link: https://syzkaller.appspot.com/bug?extid=5cfa9ffce7cc5744fe24
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=114be307980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16bef527980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/641e642c9432/disk-c02d24a5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/98aaf20c29e0/vmlinux-c02d24a5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c23099f2d86b/bzImage-c02d24a5.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d12a33e3e104/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5cfa9f...@syzkaller.appspotmail.com
Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c7: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000638-0x000000000000063f]
CPU: 1 UID: 0 PID: 116 Comm: kworker/1:2 Not tainted 6.12.0-rc1-next-20241003-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_long flush_mdb
RIP: 0010:hfs_mdb_commit+0x37/0xfd0 fs/hfs/mdb.c:266
Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 dc 45 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 0a 2b 74 ff 4d 8b 34 24 49 8d 6e
RSP: 0018:ffffc90002d0fb40 EFLAGS: 00010202
RAX: ffffffff828a89e4 RBX: 00000000000000c7 RCX: ffff88801ef68000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc90002d0fdc0 R08: ffff88802e32d1eb R09: 1ffff11005c65a3d
R10: dffffc0000000000 R11: ffffed1005c65a3e R12: 0000000000000638
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000001800000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fc5eb2fb50 CR3: 00000000786e8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_mdb_commit+0x37/0xfd0 fs/hfs/mdb.c:266
Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 dc 45 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 0a 2b 74 ff 4d 8b 34 24 49 8d 6e
RSP: 0018:ffffc90002d0fb40 EFLAGS: 00010202
RAX: ffffffff828a89e4 RBX: 00000000000000c7 RCX: ffff88801ef68000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc90002d0fdc0 R08: ffff88802e32d1eb R09: 1ffff11005c65a3d
R10: dffffc0000000000 R11: ffffed1005c65a3e R12: 0000000000000638
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000001800000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fc5eb2fb50 CR3: 00000000786e8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 53 push %rbx
1: 48 83 ec 48 sub $0x48,%rsp
5: 48 89 fb mov %rdi,%rbx
8: 49 bd 00 00 00 00 00 movabs $0xdffffc0000000000,%r13
f: fc ff df
12: e8 dc 45 0a ff call 0xff0a45f3
17: 48 89 5c 24 08 mov %rbx,0x8(%rsp)
1c: 4c 8d a3 38 06 00 00 lea 0x638(%rbx),%r12
23: 4c 89 e3 mov %r12,%rbx
26: 48 c1 eb 03 shr $0x3,%rbx
* 2a: 42 80 3c 2b 00 cmpb $0x0,(%rbx,%r13,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 4c 89 e7 mov %r12,%rdi
34: e8 0a 2b 74 ff call 0xff742b43
39: 4d 8b 34 24 mov (%r12),%r14
3d: 49 rex.WB
3e: 8d .byte 0x8d
3f: 6e outsb %ds:(%rsi),(%dx)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: c02d24a5af66 Add linux-next specific files for 20241003
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=111f2b9f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=94f9caf16c0af42d
dashboard link: https://syzkaller.appspot.com/bug?extid=5cfa9ffce7cc5744fe24
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=114be307980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16bef527980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/641e642c9432/disk-c02d24a5.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/98aaf20c29e0/vmlinux-c02d24a5.xz
kernel image: https://storage.googleapis.com/syzbot-assets/c23099f2d86b/bzImage-c02d24a5.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d12a33e3e104/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5cfa9f...@syzkaller.appspotmail.com
Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c7: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000638-0x000000000000063f]
CPU: 1 UID: 0 PID: 116 Comm: kworker/1:2 Not tainted 6.12.0-rc1-next-20241003-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_long flush_mdb
RIP: 0010:hfs_mdb_commit+0x37/0xfd0 fs/hfs/mdb.c:266
Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 dc 45 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 0a 2b 74 ff 4d 8b 34 24 49 8d 6e
RSP: 0018:ffffc90002d0fb40 EFLAGS: 00010202
RAX: ffffffff828a89e4 RBX: 00000000000000c7 RCX: ffff88801ef68000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc90002d0fdc0 R08: ffff88802e32d1eb R09: 1ffff11005c65a3d
R10: dffffc0000000000 R11: ffffed1005c65a3e R12: 0000000000000638
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000001800000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fc5eb2fb50 CR3: 00000000786e8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:hfs_mdb_commit+0x37/0xfd0 fs/hfs/mdb.c:266
Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 dc 45 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 0a 2b 74 ff 4d 8b 34 24 49 8d 6e
RSP: 0018:ffffc90002d0fb40 EFLAGS: 00010202
RAX: ffffffff828a89e4 RBX: 00000000000000c7 RCX: ffff88801ef68000
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
RBP: ffffc90002d0fdc0 R08: ffff88802e32d1eb R09: 1ffff11005c65a3d
R10: dffffc0000000000 R11: ffffed1005c65a3e R12: 0000000000000638
R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000001800000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055fc5eb2fb50 CR3: 00000000786e8000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 53 push %rbx
1: 48 83 ec 48 sub $0x48,%rsp
5: 48 89 fb mov %rdi,%rbx
8: 49 bd 00 00 00 00 00 movabs $0xdffffc0000000000,%r13
f: fc ff df
12: e8 dc 45 0a ff call 0xff0a45f3
17: 48 89 5c 24 08 mov %rbx,0x8(%rsp)
1c: 4c 8d a3 38 06 00 00 lea 0x638(%rbx),%r12
23: 4c 89 e3 mov %r12,%rbx
26: 48 c1 eb 03 shr $0x3,%rbx
* 2a: 42 80 3c 2b 00 cmpb $0x0,(%rbx,%r13,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 4c 89 e7 mov %r12,%rdi
34: e8 0a 2b 74 ff call 0xff742b43
39: 4d 8b 34 24 mov (%r12),%r14
3d: 49 rex.WB
3e: 8d .byte 0x8d
3f: 6e outsb %ds:(%rsi),(%dx)
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Oct 5, 2024, 6:51:03 AMOct 5
to bra...@kernel.org, ja...@suse.cz, linux-...@vger.kernel.org, linux-...@vger.kernel.org, san...@redhat.com, syzkall...@googlegroups.com
syzbot has bisected this issue to:
commit c87d1f1aa91c2e54234672c728e0e117d2bff756
Author: Eric Sandeen <san...@redhat.com>
Date: Mon Sep 16 17:26:21 2024 +0000
hfs: convert hfs to use the new mount api
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17b2bbd0580000
start commit: c02d24a5af66 Add linux-next specific files for 20241003
git tree: linux-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=1472bbd0580000
console output: https://syzkaller.appspot.com/x/log.txt?x=1072bbd0580000
Fixes: c87d1f1aa91c ("hfs: convert hfs to use the new mount api")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit c87d1f1aa91c2e54234672c728e0e117d2bff756
Author: Eric Sandeen <san...@redhat.com>
Date: Mon Sep 16 17:26:21 2024 +0000
hfs: convert hfs to use the new mount api
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17b2bbd0580000
start commit: c02d24a5af66 Add linux-next specific files for 20241003
git tree: linux-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=1472bbd0580000
console output: https://syzkaller.appspot.com/x/log.txt?x=1072bbd0580000
kernel config: https://syzkaller.appspot.com/x/.config?x=94f9caf16c0af42d
dashboard link: https://syzkaller.appspot.com/bug?extid=5cfa9ffce7cc5744fe24
dashboard link: https://syzkaller.appspot.com/bug?extid=5cfa9ffce7cc5744fe24
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=114be307980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16bef527980000
Reported-by: syzbot+5cfa9f...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16bef527980000
Fixes: c87d1f1aa91c ("hfs: convert hfs to use the new mount api")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Eric Sandeen
Oct 7, 2024, 4:28:07 PMOct 7
to syzbot, bra...@kernel.org, ja...@suse.cz, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com
diff --git a/fs/hfs/super.c b/fs/hfs/super.c
index ee314f3e39f8..3bee9b5dba5e 100644
--- a/fs/hfs/super.c
+++ b/fs/hfs/super.c
@@ -328,6 +328,7 @@ static int hfs_fill_super(struct super_block *sb, struct fs_context *fc)
spin_lock_init(&sbi->work_lock);
INIT_DELAYED_WORK(&sbi->mdb_work, flush_mdb);
+ sbi->sb = sb;
sb->s_op = &hfs_super_operations;
sb->s_xattr = hfs_xattr_handlers;
sb->s_flags |= SB_NODIRATIME;
syzbot
Oct 7, 2024, 4:59:05 PMOct 7
to bra...@kernel.org, ja...@suse.cz, linux-...@vger.kernel.org, linux-...@vger.kernel.org, san...@redhat.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
2.392036][ T1] Simple TC action Loaded
[ 12.400348][ T1] netem: version 1.3
[ 12.404412][ T1] u32 classifier
[ 12.407989][ T1] Performance counters on
[ 12.412673][ T1] input device check on
[ 12.417197][ T1] Actions configured
[ 12.424268][ T1] nf_conntrack_irc: failed to register helpers
[ 12.430566][ T1] nf_conntrack_sane: failed to register helpers
[ 12.549571][ T1] nf_conntrack_sip: failed to register helpers
[ 12.561145][ T1] xt_time: kernel timezone is -0000
[ 12.566617][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 12.573587][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 12.582584][ T1] IPVS: ipvs loaded.
[ 12.586580][ T1] IPVS: [rr] scheduler registered.
[ 12.592118][ T1] IPVS: [wrr] scheduler registered.
[ 12.597856][ T1] IPVS: [lc] scheduler registered.
[ 12.603294][ T1] IPVS: [wlc] scheduler registered.
[ 12.608549][ T1] IPVS: [fo] scheduler registered.
[ 12.613738][ T1] IPVS: [ovf] scheduler registered.
[ 12.619443][ T1] IPVS: [lblc] scheduler registered.
[ 12.624956][ T1] IPVS: [lblcr] scheduler registered.
[ 12.630545][ T1] IPVS: [dh] scheduler registered.
[ 12.635664][ T1] IPVS: [sh] scheduler registered.
[ 12.641370][ T1] IPVS: [mh] scheduler registered.
[ 12.646997][ T1] IPVS: [sed] scheduler registered.
[ 12.652295][ T1] IPVS: [nq] scheduler registered.
[ 12.657444][ T1] IPVS: [twos] scheduler registered.
[ 12.663128][ T1] IPVS: [sip] pe registered.
[ 12.668316][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 12.677479][ T1] gre: GRE over IPv4 demultiplexor driver
[ 12.683315][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 12.697687][ T1] IPv4 over IPsec tunneling driver
[ 12.706721][ T1] Initializing XFRM netlink socket
[ 12.712259][ T1] IPsec XFRM device driver
[ 12.718070][ T1] NET: Registered PF_INET6 protocol family
[ 12.736184][ T1] Segment Routing with IPv6
[ 12.741286][ T1] RPL Segment Routing with IPv6
[ 12.746530][ T1] In-situ OAM (IOAM) with IPv6
[ 12.751621][ T1] mip6: Mobile IPv6
[ 12.759166][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 12.771857][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 12.781112][ T1] NET: Registered PF_PACKET protocol family
[ 12.787253][ T1] NET: Registered PF_KEY protocol family
[ 12.793462][ T1] Bridge firewalling registered
[ 12.799359][ T1] NET: Registered PF_X25 protocol family
[ 12.805265][ T1] X25: Linux Version 0.2
[ 12.843878][ T1] NET: Registered PF_NETROM protocol family
[ 12.885061][ T1] NET: Registered PF_ROSE protocol family
[ 12.891212][ T1] NET: Registered PF_AX25 protocol family
[ 12.897409][ T1] can: controller area network core
[ 12.903103][ T1] NET: Registered PF_CAN protocol family
[ 12.908798][ T1] can: raw protocol
[ 12.912720][ T1] can: broadcast manager protocol
[ 12.918861][ T1] can: netlink gateway - max_hops=1
[ 12.924251][ T1] can: SAE J1939
[ 12.928653][ T1] can: isotp protocol (max_pdu_size 8300)
[ 12.935025][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 12.940918][ T1] Bluetooth: RFCOMM socket layer initialized
[ 12.947066][ T1] Bluetooth: RFCOMM ver 1.11
[ 12.951710][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 12.957878][ T1] Bluetooth: BNEP filters: protocol multicast
[ 12.964036][ T1] Bluetooth: BNEP socket layer initialized
[ 12.969859][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 12.976661][ T1] Bluetooth: HIDP socket layer initialized
[ 12.986457][ T1] NET: Registered PF_RXRPC protocol family
[ 12.992506][ T1] Key type rxrpc registered
[ 12.997264][ T1] Key type rxrpc_s registered
[ 13.003267][ T1] NET: Registered PF_KCM protocol family
[ 13.010612][ T1] lec:lane_module_init: lec.c: initialized
[ 13.016647][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 13.022464][ T1] l2tp_core: L2TP core driver, V2.0
[ 13.027737][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 13.033968][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 13.041194][ T1] l2tp_netlink: L2TP netlink interface
[ 13.046980][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 13.053952][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 13.061705][ T1] NET: Registered PF_PHONET protocol family
[ 13.068094][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 13.087954][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 13.093706][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 13.100779][ T1] DCCP is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 13.112339][ T1] sctp: Hash tables configured (bind 32/56)
[ 13.119792][ T1] NET: Registered PF_RDS protocol family
[ 13.137180][ T1] Registered RDS/infiniband transport
[ 13.143886][ T1] Registered RDS/tcp transport
[ 13.148725][ T1] tipc: Activated (version 2.0.0)
[ 13.154585][ T1] NET: Registered PF_TIPC protocol family
[ 13.161215][ T1] tipc: Started in single node mode
[ 13.167673][ T1] NET: Registered PF_SMC protocol family
[ 13.174197][ T1] 9pnet: Installing 9P2000 support
[ 13.180146][ T1] NET: Registered PF_CAIF protocol family
[ 13.189912][ T1] NET: Registered PF_IEEE802154 protocol family
[ 13.196637][ T1] Key type dns_resolver registered
[ 13.202031][ T1] Key type ceph registered
[ 13.207113][ T1] libceph: loaded (mon/osd proto 15/24)
[ 13.214179][ T1] batman_adv: B.A.T.M.A.N. advanced 2024.2 (compatibility version 15) loaded
[ 13.223205][ T1] openvswitch: Open vSwitch switching datapath
[ 13.231919][ T1] NET: Registered PF_VSOCK protocol family
[ 13.238480][ T1] mpls_gso: MPLS GSO support
[ 13.260193][ T1] IPI shorthand broadcast: enabled
[ 13.266458][ T1] AES CTR mode by8 optimization enabled
[ 13.589566][ T1] ==================================================================
[ 13.596222][ T1] BUG: KFENCE: memory corruption in krealloc_noprof+0x160/0x2e0
[ 13.596222][ T1]
[ 13.596222][ T1] Corrupted memory at 0xffff88823bea2ff8 [ 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ] (in kfence-#80):
[ 13.596222][ T1] krealloc_noprof+0x160/0x2e0
[ 13.596222][ T1] add_sysfs_param+0x137/0x7f0
[ 13.596222][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 13.596222][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 13.596222][ T1] param_sysfs_builtin_init+0x31/0x40
[ 13.596222][ T1] do_one_initcall+0x248/0x880
[ 13.646287][ T1] do_initcall_level+0x157/0x210
[ 13.646287][ T1] do_initcalls+0x3f/0x80
[ 13.646287][ T1] kernel_init_freeable+0x435/0x5d0
[ 13.646287][ T1] kernel_init+0x1d/0x2b0
[ 13.646287][ T1] ret_from_fork+0x4b/0x80
[ 13.646287][ T1] ret_from_fork_asm+0x1a/0x30
[ 13.676285][ T1]
[ 13.676285][ T1] kfence-#80: 0xffff88823bea2fe0-0xffff88823bea2ff7, size=24, cache=kmalloc-32
[ 13.676285][ T1]
[ 13.676285][ T1] allocated by task 1 on cpu 0 at 13.588158s (0.088126s ago):
[ 13.676285][ T1] krealloc_noprof+0xd6/0x2e0
[ 13.676285][ T1] add_sysfs_param+0x137/0x7f0
[ 13.706250][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 13.706250][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 13.706250][ T1] param_sysfs_builtin_init+0x31/0x40
[ 13.706250][ T1] do_one_initcall+0x248/0x880
[ 13.706250][ T1] do_initcall_level+0x157/0x210
[ 13.706250][ T1] do_initcalls+0x3f/0x80
[ 13.736270][ T1] kernel_init_freeable+0x435/0x5d0
[ 13.736270][ T1] kernel_init+0x1d/0x2b0
[ 13.736270][ T1] ret_from_fork+0x4b/0x80
[ 13.736270][ T1] ret_from_fork_asm+0x1a/0x30
[ 13.736270][ T1]
[ 13.736270][ T1] freed by task 1 on cpu 0 at 13.589501s (0.146769s ago):
[ 13.766251][ T1] krealloc_noprof+0x160/0x2e0
[ 13.766251][ T1] add_sysfs_param+0x137/0x7f0
[ 13.766251][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 13.766251][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 13.766251][ T1] param_sysfs_builtin_init+0x31/0x40
[ 13.766251][ T1] do_one_initcall+0x248/0x880
[ 13.796268][ T1] do_initcall_level+0x157/0x210
[ 13.796268][ T1] do_initcalls+0x3f/0x80
[ 13.796268][ T1] kernel_init_freeable+0x435/0x5d0
[ 13.796268][ T1] kernel_init+0x1d/0x2b0
[ 13.796268][ T1] ret_from_fork+0x4b/0x80
[ 13.796268][ T1] ret_from_fork_asm+0x1a/0x30
[ 13.826256][ T1]
[ 13.826256][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc1-next-20241004-syzkaller-02483-g58ca61c1a866-dirty #0
[ 13.826256][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 13.826256][ T1] ==================================================================
[ 13.856269][ T1] Kernel panic - not syncing: KFENCE: panic_on_warn set ...
[ 13.856269][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc1-next-20241004-syzkaller-02483-g58ca61c1a866-dirty #0
[ 13.856269][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 13.886253][ T1] Call Trace:
[ 13.886253][ T1] <TASK>
[ 13.886253][ T1] dump_stack_lvl+0x241/0x360
[ 13.886253][ T1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 13.886253][ T1] ? __pfx__printk+0x10/0x10
[ 13.886253][ T1] ? __asan_memset+0x23/0x50
[ 13.886253][ T1] ? vscnprintf+0x5d/0x90
[ 13.916309][ T1] panic+0x349/0x880
[ 13.916309][ T1] ? check_panic_on_warn+0x21/0xb0
[ 13.916309][ T1] ? __pfx_panic+0x10/0x10
[ 13.916309][ T1] ? _printk+0xd5/0x120
[ 13.916309][ T1] ? __pfx__printk+0x10/0x10
[ 13.916309][ T1] ? __pfx__printk+0x10/0x10
[ 13.946300][ T1] check_panic_on_warn+0x86/0xb0
[ 13.946300][ T1] kfence_report_error+0x998/0xd10
[ 13.956349][ T1] ? mark_lock+0x9a/0x360
[ 13.956349][ T1] ? __pfx_kfence_report_error+0x10/0x10
[ 13.966332][ T1] ? check_canary+0x82b/0x920
[ 13.966332][ T1] ? kfence_guarded_free+0x24f/0x4f0
[ 13.976366][ T1] ? kfree+0x21c/0x420
[ 13.976366][ T1] ? krealloc_noprof+0x160/0x2e0
[ 13.986334][ T1] ? add_sysfs_param+0x137/0x7f0
[ 13.986334][ T1] ? kernel_add_sysfs_param+0xb4/0x130
[ 13.996298][ T1] ? param_sysfs_builtin+0x16e/0x1f0
[ 13.996298][ T1] ? param_sysfs_builtin_init+0x31/0x40
[ 14.006339][ T1] ? do_one_initcall+0x248/0x880
[ 14.006339][ T1] ? do_initcall_level+0x157/0x210
[ 14.016317][ T1] ? do_initcalls+0x3f/0x80
[ 14.016317][ T1] ? kernel_init_freeable+0x435/0x5d0
[ 14.026379][ T1] ? kernel_init+0x1d/0x2b0
[ 14.026379][ T1] ? ret_from_fork+0x4b/0x80
[ 14.036348][ T1] ? ret_from_fork_asm+0x1a/0x30
[ 14.036348][ T1] ? _raw_spin_lock_irqsave+0xe1/0x120
[ 14.046348][ T1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 14.046348][ T1] ? lockdep_hardirqs_on+0x99/0x150
[ 14.056353][ T1] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 14.066294][ T1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 14.066294][ T1] check_canary+0x82b/0x920
[ 14.076348][ T1] kfence_guarded_free+0x24f/0x4f0
[ 14.076348][ T1] ? krealloc_noprof+0x160/0x2e0
[ 14.086273][ T1] kfree+0x21c/0x420
[ 14.086273][ T1] ? add_sysfs_param+0x137/0x7f0
[ 14.096312][ T1] krealloc_noprof+0x160/0x2e0
[ 14.096312][ T1] add_sysfs_param+0x137/0x7f0
[ 14.106294][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 14.106294][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 14.116362][ T1] ? __pfx_param_sysfs_builtin+0x10/0x10
[ 14.116362][ T1] ? version_sysfs_builtin+0xcd/0xe0
[ 14.126328][ T1] ? __pfx_param_sysfs_builtin_init+0x10/0x10
[ 14.136364][ T1] param_sysfs_builtin_init+0x31/0x40
[ 14.136364][ T1] do_one_initcall+0x248/0x880
[ 14.146289][ T1] ? __pfx_param_sysfs_builtin_init+0x10/0x10
[ 14.146289][ T1] ? __pfx_do_one_initcall+0x10/0x10
[ 14.156303][ T1] ? __pfx_parse_args+0x10/0x10
[ 14.156303][ T1] ? rcu_is_watching+0x15/0xb0
[ 14.166286][ T1] do_initcall_level+0x157/0x210
[ 14.166286][ T1] do_initcalls+0x3f/0x80
[ 14.176344][ T1] kernel_init_freeable+0x435/0x5d0
[ 14.176344][ T1] ? __pfx_kernel_init_freeable+0x10/0x10
[ 14.186278][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 14.186278][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.196404][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.196404][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.206288][ T1] kernel_init+0x1d/0x2b0
[ 14.206288][ T1] ret_from_fork+0x4b/0x80
[ 14.216356][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.216356][ T1] ret_from_fork_asm+0x1a/0x30
[ 14.226293][ T1] </TASK>
[ 14.226293][ T1] Kernel Offset: disabled
[ 14.226293][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1625951770=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at d7906effc2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=d7906effc263366a8b067258cec67072b29aa5e0 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241003-062913'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d7906effc263366a8b067258cec67072b29aa5e0\"
/usr/bin/ld: /tmp/ccMzj0Og.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccMzj0Og.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1510e7d0580000
Tested on:
commit: 58ca61c1 Add linux-next specific files for 20241004
git tree: linux-next
syzbot tried to test the proposed patch but the build/boot failed:
2.392036][ T1] Simple TC action Loaded
[ 12.400348][ T1] netem: version 1.3
[ 12.404412][ T1] u32 classifier
[ 12.407989][ T1] Performance counters on
[ 12.412673][ T1] input device check on
[ 12.417197][ T1] Actions configured
[ 12.424268][ T1] nf_conntrack_irc: failed to register helpers
[ 12.430566][ T1] nf_conntrack_sane: failed to register helpers
[ 12.549571][ T1] nf_conntrack_sip: failed to register helpers
[ 12.561145][ T1] xt_time: kernel timezone is -0000
[ 12.566617][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 12.573587][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 12.582584][ T1] IPVS: ipvs loaded.
[ 12.586580][ T1] IPVS: [rr] scheduler registered.
[ 12.592118][ T1] IPVS: [wrr] scheduler registered.
[ 12.597856][ T1] IPVS: [lc] scheduler registered.
[ 12.603294][ T1] IPVS: [wlc] scheduler registered.
[ 12.608549][ T1] IPVS: [fo] scheduler registered.
[ 12.613738][ T1] IPVS: [ovf] scheduler registered.
[ 12.619443][ T1] IPVS: [lblc] scheduler registered.
[ 12.624956][ T1] IPVS: [lblcr] scheduler registered.
[ 12.630545][ T1] IPVS: [dh] scheduler registered.
[ 12.635664][ T1] IPVS: [sh] scheduler registered.
[ 12.641370][ T1] IPVS: [mh] scheduler registered.
[ 12.646997][ T1] IPVS: [sed] scheduler registered.
[ 12.652295][ T1] IPVS: [nq] scheduler registered.
[ 12.657444][ T1] IPVS: [twos] scheduler registered.
[ 12.663128][ T1] IPVS: [sip] pe registered.
[ 12.668316][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 12.677479][ T1] gre: GRE over IPv4 demultiplexor driver
[ 12.683315][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 12.697687][ T1] IPv4 over IPsec tunneling driver
[ 12.706721][ T1] Initializing XFRM netlink socket
[ 12.712259][ T1] IPsec XFRM device driver
[ 12.718070][ T1] NET: Registered PF_INET6 protocol family
[ 12.736184][ T1] Segment Routing with IPv6
[ 12.741286][ T1] RPL Segment Routing with IPv6
[ 12.746530][ T1] In-situ OAM (IOAM) with IPv6
[ 12.751621][ T1] mip6: Mobile IPv6
[ 12.759166][ T1] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
[ 12.771857][ T1] ip6_gre: GRE over IPv6 tunneling driver
[ 12.781112][ T1] NET: Registered PF_PACKET protocol family
[ 12.787253][ T1] NET: Registered PF_KEY protocol family
[ 12.793462][ T1] Bridge firewalling registered
[ 12.799359][ T1] NET: Registered PF_X25 protocol family
[ 12.805265][ T1] X25: Linux Version 0.2
[ 12.843878][ T1] NET: Registered PF_NETROM protocol family
[ 12.885061][ T1] NET: Registered PF_ROSE protocol family
[ 12.891212][ T1] NET: Registered PF_AX25 protocol family
[ 12.897409][ T1] can: controller area network core
[ 12.903103][ T1] NET: Registered PF_CAN protocol family
[ 12.908798][ T1] can: raw protocol
[ 12.912720][ T1] can: broadcast manager protocol
[ 12.918861][ T1] can: netlink gateway - max_hops=1
[ 12.924251][ T1] can: SAE J1939
[ 12.928653][ T1] can: isotp protocol (max_pdu_size 8300)
[ 12.935025][ T1] Bluetooth: RFCOMM TTY layer initialized
[ 12.940918][ T1] Bluetooth: RFCOMM socket layer initialized
[ 12.947066][ T1] Bluetooth: RFCOMM ver 1.11
[ 12.951710][ T1] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
[ 12.957878][ T1] Bluetooth: BNEP filters: protocol multicast
[ 12.964036][ T1] Bluetooth: BNEP socket layer initialized
[ 12.969859][ T1] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 12.976661][ T1] Bluetooth: HIDP socket layer initialized
[ 12.986457][ T1] NET: Registered PF_RXRPC protocol family
[ 12.992506][ T1] Key type rxrpc registered
[ 12.997264][ T1] Key type rxrpc_s registered
[ 13.003267][ T1] NET: Registered PF_KCM protocol family
[ 13.010612][ T1] lec:lane_module_init: lec.c: initialized
[ 13.016647][ T1] mpoa:atm_mpoa_init: mpc.c: initialized
[ 13.022464][ T1] l2tp_core: L2TP core driver, V2.0
[ 13.027737][ T1] l2tp_ppp: PPPoL2TP kernel driver, V2.0
[ 13.033968][ T1] l2tp_ip: L2TP IP encapsulation support (L2TPv3)
[ 13.041194][ T1] l2tp_netlink: L2TP netlink interface
[ 13.046980][ T1] l2tp_eth: L2TP ethernet pseudowire support (L2TPv3)
[ 13.053952][ T1] l2tp_ip6: L2TP IP encapsulation support for IPv6 (L2TPv3)
[ 13.061705][ T1] NET: Registered PF_PHONET protocol family
[ 13.068094][ T1] 8021q: 802.1Q VLAN Support v1.8
[ 13.087954][ T1] DCCP: Activated CCID 2 (TCP-like)
[ 13.093706][ T1] DCCP: Activated CCID 3 (TCP-Friendly Rate Control)
[ 13.100779][ T1] DCCP is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[ 13.112339][ T1] sctp: Hash tables configured (bind 32/56)
[ 13.119792][ T1] NET: Registered PF_RDS protocol family
[ 13.137180][ T1] Registered RDS/infiniband transport
[ 13.143886][ T1] Registered RDS/tcp transport
[ 13.148725][ T1] tipc: Activated (version 2.0.0)
[ 13.154585][ T1] NET: Registered PF_TIPC protocol family
[ 13.161215][ T1] tipc: Started in single node mode
[ 13.167673][ T1] NET: Registered PF_SMC protocol family
[ 13.174197][ T1] 9pnet: Installing 9P2000 support
[ 13.180146][ T1] NET: Registered PF_CAIF protocol family
[ 13.189912][ T1] NET: Registered PF_IEEE802154 protocol family
[ 13.196637][ T1] Key type dns_resolver registered
[ 13.202031][ T1] Key type ceph registered
[ 13.207113][ T1] libceph: loaded (mon/osd proto 15/24)
[ 13.214179][ T1] batman_adv: B.A.T.M.A.N. advanced 2024.2 (compatibility version 15) loaded
[ 13.223205][ T1] openvswitch: Open vSwitch switching datapath
[ 13.231919][ T1] NET: Registered PF_VSOCK protocol family
[ 13.238480][ T1] mpls_gso: MPLS GSO support
[ 13.260193][ T1] IPI shorthand broadcast: enabled
[ 13.266458][ T1] AES CTR mode by8 optimization enabled
[ 13.589566][ T1] ==================================================================
[ 13.596222][ T1] BUG: KFENCE: memory corruption in krealloc_noprof+0x160/0x2e0
[ 13.596222][ T1]
[ 13.596222][ T1] Corrupted memory at 0xffff88823bea2ff8 [ 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ] (in kfence-#80):
[ 13.596222][ T1] krealloc_noprof+0x160/0x2e0
[ 13.596222][ T1] add_sysfs_param+0x137/0x7f0
[ 13.596222][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 13.596222][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 13.596222][ T1] param_sysfs_builtin_init+0x31/0x40
[ 13.596222][ T1] do_one_initcall+0x248/0x880
[ 13.646287][ T1] do_initcall_level+0x157/0x210
[ 13.646287][ T1] do_initcalls+0x3f/0x80
[ 13.646287][ T1] kernel_init_freeable+0x435/0x5d0
[ 13.646287][ T1] kernel_init+0x1d/0x2b0
[ 13.646287][ T1] ret_from_fork+0x4b/0x80
[ 13.646287][ T1] ret_from_fork_asm+0x1a/0x30
[ 13.676285][ T1]
[ 13.676285][ T1] kfence-#80: 0xffff88823bea2fe0-0xffff88823bea2ff7, size=24, cache=kmalloc-32
[ 13.676285][ T1]
[ 13.676285][ T1] allocated by task 1 on cpu 0 at 13.588158s (0.088126s ago):
[ 13.676285][ T1] krealloc_noprof+0xd6/0x2e0
[ 13.676285][ T1] add_sysfs_param+0x137/0x7f0
[ 13.706250][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 13.706250][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 13.706250][ T1] param_sysfs_builtin_init+0x31/0x40
[ 13.706250][ T1] do_one_initcall+0x248/0x880
[ 13.706250][ T1] do_initcall_level+0x157/0x210
[ 13.706250][ T1] do_initcalls+0x3f/0x80
[ 13.736270][ T1] kernel_init_freeable+0x435/0x5d0
[ 13.736270][ T1] kernel_init+0x1d/0x2b0
[ 13.736270][ T1] ret_from_fork+0x4b/0x80
[ 13.736270][ T1] ret_from_fork_asm+0x1a/0x30
[ 13.736270][ T1]
[ 13.736270][ T1] freed by task 1 on cpu 0 at 13.589501s (0.146769s ago):
[ 13.766251][ T1] krealloc_noprof+0x160/0x2e0
[ 13.766251][ T1] add_sysfs_param+0x137/0x7f0
[ 13.766251][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 13.766251][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 13.766251][ T1] param_sysfs_builtin_init+0x31/0x40
[ 13.766251][ T1] do_one_initcall+0x248/0x880
[ 13.796268][ T1] do_initcall_level+0x157/0x210
[ 13.796268][ T1] do_initcalls+0x3f/0x80
[ 13.796268][ T1] kernel_init_freeable+0x435/0x5d0
[ 13.796268][ T1] kernel_init+0x1d/0x2b0
[ 13.796268][ T1] ret_from_fork+0x4b/0x80
[ 13.796268][ T1] ret_from_fork_asm+0x1a/0x30
[ 13.826256][ T1]
[ 13.826256][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc1-next-20241004-syzkaller-02483-g58ca61c1a866-dirty #0
[ 13.826256][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 13.826256][ T1] ==================================================================
[ 13.856269][ T1] Kernel panic - not syncing: KFENCE: panic_on_warn set ...
[ 13.856269][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc1-next-20241004-syzkaller-02483-g58ca61c1a866-dirty #0
[ 13.856269][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 13.886253][ T1] Call Trace:
[ 13.886253][ T1] <TASK>
[ 13.886253][ T1] dump_stack_lvl+0x241/0x360
[ 13.886253][ T1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 13.886253][ T1] ? __pfx__printk+0x10/0x10
[ 13.886253][ T1] ? __asan_memset+0x23/0x50
[ 13.886253][ T1] ? vscnprintf+0x5d/0x90
[ 13.916309][ T1] panic+0x349/0x880
[ 13.916309][ T1] ? check_panic_on_warn+0x21/0xb0
[ 13.916309][ T1] ? __pfx_panic+0x10/0x10
[ 13.916309][ T1] ? _printk+0xd5/0x120
[ 13.916309][ T1] ? __pfx__printk+0x10/0x10
[ 13.916309][ T1] ? __pfx__printk+0x10/0x10
[ 13.946300][ T1] check_panic_on_warn+0x86/0xb0
[ 13.946300][ T1] kfence_report_error+0x998/0xd10
[ 13.956349][ T1] ? mark_lock+0x9a/0x360
[ 13.956349][ T1] ? __pfx_kfence_report_error+0x10/0x10
[ 13.966332][ T1] ? check_canary+0x82b/0x920
[ 13.966332][ T1] ? kfence_guarded_free+0x24f/0x4f0
[ 13.976366][ T1] ? kfree+0x21c/0x420
[ 13.976366][ T1] ? krealloc_noprof+0x160/0x2e0
[ 13.986334][ T1] ? add_sysfs_param+0x137/0x7f0
[ 13.986334][ T1] ? kernel_add_sysfs_param+0xb4/0x130
[ 13.996298][ T1] ? param_sysfs_builtin+0x16e/0x1f0
[ 13.996298][ T1] ? param_sysfs_builtin_init+0x31/0x40
[ 14.006339][ T1] ? do_one_initcall+0x248/0x880
[ 14.006339][ T1] ? do_initcall_level+0x157/0x210
[ 14.016317][ T1] ? do_initcalls+0x3f/0x80
[ 14.016317][ T1] ? kernel_init_freeable+0x435/0x5d0
[ 14.026379][ T1] ? kernel_init+0x1d/0x2b0
[ 14.026379][ T1] ? ret_from_fork+0x4b/0x80
[ 14.036348][ T1] ? ret_from_fork_asm+0x1a/0x30
[ 14.036348][ T1] ? _raw_spin_lock_irqsave+0xe1/0x120
[ 14.046348][ T1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 14.046348][ T1] ? lockdep_hardirqs_on+0x99/0x150
[ 14.056353][ T1] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 14.066294][ T1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 14.066294][ T1] check_canary+0x82b/0x920
[ 14.076348][ T1] kfence_guarded_free+0x24f/0x4f0
[ 14.076348][ T1] ? krealloc_noprof+0x160/0x2e0
[ 14.086273][ T1] kfree+0x21c/0x420
[ 14.086273][ T1] ? add_sysfs_param+0x137/0x7f0
[ 14.096312][ T1] krealloc_noprof+0x160/0x2e0
[ 14.096312][ T1] add_sysfs_param+0x137/0x7f0
[ 14.106294][ T1] kernel_add_sysfs_param+0xb4/0x130
[ 14.106294][ T1] param_sysfs_builtin+0x16e/0x1f0
[ 14.116362][ T1] ? __pfx_param_sysfs_builtin+0x10/0x10
[ 14.116362][ T1] ? version_sysfs_builtin+0xcd/0xe0
[ 14.126328][ T1] ? __pfx_param_sysfs_builtin_init+0x10/0x10
[ 14.136364][ T1] param_sysfs_builtin_init+0x31/0x40
[ 14.136364][ T1] do_one_initcall+0x248/0x880
[ 14.146289][ T1] ? __pfx_param_sysfs_builtin_init+0x10/0x10
[ 14.146289][ T1] ? __pfx_do_one_initcall+0x10/0x10
[ 14.156303][ T1] ? __pfx_parse_args+0x10/0x10
[ 14.156303][ T1] ? rcu_is_watching+0x15/0xb0
[ 14.166286][ T1] do_initcall_level+0x157/0x210
[ 14.166286][ T1] do_initcalls+0x3f/0x80
[ 14.176344][ T1] kernel_init_freeable+0x435/0x5d0
[ 14.176344][ T1] ? __pfx_kernel_init_freeable+0x10/0x10
[ 14.186278][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 14.186278][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.196404][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.196404][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.206288][ T1] kernel_init+0x1d/0x2b0
[ 14.206288][ T1] ret_from_fork+0x4b/0x80
[ 14.216356][ T1] ? __pfx_kernel_init+0x10/0x10
[ 14.216356][ T1] ret_from_fork_asm+0x1a/0x30
[ 14.226293][ T1] </TASK>
[ 14.226293][ T1] Kernel Offset: disabled
[ 14.226293][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1625951770=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at d7906effc2
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=d7906effc263366a8b067258cec67072b29aa5e0 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20241003-062913'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"d7906effc263366a8b067258cec67072b29aa5e0\"
/usr/bin/ld: /tmp/ccMzj0Og.o: in function `test_cover_filter()':
executor.cc:(.text+0x1424b): warning: the use of `tempnam' is dangerous, better use `mkstemp'
/usr/bin/ld: /tmp/ccMzj0Og.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1510e7d0580000
Tested on:
commit: 58ca61c1 Add linux-next specific files for 20241004
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=94f9caf16c0af42d
dashboard link: https://syzkaller.appspot.com/bug?extid=5cfa9ffce7cc5744fe24
dashboard link: https://syzkaller.appspot.com/bug?extid=5cfa9ffce7cc5744fe24
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1115f79f980000
syzbot
Oct 9, 2024, 5:02:16 PMOct 9
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [hfs?] general protection fault in hfs_mdb_commit
Author: san...@sandeen.net
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git ffcd06b6d13b72823aba0d7c871f7e4876e7916b
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [hfs?] general protection fault in hfs_mdb_commit
Author: san...@sandeen.net
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git ffcd06b6d13b72823aba0d7c871f7e4876e7916b
syzbot
Oct 9, 2024, 7:56:05 PMOct 9
to linux-...@vger.kernel.org, san...@sandeen.net, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+5cfa9f...@syzkaller.appspotmail.com
Tested-by: syzbot+5cfa9f...@syzkaller.appspotmail.com
Tested on:
commit: ffcd06b6 hfs: convert hfs to use the new mount api
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10798f07980000
kernel config: https://syzkaller.appspot.com/x/.config?x=43eee68ed9712f80
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+5cfa9f...@syzkaller.appspotmail.com
Tested-by: syzbot+5cfa9f...@syzkaller.appspotmail.com
Tested on:
commit: ffcd06b6 hfs: convert hfs to use the new mount api
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=10798f07980000
kernel config: https://syzkaller.appspot.com/x/.config?x=43eee68ed9712f80
dashboard link: https://syzkaller.appspot.com/bug?extid=5cfa9ffce7cc5744fe24
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: no patches were applied.
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages