[v6.1] WARNING in lookup_slow
0 views
Skip to first unread message
syzbot
Dec 2, 2023, 5:03:21 PM12/2/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6ac30d748bb0 Linux 6.1.64
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=126bcf64e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=beed2108229c44d7
dashboard link: https://syzkaller.appspot.com/bug?extid=06c698fb96b88f7018dc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/046a5345b629/disk-6ac30d74.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/64ee5e3e0403/vmlinux-6ac30d74.xz
kernel image: https://storage.googleapis.com/syzbot-assets/604c5f1b0b58/Image-6ac30d74.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+06c698...@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff00012d100330, owner = 0x0, curr 0xffff0000c3dab780, list empty
WARNING: CPU: 1 PID: 3631 at kernel/locking/rwsem.c:1345 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
Modules linked in:
CPU: 1 PID: 3631 Comm: syz-executor.3 Not tainted 6.1.64-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
lr : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
sp : ffff800025927860
x29: ffff8000259278f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: 0000000000000000 x24: ffff00012d100388
x23: ffff0000c3dab780 x22: ffff800025927880 x21: 0000000000000000
x20: ffff00012d100330 x19: ffff00012d100330 x18: 1fffe000368b0776
x17: ffff80001580d000 x16: ffff8000083049a8 x15: ffff0001b4583bbc
x14: 1ffff00002b020b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000ff0100 x10: 0000000000000003 x9 : 1b749d06fd30bf00
x8 : 1b749d06fd30bf00 x7 : ffff80000827c470 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff8000259273c0 x1 : ffff80001228c340 x0 : ffff80019ee22000
Call trace:
__up_read+0x560/0x604 kernel/locking/rwsem.c:1345
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1710
hardirqs last enabled at (1709): [<ffff80000827c510>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1366 [inline]
hardirqs last enabled at (1709): [<ffff80000827c510>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5004
hardirqs last disabled at (1710): [<ffff800012134fb4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1690): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (1690): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (1665): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff00012d100330, owner = 0x0, curr 0xffff0000c3dab780, list empty
WARNING: CPU: 0 PID: 3631 at kernel/locking/rwsem.c:1350 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
Modules linked in:
CPU: 0 PID: 3631 Comm: syz-executor.3 Tainted: G W 6.1.64-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
lr : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
sp : ffff800025927860
x29: ffff8000259278f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: ffffffffffffff00 x24: ffff00012d100388
x23: ffff00012d100330 x22: ffffffffffffff00 x21: 0000000000000000
x20: ffff0000c3dab780 x19: ffff00012d100330 x18: 1fffe000368b0776
x17: 0000000000000000 x16: ffff8000121392fc x15: 0000000000000000
x14: 00000000ffffffff x13: 000000000003f898 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1b749d06fd30bf00
x8 : 1b749d06fd30bf00 x7 : 000000000003f898 x6 : 000000000003f858
x5 : ffff800025927158 x4 : ffff8000158c2c60 x3 : ffff8000085890a0
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
__up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2475
hardirqs last enabled at (2475): [<ffff8000121373c8>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (2475): [<ffff8000121373c8>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (2474): [<ffff800012206514>] preempt_schedule_irq+0xa8/0x1b8 kernel/sched/core.c:6871
softirqs last enabled at (2470): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (2470): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (2083): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 6ac30d748bb0 Linux 6.1.64
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=126bcf64e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=beed2108229c44d7
dashboard link: https://syzkaller.appspot.com/bug?extid=06c698fb96b88f7018dc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/046a5345b629/disk-6ac30d74.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/64ee5e3e0403/vmlinux-6ac30d74.xz
kernel image: https://storage.googleapis.com/syzbot-assets/604c5f1b0b58/Image-6ac30d74.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+06c698...@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff00012d100330, owner = 0x0, curr 0xffff0000c3dab780, list empty
WARNING: CPU: 1 PID: 3631 at kernel/locking/rwsem.c:1345 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
Modules linked in:
CPU: 1 PID: 3631 Comm: syz-executor.3 Not tainted 6.1.64-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
lr : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
sp : ffff800025927860
x29: ffff8000259278f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: 0000000000000000 x24: ffff00012d100388
x23: ffff0000c3dab780 x22: ffff800025927880 x21: 0000000000000000
x20: ffff00012d100330 x19: ffff00012d100330 x18: 1fffe000368b0776
x17: ffff80001580d000 x16: ffff8000083049a8 x15: ffff0001b4583bbc
x14: 1ffff00002b020b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000ff0100 x10: 0000000000000003 x9 : 1b749d06fd30bf00
x8 : 1b749d06fd30bf00 x7 : ffff80000827c470 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff8000259273c0 x1 : ffff80001228c340 x0 : ffff80019ee22000
Call trace:
__up_read+0x560/0x604 kernel/locking/rwsem.c:1345
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 1710
hardirqs last enabled at (1709): [<ffff80000827c510>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1366 [inline]
hardirqs last enabled at (1709): [<ffff80000827c510>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5004
hardirqs last disabled at (1710): [<ffff800012134fb4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (1690): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (1690): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (1665): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff00012d100330, owner = 0x0, curr 0xffff0000c3dab780, list empty
WARNING: CPU: 0 PID: 3631 at kernel/locking/rwsem.c:1350 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
Modules linked in:
CPU: 0 PID: 3631 Comm: syz-executor.3 Tainted: G W 6.1.64-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
lr : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
sp : ffff800025927860
x29: ffff8000259278f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: ffffffffffffff00 x24: ffff00012d100388
x23: ffff00012d100330 x22: ffffffffffffff00 x21: 0000000000000000
x20: ffff0000c3dab780 x19: ffff00012d100330 x18: 1fffe000368b0776
x17: 0000000000000000 x16: ffff8000121392fc x15: 0000000000000000
x14: 00000000ffffffff x13: 000000000003f898 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1b749d06fd30bf00
x8 : 1b749d06fd30bf00 x7 : 000000000003f898 x6 : 000000000003f858
x5 : ffff800025927158 x4 : ffff8000158c2c60 x3 : ffff8000085890a0
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
__up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 2475
hardirqs last enabled at (2475): [<ffff8000121373c8>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (2475): [<ffff8000121373c8>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (2474): [<ffff800012206514>] preempt_schedule_irq+0xa8/0x1b8 kernel/sched/core.c:6871
softirqs last enabled at (2470): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (2470): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (2083): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Dec 2, 2023, 6:00:25 PM12/2/23
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 6ac30d748bb0 Linux 6.1.64
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=167850d2e80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11f21a30e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/046a5345b629/disk-6ac30d74.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/64ee5e3e0403/vmlinux-6ac30d74.xz
kernel image: https://storage.googleapis.com/syzbot-assets/604c5f1b0b58/Image-6ac30d74.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/e76e8779ad8d/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+06c698...@syzkaller.appspotmail.com
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff0000e3070a90, owner = 0x0, curr 0xffff0000d0c9b780, list empty
WARNING: CPU: 0 PID: 5354 at kernel/locking/rwsem.c:1345 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
Modules linked in:
CPU: 0 PID: 5354 Comm: syz-executor537 Not tainted 6.1.64-syzkaller #0
x29: ffff80001e8478f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0000e3070ae8
x23: ffff0000d0c9b780 x22: ffff80001e847880 x21: 0000000000000000
x20: ffff0000e3070a90 x19: ffff0000e3070a90 x18: 0000000000000000
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1d7099f060649d00
x8 : 1d7099f060649d00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001e847158 x4 : ffff8000158f2a20 x3 : ffff8000085890a0
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
hardirqs last enabled at (73): [<ffff80000834308c>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (74): [<ffff800012134fb4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (8): [<ffff800008033064>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (6): [<ffff800008033030>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
WARNING: CPU: 1 PID: 5354 at kernel/locking/rwsem.c:1350 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
Modules linked in:
CPU: 1 PID: 5354 Comm: syz-executor537 Tainted: G W 6.1.64-syzkaller #0
x29: ffff80001e8478f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: ffffffffffffff00 x24: ffff0000e3070ae8
x23: ffff0000e3070a90 x22: ffffffffffffff00 x21: 0000000000000000
x20: ffff0000d0c9b780 x19: ffff0000e3070a90 x18: 0000000000000000
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1d7099f060649d00
x8 : 1d7099f060649d00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001e847158 x4 : ffff8000158f2a20 x3 : ffff8000085890a0
hardirqs last enabled at (83): [<ffff8000121373c8>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (83): [<ffff8000121373c8>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (82): [<ffff800012206514>] preempt_schedule_irq+0xa8/0x1b8 kernel/sched/core.c:6871
softirqs last enabled at (8): [<ffff800008033064>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (6): [<ffff800008033030>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 6ac30d748bb0 Linux 6.1.64
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=beed2108229c44d7
dashboard link: https://syzkaller.appspot.com/bug?extid=06c698fb96b88f7018dc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=113cd59ae80000
dashboard link: https://syzkaller.appspot.com/bug?extid=06c698fb96b88f7018dc
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11f21a30e80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/046a5345b629/disk-6ac30d74.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/64ee5e3e0403/vmlinux-6ac30d74.xz
kernel image: https://storage.googleapis.com/syzbot-assets/604c5f1b0b58/Image-6ac30d74.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+06c698...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5354 at kernel/locking/rwsem.c:1345 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
Modules linked in:
CPU: 0 PID: 5354 Comm: syz-executor537 Not tainted 6.1.64-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
lr : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
sp : ffff80001e847860
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
lr : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
x29: ffff80001e8478f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0000e3070ae8
x23: ffff0000d0c9b780 x22: ffff80001e847880 x21: 0000000000000000
x20: ffff0000e3070a90 x19: ffff0000e3070a90 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000121392fc x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1d7099f060649d00
x8 : 1d7099f060649d00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001e847158 x4 : ffff8000158f2a20 x3 : ffff8000085890a0
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000
Call trace:
__up_read+0x560/0x604 kernel/locking/rwsem.c:1345
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 74
__up_read+0x560/0x604 kernel/locking/rwsem.c:1345
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
hardirqs last enabled at (73): [<ffff80000834308c>] __up_console_sem+0xb4/0x100 kernel/printk/printk.c:261
hardirqs last disabled at (74): [<ffff800012134fb4>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (8): [<ffff800008033064>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (6): [<ffff800008033030>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff0000e3070a90, owner = 0x0, curr 0xffff0000d0c9b780, list empty
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5354 at kernel/locking/rwsem.c:1350 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
Modules linked in:
CPU: 1 PID: 5354 Comm: syz-executor537 Tainted: G W 6.1.64-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
lr : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
sp : ffff80001e847860
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
lr : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
x29: ffff80001e8478f0 x28: 1ffff00002b020b0 x27: ffff800015810000
x26: dfff800000000000 x25: ffffffffffffff00 x24: ffff0000e3070ae8
x23: ffff0000e3070a90 x22: ffffffffffffff00 x21: 0000000000000000
x20: ffff0000d0c9b780 x19: ffff0000e3070a90 x18: 0000000000000000
x17: 0000000000000000 x16: ffff8000121392fc x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 1d7099f060649d00
x8 : 1d7099f060649d00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001e847158 x4 : ffff8000158f2a20 x3 : ffff8000085890a0
x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
__up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 83
Call trace:
__up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
up_read+0x38/0x48 kernel/locking/rwsem.c:1616
inode_unlock_shared include/linux/fs.h:771 [inline]
lookup_slow+0x6c/0x84 fs/namei.c:1704
walk_component+0x280/0x36c fs/namei.c:1994
lookup_last fs/namei.c:2451 [inline]
path_lookupat+0x13c/0x3d0 fs/namei.c:2475
filename_lookup+0x1d4/0x4e0 fs/namei.c:2504
user_path_at_empty+0x5c/0x84 fs/namei.c:2877
user_path_at include/linux/namei.h:57 [inline]
do_mount fs/namespace.c:3380 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x428/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
hardirqs last enabled at (83): [<ffff8000121373c8>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last enabled at (83): [<ffff8000121373c8>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (82): [<ffff800012206514>] preempt_schedule_irq+0xa8/0x1b8 kernel/sched/core.c:6871
softirqs last enabled at (8): [<ffff800008033064>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (6): [<ffff800008033030>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
---
If you want syzbot to run the reproducer, reply with:
---
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages