[v5.15] WARNING: locking bug in __mark_inode_dirty
0 views
Skip to first unread message
syzbot
Mar 6, 2024, 5:33:25 PMMar 6
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 574362648507 Linux 5.15.151
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13d8a2ea180000
kernel config: https://syzkaller.appspot.com/x/.config?x=6c9a42d9e3519ca9
dashboard link: https://syzkaller.appspot.com/bug?extid=8aca6387ff573aa9a06f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f00d4062000b/disk-57436264.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a74c2b6ca62/vmlinux-57436264.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93bd706dc219/bzImage-57436264.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8aca63...@syzkaller.appspotmail.com
loop3: detected capacity change from 0 to 4096
ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
ntfs3: loop3: Mark volume as dirty due to NTFS errors
ntfs3: loop3: Failed to load $Extend.
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(curr->lockdep_depth != depth - merged)
WARNING: CPU: 0 PID: 5537 at kernel/locking/lockdep.c:5347 __lock_release kernel/locking/lockdep.c:5347 [inline]
WARNING: CPU: 0 PID: 5537 at kernel/locking/lockdep.c:5347 lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Modules linked in:
CPU: 0 PID: 5537 Comm: syz-executor.3 Not tainted 5.15.151-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:__lock_release kernel/locking/lockdep.c:5347 [inline]
RIP: 0010:lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Code: 00 00 00 00 fc ff df 4c 8b 64 24 08 48 8b 5c 24 28 0f 85 76 01 00 00 48 c7 c7 a0 13 8b 8a 48 c7 c6 00 38 8b 8a e8 59 33 e9 ff <0f> 0b e9 5c 01 00 00 4c 89 ef 48 8b 74 24 20 48 8b 54 24 50 e8 c0
RSP: 0000:ffffc9000b7e6780 EFLAGS: 00010046
RAX: abfbb8481f824f00 RBX: 0000000000000246 RCX: 0000000000040000
RDX: ffffc90003f09000 RSI: 0000000000004600 RDI: 0000000000004601
RBP: ffffc9000b7e68b0 R08: ffffffff8166621c R09: ffffed1017344f24
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920016fccfc
R13: 000000000004020d R14: 0000000000000246 R15: dffffc0000000000
FS: 00007fddecbf16c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020497000 CR3: 0000000023651000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:403 [inline]
__mark_inode_dirty+0x6f4/0xd60 fs/fs-writeback.c:2548
generic_update_time fs/inode.c:1817 [inline]
inode_update_time fs/inode.c:1830 [inline]
touch_atime+0x3fa/0x680 fs/inode.c:1902
file_accessed include/linux/fs.h:2492 [inline]
filemap_read+0x2779/0x2980 mm/filemap.c:2715
__kernel_read+0x5ac/0xa60 fs/read_write.c:443
integrity_kernel_read+0xac/0xf0 security/integrity/iint.c:228
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:485 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
ima_calc_file_hash+0xa5d/0x1c00 security/integrity/ima/ima_crypto.c:573
ima_collect_measurement+0x37e/0x800 security/integrity/ima/ima_api.c:255
process_measurement+0x1363/0x21c0 security/integrity/ima/ima_main.c:351
ima_file_check+0xf3/0x180 security/integrity/ima/ima_main.c:533
do_open fs/namei.c:3610 [inline]
path_openat+0x2745/0x2f20 fs/namei.c:3742
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x500 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_open fs/open.c:1235 [inline]
__se_sys_open fs/open.c:1231 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1231
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fddee670da9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fddecbf10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fddee79ef80 RCX: 00007fddee670da9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
RBP: 00007fddee6bd47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fddee79ef80 R15: 00007ffc6a0b0698
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 574362648507 Linux 5.15.151
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13d8a2ea180000
kernel config: https://syzkaller.appspot.com/x/.config?x=6c9a42d9e3519ca9
dashboard link: https://syzkaller.appspot.com/bug?extid=8aca6387ff573aa9a06f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f00d4062000b/disk-57436264.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a74c2b6ca62/vmlinux-57436264.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93bd706dc219/bzImage-57436264.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8aca63...@syzkaller.appspotmail.com
loop3: detected capacity change from 0 to 4096
ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512)
ntfs3: loop3: Mark volume as dirty due to NTFS errors
ntfs3: loop3: Failed to load $Extend.
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(curr->lockdep_depth != depth - merged)
WARNING: CPU: 0 PID: 5537 at kernel/locking/lockdep.c:5347 __lock_release kernel/locking/lockdep.c:5347 [inline]
WARNING: CPU: 0 PID: 5537 at kernel/locking/lockdep.c:5347 lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Modules linked in:
CPU: 0 PID: 5537 Comm: syz-executor.3 Not tainted 5.15.151-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:__lock_release kernel/locking/lockdep.c:5347 [inline]
RIP: 0010:lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Code: 00 00 00 00 fc ff df 4c 8b 64 24 08 48 8b 5c 24 28 0f 85 76 01 00 00 48 c7 c7 a0 13 8b 8a 48 c7 c6 00 38 8b 8a e8 59 33 e9 ff <0f> 0b e9 5c 01 00 00 4c 89 ef 48 8b 74 24 20 48 8b 54 24 50 e8 c0
RSP: 0000:ffffc9000b7e6780 EFLAGS: 00010046
RAX: abfbb8481f824f00 RBX: 0000000000000246 RCX: 0000000000040000
RDX: ffffc90003f09000 RSI: 0000000000004600 RDI: 0000000000004601
RBP: ffffc9000b7e68b0 R08: ffffffff8166621c R09: ffffed1017344f24
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff920016fccfc
R13: 000000000004020d R14: 0000000000000246 R15: dffffc0000000000
FS: 00007fddecbf16c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020497000 CR3: 0000000023651000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:403 [inline]
__mark_inode_dirty+0x6f4/0xd60 fs/fs-writeback.c:2548
generic_update_time fs/inode.c:1817 [inline]
inode_update_time fs/inode.c:1830 [inline]
touch_atime+0x3fa/0x680 fs/inode.c:1902
file_accessed include/linux/fs.h:2492 [inline]
filemap_read+0x2779/0x2980 mm/filemap.c:2715
__kernel_read+0x5ac/0xa60 fs/read_write.c:443
integrity_kernel_read+0xac/0xf0 security/integrity/iint.c:228
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:485 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
ima_calc_file_hash+0xa5d/0x1c00 security/integrity/ima/ima_crypto.c:573
ima_collect_measurement+0x37e/0x800 security/integrity/ima/ima_api.c:255
process_measurement+0x1363/0x21c0 security/integrity/ima/ima_main.c:351
ima_file_check+0xf3/0x180 security/integrity/ima/ima_main.c:533
do_open fs/namei.c:3610 [inline]
path_openat+0x2745/0x2f20 fs/namei.c:3742
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x500 fs/open.c:1211
do_sys_open fs/open.c:1227 [inline]
__do_sys_open fs/open.c:1235 [inline]
__se_sys_open fs/open.c:1231 [inline]
__x64_sys_open+0x221/0x270 fs/open.c:1231
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fddee670da9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fddecbf10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fddee79ef80 RCX: 00007fddee670da9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
RBP: 00007fddee6bd47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fddee79ef80 R15: 00007ffc6a0b0698
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Mar 6, 2024, 7:09:26 PMMar 6
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 574362648507 Linux 5.15.151
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=103fa9de180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f00d4062000b/disk-57436264.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a74c2b6ca62/vmlinux-57436264.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93bd706dc219/bzImage-57436264.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/eaecf95cdf6c/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8aca63...@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 3670 at kernel/locking/lockdep.c:5347 lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Modules linked in:
CPU: 0 PID: 3670 Comm: syz-executor.3 Not tainted 5.15.151-syzkaller #0
RAX: 479633dec3edc300 RBX: 0000000000000246 RCX: ffff88807b3ebb80
RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000
RBP: ffffc900033168b0 R08: ffffffff8166621c R09: ffffed1017344f24
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000662cfc
R13: 000000000004020f R14: 0000000000000246 R15: dffffc0000000000
FS: 00007fad32f3b6c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
RIP: 0033:0x7fad33bbada9
RAX: ffffffffffffffda RBX: 00007fad33ce8f80 RCX: 00007fad33bbada9
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 574362648507 Linux 5.15.151
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=6c9a42d9e3519ca9
dashboard link: https://syzkaller.appspot.com/bug?extid=8aca6387ff573aa9a06f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1177f3f2180000
dashboard link: https://syzkaller.appspot.com/bug?extid=8aca6387ff573aa9a06f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/f00d4062000b/disk-57436264.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/3a74c2b6ca62/vmlinux-57436264.xz
kernel image: https://storage.googleapis.com/syzbot-assets/93bd706dc219/bzImage-57436264.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8aca63...@syzkaller.appspotmail.com
ntfs3: loop3: Mark volume as dirty due to NTFS errors
ntfs3: loop3: Failed to load $Extend.
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(curr->lockdep_depth != depth - merged)
WARNING: CPU: 0 PID: 3670 at kernel/locking/lockdep.c:5347 __lock_release kernel/locking/lockdep.c:5347 [inline]
ntfs3: loop3: Failed to load $Extend.
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(curr->lockdep_depth != depth - merged)
WARNING: CPU: 0 PID: 3670 at kernel/locking/lockdep.c:5347 lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Modules linked in:
CPU: 0 PID: 3670 Comm: syz-executor.3 Not tainted 5.15.151-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:__lock_release kernel/locking/lockdep.c:5347 [inline]
RIP: 0010:lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Code: 00 00 00 00 fc ff df 4c 8b 64 24 08 48 8b 5c 24 28 0f 85 76 01 00 00 48 c7 c7 a0 13 8b 8a 48 c7 c6 00 38 8b 8a e8 59 33 e9 ff <0f> 0b e9 5c 01 00 00 4c 89 ef 48 8b 74 24 20 48 8b 54 24 50 e8 c0
RSP: 0018:ffffc90003316780 EFLAGS: 00010046
RIP: 0010:__lock_release kernel/locking/lockdep.c:5347 [inline]
RIP: 0010:lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Code: 00 00 00 00 fc ff df 4c 8b 64 24 08 48 8b 5c 24 28 0f 85 76 01 00 00 48 c7 c7 a0 13 8b 8a 48 c7 c6 00 38 8b 8a e8 59 33 e9 ff <0f> 0b e9 5c 01 00 00 4c 89 ef 48 8b 74 24 20 48 8b 54 24 50 e8 c0
RAX: 479633dec3edc300 RBX: 0000000000000246 RCX: ffff88807b3ebb80
RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000
RBP: ffffc900033168b0 R08: ffffffff8166621c R09: ffffed1017344f24
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000662cfc
R13: 000000000004020f R14: 0000000000000246 R15: dffffc0000000000
FS: 00007fad32f3b6c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fad33c45dce CR3: 000000001f54b000 CR4: 00000000003506f0
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fad32f3b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007fad33ce8f80 RCX: 00007fad33bbada9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080
RBP: 00007fad33c0747a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007fad33ce8f80 R15: 00007ffe6f987fd8
</TASK>
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Apr 17, 2024, 9:51:28 PMApr 17
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: c52b9710c83d Linux 5.15.156
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15d51a3b180000
kernel config: https://syzkaller.appspot.com/x/.config?x=567b6ddc38438433
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15158c3b180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1bd4b9969373/disk-c52b9710.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/10509e89bd25/vmlinux-c52b9710.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a623a4c52eb5/bzImage-c52b9710.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/2f7f4183c226/mount_1.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8aca63...@syzkaller.appspotmail.com
ntfs3: loop3: MFT: r=19, expect seq=0 instead of 1!
WARNING: CPU: 0 PID: 6311 at kernel/locking/lockdep.c:5347 lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Modules linked in:
CPU: 0 PID: 6311 Comm: syz-executor351 Not tainted 5.15.156-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RSP: 0018:ffffc90005c4e780 EFLAGS: 00010046
RAX: 19b99e04d3a03800 RBX: 0000000000000246 RCX: ffff88801b819dc0
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000b89cfc
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x500 fs/open.c:1253
do_sys_open fs/open.c:1269 [inline]
__do_sys_openat fs/open.c:1285 [inline]
__se_sys_openat fs/open.c:1280 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1280
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fa7e67b5009
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc4ab43c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa7e67b5009
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 0000000000000000 R08: 000000000001f6c2 R09: 00007ffcc4ab4400
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc4ab43ec
R13: 0000000000000221 R14: 431bde82d7b634db R15: 00007ffcc4ab4420
HEAD commit: c52b9710c83d Linux 5.15.156
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15d51a3b180000
kernel config: https://syzkaller.appspot.com/x/.config?x=567b6ddc38438433
dashboard link: https://syzkaller.appspot.com/bug?extid=8aca6387ff573aa9a06f
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17fda22d180000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15158c3b180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/1bd4b9969373/disk-c52b9710.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/10509e89bd25/vmlinux-c52b9710.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a623a4c52eb5/bzImage-c52b9710.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/2f7f4183c226/mount_1.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8aca63...@syzkaller.appspotmail.com
ntfs3: loop3: Mark volume as dirty due to NTFS errors
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(curr->lockdep_depth != depth - merged)
WARNING: CPU: 0 PID: 6311 at kernel/locking/lockdep.c:5347 __lock_release kernel/locking/lockdep.c:5347 [inline]
DEBUG_LOCKS_WARN_ON(curr->lockdep_depth != depth - merged)
WARNING: CPU: 0 PID: 6311 at kernel/locking/lockdep.c:5347 lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Modules linked in:
CPU: 0 PID: 6311 Comm: syz-executor351 Not tainted 5.15.156-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:__lock_release kernel/locking/lockdep.c:5347 [inline]
RIP: 0010:lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
Code: 00 00 00 00 fc ff df 4c 8b 64 24 08 48 8b 5c 24 28 0f 85 76 01 00 00 48 c7 c7 20 28 8b 8a 48 c7 c6 80 4c 8b 8a e8 e9 2e e9 ff <0f> 0b e9 5c 01 00 00 4c 89 ef 48 8b 74 24 20 48 8b 54 24 50 e8 c0
RIP: 0010:lock_release+0x447/0x9a0 kernel/locking/lockdep.c:5643
RSP: 0018:ffffc90005c4e780 EFLAGS: 00010046
RAX: 19b99e04d3a03800 RBX: 0000000000000246 RCX: ffff88801b819dc0
RDX: 0000000000000000 RSI: 0000000080000002 RDI: 0000000000000000
RBP: ffffc90005c4e8b0 R08: ffffffff8166862c R09: ffffed1017344f24
R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92000b89cfc
R13: 000000000004020d R14: 0000000000000246 R15: dffffc0000000000
FS: 000055555738b380(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa7de56dc00 CR3: 000000001c0f6000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:403 [inline]
__mark_inode_dirty+0x6f4/0xd60 fs/fs-writeback.c:2548
generic_update_time fs/inode.c:1817 [inline]
inode_update_time fs/inode.c:1830 [inline]
touch_atime+0x3fa/0x680 fs/inode.c:1902
file_accessed include/linux/fs.h:2516 [inline]
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__raw_spin_unlock include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_unlock+0x12/0x40 kernel/locking/spinlock.c:186
spin_unlock include/linux/spinlock.h:403 [inline]
__mark_inode_dirty+0x6f4/0xd60 fs/fs-writeback.c:2548
generic_update_time fs/inode.c:1817 [inline]
inode_update_time fs/inode.c:1830 [inline]
touch_atime+0x3fa/0x680 fs/inode.c:1902
filemap_read+0x2779/0x2980 mm/filemap.c:2715
__kernel_read+0x5ac/0xa60 fs/read_write.c:443
integrity_kernel_read+0xac/0xf0 security/integrity/iint.c:228
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:485 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
ima_calc_file_hash+0xa5d/0x1c00 security/integrity/ima/ima_crypto.c:573
ima_collect_measurement+0x37e/0x800 security/integrity/ima/ima_api.c:255
process_measurement+0x1363/0x21c0 security/integrity/ima/ima_main.c:351
ima_file_check+0xf3/0x180 security/integrity/ima/ima_main.c:533
do_open fs/namei.c:3610 [inline]
path_openat+0x2748/0x2f20 fs/namei.c:3742
__kernel_read+0x5ac/0xa60 fs/read_write.c:443
integrity_kernel_read+0xac/0xf0 security/integrity/iint.c:228
ima_calc_file_hash_tfm security/integrity/ima/ima_crypto.c:485 [inline]
ima_calc_file_shash security/integrity/ima/ima_crypto.c:516 [inline]
ima_calc_file_hash+0xa5d/0x1c00 security/integrity/ima/ima_crypto.c:573
ima_collect_measurement+0x37e/0x800 security/integrity/ima/ima_api.c:255
process_measurement+0x1363/0x21c0 security/integrity/ima/ima_main.c:351
ima_file_check+0xf3/0x180 security/integrity/ima/ima_main.c:533
do_open fs/namei.c:3610 [inline]
do_filp_open+0x21c/0x460 fs/namei.c:3769
do_sys_openat2+0x13b/0x500 fs/open.c:1253
do_sys_open fs/open.c:1269 [inline]
__do_sys_openat fs/open.c:1285 [inline]
__se_sys_openat fs/open.c:1280 [inline]
__x64_sys_openat+0x243/0x290 fs/open.c:1280
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fa7e67b5009
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 1b 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcc4ab43c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa7e67b5009
RDX: 0000000000000000 RSI: 0000000020000180 RDI: ffffffffffffff9c
RBP: 0000000000000000 R08: 000000000001f6c2 R09: 00007ffcc4ab4400
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc4ab43ec
R13: 0000000000000221 R14: 431bde82d7b634db R15: 00007ffcc4ab4420
Reply all
Reply to author
Forward
0 new messages