Groups
Sign in
Groups
syzkaller-bugs
Conversations
About
Send feedback
Help
[syzbot] [ntfs3?] kernel panic: stack is corrupted in __lock_acquire (5)
12 views
Skip to first unread message
syzbot
unread,
Dec 26, 2022, 9:42:35 AM
12/26/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to almaz.ale...@paragon-software.com, linux-...@vger.kernel.org, ll...@lists.linux.dev, nat...@kernel.org, ndesau...@google.com, nt...@lists.linux.dev, syzkall...@googlegroups.com, tr...@redhat.com
Hello,
syzbot found the following issue on:
HEAD commit: a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://
git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
console output:
https://syzkaller.appspot.com/x/log.txt?x=1550a5b4480000
kernel config:
https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link:
https://syzkaller.appspot.com/bug?extid=0bc4c0668351ce1cab8f
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=14fe2b94480000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=1567f993880000
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/bcef00e22a50/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by:
syzbot+0bc4c0...@syzkaller.appspotmail.com
loop3: detected capacity change from 0 to 4096
ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512)
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __lock_acquire+0x3074/0x3084 kernel/locking/lockdep.c:5055
CPU: 1 PID: 7324 Comm: syz-executor176 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
panic+0x218/0x508 kernel/panic.c:274
warn_bogus_irq_restore+0x0/0x40 kernel/panic.c:703
__lock_acquire+0x3074/0x3084 kernel/locking/lockdep.c:5055
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5668
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x54/0x6c kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:350 [inline]
_atomic_dec_and_lock+0xc8/0x130 lib/dec_and_lock.c:28
iput+0x50/0x324 fs/inode.c:1765
ntfs_fill_super+0x1254/0x14a4 fs/ntfs3/super.c:1190
get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1358
vfs_get_tree+0x40/0x140 fs/super.c:1531
do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
path_mount+0x358/0x890 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
SMP: stopping secondary CPUs
Kernel Offset: disabled
CPU features: 0x00000,040e0108,4c017203
Memory Limit: none
Rebooting in 86400 seconds..
---
This report is generated by a bot. It may contain errors.
See
https://goo.gl/tpsmEJ
for more information about syzbot.
syzbot engineers can be reached at
syzk...@googlegroups.com
.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status
for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Hillf Danton
unread,
Dec 26, 2022, 7:50:28 PM
12/26/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On 26 Dec 2022 06:42:33 -0800
> syzbot found the following issue on:
>
> HEAD commit: a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
> git tree: git://
git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
> C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=1567f993880000
See if inode is evicted with a pending acquirer for i_lock.
#syz test
https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
a5541c0811a0
--- x/fs/inode.c
+++ y/fs/inode.c
@@ -1758,6 +1758,8 @@ static void iput_final(struct inode *ino
*/
void iput(struct inode *inode)
{
+ int j;
+
if (!inode)
return;
BUG_ON(inode->i_state & I_CLEAR);
@@ -1770,6 +1772,10 @@ retry:
mark_inode_dirty_sync(inode);
goto retry;
}
+ spin_unlock(&inode->i_lock);
+ for (j = 0; j < (1 << 20); j++)
+ cpu_relax();
+ spin_lock(&inode->i_lock);
iput_final(inode);
}
}
--
syzbot
unread,
Dec 26, 2022, 10:01:15 PM
12/26/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
INFO: rcu detected stall in corrupted
rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { P3563 } 2660 jiffies s: 2105 root: 0x0/T
rcu: blocking rcu_node structures (internal RCU debug):
Tested on:
commit: a5541c08 Merge branch 'for-next/core' into for-kernelci
git tree:
https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
console output:
https://syzkaller.appspot.com/x/log.txt?x=109b22a8480000
kernel config:
https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link:
https://syzkaller.appspot.com/bug?extid=0bc4c0668351ce1cab8f
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
patch:
https://syzkaller.appspot.com/x/patch.diff?x=11c2eba8480000
syzbot
unread,
Feb 18, 2024, 6:53:05 AM
Feb 18
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to almaz.ale...@paragon-software.com, ax...@kernel.dk, bra...@kernel.org, hda...@sina.com, ja...@suse.cz, linux-...@vger.kernel.org, linux-...@vger.kernel.org, ll...@lists.linux.dev, nat...@kernel.org, ndesau...@google.com, nt...@lists.linux.dev, syzkall...@googlegroups.com, tr...@redhat.com
syzbot suspects this issue was fixed by commit:
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <
ja...@suse.cz
>
Date: Wed Nov 1 17:43:10 2023 +0000
fs: Block writes to mounted block devices
bisection log:
https://syzkaller.appspot.com/x/bisect.txt?x=1301e1d0180000
start commit: ce9ecca0238b Linux 6.6-rc2
git tree: upstream
kernel config:
https://syzkaller.appspot.com/x/.config?x=e4ca82a1bedd37e4
dashboard link:
https://syzkaller.appspot.com/bug?extid=0bc4c0668351ce1cab8f
syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=11814954680000
C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=103bc138680000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs: Block writes to mounted block devices
For information about bisection process see:
https://goo.gl/tpsmEJ#bisection
Jan Kara
unread,
Feb 19, 2024, 6:49:09 AM
Feb 19
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to syzbot, almaz.ale...@paragon-software.com, ax...@kernel.dk, bra...@kernel.org, hda...@sina.com, ja...@suse.cz, linux-...@vger.kernel.org, linux-...@vger.kernel.org, ll...@lists.linux.dev, nat...@kernel.org, ndesau...@google.com, nt...@lists.linux.dev, syzkall...@googlegroups.com, tr...@redhat.com
On Sun 18-02-24 03:53:03, syzbot wrote:
> syzbot suspects this issue was fixed by commit:
>
> commit 6f861765464f43a71462d52026fbddfc858239a5
> Author: Jan Kara <
ja...@suse.cz
>
> Date: Wed Nov 1 17:43:10 2023 +0000
>
> fs: Block writes to mounted block devices
>
> bisection log:
https://syzkaller.appspot.com/x/bisect.txt?x=1301e1d0180000
> start commit: ce9ecca0238b Linux 6.6-rc2
> git tree: upstream
> kernel config:
https://syzkaller.appspot.com/x/.config?x=e4ca82a1bedd37e4
> dashboard link:
https://syzkaller.appspot.com/bug?extid=0bc4c0668351ce1cab8f
> syz repro:
https://syzkaller.appspot.com/x/repro.syz?x=11814954680000
> C reproducer:
https://syzkaller.appspot.com/x/repro.c?x=103bc138680000
>
> If the result looks correct, please mark the issue as fixed by replying with:
>
Again. Nothing really suspicious in the reproducer but there are no working
reproducers anymore... Since this is ntfs3:
#syz fix: fs: Block writes to mounted block devices
Honza
--
Jan Kara <
ja...@suse.com
>
SUSE Labs, CR
Reply all
Reply to author
Forward
0 new messages