From: syzbot <syzbot+38f5d5cf7ae88c46b11a@syzkaller.appspotmail.com>
To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, tj@kernel.org
Subject: Re: WARNING in kernfs_create_dir_ns
Date: Sat, 29 Jun 2019 22:41:06 -0700 [thread overview]
Message-ID: <0000000000003bbf1b058c83f55a@google.com> (raw)
In-Reply-To: <0000000000003ec128058c7624ec@google.com>
syzbot has found a reproducer for the following crash on:
HEAD commit: 72825454 Merge branch 'x86-urgent-for-linus' of git://git...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=104d6755a00000
kernel config: https://syzkaller.appspot.com/x/.config?x=9a31528e58cc12e2
dashboard link: https://syzkaller.appspot.com/bug?extid=38f5d5cf7ae88c46b11a
compiler: clang version 9.0.0 (/home/glider/llvm/clang
80fee25776c2fb61e74c1ecb1a523375c2500b69)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12a6c439a00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1353c323a00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+38f5d5cf7ae88c46b11a@syzkaller.appspotmail.com
WARNING: CPU: 0 PID: 8613 at fs/kernfs/dir.c:493 kernfs_get
fs/kernfs/dir.c:493 [inline]
WARNING: CPU: 0 PID: 8613 at fs/kernfs/dir.c:493 kernfs_new_node
fs/kernfs/dir.c:700 [inline]
WARNING: CPU: 0 PID: 8613 at fs/kernfs/dir.c:493
kernfs_create_dir_ns+0x205/0x230 fs/kernfs/dir.c:1022
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 8613 Comm: syz-executor696 Not tainted 5.2.0-rc6+ #11
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1d8/0x2f8 lib/dump_stack.c:113
panic+0x28a/0x7c9 kernel/panic.c:219
__warn+0x216/0x220 kernel/panic.c:576
report_bug+0x190/0x290 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:179 [inline]
do_error_trap+0xd7/0x450 arch/x86/kernel/traps.c:272
do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:291
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:986
RIP: 0010:kernfs_get fs/kernfs/dir.c:493 [inline]
RIP: 0010:kernfs_new_node fs/kernfs/dir.c:700 [inline]
RIP: 0010:kernfs_create_dir_ns+0x205/0x230 fs/kernfs/dir.c:1022
Code: ff 4c 89 ff e8 7c cd ff ff 4c 63 fb eb 05 e8 22 27 9a ff 4c 89 f8 48
83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 0b 27 9a ff <0f> 0b e9 e9 fe
ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c be fe ff
RSP: 0018:ffff88808d26f730 EFLAGS: 00010293
RAX: ffffffff81db8a95 RBX: ffff88809e5252a0 RCX: ffff88808a4aa000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88808d26f768 R08: ffffffff81db8977 R09: ffffed1013ca4a55
R10: ffffed1013ca4a55 R11: 1ffff11013ca4a54 R12: ffff888098a8a200
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880a339e620
sysfs_create_dir_ns+0x161/0x300 fs/sysfs/dir.c:59
create_dir lib/kobject.c:89 [inline]
kobject_add_internal+0x459/0xd50 lib/kobject.c:255
kobject_add_varg lib/kobject.c:390 [inline]
kobject_add+0x138/0x200 lib/kobject.c:442
device_add+0x508/0x1570 drivers/base/core.c:2062
hci_register_dev+0x331/0x6c0 net/bluetooth/hci_core.c:3305
__vhci_create_device drivers/bluetooth/hci_vhci.c:124 [inline]
vhci_create_device+0x2d1/0x510 drivers/bluetooth/hci_vhci.c:148
vhci_get_user drivers/bluetooth/hci_vhci.c:204 [inline]
vhci_write+0x3ac/0x440 drivers/bluetooth/hci_vhci.c:284
call_write_iter include/linux/fs.h:1872 [inline]
new_sync_write fs/read_write.c:483 [inline]
__vfs_write+0x617/0x7d0 fs/read_write.c:496
vfs_write+0x227/0x510 fs/read_write.c:558
ksys_write+0x16b/0x2a0 fs/read_write.c:611
__do_sys_write fs/read_write.c:623 [inline]
__se_sys_write fs/read_write.c:620 [inline]
__x64_sys_write+0x7b/0x90 fs/read_write.c:620
do_syscall_64+0xfe/0x140 arch/x86/entry/common.c:301
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441279
Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fffa3738588 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441279
RDX: 0000000000000002 RSI: 0000000020000000 RDI: 0000000000000003
RBP: 000000000000ef5c R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000401ff0
R13: 0000000000402080 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..
next prev parent reply other threads:[~2019-06-30 5:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-29 13:12 WARNING in kernfs_create_dir_ns syzbot
2019-06-30 5:41 ` syzbot [this message]
2019-07-08 14:46 ` Tejun Heo
2019-06-30 10:40 ` syzbot
2020-04-16 0:11 ` syzbot
2020-04-16 0:30 ` Waiman Long
[not found] <20190709022335.12928-1-hdanton@sina.com>
2019-07-09 14:22 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000003bbf1b058c83f55a@google.com \
--to=syzbot+38f5d5cf7ae88c46b11a@syzkaller.appspotmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.