Re: [syzbot] kernel BUG in dnotify_free_mark

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+06cc05ddc896f12b7ec5@syzkaller.appspotmail.com>
To: hdanton@sina.com, linux-kernel@vger.kernel.org,
	syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] kernel BUG in dnotify_free_mark
Date: Fri, 28 Oct 2022 23:28:18 -0700	[thread overview]
Message-ID: <000000000000eeb4ed05ec267ad8@google.com> (raw)
In-Reply-To: <20221029060343.3425-1-hdanton@sina.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in fsnotify_put_mark

------------[ cut here ]------------
WARNING: CPU: 0 PID: 4068 at fs/notify/mark.c:336 fsnotify_put_mark+0x8b6/0x9c0
Modules linked in:
CPU: 0 PID: 4068 Comm: syz-executor.0 Not tainted 6.1.0-rc2-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
RIP: 0010:fsnotify_put_mark+0x8b6/0x9c0 fs/notify/mark.c:336
Code: 0c b9 01 00 00 00 bf 08 00 00 00 48 c7 c2 e0 9b c4 8c 48 83 c4 40 5b 41 5c 41 5d 41 5e 41 5f 5d e9 2f c7 58 ff e8 fa 34 8a ff <0f> 0b e9 02 ff ff ff e8 ee 34 8a ff 0f 0b e9 24 f9 ff ff e8 e2 34
RSP: 0018:ffffc90004d1fb48 EFLAGS: 00010293
RAX: ffffffff81fd9a26 RBX: 0000000000000001 RCX: ffff888020cd9d40
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffff88806eda6000 R08: ffffffff81fd991b R09: fffffbfff1c1b5e6
R10: fffffbfff1c1b5e6 R11: 1ffffffff1c1b5e5 R12: dffffc0000000000
R13: 0000000000000000 R14: ffff88807efa7900 R15: 1ffff1100ddb4c0e
FS:  0000555556a00400(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056399dba2950 CR3: 000000006d41b000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 fsnotify_destroy_marks+0x57d/0x6f0 fs/notify/mark.c:868
 fsnotify_clear_marks_by_inode fs/notify/fsnotify.h:60 [inline]
 __fsnotify_inode_delete fs/notify/fsnotify.c:22 [inline]
 fsnotify_inode_delete include/linux/fsnotify.h:176 [inline]
 fsnotify_unmount_inodes fs/notify/fsnotify.c:78 [inline]
 fsnotify_sb_delete+0x287/0x4e0 fs/notify/fsnotify.c:92
 generic_shutdown_super+0x9c/0x310 fs/super.c:481
 kill_block_super+0x79/0xd0 fs/super.c:1427
 deactivate_locked_super+0xa7/0xf0 fs/super.c:331
 cleanup_mnt+0x494/0x520 fs/namespace.c:1186
 task_work_run+0x243/0x300 kernel/task_work.c:179
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x124/0x150 kernel/entry/common.c:171
 exit_to_user_mode_prepare+0xb2/0x140 kernel/entry/common.c:203
 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
 syscall_exit_to_user_mode+0x26/0x60 kernel/entry/common.c:296
 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7892a8ca67
Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe3a5680c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7892a8ca67
RDX: 00007ffe3a568199 RSI: 000000000000000a RDI: 00007ffe3a568190
RBP: 00007ffe3a568190 R08: 00000000ffffffff R09: 00007ffe3a567f60
R10: 0000555556a018b3 R11: 0000000000000246 R12: 00007f7892ae5826
R13: 00007ffe3a569250 R14: 0000555556a01810 R15: 00007ffe3a569290
 </TASK>


Tested on:

commit:         247f34f7 Linux 6.1-rc2
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=1479cab6880000
kernel config:  https://syzkaller.appspot.com/x/.config?x=1d3548a4365ba17d
dashboard link: https://syzkaller.appspot.com/bug?extid=06cc05ddc896f12b7ec5
compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch:          https://syzkaller.appspot.com/x/patch.diff?x=11cb6f5e880000

next      parent reply	other threads:[~2022-10-29  6:28 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20221029060343.3425-1-hdanton@sina.com>
2022-10-29  6:28 ` syzbot [this message]
     [not found] <20221029073104.3494-1-hdanton@sina.com>
2022-10-29  8:05 ` [syzbot] kernel BUG in dnotify_free_mark syzbot
2022-10-28 23:45 syzbot
2022-10-31 17:50 ` Jan Kara
2022-10-31 18:18   ` Amir Goldstein
2022-11-01 10:57     ` Jan Kara

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000eeb4ed05ec267ad8@google.com \
    --to=syzbot+06cc05ddc896f12b7ec5@syzkaller.appspotmail.com \
    --cc=hdanton@sina.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.