syzbot

 sign-in | mailing list | source | docs
🐞 Open [677]
🐞 Fixed [94]
🐞 Invalid [514]
Missing Backports [36]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

WARNING in lookup_slow

Status: upstream: reported C repro on 2023/12/02 22:03
Bug presence: origin:upstream
Labels: missing-backport
[Documentation on labels]
Reported-by: syzbot+06c698fb96b88f7018dc@syzkaller.appspotmail.com
First crash: 354d, last: 91d
Fix bisection: the issue occurs on the latest tested release (bisect log)
Crash: WARNING in lookup_slow (log)
Repro: C syz .config
  
Bug presence (3)
Date Name Commit Repro Result
2024/01/17 linux-6.1.y (ToT) fec3b1451d5f C [report] WARNING in lookup_slow
2023/12/03 upstream (ToT) 968f35f4ab1c C [report] WARNING in lookup_slow
2024/01/17 upstream (ToT) 052d534373b7 C Didn't crash
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 WARNING in lookup_slow (2) 1 386d 386d 0/3 auto-obsoleted due to no activity on 2024/02/09 08:58
upstream WARNING in lookup_slow (2) fs 8 160d 192d 0/28 auto-obsoleted due to no activity on 2024/09/12 01:16
linux-5.15 WARNING in lookup_slow (3) origin:lts-only C error 5 38d 236d 0/3 upstream: reported C repro on 2024/03/30 12:27
upstream WARNING in lookup_slow ntfs3 C error inconclusive 34 302d 703d 0/28 auto-obsoleted due to no activity on 2024/05/02 19:30
linux-5.15 WARNING in lookup_slow 1 545d 545d 0/3 auto-obsoleted due to no activity on 2023/09/02 18:27
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2024/01/18 17:12 1h55m fix candidate upstream OK (0) job log
2024/01/02 04:25 1h56m bisect fix linux-6.1.y OK (0) job log log

Sample crash report:
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(!is_rwsem_reader_owned(sem)): count = 0x0, magic = 0xffff0000e3862f70, owner = 0x0, curr 0xffff0000d15c0000, list empty
WARNING: CPU: 1 PID: 7008 at kernel/locking/rwsem.c:1345 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
Modules linked in:
CPU: 1 PID: 7008 Comm: syz-executor285 Not tainted 6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
lr : __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
sp : ffff80001fb87860
x29: ffff80001fb878f0 x28: 1ffff00002b080b0 x27: ffff800015840000
x26: dfff800000000000 x25: 0000000000000000 x24: ffff0000e3862fc8
x23: ffff0000d15c0000 x22: ffff80001fb87880 x21: 0000000000000000
x20: ffff0000e3862f70 x19: ffff0000e3862f70 x18: 1fffe0003686f976
x17: ffff80001583d000 x16: ffff800008304e88 x15: ffff0001b437cbbc
x14: 1ffff00002b080b0 x13: dfff800000000000 x12: 0000000000000003
x11: 0000000000ff0100 x10: 0000000000000003 x9 : 18eaf7e2930d9e00
x8 : 18eaf7e2930d9e00 x7 : ffff80000827c8d4 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000
x2 : ffff80001fb873c0 x1 : ffff8000122ac6e0 x0 : ffff80019ebea000
Call trace:
 __up_read+0x560/0x604 kernel/locking/rwsem.c:1345
 up_read+0x38/0x48 kernel/locking/rwsem.c:1616
 inode_unlock_shared include/linux/fs.h:773 [inline]
 lookup_slow+0x6c/0x84 fs/namei.c:1708
 walk_component+0x280/0x36c fs/namei.c:1998
 lookup_last fs/namei.c:2455 [inline]
 path_lookupat+0x13c/0x3d0 fs/namei.c:2479
 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508
 user_path_at_empty+0x5c/0x84 fs/namei.c:2907
 user_path_at include/linux/namei.h:57 [inline]
 do_mount fs/namespace.c:3391 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x428/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 118
hardirqs last  enabled at (117): [<ffff80000827c974>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1366 [inline]
hardirqs last  enabled at (117): [<ffff80000827c974>] finish_lock_switch+0xbc/0x1e8 kernel/sched/core.c:5004
hardirqs last disabled at (118): [<ffff80001214d10c>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last  enabled at (34): [<ffff800008033178>] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32
softirqs last disabled at (32): [<ffff800008033144>] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19
---[ end trace 0000000000000000 ]---
------------[ cut here ]------------
DEBUG_RWSEMS_WARN_ON(tmp < 0): count = 0xffffffffffffff00, magic = 0xffff0000e3862f70, owner = 0x0, curr 0xffff0000d15c0000, list empty
WARNING: CPU: 1 PID: 7008 at kernel/locking/rwsem.c:1350 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
Modules linked in:
CPU: 1 PID: 7008 Comm: syz-executor285 Tainted: G        W          6.1.83-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
lr : __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
sp : ffff80001fb87860
x29: ffff80001fb878f0 x28: 1ffff00002b080b0 x27: ffff800015840000
x26: dfff800000000000 x25: ffffffffffffff00 x24: ffff0000e3862fc8
x23: ffff0000e3862f70 x22: ffffffffffffff00 x21: 0000000000000000
x20: ffff0000d15c0000 x19: ffff0000e3862f70 x18: 1fffe0003686f976
x17: 0000000000000000 x16: ffff800012151454 x15: 0000000000000000
x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : 18eaf7e2930d9e00
x8 : 18eaf7e2930d9e00 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff80001fb87158 x4 : ffff800015922ae0 x3 : ffff80000aa8ca8c
x2 : ffff0001b437ccd0 x1 : 0000000000000001 x0 : 0000000000000000
Call trace:
 __up_read+0x3c8/0x604 kernel/locking/rwsem.c:1350
 up_read+0x38/0x48 kernel/locking/rwsem.c:1616
 inode_unlock_shared include/linux/fs.h:773 [inline]
 lookup_slow+0x6c/0x84 fs/namei.c:1708
 walk_component+0x280/0x36c fs/namei.c:1998
 lookup_last fs/namei.c:2455 [inline]
 path_lookupat+0x13c/0x3d0 fs/namei.c:2479
 filename_lookup+0x1d4/0x4e0 fs/namei.c:2508
 user_path_at_empty+0x5c/0x84 fs/namei.c:2907
 user_path_at include/linux/namei.h:57 [inline]
 do_mount fs/namespace.c:3391 [inline]
 __do_sys_mount fs/namespace.c:3602 [inline]
 __se_sys_mount fs/namespace.c:3579 [inline]
 __arm64_sys_mount+0x428/0x594 fs/namespace.c:3579
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 153
hardirqs last  enabled at (153): [<ffff80001214f520>] __exit_to_kernel_mode arch/arm64/kernel/entry-common.c:84 [inline]
hardirqs last  enabled at (153): [<ffff80001214f520>] exit_to_kernel_mode+0xe8/0x118 arch/arm64/kernel/entry-common.c:94
hardirqs last disabled at (152): [<ffff80001221df6c>] preempt_schedule_irq+0xa8/0x1b8 kernel/sched/core.c:6871
softirqs last  enabled at (148): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (148): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (121): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/02 03:15 linux-6.1.y e5cd595e23c1 6baf5069 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in lookup_slow
2023/12/02 22:59 linux-6.1.y 6ac30d748bb0 f819d6f7 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-6-1-kasan-arm64 WARNING in lookup_slow
2024/06/15 12:23 linux-6.1.y ae9f2a70d69e f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in lookup_slow
2024/05/31 12:15 linux-6.1.y 88690811da69 0c378259 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in lookup_slow
2024/04/08 01:49 linux-6.1.y 347385861c50 ca620dd8 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan WARNING in lookup_slow
2024/08/22 09:01 linux-6.1.y ee5e09825b81 ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in lookup_slow
2023/12/02 22:02 linux-6.1.y 6ac30d748bb0 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan-arm64 WARNING in lookup_slow
* Struck through repros no longer work on HEAD.