[Cluster-devel] [syzbot] [gfs2?] memory leak in gfs2_trans_begin
Hello, syzbot found the following issue on: HEAD commit:3f86ed6ec0b3 Merge tag 'arc-6.6-rc1' of git://git.kernel.o.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12cda4e7a8 kernel config: https://syzkaller.appspot.com/x/.config?x=fe0cf825f8fbc075 dashboard link: https://syzkaller.appspot.com/bug?extid=45a7939b6f493f374ee1 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16f3a65868 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0a6ca0af2bd5/disk-3f86ed6e.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ba67b3d88c83/vmlinux-3f86ed6e.xz kernel image: https://storage.googleapis.com/syzbot-assets/4a64bda3d2e5/bzImage-3f86ed6e.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/6406b55aec21/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+45a7939b6f493f374...@syzkaller.appspotmail.com 2023/09/05 14:30:51 executed programs: 30 BUG: memory leak unreferenced object 0x8881214cbc60 (size 144): comm "syz-executor.7", pid 5069, jiffies 4294970978 (age 14.110s) hex dump (first 32 bytes): ae 04 1f 82 ff ff ff ff 02 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 backtrace: [] kmem_cache_zalloc include/linux/slab.h:710 [inline] [] gfs2_trans_begin+0x29/0xa0 fs/gfs2/trans.c:115 [] gfs2_statfs_sync+0x1ae/0x250 fs/gfs2/super.c:298 [] gfs2_make_fs_ro+0x1b1/0x430 fs/gfs2/super.c:566 [] gfs2_put_super+0x2bc/0x2d0 fs/gfs2/super.c:623 [] generic_shutdown_super+0x9e/0x170 fs/super.c:693 [] kill_block_super+0x1d/0x50 fs/super.c:1646 [] gfs2_kill_sb+0x1bf/0x1f0 fs/gfs2/ops_fstype.c:1795 [] deactivate_locked_super+0x4a/0x110 fs/super.c:481 [] deactivate_super fs/super.c:514 [inline] [] deactivate_super+0x9c/0xb0 fs/super.c:510 [] cleanup_mnt+0x121/0x210 fs/namespace.c:1254 [] task_work_run+0x8f/0xe0 kernel/task_work.c:179 [] resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] [] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] [] exit_to_user_mode_prepare+0x116/0x140 kernel/entry/common.c:204 [] __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] [] syscall_exit_to_user_mode+0x21/0x50 kernel/entry/common.c:296 [] do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
Re: [Cluster-devel] [syzbot] [gfs2?] BUG: sleeping function called from invalid context in glock_hash_walk
syzbot has bisected this issue to:
commit 0be8432166a61abc537e1247e530f4b85970b56b
Author: Bob Peterson
Date: Wed Aug 2 14:24:12 2023 +
gfs2: Don't use filemap_splice_read
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1470c62068
start commit: 3f86ed6ec0b3 Merge tag 'arc-6.6-rc1' of git://git.kernel.o..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=1670c62068
console output: https://syzkaller.appspot.com/x/log.txt?x=1270c62068
kernel config: https://syzkaller.appspot.com/x/.config?x=ff0db7a15ba54ead
dashboard link: https://syzkaller.appspot.com/bug?extid=10c6178a65acf04efe47
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e4ea1468
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13f76f1068
Reported-by: syzbot+10c6178a65acf04ef...@syzkaller.appspotmail.com
Fixes: 0be8432166a6 ("gfs2: Don't use filemap_splice_read")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[Cluster-devel] [syzbot] [gfs2?] BUG: sleeping function called from invalid context in gfs2_flush_delete_work
Hello, syzbot found the following issue on: HEAD commit:99d99825fc07 Merge tag 'nfs-for-6.6-1' of git://git.linux-.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=114e462fa8 kernel config: https://syzkaller.appspot.com/x/.config?x=30b036635ccf91ce dashboard link: https://syzkaller.appspot.com/bug?extid=f695093038cdf1175371 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13536d8fa8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13aeb87068 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-99d99825.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ce6af6f13dfd/vmlinux-99d99825.xz kernel image: https://storage.googleapis.com/syzbot-assets/10b5fe4e45b5/bzImage-99d99825.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/6bbc32f93f62/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+f695093038cdf1175...@syzkaller.appspotmail.com loop0: rw=1, sector=3280942697285464, nr_sectors = 8 limit=32768 gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0 gfs2: fsid=syz:syz.0: fatal: I/O error(s) gfs2: fsid=syz:syz.0: about to withdraw this file system BUG: sleeping function called from invalid context at fs/gfs2/glock.c:2081 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5143, name: syz-executor333 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [<>] 0x0 CPU: 1 PID: 5143 Comm: syz-executor333 Not tainted 6.5.0-syzkaller-09276-g99d99825fc07 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x125/0x1b0 lib/dump_stack.c:106 __might_resched+0x3c3/0x5e0 kernel/sched/core.c:10187 glock_hash_walk fs/gfs2/glock.c:2081 [inline] gfs2_flush_delete_work+0x1f6/0x2b0 fs/gfs2/glock.c:2108 gfs2_make_fs_ro+0x460/0x740 fs/gfs2/super.c:550 signal_our_withdraw fs/gfs2/util.c:153 [inline] gfs2_withdraw+0xc2e/0x10c0 fs/gfs2/util.c:334 gfs2_ail1_empty+0x8cc/0xab0 fs/gfs2/log.c:377 gfs2_flush_revokes+0x6b/0x90 fs/gfs2/log.c:815 revoke_lo_before_commit+0x22/0x640 fs/gfs2/lops.c:868 lops_before_commit fs/gfs2/lops.h:40 [inline] gfs2_log_flush+0x105e/0x27f0 fs/gfs2/log.c:1101 gfs2_write_inode+0x24a/0x4b0 fs/gfs2/super.c:453 write_inode fs/fs-writeback.c:1456 [inline] __writeback_single_inode+0xa81/0xe70 fs/fs-writeback.c:1668 writeback_single_inode+0x2af/0x590 fs/fs-writeback.c:1724 sync_inode_metadata+0xa5/0xe0 fs/fs-writeback.c:2786 gfs2_fsync+0x218/0x380 fs/gfs2/file.c:761 vfs_fsync_range+0x141/0x220 fs/sync.c:188 generic_write_sync include/linux/fs.h:2625 [inline] gfs2_file_write_iter+0xd97/0x10c0 fs/gfs2/file.c:1150 call_write_iter include/linux/fs.h:1985 [inline] do_iter_readv_writev+0x21e/0x3c0 fs/read_write.c:735 do_iter_write+0x17f/0x830 fs/read_write.c:860 vfs_iter_write+0x7a/0xb0 fs/read_write.c:901 iter_file_splice_write+0x698/0xbf0 fs/splice.c:736 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0x118/0x180 fs/splice.c:1142 splice_direct_to_actor+0x347/0xa30 fs/splice.c:1088 do_splice_direct+0x1af/0x280 fs/splice.c:1194 do_sendfile+0xb88/0x1390 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __x64_sys_sendfile64+0x1d6/0x220 fs/read_write.c:1308 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f47de46e6b9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fff21f08188 EFLAGS: 0246 ORIG_RAX: 0028 RAX: ffda RBX: 7fff21f08358 RCX: 7f47de46e6b9 RDX: RSI: 0005 RDI: 0007 RBP: 7f47de4f3610 R08: 7fff21f08358 R09: 7fff21f08358 R10: 000100201004 R11: 0246 R12: 0001 R13: 7fff21f08348 R14: 0001 R15: 0001 BUG: scheduling while atomic: syz-executor333/5143/0x0002 INFO: lockdep is turned off. Modules linked in: Preemption disabled at: [<>] 0x0 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to
[Cluster-devel] [syzbot] [gfs2?] BUG: sleeping function called from invalid context in glock_hash_walk
Hello, syzbot found the following issue on: HEAD commit:3f86ed6ec0b3 Merge tag 'arc-6.6-rc1' of git://git.kernel.o.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1346753fa8 kernel config: https://syzkaller.appspot.com/x/.config?x=ff0db7a15ba54ead dashboard link: https://syzkaller.appspot.com/bug?extid=10c6178a65acf04efe47 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e4ea1468 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13f76f1068 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/6f4f710c5033/disk-3f86ed6e.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/48fedbdc/vmlinux-3f86ed6e.xz kernel image: https://storage.googleapis.com/syzbot-assets/c06d7c39bbc0/bzImage-3f86ed6e.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/9cc536caad57/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+10c6178a65acf04ef...@syzkaller.appspotmail.com syz-executor585: attempt to access beyond end of device loop0: rw=1, sector=3280942697285464, nr_sectors = 8 limit=32768 gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0 gfs2: fsid=syz:syz.0: fatal: I/O error(s) gfs2: fsid=syz:syz.0: about to withdraw this file system BUG: sleeping function called from invalid context at fs/gfs2/glock.c:2081 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5030, name: syz-executor585 preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. Preemption disabled at: [<>] 0x0 CPU: 0 PID: 5030 Comm: syz-executor585 Not tainted 6.5.0-syzkaller-11704-g3f86ed6ec0b3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 __might_resched+0x5cf/0x780 kernel/sched/core.c:10187 glock_hash_walk+0x13b/0x1b0 fs/gfs2/glock.c:2081 gfs2_flush_delete_work+0x1c/0x50 fs/gfs2/glock.c:2108 gfs2_make_fs_ro+0x109/0x680 fs/gfs2/super.c:550 signal_our_withdraw fs/gfs2/util.c:153 [inline] gfs2_withdraw+0x48a/0x11e0 fs/gfs2/util.c:334 gfs2_ail1_empty+0x7d0/0x860 fs/gfs2/log.c:377 gfs2_flush_revokes+0x5e/0x90 fs/gfs2/log.c:815 revoke_lo_before_commit+0x2c/0x5f0 fs/gfs2/lops.c:868 lops_before_commit fs/gfs2/lops.h:40 [inline] gfs2_log_flush+0xc93/0x25f0 fs/gfs2/log.c:1101 gfs2_write_inode+0x20e/0x3b0 fs/gfs2/super.c:453 write_inode fs/fs-writeback.c:1456 [inline] __writeback_single_inode+0x69b/0xfa0 fs/fs-writeback.c:1668 writeback_single_inode+0x21b/0x790 fs/fs-writeback.c:1724 sync_inode_metadata+0xcc/0x130 fs/fs-writeback.c:2786 gfs2_fsync+0x1a7/0x340 fs/gfs2/file.c:761 generic_write_sync include/linux/fs.h:2625 [inline] gfs2_file_write_iter+0xb33/0xe60 fs/gfs2/file.c:1159 do_iter_write+0x84f/0xde0 fs/read_write.c:860 iter_file_splice_write+0x86d/0x1010 fs/splice.c:736 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xea/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x376/0x9e0 fs/splice.c:1088 do_splice_direct+0x2ac/0x3f0 fs/splice.c:1194 do_sendfile+0x623/0x1070 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64+0x17c/0x1e0 fs/read_write.c:1308 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fb0ea97bd59 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffd9f19f258 EFLAGS: 0246 ORIG_RAX: 0028 RAX: ffda RBX: RCX: 7fb0ea97bd59 RDX: RSI: 0008 RDI: 0007 RBP: 0246 R08: 0002 R09: 571844c0 R10: 8001 R11: 0246 R12: 7ffd9f19f280 R13: 7fb0ea95cac4 R14: 431bde82d7b634db R15: 7fb0ea9c503b BUG: scheduling while atomic: syz-executor585/5030/0x0002 INFO: lockdep is turned off. Modules linked in: Preemption disabled at: [<>] 0x0 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite bug's subsystems, reply with: #syz s
Re: [Cluster-devel] [syzbot] [gfs2?] general protection fault in gfs2_dump_glock (2)
syzbot has bisected this issue to:
commit a8b76910e465d718effce0cad306a21fa4f3526b
Author: Valentin Schneider
Date: Wed Nov 10 20:24:44 2021 +
preempt: Restore preemption model selection configs
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1633aaf068
start commit: 58390c8ce1bd Merge tag 'iommu-updates-v6.4' of git://git.k..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=1533aaf068
console output: https://syzkaller.appspot.com/x/log.txt?x=1133aaf068
kernel config: https://syzkaller.appspot.com/x/.config?x=5eadbf0d3c2ece89
dashboard link: https://syzkaller.appspot.com/bug?extid=427fed3295e9a7e887f2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172bead828
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14d01d0828
Reported-by: syzbot+427fed3295e9a7e88...@syzkaller.appspotmail.com
Fixes: a8b76910e465 ("preempt: Restore preemption model selection configs")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[Cluster-devel] [syzbot] [gfs2?] INFO: task hung in write_cache_pages (3)
Hello,
syzbot found the following issue on:
HEAD commit:92901222f83d Merge tag 'f2fs-for-6-6-rc1' of git://git.ker..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1688084868
kernel config: https://syzkaller.appspot.com/x/.config?x=3d78b3780d210e21
dashboard link: https://syzkaller.appspot.com/bug?extid=4fcffdd85e518af6f129
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17933a0068
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ef710468
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/f58f2fdc5a9e/disk-92901222.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/16dba3905664/vmlinux-92901222.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/3a5b1d5efdbd/bzImage-92901222.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/821293a2c99e/mount_0.gz
The issue was bisected to:
commit 47b7ec1daa511cd82cb9c31e88bfdb664b031d2a
Author: Andrew Price
Date: Fri Feb 5 17:10:17 2021 +
gfs2: Enable rgrplvb for sb_fs_format 1802
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16c9842ba8
final oops: https://syzkaller.appspot.com/x/report.txt?x=15c9842ba8
console output: https://syzkaller.appspot.com/x/log.txt?x=11c9842ba8
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+4fcffdd85e518af6f...@syzkaller.appspotmail.com
Fixes: 47b7ec1daa51 ("gfs2: Enable rgrplvb for sb_fs_format 1802")
INFO: task kworker/u4:5:138 blocked for more than 143 seconds.
Not tainted 6.5.0-syzkaller-11075-g92901222f83d #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u4:5state:D stack:21344 pid:138 ppid:2 flags:0x4000
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x1873/0x48f0 kernel/sched/core.c:6695
schedule+0xc3/0x180 kernel/sched/core.c:6771
io_schedule+0x8c/0x100 kernel/sched/core.c:9026
folio_wait_bit_common+0x871/0x12a0 mm/filemap.c:1304
folio_lock include/linux/pagemap.h:1042 [inline]
write_cache_pages+0x517/0x13f0 mm/page-writeback.c:2441
iomap_writepages+0x68/0x240 fs/iomap/buffered-io.c:1979
gfs2_writepages+0x169/0x1f0 fs/gfs2/aops.c:191
do_writepages+0x3a6/0x670 mm/page-writeback.c:2553
__writeback_single_inode+0x155/0xfa0 fs/fs-writeback.c:1603
writeback_sb_inodes+0x8e3/0x11d0 fs/fs-writeback.c:1894
__writeback_inodes_wb+0x11b/0x260 fs/fs-writeback.c:1965
wb_writeback+0x461/0xc60 fs/fs-writeback.c:2072
wb_check_background_flush fs/fs-writeback.c:2142 [inline]
wb_do_writeback fs/fs-writeback.c:2230 [inline]
wb_workfn+0xc6f/0xff0 fs/fs-writeback.c:2257
process_one_work+0x781/0x1130 kernel/workqueue.c:2630
process_scheduled_works kernel/workqueue.c:2703 [inline]
worker_thread+0xabf/0x1060 kernel/workqueue.c:2784
kthread+0x2b8/0x350 kernel/kthread.c:388
ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304
INFO: task syz-executor336:5029 blocked for more than 143 seconds.
Not tainted 6.5.0-syzkaller-11075-g92901222f83d #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor336 state:D stack:23408 pid:5029 ppid:5028 flags:0x4006
Call Trace:
context_switch kernel/sched/core.c:5382 [inline]
__schedule+0x1873/0x48f0 kernel/sched/core.c:6695
schedule+0xc3/0x180 kernel/sched/core.c:6771
io_schedule+0x8c/0x100 kernel/sched/core.c:9026
folio_wait_bit_common+0x871/0x12a0 mm/filemap.c:1304
folio_lock include/linux/pagemap.h:1042 [inline]
write_cache_pages+0x517/0x13f0 mm/page-writeback.c:2441
iomap_writepages+0x68/0x240 fs/iomap/buffered-io.c:1979
gfs2_writepages+0x169/0x1f0 fs/gfs2/aops.c:191
do_writepages+0x3a6/0x670 mm/page-writeback.c:2553
filemap_fdatawrite_wbc+0x125/0x180 mm/filemap.c:393
__filemap_fdatawrite_range mm/filemap.c:426 [inline]
__filemap_fdatawrite mm/filemap.c:432 [inline]
filemap_fdatawrite+0x143/0x1b0 mm/filemap.c:437
gfs2_ordered_write fs/gfs2/log.c:740 [inline]
gfs2_log_flush+0xa42/0x25f0 fs/gfs2/log.c:1098
gfs2_trans_end+0x39f/0x560 fs/gfs2/trans.c:158
gfs2_page_mkwrite+0x1262/0x14f0 fs/gfs2/file.c:533
do_page_mkwrite+0x197/0x470 mm/memory.c:2931
do_shared_fault mm/memory.c:4647 [inline]
do_fault mm/memory.c:4709 [inline]
do_pte_missing mm/memory.c:3669 [inline]
handle_pte_fault mm/memory.c:4978 [inline]
__handle_mm_fault mm/memory.c:5119 [inline]
handle_mm_fault+0x22b2/0x6200 mm/memory.c:5284
do_user_addr_fault arch/x86/mm/fault.c:1413 [inline]
handle_page_fault arch/x86/mm/fault.c:1505 [inline]
exc_page_fault+0x2ac/0x860 arch/x86/mm/fault.c:1561
asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0033:0x7f088fba48e7
RSP: 002b:7fff09b9e550 EFLAGS
[Cluster-devel] [syzbot] Monthly gfs2 report (Sep 2023)
Hello gfs2 maintainers/developers, This is a 31-day syzbot report for the gfs2 subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/gfs2 During the period, 0 new issues were detected and 0 were fixed. In total, 17 issues are still open and 20 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 2679Yes WARNING in __folio_mark_dirty (2) https://syzkaller.appspot.com/bug?extid=e14d6cd6ec241f507ba7 <2> 577 Yes kernel BUG in gfs2_glock_nq (2) https://syzkaller.appspot.com/bug?extid=70f4e455dee59ab40c80 <3> 77 Yes INFO: task hung in gfs2_gl_hash_clear (3) https://syzkaller.appspot.com/bug?extid=ed7d0f71a89e28557a77 <4> 54 Yes WARNING in gfs2_check_blk_type https://syzkaller.appspot.com/bug?extid=092b28923eb79e0f3c41 <5> 35 Yes general protection fault in gfs2_dump_glock (2) https://syzkaller.appspot.com/bug?extid=427fed3295e9a7e887f2 <6> 7 Yes BUG: unable to handle kernel NULL pointer dereference in gfs2_rgrp_dump https://syzkaller.appspot.com/bug?extid=da0fc229cc1ff4bb2e6d <7> 4 Yes BUG: unable to handle kernel NULL pointer dereference in gfs2_rindex_update https://syzkaller.appspot.com/bug?extid=2b32df23ff6b5b307565 <8> 1 Yes BUG: sleeping function called from invalid context in gfs2_make_fs_ro https://syzkaller.appspot.com/bug?extid=60369f4775c014dd1804 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
Re: [Cluster-devel] [syzbot] [gfs2?] BUG: unable to handle kernel NULL pointer dereference in gfs2_rgrp_dump
syzbot has bisected this issue to:
commit 72244b6bc752b5c496f09de9a13c18adc314a53c
Author: Bob Peterson
Date: Wed Aug 15 17:09:49 2018 +
gfs2: improve debug information when lvb mismatches are found
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1593747ba8
start commit: 0a924817d2ed Merge tag '6.2-rc-smb3-client-fixes-part2' of..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=1793747ba8
console output: https://syzkaller.appspot.com/x/log.txt?x=1393747ba8
kernel config: https://syzkaller.appspot.com/x/.config?x=4e2d7bfa2d6d5a76
dashboard link: https://syzkaller.appspot.com/bug?extid=da0fc229cc1ff4bb2e6d
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12e5bf7f88
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13952f5d88
Reported-by: syzbot+da0fc229cc1ff4bb2...@syzkaller.appspotmail.com
Fixes: 72244b6bc752 ("gfs2: improve debug information when lvb mismatches are
found")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[Cluster-devel] [syzbot] [gfs2?] general protection fault in gfs2_lookup_simple
Hello,
syzbot found the following issue on:
HEAD commit:a73466257270 Add linux-next specific files for 20230801
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=17a48e75a8
kernel config: https://syzkaller.appspot.com/x/.config?x=8b55cb25bac8948c
dashboard link: https://syzkaller.appspot.com/bug?extid=57e590d90f42e6e925df
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1263b929a8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=160bbe31a8
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/d893efe5006c/disk-a7346625.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/5a2ea2e3ba30/vmlinux-a7346625.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/66f8ff91348f/bzImage-a7346625.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/e94e695a9f21/mount_0.gz
The issue was bisected to:
commit 8f18190e31734e434a650d3435da072f03fe485f
Author: Andreas Gruenbacher
Date: Wed Jul 26 21:17:53 2023 +
gfs2: Use mapping->gfp_mask for metadata inodes
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1338d136a8
final oops: https://syzkaller.appspot.com/x/report.txt?x=10b8d136a8
console output: https://syzkaller.appspot.com/x/log.txt?x=1738d136a8
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+57e590d90f42e6e92...@syzkaller.appspotmail.com
Fixes: 8f18190e3173 ("gfs2: Use mapping->gfp_mask for metadata inodes")
gfs2: fsid=no�Šar?d: Trying to join cluster "lock_nolock", "no�Šar?d"
gfs2: fsid=no�Šar?d: Now mounting FS (format 1801)...
syz-executor418: attempt to access beyond end of device
loop0: rw=12288, sector=131072, nr_sectors = 8 limit=32768
general protection fault, probably for non-canonical address
0xdc05: [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0028-0x002f]
CPU: 1 PID: 5032 Comm: syz-executor418 Not tainted
6.5.0-rc4-next-20230801-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
07/12/2023
RIP: 0010:gfs2_lookup_simple+0xc6/0x160 fs/gfs2/inode.c:286
Code: 74 24 20 f7 d0 89 44 24 20 e8 66 d3 ff ff 48 85 c0 0f 84 85 00 00 00 48
89 c3 e8 e5 01 e3 fd 48 8d 7b 30 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 7b 48
b8 00 00 00 00 00 fc ff df 4c 8b 63 30 49
RSP: 0018:c900039ef848 EFLAGS: 00010206
RAX: 0005 RBX: fffb RCX:
RDX: 888015bf8000 RSI: 83a38d4b RDI: 002b
RBP: 19200073df09 R08: 0005 R09:
R10: 0001 R11: 0001 R12: dc00
R13: 8ab99700 R14: 888019f94000 R15: 8880783f06b8
FS: 558fa380() GS:8880b990() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 557976244798 CR3: 74978000 CR4: 003506e0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
init_journal fs/gfs2/ops_fstype.c:742 [inline]
init_inodes+0x495/0x2e30 fs/gfs2/ops_fstype.c:885
gfs2_fill_super+0x1a9e/0x2b10 fs/gfs2/ops_fstype.c:1248
get_tree_bdev+0x390/0x6a0 fs/super.c:1345
gfs2_get_tree+0x4e/0x280 fs/gfs2/ops_fstype.c:1333
vfs_get_tree+0x88/0x350 fs/super.c:1521
do_new_mount fs/namespace.c:3335 [inline]
path_mount+0x1492/0x1ed0 fs/namespace.c:3662
do_mount fs/namespace.c:3675 [inline]
__do_sys_mount fs/namespace.c:3884 [inline]
__se_sys_mount fs/namespace.c:3861 [inline]
__x64_sys_mount+0x293/0x310 fs/namespace.c:3861
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x38/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6d772a2c3a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00
00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7fff3af18918 EFLAGS: 0282 ORIG_RAX: 00a5
RAX: ffda RBX: 7fff3af18920 RCX: 7f6d772a2c3a
RDX: 2000 RSI: 2040 RDI: 7fff3af18920
RBP: 0004 R08: 7fff3af18960 R09: 000125fe
R10: 0819 R11: 0282 R12: 7fff3af18960
R13: 0003 R14: 0100 R15: 0001
Modules linked in:
---[ end trace ]---
RIP: 0010:gfs2_lookup_simple+0xc6/0x160 fs/gfs2/inode.c:286
Code: 74 24 20 f7 d0 89 44 24 20 e8 66 d3 ff ff 48 85 c0 0f 84 85 00 00 00 48
89 c3 e8 e5 01 e3 fd 48 8d 7b 30 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 7b 48
b8 00 00 00 00 00 fc ff df 4c 8b 63 30 49
RSP: 0018:c900039ef848 EFLAGS: 00010206
RAX: 0005 RBX: ff
[Cluster-devel] [syzbot] Monthly gfs2 report (Aug 2023)
Hello gfs2 maintainers/developers, This is a 31-day syzbot report for the gfs2 subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/gfs2 During the period, 3 new issues were detected and 0 were fixed. In total, 18 issues are still open and 18 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 3678Yes WARNING in folio_account_dirtied https://syzkaller.appspot.com/bug?extid=8d1d62bfb63d6a480be1 <2> 2371Yes WARNING in __folio_mark_dirty (2) https://syzkaller.appspot.com/bug?extid=e14d6cd6ec241f507ba7 <3> 501 Yes kernel BUG in gfs2_glock_nq (2) https://syzkaller.appspot.com/bug?extid=70f4e455dee59ab40c80 <4> 71 Yes INFO: task hung in gfs2_gl_hash_clear (3) https://syzkaller.appspot.com/bug?extid=ed7d0f71a89e28557a77 <5> 52 Yes WARNING in gfs2_check_blk_type https://syzkaller.appspot.com/bug?extid=092b28923eb79e0f3c41 <6> 3 Yes BUG: unable to handle kernel NULL pointer dereference in gfs2_rgrp_dump https://syzkaller.appspot.com/bug?extid=da0fc229cc1ff4bb2e6d <7> 3 Yes BUG: unable to handle kernel NULL pointer dereference in gfs2_rindex_update https://syzkaller.appspot.com/bug?extid=2b32df23ff6b5b307565 <8> 1 Yes BUG: sleeping function called from invalid context in gfs2_make_fs_ro https://syzkaller.appspot.com/bug?extid=60369f4775c014dd1804 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
Re: [Cluster-devel] [syzbot] [gfs2?] kernel panic: hung_task: blocked tasks (2)
syzbot has bisected this issue to:
commit 9c8ad7a2ff0bfe58f019ec0abc1fb965114dde7d
Author: David Howells
Date: Thu May 16 11:52:27 2019 +
uapi, x86: Fix the syscall numbering of the mount API syscalls [ver #2]
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=169b475ea8
start commit: fdf0eaf11452 Linux 6.5-rc2
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=159b475ea8
console output: https://syzkaller.appspot.com/x/log.txt?x=119b475ea8
kernel config: https://syzkaller.appspot.com/x/.config?x=27e33fd2346a54b
dashboard link: https://syzkaller.appspot.com/bug?extid=607aa822c60b2e75b269
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11322fb6a8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17687f1aa8
Reported-by: syzbot+607aa822c60b2e75b...@syzkaller.appspotmail.com
Fixes: 9c8ad7a2ff0b ("uapi, x86: Fix the syscall numbering of the mount API
syscalls [ver #2]")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [Cluster-devel] [syzbot] [gfs2?] KASAN: use-after-free Read in qd_unlock (2)
syzbot suspects this issue was fixed by commit: commit 41a37d157a613444c97e8f71a5fb2a21116b70d7 Author: Dmitry Baryshkov Date: Mon Dec 26 04:21:51 2022 + arm64: dts: qcom: qcs404: use symbol names for PCIe resets bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17b48111a8 start commit: [unknown] git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=fe56f7d193926860 dashboard link: https://syzkaller.appspot.com/bug?extid=3f6a670108ce43356017 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1209f878c8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=111a48ab48 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: arm64: dts: qcom: qcs404: use symbol names for PCIe resets For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[Cluster-devel] [syzbot] [gfs2?] BUG: sleeping function called from invalid context in gfs2_make_fs_ro
Hello,
syzbot found the following issue on:
HEAD commit:46670259519f Merge tag 'for-6.5-rc2-tag' of git://git.kern..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16bf15aea8
kernel config: https://syzkaller.appspot.com/x/.config?x=a4507c291b5ab5d4
dashboard link: https://syzkaller.appspot.com/bug?extid=60369f4775c014dd1804
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian)
2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1602904ea8
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d67e9ea8
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/f3b4b06a5f02/disk-46670259.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/4db334f36495/vmlinux-46670259.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/5977e704aeb2/bzImage-46670259.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/053f03da9748/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+60369f4775c014dd1...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: found 1 quota changes
syz-executor154: attempt to access beyond end of device
loop0: rw=1, sector=131324, nr_sectors = 4 limit=32768
gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0
gfs2: fsid=syz:syz.0: fatal: I/O error(s)
gfs2: fsid=syz:syz.0: about to withdraw this file system
BUG: sleeping function called from invalid context at
kernel/sched/completion.c:101
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5019, name:
syz-executor154
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
5 locks held by syz-executor154/5019:
#0: 8880297960e0 (>s_umount_key#47){+.+.}-{3:3}, at:
deactivate_super+0xad/0xf0 fs/super.c:360
#1: 88802854cb78 (>sd_quota_sync_mutex){+.+.}-{3:3}, at:
gfs2_quota_sync+0xa1/0x700 fs/gfs2/quota.c:1304
#2: 88802854d060 (>sd_log_flush_lock){}-{3:3}, at:
gfs2_log_flush+0x105/0x25f0 fs/gfs2/log.c:1042
#3: 88802854ce88 (>sd_log_lock){+.+.}-{2:2}, at: spin_lock
include/linux/spinlock.h:351 [inline]
#3: 88802854ce88 (>sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock
fs/gfs2/log.h:32 [inline]
#3: 88802854ce88 (>sd_log_lock){+.+.}-{2:2}, at:
gfs2_flush_revokes+0x53/0x90 fs/gfs2/log.c:814
#4: 88802854d248 (>sd_freeze_mutex){+.+.}-{3:3}, at:
signal_our_withdraw fs/gfs2/util.c:151 [inline]
#4: 88802854d248 (>sd_freeze_mutex){+.+.}-{3:3}, at:
gfs2_withdraw+0x477/0x11e0 fs/gfs2/util.c:334
Preemption disabled at:
[<>] 0x0
CPU: 1 PID: 5019 Comm: syz-executor154 Not tainted
6.5.0-rc2-syzkaller-00066-g46670259519f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
07/12/2023
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106
__might_resched+0x5cf/0x780 kernel/sched/core.c:10189
__wait_for_common kernel/sched/completion.c:101 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x1b/0x60 kernel/sched/completion.c:138
kthread_stop+0x18e/0x5a0 kernel/kthread.c:710
gfs2_make_fs_ro+0x183/0x680 fs/gfs2/super.c:555
signal_our_withdraw fs/gfs2/util.c:153 [inline]
gfs2_withdraw+0x48a/0x11e0 fs/gfs2/util.c:334
gfs2_ail1_empty+0x7d0/0x860 fs/gfs2/log.c:377
gfs2_flush_revokes+0x5e/0x90 fs/gfs2/log.c:815
revoke_lo_before_commit+0x2c/0x5f0 fs/gfs2/lops.c:868
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0xc93/0x25f0 fs/gfs2/log.c:1101
do_sync+0xa35/0xc80 fs/gfs2/quota.c:977
gfs2_quota_sync+0x30e/0x700 fs/gfs2/quota.c:1320
gfs2_sync_fs+0x4d/0xb0 fs/gfs2/super.c:680
sync_filesystem+0xec/0x220 fs/sync.c:56
generic_shutdown_super+0x6f/0x340 fs/super.c:472
kill_block_super+0x68/0xa0 fs/super.c:1417
deactivate_locked_super+0xa4/0x110 fs/super.c:330
cleanup_mnt+0x426/0x4c0 fs/namespace.c:1254
task_work_run+0x24a/0x300 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x68f/0x2290 kernel/exit.c:874
do_group_exit+0x206/0x2c0 kernel/exit.c:1024
__do_sys_exit_group kernel/exit.c:1035 [inline]
__se_sys_exit_group kernel/exit.c:1033 [inline]
__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1033
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fca0c3e4749
Code: Unable to access opcode bytes at 0x7fca0c3e471f.
RSP: 002b:7ffdd6ff7a08 EFLAGS: 0246 ORIG_RAX: 00e7
RAX: ffda RBX: 0001 RCX: 7fca0c3e4749
RDX: 003c RSI: 00e7 RDI: 0001
RBP: 7fca0c47f2b0 R08: ffb8 R09: 0001f6db
R10: R11: 0246 R12: 7fca0c47f2b0
R13: R14: 7fca0c480020 R15: 7fca0c3b2c90
BUG: scheduling while atomic: syz-executor154/5019/0x0002
5 locks hel
[Cluster-devel] [syzbot] [gfs2?] kernel panic: hung_task: blocked tasks (2)
Hello, syzbot found the following issue on: HEAD commit:fdf0eaf11452 Linux 6.5-rc2 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1797783aa8 kernel config: https://syzkaller.appspot.com/x/.config?x=27e33fd2346a54b dashboard link: https://syzkaller.appspot.com/bug?extid=607aa822c60b2e75b269 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11322fb6a8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17687f1aa8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0ac950f24d26/disk-fdf0eaf1.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/666fcbcfa05d/vmlinux-fdf0eaf1.xz kernel image: https://storage.googleapis.com/syzbot-assets/5bbe73baa630/bzImage-fdf0eaf1.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/85821d156573/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+607aa822c60b2e75b...@syzkaller.appspotmail.com Kernel panic - not syncing: hung_task: blocked tasks CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.5.0-rc2-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 panic+0x6a4/0x750 kernel/panic.c:340 check_hung_uninterruptible_tasks kernel/hung_task.c:226 [inline] watchdog+0xcf2/0x11b0 kernel/hung_task.c:379 kthread+0x33a/0x430 kernel/kthread.c:389 ret_from_fork+0x2c/0x70 arch/x86/kernel/process.c:145 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:296 RIP: :0x0 Code: Unable to access opcode bytes at 0xffd6. RSP: : EFLAGS: ORIG_RAX: RAX: RBX: RCX: RDX: RSI: RDI: RBP: R08: R09: R10: R11: R12: R13: R14: R15: Kernel Offset: disabled Rebooting in 86400 seconds.. --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[Cluster-devel] [syzbot] [gfs2?] memory leak in gfs2_quota_init
Hello, syzbot found the following issue on: HEAD commit:f8566aa4f176 Merge tag 'x86-urgent-2023-07-01' of git://gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10443370a8 kernel config: https://syzkaller.appspot.com/x/.config?x=87bd445ea3f7a661 dashboard link: https://syzkaller.appspot.com/bug?extid=4ee56df41d0cc0f0783a compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172d3d14a8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=143b6648a8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/9c2c2ab2bd05/disk-f8566aa4.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/0af022babece/vmlinux-f8566aa4.xz kernel image: https://storage.googleapis.com/syzbot-assets/e335287813f6/bzImage-f8566aa4.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/2f0686bcdcb4/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+4ee56df41d0cc0f07...@syzkaller.appspotmail.com BUG: memory leak unreferenced object 0x88810aa24000 (size 8192): comm "syz-executor334", pid 5004, jiffies 4294954804 (age 12.830s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [] __do_kmalloc_node mm/slab_common.c:984 [inline] [] __kmalloc+0x4a/0x120 mm/slab_common.c:998 [] kmalloc include/linux/slab.h:583 [inline] [] kzalloc include/linux/slab.h:700 [inline] [] gfs2_quota_init+0xd9/0x770 fs/gfs2/quota.c:1373 [] gfs2_make_fs_rw+0x11f/0x200 fs/gfs2/super.c:155 [] gfs2_reconfigure+0x3cf/0x530 fs/gfs2/ops_fstype.c:1602 [] reconfigure_super+0x14c/0x3e0 fs/super.c:961 [] vfs_fsconfig_locked fs/fsopen.c:254 [inline] [] __do_sys_fsconfig+0x80b/0x8d0 fs/fsopen.c:439 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd BUG: memory leak unreferenced object 0x88810f36 (size 8192): comm "syz-executor334", pid 5007, jiffies 4294955349 (age 7.380s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 backtrace: [] __do_kmalloc_node mm/slab_common.c:984 [inline] [] __kmalloc+0x4a/0x120 mm/slab_common.c:998 [] kmalloc include/linux/slab.h:583 [inline] [] kzalloc include/linux/slab.h:700 [inline] [] gfs2_quota_init+0xd9/0x770 fs/gfs2/quota.c:1373 [] gfs2_make_fs_rw+0x11f/0x200 fs/gfs2/super.c:155 [] gfs2_reconfigure+0x3cf/0x530 fs/gfs2/ops_fstype.c:1602 [] reconfigure_super+0x14c/0x3e0 fs/super.c:961 [] vfs_fsconfig_locked fs/fsopen.c:254 [inline] [] __do_sys_fsconfig+0x80b/0x8d0 fs/fsopen.c:439 [] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 [] entry_SYSCALL_64_after_hwframe+0x63/0xcd --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the bug is already fixed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to change bug's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the bug is a duplicate of another bug, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
[Cluster-devel] [syzbot] Monthly gfs2 report (Jul 2023)
Hello gfs2 maintainers/developers, This is a 31-day syzbot report for the gfs2 subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/gfs2 During the period, 0 new issues were detected and 0 were fixed. In total, 16 issues are still open and 18 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 2103Yes WARNING in __folio_mark_dirty (2) https://syzkaller.appspot.com/bug?extid=e14d6cd6ec241f507ba7 <2> 479 Yes kernel BUG in gfs2_glock_nq (2) https://syzkaller.appspot.com/bug?extid=70f4e455dee59ab40c80 <3> 59 Yes INFO: task hung in gfs2_gl_hash_clear (3) https://syzkaller.appspot.com/bug?extid=ed7d0f71a89e28557a77 <4> 44 Yes WARNING in gfs2_check_blk_type https://syzkaller.appspot.com/bug?extid=092b28923eb79e0f3c41 <5> 4 Yes KASAN: use-after-free Read in qd_unlock (2) https://syzkaller.appspot.com/bug?extid=3f6a670108ce43356017 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
Re: [Cluster-devel] [syzbot] [gfs2?] general protection fault in gfs2_evict_inode (2)
syzbot suspects this issue was fixed by commit: commit 504a10d9e46bc37b23d0a1ae2f28973c8516e636 Author: Bob Peterson Date: Fri Apr 28 16:07:46 2023 + gfs2: Don't deref jdesc in evict bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1544372d28 start commit: 7df047b3f0aa Merge tag 'vfio-v6.4-rc1' of https://github.c.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=474780ac1e194316 dashboard link: https://syzkaller.appspot.com/bug?extid=8a5fc6416c175cecea34 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1294d2d228 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=104a750828 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: gfs2: Don't deref jdesc in evict For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[Cluster-devel] [syzbot] Monthly gfs2 report (May 2023)
Hello gfs2 maintainers/developers, This is a 31-day syzbot report for the gfs2 subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/gfs2 During the period, 1 new issues were detected and 0 were fixed. In total, 19 issues are still open and 17 have been fixed so far. Some of the still happening issues: Ref Crashes Repro Title <1> 1592Yes WARNING in __folio_mark_dirty (2) https://syzkaller.appspot.com/bug?extid=e14d6cd6ec241f507ba7 <2> 437 Yes kernel BUG in gfs2_glock_nq (2) https://syzkaller.appspot.com/bug?extid=70f4e455dee59ab40c80 <3> 51 Yes INFO: task hung in gfs2_gl_hash_clear (3) https://syzkaller.appspot.com/bug?extid=ed7d0f71a89e28557a77 <4> 34 Yes WARNING in gfs2_check_blk_type https://syzkaller.appspot.com/bug?extid=092b28923eb79e0f3c41 <5> 32 Yes general protection fault in gfs2_dump_glock (2) https://syzkaller.appspot.com/bug?extid=427fed3295e9a7e887f2 <6> 23 Yes INFO: task hung in __gfs2_trans_begin https://syzkaller.appspot.com/bug?extid=a159cc6676345e04ff7d <7> 5 Yes BUG: sleeping function called from invalid context in gfs2_glock_wait https://syzkaller.appspot.com/bug?extid=cdb448c6e82c20d7960c --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. To disable reminders for individual bugs, reply with the following command: #syz set no-reminders To change bug's subsystems, reply with: #syz set subsystems: new-subsystem You may send multiple commands in a single email message.
[Cluster-devel] [syzbot] Monthly cluster report
Hello cluster maintainers/developers, This is a 30-day syzbot report for the cluster subsystem. All related reports/information can be found at: https://syzkaller.appspot.com/upstream/s/cluster During the period, 1 new issues were detected and 0 were fixed. In total, 23 issues are still open and 12 have been fixed so far. Some of the still happening issues: Crashes Repro Title 237 Yes kernel BUG in gfs2_glock_nq (2) https://syzkaller.appspot.com/bug?extid=70f4e455dee59ab40c80 111 Yes INFO: task hung in gfs2_jhead_process_page https://syzkaller.appspot.com/bug?extid=b9c5afe053a08cd29468 108 Yes general protection fault in gfs2_evict_inode (2) https://syzkaller.appspot.com/bug?extid=8a5fc6416c175cecea34 23 Yes INFO: task hung in __gfs2_trans_begin https://syzkaller.appspot.com/bug?extid=a159cc6676345e04ff7d 21 Yes WARNING in gfs2_check_blk_type https://syzkaller.appspot.com/bug?extid=092b28923eb79e0f3c41 18 Yes UBSAN: array-index-out-of-bounds in __gfs2_iomap_get https://syzkaller.appspot.com/bug?extid=45d4691b1ed3c48eba05 13 Yes INFO: task hung in gfs2_gl_hash_clear (3) https://syzkaller.appspot.com/bug?extid=ed7d0f71a89e28557a77 6 NoKMSAN: uninit-value in inode_go_dump https://syzkaller.appspot.com/bug?extid=79333ce1ae874ab7ffbb 3 Yes general protection fault in gfs2_dump_glock (2) https://syzkaller.appspot.com/bug?extid=427fed3295e9a7e887f2 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com.
Re: [Cluster-devel] [syzbot] [cluster?] possible deadlock in freeze_super (2)
syzbot suspects this issue was fixed by commit: commit b66f723bb552ad59c2acb5d45ea45c890f84498b Author: Andreas Gruenbacher Date: Tue Jan 31 14:06:53 2023 + gfs2: Improve gfs2_make_fs_rw error handling bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=117e2e29c8 start commit: 4a7d37e824f5 Merge tag 'hardening-v6.3-rc1' of git://git.k.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=8b969c5af147d31c dashboard link: https://syzkaller.appspot.com/bug?extid=be899d4f10b2a9522dce syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11484328c8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=127093a0c8 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: gfs2: Improve gfs2_make_fs_rw error handling For information about bisection process see: https://goo.gl/tpsmEJ#bisection
[Cluster-devel] [syzbot] [cluster?] general protection fault in gfs2_dump_glock (2)
Hello, syzbot found the following issue on: HEAD commit:f915322fe014 Merge tag 'v6.3-p2' of git://git.kernel.org/p.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16f297b0c8 kernel config: https://syzkaller.appspot.com/x/.config?x=dc0f7cfe5b32efe2 dashboard link: https://syzkaller.appspot.com/bug?extid=427fed3295e9a7e887f2 compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11a8b9bcc8 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11955f54c8 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/ad716bf3cfc2/disk-f915322f.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/3dda0fefb7a2/vmlinux-f915322f.xz kernel image: https://storage.googleapis.com/syzbot-assets/009b2977ab37/bzImage-f915322f.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/6c7bfd847dac/mount_2.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+427fed3295e9a7e88...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:6113 [syz-executor409] __gfs2_lookup+0xa4/0x270 fs/gfs2/inode.c:888 == BUG: KASAN: vmalloc-out-of-bounds in gfs2_dump_glock+0x14b3/0x1ad0 Read of size 8 at addr c90005957720 by task syz-executor409/6095 CPU: 0 PID: 6095 Comm: syz-executor409 Not tainted 6.2.0-syzkaller-13563-gf915322fe014 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:319 [inline] print_report+0x163/0x540 mm/kasan/report.c:430 kasan_report+0x176/0x1b0 mm/kasan/report.c:536 gfs2_dump_glock+0x14b3/0x1ad0 gfs2_consist_inode_i+0xf5/0x110 fs/gfs2/util.c:465 gfs2_dirent_scan+0x512/0x640 fs/gfs2/dir.c:602 gfs2_dirent_search+0x30e/0x8c0 fs/gfs2/dir.c:850 gfs2_dir_search+0xb2/0x2f0 fs/gfs2/dir.c:1650 gfs2_lookupi+0x460/0x5d0 fs/gfs2/inode.c:332 __gfs2_lookup+0xa4/0x270 fs/gfs2/inode.c:888 gfs2_atomic_open+0x9e/0x230 fs/gfs2/inode.c:1292 atomic_open fs/namei.c:3279 [inline] lookup_open fs/namei.c:3387 [inline] open_last_lookups fs/namei.c:3484 [inline] path_openat+0x103c/0x3170 fs/namei.c:3712 do_filp_open+0x234/0x490 fs/namei.c:3742 do_sys_openat2+0x13f/0x500 fs/open.c:1348 do_sys_open fs/open.c:1364 [inline] __do_sys_open fs/open.c:1372 [inline] __se_sys_open fs/open.c:1368 [inline] __x64_sys_open+0x225/0x270 fs/open.c:1368 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ff0f3f00b39 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ff0f3ea4208 EFLAGS: 0246 ORIG_RAX: 0002 RAX: ffda RBX: 7ff0f3f90788 RCX: 7ff0f3f00b39 RDX: 0008 RSI: 0002 RDI: 2280 RBP: 7ff0f3f90780 R08: R09: R10: R11: 0246 R12: 7ff0f3f9078c R13: 7fffdfd2a3af R14: 7ff0f3ea4300 R15: 00022000 Memory state around the buggy address: c90005957600: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 c90005957680: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >c90005957700: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ c90005957780: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 c90005957800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 == --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[Cluster-devel] [syzbot] [gfs2?] KMSAN: uninit-value in inode_go_dump
Hello, syzbot found the following issue on: HEAD commit:e919e2b1bc1c Revert "kmsan: disallow CONFIG_KMSAN with CON.. git tree: https://github.com/google/kmsan.git master console output: https://syzkaller.appspot.com/x/log.txt?x=1153019148 kernel config: https://syzkaller.appspot.com/x/.config?x=b63e082c4fda2e77 dashboard link: https://syzkaller.appspot.com/bug?extid=79333ce1ae874ab7ffbb compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/5676c9771994/disk-e919e2b1.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/7f53a1472ca4/vmlinux-e919e2b1.xz kernel image: https://storage.googleapis.com/syzbot-assets/eb021c0a44de/bzImage-e919e2b1.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+79333ce1ae874ab7f...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: G: s:SH n:2/13 f:qobnN t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1 gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0x125/0x510 fs/gfs2/ops_fstype.c:889 = BUG: KMSAN: uninit-value in inode_go_dump+0x499/0x4d0 fs/gfs2/glops.c:544 inode_go_dump+0x499/0x4d0 fs/gfs2/glops.c:544 gfs2_dump_glock+0x21d1/0x2300 fs/gfs2/glock.c:2379 gfs2_consist_inode_i+0x19b/0x220 fs/gfs2/util.c:465 gfs2_dinode_in fs/gfs2/glops.c:460 [inline] gfs2_inode_refresh+0x10d9/0x14e0 fs/gfs2/glops.c:480 inode_go_instantiate+0x6a/0xc0 fs/gfs2/glops.c:499 gfs2_instantiate+0x253/0x490 fs/gfs2/glock.c:456 gfs2_glock_holder_ready fs/gfs2/glock.c:1299 [inline] gfs2_glock_wait+0x28a/0x3d0 fs/gfs2/glock.c:1319 gfs2_glock_nq+0x8ce/0xbe0 fs/gfs2/glock.c:1567 gfs2_glock_nq_init fs/gfs2/glock.h:262 [inline] init_journal+0x11f2/0x38e0 fs/gfs2/ops_fstype.c:794 init_inodes+0x125/0x510 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x3b2d/0x43a0 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x8a3/0xd30 fs/super.c:1282 gfs2_get_tree+0x58/0x340 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0xa1/0x500 fs/super.c:1489 do_new_mount+0x694/0x1580 fs/namespace.c:3145 path_mount+0x71a/0x1eb0 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x734/0x840 fs/namespace.c:3674 __ia32_sys_mount+0xdf/0x140 fs/namespace.c:3674 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 Uninit was created at: __alloc_pages+0x9f1/0xe80 mm/page_alloc.c:5572 alloc_pages+0xaae/0xd80 mm/mempolicy.c:2286 alloc_slab_page mm/slub.c:1851 [inline] allocate_slab+0x235/0x1200 mm/slub.c:1998 new_slab mm/slub.c:2051 [inline] ___slab_alloc+0x10c3/0x2d60 mm/slub.c:3193 __slab_alloc mm/slub.c:3292 [inline] __slab_alloc_node mm/slub.c:3345 [inline] slab_alloc_node mm/slub.c:3442 [inline] slab_alloc mm/slub.c:3460 [inline] __kmem_cache_alloc_lru mm/slub.c:3467 [inline] kmem_cache_alloc_lru+0x713/0xb60 mm/slub.c:3483 alloc_inode_sb include/linux/fs.h:3119 [inline] gfs2_alloc_inode+0x62/0x210 fs/gfs2/super.c:1440 alloc_inode+0x83/0x440 fs/inode.c:259 iget5_locked+0xa5/0x200 fs/inode.c:1241 gfs2_inode_lookup+0xc7/0x14b0 fs/gfs2/inode.c:124 gfs2_lookup_root fs/gfs2/ops_fstype.c:462 [inline] init_sb+0xf27/0x19d0 fs/gfs2/ops_fstype.c:529 gfs2_fill_super+0x315b/0x43a0 fs/gfs2/ops_fstype.c:1214 get_tree_bdev+0x8a3/0xd30 fs/super.c:1282 gfs2_get_tree+0x58/0x340 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0xa1/0x500 fs/super.c:1489 do_new_mount+0x694/0x1580 fs/namespace.c:3145 path_mount+0x71a/0x1eb0 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x734/0x840 fs/namespace.c:3674 __ia32_sys_mount+0xdf/0x140 fs/namespace.c:3674 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x33/0x70 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82 CPU: 0 PID: 5906 Comm: syz-executor.3 Not tainted 6.2.0-rc3-syzkaller-79343-ge919e2b1bc1c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 = --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] [syzbot] [gfs2?] BUG: sleeping function called from invalid context in gfs2_glock_wait
Hello,
syzbot found the following issue on:
HEAD commit:d532dd102151 Merge tag 'for-6.2-rc4-tag' of git://git.kern..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=16c88b2c48
kernel config: https://syzkaller.appspot.com/x/.config?x=c3574635786f74ca
dashboard link: https://syzkaller.appspot.com/bug?extid=cdb448c6e82c20d7960c
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a30e7e48
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=164a8ab148
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/a644dc38be2c/disk-d532dd10.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/30e89b0598f8/vmlinux-d532dd10.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/5bb4bab3f67d/bzImage-d532dd10.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/89f4e6ce/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cdb448c6e82c20d79...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: found 1 quota changes
syz-executor390: attempt to access beyond end of device
loop0: rw=1, sector=131324, nr_sectors = 4 limit=32768
gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0
gfs2: fsid=syz:syz.0: fatal: I/O error(s)
gfs2: fsid=syz:syz.0: about to withdraw this file system
BUG: sleeping function called from invalid context at fs/gfs2/glock.c:1316
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5053, name:
syz-executor390
preempt_count: 1, expected: 0
RCU nest depth: 0, expected: 0
4 locks held by syz-executor390/5053:
#0: 88807a14c0e0 (>s_umount_key#47){+.+.}-{3:3}, at:
deactivate_super+0x96/0xd0 fs/super.c:362
#1: 888023a48b70 (>sd_quota_sync_mutex){+.+.}-{3:3}, at:
gfs2_quota_sync+0x9b/0x8b0 fs/gfs2/quota.c:1302
#2: 888023a49058 (>sd_log_flush_lock){}-{3:3}, at:
gfs2_log_flush+0xe7/0x26a0 fs/gfs2/log.c:1034
#3: 888023a48e80 (>sd_log_lock){+.+.}-{2:2}, at: spin_lock
include/linux/spinlock.h:350 [inline]
#3: 888023a48e80 (>sd_log_lock){+.+.}-{2:2}, at: gfs2_log_lock
fs/gfs2/log.h:32 [inline]
#3: 888023a48e80 (>sd_log_lock){+.+.}-{2:2}, at:
gfs2_flush_revokes+0x4e/0x80 fs/gfs2/log.c:805
Preemption disabled at:
[<>] 0x0
CPU: 0 PID: 5053 Comm: syz-executor390 Not tainted
6.2.0-rc4-syzkaller-9-gd532dd102151 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
10/26/2022
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
__might_resched+0x538/0x6a0 kernel/sched/core.c:10036
gfs2_glock_wait+0x52/0x2a0 fs/gfs2/glock.c:1316
gfs2_glock_nq_init fs/gfs2/glock.h:262 [inline]
gfs2_freeze_lock+0x5f/0xc0 fs/gfs2/util.c:107
signal_our_withdraw fs/gfs2/util.c:160 [inline]
gfs2_withdraw+0x5ab/0x14e0 fs/gfs2/util.c:351
gfs2_ail1_empty+0x8c9/0x950 fs/gfs2/log.c:368
gfs2_flush_revokes+0x59/0x80 fs/gfs2/log.c:806
revoke_lo_before_commit+0x2b/0xcf0 fs/gfs2/lops.c:869
lops_before_commit fs/gfs2/lops.h:40 [inline]
gfs2_log_flush+0xc8e/0x26a0 fs/gfs2/log.c:1093
do_sync+0xa4c/0xc90 fs/gfs2/quota.c:975
gfs2_quota_sync+0x3da/0x8b0 fs/gfs2/quota.c:1318
gfs2_sync_fs+0x49/0xb0 fs/gfs2/super.c:650
sync_filesystem+0xe8/0x220 fs/sync.c:56
generic_shutdown_super+0x6b/0x310 fs/super.c:474
kill_block_super+0x79/0xd0 fs/super.c:1386
deactivate_locked_super+0xa7/0xf0 fs/super.c:332
cleanup_mnt+0x494/0x520 fs/namespace.c:1291
task_work_run+0x243/0x300 kernel/task_work.c:179
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0x644/0x2150 kernel/exit.c:867
do_group_exit+0x1fd/0x2b0 kernel/exit.c:1012
__do_sys_exit_group kernel/exit.c:1023 [inline]
__se_sys_exit_group kernel/exit.c:1021 [inline]
__x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1021
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8d53bb09c9
Code: Unable to access opcode bytes at 0x7f8d53bb099f.
RSP: 002b:7ffda1438d78 EFLAGS: 0246 ORIG_RAX: 00e7
RAX: ffda RBX: 7f8d53c45330 RCX: 7f8d53bb09c9
RDX: 003c RSI: 00e7 RDI: 0001
RBP: 0001 R08: ffc0 R09: 0001f6db
R10: R11: 0246 R12: 7f8d53c45330
R13: 0001 R14: R15: 0001
=
[ BUG: Invalid wait context ]
6.2.0-rc4-syzkaller-9-gd532dd102151 #0 Tainted: GW
-
syz-executor390/5053 is trying to lock:
888019021c88 (>mutex){+.+.}-{3:3}, at: __flush_workqueue+0x1b7/0x16a0
kernel/workqueue.c:2812
other info that might help us debug this:
context-{4:4}
4 locks held b
[Cluster-devel] [syzbot] [gfs2?] BUG: unable to handle kernel NULL pointer dereference in gfs2_rgrp_dump
Hello, syzbot found the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=11859c5048 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=da0fc229cc1ff4bb2e6d compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101babb448 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10bfb18c48 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/0bee075b0175/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+da0fc229cc1ff4bb2...@syzkaller.appspotmail.com ri_length = 1 ri_data0 = 19 ri_data = 2060 ri_bitbytes = 514 start=0 len=514 offset=128 gfs2: fsid=syz:syz.s: R: n:18 f:00 b:0/0 i:0 q:0 r:0 e:0 Unable to handle kernel NULL pointer dereference at virtual address 0004 Mem abort info: ESR = 0x9606 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x0006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00010e23f000 [0004] pgd=08010b804003, p4d=08010b804003, pud=08010a4e8003, pmd= Internal error: Oops: 9606 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 3072 Comm: syz-executor147 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gfs2_rgrp_dump+0xa0/0x138 fs/gfs2/rgrp.c:2313 lr : gfs2_rgrp_dump+0x90/0x138 sp : 8fb93780 x29: 8fb937a0 x28: cb82a000 x27: cb82a000 x26: ca4de000 x25: 0808 x24: 080c x23: 0001c103 x22: ca4de000 x21: x20: 8fb937e0 x19: ca4de080 x18: 00c0 x17: 8dda8198 x16: 8dbe6158 x15: c680 x14: x13: x12: c680 x11: ff80892a5154 x10: x9 : 892a5154 x8 : x7 : 8c091ebc x6 : x5 : 0080 x4 : 0001 x3 : x2 : 0001fefbecd0 x1 : 8cc9c685 x0 : Call trace: gfs2_rgrp_dump+0xa0/0x138 fs/gfs2/rgrp.c:2312 gfs2_consist_rgrpd_i+0x78/0xe4 fs/gfs2/util.c:480 read_rindex_entry fs/gfs2/rgrp.c:931 [inline] gfs2_ri_update+0x398/0x7e4 fs/gfs2/rgrp.c:1001 gfs2_rindex_update+0x1b0/0x21c fs/gfs2/rgrp.c:1051 init_inodes+0x11c/0x184 fs/gfs2/ops_fstype.c:917 gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324 gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x40/0x140 fs/super.c:1531 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x890 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: f94036c8 f001cfa1 911a1421 aa1503e0 (2940a909) ---[ end trace ]--- Code disassembly (best guess): 0: f94036c8ldr x8, [x22, #104] 4: f001cfa1adrpx1, 0x39f7000 8: 911a1421add x1, x1, #0x685 c: aa1503e0mov x0, x21 * 10: 2940a909ldp w9, w10, [x8, #4] <-- trapping instruction --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[Cluster-devel] [syzbot] [gfs2?] kernel panic: stack is corrupted in gfs2_block_map
Hello, syzbot found the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=10e77d2788 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=2b5229694171c6846a90 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11b3961048 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11a1c6f788 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/72be6726ff4f/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2b5229694171c6846...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 125323 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: gfs2_block_map+0x33c/0x408 CPU: 1 PID: 3073 Comm: syz-executor388 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call trace: dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 panic+0x218/0x508 kernel/panic.c:274 warn_bogus_irq_restore+0x0/0x40 kernel/panic.c:703 gfs2_block_map+0x33c/0x408 0x0 SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0,040e0108,4c017203 Memory Limit: none Rebooting in 86400 seconds.. --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: [Cluster-devel] [syzbot] [gfs2?] BUG: sleeping function called from invalid context in do_page_fault (3)
syzbot has found a reproducer for the following issue on:
HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=11b7992848
kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=2845b2dfa28dec36e215
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=156dcd5048
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1337f2e448
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/9d323fcb08fb/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2845b2dfa28dec36e...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: H: s:SH f:H e:0 p:4002 [syz-executor363]
__gfs2_lookup+0x5c/0x1dc fs/gfs2/inode.c:870
BUG: sleeping function called from invalid context at arch/arm64/mm/fault.c:599
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4011, name:
syz-executor363
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
3 locks held by syz-executor363/4011:
#0:
cfa98dd0
(
>i_mutex_dir_key
#8
){.+.+}-{3:3}
, at: inode_lock_shared include/linux/fs.h:766 [inline]
, at: open_last_lookups fs/namei.c:3480 [inline]
, at: path_openat+0x2e4/0x11c4 fs/namei.c:3711
#1:
8d4a4640
(
rcu_read_lock
){}-{1:2}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:303
#2:
c0e15648
(
>mmap_lock){}-{3:3}, at: mmap_read_trylock
include/linux/mmap_lock.h:136 [inline]
>mmap_lock){}-{3:3}, at: do_page_fault+0x1ec/0x79c
arch/arm64/mm/fault.c:589
CPU: 1 PID: 4011 Comm: syz-executor363 Not tainted
6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
10/26/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__might_resched+0x208/0x218 kernel/sched/core.c:9908
__might_sleep+0x48/0x78 kernel/sched/core.c:9837
do_page_fault+0x214/0x79c arch/arm64/mm/fault.c:599
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
rcu_read_lock include/linux/rcupdate.h:739 [inline]
dump_holder fs/gfs2/glock.c:2332 [inline]
gfs2_dump_glock+0x4f4/0x904 fs/gfs2/glock.c:2447
gfs2_consist_inode_i+0x68/0x88 fs/gfs2/util.c:465
gfs2_dirent_scan+0x2dc/0x3b4 fs/gfs2/dir.c:602
gfs2_dirent_search+0x134/0x494 fs/gfs2/dir.c:850
gfs2_dir_search+0x58/0x130 fs/gfs2/dir.c:1650
gfs2_lookupi+0x23c/0x354 fs/gfs2/inode.c:323
__gfs2_lookup+0x5c/0x1dc fs/gfs2/inode.c:870
gfs2_atomic_open+0x74/0x148 fs/gfs2/inode.c:1274
atomic_open fs/namei.c:3276 [inline]
lookup_open fs/namei.c:3384 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x67c/0x11c4 fs/namei.c:3711
do_filp_open+0xdc/0x1b8 fs/namei.c:3741
do_sys_openat2+0xb8/0x22c fs/open.c:1310
do_sys_open fs/open.c:1326 [inline]
__do_sys_openat fs/open.c:1342 [inline]
__se_sys_openat fs/open.c:1337 [inline]
__arm64_sys_openat+0xb0/0xe0 fs/open.c:1337
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Unable to handle kernel NULL pointer dereference at virtual address
0021
Mem abort info:
ESR = 0x9606
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x0006
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000113364000
[0021] pgd=080111d8b003, p4d=080111d8b003,
pud=080111d8c003, pmd=
Internal error: Oops: 9606 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4011 Comm: syz-executor36
Re: [Cluster-devel] [syzbot] [gfs2?] possible deadlock in freeze_super (2)
syzbot has found a reproducer for the following issue on:
HEAD commit:1b929c02afd3 Linux 6.2-rc1
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1144731248
kernel config: https://syzkaller.appspot.com/x/.config?x=68e0be42c8ee4bb4
dashboard link: https://syzkaller.appspot.com/bug?extid=be899d4f10b2a9522dce
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14b638c048
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11b1727048
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/2d8c5072480f/disk-1b929c02.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/46687f1395db/vmlinux-1b929c02.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/26f1afa5ec00/bzImage-1b929c02.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/952580c084c8/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+be899d4f10b2a9522...@syzkaller.appspotmail.com
==
WARNING: possible circular locking dependency detected
6.2.0-rc1-syzkaller #0 Not tainted
--
kworker/0:1H/52 is trying to acquire lock:
8880277440e0 (>s_umount_key#44){+.+.}-{3:3}, at:
freeze_super+0x45/0x420 fs/super.c:1655
but task is already holding lock:
c9bd7d00 ((work_completion)(&(>gl_work)->work)){+.+.}-{0:0}, at:
process_one_work+0x831/0xdb0 kernel/workqueue.c:2264
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 ((work_completion)(&(>gl_work)->work)){+.+.}-{0:0}:
lock_acquire+0x182/0x3c0 kernel/locking/lockdep.c:5668
process_one_work+0x852/0xdb0 kernel/workqueue.c:2265
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
-> #1 ((wq_completion)glock_workqueue){+.+.}-{0:0}:
lock_acquire+0x182/0x3c0 kernel/locking/lockdep.c:5668
__flush_workqueue+0x178/0x1680 kernel/workqueue.c:2809
gfs2_gl_hash_clear+0xa3/0x300 fs/gfs2/glock.c:2191
gfs2_put_super+0x862/0x8d0 fs/gfs2/super.c:627
generic_shutdown_super+0x130/0x310 fs/super.c:492
kill_block_super+0x79/0xd0 fs/super.c:1386
deactivate_locked_super+0xa7/0xf0 fs/super.c:332
cleanup_mnt+0x494/0x520 fs/namespace.c:1291
task_work_run+0x243/0x300 kernel/task_work.c:179
ptrace_notify+0x29a/0x340 kernel/signal.c:2354
ptrace_report_syscall include/linux/ptrace.h:411 [inline]
ptrace_report_syscall_exit include/linux/ptrace.h:473 [inline]
syscall_exit_work+0x8c/0xe0 kernel/entry/common.c:251
syscall_exit_to_user_mode_prepare+0x63/0xc0 kernel/entry/common.c:278
__syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
syscall_exit_to_user_mode+0xa/0x60 kernel/entry/common.c:296
do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd
-> #0 (>s_umount_key#44){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3097 [inline]
check_prevs_add kernel/locking/lockdep.c:3216 [inline]
validate_chain+0x1898/0x6ae0 kernel/locking/lockdep.c:3831
__lock_acquire+0x1292/0x1f60 kernel/locking/lockdep.c:5055
lock_acquire+0x182/0x3c0 kernel/locking/lockdep.c:5668
down_write+0x9c/0x270 kernel/locking/rwsem.c:1562
freeze_super+0x45/0x420 fs/super.c:1655
freeze_go_sync+0x178/0x340 fs/gfs2/glops.c:577
do_xmote+0x34d/0x13d0 fs/gfs2/glock.c:708
glock_work_func+0x2c2/0x450 fs/gfs2/glock.c:1056
process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
other info that might help us debug this:
Chain exists of:
>s_umount_key#44 --> (wq_completion)glock_workqueue -->
(work_completion)(&(>gl_work)->work)
Possible unsafe locking scenario:
CPU0CPU1
lock((work_completion)(&(>gl_work)->work));
lock((wq_completion)glock_workqueue);
lock((work_completion)(&(>gl_work)->work));
lock(>s_umount_key#44);
*** DEADLOCK ***
2 locks held by kworker/0:1H/52:
#0: 888018293938 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at:
process_one_work+0x7f2/0xdb0
#1: c9bd7d00 ((work_completion)(&(>gl_work)->work)
){+.+.}-{0:0}
, at: process_one_work+0x831/0xdb0 kernel/workqueue.c:2264
stack backtrace:
CPU: 0 PID: 52 Com
[Cluster-devel] [syzbot] [gfs2?] KASAN: use-after-free Read in qd_unlock (2)
Hello, syzbot found the following issue on: HEAD commit:1b929c02afd3 Linux 6.2-rc1 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1799c25048 kernel config: https://syzkaller.appspot.com/x/.config?x=68e0be42c8ee4bb4 dashboard link: https://syzkaller.appspot.com/bug?extid=3f6a670108ce43356017 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c4ea1848 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1359b33848 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/2d8c5072480f/disk-1b929c02.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/46687f1395db/vmlinux-1b929c02.xz kernel image: https://storage.googleapis.com/syzbot-assets/26f1afa5ec00/bzImage-1b929c02.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/35edd581b491/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+3f6a670108ce43356...@syzkaller.appspotmail.com R10: R11: 0246 R12: 7f2c431103d0 R13: 0001 R14: R15: 0001 == BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:72 [inline] BUG: KASAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0 fs/gfs2/quota.c:490 Read of size 8 at addr 888073997090 by task syz-executor221/5069 CPU: 1 PID: 5069 Comm: syz-executor221 Not tainted 6.2.0-rc1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:306 print_report+0x107/0x1f0 mm/kasan/report.c:417 kasan_report+0xcd/0x100 mm/kasan/report.c:517 kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:72 [inline] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] qd_unlock+0x30/0x2d0 fs/gfs2/quota.c:490 gfs2_quota_sync+0x768/0x8b0 fs/gfs2/quota.c:1325 gfs2_sync_fs+0x49/0xb0 fs/gfs2/super.c:650 sync_filesystem+0xe8/0x220 fs/sync.c:56 generic_shutdown_super+0x6b/0x310 fs/super.c:474 kill_block_super+0x79/0xd0 fs/super.c:1386 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 cleanup_mnt+0x494/0x520 fs/namespace.c:1291 task_work_run+0x243/0x300 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x644/0x2150 kernel/exit.c:867 do_group_exit+0x1fd/0x2b0 kernel/exit.c:1012 __do_sys_exit_group kernel/exit.c:1023 [inline] __se_sys_exit_group kernel/exit.c:1021 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1021 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2c4308d0c9 Code: Unable to access opcode bytes at 0x7f2c4308d09f. RSP: 002b:7ffcdd2f81f8 EFLAGS: 0246 ORIG_RAX: 00e7 RAX: ffda RBX: 7f2c431103d0 RCX: 7f2c4308d0c9 RDX: 003c RSI: 00e7 RDI: 0001 RBP: 0001 R08: ffc0 R09: 00012550 R10: R11: 0246 R12: 7f2c431103d0 R13: 0001 R14: R15: 0001 Allocated by task 5069: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x3d/0x60 mm/kasan/common.c:52 __kasan_slab_alloc+0x65/0x70 mm/kasan/common.c:325 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slab.h:761 [inline] slab_alloc_node mm/slub.c:3452 [inline] slab_alloc mm/slub.c:3460 [inline] __kmem_cache_alloc_lru mm/slub.c:3467 [inline] kmem_cache_alloc+0x1b3/0x350 mm/slub.c:3476 kmem_cache_zalloc include/linux/slab.h:710 [inline] qd_alloc+0x51/0x250 fs/gfs2/quota.c:216 gfs2_quota_init+0x7c4/0x10e0 fs/gfs2/quota.c:1415 gfs2_make_fs_rw+0x48e/0x590 fs/gfs2/super.c:153 gfs2_fill_super+0x2357/0x2700 fs/gfs2/ops_fstype.c:1274 get_tree_bdev+0x400/0x620 fs/super.c:1282 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 0: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x3d/0x60 mm/kasan/common.c:52 kasan_save_free_info+0x27/0x40 mm/kasan/generic.c:518
Re: [Cluster-devel] [syzbot] [gfs2?] INFO: task hung in gfs2_jhead_process_page
syzbot has found a reproducer for the following issue on:
HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=172de6df88
kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=b9c5afe053a08cd29468
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=116fc08848
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1756e06048
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/aa84169739f7/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b9c5afe053a08cd29...@syzkaller.appspotmail.com
INFO: task kworker/1:2:2221 blocked for more than 143 seconds.
Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/1:2 state:D stack:0 pid:2221 ppid:2 flags:0x0008
Workqueue: gfs_recovery gfs2_recover_func
Call trace:
__switch_to+0x180/0x298 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5209 [inline]
__schedule+0x408/0x594 kernel/sched/core.c:6521
schedule+0x64/0xa4 kernel/sched/core.c:6597
io_schedule+0x38/0xbc kernel/sched/core.c:8741
folio_wait_bit_common+0x430/0x97c mm/filemap.c:1296
folio_wait_bit+0x30/0x40 mm/filemap.c:1440
folio_wait_locked include/linux/pagemap.h:1022 [inline]
gfs2_jhead_process_page+0xb4/0x40c fs/gfs2/lops.c:476
gfs2_find_jhead+0x450/0x50c fs/gfs2/lops.c:594
gfs2_recover_func+0x278/0xcc8 fs/gfs2/recovery.c:460
process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
worker_thread+0x340/0x610 kernel/workqueue.c:2436
kthread+0x12c/0x158 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863
INFO: task syz-executor189:3110 blocked for more than 143 seconds.
Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor189 state:D stack:0 pid:3110 ppid:3109 flags:0x0009
Call trace:
__switch_to+0x180/0x298 arch/arm64/kernel/process.c:555
context_switch kernel/sched/core.c:5209 [inline]
__schedule+0x408/0x594 kernel/sched/core.c:6521
schedule+0x64/0xa4 kernel/sched/core.c:6597
bit_wait+0x18/0x60 kernel/sched/wait_bit.c:199
__wait_on_bit kernel/sched/wait_bit.c:49 [inline]
out_of_line_wait_on_bit+0xc8/0x140 kernel/sched/wait_bit.c:64
wait_on_bit include/linux/wait_bit.h:76 [inline]
gfs2_recover_journal+0xc0/0x104 fs/gfs2/recovery.c:577
init_journal+0x930/0xcbc fs/gfs2/ops_fstype.c:835
init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889
gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247
get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324
gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330
vfs_get_tree+0x40/0x140 fs/super.c:1531
do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
path_mount+0x358/0x890 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/11:
#0: 8d4a4768 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at:
rcu_tasks_one_gp+0x3c/0x450 kernel/rcu/tasks.h:507
1 lock held by rcu_tasks_trace/12:
#0: 8d4a4db8 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at:
rcu_tasks_one_gp+0x3c/0x450 kernel/rcu/tasks.h:507
1 lock held by khungtaskd/27:
#0: 8d4a4640 (rcu_read_lock){}-{1:2}, at:
rcu_lock_acquire+0x4/0x48 include/linux/rcupdate.h:303
2 locks held by kworker/1:2/2221:
#0: c028d138 ((wq_completion)gfs_recovery){+.+.}-{0:0}, at:
process_one_work+0x270/0x504 kernel/workqueue.c:2262
#1: 800015de3d80 ((work_completion)(>jd_work)){+.+.}-{0:0}, at:
process_one_work+0x29c/0x504 kernel/workqueue.c:2264
2 locks held by getty/2758:
#0: c535f098 (>ldisc_sem){}-{0:
[Cluster-devel] [syzbot] [gfs2?] BUG: unable to handle kernel NULL pointer dereference in gfs2_rindex_update
Hello, syzbot found the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1130468c48 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=2b32df23ff6b5b307565 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=141a939048 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=166a031788 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/9bf67d96dec4/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2b32df23ff6b5b307...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 32768 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms Unable to handle kernel NULL pointer dereference at virtual address 04b8 Mem abort info: ESR = 0x9606 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x0006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00010d0e4000 [04b8] pgd=08010d0ef003, p4d=08010d0ef003, pud=08010c843003, pmd= Internal error: Oops: 9606 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 3073 Comm: syz-executor647 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gfs2_rindex_update+0x4c/0x21c fs/gfs2/rgrp.c:1037 lr : gfs2_rindex_update+0x3c/0x21c fs/gfs2/rgrp.c:1035 sp : 800012f13610 x29: 800012f13650 x28: x27: x26: ca97a580 x25: cb5ee000 x24: cb5ee174 x23: x22: 8925c6b0 x21: 800012f13850 x20: cb5ee000 x19: x18: 800012f132d0 x17: 8dda8198 x16: 8dbe6158 x15: c99bcec0 x14: x13: x12: c99bcec0 x11: ff80892a1b7c x10: x9 : 892a1b7c x8 : c99bcec0 x7 : 8846001c x6 : x5 : x4 : x3 : 0002 x2 : x1 : x0 : Call trace: gfs2_rindex_update+0x4c/0x21c fs/gfs2/rgrp.c:1038 punch_hole+0x578/0x18b8 fs/gfs2/bmap.c:1796 gfs2_truncatei_resume+0x28/0x68 fs/gfs2/bmap.c:2154 inode_go_held+0xb8/0xe0 fs/gfs2/glops.c:513 gfs2_instantiate+0xf0/0x208 fs/gfs2/glock.c:529 gfs2_glock_holder_ready fs/gfs2/glock.c:1326 [inline] gfs2_glock_wait+0x10c/0x164 fs/gfs2/glock.c:1346 gfs2_glock_nq+0x104/0x220 fs/gfs2/glock.c:1596 gfs2_glock_nq_init fs/gfs2/glock.h:264 [inline] init_statfs fs/gfs2/ops_fstype.c:696 [inline] init_journal+0x7a8/0xcbc fs/gfs2/ops_fstype.c:820 init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324 gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x40/0x140 fs/super.c:1531 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x890 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: f943a293 b947c697 2a1f03e0 a902 (f9425e75) ---[ end trace ]--- Code disassembly (best guess): 0: f943a293ldr x19, [x20, #1856] 4: b947c697ldr w23, [x20, #1988] 8: 2a1f03e0mov w0, wzr c: a902stp xzr, xzr, [sp, #40] * 10: f9425e75ldr x21, [x19, #1208] <
Re: [Cluster-devel] [syzbot] [gfs2?] general protection fault in gfs2_evict_inode (2)
syzbot has found a reproducer for the following issue on: HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=1555132788 kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397 dashboard link: https://syzkaller.appspot.com/bug?extid=8a5fc6416c175cecea34 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1718796f88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1735df8f88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/b4c763067524/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8a5fc6416c175cece...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: error recovering journal 0: -5 Unable to handle kernel NULL pointer dereference at virtual address 008c Mem abort info: ESR = 0x9606 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x0006 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=00010dd7c000 [008c] pgd=08010bf77003, p4d=08010bf77003, pud=08010a9f1003, pmd= Internal error: Oops: 9606 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 3071 Comm: syz-executor179 Not tainted 6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 pstate: 8045 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : evict_linked_inode fs/gfs2/super.c:1330 [inline] pc : gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385 lr : evict_linked_inode fs/gfs2/super.c:1328 [inline] lr : gfs2_evict_inode+0x6ec/0x918 fs/gfs2/super.c:1385 sp : 8ff73830 x29: 8ff738a0 x28: x27: x26: cb74c728 x25: 8004 x24: c9b25110 x23: cb74c000 x22: c9b24e70 x21: cb74c000 x20: ca579770 x19: ca5792c0 x18: 00c0 x17: 8dda8198 x16: 8dbe6158 x15: c407cec0 x14: 00b8 x13: x12: c407cec0 x11: ff8089278314 x10: x9 : 89278314 x8 : x7 : 8862aa80 x6 : x5 : x4 : 0001 x3 : x2 : 0001 x1 : x0 : cb74c000 Call trace: evict_linked_inode fs/gfs2/super.c:1330 [inline] gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385 evict+0xec/0x334 fs/inode.c:664 iput_final fs/inode.c:1747 [inline] iput+0x2c4/0x324 fs/inode.c:1773 gfs2_jindex_free+0x10c/0x16c fs/gfs2/super.c:75 init_journal+0x518/0xcbc fs/gfs2/ops_fstype.c:871 init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324 gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x40/0x140 fs/super.c:1531 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x890 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: 97ff3736 f94482e8 aa1703e0 2a1f03e1 (b9408d02) ---[ end trace ]--- Code disassembly (best guess): 0: 97ff3736bl 0xfffcdcd8 4: f94482e8ldr x8, [x23, #2304] 8: aa1703e0mov x0, x23 c: 2a1f03e1mov w1, wzr * 10: b9408d02ldr w2, [x8, #140] <-- trapping instruction
[Cluster-devel] [syzbot] [gfs2?] UBSAN: array-index-out-of-bounds in __gfs2_iomap_get
Hello, syzbot found the following issue on: HEAD commit:77856d911a8c Merge tag 'arm64-fixes' of git://git.kernel.o.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=155a666388 kernel config: https://syzkaller.appspot.com/x/.config?x=f967143badd2fa39 dashboard link: https://syzkaller.appspot.com/bug?extid=45d4691b1ed3c48eba05 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160f494f88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=123f957788 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4b424d9203f5/disk-77856d91.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/47fd68051834/vmlinux-77856d91.xz kernel image: https://storage.googleapis.com/syzbot-assets/d3091f087a86/bzImage-77856d91.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/67525acd7f1d/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+45d4691b1ed3c48eb...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 125323 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... UBSAN: array-index-out-of-bounds in fs/gfs2/bmap.c:901:46 index 11 is out of range for type 'u64 [11]' CPU: 0 PID: 5067 Comm: syz-executor164 Not tainted 6.1.0-syzkaller-13031-g77856d911a8c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_out_of_bounds+0xe0/0x110 lib/ubsan.c:282 __gfs2_iomap_get+0x4a4/0x16e0 fs/gfs2/bmap.c:901 gfs2_iomap_get fs/gfs2/bmap.c:1399 [inline] gfs2_block_map+0x28f/0x7f0 fs/gfs2/bmap.c:1214 gfs2_write_alloc_required+0x441/0x6e0 fs/gfs2/bmap.c:2322 gfs2_jdesc_check+0x1b9/0x290 fs/gfs2/super.c:114 init_journal+0x5a4/0x22c0 fs/gfs2/ops_fstype.c:804 init_inodes+0xdc/0x340 fs/gfs2/ops_fstype.c:889 gfs2_fill_super+0x1bb2/0x2700 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x400/0x620 fs/super.c:1282 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x88/0x270 fs/super.c:1489 do_new_mount+0x289/0xad0 fs/namespace.c:3145 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f2c63567aca Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffd0e3a28d8 EFLAGS: 0282 ORIG_RAX: 00a5 RAX: ffda RBX: 0003 RCX: 7f2c63567aca RDX: 20037f40 RSI: 20037f80 RDI: 7ffd0e3a28e0 RBP: 7ffd0e3a28e0 R08: 7ffd0e3a2920 R09: 00043350 R10: 0211 R11: 0282 R12: 0004 R13: 567192c0 R14: 7ffd0e3a2920 R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: [Cluster-devel] [syzbot] general protection fault in do_xmote
syzbot has found a reproducer for the following issue on: HEAD commit:764822972d64 Merge tag 'nfsd-6.2' of git://git.kernel.org/.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1428fb0b88 kernel config: https://syzkaller.appspot.com/x/.config?x=8c59170b68d26a55 dashboard link: https://syzkaller.appspot.com/bug?extid=ececff266234ba40fe13 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14ce69c048 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1016950b88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0c840c19749d/disk-76482297.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/bdfd51618ae0/vmlinux-76482297.xz kernel image: https://storage.googleapis.com/syzbot-assets/fef17b5d4d6d/bzImage-76482297.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/a114b1cb5db6/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ececff266234ba40f...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc97: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x04b8-0x04bf] CPU: 1 PID: 1273 Comm: kworker/1:1H Not tainted 6.1.0-syzkaller-03225-g764822972d64 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Workqueue: glock_workqueue glock_work_func RIP: 0010:is_system_glock fs/gfs2/glock.c:725 [inline] RIP: 0010:do_xmote+0xdde/0x13d0 fs/gfs2/glock.c:835 Code: 00 48 03 5d 00 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 91 e1 27 fe bd b8 04 00 00 48 03 2b 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 73 e1 27 fe 4c 8b 64 24 08 4c 39 RSP: 0018:c900061a7b70 EFLAGS: 00010202 RAX: 0097 RBX: 888021dd8718 RCX: 888021c93a80 RDX: RSI: 4000 RDI: RBP: 04b8 R08: 83b7d986 R09: ed10043bb016 R10: ed10043bb016 R11: 1110043bb015 R12: 888075bf0548 R13: 0818 R14: dc00 R15: 888021dd8000 FS: () GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 20002080 CR3: 7a61b000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: glock_work_func+0x2c2/0x450 fs/gfs2/glock.c:1082 process_one_work+0x877/0xdb0 kernel/workqueue.c:2289 worker_thread+0xb14/0x1330 kernel/workqueue.c:2436 kthread+0x266/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 Modules linked in: ---[ end trace ]--- RIP: 0010:is_system_glock fs/gfs2/glock.c:725 [inline] RIP: 0010:do_xmote+0xdde/0x13d0 fs/gfs2/glock.c:835 Code: 00 48 03 5d 00 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 91 e1 27 fe bd b8 04 00 00 48 03 2b 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 73 e1 27 fe 4c 8b 64 24 08 4c 39 RSP: 0018:c900061a7b70 EFLAGS: 00010202 RAX: 0097 RBX: 888021dd8718 RCX: 888021c93a80 RDX: RSI: 4000 RDI: RBP: 04b8 R08: 83b7d986 R09: ed10043bb016 R10: ed10043bb016 R11: 1110043bb015 R12: 888075bf0548 R13: 0818 R14: dc00 R15: 888021dd8000 FS: () GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 20002080 CR3: 7e6e4000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 00 48 03add%cl,0x3(%rax) 3: 5d pop%rbp 4: 00 48 89add%cl,-0x77(%rax) 7: d8 48 c1fmuls -0x3f(%rax) a: e8 03 42 80 3c callq 0x3c804212 f: 30 00 xor%al,(%rax) 11: 74 08 je 0x1b 13: 48 89 dfmov%rbx,%rdi 16: e8 91 e1 27 fe callq 0xfe27e1ac 1b: bd b8 04 00 00 mov$0x4b8,%ebp 20: 48 03 2badd(%rbx),%rbp 23: 48 89 e8mov%rbp,%rax 26: 48 c1 e8 03 shr$0x3,%rax * 2a: 42 80 3c 30 00 cmpb $0x0,(%rax,%r14,1) <-- trapping instruction 2f: 74 08 je 0x39 31: 48 89 efmov%rbp,%rdi 34: e8 73 e1 27 fe callq 0xfe27e1ac 39: 4c 8b 64 24 08 mov0x8(%rsp),%r12 3e: 4c re
[Cluster-devel] [syzbot] WARNING in gfs2_check_blk_type
Hello, syzbot found the following issue on: HEAD commit:4cee37b3a4e6 Merge tag 'mm-hotfixes-stable-2022-12-10-1' o.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=14da950b88 kernel config: https://syzkaller.appspot.com/x/.config?x=d58e7fe7f9cf5e24 dashboard link: https://syzkaller.appspot.com/bug?extid=092b28923eb79e0f3c41 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f12ddb88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10ebee1f88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/051fc9a10d4a/disk-4cee37b3.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c40b15750245/vmlinux-4cee37b3.xz kernel image: https://storage.googleapis.com/syzbot-assets/a25e4bc102fa/bzImage-4cee37b3.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/f10d144677a2/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+092b28923eb79e0f3...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: first mount done, others may mount [ cut here ] WARNING: CPU: 0 PID: 3635 at fs/gfs2/rgrp.c:2628 gfs2_rbm_from_block fs/gfs2/rgrp.c:279 [inline] WARNING: CPU: 0 PID: 3635 at fs/gfs2/rgrp.c:2628 gfs2_check_blk_type+0x43d/0x660 fs/gfs2/rgrp.c:2627 Modules linked in: CPU: 0 PID: 3635 Comm: syz-executor328 Not tainted 6.1.0-rc8-syzkaller-00164-g4cee37b3a4e6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:gfs2_check_blk_type+0x43d/0x660 fs/gfs2/rgrp.c:2628 Code: 85 c6 01 00 00 8b 1b 89 df 44 89 f6 e8 1c ae cd fd 4c 89 74 24 10 44 39 f3 76 21 e8 6d ac cd fd 45 31 ed eb 6d e8 63 ac cd fd <0f> 0b 41 bf f9 ff ff ff 48 8b 5c 24 18 e9 41 01 00 00 e8 4c ac cd RSP: 0018:c90003c0f8c0 EFLAGS: 00010293 RAX: 83bcf389 RBX: 0012 RCX: 88802243ba80 RDX: RSI: 0012 RDI: 0013 RBP: c90003c0f9d0 R08: 83bcf37f R09: ed100e7a15dd R10: ed100e7a15dd R11: 11100e7a15dc R12: 11100ea34806 R13: 8880751a4000 R14: 11100ea34805 R15: 0013 FS: 56210300() GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 55bda9265e90 CR3: 1d27a000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: gfs2_inode_lookup+0xb66/0xd90 fs/gfs2/inode.c:173 gfs2_lookup_by_inum+0x4d/0xe0 fs/gfs2/inode.c:241 gfs2_get_dentry fs/gfs2/export.c:139 [inline] gfs2_fh_to_dentry+0x12d/0x1f0 fs/gfs2/export.c:162 exportfs_decode_fh_raw+0x115/0x600 fs/exportfs/expfs.c:435 exportfs_decode_fh+0x38/0x70 fs/exportfs/expfs.c:575 do_handle_to_path fs/fhandle.c:152 [inline] handle_to_path fs/fhandle.c:207 [inline] do_handle_open+0x485/0x950 fs/fhandle.c:223 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f27f5ae1799 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffd97d6fbf8 EFLAGS: 0246 ORIG_RAX: 0130 RAX: ffda RBX: RCX: 7f27f5ae1799 RDX: RSI: 2100 RDI: 0004 RBP: 7f27f5aa1030 R08: R09: R10: 000124d6 R11: 0246 R12: 7f27f5aa10c0 R13: R14: R15: --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
Re: [Cluster-devel] [syzbot] BUG: sleeping function called from invalid context in do_page_fault (3)
syzbot has found a reproducer for the following issue on:
HEAD commit:a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=127e776d88
kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=2845b2dfa28dec36e215
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1578ffdf88
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
mounted in repro #1:
https://storage.googleapis.com/syzbot-assets/59313e0459cb/mount_0.gz
mounted in repro #2:
https://storage.googleapis.com/syzbot-assets/1afee1432fbe/mount_4.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2845b2dfa28dec36e...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: H: s:?? f:pn e:-32768 p:0 [(none)]
preempt_count+0x10/0x24 arch/arm64/include/asm/preempt.h:12
BUG: sleeping function called from invalid context at arch/arm64/mm/fault.c:599
in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 3596, name:
syz-executor.0
preempt_count: 0, expected: 0
RCU nest depth: 1, expected: 0
3 locks held by syz-executor.0/3596:
#0: d0712d10 (>i_mutex_dir_key#8){.+.+}-{3:3}, at:
inode_lock_shared include/linux/fs.h:766 [inline]
#0: d0712d10 (>i_mutex_dir_key#8){.+.+}-{3:3}, at:
open_last_lookups fs/namei.c:3480 [inline]
#0: d0712d10 (>i_mutex_dir_key#8){.+.+}-{3:3}, at:
path_openat+0x2e4/0x11c4 fs/namei.c:3711
#1: 8d4a4640 (rcu_read_lock){}-{1:2}, at:
rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:303
#2: d51feb48 (>mmap_lock){}-{3:3}, at: mmap_read_trylock
include/linux/mmap_lock.h:136 [inline]
#2: d51feb48 (>mmap_lock){}-{3:3}, at:
do_page_fault+0x1ec/0x79c arch/arm64/mm/fault.c:589
CPU: 1 PID: 3596 Comm: syz-executor.0 Not tainted
6.1.0-rc8-syzkaller-0-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
09/30/2022
Call trace:
dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:163
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
__might_resched+0x208/0x218 kernel/sched/core.c:9908
__might_sleep+0x48/0x78 kernel/sched/core.c:9837
do_page_fault+0x214/0x79c arch/arm64/mm/fault.c:599
do_translation_fault+0x78/0x194 arch/arm64/mm/fault.c:691
do_mem_abort+0x54/0x130 arch/arm64/mm/fault.c:827
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:579
pid_nr include/linux/pid.h:185 [inline]
dump_holder fs/gfs2/glock.c:2337 [inline]
gfs2_dump_glock+0x518/0x904 fs/gfs2/glock.c:2447
gfs2_consist_inode_i+0x68/0x88 fs/gfs2/util.c:465
gfs2_dirent_scan+0x2dc/0x3b4 fs/gfs2/dir.c:602
gfs2_dirent_search+0x134/0x494 fs/gfs2/dir.c:850
gfs2_dir_search+0x58/0x130 fs/gfs2/dir.c:1650
gfs2_lookupi+0x23c/0x354 fs/gfs2/inode.c:323
__gfs2_lookup+0x5c/0x1dc fs/gfs2/inode.c:870
gfs2_atomic_open+0x74/0x148 fs/gfs2/inode.c:1274
atomic_open fs/namei.c:3276 [inline]
lookup_open fs/namei.c:3384 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x67c/0x11c4 fs/namei.c:3711
do_filp_open+0xdc/0x1b8 fs/namei.c:3741
do_sys_openat2+0xb8/0x22c fs/open.c:1310
do_sys_open fs/open.c:1326 [inline]
__do_sys_openat fs/open.c:1342 [inline]
__se_sys_openat fs/open.c:1337 [inline]
__arm64_sys_openat+0xb0/0xe0 fs/open.c:1337
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Unable to handle kernel paging request at virtual address 03fda9bf7ccd
Mem abort info:
ESR = 0x9604
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x0004
Re: [Cluster-devel] [syzbot] general protection fault in gfs2_get_tree
syzbot has found a reproducer for the following issue on: HEAD commit:591cd61541b9 Add linux-next specific files for 20221207 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=10edd84388 kernel config: https://syzkaller.appspot.com/x/.config?x=8b2d3e63e054c24f dashboard link: https://syzkaller.appspot.com/bug?extid=2be9d17f9de2e7342994 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10dfde7d88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/bc862c01ec56/disk-591cd615.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8f9b93f8ed2f/vmlinux-591cd615.xz kernel image: https://storage.googleapis.com/syzbot-assets/9d5cb636d548/bzImage-591cd615.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/d4c744809640/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2be9d17f9de2e7342...@syzkaller.appspotmail.com loop1: detected capacity change from 0 to 32768 general protection fault, probably for non-canonical address 0xdc1c: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00e0-0x00e7] CPU: 1 PID: 5330 Comm: syz-executor.1 Not tainted 6.1.0-rc8-next-20221207-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:gfs2_get_tree+0xb8/0x270 fs/gfs2/ops_fstype.c:1342 Code: 03 80 3c 02 00 0f 85 9f 01 00 00 4c 8b bb b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 62 01 00 00 4d 8b b7 e0 00 00 00 48 b8 00 00 00 RSP: 0018:c900049a7d50 EFLAGS: 00010202 RAX: dc00 RBX: 88802319c000 RCX: RDX: 001c RSI: 83925ec7 RDI: 00e0 RBP: 88807bed3800 R08: 0005 R09: R10: R11: 00094001 R12: R13: 88802319c0b0 R14: 88802319c000 R15: FS: 7f687e332700() GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f27ec317000 CR3: 21f43000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: vfs_get_tree+0x8d/0x2f0 fs/super.c:1489 do_new_mount fs/namespace.c:3145 [inline] path_mount+0x132a/0x1e20 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount fs/namespace.c:3674 [inline] __x64_sys_mount+0x283/0x300 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f687d68d60a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f687e331f88 EFLAGS: 0246 ORIG_RAX: 00a5 RAX: ffda RBX: 000133e6 RCX: 7f687d68d60a RDX: 20013400 RSI: 20013440 RDI: 7f687e331fe0 RBP: 7f687e332020 R08: 7f687e332020 R09: R10: R11: 0246 R12: 20013400 R13: 20013440 R14: 7f687e331fe0 R15: 20c0 Modules linked in: ---[ end trace ]--- RIP: 0010:gfs2_get_tree+0xb8/0x270 fs/gfs2/ops_fstype.c:1342 Code: 03 80 3c 02 00 0f 85 9f 01 00 00 4c 8b bb b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 62 01 00 00 4d 8b b7 e0 00 00 00 48 b8 00 00 00 RSP: 0018:c900049a7d50 EFLAGS: 00010202 RAX: dc00 RBX: 88802319c000 RCX: RDX: 001c RSI: 83925ec7 RDI: 00e0 RBP: 88807bed3800 R08: 0005 R09: R10: R11: 00094001 R12: R13: 88802319c0b0 R14: 88802319c000 R15: FS: 7f687e332700() GS:8880b990() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fe54d4e8000 CR3: 21f43000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 03 80 3c 02 00 0f add0xf00023c(%rax),%eax 6: 85 9f 01 00 00 4c test %ebx,0x4c01(%rdi) c: 8b bb b0 00 00 00 mov0xb0(%rbx),%edi 12: 48 b8 00 00 00 00 00movabs $0xdc00,%rax 19: fc ff df 1c: 49 8d bf e0 00 00 00lea0xe0(%r15),%rdi 23: 48 89 famov%rdi,%rdx
[Cluster-devel] [syzbot] INFO: task hung in freeze_super (3)
Hello,
syzbot found the following issue on:
HEAD commit:f3e8416619ce Merge tag 'soc-fixes-6.1-5' of git://git.kern..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=12fb534d88
kernel config: https://syzkaller.appspot.com/x/.config?x=d58e7fe7f9cf5e24
dashboard link: https://syzkaller.appspot.com/bug?extid=f51cb4b9afbd87ec06f2
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=123d216b88
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16e46f5b88
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/628abc27cbe7/disk-f3e84166.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/2f19ea836174/vmlinux-f3e84166.xz
kernel image:
https://storage.googleapis.com/syzbot-assets/f2e1347e85a5/bzImage-f3e84166.xz
mounted in repro:
https://storage.googleapis.com/syzbot-assets/c239a19c8749/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f51cb4b9afbd87ec0...@syzkaller.appspotmail.com
INFO: task kworker/0:1H:120 blocked for more than 143 seconds.
Not tainted 6.1.0-rc8-syzkaller-00035-gf3e8416619ce #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/0:1Hstate:D stack:23480 pid:120 ppid:2 flags:0x4000
Workqueue: glock_workqueue glock_work_func
Call Trace:
context_switch kernel/sched/core.c:5209 [inline]
__schedule+0x8c9/0xd70 kernel/sched/core.c:6521
schedule+0xcb/0x190 kernel/sched/core.c:6597
rwsem_down_write_slowpath+0xfc1/0x1480 kernel/locking/rwsem.c:1190
__down_write_common kernel/locking/rwsem.c:1305 [inline]
__down_write kernel/locking/rwsem.c:1314 [inline]
down_write+0x231/0x270 kernel/locking/rwsem.c:1563
freeze_super+0x45/0x420 fs/super.c:1697
freeze_go_sync+0x178/0x340 fs/gfs2/glops.c:573
do_xmote+0x34d/0x13d0 fs/gfs2/glock.c:776
glock_work_func+0x2c2/0x450 fs/gfs2/glock.c:1082
process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
INFO: task syz-executor330:3631 blocked for more than 143 seconds.
Not tainted 6.1.0-rc8-syzkaller-00035-gf3e8416619ce #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor330 state:D stack:20176 pid:3631 ppid:3630 flags:0x4004
Call Trace:
context_switch kernel/sched/core.c:5209 [inline]
__schedule+0x8c9/0xd70 kernel/sched/core.c:6521
schedule+0xcb/0x190 kernel/sched/core.c:6597
schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1911
do_wait_for_common+0x3ea/0x560 kernel/sched/completion.c:85
__wait_for_common kernel/sched/completion.c:106 [inline]
wait_for_common kernel/sched/completion.c:117 [inline]
wait_for_completion+0x46/0x60 kernel/sched/completion.c:138
__flush_workqueue+0x74a/0x1680 kernel/workqueue.c:2861
gfs2_gl_hash_clear+0xbe/0x300 fs/gfs2/glock.c:2262
gfs2_fill_super+0x2202/0x2700 fs/gfs2/ops_fstype.c:1307
get_tree_bdev+0x400/0x620 fs/super.c:1324
gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1330
vfs_get_tree+0x88/0x270 fs/super.c:1531
do_new_mount+0x289/0xad0 fs/namespace.c:3040
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f19da3f458a
RSP: 002b:7ffd6b2d69e8 EFLAGS: 0282 ORIG_RAX: 00a5
RAX: ffda RBX: 0003 RCX: 7f19da3f458a
RDX: 2040 RSI: 2003b300 RDI: 7ffd6b2d6a00
RBP: 7ffd6b2d6a00 R08: 7ffd6b2d6a40 R09: 0002
R10: R11: 0282 R12: 0004
R13: 56b0d2c0 R14: R15: 7ffd6b2d6a40
Showing all locks held in the system:
1 lock held by rcu_tasks_kthre/12:
#0: 8d127330 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at:
rcu_tasks_one_gp+0x30/0xd00 kernel/rcu/tasks.h:507
1 lock held by rcu_tasks_trace/13:
#0: 8d127b30 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at:
rcu_tasks_one_gp+0x30/0xd00 kernel/rcu/tasks.h:507
1 lock held by khungtaskd/28:
#0: 8d127160 (rcu_read_lock){}-{1:2}, at: rcu_lock_acquire+0x0/0x30
3 locks held by kworker/0:1H/120:
#0: 8880194f5d38 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at:
process_one_work+0x7f2/0xdb0
#1: c90002587d00 ((work_completion)(&(>gl_work)->work)){+.+.}-{0:0},
at: process_one_work+0x831/0xdb0 kernel/workqueue.c:2264
#2: 888026c2c0e0 (>s_umount_key#42){+.+.}-{3:3}, at:
freeze_super+0x45/0x420 fs/super.c:1697
2 locks held by getty/3308:
#0: f
[Cluster-devel] [syzbot] general protection fault in gfs2_get_tree
Hello, syzbot found the following issue on: HEAD commit:591cd61541b9 Add linux-next specific files for 20221207 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=172b534d88 kernel config: https://syzkaller.appspot.com/x/.config?x=8b2d3e63e054c24f dashboard link: https://syzkaller.appspot.com/bug?extid=2be9d17f9de2e7342994 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/bc862c01ec56/disk-591cd615.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/8f9b93f8ed2f/vmlinux-591cd615.xz kernel image: https://storage.googleapis.com/syzbot-assets/9d5cb636d548/bzImage-591cd615.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+2be9d17f9de2e7342...@syzkaller.appspotmail.com loop2: detected capacity change from 0 to 32768 general protection fault, probably for non-canonical address 0xdc1c: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00e0-0x00e7] CPU: 0 PID: 25472 Comm: syz-executor.2 Not tainted 6.1.0-rc8-next-20221207-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:gfs2_get_tree+0xb8/0x270 fs/gfs2/ops_fstype.c:1342 Code: 03 80 3c 02 00 0f 85 9f 01 00 00 4c 8b bb b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 62 01 00 00 4d 8b b7 e0 00 00 00 48 b8 00 00 00 RSP: 0018:c900068b7d50 EFLAGS: 00010202 RAX: dc00 RBX: 888036c15800 RCX: c9001a7a1000 RDX: 001c RSI: 83925ec7 RDI: 00e0 RBP: 888076c83200 R08: 0005 R09: R10: R11: R12: R13: 888036c158b0 R14: 888036c15800 R15: FS: 7fa57f6a0700() GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f68252516b0 CR3: 876a2000 CR4: 003526f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: vfs_get_tree+0x8d/0x2f0 fs/super.c:1489 do_new_mount fs/namespace.c:3145 [inline] path_mount+0x132a/0x1e20 fs/namespace.c:3475 do_mount fs/namespace.c:3488 [inline] __do_sys_mount fs/namespace.c:3697 [inline] __se_sys_mount fs/namespace.c:3674 [inline] __x64_sys_mount+0x283/0x300 fs/namespace.c:3674 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa57e88d60a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fa57f69ff88 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffda RBX: 000133e6 RCX: 7fa57e88d60a RDX: 20013400 RSI: 20013440 RDI: 7fa57f69ffe0 RBP: 7fa57f6a0020 R08: 7fa57f6a0020 R09: R10: R11: 0202 R12: 20013400 R13: 20013440 R14: 7fa57f69ffe0 R15: 20c0 Modules linked in: ---[ end trace ]--- RIP: 0010:gfs2_get_tree+0xb8/0x270 fs/gfs2/ops_fstype.c:1342 Code: 03 80 3c 02 00 0f 85 9f 01 00 00 4c 8b bb b0 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bf e0 00 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 62 01 00 00 4d 8b b7 e0 00 00 00 48 b8 00 00 00 RSP: 0018:c900068b7d50 EFLAGS: 00010202 RAX: dc00 RBX: 888036c15800 RCX: c9001a7a1000 RDX: 001c RSI: 83925ec7 RDI: 00e0 RBP: 888076c83200 R08: 0005 R09: R10: R11: R12: R13: 888036c158b0 R14: 888036c15800 R15: FS: 7fa57f6a0700() GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fbc0fb821b8 CR3: 876a2000 CR4: 003526f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 03 80 3c 02 00 0f add0xf00023c(%rax),%eax 6: 85 9f 01 00 00 4c test %ebx,0x4c01(%rdi) c: 8b bb b0 00 00 00 mov0xb0(%rbx),%edi 12: 48 b8 00 00 00 00 00movabs $0xdc00,%rax 19: fc ff df 1c: 49 8d bf e0 00 00 00lea0xe0(%r15),%rdi 23: 48 89 famov%rdi,%rdx 26: 48 c1 ea 03 shr$0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%r
Re: [Cluster-devel] [syzbot] kernel BUG in add_to_queue
syzbot has found a reproducer for the following issue on: HEAD commit:65762d97e6fa Merge branch 'for-next/perf' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=12198e7588 kernel config: https://syzkaller.appspot.com/x/.config?x=56d0c7c3a2304e8f dashboard link: https://syzkaller.appspot.com/bug?extid=8a4b520a9affc6d8ea56 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146e6e7588 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1762a3ed88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/52f702197b30/disk-65762d97.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/72189c2789ce/vmlinux-65762d97.xz kernel image: https://storage.googleapis.com/syzbot-assets/ec0349196c98/Image-65762d97.gz.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/9fcb4ad786f5/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8a4b520a9affc6d8e...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: G: s:EX n:8/1 f:qb t:EX d:EX/0 a:0 v:0 r:5 m:20 p:0 gfs2: fsid=syz:syz.0: H: s:EX f:cH e:0 p:3074 [syz-executor203] gfs2_quota_sync+0xf0/0x204 fs/gfs2/quota.c:1318 [ cut here ] kernel BUG at fs/gfs2/glock.c:1560! Internal error: Oops - BUG: f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 3074 Comm: syz-executor203 Not tainted 6.1.0-rc6-syzkaller-32653-g65762d97e6fa #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 pstate: 6045 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_to_queue+0x6ec/0x780 fs/gfs2/glock.c:1559 lr : add_to_queue+0x6ec/0x780 fs/gfs2/glock.c:1559 sp : 800012deb950 x29: 800012deb960 x28: cbfa6e80 x27: ccea2000 x26: cbfa6e80 x25: 0400 x24: c207a800 x23: x22: c207a800 x21: ccea3270 x20: cbfa6eb8 x19: c70fc550 x18: 00c0 x17: 5d333032726f7475 x16: 8dbe6158 x15: c4248000 x14: x13: x12: c4248000 x11: ff808926a440 x10: x9 : 739e9965397fe700 x8 : 739e9965397fe700 x7 : 8c08e4f4 x6 : x5 : 0080 x4 : 0001 x3 : x2 : x1 : 0001 x0 : Call trace: add_to_queue+0x6ec/0x780 fs/gfs2/glock.c:1559 gfs2_glock_nq+0x90/0x220 fs/gfs2/glock.c:1585 gfs2_glock_nq_init fs/gfs2/glock.h:264 [inline] do_sync+0x1dc/0x650 fs/gfs2/quota.c:910 gfs2_quota_sync+0xf0/0x204 fs/gfs2/quota.c:1318 gfs2_sync_fs+0x30/0x78 fs/gfs2/super.c:643 sync_filesystem+0x68/0x134 fs/sync.c:56 generic_shutdown_super+0x38/0x198 fs/super.c:474 kill_block_super+0x30/0x78 fs/super.c:1428 gfs2_kill_sb+0x68/0x78 deactivate_locked_super+0x70/0xe8 fs/super.c:332 deactivate_super+0xd0/0xd4 fs/super.c:363 cleanup_mnt+0x184/0x1c0 fs/namespace.c:1186 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193 task_work_run+0x100/0x148 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x2dc/0xcac kernel/exit.c:820 __arm64_sys_exit_group+0x0/0x18 kernel/exit.c:950 __do_sys_exit_group kernel/exit.c:961 [inline] __se_sys_exit_group kernel/exit.c:959 [inline] __wake_up_parent+0x0/0x40 kernel/exit.c:959 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584 Code: 52800022 aa1f03e0 aa1303e1 97fff219 (d421) ---[ end trace ]---
Re: [Cluster-devel] [syzbot] general protection fault in gfs2_dump_glock
syzbot has found a reproducer for the following issue on: HEAD commit:faf68e3523c2 Merge tag 'kbuild-fixes-v6.1-4' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16c3fb9b88 kernel config: https://syzkaller.appspot.com/x/.config?x=8d01b6e3197974dd dashboard link: https://syzkaller.appspot.com/bug?extid=c6fd14145e2f62ca0784 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10fa1ce388 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1092ed7388 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/3bfa6577f378/disk-faf68e35.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/7bf0af58cde3/vmlinux-faf68e35.xz kernel image: https://storage.googleapis.com/syzbot-assets/3e15d7d640b0/bzImage-faf68e35.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/e69d0b505238/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c6fd14145e2f62ca0...@syzkaller.appspotmail.com == BUG: KASAN: stack-out-of-bounds in gfs2_dump_glock+0x1537/0x1b60 Read of size 8 at addr c9000493fcc0 by task syz-executor301/4070 CPU: 0 PID: 4070 Comm: syz-executor301 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:284 print_report+0x107/0x1f0 mm/kasan/report.c:395 kasan_report+0xcd/0x100 mm/kasan/report.c:495 gfs2_dump_glock+0x1537/0x1b60 gfs2_consist_inode_i+0xf3/0x110 fs/gfs2/util.c:465 gfs2_dirent_scan+0x535/0x650 fs/gfs2/dir.c:602 gfs2_dirent_search+0x2ea/0xb10 fs/gfs2/dir.c:850 gfs2_dir_search+0x8c/0x2a0 fs/gfs2/dir.c:1650 gfs2_lookupi+0x465/0x650 fs/gfs2/inode.c:323 __gfs2_lookup+0x8c/0x260 fs/gfs2/inode.c:870 __lookup_slow+0x266/0x3a0 fs/namei.c:1685 lookup_slow+0x53/0x70 fs/namei.c:1702 walk_component+0x2e1/0x410 fs/namei.c:1993 lookup_last fs/namei.c:2450 [inline] path_lookupat+0x17d/0x450 fs/namei.c:2474 filename_lookup+0x274/0x650 fs/namei.c:2503 user_path_at_empty+0x40/0x1a0 fs/namei.c:2876 do_readlinkat+0x10c/0x3d0 fs/stat.c:468 __do_sys_readlink fs/stat.c:501 [inline] __se_sys_readlink fs/stat.c:498 [inline] __x64_sys_readlink+0x7b/0x90 fs/stat.c:498 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fc648229e99 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 31 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fc648189208 EFLAGS: 0246 ORIG_RAX: 0059 RAX: ffda RBX: 7fc6482c0568 RCX: 7fc648229e99 RDX: 0047 RSI: 2140 RDI: 2000 RBP: 7fc6482c0560 R08: 7fc648189700 R09: R10: 7fc648189700 R11: 0246 R12: 7fc6482c056c R13: 7ffc15b2f1ff R14: 7fc648189300 R15: 00022000 The buggy address belongs to the virtual mapping at [c90004938000, c90004941000) created by: dup_task_struct+0x8b/0x490 kernel/fork.c:974 The buggy address belongs to the physical page: page:ea73ed00 refcount:1 mapcount:0 mapping: index:0x0 pfn:0x1cfb4 memcg:8881481da382 flags: 0xfff000(node=0|zone=1|lastcpupid=0x7ff) raw: 00fff000 dead0122 raw: 0001 8881481da382 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 4055, tgid 4055 (syz-executor301), ts 493360110858, free_ts 493203659028 prep_new_page mm/page_alloc.c:2539 [inline] get_page_from_freelist+0x742/0x7c0 mm/page_alloc.c:4291 __alloc_pages+0x259/0x560 mm/page_alloc.c:5558 vm_area_alloc_pages mm/vmalloc.c:2975 [inline] __vmalloc_area_node mm/vmalloc.c:3043 [inline] __vmalloc_node_range+0x8f4/0x1290 mm/vmalloc.c:3213 alloc_thread_stack_node+0x307/0x500 kernel/fork.c:311 dup_task_struct+0x8b/0x490 kernel/fork.c:974 copy_process+0x637/0x4000 kernel/fork.c:2084 kernel_clone+0x21b/0x620 kernel/fork.c:2671 __do_sys_clone kernel/fork.c:2812 [inline] __se_sys_clone kernel/fork.c:2796 [inline] __x64_sys_clone+0x228/0x290 kernel/fork.c:2796 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd pag
[Cluster-devel] [syzbot] general protection fault in gfs2_print_dbg
Hello, syzbot found the following issue on: HEAD commit:faf68e3523c2 Merge tag 'kbuild-fixes-v6.1-4' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16cf6cad88 kernel config: https://syzkaller.appspot.com/x/.config?x=8d01b6e3197974dd dashboard link: https://syzkaller.appspot.com/bug?extid=9f366abe80cb91810c84 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/3bfa6577f378/disk-faf68e35.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/7bf0af58cde3/vmlinux-faf68e35.xz kernel image: https://storage.googleapis.com/syzbot-assets/3e15d7d640b0/bzImage-faf68e35.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+9f366abe80cb91810...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc108420: [#1] PREEMPT SMP KASAN KASAN: probably user-memory-access in range [0x00842100-0x00842107] CPU: 0 PID: 16312 Comm: syz-executor.3 Not tainted 6.1.0-rc6-syzkaller-00315-gfaf68e3523c2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:string_nocheck lib/vsprintf.c:643 [inline] RIP: 0010:string+0x1b5/0x2d0 lib/vsprintf.c:725 Code: 89 de 49 ff ce 31 ed 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 8d 3c 2c 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 6a 49 8d 5c 2d 00 45 0f b6 3c 2c 31 ff 44 89 RSP: 0018:c90005fc6990 EFLAGS: 00010003 RAX: 00108420 RBX: RCX: dc00 RDX: 88807def3a80 RSI: RDI: 00842107 RBP: R08: 8a8cb389 R09: 8a8c7c8f R10: 0012 R11: 88807def3a80 R12: 00842107 R13: c90005fc6ee6 R14: fffe R15: FS: 7fa7a6873700() GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 001b33622000 CR3: 7ba24000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: vsnprintf+0x1221/0x1ce0 lib/vsprintf.c:2800 va_format lib/vsprintf.c:1685 [inline] pointer+0x845/0xfa0 lib/vsprintf.c:2431 vsnprintf+0xe73/0x1ce0 lib/vsprintf.c:2804 vprintk_store+0x3b0/0x1050 kernel/printk/printk.c:2152 vprintk_emit+0x9a/0x1e0 kernel/printk/printk.c:2249 _printk+0xc0/0x100 kernel/printk/printk.c:2289 gfs2_print_dbg+0x172/0x180 fs/gfs2/glock.c:1456 dump_holder fs/gfs2/glock.c:2342 [inline] gfs2_dump_glock+0x149f/0x1b60 fs/gfs2/glock.c:2447 gfs2_consist_inode_i+0xf3/0x110 fs/gfs2/util.c:465 gfs2_dirent_scan+0x535/0x650 fs/gfs2/dir.c:602 gfs2_dirent_search+0x2ea/0xb10 fs/gfs2/dir.c:850 gfs2_dir_search+0x8c/0x2a0 fs/gfs2/dir.c:1650 gfs2_lookupi+0x465/0x650 fs/gfs2/inode.c:323 __gfs2_lookup+0x8c/0x260 fs/gfs2/inode.c:870 __lookup_slow+0x266/0x3a0 fs/namei.c:1685 lookup_slow+0x53/0x70 fs/namei.c:1702 walk_component+0x2e1/0x410 fs/namei.c:1993 lookup_last fs/namei.c:2450 [inline] path_lookupat+0x17d/0x450 fs/namei.c:2474 filename_lookup+0x274/0x650 fs/namei.c:2503 user_path_at_empty+0x40/0x1a0 fs/namei.c:2876 do_readlinkat+0x10c/0x3d0 fs/stat.c:468 __do_sys_readlink fs/stat.c:501 [inline] __se_sys_readlink fs/stat.c:498 [inline] __x64_sys_readlink+0x7b/0x90 fs/stat.c:498 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fa7a5a8c0d9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fa7a6873168 EFLAGS: 0246 ORIG_RAX: 0059 RAX: ffda RBX: 7fa7a5bac120 RCX: 7fa7a5a8c0d9 RDX: 0047 RSI: 2140 RDI: 2000 RBP: 7fa7a5ae7ae9 R08: R09: R10: R11: 0246 R12: R13: 7ffde5ef481f R14: 7fa7a6873300 R15: 00022000 Modules linked in: ---[ end trace ]--- RIP: 0010:string_nocheck lib/vsprintf.c:643 [inline] RIP: 0010:string+0x1b5/0x2d0 lib/vsprintf.c:725 Code: 89 de 49 ff ce 31 ed 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 8d 3c 2c 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 6a 49 8d 5c 2d 00 45 0f b6 3c 2c 31 ff 44 89 RSP: 0018:c90005fc6990 EFLAGS: 00010003 RAX: 00108420 RBX: RCX: dc00 RDX: 88807def3a80 RSI: RDI: 00842107 RBP: 00
Re: [Cluster-devel] [syzbot] kernel BUG in gfs2_glock_nq (2)
syzbot has found a reproducer for the following issue on: HEAD commit:eb7081409f94 Linux 6.1-rc6 git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=15d40efd88 kernel config: https://syzkaller.appspot.com/x/.config?x=8cdf448d3b35234 dashboard link: https://syzkaller.appspot.com/bug?extid=70f4e455dee59ab40c80 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=156d55fd88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1494607588 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/4a019f55c517/disk-eb708140.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/eb36e890aa8b/vmlinux-eb708140.xz kernel image: https://storage.googleapis.com/syzbot-assets/feee2c23ec64/bzImage-eb708140.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/595931ddaae3/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+70f4e455dee59ab40...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: new: gfs2_quota_sync+0x3da/0x8b0 fs/gfs2/quota.c:1318 gfs2: fsid=syz:syz.0: pid: 3642 gfs2: fsid=syz:syz.0: lock type: 8 req lock state : 1 gfs2: fsid=syz:syz.0: G: s:EX n:8/1 f:qb t:EX d:EX/0 a:0 v:0 r:5 m:20 p:0 gfs2: fsid=syz:syz.0: H: s:EX f:cH e:0 p:3642 [syz-executor297] gfs2_quota_sync+0x3da/0x8b0 fs/gfs2/quota.c:1318 [ cut here ] kernel BUG at fs/gfs2/glock.c:1560! invalid opcode: [#1] PREEMPT SMP KASAN CPU: 0 PID: 3642 Comm: syz-executor297 Not tainted 6.1.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:add_to_queue fs/gfs2/glock.c:1560 [inline] RIP: 0010:gfs2_glock_nq+0x1661/0x1890 fs/gfs2/glock.c:1585 Code: 0f b7 4d 00 48 c7 c7 00 42 3e 8b 48 8b 74 24 20 89 da 31 c0 e8 9c bf da 06 31 ff 48 8b 74 24 28 ba 01 00 00 00 e8 6f 7b ff ff <0f> 0b 89 d9 80 e1 07 fe c1 38 c1 0f 8c 94 ee ff ff 48 89 df e8 06 RSP: 0018:c90003baf898 EFLAGS: 00010246 RAX: 366be81aeeac0c00 RBX: 0008 RCX: 88807253d7c0 RDX: RSI: 0001 RDI: RBP: 888027cb365a R08: 83b90f42 R09: fbfff1d2f2de R10: fbfff1d2f2de R11: 11d2f2dd R12: 888027cb3638 R13: 888073045340 R14: 888027cb3630 R15: 111004f966c3 FS: () GS:8880b980() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 562ec3072000 CR3: 714f CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: gfs2_glock_nq_init fs/gfs2/glock.h:264 [inline] do_sync+0x3b1/0xc80 fs/gfs2/quota.c:910 gfs2_quota_sync+0x3da/0x8b0 fs/gfs2/quota.c:1318 gfs2_sync_fs+0x49/0xb0 fs/gfs2/super.c:643 sync_filesystem+0xe8/0x220 fs/sync.c:56 generic_shutdown_super+0x6b/0x310 fs/super.c:474 kill_block_super+0x79/0xd0 fs/super.c:1428 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 cleanup_mnt+0x494/0x520 fs/namespace.c:1186 task_work_run+0x243/0x300 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x664/0x2070 kernel/exit.c:820 do_group_exit+0x1fd/0x2b0 kernel/exit.c:950 __do_sys_exit_group kernel/exit.c:961 [inline] __se_sys_exit_group kernel/exit.c:959 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:959 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f9613abc989 Code: Unable to access opcode bytes at 0x7f9613abc95f. RSP: 002b:7ffe22a048c8 EFLAGS: 0246 ORIG_RAX: 00e7 RAX: ffda RBX: 7f9613b6d330 RCX: 7f9613abc989 RDX: 003c RSI: 00e7 RDI: 0001 RBP: 0001 R08: ffc0 R09: 0003b2d3 R10: R11: 0246 R12: 7f9613b6d330 R13: 0001 R14: R15: 0001 Modules linked in: ---[ end trace ]--- RIP: 0010:add_to_queue fs/gfs2/glock.c:1560 [inline] RIP: 0010:gfs2_glock_nq+0x1661/0x1890 fs/gfs2/glock.c:1585 Code: 0f b7 4d 00 48 c7 c7 00 42 3e 8b 48 8b 74 24 20 89 da 31 c0 e8 9c bf da 06 31 ff 48 8b 74 24 28 ba 01 00 00 00 e8 6f 7b ff ff <0f> 0b 89 d9 80 e1 07 fe c1 38 c1 0f 8c 94 ee ff ff 48 89 df e8 06 RSP: 0018:c90003baf898 EFLAGS: 00010246 RAX: 366be81aeeac0c00 RBX: 0008 RCX: 88807253d7c0 RDX: RSI: 0001 RDI: RBP: 888027cb365a R08: 83b90f42 R09: fbfff1d2f2de R10: fbfff1d2f2de R11: 11d2f2dd R12: 888027cb3638 R13: 888073045340 R14: 888027cb3630 R15: 111004f966c3 FS: 0
[Cluster-devel] [syzbot] kernel BUG in add_to_queue
Hello, syzbot found the following issue on: HEAD commit:bbed346d5a96 Merge branch 'for-next/core' into for-kernelci git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=10f68cb688 kernel config: https://syzkaller.appspot.com/x/.config?x=3a4a45d2d827c1e dashboard link: https://syzkaller.appspot.com/bug?extid=8a4b520a9affc6d8ea56 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/e8e91bc79312/disk-bbed346d.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/c1cb3fb3b77e/vmlinux-bbed346d.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8a4b520a9affc6d8e...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: G: s:EX n:8/1 f:qb t:EX d:EX/0 a:0 v:0 r:5 m:20 p:0 gfs2: fsid=syz:syz.0: H: s:EX f:cH e:0 p:3072 [syz-executor.5] gfs2_quota_sync+0xf0/0x204 fs/gfs2/quota.c:1322 [ cut here ] kernel BUG at fs/gfs2/glock.c:1521! Internal error: Oops - BUG: f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 3072 Comm: syz-executor.5 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 pstate: 6045 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : add_to_queue+0x5e0/0x710 fs/gfs2/glock.c:1520 lr : add_to_queue+0x5e0/0x710 fs/gfs2/glock.c:1520 sp : 80001367ba40 x29: 80001367ba50 x28: 000131decee0 x27: c91a1b00 x26: 0040 x25: x24: x23: x22: c91a1b00 x21: 00012b643270 x20: 000131decf18 x19: 0001172327f8 x18: 00c0 x17: 205d352e726f7475 x16: 8db49158 x15: c73c1a80 x14: x13: x12: c73c1a80 x11: ff808926b160 x10: x9 : 8630f0a241885900 x8 : 8630f0a241885900 x7 : 8819545c x6 : x5 : 0080 x4 : 0001 x3 : x2 : x1 : 0001 x0 : Call trace: add_to_queue+0x5e0/0x710 fs/gfs2/glock.c:1520 gfs2_glock_nq+0x90/0x220 fs/gfs2/glock.c:1546 gfs2_glock_nq_init fs/gfs2/glock.h:263 [inline] do_sync+0x1dc/0x650 fs/gfs2/quota.c:914 gfs2_quota_sync+0xf0/0x204 fs/gfs2/quota.c:1322 gfs2_sync_fs+0x30/0x78 fs/gfs2/super.c:642 sync_filesystem+0x68/0x134 fs/sync.c:56 generic_shutdown_super+0x38/0x190 fs/super.c:474 kill_block_super+0x30/0x78 fs/super.c:1427 gfs2_kill_sb+0x68/0x78 deactivate_locked_super+0x70/0xe8 fs/super.c:332 deactivate_super+0xd0/0xd4 fs/super.c:363 cleanup_mnt+0x1f8/0x234 fs/namespace.c:1186 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193 task_work_run+0xc4/0x14c kernel/task_work.c:177 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] do_notify_resume+0x174/0x1f0 arch/arm64/kernel/signal.c:1127 prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline] el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:637 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 Code: 52800022 aa1f03e0 aa1303e1 97fff284 (d421) ---[ end trace ]--- --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Re: [Cluster-devel] [syzbot] WARNING in gfs2_ri_update
syzbot has found a reproducer for the following issue on: HEAD commit:440b7895c990 Merge tag 'mm-hotfixes-stable-2022-10-20' of .. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=128087a488 kernel config: https://syzkaller.appspot.com/x/.config?x=afc317c0f52ce670 dashboard link: https://syzkaller.appspot.com/bug?extid=f8bc4176e51e87e0928f compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13ed90f288 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16717fc288 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/105038975fc9/disk-440b7895.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/edd7302c8fc8/vmlinux-440b7895.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/95d6d27d2d50/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+f8bc4176e51e87e09...@syzkaller.appspotmail.com gfs2: fsid=syz:syz: Now mounting FS (format 1801)... gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms gfs2: fsid=syz:syz.0: first mount done, others may mount [ cut here ] WARNING: CPU: 0 PID: 3611 at mm/page_alloc.c:5530 __alloc_pages+0x30a/0x560 mm/page_alloc.c:5530 Modules linked in: CPU: 1 PID: 3611 Comm: syz-executor282 Not tainted 6.1.0-rc1-syzkaller-00158-g440b7895c990 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 RIP: 0010:__alloc_pages+0x30a/0x560 mm/page_alloc.c:5530 Code: 5c 24 04 0f 85 f3 00 00 00 44 89 e1 81 e1 7f ff ff ff a9 00 00 04 00 41 0f 44 cc 41 89 cc e9 e3 00 00 00 c6 05 a1 ab 29 0c 01 <0f> 0b 83 fb 0a 0f 86 c8 fd ff ff 31 db 48 c7 44 24 20 0e 36 e0 45 RSP: 0018:c90003c5f4a0 EFLAGS: 00010246 RAX: c90003c5f500 RBX: 0012 RCX: RDX: 0028 RSI: RDI: c90003c5f528 RBP: c90003c5f5b8 R08: dc00 R09: c90003c5f500 R10: f5200078bea5 R11: 19200078bea0 R12: 00040d40 R13: 19200078be9c R14: dc00 R15: 19200078be98 FS: 55781300() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 005d84c8 CR3: 79874000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: __alloc_pages_node include/linux/gfp.h:223 [inline] alloc_pages_node include/linux/gfp.h:246 [inline] __kmalloc_large_node+0x8a/0x1a0 mm/slab_common.c:1098 __do_kmalloc_node mm/slab_common.c:943 [inline] __kmalloc+0xfe/0x1a0 mm/slab_common.c:968 kmalloc_array include/linux/slab.h:628 [inline] kcalloc include/linux/slab.h:659 [inline] compute_bitstructs fs/gfs2/rgrp.c:766 [inline] read_rindex_entry fs/gfs2/rgrp.c:931 [inline] gfs2_ri_update+0x537/0x17f0 fs/gfs2/rgrp.c:1001 gfs2_rindex_update+0x313/0x3f0 fs/gfs2/rgrp.c:1051 init_inodes+0x242/0x340 fs/gfs2/ops_fstype.c:917 gfs2_fill_super+0x1bb2/0x2700 fs/gfs2/ops_fstype.c:1247 get_tree_bdev+0x400/0x620 fs/super.c:1323 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1330 vfs_get_tree+0x88/0x270 fs/super.c:1530 do_new_mount+0x289/0xad0 fs/namespace.c:3040 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fb4bd4a797a Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffc73f0a0b8 EFLAGS: 0282 ORIG_RAX: 00a5 RAX: ffda RBX: 0003 RCX: 7fb4bd4a797a RDX: 2000 RSI: 2100 RDI: 7ffc73f0a0d0 RBP: 7ffc73f0a0d0 R08: 7ffc73f0a110 R09: 557812c0 R10: R11: 0282 R12: 0004 R13: 7ffc73f0a110 R14: 091b R15: 2000dc88
[Cluster-devel] [syzbot] general protection fault in gfs2_parse_param
Hello, syzbot found the following issue on: HEAD commit:4d48f589d294 Add linux-next specific files for 20221021 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=15e511ba88 kernel config: https://syzkaller.appspot.com/x/.config?x=2c4b7d600a5739a6 dashboard link: https://syzkaller.appspot.com/bug?extid=da97a57c5b742d05db51 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14e2fbe688 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1146d66a88 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/0c86bd0b39a0/disk-4d48f589.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/074059d37f1f/vmlinux-4d48f589.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/1c147a66d1a0/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+da97a57c5b742d05d...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 264192 general protection fault, probably for non-canonical address 0xdc00: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x-0x0007] CPU: 0 PID: 3602 Comm: syz-executor230 Not tainted 6.1.0-rc1-next-20221021-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 RIP: 0010:strnlen+0x3b/0x70 lib/string.c:430 Code: 74 3c 48 bb 00 00 00 00 00 fc ff df 49 89 fc 48 89 f8 eb 09 48 83 c0 01 48 39 e8 74 1e 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 <0f> b6 14 1a 38 ca 7f 04 84 d2 75 11 80 38 00 75 d9 4c 29 e0 48 83 RSP: 0018:c90003b6fb40 EFLAGS: 00010246 RAX: RBX: dc00 RCX: RDX: RSI: 0040 RDI: RBP: 0040 R08: 0005 R09: 0017 R10: 0002 R11: 0008c001 R12: R13: R14: 8880217bf680 R15: 88807ccb24d0 FS: 57389300() GS:8880b9a0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 005d84c8 CR3: 26706000 CR4: 003506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: strnlen include/linux/fortify-string.h:186 [inline] strscpy include/linux/fortify-string.h:331 [inline] gfs2_parse_param+0x1e6/0xe50 fs/gfs2/ops_fstype.c:1455 vfs_parse_fs_param fs/fs_context.c:148 [inline] vfs_parse_fs_param+0x1f9/0x3c0 fs/fs_context.c:129 vfs_parse_fs_string+0xdb/0x170 fs/fs_context.c:191 generic_parse_monolithic+0x16f/0x1f0 fs/fs_context.c:231 do_new_mount fs/namespace.c:3036 [inline] path_mount+0x12de/0x1e20 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdafa8bc4ba Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffe056c9ee8 EFLAGS: 0282 ORIG_RAX: 00a5 RAX: ffda RBX: 0003 RCX: 7fdafa8bc4ba RDX: 2080 RSI: 20c0 RDI: 7ffe056c9f00 RBP: 7ffe056c9f00 R08: 7ffe056c9f40 R09: 573892c0 R10: 0180c082 R11: 0282 R12: 0004 R13: 7ffe056c9f40 R14: 0002 R15: 2330 Modules linked in: ---[ end trace ]--- RIP: 0010:strnlen+0x3b/0x70 lib/string.c:430 Code: 74 3c 48 bb 00 00 00 00 00 fc ff df 49 89 fc 48 89 f8 eb 09 48 83 c0 01 48 39 e8 74 1e 48 89 c2 48 89 c1 48 c1 ea 03 83 e1 07 <0f> b6 14 1a 38 ca 7f 04 84 d2 75 11 80 38 00 75 d9 4c 29 e0 48 83 RSP: 0018:c90003b6fb40 EFLAGS: 00010246 RAX: RBX: dc00 RCX: RDX: RSI: 0040 RDI: RBP: 0040 R08: 0005 R09: 0017 R10: 0002 R11: 0008c001 R12: R13: R14: 8880217bf680 R15: 88807ccb24d0 FS: 57389300() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 0061ba0c CR3: 26706000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess): 0: 74 3c je 0x3e 2: 48 bb 00 00 00 00 00movabs $0xdc00
[Cluster-devel] [syzbot] INFO: task hung in __gfs2_trans_begin
Hello, syzbot found the following issue on: HEAD commit:493ffd6605b2 Merge tag 'ucount-rlimits-cleanups-for-v5.19'.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=13aa22ba88 kernel config: https://syzkaller.appspot.com/x/.config?x=d19f5d16783f901 dashboard link: https://syzkaller.appspot.com/bug?extid=a159cc6676345e04ff7d compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15fbd70c88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14dceee288 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/f1ff6481e26f/disk-493ffd66.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/101bd3c7ae47/vmlinux-493ffd66.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/510833e7acb6/mount_1.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a159cc6676345e04f...@syzkaller.appspotmail.com INFO: task syz-executor714:3609 blocked for more than 143 seconds. Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor714 state:D stack:23256 pid: 3609 ppid: 3606 flags:0x4002 Call Trace: context_switch kernel/sched/core.c:5183 [inline] __schedule+0x91f/0xdf0 kernel/sched/core.c:6495 schedule+0xcb/0x190 kernel/sched/core.c:6571 rwsem_down_read_slowpath+0x5f9/0x930 kernel/locking/rwsem.c:1087 __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1252 __gfs2_trans_begin+0x4e4/0x8c0 fs/gfs2/trans.c:87 gfs2_trans_begin+0x6d/0xe0 fs/gfs2/trans.c:118 gfs2_write_jdata_pagevec+0x100/0xe20 fs/gfs2/aops.c:220 gfs2_write_cache_jdata+0x46d/0x7b0 fs/gfs2/aops.c:349 gfs2_jdata_writepages+0x81/0x150 fs/gfs2/aops.c:391 do_writepages+0x3c3/0x680 mm/page-writeback.c:2469 filemap_fdatawrite_wbc+0x11e/0x170 mm/filemap.c:388 gfs2_ail1_start_one fs/gfs2/log.c:134 [inline] gfs2_ail1_flush+0xbc3/0xeb0 fs/gfs2/log.c:214 gfs2_ail1_start fs/gfs2/log.c:245 [inline] empty_ail1_list+0x17f/0x260 fs/gfs2/log.c:977 gfs2_log_flush+0x212a/0x26a0 fs/gfs2/log.c:1122 gfs2_kill_sb+0x50/0xd0 fs/gfs2/ops_fstype.c:1725 deactivate_locked_super+0xa7/0xf0 fs/super.c:331 cleanup_mnt+0x4ce/0x560 fs/namespace.c:1186 task_work_run+0x146/0x1c0 kernel/task_work.c:177 ptrace_notify+0x29a/0x340 kernel/signal.c:2354 ptrace_report_syscall include/linux/ptrace.h:420 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline] syscall_exit_work+0x8c/0xe0 kernel/entry/common.c:249 syscall_exit_to_user_mode_prepare+0x63/0xc0 kernel/entry/common.c:276 __syscall_exit_to_user_mode_work kernel/entry/common.c:281 [inline] syscall_exit_to_user_mode+0xa/0x60 kernel/entry/common.c:294 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fc8dc1bc527 RSP: 002b:7fff602f2de8 EFLAGS: 0206 ORIG_RAX: 00a6 RAX: RBX: RCX: 7fc8dc1bc527 RDX: 7fff602f2ea9 RSI: 000a RDI: 7fff602f2ea0 RBP: 7fff602f2ea0 R08: R09: 7fff602f2c80 R10: 5558c653 R11: 0206 R12: 7fff602f3f10 R13: 5558c5f0 R14: 7fff602f2e10 R15: 0005 INFO: task gfs2_logd:3658 blocked for more than 143 seconds. Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:gfs2_logd state:D stack:29592 pid: 3658 ppid: 2 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:5183 [inline] __schedule+0x91f/0xdf0 kernel/sched/core.c:6495 schedule+0xcb/0x190 kernel/sched/core.c:6571 rwsem_down_write_slowpath+0xf1c/0x1350 kernel/locking/rwsem.c:1182 __down_write_common kernel/locking/rwsem.c:1297 [inline] __down_write kernel/locking/rwsem.c:1306 [inline] down_write+0x163/0x170 kernel/locking/rwsem.c:1553 gfs2_log_flush+0xe7/0x26a0 fs/gfs2/log.c:1034 gfs2_logd+0x41f/0xe50 fs/gfs2/log.c:1319 kthread+0x266/0x300 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 INFO: task gfs2_quotad:3659 blocked for more than 144 seconds. Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:gfs2_quotad state:D stack:27576 pid: 3659 ppid: 2 flags:0x4000 Call Trace: context_switch kernel/sched/core.c:5183 [inline] __schedule+0x91f/0xdf0 kernel/sched/core.c:6495 schedule+0xcb/0x190 kernel/sched/core.c:6571 rwsem_down_read_slowpath+0x5f9/0x930 kernel/locking/rwsem.c:1087 __down_read_common+0x54/0x2a0 kernel/locking/rwsem.c:1252 __gfs2_trans_begin+0x4e4/0x8c0 fs/gfs2/trans.c:87 gfs2_trans_begin+0x6d/0xe0 fs/gfs2/trans.c:118 gfs2_statfs_sync+0x37f/0x4c0 fs/gfs2/
Re: [Cluster-devel] [syzbot] UBSAN: shift-out-of-bounds in gfs2_getbuf
syzbot has found a reproducer for the following issue on: HEAD commit:55be6084c8e0 Merge tag 'timers-core-2022-10-05' of git://g.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=176500c288 kernel config: https://syzkaller.appspot.com/x/.config?x=c29b6436e994d72e dashboard link: https://syzkaller.appspot.com/bug?extid=87a187973530ac822e3c compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=174eb6aa88 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1118d5a488 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/c8f5131ab57d/disk-55be6084.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/77167f226f35/vmlinux-55be6084.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/930c28d03062/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+87a187973530ac822...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 264192 gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" gfs2: fsid=loop0: Now mounting FS (format 1801)... UBSAN: shift-out-of-bounds in fs/gfs2/meta_io.c:128:16 shift exponent 4294967293 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 1 PID: 3612 Comm: syz-executor373 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322 gfs2_getbuf+0x759/0x7d0 fs/gfs2/meta_io.c:128 gfs2_meta_read+0x16a/0x910 fs/gfs2/meta_io.c:265 gfs2_meta_buffer+0x195/0x400 fs/gfs2/meta_io.c:491 gfs2_meta_inode_buffer fs/gfs2/meta_io.h:72 [inline] gfs2_inode_refresh+0xd6/0xdc0 fs/gfs2/glops.c:472 gfs2_instantiate+0x15e/0x220 fs/gfs2/glock.c:515 gfs2_glock_holder_ready fs/gfs2/glock.c:1303 [inline] gfs2_glock_wait+0x1d9/0x2a0 fs/gfs2/glock.c:1323 gfs2_glock_nq_init fs/gfs2/glock.h:263 [inline] gfs2_lookupi+0x411/0x5f0 fs/gfs2/inode.c:306 gfs2_lookup_simple+0xec/0x170 fs/gfs2/inode.c:258 init_journal+0x1c3/0x2310 fs/gfs2/ops_fstype.c:739 init_inodes+0xdc/0x340 fs/gfs2/ops_fstype.c:882 gfs2_fill_super+0x1be3/0x2710 fs/gfs2/ops_fstype.c:1240 get_tree_bdev+0x400/0x620 fs/super.c:1323 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1323 vfs_get_tree+0x88/0x270 fs/super.c:1530 do_new_mount+0x289/0xad0 fs/namespace.c:3040 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount+0x2e3/0x3d0 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f7caad9342a Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffc97eb3c68 EFLAGS: 0282 ORIG_RAX: 00a5 RAX: ffda RBX: 0003 RCX: 7f7caad9342a RDX: 2000 RSI: 2100 RDI: 7ffc97eb3c80 RBP: 7ffc97eb3c80 R08: 7ffc97eb3cc0 R09: 56b512c0 R10: 0008 R11: 0282 R12: 0004 R13: 7ffc97eb3cc0 R14: 0001 R15: 2218
[Cluster-devel] [syzbot] UBSAN: shift-out-of-bounds in gfs2_getbuf
Hello, syzbot found the following issue on: HEAD commit:493ffd6605b2 Merge tag 'ucount-rlimits-cleanups-for-v5.19'.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1462025288 kernel config: https://syzkaller.appspot.com/x/.config?x=d19f5d16783f901 dashboard link: https://syzkaller.appspot.com/bug?extid=87a187973530ac822e3c compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/f1ff6481e26f/disk-493ffd66.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/101bd3c7ae47/vmlinux-493ffd66.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+87a187973530ac822...@syzkaller.appspotmail.com UBSAN: shift-out-of-bounds in fs/gfs2/meta_io.c:128:16 shift exponent 4294967293 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 0 PID: 10195 Comm: syz-executor.3 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x33d/0x3b0 lib/ubsan.c:322 gfs2_getbuf+0x759/0x7d0 fs/gfs2/meta_io.c:128 gfs2_meta_read+0x153/0x910 fs/gfs2/meta_io.c:265 gfs2_meta_buffer+0x153/0x3a0 fs/gfs2/meta_io.c:491 gfs2_meta_inode_buffer fs/gfs2/meta_io.h:72 [inline] gfs2_inode_refresh+0xab/0xe90 fs/gfs2/glops.c:472 gfs2_instantiate+0x15e/0x220 fs/gfs2/glock.c:515 gfs2_glock_holder_ready fs/gfs2/glock.c:1303 [inline] gfs2_glock_wait+0x1d9/0x2a0 fs/gfs2/glock.c:1323 gfs2_glock_nq_init fs/gfs2/glock.h:263 [inline] gfs2_lookupi+0x40c/0x650 fs/gfs2/inode.c:306 gfs2_lookup_simple+0xec/0x170 fs/gfs2/inode.c:258 init_journal+0x19b/0x22c0 fs/gfs2/ops_fstype.c:739 init_inodes+0xdc/0x340 fs/gfs2/ops_fstype.c:882 gfs2_fill_super+0x1ad8/0x2610 fs/gfs2/ops_fstype.c:1240 get_tree_bdev+0x400/0x620 fs/super.c:1323 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1323 vfs_get_tree+0x88/0x270 fs/super.c:1530 do_new_mount+0x289/0xad0 fs/namespace.c:3040 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f0eed68cada Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f0eee73cf88 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffda RBX: 2200 RCX: 7f0eed68cada RDX: 2000 RSI: 2100 RDI: 7f0eee73cfe0 RBP: 7f0eee73d020 R08: 7f0eee73d020 R09: 2000 R10: 0008 R11: 0202 R12: 2000 R13: 2100 R14: 7f0eee73cfe0 R15: 2080 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] [syzbot] WARNING in ovs_dp_reset_user_features
Hello,
syzbot found the following issue on:
HEAD commit:e8bc52cb8df8 Merge tag 'driver-core-6.1-rc1' of git://git...
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=134de04288
kernel config: https://syzkaller.appspot.com/x/.config?x=7579993da6496f03
dashboard link: https://syzkaller.appspot.com/bug?extid=31cde0bef4bbf8ba2d86
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12173a3488
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1792461a88
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/4dc25a89bfbd/disk-e8bc52cb.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/16c9ca5fd754/vmlinux-e8bc52cb.xz
The issue was bisected to:
commit 6b0afc0cc3e9a9a91f5a76d0965d449781441e18
Author: Alexander Aring
Date: Wed Jun 22 18:45:23 2022 +
fs: dlm: don't use deprecated timeout features by default
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=10d5787c88
final oops: https://syzkaller.appspot.com/x/report.txt?x=12d5787c88
console output: https://syzkaller.appspot.com/x/log.txt?x=14d5787c88
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+31cde0bef4bbf8ba2...@syzkaller.appspotmail.com
Fixes: 6b0afc0cc3e9 ("fs: dlm: don't use deprecated timeout features by
default")
[ cut here ]
Dropping previously announced user features
WARNING: CPU: 1 PID: 3608 at net/openvswitch/datapath.c:1619
ovs_dp_reset_user_features+0x1bc/0x240 net/openvswitch/datapath.c:1619
Modules linked in:
CPU: 1 PID: 3608 Comm: syz-executor162 Not tainted
6.0.0-syzkaller-07994-ge8bc52cb8df8 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
09/22/2022
RIP: 0010:ovs_dp_reset_user_features+0x1bc/0x240 net/openvswitch/datapath.c:1619
Code: 00 c7 03 00 00 00 00 eb 05 e8 d0 be 67 f7 5b 41 5c 41 5e 41 5f 5d c3 e8
c2 be 67 f7 48 c7 c7 00 92 e3 8b 31 c0 e8 74 7a 2f f7 <0f> 0b eb c7 44 89 f1 80
e1 07 fe c1 38 c1 0f 8c f1 fe ff ff 4c 89
RSP: 0018:c90003b8f370 EFLAGS: 00010246
RAX: e794c0e413340e00 RBX: 8880175cae68 RCX: 88801c069d80
RDX: RSI: 8000 RDI:
RBP: 0008 R08: 816c58ad R09: ed1017364f13
R10: ed1017364f13 R11: 111017364f12 R12: dc00
R13: 8880175ca450 R14: 111002eb95cd R15: c90003b8f6b0
FS: 57276300() GS:8880b9b0() knlGS:
CS: 0010 DS: ES: CR0: 80050033
CR2: 2916 CR3: 1ed81000 CR4: 003506e0
DR0: DR1: DR2:
DR3: DR6: fffe0ff0 DR7: 0400
Call Trace:
ovs_dp_cmd_new+0x8f6/0xc80 net/openvswitch/datapath.c:1822
genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]
genl_family_rcv_msg net/netlink/genetlink.c:808 [inline]
genl_rcv_msg+0x11ca/0x1670 net/netlink/genetlink.c:825
netlink_rcv_skb+0x1f0/0x460 net/netlink/af_netlink.c:2540
genl_rcv+0x24/0x40 net/netlink/genetlink.c:836
netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
netlink_unicast+0x7e7/0x9c0 net/netlink/af_netlink.c:1345
netlink_sendmsg+0x9b3/0xcd0 net/netlink/af_netlink.c:1921
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
sys_sendmsg+0x597/0x8e0 net/socket.c:2482
___sys_sendmsg net/socket.c:2536 [inline]
__sys_sendmsg+0x28e/0x390 net/socket.c:2565
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fc51f29de89
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 14 00 00 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ffd99ec6ed8 EFLAGS: 0246 ORIG_RAX: 002e
RAX: ffda RBX: a2c4 RCX: 7fc51f29de89
RDX: RSI: 2100 RDI: 0003
RBP: R08: 7ffd99ec7078 R09: 7ffd99ec7078
R10: 7ffd99ec6950 R11: 0246 R12: 7ffd99ec6eec
R13: 431bde82d7b634db R14: R15:
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
[Cluster-devel] [syzbot] possible deadlock in freeze_super (2)
Hello,
syzbot found the following issue on:
HEAD commit:bbed346d5a96 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=16b0403a88
kernel config: https://syzkaller.appspot.com/x/.config?x=3a4a45d2d827c1e
dashboard link: https://syzkaller.appspot.com/bug?extid=be899d4f10b2a9522dce
compiler: Debian clang version
13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU
Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image:
https://storage.googleapis.com/syzbot-assets/e8e91bc79312/disk-bbed346d.raw.xz
vmlinux:
https://storage.googleapis.com/syzbot-assets/c1cb3fb3b77e/vmlinux-bbed346d.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+be899d4f10b2a9522...@syzkaller.appspotmail.com
==
WARNING: possible circular locking dependency detected
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Not tainted
--
kworker/1:1H/76 is trying to acquire lock:
000122d770e0 (>s_umount_key#113){+.+.}-{3:3}, at:
freeze_super+0x40/0x1f0 fs/super.c:1696
but task is already holding lock:
8fb63d80 ((work_completion)(&(>gl_work)->work)){+.+.}-{0:0}, at:
process_one_work+0x29c/0x504 kernel/workqueue.c:2264
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #2 ((work_completion)(&(>gl_work)->work)){+.+.}-{0:0}:
process_one_work+0x2c4/0x504 kernel/workqueue.c:2265
worker_thread+0x340/0x610 kernel/workqueue.c:2436
kthread+0x12c/0x158 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
-> #1 ((wq_completion)glock_workqueue){+.+.}-{0:0}:
__flush_workqueue+0xb8/0x6dc kernel/workqueue.c:2809
gfs2_gl_hash_clear+0x4c/0x1b0 fs/gfs2/glock.c:2207
gfs2_put_super+0x318/0x390 fs/gfs2/super.c:619
generic_shutdown_super+0x8c/0x190 fs/super.c:491
kill_block_super+0x30/0x78 fs/super.c:1427
gfs2_kill_sb+0x68/0x78
deactivate_locked_super+0x70/0xe8 fs/super.c:332
deactivate_super+0xd0/0xd4 fs/super.c:363
cleanup_mnt+0x1f8/0x234 fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0xc4/0x14c kernel/task_work.c:177
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x174/0x1f0 arch/arm64/kernel/signal.c:1127
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581
-> #0 (>s_umount_key#113){+.+.}-{3:3}:
check_prev_add kernel/locking/lockdep.c:3095 [inline]
check_prevs_add kernel/locking/lockdep.c:3214 [inline]
validate_chain kernel/locking/lockdep.c:3829 [inline]
__lock_acquire+0x1530/0x30a4 kernel/locking/lockdep.c:5053
lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666
down_write+0x5c/0xcc kernel/locking/rwsem.c:1552
freeze_super+0x40/0x1f0 fs/super.c:1696
freeze_go_sync+0x84/0x1a8 fs/gfs2/glops.c:573
do_xmote+0x180/0x954 fs/gfs2/glock.c:769
run_queue+0x294/0x3c4 fs/gfs2/glock.c:893
glock_work_func+0x190/0x288 fs/gfs2/glock.c:1059
process_one_work+0x2d8/0x504 kernel/workqueue.c:2289
worker_thread+0x340/0x610 kernel/workqueue.c:2436
kthread+0x12c/0x158 kernel/kthread.c:376
ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860
other info that might help us debug this:
Chain exists of:
>s_umount_key#113 --> (wq_completion)glock_workqueue -->
(work_completion)(&(>gl_work)->work)
Possible unsafe locking scenario:
CPU0CPU1
lock((work_completion)(&(>gl_work)->work));
lock((wq_completion)glock_workqueue);
lock((work_completion)(&(>gl_work)->work));
lock(>s_umount_key#113);
*** DEADLOCK ***
2 locks held by kworker/1:1H/76:
#0: c0de2f38 ((wq_completion)glock_workqueue){+.+.}-{0:0}, at:
process_one_work+0x270/0x504 kernel/workqueue.c:2262
#1: 8fb63d80 ((work_completion)(&(>gl_work)->work)){+.+.}-{0:0},
at: process_one_work+0x29c/0x504 kernel/workqueue.c:2264
stack backtrace:
CPU: 1 PID: 76 Comm: kworker/1:1H Not tainted
6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
09/30/
[Cluster-devel] [syzbot] general protection fault in do_xmote
Hello, syzbot found the following issue on: HEAD commit:c3e0e1e23c70 Merge tag 'irq_urgent_for_v6.0' of git://git... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11664a7088 kernel config: https://syzkaller.appspot.com/x/.config?x=a1992c90769e07 dashboard link: https://syzkaller.appspot.com/bug?extid=ececff266234ba40fe13 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+ececff266234ba40f...@syzkaller.appspotmail.com general protection fault, probably for non-canonical address 0xdc97: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x04b8-0x04bf] CPU: 2 PID: 70 Comm: kworker/2:1H Not tainted 6.0.0-rc7-syzkaller-00081-gc3e0e1e23c70 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Workqueue: glock_workqueue glock_work_func RIP: 0010:is_system_glock fs/gfs2/glock.c:720 [inline] RIP: 0010:do_xmote+0x492/0xc40 fs/gfs2/glock.c:828 Code: 03 80 3c 02 00 0f 85 2f 07 00 00 4d 8b ad 18 07 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bd b8 04 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ed 06 00 00 49 3b ad b8 04 00 00 0f 84 77 05 00 RSP: 0018:c9aa7c50 EFLAGS: 00010202 RAX: dc00 RBX: 888027624000 RCX: RDX: 0097 RSI: 8381e370 RDI: 04b8 RBP: 888074ceea90 R08: 0001 R09: R10: 0001 R11: R12: R13: R14: 888074ceeaf8 R15: 888074ceeab0 FS: () GS:88802ca0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 00990140 CR3: 76461000 CR4: 00150ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: run_queue+0x3cf/0x660 fs/gfs2/glock.c:893 glock_work_func+0xbe/0x3a0 fs/gfs2/glock.c:1059 process_one_work+0x991/0x1610 kernel/workqueue.c:2289 worker_thread+0x665/0x1080 kernel/workqueue.c:2436 kthread+0x2e4/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 Modules linked in: ---[ end trace ]--- RIP: 0010:is_system_glock fs/gfs2/glock.c:720 [inline] RIP: 0010:do_xmote+0x492/0xc40 fs/gfs2/glock.c:828 Code: 03 80 3c 02 00 0f 85 2f 07 00 00 4d 8b ad 18 07 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d bd b8 04 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ed 06 00 00 49 3b ad b8 04 00 00 0f 84 77 05 00 RSP: 0018:c9aa7c50 EFLAGS: 00010202 RAX: dc00 RBX: 888027624000 RCX: RDX: 0097 RSI: 8381e370 RDI: 04b8 RBP: 888074ceea90 R08: 0001 R09: R10: 0001 R11: R12: R13: R14: 888074ceeaf8 R15: 888074ceeab0 FS: () GS:88802ca0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 00990140 CR3: 76461000 CR4: 00150ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Code disassembly (best guess), 1 bytes skipped: 0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 4: 0f 85 2f 07 00 00 jne0x739 a: 4d 8b ad 18 07 00 00mov0x718(%r13),%r13 11: 48 b8 00 00 00 00 00movabs $0xdc00,%rax 18: fc ff df 1b: 49 8d bd b8 04 00 00lea0x4b8(%r13),%rdi 22: 48 89 famov%rdi,%rdx 25: 48 c1 ea 03 shr$0x3,%rdx * 29: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2d: 0f 85 ed 06 00 00 jne0x720 33: 49 3b ad b8 04 00 00cmp0x4b8(%r13),%rbp 3a: 0f .byte 0xf 3b: 84 77 05test %dh,0x5(%rdi) --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] [syzbot] kernel BUG in gfs2_glock_nq (2)
Hello, syzbot found the following issue on: HEAD commit:e47eb90a0a9a Add linux-next specific files for 20220901 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1622f1d888 kernel config: https://syzkaller.appspot.com/x/.config?x=7933882276523081 dashboard link: https://syzkaller.appspot.com/bug?extid=70f4e455dee59ab40c80 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/d3bf639370bc/disk-e47eb90a.raw.xz vmlinux: https://storage.googleapis.com/1c9c27c6eeef/vmlinux-e47eb90a.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+70f4e455dee59ab40...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: G: s:EX n:8/1 f:qb t:EX d:EX/0 a:0 v:0 r:5 m:20 p:0 gfs2: fsid=syz:syz.0: H: s:EX f:cH e:0 p:15361 [syz-executor.5] gfs2_quota_sync+0x2e2/0x660 fs/gfs2/quota.c:1322 [ cut here ] kernel BUG at fs/gfs2/glock.c:1541! invalid opcode: [#1] PREEMPT SMP KASAN CPU: 1 PID: 15361 Comm: syz-executor.5 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 RIP: 0010:add_to_queue fs/gfs2/glock.c:1541 [inline] RIP: 0010:gfs2_glock_nq.cold+0x2a1/0x2fa fs/gfs2/glock.c:1566 Code: 74 04 3c 03 7e 76 8b 53 18 44 89 f1 4c 89 ee 48 c7 c7 60 3a 3a 8a e8 8f 80 f3 ff ba 01 00 00 00 4c 89 e6 31 ff e8 fe f1 38 fa <0f> 0b e8 a7 3c 7e f8 4c 8b 04 24 e9 7f fd ff ff 45 31 f6 e9 fc fd RSP: 0018:c9000c52f7f0 EFLAGS: 00010286 RAX: RBX: 88803ee655e0 RCX: c90003e01000 RDX: 0004 RSI: 8383b5be RDI: 8a3a6fb0 RBP: 888075ee90e0 R08: 0001 R09: R10: 0001 R11: 6863657469676f6c R12: 88803ee655e0 R13: 888038445270 R14: 0001 R15: FS: 7f82a2a0a700() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2100 CR3: 79881000 CR4: 003506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: gfs2_glock_nq_init fs/gfs2/glock.h:263 [inline] do_sync+0x4b9/0xcf0 fs/gfs2/quota.c:914 gfs2_quota_sync+0x2e2/0x660 fs/gfs2/quota.c:1322 gfs2_sync_fs+0x40/0xb0 fs/gfs2/super.c:642 sync_filesystem.part.0+0x75/0x1d0 fs/sync.c:56 sync_filesystem+0x8b/0xc0 fs/sync.c:43 generic_shutdown_super+0x70/0x410 fs/super.c:473 kill_block_super+0x97/0xf0 fs/super.c:1427 gfs2_kill_sb+0x104/0x160 fs/gfs2/ops_fstype.c:1733 deactivate_locked_super+0x94/0x160 fs/super.c:331 deactivate_super+0xad/0xd0 fs/super.c:362 cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1186 task_work_run+0x16b/0x270 kernel/task_work.c:179 get_signal+0x1c3/0x2610 kernel/signal.c:2635 arch_do_signal_or_restart+0x82/0x2300 arch/x86/kernel/signal.c:869 exit_to_user_mode_loop kernel/entry/common.c:166 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:201 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f82a188a93a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f82a2a09f88 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffec RBX: 2200 RCX: 7f82a188a93a RDX: 2000 RSI: 2100 RDI: 7f82a2a09fe0 RBP: 7f82a2a0a020 R08: 7f82a2a0a020 R09: 2000 R10: R11: 0202 R12: 2000 R13: 2100 R14: 7f82a2a09fe0 R15: 20047a20 Modules linked in: ---[ end trace ]--- RIP: 0010:add_to_queue fs/gfs2/glock.c:1541 [inline] RIP: 0010:gfs2_glock_nq.cold+0x2a1/0x2fa fs/gfs2/glock.c:1566 Code: 74 04 3c 03 7e 76 8b 53 18 44 89 f1 4c 89 ee 48 c7 c7 60 3a 3a 8a e8 8f 80 f3 ff ba 01 00 00 00 4c 89 e6 31 ff e8 fe f1 38 fa <0f> 0b e8 a7 3c 7e f8 4c 8b 04 24 e9 7f fd ff ff 45 31 f6 e9 fc fd RSP: 0018:c9000c52f7f0 EFLAGS: 00010286 RAX: RBX: 88803ee655e0 RCX: c90003e01000 RDX: 0004 RSI: 8383b5be RDI: 8a3a6fb0 RBP: 888075ee90e0 R08: 0001 R09: R10: 0001 R11: 6863657469676f6c R12: 88803ee655e0 R13: 888038445270 R14: 0001 R15: FS: 7f82a2a0a700() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 2100 CR3: 00
Re: [Cluster-devel] [syzbot] UBSAN: shift-out-of-bounds in init_sb (3)
syzbot has found a reproducer for the following issue on: HEAD commit:e47eb90a0a9a Add linux-next specific files for 20220901 git tree: linux-next console+strace: https://syzkaller.appspot.com/x/log.txt?x=14c90dbf08 kernel config: https://syzkaller.appspot.com/x/.config?x=7933882276523081 dashboard link: https://syzkaller.appspot.com/bug?extid=dcf33a7aae997956fe06 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=179ef88088 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1704788708 Downloadable assets: disk image: https://storage.googleapis.com/d3bf639370bc/disk-e47eb90a.raw.xz vmlinux: https://storage.googleapis.com/1c9c27c6eeef/vmlinux-e47eb90a.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+dcf33a7aae997956f...@syzkaller.appspotmail.com loop0: detected capacity change from 0 to 256 gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" gfs2: fsid=loop0: Now mounting FS (format 1801)... UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19 shift exponent 327683 is too large for 64-bit type 'long unsigned int' CPU: 0 PID: 3611 Comm: syz-executor306 Not tainted 6.0.0-rc3-next-20220901-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 ubsan_epilogue+0xb/0x50 lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322 gfs2_read_sb fs/gfs2/ops_fstype.c:295 [inline] init_sb.cold+0x19/0x109 fs/gfs2/ops_fstype.c:487 gfs2_fill_super+0x17fe/0x27a0 fs/gfs2/ops_fstype.c:1209 get_tree_bdev+0x440/0x760 fs/super.c:1323 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1325 vfs_get_tree+0x89/0x2f0 fs/super.c:1530 do_new_mount fs/namespace.c:3040 [inline] path_mount+0x1326/0x1e20 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fd9bd10d16a Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffcd1985f38 EFLAGS: 0282 ORIG_RAX: 00a5 RAX: ffda RBX: 7ffcd1985f90 RCX: 7fd9bd10d16a RDX: 2000 RSI: 2100 RDI: 7ffcd1985f50 RBP: 7ffcd1985f50 R08: 7ffcd1985f90 R09: R10: R11: 0282 R12: 2218 R13: 0003 R14: 0004 R15: 0001
[Cluster-devel] [syzbot] UBSAN: shift-out-of-bounds in init_sb (3)
Hello, syzbot found the following issue on: HEAD commit:200e340f2196 Merge tag 'pull-work.dcache' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=150cbda908 kernel config: https://syzkaller.appspot.com/x/.config?x=1b664fba5e66c4bf dashboard link: https://syzkaller.appspot.com/bug?extid=dcf33a7aae997956fe06 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+dcf33a7aae997956f...@syzkaller.appspotmail.com loop1: detected capacity change from 0 to 37440 gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" gfs2: fsid=syz:syz: Now mounting FS (format 1801)... UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:297:19 shift exponent 50331651 is too large for 64-bit type 'unsigned long' CPU: 0 PID: 30381 Comm: syz-executor.1 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322 gfs2_read_sb fs/gfs2/ops_fstype.c:297 [inline] init_sb+0x11d6/0x12c0 fs/gfs2/ops_fstype.c:487 gfs2_fill_super+0x1a3c/0x2750 fs/gfs2/ops_fstype.c:1209 get_tree_bdev+0x400/0x620 fs/super.c:1292 gfs2_get_tree+0x50/0x210 fs/gfs2/ops_fstype.c:1325 vfs_get_tree+0x88/0x270 fs/super.c:1497 do_new_mount+0x289/0xad0 fs/namespace.c:3040 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount+0x2e3/0x3d0 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fc20ac8a7aa Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fc20be95f88 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffda RBX: 2200 RCX: 7fc20ac8a7aa RDX: 2000 RSI: 2100 RDI: 7fc20be95fe0 RBP: 7fc20be96020 R08: 7fc20be96020 R09: 2000 R10: R11: 0202 R12: 2000 R13: 2100 R14: 7fc20be95fe0 R15: 20047a20 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] [syzbot] KASAN: invalid-free in free_prealloced_shrinker
Hello,
syzbot found the following issue on:
HEAD commit:cb71b93c2dc3 Add linux-next specific files for 20220628
git tree: linux-next
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1362115208
kernel config: https://syzkaller.appspot.com/x/.config?x=badbc1adb2d582eb
dashboard link: https://syzkaller.appspot.com/bug?extid=8b481578352d4637f510
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for
Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=150c25fc08
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1308956208
The issue was bisected to:
commit bec0918551a79c3c6b63a493a80e35e8b402804f
Author: Roman Gushchin
Date: Wed Jun 1 03:22:24 2022 +
mm: shrinkers: provide shrinkers with names
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17451fd008
final oops: https://syzkaller.appspot.com/x/report.txt?x=14c51fd008
console output: https://syzkaller.appspot.com/x/log.txt?x=10c51fd008
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b481578352d4637f...@syzkaller.appspotmail.com
Fixes: bec0918551a7 ("mm: shrinkers: provide shrinkers with names")
==
BUG: KASAN: double-free in slab_free mm/slub.c:3534 [inline]
BUG: KASAN: double-free in kfree+0xe2/0x4d0 mm/slub.c:4562
CPU: 0 PID: 3647 Comm: syz-executor232 Not tainted
5.19.0-rc4-next-20220628-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
06/29/2022
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x719 mm/kasan/report.c:433
kasan_report_invalid_free+0x8f/0x1a0 mm/kasan/report.c:462
kasan_slab_free+0x18b/0x1c0 mm/kasan/common.c:355
kasan_slab_free include/linux/kasan.h:200 [inline]
slab_free_hook mm/slub.c:1754 [inline]
slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1780
slab_free mm/slub.c:3534 [inline]
kfree+0xe2/0x4d0 mm/slub.c:4562
kfree_const+0x51/0x60 mm/util.c:41
free_prealloced_shrinker+0x32/0x160 mm/vmscan.c:658
destroy_unused_super.part.0+0x106/0x170 fs/super.c:185
destroy_unused_super fs/super.c:278 [inline]
alloc_super+0x8bd/0xaa0 fs/super.c:277
sget_fc+0x13e/0x7c0 fs/super.c:530
vfs_get_super fs/super.c:1134 [inline]
get_tree_nodev+0x24/0x1d0 fs/super.c:1169
vfs_get_tree+0x89/0x2f0 fs/super.c:1501
do_new_mount fs/namespace.c:3040 [inline]
path_mount+0x1320/0x1fa0 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3568
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x46/0xb0
RIP: 0033:0x7f84280f4ef9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 15 00 00 90 48 89 f8 48 89 f7 48
89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01
c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:7ffc55338338 EFLAGS: 0246 ORIG_RAX: 00a5
RAX: ffda RBX: 0003 RCX: 7f84280f4ef9
RDX: 20c0 RSI: 2080 RDI:
RBP: 7ffc55338360 R08: R09: 7ffc55338370
R10: R11: 0246 R12: 0003
R13: 7ffc55338380 R14: 7ffc553383c0 R15: 0006
Allocated by task 143:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:436 [inline]
kasan_kmalloc mm/kasan/common.c:515 [inline]
kasan_kmalloc mm/kasan/common.c:474 [inline]
__kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524
kmalloc include/linux/slab.h:605 [inline]
kzalloc include/linux/slab.h:733 [inline]
rh_call_control drivers/usb/core/hcd.c:514 [inline]
rh_urb_enqueue drivers/usb/core/hcd.c:848 [inline]
usb_hcd_submit_urb+0x661/0x2220 drivers/usb/core/hcd.c:1551
usb_submit_urb+0x86d/0x1880 drivers/usb/core/urb.c:594
usb_start_wait_urb+0x101/0x4b0 drivers/usb/core/message.c:58
usb_internal_control_msg drivers/usb/core/message.c:102 [inline]
usb_control_msg+0x31c/0x4a0 drivers/usb/core/message.c:153
get_port_status drivers/usb/core/hub.c:580 [inline]
hub_ext_port_status+0x112/0x450 drivers/usb/core/hub.c:597
usb_hub_port_status drivers/usb/core/hub.c:619 [inline]
hub_activate+0xa5c/0x1c90 drivers/usb/core/hub.c:1129
process_one_work+0x991/0x1610 kernel/workqueue.c:2289
worker_thread+0x665/0x1080 kernel/workqueue.c:2436
kthread+0x2e9/0x3a0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:302
Freed by task 3647:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track+0x21/0x30 mm/kasan/common.c:45
kasan_set_free_info+0x20/0x30 mm
[Cluster-devel] [syzbot] general protection fault in gfs2_evict_inode (2)
Hello, syzbot found the following issue on: HEAD commit:ca1fdab7fd27 Merge tag 'efi-urgent-for-v5.19-1' of git://g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=102e856008 kernel config: https://syzkaller.appspot.com/x/.config?x=542d3d75f0e6f36f dashboard link: https://syzkaller.appspot.com/bug?extid=8a5fc6416c175cecea34 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+8a5fc6416c175cece...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: first mount done, others may mount general protection fault, probably for non-canonical address 0xdc11: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0088-0x008f] CPU: 1 PID: 10573 Comm: syz-executor.0 Not tainted 5.19.0-rc3-syzkaller-00038-gca1fdab7fd27 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:evict_linked_inode fs/gfs2/super.c:1329 [inline] RIP: 0010:gfs2_evict_inode+0xbf2/0x2030 fs/gfs2/super.c:1384 Code: 03 80 3c 02 00 0f 85 bd 13 00 00 48 8b 9d 00 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 8c 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e0 RSP: 0018:c90005ae7670 EFLAGS: 00010217 RAX: dc00 RBX: RCX: c90003a83000 RDX: 0011 RSI: 838de301 RDI: 008c RBP: 88802cd6c000 R08: 0005 R09: R10: R11: 0001 R12: 0001 R13: 88802e1a5160 R14: 88802e1a5698 R15: 88802e1a5610 FS: 7f4c042c5700() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fa58679d090 CR3: 7d0e3000 CR4: 00350ee0 Call Trace: evict+0x2ed/0x6b0 fs/inode.c:664 iput_final fs/inode.c:1744 [inline] iput.part.0+0x562/0x820 fs/inode.c:1770 iput+0x58/0x70 fs/inode.c:1760 init_journal fs/gfs2/ops_fstype.c:870 [inline] init_inodes+0x28c/0x2720 fs/gfs2/ops_fstype.c:924 gfs2_fill_super+0x1b49/0x28a0 fs/gfs2/ops_fstype.c:1242 get_tree_bdev+0x440/0x760 fs/super.c:1292 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1325 vfs_get_tree+0x89/0x2f0 fs/super.c:1497 do_new_mount fs/namespace.c:3040 [inline] path_mount+0x1320/0x1fa0 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP: 0033:0x7f4c0308a63a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f4c042c4f88 EFLAGS: 0206 ORIG_RAX: 00a5 RAX: ffda RBX: 2200 RCX: 7f4c0308a63a RDX: 2000 RSI: 2100 RDI: 7f4c042c4fe0 RBP: 7f4c042c5020 R08: 7f4c042c5020 R09: 2000 R10: R11: 0206 R12: 2000 R13: 2100 R14: 7f4c042c4fe0 R15: 20047a20 Modules linked in: ---[ end trace ]--- RIP: 0010:evict_linked_inode fs/gfs2/super.c:1329 [inline] RIP: 0010:gfs2_evict_inode+0xbf2/0x2030 fs/gfs2/super.c:1384 Code: 03 80 3c 02 00 0f 85 bd 13 00 00 48 8b 9d 00 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 8c 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e0 RSP: 0018:c90005ae7670 EFLAGS: 00010217 RAX: dc00 RBX: RCX: c90003a83000 RDX: 0011 RSI: 838de301 RDI: 008c RBP: 88802cd6c000 R08: 0005 R09: R10: R11: 0001 R12: 0001 R13: 88802e1a5160 R14: 88802e1a5698 R15: 88802e1a5610 FS: 7f4c042c5700() GS:8880b9b0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fa58679d090 CR3: 7d0e3000 CR4: 00350ee0 Code disassembly (best guess): 0: 03 80 3c 02 00 0f add0xf00023c(%rax),%eax 6: 85 bd 13 00 00 48 test %edi,0x4813(%rbp) c: 8b 9d 00 09 00 00 mov0x900(%rbp),%ebx 12: 48 b8 00 00 00 00 00movabs $0xdc00,%rax 19: fc ff df 1c: 48 8d bb 8c 00 00 00lea0x8c(%rbx),%rdi 23: 48 89 famov%rdi,%rdx 26: 48 c1 ea 03 shr$0x3,%rdx * 2a: 0f b6 14 02 movzbl (%rdx,%rax,1),%edx <-- trapping instruc
[Cluster-devel] [syzbot] UBSAN: shift-out-of-bounds in init_sb (2)
Hello, syzbot found the following issue on: HEAD commit:ff511c1c68a5 Add linux-next specific files for 20220408 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=17921824f0 kernel config: https://syzkaller.appspot.com/x/.config?x=d0168787d544f48e dashboard link: https://syzkaller.appspot.com/bug?extid=331b35dba416a8c626ba compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+331b35dba416a8c62...@syzkaller.appspotmail.com gfs2: fsid=syz:syz: Now mounting FS (format 1801)... UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:297:19 shift exponent 50331651 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 29651 Comm: syz-executor.0 Not tainted 5.18.0-rc1-next-20220408-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 ubsan_epilogue+0xb/0x50 lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x187 lib/ubsan.c:322 gfs2_read_sb fs/gfs2/ops_fstype.c:297 [inline] init_sb.cold+0x19/0x109 fs/gfs2/ops_fstype.c:488 gfs2_fill_super+0x18a7/0x28a0 fs/gfs2/ops_fstype.c:1211 get_tree_bdev+0x440/0x760 fs/super.c:1292 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1327 vfs_get_tree+0x89/0x2f0 fs/super.c:1497 do_new_mount fs/namespace.c:3040 [inline] path_mount+0x1320/0x1fa0 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3568 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f445ce8a57a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f445dfacf88 EFLAGS: 0206 ORIG_RAX: 00a5 RAX: ffda RBX: 2200 RCX: 7f445ce8a57a RDX: 2000 RSI: 2100 RDI: 7f445dfacfe0 RBP: 7f445dfad020 R08: 7f445dfad020 R09: 2000 R10: R11: 0206 R12: 2000 R13: 2100 R14: 7f445dfacfe0 R15: 20047a20 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] [syzbot] KASAN: use-after-free Read in qd_unlock
Hello, syzbot found the following issue on: HEAD commit:1bc191051dca Merge tag 'trace-v5.18' of git://git.kernel.o.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=110faa7570 kernel config: https://syzkaller.appspot.com/x/.config?x=70f8915481c02c4 dashboard link: https://syzkaller.appspot.com/bug?extid=36c6631f1635a4a9c63a compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+36c6631f1635a4a9c...@syzkaller.appspotmail.com RSP: 002b:7ffc995fc558 EFLAGS: 0246 ORIG_RAX: 00a6 RAX: RBX: RCX: 7f436088a4b7 RDX: 7ffc995fc62c RSI: 000a RDI: 7ffc995fc620 RBP: 7ffc995fc620 R08: R09: 7ffc995fc3f0 R10: 55cfb8b3 R11: 0246 R12: 7f43608e21ea R13: 7ffc995fd6e0 R14: 55cfb810 R15: 7ffc995fd720 == BUG: KASAN: use-after-free in instrument_atomic_read include/linux/instrumented.h:71 [inline] BUG: KASAN: use-after-free in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] BUG: KASAN: use-after-free in qd_unlock+0x30/0x2d0 fs/gfs2/quota.c:486 Read of size 8 at addr 88802a3bf330 by task syz-executor.4/3635 CPU: 1 PID: 3635 Comm: syz-executor.4 Tainted: GW 5.17.0-syzkaller-02237-g1bc191051dca #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1dc/0x2d8 lib/dump_stack.c:106 print_address_description+0x64/0x400 mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report+0x19a/0x1f0 mm/kasan/report.c:459 kasan_check_range+0x2b5/0x2f0 mm/kasan/generic.c:189 instrument_atomic_read include/linux/instrumented.h:71 [inline] test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline] qd_unlock+0x30/0x2d0 fs/gfs2/quota.c:486 gfs2_quota_sync+0x69f/0x7f0 fs/gfs2/quota.c:1317 gfs2_sync_fs+0x49/0xb0 fs/gfs2/super.c:642 sync_filesystem+0xe8/0x220 fs/sync.c:56 generic_shutdown_super+0x6b/0x300 fs/super.c:445 kill_block_super+0x79/0xd0 fs/super.c:1394 deactivate_locked_super+0xa7/0xf0 fs/super.c:332 cleanup_mnt+0x462/0x510 fs/namespace.c:1173 task_work_run+0x146/0x1c0 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:188 [inline] exit_to_user_mode_loop kernel/entry/common.c:190 [inline] exit_to_user_mode_prepare+0x1dd/0x200 kernel/entry/common.c:222 __syscall_exit_to_user_mode_work kernel/entry/common.c:304 [inline] syscall_exit_to_user_mode+0x2e/0x70 kernel/entry/common.c:315 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f436088a4b7 Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffc995fc558 EFLAGS: 0246 ORIG_RAX: 00a6 RAX: RBX: RCX: 7f436088a4b7 RDX: 7ffc995fc62c RSI: 000a RDI: 7ffc995fc620 RBP: 7ffc995fc620 R08: R09: 7ffc995fc3f0 R10: 55cfb8b3 R11: 0246 R12: 7f43608e21ea R13: 7ffc995fd6e0 R14: 55cfb810 R15: 7ffc995fd720 Allocated by task 4751: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] __kasan_slab_alloc+0xb2/0xe0 mm/kasan/common.c:469 kasan_slab_alloc include/linux/kasan.h:239 [inline] slab_post_alloc_hook mm/slab.h:749 [inline] slab_alloc_node mm/slub.c:3230 [inline] slab_alloc mm/slub.c:3238 [inline] __kmem_cache_alloc_lru mm/slub.c:3245 [inline] kmem_cache_alloc+0x1c9/0x310 mm/slub.c:3255 kmem_cache_zalloc include/linux/slab.h:707 [inline] qd_alloc+0x51/0x250 fs/gfs2/quota.c:216 gfs2_quota_init+0x798/0x1040 fs/gfs2/quota.c:1407 gfs2_make_fs_rw+0x4c0/0x640 fs/gfs2/super.c:153 gfs2_fill_super+0x3663/0x4a70 fs/gfs2/ops_fstype.c:1269 get_tree_bdev+0x406/0x630 fs/super.c:1292 gfs2_get_tree+0x50/0x200 fs/gfs2/ops_fstype.c:1325 vfs_get_tree+0x86/0x270 fs/super.c:1497 do_new_mount fs/namespace.c:3026 [inline] path_mount+0x1986/0x2c30 fs/namespace.c:3356 do_mount fs/namespace.c:3369 [inline] __do_sys_mount fs/namespace.c:3577 [inline] __se_sys_mount+0x308/0x3c0 fs/namespace.c:3554 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 0: kasan_save_stack mm/kasan/common.c:38 [inline] kasan_set_track+0x4c/0x70 mm/kasan/common.c:45 kasan_set_free_info+0x1f/0x40 mm/kasan/generic.c:370 kasan_slab_free+0x136/0x1e0 mm
[Cluster-devel] [syzbot] general protection fault in gfs2_evict_inode
Hello, syzbot found the following issue on: HEAD commit:d4439a1189f9 Merge tag 'hsi-for-5.16' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13fae7cab0 kernel config: https://syzkaller.appspot.com/x/.config?x=7f2760850058fbfb dashboard link: https://syzkaller.appspot.com/bug?extid=f77e2d1dc867b6accaf9 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+f77e2d1dc867b6acc...@syzkaller.appspotmail.com R10: R11: 0206 R12: 2000 R13: 2100 R14: 7f4836721000 R15: 20047a20 gfs2: fsid=syz:syz.0: can't read journal index: -5 general protection fault, probably for non-canonical address 0xdc11: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0088-0x008f] CPU: 1 PID: 25372 Comm: syz-executor.3 Not tainted 5.15.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:evict_linked_inode fs/gfs2/super.c:1331 [inline] RIP: 0010:gfs2_evict_inode+0xbe2/0x2070 fs/gfs2/super.c:1386 Code: 03 80 3c 02 00 0f 85 d0 13 00 00 48 8b 9d 00 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 8c 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 RSP: 0018:c90009bb77c8 EFLAGS: 00010217 RAX: dc00 RBX: RCX: c9000b53c000 RDX: 0011 RSI: 836c5f71 RDI: 008c RBP: 88803ae28000 R08: R09: 88807115fb43 R10: 83666100 R11: R12: 0001 R13: 88807115fcb8 R14: 8880959e5cd8 R15: 8880959e5828 FS: 7f4836721700() GS:8880b9d0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f2fb011f000 CR3: 22ee7000 CR4: 00350ee0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0600 Call Trace: evict+0x2ed/0x6b0 fs/inode.c:588 iput_final fs/inode.c:1664 [inline] iput.part.0+0x539/0x850 fs/inode.c:1690 iput+0x58/0x70 fs/inode.c:1680 dentry_unlink_inode+0x2b1/0x460 fs/dcache.c:376 __dentry_kill+0x3c0/0x640 fs/dcache.c:582 dentry_kill fs/dcache.c:708 [inline] dput+0x738/0xbc0 fs/dcache.c:888 gfs2_fill_super+0x2048/0x28a0 fs/gfs2/ops_fstype.c:1296 get_tree_bdev+0x440/0x760 fs/super.c:1293 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1327 vfs_get_tree+0x89/0x2f0 fs/super.c:1498 do_new_mount fs/namespace.c:2988 [inline] path_mount+0x1320/0x1fa0 fs/namespace.c:3318 do_mount fs/namespace.c:3331 [inline] __do_sys_mount fs/namespace.c:3539 [inline] __se_sys_mount fs/namespace.c:3516 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3516 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f48391ad01a Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:7f4836720fa8 EFLAGS: 0206 ORIG_RAX: 00a5 RAX: ffda RBX: 2200 RCX: 7f48391ad01a RDX: 2000 RSI: 2100 RDI: 7f4836721000 RBP: 7f4836721040 R08: 7f4836721040 R09: 2000 R10: R11: 0206 R12: 2000 R13: 2100 R14: 7f4836721000 R15: 20047a20 Modules linked in: ---[ end trace 68c9d12f167f0520 ]--- RIP: 0010:evict_linked_inode fs/gfs2/super.c:1331 [inline] RIP: 0010:gfs2_evict_inode+0xbe2/0x2070 fs/gfs2/super.c:1386 Code: 03 80 3c 02 00 0f 85 d0 13 00 00 48 8b 9d 00 09 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d bb 8c 00 00 00 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 09 84 d2 74 05 e8 RSP: 0018:c90009bb77c8 EFLAGS: 00010217 RAX: dc00 RBX: RCX: c9000b53c000 RDX: 0011 RSI: 836c5f71 RDI: 008c RBP: 88803ae28000 R08: R09: 88807115fb43 R10: 83666100 R11: R12: 0001 R13: 88807115fcb8 R14: 8880959e5cd8 R15: 8880959e5828 FS: 7f4836721700() GS:8880b9d0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f2fb011f000 CR3: 22ee7000 CR4: 00350ee0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0600 Code disassembly (best guess): 0: 03 80 3c 02 00 0f add0xf00023c(%rax),
[Cluster-devel] [syzbot] kernel BUG in gfs2_glock_nq
Hello, syzbot found the following issue on: HEAD commit:136057256686 Linux 5.16-rc2 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=15bda5b2b0 kernel config: https://syzkaller.appspot.com/x/.config?x=bf85c53718a1e697 dashboard link: https://syzkaller.appspot.com/bug?extid=96502fc81e6d27a52341 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+96502fc81e6d27a52...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: G: s:EX n:8/1 f:qb t:EX d:EX/0 a:0 v:0 r:5 m:20 p:0 gfs2: fsid=syz:syz.0: H: s:EX f:cH e:0 p:3725 [syz-executor.1] gfs2_quota_sync+0x2e2/0x660 fs/gfs2/quota.c:1310 [ cut here ] kernel BUG at fs/gfs2/glock.c:1548! invalid opcode: [#1] PREEMPT SMP KASAN CPU: 1 PID: 3725 Comm: syz-executor.1 Not tainted 5.16.0-rc2-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 RIP: 0010:add_to_queue fs/gfs2/glock.c:1548 [inline] RIP: 0010:gfs2_glock_nq.cold+0x2a1/0x2fa fs/gfs2/glock.c:1572 Code: 74 04 3c 03 7e 76 8b 53 18 44 89 e9 4c 89 f6 48 c7 c7 60 58 f6 89 e8 88 3d f3 ff ba 01 00 00 00 4c 89 e6 31 ff e8 10 aa 57 fa <0f> 0b e8 19 64 af f8 4c 8b 04 24 e9 7f fd ff ff 45 31 ff e9 fc fd RSP: :c90001f1fae8 EFLAGS: 00010282 RAX: RBX: 88806f9aec80 RCX: RDX: 88804b334240 RSI: 83656106 RDI: 89f68dc8 RBP: 888018610238 R08: R09: 0001 R10: 836560b2 R11: R12: 88806f9aec80 R13: 0001 R14: 8880765592c0 R15: 0001 FS: 57540400() GS:88802cb0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 004cba71 CR3: 735b2000 CR4: 00150ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: gfs2_glock_nq_init fs/gfs2/glock.h:254 [inline] do_sync+0x4b9/0xcf0 fs/gfs2/quota.c:902 gfs2_quota_sync+0x2e2/0x660 fs/gfs2/quota.c:1310 gfs2_sync_fs+0x40/0xb0 fs/gfs2/super.c:642 sync_filesystem fs/sync.c:56 [inline] sync_filesystem+0x105/0x260 fs/sync.c:30 generic_shutdown_super+0x70/0x400 fs/super.c:448 kill_block_super+0x97/0xf0 fs/super.c:1397 gfs2_kill_sb+0x104/0x160 fs/gfs2/ops_fstype.c:1735 deactivate_locked_super+0x94/0x160 fs/super.c:335 deactivate_super+0xad/0xd0 fs/super.c:366 cleanup_mnt+0x3a2/0x540 fs/namespace.c:1137 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7ff8eb5b6f57 Code: ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffca9da6618 EFLAGS: 0246 ORIG_RAX: 00a6 RAX: RBX: RCX: 7ff8eb5b6f57 RDX: 7ffca9da66eb RSI: 000a RDI: 7ffca9da66e0 RBP: 7ffca9da66e0 R08: R09: 7ffca9da64b0 R10: 575418b3 R11: 0246 R12: 7ff8eb60f105 R13: 7ffca9da77a0 R14: 57541810 R15: 7ffca9da77e0 Modules linked in: ---[ end trace f8afb8dcf8bb318a ]--- RIP: 0010:add_to_queue fs/gfs2/glock.c:1548 [inline] RIP: 0010:gfs2_glock_nq.cold+0x2a1/0x2fa fs/gfs2/glock.c:1572 Code: 74 04 3c 03 7e 76 8b 53 18 44 89 e9 4c 89 f6 48 c7 c7 60 58 f6 89 e8 88 3d f3 ff ba 01 00 00 00 4c 89 e6 31 ff e8 10 aa 57 fa <0f> 0b e8 19 64 af f8 4c 8b 04 24 e9 7f fd ff ff 45 31 ff e9 fc fd RSP: :c90001f1fae8 EFLAGS: 00010282 RAX: RBX: 88806f9aec80 RCX: RDX: 88804b334240 RSI: 83656106 RDI: 89f68dc8 RBP: 888018610238 R08: R09: 0001 R10: 836560b2 R11: R12: 88806f9aec80 R13: 0001 R14: 8880765592c0 R15: 0001 FS: 57540400() GS:88802cb0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 004cba71 CR3: 735b2000 CR4: 00150ee0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. sy
Re: [Cluster-devel] [syzbot] WARNING in __set_page_dirty
syzbot has found a reproducer for the following issue on: HEAD commit:f8fbb47c6e86 Merge branch 'for-v5.14' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=125aadf630 kernel config: https://syzkaller.appspot.com/x/.config?x=e3a20bae04b96ccd dashboard link: https://syzkaller.appspot.com/bug?extid=0d5b462a6f07447991b3 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=122742ee30 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1792538130 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+0d5b462a6f0744799...@syzkaller.appspotmail.com NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ cut here ] WARNING: CPU: 0 PID: 8496 at include/linux/backing-dev.h:283 inode_to_wb include/linux/backing-dev.h:283 [inline] WARNING: CPU: 0 PID: 8496 at include/linux/backing-dev.h:283 account_page_dirtied mm/page-writeback.c:2435 [inline] WARNING: CPU: 0 PID: 8496 at include/linux/backing-dev.h:283 __set_page_dirty+0xace/0x1070 mm/page-writeback.c:2483 Modules linked in: CPU: 0 PID: 8496 Comm: segctord Not tainted 5.14.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:inode_to_wb include/linux/backing-dev.h:283 [inline] RIP: 0010:account_page_dirtied mm/page-writeback.c:2435 [inline] RIP: 0010:__set_page_dirty+0xace/0x1070 mm/page-writeback.c:2483 Code: a8 01 00 00 be ff ff ff ff 48 8d 78 70 e8 ea 60 8d 07 31 ff 89 c3 89 c6 e8 cf a6 d8 ff 85 db 0f 85 ac f7 ff ff e8 82 9f d8 ff <0f> 0b e9 a0 f7 ff ff e8 76 9f d8 ff 4c 8d 75 08 48 b8 00 00 00 00 RSP: 0018:c9000175f8c8 EFLAGS: 00010093 RAX: RBX: RCX: RDX: 8880263b9c40 RSI: 819d083e RDI: 0003 RBP: ea82dac0 R08: R09: 0001 R10: 819d0831 R11: R12: 0293 R13: 888037e60138 R14: 888037e60488 R15: 888037e602e0 FS: () GS:8880b9c0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 5593610abbe0 CR3: 16882000 CR4: 00350ef0 Call Trace: mark_buffer_dirty+0x49a/0x5e0 fs/buffer.c:1108 nilfs_btree_propagate_p fs/nilfs2/btree.c:1889 [inline] nilfs_btree_propagate+0x4ae/0xea0 fs/nilfs2/btree.c:2085 nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337 nilfs_collect_dat_data+0x45/0xd0 fs/nilfs2/segment.c:625 nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1009 nilfs_segctor_scan_file+0x3e4/0x700 fs/nilfs2/segment.c:1058 nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1224 [inline] nilfs_segctor_collect fs/nilfs2/segment.c:1494 [inline] nilfs_segctor_do_construct+0x16ee/0x6b20 fs/nilfs2/segment.c:2036 nilfs_segctor_construct+0x7a7/0xb30 fs/nilfs2/segment.c:2372 nilfs_segctor_thread_construct fs/nilfs2/segment.c:2480 [inline] nilfs_segctor_thread+0x3c3/0xf90 fs/nilfs2/segment.c:2563 kthread+0x3e5/0x4d0 kernel/kthread.c:319 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Code disassembly (best guess): 0: a8 01 test $0x1,%al 2: 00 00 add%al,(%rax) 4: be ff ff ff ff mov$0x,%esi 9: 48 8d 78 70 lea0x70(%rax),%rdi d: e8 ea 60 8d 07 callq 0x78d60fc 12: 31 ff xor%edi,%edi 14: 89 c3 mov%eax,%ebx 16: 89 c6 mov%eax,%esi 18: e8 cf a6 d8 ff callq 0xffd8a6ec 1d: 85 db test %ebx,%ebx 1f: 0f 85 ac f7 ff ff jne0xf7d1 25: e8 82 9f d8 ff callq 0xffd89fac 2a: 0f 0b ud2 <-- trapping instruction 2c: e9 a0 f7 ff ff jmpq 0xf7d1 31: e8 76 9f d8 ff callq 0xffd89fac 36: 4c 8d 75 08 lea0x8(%rbp),%r14 3a: 48 rex.W 3b: b8 00 00 00 00 mov$0x0,%eax
[Cluster-devel] [syzbot] UBSAN: shift-out-of-bounds in init_sb
Hello, syzbot found the following issue on: HEAD commit:62fb9874 Linux 5.13 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=12b490fbd0 kernel config: https://syzkaller.appspot.com/x/.config?x=e8e1ef25331bf17e dashboard link: https://syzkaller.appspot.com/bug?extid=a498b19f2d8b0d716088 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a498b19f2d8b0d716...@syzkaller.appspotmail.com gfs2: fsid=syz:syz: Now mounting FS (format 1801)... UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:299:19 shift exponent 100663299 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 30834 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 gfs2_read_sb fs/gfs2/ops_fstype.c:299 [inline] init_sb.cold+0x19/0x109 fs/gfs2/ops_fstype.c:489 gfs2_fill_super+0x18a6/0x2680 fs/gfs2/ops_fstype.c:1171 get_tree_bdev+0x440/0x760 fs/super.c:1293 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1273 vfs_get_tree+0x89/0x2f0 fs/super.c:1498 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x132a/0x1fa0 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount fs/namespace.c:3433 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3433 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x467afa Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:7fd3a69ebfa8 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffda RBX: 2200 RCX: 00467afa RDX: 2000 RSI: 2100 RDI: 7fd3a69ec000 RBP: 7fd3a69ec040 R08: 7fd3a69ec040 R09: 2000 R10: R11: 0202 R12: 2000 R13: 2100 R14: 7fd3a69ec000 R15: 20047a20 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] [syzbot] KASAN: use-after-free Read in gfs2_glock_shrink_scan
Hello, syzbot found the following issue on: HEAD commit:315d9931 Merge tag 'pm-5.13-rc2' of git://git.kernel.org/p.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=126d17b3d0 kernel config: https://syzkaller.appspot.com/x/.config?x=4e950b1ffed48778 dashboard link: https://syzkaller.appspot.com/bug?extid=34ba7ddbf3021981a228 userspace arch: i386 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+34ba7ddbf3021981a...@syzkaller.appspotmail.com == BUG: KASAN: use-after-free in __list_del_entry_valid+0xcc/0xf0 lib/list_debug.c:42 Read of size 8 at addr 888074ee8f20 by task khugepaged/1669 CPU: 0 PID: 1669 Comm: khugepaged Not tainted 5.13.0-rc1-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:233 __kasan_report mm/kasan/report.c:419 [inline] kasan_report.cold+0x7c/0xd8 mm/kasan/report.c:436 __list_del_entry_valid+0xcc/0xf0 lib/list_debug.c:42 __list_del_entry include/linux/list.h:132 [inline] list_del_init include/linux/list.h:204 [inline] gfs2_dispose_glock_lru fs/gfs2/glock.c:1777 [inline] gfs2_scan_glock_lru fs/gfs2/glock.c:1832 [inline] gfs2_glock_shrink_scan fs/gfs2/glock.c:1843 [inline] gfs2_glock_shrink_scan+0x69f/0xa80 fs/gfs2/glock.c:1838 do_shrink_slab+0x42d/0xbd0 mm/vmscan.c:709 shrink_slab+0x17f/0x6f0 mm/vmscan.c:869 shrink_node_memcgs mm/vmscan.c:2852 [inline] shrink_node+0x8d1/0x1de0 mm/vmscan.c:2967 shrink_zones mm/vmscan.c:3170 [inline] do_try_to_free_pages+0x388/0x14b0 mm/vmscan.c:3225 try_to_free_pages+0x29f/0x750 mm/vmscan.c:3464 __perform_reclaim mm/page_alloc.c:4430 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:4451 [inline] __alloc_pages_slowpath.constprop.0+0x84e/0x2140 mm/page_alloc.c:4855 __alloc_pages+0x422/0x500 mm/page_alloc.c:5213 __alloc_pages_node include/linux/gfp.h:549 [inline] khugepaged_alloc_page+0xa0/0x170 mm/khugepaged.c:882 collapse_huge_page mm/khugepaged.c:1085 [inline] khugepaged_scan_pmd mm/khugepaged.c:1368 [inline] khugepaged_scan_mm_slot mm/khugepaged.c:2137 [inline] khugepaged_do_scan mm/khugepaged.c:2218 [inline] khugepaged+0x312b/0x5530 mm/khugepaged.c:2263 kthread+0x3b1/0x4a0 kernel/kthread.c:313 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Allocated by task 10231: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:428 [inline] __kasan_slab_alloc+0x84/0xa0 mm/kasan/common.c:461 kasan_slab_alloc include/linux/kasan.h:236 [inline] slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:2912 [inline] slab_alloc mm/slub.c:2920 [inline] kmem_cache_alloc+0x152/0x3a0 mm/slub.c:2925 gfs2_glock_get+0x20e/0x1100 fs/gfs2/glock.c:1027 gfs2_inode_lookup+0x2c9/0xb10 fs/gfs2/inode.c:149 gfs2_dir_search+0x20f/0x2c0 fs/gfs2/dir.c:1665 gfs2_lookupi+0x475/0x640 fs/gfs2/inode.c:332 gfs2_lookup_simple+0x99/0xe0 fs/gfs2/inode.c:273 init_inodes+0x1c79/0x2610 fs/gfs2/ops_fstype.c:880 gfs2_fill_super+0x1b4a/0x2680 fs/gfs2/ops_fstype.c:1204 get_tree_bdev+0x440/0x760 fs/super.c:1293 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1273 vfs_get_tree+0x89/0x2f0 fs/super.c:1498 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x132a/0x1fa0 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount fs/namespace.c:3433 [inline] __ia32_sys_mount+0x27e/0x300 fs/namespace.c:3433 do_syscall_32_irqs_on arch/x86/entry/common.c:78 [inline] __do_fast_syscall_32+0x67/0xe0 arch/x86/entry/common.c:143 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:168 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Freed by task 8886: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_set_track+0x1c/0x30 mm/kasan/common.c:46 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:357 kasan_slab_free mm/kasan/common.c:360 [inline] kasan_slab_free mm/kasan/common.c:325 [inline] __kasan_slab_free+0xfb/0x130 mm/kasan/common.c:368 kasan_slab_free include/linux/kasan.h:212 [inline] slab_free_hook mm/slub.c:1581 [inline] slab_free_freelist_hook+0xdf/0x240 mm/slub.c:1606 slab_free mm/slub.c:3166 [inline] kmem_cache_free+0x8a/0x740 mm/slub.c:3182 gfs2_glock_dealloc+0xcc/0x150 fs/gfs2/glock.c:130 rcu_do_batch kernel/rcu/tree.c:2558 [inline] rcu_core+0x7ab/0x13b0 kernel/rcu/tree.c:2793 __do_softirq+0x29b/0x9f6 kernel/softirq.c:559 Last potentially related work creation: kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38 kasan_record_aux_stack+0xe5/0x110 mm/kasan/generic.c:345 __call_rcu kernel/rcu/tree.c:3038 [inline] call_rcu+0xb1/0x750 kernel/rcu
[Cluster-devel] general protection fault in gfs2_ri_update
Hello, syzbot found the following issue on: HEAD commit:92edc4ae Add linux-next specific files for 20201113 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1564a81c50 kernel config: https://syzkaller.appspot.com/x/.config?x=79ad4f8ad2d96176 dashboard link: https://syzkaller.appspot.com/bug?extid=e3f23ce40269a4c9053a compiler: gcc (GCC) 10.1.0-syz 20200507 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+e3f23ce40269a4c90...@syzkaller.appspotmail.com gfs2: fsid=syz:syz: Now mounting FS... gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms gfs2: fsid=syz:syz.0: first mount done, others may mount general protection fault, probably for non-canonical address 0xdc0e: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0070-0x0077] CPU: 0 PID: 5537 Comm: syz-executor.4 Not tainted 5.10.0-rc3-next-20201113-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:set_rgrp_preferences fs/gfs2/rgrp.c:960 [inline] RIP: 0010:gfs2_ri_update+0x289/0x520 fs/gfs2/rgrp.c:988 Code: e0 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 3c e7 22 fe 49 8d 7f 74 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 68 RSP: 0018:c9000175f7e0 EFLAGS: 00010203 RAX: dc00 RBX: RCX: c900122b2000 RDX: 000e RSI: 834dace4 RDI: 0074 RBP: 8880680847d0 R08: R09: 8880680847d3 R10: R11: R12: 0001 R13: R14: 8880680847cc R15: FS: 7fccb3d41700() GS:8880b9e0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 55af34aaf000 CR3: 25b49000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: gfs2_rindex_update+0x3ce/0x450 fs/gfs2/rgrp.c:1028 init_inodes+0x1ddf/0x2650 fs/gfs2/ops_fstype.c:885 gfs2_fill_super+0x199c/0x23f0 fs/gfs2/ops_fstype.c:1184 get_tree_bdev+0x421/0x740 fs/super.c:1344 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1260 vfs_get_tree+0x89/0x2f0 fs/super.c:1549 do_new_mount fs/namespace.c:2896 [inline] path_mount+0x12ae/0x1e70 fs/namespace.c:3227 do_mount fs/namespace.c:3240 [inline] __do_sys_mount fs/namespace.c:3448 [inline] __se_sys_mount fs/namespace.c:3425 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3425 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x46090a Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7fccb3d40a88 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffda RBX: 7fccb3d40b20 RCX: 0046090a RDX: 2000 RSI: 2100 RDI: 7fccb3d40ae0 RBP: 7fccb3d40ae0 R08: 7fccb3d40b20 R09: 2000 R10: R11: 0202 R12: 2000 R13: 2100 R14: 2200 R15: 20047a20 Modules linked in: ---[ end trace 30aa056702410d7c ]--- RIP: 0010:set_rgrp_preferences fs/gfs2/rgrp.c:960 [inline] RIP: 0010:gfs2_ri_update+0x289/0x520 fs/gfs2/rgrp.c:988 Code: e0 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 3c e7 22 fe 49 8d 7f 74 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 68 RSP: 0018:c9000175f7e0 EFLAGS: 00010203 RAX: dc00 RBX: RCX: c900122b2000 RDX: 000e RSI: 834dace4 RDI: 0074 RBP: 8880680847d0 R08: R09: 8880680847d3 R10: R11: R12: 0001 R13: R14: 8880680847cc R15: FS: 7fccb3d41700() GS:8880b9e0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 55af34a29900 CR3: 25b49000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] INFO: task hung in gfs2_gl_hash_clear
Hello,
syzbot found the following issue on:
HEAD commit:07e08873 Merge tag 'fallthrough-fixes-clang-5.10-rc2' of g..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1148313250
kernel config: https://syzkaller.appspot.com/x/.config?x=cb6c2acf60eb5bfd
dashboard link: https://syzkaller.appspot.com/bug?extid=938b0fd3a48bf32ef1f1
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+938b0fd3a48bf32ef...@syzkaller.appspotmail.com
INFO: task syz-executor.0:12142 blocked for more than 143 seconds.
Not tainted 5.10.0-rc1-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.0 state:D stack:25896 pid:12142 ppid: 8475 flags:0x4004
Call Trace:
context_switch kernel/sched/core.c:3774 [inline]
__schedule+0x893/0x2130 kernel/sched/core.c:4523
schedule+0xcf/0x270 kernel/sched/core.c:4601
schedule_timeout+0x148/0x250 kernel/time/timer.c:1876
gfs2_gl_hash_clear+0x240/0x270 fs/gfs2/glock.c:1989
gfs2_fill_super+0x1e81/0x23f0 fs/gfs2/ops_fstype.c:1233
get_tree_bdev+0x421/0x740 fs/super.c:1344
gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1256
vfs_get_tree+0x89/0x2f0 fs/super.c:1549
do_new_mount fs/namespace.c:2875 [inline]
path_mount+0x13ad/0x20c0 fs/namespace.c:3205
do_mount fs/namespace.c:3218 [inline]
__do_sys_mount fs/namespace.c:3426 [inline]
__se_sys_mount fs/namespace.c:3403 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3403
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x46090a
Code: Unable to access opcode bytes at RIP 0x4608e0.
RSP: 002b:7f9ee56a8a88 EFLAGS: 0202 ORIG_RAX: 00a5
RAX: ffda RBX: 7f9ee56a8b20 RCX: 0046090a
RDX: 2000 RSI: 2100 RDI: 7f9ee56a8ae0
RBP: 7f9ee56a8ae0 R08: 7f9ee56a8b20 R09: 2000
R10: R11: 0202 R12: 2000
R13: 2100 R14: 2200 R15: 20047a20
Showing all locks held in the system:
2 locks held by kworker/u4:1/21:
1 lock held by khungtaskd/1643:
#0: 8b337060 (rcu_read_lock){}-{1:2}, at:
debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6259
1 lock held by systemd-journal/4882:
1 lock held by in:imklog/8120:
#0: 8880134e75f0 (>f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
fs/file.c:932
1 lock held by syz-executor.0/12142:
#0: 88805df5c0e0 (>s_umount_key#62/1){+.+.}-{3:3}, at:
alloc_super+0x1b8/0xa80 fs/super.c:229
=
NMI backtrace for cpu 1
CPU: 1 PID: 1643 Comm: khungtaskd Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x163 lib/dump_stack.c:118
nmi_cpu_backtrace.cold+0x44/0xd7 lib/nmi_backtrace.c:105
nmi_trigger_cpumask_backtrace+0x1b3/0x230 lib/nmi_backtrace.c:62
trigger_all_cpu_backtrace include/linux/nmi.h:146 [inline]
check_hung_uninterruptible_tasks kernel/hung_task.c:209 [inline]
watchdog+0xd43/0xfa0 kernel/hung_task.c:295
kthread+0x3af/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 4882 Comm: systemd-journal Not tainted 5.10.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
RIP: 0033:0x7f3f056c561d
Code: f9 79 f1 ff 83 f8 06 0f 8e bd fd ff ff 48 83 ec 08 4c 8d 0d 6d a1 02 00
4c 8d 05 ae fe 03 00 53 b9 1e 03 00 00 e9 eb fe ff ff <49> 83 f8 10 75 0c 49 89
45 00 45 31 e4 e9 94 fd ff ff 31 d2 4d 89
RSP: 002b:7ffe73800a50 EFLAGS: 0246
RAX: 7f3f02e08798 RBX: 002b2798 RCX: 0040
RDX: 0001 RSI: 7f3f05705480 RDI: 56506c959140
RBP: 56506c958ea0 R08: 0065 R09: 56506c959140
R10: c68c15b713e34dde R11: 836311406455d5a5 R12: 0001
R13: 7ffe73800ac8 R14: R15: 7ffe73800a50
FS: 7f3f059d68c0 GS:
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] INFO: task can't die in gfs2_gl_hash_clear
Hello,
syzbot found the following issue on:
HEAD commit:9695c4ff Add linux-next specific files for 20201023
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1337677f90
kernel config: https://syzkaller.appspot.com/x/.config?x=e4274439d0e6cdfa
dashboard link: https://syzkaller.appspot.com/bug?extid=08b6bdbd4c6e64e520ff
compiler: gcc (GCC) 10.1.0-syz 20200507
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+08b6bdbd4c6e64e52...@syzkaller.appspotmail.com
INFO: task syz-executor.4:10332 can't die for more than 143 seconds.
task:syz-executor.4 state:D stack:25896 pid:10332 ppid: 8512 flags:0x4004
Call Trace:
context_switch kernel/sched/core.c:3773 [inline]
__schedule+0x893/0x2130 kernel/sched/core.c:4522
schedule+0xcf/0x270 kernel/sched/core.c:4600
schedule_timeout+0x148/0x250 kernel/time/timer.c:1881
gfs2_gl_hash_clear+0x240/0x270 fs/gfs2/glock.c:1989
gfs2_fill_super+0x1e81/0x23f0 fs/gfs2/ops_fstype.c:1233
get_tree_bdev+0x421/0x740 fs/super.c:1344
gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1256
vfs_get_tree+0x89/0x2f0 fs/super.c:1549
do_new_mount fs/namespace.c:2896 [inline]
path_mount+0x12ae/0x1e70 fs/namespace.c:3227
do_mount fs/namespace.c:3240 [inline]
__do_sys_mount fs/namespace.c:3448 [inline]
__se_sys_mount fs/namespace.c:3425 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3425
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4608aa
Code: Unable to access opcode bytes at RIP 0x460880.
RSP: 002b:7f9dd27eda88 EFLAGS: 0202 ORIG_RAX: 00a5
RAX: ffda RBX: 7f9dd27edb20 RCX: 004608aa
RDX: 2000 RSI: 2100 RDI: 7f9dd27edae0
RBP: 7f9dd27edae0 R08: 7f9dd27edb20 R09: 2000
R10: R11: 0202 R12: 2000
R13: 2100 R14: 2200 R15: 20047a20
INFO: task syz-executor.4:10332 blocked for more than 143 seconds.
Not tainted 5.9.0-next-20201023-syzkaller #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor.4 state:D stack:25896 pid:10332 ppid: 8512 flags:0x4004
Call Trace:
context_switch kernel/sched/core.c:3773 [inline]
__schedule+0x893/0x2130 kernel/sched/core.c:4522
schedule+0xcf/0x270 kernel/sched/core.c:4600
schedule_timeout+0x148/0x250 kernel/time/timer.c:1881
gfs2_gl_hash_clear+0x240/0x270 fs/gfs2/glock.c:1989
gfs2_fill_super+0x1e81/0x23f0 fs/gfs2/ops_fstype.c:1233
get_tree_bdev+0x421/0x740 fs/super.c:1344
gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1256
vfs_get_tree+0x89/0x2f0 fs/super.c:1549
do_new_mount fs/namespace.c:2896 [inline]
path_mount+0x12ae/0x1e70 fs/namespace.c:3227
do_mount fs/namespace.c:3240 [inline]
__do_sys_mount fs/namespace.c:3448 [inline]
__se_sys_mount fs/namespace.c:3425 [inline]
__x64_sys_mount+0x27f/0x300 fs/namespace.c:3425
do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x4608aa
Code: Unable to access opcode bytes at RIP 0x460880.
RSP: 002b:7f9dd27eda88 EFLAGS: 0202 ORIG_RAX: 00a5
RAX: ffda RBX: 7f9dd27edb20 RCX: 004608aa
RDX: 2000 RSI: 2100 RDI: 7f9dd27edae0
RBP: 7f9dd27edae0 R08: 7f9dd27edb20 R09: 2000
R10: R11: 0202 R12: 2000
R13: 2100 R14: 2200 R15: 20047a20
Showing all locks held in the system:
2 locks held by kworker/u4:1/21:
#0: 8880b9f34cd8 (>lock){-.-.}-{2:2}, at: rq_lock
kernel/sched/sched.h:1292 [inline]
#0: 8880b9f34cd8 (>lock){-.-.}-{2:2}, at: __schedule+0x21a/0x2130
kernel/sched/core.c:4440
#1: 8880b9f1ff88 (_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at:
psi_task_switch+0x305/0x440 kernel/sched/psi.c:833
1 lock held by khungtaskd/1628:
#0: 8b3361a0 (rcu_read_lock){}-{1:2}, at:
debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6259
2 locks held by in:imklog/8170:
#0: 8880143794f0 (>f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xe9/0x100
fs/file.c:932
#1: 8880b9f34cd8 (>lock){-.-.}-{2:2}, at: rq_lock
kernel/sched/sched.h:1292 [inline]
#1: 8880b9f34cd8 (>lock){-.-.}-{2:2}, at: __schedule+0x21a/0x2130
kernel/sched/core.c:4440
1 lock held by syz-executor.4/10332:
#0: 88802f2c60e0 (>s_umount_key#50/1){+.+.}-{3:3}, at:
alloc_super+0x201/0xaf0 fs/super.c:229
=
NMI backtrace for cpu 0
CPU: 0 PID: 1628 Comm: khungtaskd Not tainted 5.9.0-next-20201023-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google
01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x107/0x163 lib/dump_stack.c:118
[Cluster-devel] UBSAN: array-index-out-of-bounds in init_sb
Hello, syzbot found the following issue on: HEAD commit:6f2f486d Merge tag 'spi-fix-v5.9-rc8' of git://git.kernel... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16887cab90 kernel config: https://syzkaller.appspot.com/x/.config?x=c06bcf3cc963d91c dashboard link: https://syzkaller.appspot.com/bug?extid=a5e2482a693e6b1e444b compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1081031b90 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=133c359f90 Bisection is inconclusive: the issue happens on the oldest tested release. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15f3f32050 final oops: https://syzkaller.appspot.com/x/report.txt?x=17f3f32050 console output: https://syzkaller.appspot.com/x/log.txt?x=13f3f32050 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+a5e2482a693e6b1e4...@syzkaller.appspotmail.com gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" gfs2: fsid=loop0: Now mounting FS... UBSAN: array-index-out-of-bounds in fs/gfs2/ops_fstype.c:342:21 index 11 is out of range for type 'u64 [11]' CPU: 0 PID: 6887 Comm: syz-executor693 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x198/0x1fd lib/dump_stack.c:118 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:356 gfs2_read_sb fs/gfs2/ops_fstype.c:342 [inline] init_sb+0xc37/0xd30 fs/gfs2/ops_fstype.c:479 gfs2_fill_super+0x1796/0x254a fs/gfs2/ops_fstype.c:1096 get_tree_bdev+0x421/0x740 fs/super.c:1342 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1201 vfs_get_tree+0x89/0x2f0 fs/super.c:1547 do_new_mount fs/namespace.c:2875 [inline] path_mount+0x1387/0x20a0 fs/namespace.c:3192 do_mount fs/namespace.c:3205 [inline] __do_sys_mount fs/namespace.c:3413 [inline] __se_sys_mount fs/namespace.c:3390 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3390 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x446dba Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7ffcd944f138 EFLAGS: 0293 ORIG_RAX: 00a5 RAX: ffda RBX: 7ffcd944f190 RCX: 00446dba RDX: 2000 RSI: 2100 RDI: 7ffcd944f150 RBP: 7ffcd944f150 R08: 7ffcd944f190 R09: 7ffc0015 R10: 0220 R11: 0293 R12: 0001 R13: 0004 R14: 0003 R15: 0003 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches
[Cluster-devel] general protection fault in gfs2_rgrp_dump
Hello, syzbot found the following issue on: HEAD commit:7575fdda Merge tag 'platform-drivers-x86-v5.9-2' of git://.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=14abb7c790 kernel config: https://syzkaller.appspot.com/x/.config?x=de7f697da23057c7 dashboard link: https://syzkaller.appspot.com/bug?extid=43fa87986bdd31df9de6 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+43fa87986bdd31df9...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: ri_addr = 20 ri_length = 1 ri_data0 = 21 ri_data = 2060 ri_bitbytes = 0 start=0 len=0 offset=128 general protection fault, probably for non-canonical address 0xdc20: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0100-0x0107] CPU: 1 PID: 19688 Comm: syz-executor.3 Not tainted 5.9.0-rc8-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:gfs2_rgrp_dump+0x3b/0x6c0 fs/gfs2/rgrp.c:2220 Code: 24 10 48 89 f3 48 89 7c 24 08 48 bd 00 00 00 00 00 fc ff df e8 06 7a 2b fe 48 89 ea 48 81 c3 00 01 00 00 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 12 48 89 df e8 97 60 6b fe 48 ba 00 00 00 00 00 fc RSP: 0018:c90009037758 EFLAGS: 00010202 RAX: 0020 RBX: 0100 RCX: 0004 RDX: dc00 RSI: 00016753 RDI: 00016754 RBP: dc00 R08: 83ddd758 R09: f52001206efa R10: f52001206efa R11: R12: 89364b22 R13: 888042e74000 R14: dc00 R15: 89364943 FS: 7fb8f261d700() GS:8880ae90() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 016a9e60 CR3: 959d9000 CR4: 001506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: gfs2_consist_rgrpd_i+0xa1/0x110 fs/gfs2/util.c:422 compute_bitstructs fs/gfs2/rgrp.c:812 [inline] read_rindex_entry fs/gfs2/rgrp.c:909 [inline] gfs2_ri_update+0xb60/0x1860 fs/gfs2/rgrp.c:986 gfs2_rindex_update+0x283/0x320 fs/gfs2/rgrp.c:1032 init_inodes fs/gfs2/ops_fstype.c:792 [inline] gfs2_fill_super+0x28e7/0x3fe0 fs/gfs2/ops_fstype.c:1125 get_tree_bdev+0x3e9/0x5f0 fs/super.c:1342 gfs2_get_tree+0x4c/0x1f0 fs/gfs2/ops_fstype.c:1201 vfs_get_tree+0x88/0x270 fs/super.c:1547 do_new_mount fs/namespace.c:2875 [inline] path_mount+0x179d/0x29e0 fs/namespace.c:3192 do_mount fs/namespace.c:3205 [inline] __do_sys_mount fs/namespace.c:3413 [inline] __se_sys_mount+0x126/0x180 fs/namespace.c:3390 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x46087a Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7fb8f261ca88 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffda RBX: 7fb8f261cb20 RCX: 0046087a RDX: 2000 RSI: 2100 RDI: 7fb8f261cae0 RBP: 7fb8f261cae0 R08: 7fb8f261cb20 R09: 2000 R10: R11: 0202 R12: 2000 R13: 2100 R14: 2200 R15: 20047a20 Modules linked in: ---[ end trace 8711b33583174bc7 ]--- RIP: 0010:gfs2_rgrp_dump+0x3b/0x6c0 fs/gfs2/rgrp.c:2220 Code: 24 10 48 89 f3 48 89 7c 24 08 48 bd 00 00 00 00 00 fc ff df e8 06 7a 2b fe 48 89 ea 48 81 c3 00 01 00 00 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 12 48 89 df e8 97 60 6b fe 48 ba 00 00 00 00 00 fc RSP: 0018:c90009037758 EFLAGS: 00010202 RAX: 0020 RBX: 0100 RCX: 0004 RDX: dc00 RSI: 00016753 RDI: 00016754 RBP: dc00 R08: 83ddd758 R09: f52001206efa R10: f52001206efa R11: R12: 89364b22 R13: 888042e74000 R14: dc00 R15: 89364943 FS: 7fb8f261d700() GS:8880ae90() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 016a9e60 CR3: 959d9000 CR4: 001506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
[Cluster-devel] KASAN: slab-out-of-bounds Write in gfs2_fill_super
Hello, syzbot found the following issue on: HEAD commit:fb0155a0 Merge tag 'nfs-for-5.9-3' of git://git.linux-nfs... git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13458c0f90 kernel config: https://syzkaller.appspot.com/x/.config?x=adebb40048274f92 dashboard link: https://syzkaller.appspot.com/bug?extid=af90d47a37376844e731 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15c307d390 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1353d58d90 Bisection is inconclusive: the issue happens on the oldest tested release. bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=106acbbb90 final oops: https://syzkaller.appspot.com/x/report.txt?x=126acbbb90 console output: https://syzkaller.appspot.com/x/log.txt?x=146acbbb90 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+af90d47a37376844e...@syzkaller.appspotmail.com gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" gfs2: fsid=loop0: Now mounting FS... == BUG: KASAN: slab-out-of-bounds in gfs2_read_sb fs/gfs2/ops_fstype.c:342 [inline] BUG: KASAN: slab-out-of-bounds in init_sb fs/gfs2/ops_fstype.c:479 [inline] BUG: KASAN: slab-out-of-bounds in gfs2_fill_super+0x1db5/0x3fe0 fs/gfs2/ops_fstype.c:1096 Write of size 8 at addr 88809073d548 by task syz-executor940/6853 CPU: 1 PID: 6853 Comm: syz-executor940 Not tainted 5.9.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1d6/0x29e lib/dump_stack.c:118 print_address_description+0x66/0x620 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report+0x132/0x1d0 mm/kasan/report.c:530 gfs2_read_sb fs/gfs2/ops_fstype.c:342 [inline] init_sb fs/gfs2/ops_fstype.c:479 [inline] gfs2_fill_super+0x1db5/0x3fe0 fs/gfs2/ops_fstype.c:1096 get_tree_bdev+0x3e9/0x5f0 fs/super.c:1342 gfs2_get_tree+0x4c/0x1f0 fs/gfs2/ops_fstype.c:1201 vfs_get_tree+0x88/0x270 fs/super.c:1547 do_new_mount fs/namespace.c:2875 [inline] path_mount+0x179d/0x29e0 fs/namespace.c:3192 do_mount fs/namespace.c:3205 [inline] __do_sys_mount fs/namespace.c:3413 [inline] __se_sys_mount+0x126/0x180 fs/namespace.c:3390 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x446dba Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7fff4c56e748 EFLAGS: 0293 ORIG_RAX: 00a5 RAX: ffda RBX: 7fff4c56e7a0 RCX: 00446dba RDX: 2000 RSI: 2100 RDI: 7fff4c56e760 RBP: 7fff4c56e760 R08: 7fff4c56e7a0 R09: 7fff0015 R10: 0220 R11: 0293 R12: 0001 R13: 0004 R14: 0003 R15: 0003 Allocated by task 6853: kasan_save_stack mm/kasan/common.c:48 [inline] kasan_set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc+0x100/0x130 mm/kasan/common.c:461 kmem_cache_alloc_trace+0x1e4/0x2e0 mm/slab.c:3554 kmalloc include/linux/slab.h:554 [inline] kzalloc include/linux/slab.h:666 [inline] init_sbd fs/gfs2/ops_fstype.c:77 [inline] gfs2_fill_super+0xb6/0x3fe0 fs/gfs2/ops_fstype.c:1018 get_tree_bdev+0x3e9/0x5f0 fs/super.c:1342 gfs2_get_tree+0x4c/0x1f0 fs/gfs2/ops_fstype.c:1201 vfs_get_tree+0x88/0x270 fs/super.c:1547 do_new_mount fs/namespace.c:2875 [inline] path_mount+0x179d/0x29e0 fs/namespace.c:3192 do_mount fs/namespace.c:3205 [inline] __do_sys_mount fs/namespace.c:3413 [inline] __se_sys_mount+0x126/0x180 fs/namespace.c:3390 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 The buggy address belongs to the object at 88809073c000 which belongs to the cache kmalloc-8k of size 8192 The buggy address is located 5448 bytes inside of 8192-byte region [88809073c000, 88809073e000) The buggy address belongs to the page: page:bd4b0b2d refcount:1 mapcount:0 mapping: index:0x0 pfn:0x9073c head:bd4b0b2d order:2 compound_mapcount:0 compound_pincount:0 flags: 0xfffe010200(slab|head) raw: 00fffe010200 ea00028e5608 8880aa441b50 8880aa440a00 raw: 88809073c000 00010001 page dumped because: kasan: bad access detected Memory state around the buggy address: 88809073d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88809073d480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >88809073d500: 00 00 00 00 00 00
Re: [Cluster-devel] general protection fault in gfs2_withdraw
syzbot has bisected this issue to:
commit 601ef0d52e9617588fcff3df26953592f2eb44ac
Author: Bob Peterson
Date: Tue Jan 28 19:23:45 2020 +
gfs2: Force withdraw to replay journals and wait for it to finish
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=151d25e390
start commit: 7c7ec322 Merge tag 'for-linus' of git://git.kernel.org/pub..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=171d25e390
console output: https://syzkaller.appspot.com/x/log.txt?x=131d25e390
kernel config: https://syzkaller.appspot.com/x/.config?x=6184b75aa6d48d66
dashboard link: https://syzkaller.appspot.com/bug?extid=50a8a9cf8127f2c6f5df
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13c6a10990
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15d45ed390
Reported-by: syzbot+50a8a9cf8127f2c6f...@syzkaller.appspotmail.com
Fixes: 601ef0d52e96 ("gfs2: Force withdraw to replay journals and wait for it
to finish")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [Cluster-devel] general protection fault in gfs2_withdraw
syzbot has found a reproducer for the following issue on: HEAD commit:7c7ec322 Merge tag 'for-linus' of git://git.kernel.org/pub.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11f2ff2790 kernel config: https://syzkaller.appspot.com/x/.config?x=6184b75aa6d48d66 dashboard link: https://syzkaller.appspot.com/bug?extid=50a8a9cf8127f2c6f5df compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=160fb77390 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1104f10990 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+50a8a9cf8127f2c6f...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2072 (magic number) function = gfs2_meta_indirect_buffer, file = fs/gfs2/meta_io.c, line = 417 gfs2: fsid=syz:syz.0: about to withdraw this file system general protection fault, probably for non-canonical address 0xdc0e: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0070-0x0077] CPU: 0 PID: 6842 Comm: syz-executor264 Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:signal_our_withdraw fs/gfs2/util.c:97 [inline] RIP: 0010:gfs2_withdraw+0x2b0/0xe20 fs/gfs2/util.c:294 Code: e8 03 48 89 44 24 38 42 80 3c 38 00 74 08 48 89 ef e8 34 f7 69 fe 48 89 6c 24 20 48 8b 6d 00 48 83 c5 70 48 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 ef e8 11 f7 69 fe 48 8b 45 00 48 89 44 RSP: 0018:c900057474f0 EFLAGS: 00010202 RAX: 000e RBX: 8880a71e RCX: 98268db4dfe86a00 RDX: 888092bb6100 RSI: RDI: 8880a71e0430 RBP: 0070 R08: 834ad50c R09: ed1015d041c3 R10: ed1015d041c3 R11: R12: 111014e3c04d R13: 8880a71e0050 R14: 8880a71e026c R15: dc00 FS: 0233b880() GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7f74f826d6c0 CR3: a04cc000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: gfs2_meta_check_ii+0x70/0x80 fs/gfs2/util.c:450 gfs2_metatype_check_i fs/gfs2/util.h:126 [inline] gfs2_meta_indirect_buffer+0x29f/0x380 fs/gfs2/meta_io.c:417 gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline] gfs2_inode_refresh+0x65/0xc00 fs/gfs2/glops.c:438 inode_go_lock+0x12c/0x480 fs/gfs2/glops.c:468 do_promote+0x4db/0xcd0 fs/gfs2/glock.c:390 finish_xmote+0x907/0x1350 fs/gfs2/glock.c:560 do_xmote+0xadb/0x14c0 fs/gfs2/glock.c:686 gfs2_glock_nq+0xac3/0x14d0 fs/gfs2/glock.c:1410 gfs2_glock_nq_init fs/gfs2/glock.h:238 [inline] gfs2_lookupi+0x36f/0x4f0 fs/gfs2/inode.c:317 gfs2_lookup_simple+0xa4/0x100 fs/gfs2/inode.c:268 init_journal+0x132/0x1970 fs/gfs2/ops_fstype.c:620 init_inodes fs/gfs2/ops_fstype.c:756 [inline] gfs2_fill_super+0x2717/0x3fe0 fs/gfs2/ops_fstype.c:1125 get_tree_bdev+0x3e9/0x5f0 fs/super.c:1342 gfs2_get_tree+0x4c/0x1f0 fs/gfs2/ops_fstype.c:1201 vfs_get_tree+0x88/0x270 fs/super.c:1547 do_new_mount fs/namespace.c:2875 [inline] path_mount+0x179d/0x29e0 fs/namespace.c:3192 do_mount fs/namespace.c:3205 [inline] __do_sys_mount fs/namespace.c:3413 [inline] __se_sys_mount+0x126/0x180 fs/namespace.c:3390 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x458e1a Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7ffc76f65c88 EFLAGS: 0293 ORIG_RAX: 00a5 RAX: ffda RBX: 7ffc76f65ce0 RCX: 00458e1a RDX: 2000 RSI: 2100 RDI: 7ffc76f65ca0 RBP: 7ffc76f65ca0 R08: 7ffc76f65ce0 R09: 7ffc0015 R10: R11: 0293 R12: 0809 R13: 0004 R14: 0003 R15: 0003 Modules linked in: ---[ end trace 1e62174917573e95 ]--- RIP: 0010:signal_our_withdraw fs/gfs2/util.c:97 [inline] RIP: 0010:gfs2_withdraw+0x2b0/0xe20 fs/gfs2/util.c:294 Code: e8 03 48 89 44 24 38 42 80 3c 38 00 74 08 48 89 ef e8 34 f7 69 fe 48 89 6c 24 20 48 8b 6d 00 48 83 c5 70 48 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 ef e8 11 f7 69 fe 48 8b 45 00 48 89 44 RSP: 0018:c900057474f0 EFLAGS: 00010202 RAX: 000e RBX: 8880a71e RCX: 98268db4dfe86a00 RDX: 888092bb6100 RSI: RDI: 8880a71e0430 RBP: 0070 R08: 834ad50c R09: ed1015d041c3 R10: ed1015d041c3 R11: R12: 111014e3c04d R13: 8880a71e0050 R14: 8880a71e026c R15
[Cluster-devel] general protection fault in gfs2_withdraw
Hello, syzbot found the following issue on: HEAD commit:ba4f184e Linux 5.9-rc6 git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=13a0ccad90 kernel config: https://syzkaller.appspot.com/x/.config?x=6f192552d75898a1 dashboard link: https://syzkaller.appspot.com/bug?extid=50a8a9cf8127f2c6f5df compiler: gcc (GCC) 10.1.0-syz 20200507 Unfortunately, I don't have any reproducer for this issue yet. IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+50a8a9cf8127f2c6f...@syzkaller.appspotmail.com gfs2: fsid=syz:syz.0: fatal: invalid metadata block bh = 2072 (magic number) function = gfs2_meta_indirect_buffer, file = fs/gfs2/meta_io.c, line = 417 gfs2: fsid=syz:syz.0: about to withdraw this file system general protection fault, probably for non-canonical address 0xdc0e: [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0070-0x0077] CPU: 0 PID: 27118 Comm: syz-executor.0 Not tainted 5.9.0-rc6-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:signal_our_withdraw fs/gfs2/util.c:97 [inline] RIP: 0010:gfs2_withdraw.cold+0xff/0xc0e fs/gfs2/util.c:294 Code: 00 48 c1 e0 2a 80 3c 02 00 0f 85 19 02 00 00 4c 8b bb a0 08 00 00 b8 ff ff 37 00 48 c1 e0 2a 49 8d 7f 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 74 05 e8 67 6d 68 fe 4d 8b 7f 70 b8 ff ff 37 00 48 c1 RSP: 0018:c900018b73b8 EFLAGS: 00010202 RAX: dc00 RBX: 888059d7 RCX: c90002639000 RDX: 000e RSI: 834e9fdf RDI: 0070 RBP: 888059d7026d R08: 0038 R09: 88802ce318e7 R10: R11: R12: 888059d70050 R13: 888059d702f0 R14: 88cc1320 R15: FS: 7f348fd73700() GS:88802ce0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 00b60004 CR3: 4a089000 CR4: 00350ef0 DR0: 2000 DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0600 Call Trace: gfs2_meta_check_ii+0x68/0xa0 fs/gfs2/util.c:450 gfs2_metatype_check_i fs/gfs2/util.h:126 [inline] gfs2_meta_indirect_buffer+0x3a3/0x3f0 fs/gfs2/meta_io.c:417 gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline] gfs2_inode_refresh+0x95/0xdf0 fs/gfs2/glops.c:438 inode_go_lock+0x309/0x49f fs/gfs2/glops.c:468 do_promote+0x4a0/0xc10 fs/gfs2/glock.c:390 finish_xmote+0x4ed/0xf40 fs/gfs2/glock.c:560 do_xmote+0x812/0xba0 fs/gfs2/glock.c:686 run_queue+0x323/0x680 fs/gfs2/glock.c:751 gfs2_glock_nq+0x716/0x11b0 fs/gfs2/glock.c:1410 gfs2_glock_nq_init fs/gfs2/glock.h:238 [inline] gfs2_lookupi+0x314/0x630 fs/gfs2/inode.c:317 gfs2_lookup_simple+0x99/0xe0 fs/gfs2/inode.c:268 init_journal fs/gfs2/ops_fstype.c:620 [inline] init_inodes+0x367/0x1f40 fs/gfs2/ops_fstype.c:756 gfs2_fill_super+0x195e/0x254a fs/gfs2/ops_fstype.c:1125 get_tree_bdev+0x421/0x740 fs/super.c:1342 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1201 vfs_get_tree+0x89/0x2f0 fs/super.c:1547 do_new_mount fs/namespace.c:2875 [inline] path_mount+0x1387/0x20a0 fs/namespace.c:3192 do_mount fs/namespace.c:3205 [inline] __do_sys_mount fs/namespace.c:3413 [inline] __se_sys_mount fs/namespace.c:3390 [inline] __x64_sys_mount+0x27f/0x300 fs/namespace.c:3390 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45e5ea Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d 9e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4a 9e fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7f348fd72aa8 EFLAGS: 0202 ORIG_RAX: 00a5 RAX: ffda RBX: 7f348fd72b40 RCX: 0045e5ea RDX: 2000 RSI: 2100 RDI: 7f348fd72b00 RBP: 7f348fd72b00 R08: 7f348fd72b40 R09: 2000 R10: R11: 0202 R12: 2000 R13: 2100 R14: 2200 R15: 20047a20 Modules linked in: ---[ end trace a1967e7d2c26629b ]--- RIP: 0010:signal_our_withdraw fs/gfs2/util.c:97 [inline] RIP: 0010:gfs2_withdraw.cold+0xff/0xc0e fs/gfs2/util.c:294 Code: 00 48 c1 e0 2a 80 3c 02 00 0f 85 19 02 00 00 4c 8b bb a0 08 00 00 b8 ff ff 37 00 48 c1 e0 2a 49 8d 7f 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 74 05 e8 67 6d 68 fe 4d 8b 7f 70 b8 ff ff 37 00 48 c1 RSP: 0018:c900018b73b8 EFLAGS: 00010202 RAX: dc00 RBX: 888059d7 RCX: c90002639000 RDX: 000e RSI: 834e9fdf RDI: 0070 RBP: 888059d7026d R08: 0038 R09: 88802ce318e7 R10: R11: R12: 888059d70050 R13: 888059d702f0 R14: 88cc1320 R15: FS: 7f348fd73700() GS:88802cf0() knlGS:000
Re: [Cluster-devel] WARNING: locking bug in __queue_work
syzbot suspects this bug was fixed by commit: commit ea22eee4e6027d8927099de344f7fff43c507ef9 Author: Bob Peterson Date: Wed Apr 29 13:45:54 2020 + gfs2: Allow lock_nolock mount to specify jid=X bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16fcf24910 start commit: fe5cdef2 Merge tag 'for-linus-5.1-2' of git://github.com/c.. git tree: upstream kernel config: https://syzkaller.appspot.com/x/.config?x=856fc6d0fbbeede9 dashboard link: https://syzkaller.appspot.com/bug?extid=6174a6c5eba4b3cdd606 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17f6c7e320 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=101507fd20 If the result looks correct, please mark the bug fixed by replying with: #syz fix: gfs2: Allow lock_nolock mount to specify jid=X For information about bisection process see: https://goo.gl/tpsmEJ#bisection
memory leak in gfs2_init_fs_context
Hello,
syzbot found the following crash on:
HEAD commit:f1f2f614 Merge branch 'next-integrity' of git://git.kernel..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15569c0560
kernel config: https://syzkaller.appspot.com/x/.config?x=4e93436f92b0cfde
dashboard link: https://syzkaller.appspot.com/bug?extid=c2fdfd2b783754878fb6
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10327c0560
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=105c9fd560
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+c2fdfd2b783754878...@syzkaller.appspotmail.com
udit: type=1400 audit(1569701659.045:64): avc: denied { map } for
pid=6842 comm="syz-executor375" path="/root/syz-executor375626622"
dev="sda1" ino=16502 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
executing program
executing program
BUG: memory leak
unreferenced object 0x88810fd9a500 (size 256):
comm "syz-executor375", pid 6845, jiffies 4294941255 (age 13.550s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
backtrace:
[<462ab467>] kmemleak_alloc_recursive
include/linux/kmemleak.h:43 [inline]
[<462ab467>] slab_post_alloc_hook mm/slab.h:586 [inline]
[<462ab467>] slab_alloc mm/slab.c:3319 [inline]
[<462ab467>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
[<b1a62211>] kmalloc include/linux/slab.h:552 [inline]
[<b1a62211>] kzalloc include/linux/slab.h:686 [inline]
[<b1a62211>] gfs2_init_fs_context+0x25/0x90
fs/gfs2/ops_fstype.c:1543
[<db94ecb4>] gfs2_meta_init_fs_context+0x17/0x40
fs/gfs2/ops_fstype.c:1608
[<77df5577>] alloc_fs_context+0x174/0x200 fs/fs_context.c:293
[<8d5e3681>] fs_context_for_mount+0x25/0x30 fs/fs_context.c:307
[<30bafbdb>] __do_sys_fsopen fs/fsopen.c:137 [inline]
[<30bafbdb>] __se_sys_fsopen fs/fsopen.c:115 [inline]
[<30bafbdb>] __x64_sys_fsopen+0xa9/0x1a0 fs/fsopen.c:115
[<974fed69>] do_syscall_64+0x73/0x1f0
arch/x86/entry/common.c:290
[<299e0e1b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
BUG: memory leak
unreferenced object 0x88810fd9a200 (size 256):
comm "syz-executor375", pid 6846, jiffies 4294941838 (age 7.720s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
backtrace:
[<462ab467>] kmemleak_alloc_recursive
include/linux/kmemleak.h:43 [inline]
[<462ab467>] slab_post_alloc_hook mm/slab.h:586 [inline]
[<462ab467>] slab_alloc mm/slab.c:3319 [inline]
[<462ab467>] kmem_cache_alloc_trace+0x145/0x2c0 mm/slab.c:3548
[<b1a62211>] kmalloc include/linux/slab.h:552 [inline]
[<b1a62211>] kzalloc include/linux/slab.h:686 [inline]
[<b1a62211>] gfs2_init_fs_context+0x25/0x90
fs/gfs2/ops_fstype.c:1543
[<db94ecb4>] gfs2_meta_init_fs_context+0x17/0x40
fs/gfs2/ops_fstype.c:1608
[<77df5577>] alloc_fs_context+0x174/0x200 fs/fs_context.c:293
[<8d5e3681>] fs_context_for_mount+0x25/0x30 fs/fs_context.c:307
[<30bafbdb>] __do_sys_fsopen fs/fsopen.c:137 [inline]
[<30bafbdb>] __se_sys_fsopen fs/fsopen.c:115 [inline]
[<30bafbdb>] __x64_sys_fsopen+0xa9/0x1a0 fs/fsopen.c:115
[<974fed69>] do_syscall_64+0x73/0x1f0
arch/x86/entry/common.c:290
[<299e0e1b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkal...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Re: [Cluster-devel] KASAN: use-after-free Read in gfs2_log_flush
syzbot has found a reproducer for the following crash on: HEAD commit:12ffaa1197f5 Add linux-next specific files for 20181005 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=13b5c04140 kernel config: https://syzkaller.appspot.com/x/.config?x=d6b058a7232046f dashboard link: https://syzkaller.appspot.com/bug?extid=dcb8b3587445007f5808 compiler: gcc (GCC) 8.0.1 20180413 (experimental) syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10b25e3a40 IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+dcb8b3587445007f5...@syzkaller.appspotmail.com gfs2: not a GFS2 filesystem gfs2: not a GFS2 filesystem gfs2: not a GFS2 filesystem gfs2: can't alloc struct gfs2_sbd == BUG: KASAN: use-after-free in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] BUG: KASAN: use-after-free in gfs2_log_flush+0x1ec/0x29b0 fs/gfs2/log.c:779 Read of size 4 at addr 8801cda66860 by task syz-executor0/12715 CPU: 1 PID: 12715 Comm: syz-executor0 Not tainted 4.19.0-rc6-next-20181005+ #88 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1d3/0x2c4 lib/dump_stack.c:113 print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] gfs2_log_flush+0x1ec/0x29b0 fs/gfs2/log.c:779 gfs2_kill_sb+0x5b/0x1a0 fs/gfs2/ops_fstype.c:1368 deactivate_locked_super+0x97/0x100 fs/super.c:328 gfs2_mount+0x568/0x712 fs/gfs2/ops_fstype.c:1317 legacy_get_tree+0x131/0x460 fs/fs_context.c:718 vfs_get_tree+0x1cb/0x5c0 fs/super.c:1795 do_new_mount fs/namespace.c:2648 [inline] do_mount+0x70c/0x1d90 fs/namespace.c:2974 ksys_mount+0x12d/0x140 fs/namespace.c:3190 __do_sys_mount fs/namespace.c:3204 [inline] __se_sys_mount fs/namespace.c:3201 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3201 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x457579 kobject: 'rx-0' (376ddb4b): kobject_uevent_env Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:7fe6c9feec78 EFLAGS: 0246 ORIG_RAX: 00a5 RAX: ffda RBX: 0005 RCX: 00457579 RDX: 2300 RSI: 22c0 RDI: 2000 RBP: 0072bf00 R08: R09: kobject: 'rx-0' (376ddb4b): fill_kobj_path: path = '/devices/virtual/net/ip6tnl0/queues/rx-0' R10: R11: 0246 R12: 7fe6c9fef6d4 R13: 004c28af R14: 004d3c78 R15: kobject: 'tx-0' (c6cb95cd): kobject_add_internal: parent: 'queues', set: 'queues' Allocated by task 12715: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x152/0x750 mm/slab.c:3620 kmalloc include/linux/slab.h:546 [inline] kzalloc include/linux/slab.h:741 [inline] init_sbd+0x13f/0xfa0 fs/gfs2/ops_fstype.c:71 kobject: 'tx-0' (c6cb95cd): kobject_uevent_env fill_super+0xab/0x1a10 fs/gfs2/ops_fstype.c:1041 gfs2_mount+0x5e6/0x712 fs/gfs2/ops_fstype.c:1303 legacy_get_tree+0x131/0x460 fs/fs_context.c:718 kobject: 'tx-0' (c6cb95cd): fill_kobj_path: path = '/devices/virtual/net/ip6tnl0/queues/tx-0' vfs_get_tree+0x1cb/0x5c0 fs/super.c:1795 do_new_mount fs/namespace.c:2648 [inline] do_mount+0x70c/0x1d90 fs/namespace.c:2974 ksys_mount+0x12d/0x140 fs/namespace.c:3190 kobject: 'ip6gre0' (31e17a8a): kobject_add_internal: parent: 'net', set: 'devices' __do_sys_mount fs/namespace.c:3204 [inline] __se_sys_mount fs/namespace.c:3201 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3201 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe kobject: 'ip6gre0' (31e17a8a): kobject_uevent_env Freed by task 12715: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kfree+0xcf/0x230 mm/slab.c:3817 init_sbd+0xe39/0xfa0 fs/gfs2/ops_fstype.c:79 fill_super+0xab/0x1a10 fs/gfs2/ops_fstype.c:1041 kobject: 'ip6gre0' (31e17a8a): fill_kobj_path: path = '/devices/virtual/net/ip6gre0' gfs2_mount+0x5e6/0x
[Cluster-devel] KASAN: use-after-free Read in gfs2_log_flush
Hello, syzbot found the following crash on: HEAD commit:f2b6e66e9885 Add linux-next specific files for 20180904 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=1784acd140 kernel config: https://syzkaller.appspot.com/x/.config?x=15ad48400e39c1b3 dashboard link: https://syzkaller.appspot.com/bug?extid=dcb8b3587445007f5808 compiler: gcc (GCC) 8.0.1 20180413 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+dcb8b3587445007f5...@syzkaller.appspotmail.com gfs2: not a GFS2 filesystem gfs2: not a GFS2 filesystem gfs2: not a GFS2 filesystem gfs2: can't alloc struct gfs2_sbd == BUG: KASAN: use-after-free in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] BUG: KASAN: use-after-free in gfs2_log_flush+0x1ec/0x28b0 fs/gfs2/log.c:779 Read of size 4 at addr 88018bd262e8 by task syz-executor6/22268 CPU: 0 PID: 22268 Comm: syz-executor6 Not tainted 4.19.0-rc2-next-20180904+ #55 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x30d mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline] gfs2_log_flush+0x1ec/0x28b0 fs/gfs2/log.c:779 gfs2_kill_sb+0x5b/0x1a0 fs/gfs2/ops_fstype.c:1368 deactivate_locked_super+0x97/0x100 fs/super.c:328 gfs2_mount+0x568/0x712 fs/gfs2/ops_fstype.c:1317 legacy_get_tree+0x131/0x460 fs/fs_context.c:732 vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746 do_new_mount fs/namespace.c:2627 [inline] do_mount+0x6f9/0x1e30 fs/namespace.c:2951 ksys_mount+0x12d/0x140 fs/namespace.c:3167 __do_sys_mount fs/namespace.c:3181 [inline] __se_sys_mount fs/namespace.c:3178 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x459aca Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 bd 8a fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 9a 8a fb ff c3 66 0f 1f 84 00 00 00 00 00 RSP: 002b:7fc96a5a3a88 EFLAGS: 0206 ORIG_RAX: 00a5 RAX: ffda RBX: 7fc96a5a3b30 RCX: 00459aca RDX: 7fc96a5a3ad0 RSI: 2300 RDI: 7fc96a5a3af0 RBP: 2300 R08: 7fc96a5a3b30 R09: 7fc96a5a3ad0 R10: R11: 0206 R12: 0003 R13: R14: 004ca2a2 R15: Allocated by task 22268: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kmem_cache_alloc_trace+0x152/0x730 mm/slab.c:3620 kmalloc include/linux/slab.h:513 [inline] kzalloc include/linux/slab.h:707 [inline] init_sbd+0x141/0xfa0 fs/gfs2/ops_fstype.c:71 fill_super+0xab/0x1a40 fs/gfs2/ops_fstype.c:1041 gfs2_mount+0x5e6/0x712 fs/gfs2/ops_fstype.c:1303 legacy_get_tree+0x131/0x460 fs/fs_context.c:732 vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746 do_new_mount fs/namespace.c:2627 [inline] do_mount+0x6f9/0x1e30 fs/namespace.c:2951 ksys_mount+0x12d/0x140 fs/namespace.c:3167 __do_sys_mount fs/namespace.c:3181 [inline] __se_sys_mount fs/namespace.c:3178 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 22268: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kfree+0xd9/0x210 mm/slab.c:3813 init_sbd+0xd82/0xfa0 fs/gfs2/ops_fstype.c:79 fill_super+0xab/0x1a40 fs/gfs2/ops_fstype.c:1041 gfs2_mount+0x5e6/0x712 fs/gfs2/ops_fstype.c:1303 legacy_get_tree+0x131/0x460 fs/fs_context.c:732 vfs_get_tree+0x1cb/0x5c0 fs/super.c:1746 do_new_mount fs/namespace.c:2627 [inline] do_mount+0x6f9/0x1e30 fs/namespace.c:2951 ksys_mount+0x12d/0x140 fs/namespace.c:3167 __do_sys_mount fs/namespace.c:3181 [inline] __se_sys_mount fs/namespace.c:3178 [inline] __x64_sys_mount+0xbe/0x150 fs/namespace.c:3178 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at 88018bd25340 which belongs to the cache kmalloc-8192 of size 8192 The buggy address is located 4008 bytes inside of 8192-byte region [88018b
