From: syzbot <syzbot+72ba5fe5556d82ad118b@syzkaller.appspotmail.com>
To: anton@tuxera.com, linkinjeon@kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-ntfs-dev@lists.sourceforge.net,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [ntfs?] kernel BUG in ntfs_end_buffer_async_read
Date: Sun, 02 Jul 2023 08:25:01 -0700 [thread overview]
Message-ID: <0000000000004eab7a05ff82a700@google.com> (raw)
In-Reply-To: <00000000000046238c05f69776ab@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: dfab92f27c60 Merge tag 'nfs-for-6.5-1' of git://git.linux-..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=137d57bf280000
kernel config: https://syzkaller.appspot.com/x/.config?x=71a52faf60231bc7
dashboard link: https://syzkaller.appspot.com/bug?extid=72ba5fe5556d82ad118b
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13c987eca80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=144a738f280000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/32f183ec0f2c/disk-dfab92f2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e8f47f491184/vmlinux-dfab92f2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/ad90306c0fe6/bzImage-dfab92f2.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/bcae16df5190/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+72ba5fe5556d82ad118b@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ntfs/aops.c:130!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 6.4.0-syzkaller-10096-gdfab92f27c60 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:ntfs_end_buffer_async_read+0xc7f/0x1540 fs/ntfs/aops.c:130
Code: ff e8 95 97 c8 fe 4c 89 ff 48 c7 c6 e0 6b 3a 8b e8 86 3b 09 ff 0f 0b e8 7f 97 c8 fe 0f 0b e8 78 97 c8 fe 0f 0b e8 71 97 c8 fe <0f> 0b e8 6a 97 c8 fe 4c 89 ff e8 b2 99 ff ff 48 89 c7 48 c7 c6 20
RSP: 0018:ffffc900001b7b10 EFLAGS: 00010246
RAX: ffffffff82c35a7f RBX: 0000000000000010 RCX: ffff888014e59dc0
RDX: 0000000080000100 RSI: 0000000000020211 RDI: 0000000000001000
RBP: ffff8880771e8270 R08: ffffffff82c3547a R09: 1ffff1100ee3d00a
R10: dffffc0000000000 R11: ffffed100ee3d00b R12: 0000000000000000
R13: 0000000000020211 R14: 0000000000000001 R15: ffffea0001d76500
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc42b480940 CR3: 00000000219c3000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
end_bio_bh_io_sync+0xb7/0x110 fs/buffer.c:2794
req_bio_endio block/blk-mq.c:766 [inline]
blk_update_request+0x53f/0x1020 block/blk-mq.c:911
blk_mq_end_request+0x50/0x310 block/blk-mq.c:1032
blk_complete_reqs block/blk-mq.c:1110 [inline]
blk_done_softirq+0x103/0x150 block/blk-mq.c:1115
__do_softirq+0x2ab/0x908 kernel/softirq.c:553
run_ksoftirqd+0xc5/0x120 kernel/softirq.c:921
smpboot_thread_fn+0x533/0x9f0 kernel/smpboot.c:164
kthread+0x2b8/0x350 kernel/kthread.c:389
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ntfs_end_buffer_async_read+0xc7f/0x1540 fs/ntfs/aops.c:130
Code: ff e8 95 97 c8 fe 4c 89 ff 48 c7 c6 e0 6b 3a 8b e8 86 3b 09 ff 0f 0b e8 7f 97 c8 fe 0f 0b e8 78 97 c8 fe 0f 0b e8 71 97 c8 fe <0f> 0b e8 6a 97 c8 fe 4c 89 ff e8 b2 99 ff ff 48 89 c7 48 c7 c6 20
RSP: 0018:ffffc900001b7b10 EFLAGS: 00010246
RAX: ffffffff82c35a7f RBX: 0000000000000010 RCX: ffff888014e59dc0
RDX: 0000000080000100 RSI: 0000000000020211 RDI: 0000000000001000
RBP: ffff8880771e8270 R08: ffffffff82c3547a R09: 1ffff1100ee3d00a
R10: dffffc0000000000 R11: ffffed100ee3d00b R12: 0000000000000000
R13: 0000000000020211 R14: 0000000000000001 R15: ffffea0001d76500
FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc42b480940 CR3: 00000000219c3000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
next prev parent reply other threads:[~2023-07-02 15:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-11 3:27 [syzbot] [ntfs?] kernel BUG in ntfs_end_buffer_async_read syzbot
2023-07-02 15:25 ` syzbot [this message]
2024-02-17 13:05 ` [syzbot] [ntfs3?] " syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000004eab7a05ff82a700@google.com \
--to=syzbot+72ba5fe5556d82ad118b@syzkaller.appspotmail.com \
--cc=anton@tuxera.com \
--cc=linkinjeon@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-ntfs-dev@lists.sourceforge.net \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.