From: syzbot <syzbot+8a5fc6416c175cecea34@syzkaller.appspotmail.com>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] [syzbot] [gfs2?] general protection fault in gfs2_evict_inode (2)
Date: Sun, 18 Dec 2022 06:01:39 -0000 [thread overview]
Message-ID: <0000000000005d3b2c05f013ef1d@google.com> (raw)
In-Reply-To: <000000000000ab092305e268a016@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15551327880000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=8a5fc6416c175cecea34
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1718796f880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1735df8f880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/b4c763067524/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8a5fc6416c175cecea34 at syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: error recovering journal 0: -5
Unable to handle kernel NULL pointer dereference at virtual address 000000000000008c
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010dd7c000
[000000000000008c] pgd=080000010bf77003, p4d=080000010bf77003, pud=080000010a9f1003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3071 Comm: syz-executor179 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : evict_linked_inode fs/gfs2/super.c:1330 [inline]
pc : gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385
lr : evict_linked_inode fs/gfs2/super.c:1328 [inline]
lr : gfs2_evict_inode+0x6ec/0x918 fs/gfs2/super.c:1385
sp : ffff80000ff73830
x29: ffff80000ff738a0 x28: 0000000000000000 x27: 0000000000000000
x26: ffff0000cb74c728 x25: 0000000000008004 x24: ffff0000c9b25110
x23: ffff0000cb74c000 x22: ffff0000c9b24e70 x21: ffff0000cb74c000
x20: ffff0000ca579770 x19: ffff0000ca5792c0 x18: 00000000000000c0
x17: ffff80000dda8198 x16: ffff80000dbe6158 x15: ffff0000c407cec0
x14: 00000000000000b8 x13: 00000000ffffffff x12: ffff0000c407cec0
x11: ff80800009278314 x10: 0000000000000000 x9 : ffff800009278314
x8 : 0000000000000000 x7 : ffff80000862aa80 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff0000cb74c000
Call trace:
evict_linked_inode fs/gfs2/super.c:1330 [inline]
gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385
evict+0xec/0x334 fs/inode.c:664
iput_final fs/inode.c:1747 [inline]
iput+0x2c4/0x324 fs/inode.c:1773
gfs2_jindex_free+0x10c/0x16c fs/gfs2/super.c:75
init_journal+0x518/0xcbc fs/gfs2/ops_fstype.c:871
init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889
gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247
get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324
gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330
vfs_get_tree+0x40/0x140 fs/super.c:1531
do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
path_mount+0x358/0x890 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: 97ff3736 f94482e8 aa1703e0 2a1f03e1 (b9408d02)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 97ff3736 bl 0xfffffffffffcdcd8
4: f94482e8 ldr x8, [x23, #2304]
8: aa1703e0 mov x0, x23
c: 2a1f03e1 mov w1, wzr
* 10: b9408d02 ldr w2, [x8, #140] <-- trapping instruction
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+8a5fc6416c175cecea34@syzkaller.appspotmail.com>
To: agruenba@redhat.com, cluster-devel@redhat.com,
linux-kernel@vger.kernel.org, rpeterso@redhat.com,
syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] [gfs2?] general protection fault in gfs2_evict_inode (2)
Date: Sat, 17 Dec 2022 22:01:34 -0800 [thread overview]
Message-ID: <0000000000005d3b2c05f013ef1d@google.com> (raw)
In-Reply-To: <000000000000ab092305e268a016@google.com>
syzbot has found a reproducer for the following issue on:
HEAD commit: a5541c0811a0 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15551327880000
kernel config: https://syzkaller.appspot.com/x/.config?x=cbd4e584773e9397
dashboard link: https://syzkaller.appspot.com/bug?extid=8a5fc6416c175cecea34
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1718796f880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1735df8f880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b7702208fb9/disk-a5541c08.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9ec0153ec051/vmlinux-a5541c08.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6f8725ad290a/Image-a5541c08.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/b4c763067524/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8a5fc6416c175cecea34@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: error recovering journal 0: -5
Unable to handle kernel NULL pointer dereference at virtual address 000000000000008c
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000010dd7c000
[000000000000008c] pgd=080000010bf77003, p4d=080000010bf77003, pud=080000010a9f1003, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3071 Comm: syz-executor179 Not tainted 6.1.0-rc8-syzkaller-33330-ga5541c0811a0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : evict_linked_inode fs/gfs2/super.c:1330 [inline]
pc : gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385
lr : evict_linked_inode fs/gfs2/super.c:1328 [inline]
lr : gfs2_evict_inode+0x6ec/0x918 fs/gfs2/super.c:1385
sp : ffff80000ff73830
x29: ffff80000ff738a0 x28: 0000000000000000 x27: 0000000000000000
x26: ffff0000cb74c728 x25: 0000000000008004 x24: ffff0000c9b25110
x23: ffff0000cb74c000 x22: ffff0000c9b24e70 x21: ffff0000cb74c000
x20: ffff0000ca579770 x19: ffff0000ca5792c0 x18: 00000000000000c0
x17: ffff80000dda8198 x16: ffff80000dbe6158 x15: ffff0000c407cec0
x14: 00000000000000b8 x13: 00000000ffffffff x12: ffff0000c407cec0
x11: ff80800009278314 x10: 0000000000000000 x9 : ffff800009278314
x8 : 0000000000000000 x7 : ffff80000862aa80 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000000001 x1 : 0000000000000000 x0 : ffff0000cb74c000
Call trace:
evict_linked_inode fs/gfs2/super.c:1330 [inline]
gfs2_evict_inode+0x6f8/0x918 fs/gfs2/super.c:1385
evict+0xec/0x334 fs/inode.c:664
iput_final fs/inode.c:1747 [inline]
iput+0x2c4/0x324 fs/inode.c:1773
gfs2_jindex_free+0x10c/0x16c fs/gfs2/super.c:75
init_journal+0x518/0xcbc fs/gfs2/ops_fstype.c:871
init_inodes+0x74/0x184 fs/gfs2/ops_fstype.c:889
gfs2_fill_super+0x630/0x874 fs/gfs2/ops_fstype.c:1247
get_tree_bdev+0x1e8/0x2a0 fs/super.c:1324
gfs2_get_tree+0x30/0xc0 fs/gfs2/ops_fstype.c:1330
vfs_get_tree+0x40/0x140 fs/super.c:1531
do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040
path_mount+0x358/0x890 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x2c4/0x3c4 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall arch/arm64/kernel/syscall.c:52 [inline]
el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x48/0x140 arch/arm64/kernel/syscall.c:197
el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:584
Code: 97ff3736 f94482e8 aa1703e0 2a1f03e1 (b9408d02)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 97ff3736 bl 0xfffffffffffcdcd8
4: f94482e8 ldr x8, [x23, #2304]
8: aa1703e0 mov x0, x23
c: 2a1f03e1 mov w1, wzr
* 10: b9408d02 ldr w2, [x8, #140] <-- trapping instruction
next prev parent reply other threads:[~2022-12-18 6:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-27 7:11 [Cluster-devel] [syzbot] general protection fault in gfs2_evict_inode (2) syzbot
2022-06-27 7:11 ` syzbot
2022-12-18 6:01 ` syzbot [this message]
2022-12-18 6:01 ` [Cluster-devel] [syzbot] [gfs2?] " syzbot
2023-06-12 21:05 ` syzbot
2023-06-12 21:05 ` syzbot
2023-06-14 8:50 ` [Cluster-devel] " Dmitry Vyukov
2023-06-14 8:50 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000005d3b2c05f013ef1d@google.com \
--to=syzbot+8a5fc6416c175cecea34@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.