From: syzbot <syzbot+d79afb004be235636ee8@syzkaller.appspotmail.com>
To: hdanton@sina.com, jack@suse.cz, konishi.ryusuke@gmail.com,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, linux-nilfs@vger.kernel.org,
syzkaller-bugs@googlegroups.com, willy@infradead.org
Subject: Re: [syzbot] [nilfs?] [mm?] KASAN: slab-use-after-free Read in lru_add_fn
Date: Sat, 15 Jun 2024 17:10:02 -0700 [thread overview]
Message-ID: <00000000000084b401061af6ab80@google.com> (raw)
In-Reply-To: <20240615235238.1079-1-hdanton@sina.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
kernel BUG in __destroy_inode
NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
NILFS (loop0): I/O error reading meta-data file (ino=3, block-offset=0)
NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer
------------[ cut here ]------------
kernel BUG at fs/inode.c:285!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 2 PID: 5330 Comm: syz-executor Not tainted 6.10.0-rc3-syzkaller-dirty #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:__destroy_inode+0x5e4/0x7a0 fs/inode.c:285
Code: 2a 03 00 00 48 c7 c7 40 78 3d 8b c6 05 aa 6d cc 0d 01 e8 bf d9 69 ff e9 0e fc ff ff e8 a5 8b 8c ff 90 0f 0b e8 9d 8b 8c ff 90 <0f> 0b e8 95 8b 8c ff 90 0f 0b 90 e9 fa fa ff ff e8 87 8b 8c ff 90
RSP: 0018:ffffc900035afaf0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880325ba7c8 RCX: ffffffff82015439
RDX: ffff8880222ec880 RSI: ffffffff820159b3 RDI: 0000000000000007
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880325ba980
R13: 0000000000000024 R14: ffffffff8b706c60 R15: ffff8880325ba8a0
FS: 0000555571e27480(0000) GS:ffff88806b200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f01cb366731 CR3: 0000000034ef4000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
destroy_inode+0x91/0x1b0 fs/inode.c:310
iput_final fs/inode.c:1742 [inline]
iput.part.0+0x5a8/0x7f0 fs/inode.c:1768
iput+0x5c/0x80 fs/inode.c:1758
nilfs_put_root+0xae/0xe0 fs/nilfs2/the_nilfs.c:925
nilfs_segctor_destroy fs/nilfs2/segment.c:2788 [inline]
nilfs_detach_log_writer+0x5ef/0xaa0 fs/nilfs2/segment.c:2850
nilfs_put_super+0x43/0x1b0 fs/nilfs2/super.c:498
generic_shutdown_super+0x159/0x3d0 fs/super.c:642
kill_block_super+0x3b/0x90 fs/super.c:1676
deactivate_locked_super+0xbe/0x1a0 fs/super.c:473
deactivate_super+0xde/0x100 fs/super.c:506
cleanup_mnt+0x222/0x450 fs/namespace.c:1267
task_work_run+0x14e/0x250 kernel/task_work.c:180
resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x278/0x2a0 kernel/entry/common.c:218
do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc203a7e217
Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007fffe9265ae8 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007fc203a7e217
RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007fffe9266c90
RBP: 00007fc203ac8336 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000100 R11: 0000000000000202 R12: 00007fffe9266c90
R13: 00007fc203ac8336 R14: 0000555571e27430 R15: 0000000000000005
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__destroy_inode+0x5e4/0x7a0 fs/inode.c:285
Code: 2a 03 00 00 48 c7 c7 40 78 3d 8b c6 05 aa 6d cc 0d 01 e8 bf d9 69 ff e9 0e fc ff ff e8 a5 8b 8c ff 90 0f 0b e8 9d 8b 8c ff 90 <0f> 0b e8 95 8b 8c ff 90 0f 0b 90 e9 fa fa ff ff e8 87 8b 8c ff 90
RSP: 0018:ffffc900035afaf0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff8880325ba7c8 RCX: ffffffff82015439
RDX: ffff8880222ec880 RSI: ffffffff820159b3 RDI: 0000000000000007
RBP: 0000000000000001 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880325ba980
R13: 0000000000000024 R14: ffffffff8b706c60 R15: ffff8880325ba8a0
FS: 0000555571e27480(0000) GS:ffff88806b300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c0016fb000 CR3: 0000000034ef4000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Tested on:
commit: 83a7eefe Linux 6.10-rc3
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=11bb8ada980000
kernel config: https://syzkaller.appspot.com/x/.config?x=b8786f381e62940f
dashboard link: https://syzkaller.appspot.com/bug?extid=d79afb004be235636ee8
compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=16642012980000
next prev parent reply other threads:[~2024-06-16 0:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-14 13:18 [RFC PATCH] mm: truncate: flush lru cache for evicted inode Hillf Danton
2024-06-14 13:42 ` Matthew Wilcox
2024-06-14 23:59 ` Hillf Danton
2024-06-15 20:44 ` Matthew Wilcox
2024-06-15 23:52 ` Hillf Danton
2024-06-16 0:10 ` syzbot [this message]
2024-06-16 2:39 ` Hillf Danton
2024-06-16 3:06 ` [syzbot] [nilfs?] [mm?] KASAN: slab-use-after-free Read in lru_add_fn syzbot
2024-06-23 5:11 ` [PATCH 0/3] nilfs2: fix potential issues related to reserved inodes Ryusuke Konishi
2024-06-23 5:11 ` [PATCH 1/3] nilfs2: fix inode number range checks Ryusuke Konishi
2024-06-23 5:11 ` [PATCH 2/3] nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi
2024-06-23 5:11 ` [PATCH 3/3] nilfs2: fix incorrect inode allocation from reserved inodes Ryusuke Konishi
2024-06-17 7:57 ` [RFC PATCH] mm: truncate: flush lru cache for evicted inode Jan Kara
2024-06-17 11:24 ` Ryusuke Konishi
-- strict thread matches above, loose matches on Subject: below --
2024-05-09 5:58 [syzbot] [mm?] KASAN: slab-use-after-free Read in lru_add_fn syzbot
2024-06-11 18:10 ` [syzbot] [nilfs?] " syzbot
2024-06-12 10:45 ` Hillf Danton
2024-06-12 11:04 ` syzbot
2024-06-12 23:16 ` Hillf Danton
2024-06-12 23:35 ` syzbot
2024-06-13 10:57 ` Hillf Danton
2024-06-13 11:27 ` syzbot
2024-06-13 12:24 ` Hillf Danton
2024-06-13 12:45 ` syzbot
2024-06-14 10:41 ` Hillf Danton
2024-06-14 11:01 ` syzbot
2024-06-14 11:32 ` Hillf Danton
2024-06-14 11:57 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00000000000084b401061af6ab80@google.com \
--to=syzbot+d79afb004be235636ee8@syzkaller.appspotmail.com \
--cc=hdanton@sina.com \
--cc=jack@suse.cz \
--cc=konishi.ryusuke@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nilfs@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.