[Android 5.4] kernel BUG in jbd2_journal_get_create_access (3)
4 views
Skip to first unread message
syzbot
Apr 3, 2023, 6:38:54 PM4/3/23
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a6b5274af71b UPSTREAM: media: rc: Fix use-after-free bugs ..
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=159881e1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=89d7298c04c40d1f
dashboard link: https://syzkaller.appspot.com/bug?extid=5d5097fa04455dbd60d9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a6d0717d1368/disk-a6b5274a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cf663d6261d7/vmlinux-a6b5274a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/674f83f2a835/bzImage-a6b5274a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5d5097...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jbd2/transaction.c:1182!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 321 Comm: syz-executor.1 Not tainted 5.4.233-syzkaller-00030-ga6b5274af71b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:jbd2_journal_get_create_access+0x488/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 07 74 c0 ff e9 e8 fe ff ff e8 3d ef 92 ff 0f 0b e8 36 ef 92 ff 0f 0b e8 2f ef 92 ff 0f 0b e8 28 ef 92 ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 41 54 53 49 89 fc e8 10 ef
RSP: 0018:ffff8881bf9f7870 EFLAGS: 00010293
RAX: ffffffff81d04a98 RBX: ffff8881baf51dc0 RCX: ffff8881de484ec0
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000002
RBP: 0000000000000003 R08: ffffffff81d047a6 R09: ffffed10367c97ba
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881ed8400b0 R14: ffff8881b3e4bdc8 R15: ffff8881b7598380
FS: 0000555555d99400(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001027f CR3: 00000001bf9c7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__ext4_journal_get_create_access+0x96/0x310 fs/ext4/ext4_jbd2.c:250
ext4_getblk+0x2d7/0x540 fs/ext4/inode.c:1018
ext4_bread+0x89/0x390 fs/ext4/inode.c:1045
ext4_append+0x297/0x4d0 fs/ext4/namei.c:83
ext4_init_new_dir fs/ext4/namei.c:2889 [inline]
ext4_mkdir+0x777/0x1520 fs/ext4/namei.c:2934
vfs_mkdir+0x41f/0x600 fs/namei.c:3896
do_mkdirat+0x1a9/0x2c0 fs/namei.c:3919
do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x5c/0xc1
Modules linked in:
---[ end trace 6bdfee95584d1885 ]---
RIP: 0010:jbd2_journal_get_create_access+0x488/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 07 74 c0 ff e9 e8 fe ff ff e8 3d ef 92 ff 0f 0b e8 36 ef 92 ff 0f 0b e8 2f ef 92 ff 0f 0b e8 28 ef 92 ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 41 54 53 49 89 fc e8 10 ef
RSP: 0018:ffff8881bf9f7870 EFLAGS: 00010293
RAX: ffffffff81d04a98 RBX: ffff8881baf51dc0 RCX: ffff8881de484ec0
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000002
RBP: 0000000000000003 R08: ffffffff81d047a6 R09: ffffed10367c97ba
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881ed8400b0 R14: ffff8881b3e4bdc8 R15: ffff8881b7598380
FS: 0000555555d99400(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001027f CR3: 00000001bf9c7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: a6b5274af71b UPSTREAM: media: rc: Fix use-after-free bugs ..
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=159881e1c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=89d7298c04c40d1f
dashboard link: https://syzkaller.appspot.com/bug?extid=5d5097fa04455dbd60d9
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/a6d0717d1368/disk-a6b5274a.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cf663d6261d7/vmlinux-a6b5274a.xz
kernel image: https://storage.googleapis.com/syzbot-assets/674f83f2a835/bzImage-a6b5274a.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+5d5097...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jbd2/transaction.c:1182!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 321 Comm: syz-executor.1 Not tainted 5.4.233-syzkaller-00030-ga6b5274af71b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:jbd2_journal_get_create_access+0x488/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 07 74 c0 ff e9 e8 fe ff ff e8 3d ef 92 ff 0f 0b e8 36 ef 92 ff 0f 0b e8 2f ef 92 ff 0f 0b e8 28 ef 92 ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 41 54 53 49 89 fc e8 10 ef
RSP: 0018:ffff8881bf9f7870 EFLAGS: 00010293
RAX: ffffffff81d04a98 RBX: ffff8881baf51dc0 RCX: ffff8881de484ec0
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000002
RBP: 0000000000000003 R08: ffffffff81d047a6 R09: ffffed10367c97ba
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881ed8400b0 R14: ffff8881b3e4bdc8 R15: ffff8881b7598380
FS: 0000555555d99400(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001027f CR3: 00000001bf9c7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__ext4_journal_get_create_access+0x96/0x310 fs/ext4/ext4_jbd2.c:250
ext4_getblk+0x2d7/0x540 fs/ext4/inode.c:1018
ext4_bread+0x89/0x390 fs/ext4/inode.c:1045
ext4_append+0x297/0x4d0 fs/ext4/namei.c:83
ext4_init_new_dir fs/ext4/namei.c:2889 [inline]
ext4_mkdir+0x777/0x1520 fs/ext4/namei.c:2934
vfs_mkdir+0x41f/0x600 fs/namei.c:3896
do_mkdirat+0x1a9/0x2c0 fs/namei.c:3919
do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x5c/0xc1
Modules linked in:
---[ end trace 6bdfee95584d1885 ]---
RIP: 0010:jbd2_journal_get_create_access+0x488/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 07 74 c0 ff e9 e8 fe ff ff e8 3d ef 92 ff 0f 0b e8 36 ef 92 ff 0f 0b e8 2f ef 92 ff 0f 0b e8 28 ef 92 ff <0f> 0b 66 0f 1f 44 00 00 55 41 57 41 56 41 54 53 49 89 fc e8 10 ef
RSP: 0018:ffff8881bf9f7870 EFLAGS: 00010293
RAX: ffffffff81d04a98 RBX: ffff8881baf51dc0 RCX: ffff8881de484ec0
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000002
RBP: 0000000000000003 R08: ffffffff81d047a6 R09: ffffed10367c97ba
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881ed8400b0 R14: ffff8881b3e4bdc8 R15: ffff8881b7598380
FS: 0000555555d99400(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001027f CR3: 00000001bf9c7000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Nov 2, 2023, 1:55:20 PM11/2/23
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages