kernel BUG in jbd2_journal_get_create_access (2)
4 views
Skip to first unread message
syzbot
May 8, 2022, 6:27:22 AM5/8/22
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0e9e1752f526 UPSTREAM: kfence: fix memory leak when cat kf..
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=16f9a474f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=162eb28e0881ad0e
dashboard link: https://syzkaller.appspot.com/bug?extid=3ed09cea4b8460097f39
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3ed09c...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jbd2/transaction.c:1182!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 13684 Comm: syz-executor.3 Not tainted 5.4.180-syzkaller-00001-g0e9e1752f526 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:jbd2_journal_get_create_access+0x484/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 bb 27 c3 ff e9 e8 fe ff ff e8 31 c7 96 ff 0f 0b e8 2a c7 96 ff 0f 0b e8 23 c7 96 ff 0f 0b e8 1c c7 96 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 53 48 89 fd e8
RSP: 0018:ffff8881c02cf7f0 EFLAGS: 00010287
RAX: ffffffff81c977c4 RBX: ffff8881b734d8c0 RCX: 0000000000040000
RDX: ffffc9000114c000 RSI: 0000000000004283 RDI: 0000000000004284
RBP: 0000000000000003 R08: ffffffff81c974d4 R09: ffffed1036d08d66
R10: ffffed1036d08d66 R11: 1ffff11036d08d65 R12: dffffc0000000000
R13: ffff8881ed857840 R14: ffff8881b6846b28 R15: ffff8881c65d9b40
FS: 00007f1ea057f700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ef25000 CR3: 00000001e85c9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__ext4_journal_get_create_access+0x55/0x2b0 fs/ext4/ext4_jbd2.c:250
ext4_ext_grow_indepth fs/ext4/extents.c:1317 [inline]
ext4_ext_create_new_leaf fs/ext4/extents.c:1411 [inline]
ext4_ext_insert_extent+0xc4b/0x4dd0 fs/ext4/extents.c:2095
ext4_ext_map_blocks+0x1905/0x3ba0 fs/ext4/extents.c:4499
ext4_map_blocks+0x961/0x1a30 fs/ext4/inode.c:659
ext4_alloc_file_blocks+0x35b/0xc20 fs/ext4/extents.c:4662
ext4_zero_range+0x60d/0xd60 fs/ext4/extents.c:4777
vfs_fallocate+0x51f/0x680 fs/open.c:309
ksys_fallocate fs/open.c:332 [inline]
__do_sys_fallocate fs/open.c:340 [inline]
__se_sys_fallocate fs/open.c:338 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:338
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f1ea14090e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1ea057f168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f1ea151bf60 RCX: 00007f1ea14090e9
RDX: 0000000000008003 RSI: 0000000000000010 RDI: 0000000000000004
RBP: 00007f1ea146308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000008020001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffed355024f R14: 00007f1ea057f300 R15: 0000000000022000
Modules linked in:
---[ end trace f19556821f87dc3f ]---
RIP: 0010:jbd2_journal_get_create_access+0x484/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 bb 27 c3 ff e9 e8 fe ff ff e8 31 c7 96 ff 0f 0b e8 2a c7 96 ff 0f 0b e8 23 c7 96 ff 0f 0b e8 1c c7 96 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 53 48 89 fd e8
RSP: 0018:ffff8881c02cf7f0 EFLAGS: 00010287
RAX: ffffffff81c977c4 RBX: ffff8881b734d8c0 RCX: 0000000000040000
RDX: ffffc9000114c000 RSI: 0000000000004283 RDI: 0000000000004284
RBP: 0000000000000003 R08: ffffffff81c974d4 R09: ffffed1036d08d66
R10: ffffed1036d08d66 R11: 1ffff11036d08d65 R12: dffffc0000000000
R13: ffff8881ed857840 R14: ffff8881b6846b28 R15: ffff8881c65d9b40
FS: 00007f1ea057f700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ef25000 CR3: 00000001e85c9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 0e9e1752f526 UPSTREAM: kfence: fix memory leak when cat kf..
git tree: android12-5.4
console output: https://syzkaller.appspot.com/x/log.txt?x=16f9a474f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=162eb28e0881ad0e
dashboard link: https://syzkaller.appspot.com/bug?extid=3ed09cea4b8460097f39
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3ed09c...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/jbd2/transaction.c:1182!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 13684 Comm: syz-executor.3 Not tainted 5.4.180-syzkaller-00001-g0e9e1752f526 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:jbd2_journal_get_create_access+0x484/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 bb 27 c3 ff e9 e8 fe ff ff e8 31 c7 96 ff 0f 0b e8 2a c7 96 ff 0f 0b e8 23 c7 96 ff 0f 0b e8 1c c7 96 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 53 48 89 fd e8
RSP: 0018:ffff8881c02cf7f0 EFLAGS: 00010287
RAX: ffffffff81c977c4 RBX: ffff8881b734d8c0 RCX: 0000000000040000
RDX: ffffc9000114c000 RSI: 0000000000004283 RDI: 0000000000004284
RBP: 0000000000000003 R08: ffffffff81c974d4 R09: ffffed1036d08d66
R10: ffffed1036d08d66 R11: 1ffff11036d08d65 R12: dffffc0000000000
R13: ffff8881ed857840 R14: ffff8881b6846b28 R15: ffff8881c65d9b40
FS: 00007f1ea057f700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ef25000 CR3: 00000001e85c9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__ext4_journal_get_create_access+0x55/0x2b0 fs/ext4/ext4_jbd2.c:250
ext4_ext_grow_indepth fs/ext4/extents.c:1317 [inline]
ext4_ext_create_new_leaf fs/ext4/extents.c:1411 [inline]
ext4_ext_insert_extent+0xc4b/0x4dd0 fs/ext4/extents.c:2095
ext4_ext_map_blocks+0x1905/0x3ba0 fs/ext4/extents.c:4499
ext4_map_blocks+0x961/0x1a30 fs/ext4/inode.c:659
ext4_alloc_file_blocks+0x35b/0xc20 fs/ext4/extents.c:4662
ext4_zero_range+0x60d/0xd60 fs/ext4/extents.c:4777
vfs_fallocate+0x51f/0x680 fs/open.c:309
ksys_fallocate fs/open.c:332 [inline]
__do_sys_fallocate fs/open.c:340 [inline]
__se_sys_fallocate fs/open.c:338 [inline]
__x64_sys_fallocate+0xb9/0x100 fs/open.c:338
do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f1ea14090e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1ea057f168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007f1ea151bf60 RCX: 00007f1ea14090e9
RDX: 0000000000008003 RSI: 0000000000000010 RDI: 0000000000000004
RBP: 00007f1ea146308d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000008020001 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffed355024f R14: 00007f1ea057f300 R15: 0000000000022000
Modules linked in:
---[ end trace f19556821f87dc3f ]---
RIP: 0010:jbd2_journal_get_create_access+0x484/0x490 fs/jbd2/transaction.c:1179
Code: fe ff ff 48 89 ef e8 bb 27 c3 ff e9 e8 fe ff ff e8 31 c7 96 ff 0f 0b e8 2a c7 96 ff 0f 0b e8 23 c7 96 ff 0f 0b e8 1c c7 96 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 55 41 57 41 56 53 48 89 fd e8
RSP: 0018:ffff8881c02cf7f0 EFLAGS: 00010287
RAX: ffffffff81c977c4 RBX: ffff8881b734d8c0 RCX: 0000000000040000
RDX: ffffc9000114c000 RSI: 0000000000004283 RDI: 0000000000004284
RBP: 0000000000000003 R08: ffffffff81c974d4 R09: ffffed1036d08d66
R10: ffffed1036d08d66 R11: 1ffff11036d08d65 R12: dffffc0000000000
R13: ffff8881ed857840 R14: ffff8881b6846b28 R15: ffff8881c65d9b40
FS: 00007f1ea057f700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b2ef25000 CR3: 00000001e85c9000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Sep 5, 2022, 6:27:20 AM9/5/22
to syzkaller-a...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages