general protection fault in fscrypt_limit_io_blocks
4 views
Skip to first unread message
syzbot
Oct 30, 2022, 4:49:46 PM10/30/22
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7f2e600bf63a Merge 5.15.74 into android13-5.15-lts
git tree: android13-5.15-lts
console+strace: https://syzkaller.appspot.com/x/log.txt?x=135e12da880000
kernel config: https://syzkaller.appspot.com/x/.config?x=793f6fcecb4c5b08
dashboard link: https://syzkaller.appspot.com/bug?extid=ba9dac45bc76c490b7c3
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=176e12ee880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16db0aa6880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/79a248fb2d4a/disk-7f2e600b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8e350ccd91cf/vmlinux-7f2e600b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/b6201042604f/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ba9dac...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 408 Comm: syz-executor231 Not tainted 5.15.74-syzkaller-04383-g7f2e600bf63a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:798 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
Code: c4 c8 02 00 00 4d 89 e6 49 c1 ee 03 43 80 3c 2e 00 74 08 4c 89 e7 e8 18 90 db ff 49 8b 1c 24 48 83 c3 11 48 89 d8 48 c1 e8 03 <42> 8a 04 28 84 c0 0f 85 53 01 00 00 0f b6 1b 31 ff 89 de e8 51 46
RSP: 0018:ffffc900003df260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff8881075d3b40 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc900003df290 R08: ffffffff81d84dff R09: ffffed102132ca5e
R10: ffffed102132ca5e R11: 1ffff1102132ca5d R12: ffff8881099655f0
R13: dffffc0000000000 R14: 1ffff1102132cabe R15: 0000000000000001
FS: 0000555555c13300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055af8a403048 CR3: 000000011f59d000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_iomap_begin+0xa05/0xd90 fs/ext4/inode.c:3476
iomap_iter+0x660/0x830 fs/iomap/iter.c:74
iomap_bmap+0x2b5/0x550 fs/iomap/fiemap.c:113
ext4_bmap+0x3b0/0x430 fs/ext4/inode.c:3216
bmap+0xa5/0xe0 fs/inode.c:1714
jbd2_journal_init_inode+0x9e/0x3f0 fs/jbd2/journal.c:1485
ext4_get_journal fs/ext4/super.c:5183 [inline]
ext4_load_journal+0x30b/0x1440 fs/ext4/super.c:5317
ext4_fill_super+0x6241/0x9650 fs/ext4/super.c:4663
mount_bdev+0x280/0x3b0 fs/super.c:1368
ext4_mount+0x34/0x40 fs/ext4/super.c:6545
legacy_get_tree+0xf0/0x190 fs/fs_context.c:610
vfs_get_tree+0x88/0x290 fs/super.c:1498
do_new_mount+0x289/0xad0 fs/namespace.c:2994
path_mount+0x60b/0x1050 fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount+0x2d2/0x3c0 fs/namespace.c:3522
__x64_sys_mount+0xbf/0xd0 fs/namespace.c:3522
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fa2b5b9602a
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd0dcf1318 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa2b5b9602a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd0dcf1330
RBP: 00007ffd0dcf1330 R08: 00007ffd0dcf1370 R09: 0000555555c132c0
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004
R13: 00007ffd0dcf1370 R14: 0000000000000026 R15: 0000000020000590
</TASK>
Modules linked in:
---[ end trace 45657261f0145111 ]---
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:798 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
Code: c4 c8 02 00 00 4d 89 e6 49 c1 ee 03 43 80 3c 2e 00 74 08 4c 89 e7 e8 18 90 db ff 49 8b 1c 24 48 83 c3 11 48 89 d8 48 c1 e8 03 <42> 8a 04 28 84 c0 0f 85 53 01 00 00 0f b6 1b 31 ff 89 de e8 51 46
RSP: 0018:ffffc900003df260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff8881075d3b40 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc900003df290 R08: ffffffff81d84dff R09: ffffed102132ca5e
R10: ffffed102132ca5e R11: 1ffff1102132ca5d R12: ffff8881099655f0
R13: dffffc0000000000 R14: 1ffff1102132cabe R15: 0000000000000001
FS: 0000555555c13300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055af8a403048 CR3: 000000011f59d000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: c8 02 00 00 enterq $0x2,$0x0
4: 4d 89 e6 mov %r12,%r14
7: 49 c1 ee 03 shr $0x3,%r14
b: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
10: 74 08 je 0x1a
12: 4c 89 e7 mov %r12,%rdi
15: e8 18 90 db ff callq 0xffdb9032
1a: 49 8b 1c 24 mov (%r12),%rbx
1e: 48 83 c3 11 add $0x11,%rbx
22: 48 89 d8 mov %rbx,%rax
25: 48 c1 e8 03 shr $0x3,%rax
* 29: 42 8a 04 28 mov (%rax,%r13,1),%al <-- trapping instruction
2d: 84 c0 test %al,%al
2f: 0f 85 53 01 00 00 jne 0x188
35: 0f b6 1b movzbl (%rbx),%ebx
38: 31 ff xor %edi,%edi
3a: 89 de mov %ebx,%esi
3c: e8 .byte 0xe8
3d: 51 push %rcx
3e: 46 rex.RX
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 7f2e600bf63a Merge 5.15.74 into android13-5.15-lts
git tree: android13-5.15-lts
console+strace: https://syzkaller.appspot.com/x/log.txt?x=135e12da880000
kernel config: https://syzkaller.appspot.com/x/.config?x=793f6fcecb4c5b08
dashboard link: https://syzkaller.appspot.com/bug?extid=ba9dac45bc76c490b7c3
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=176e12ee880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16db0aa6880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/79a248fb2d4a/disk-7f2e600b.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/8e350ccd91cf/vmlinux-7f2e600b.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/b6201042604f/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ba9dac...@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 408 Comm: syz-executor231 Not tainted 5.15.74-syzkaller-04383-g7f2e600bf63a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:798 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
Code: c4 c8 02 00 00 4d 89 e6 49 c1 ee 03 43 80 3c 2e 00 74 08 4c 89 e7 e8 18 90 db ff 49 8b 1c 24 48 83 c3 11 48 89 d8 48 c1 e8 03 <42> 8a 04 28 84 c0 0f 85 53 01 00 00 0f b6 1b 31 ff 89 de e8 51 46
RSP: 0018:ffffc900003df260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff8881075d3b40 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc900003df290 R08: ffffffff81d84dff R09: ffffed102132ca5e
R10: ffffed102132ca5e R11: 1ffff1102132ca5d R12: ffff8881099655f0
R13: dffffc0000000000 R14: 1ffff1102132cabe R15: 0000000000000001
FS: 0000555555c13300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055af8a403048 CR3: 000000011f59d000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ext4_iomap_begin+0xa05/0xd90 fs/ext4/inode.c:3476
iomap_iter+0x660/0x830 fs/iomap/iter.c:74
iomap_bmap+0x2b5/0x550 fs/iomap/fiemap.c:113
ext4_bmap+0x3b0/0x430 fs/ext4/inode.c:3216
bmap+0xa5/0xe0 fs/inode.c:1714
jbd2_journal_init_inode+0x9e/0x3f0 fs/jbd2/journal.c:1485
ext4_get_journal fs/ext4/super.c:5183 [inline]
ext4_load_journal+0x30b/0x1440 fs/ext4/super.c:5317
ext4_fill_super+0x6241/0x9650 fs/ext4/super.c:4663
mount_bdev+0x280/0x3b0 fs/super.c:1368
ext4_mount+0x34/0x40 fs/ext4/super.c:6545
legacy_get_tree+0xf0/0x190 fs/fs_context.c:610
vfs_get_tree+0x88/0x290 fs/super.c:1498
do_new_mount+0x289/0xad0 fs/namespace.c:2994
path_mount+0x60b/0x1050 fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount+0x2d2/0x3c0 fs/namespace.c:3522
__x64_sys_mount+0xbf/0xd0 fs/namespace.c:3522
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fa2b5b9602a
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd0dcf1318 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa2b5b9602a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd0dcf1330
RBP: 00007ffd0dcf1330 R08: 00007ffd0dcf1370 R09: 0000555555c132c0
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004
R13: 00007ffd0dcf1370 R14: 0000000000000026 R15: 0000000020000590
</TASK>
Modules linked in:
---[ end trace 45657261f0145111 ]---
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:798 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
Code: c4 c8 02 00 00 4d 89 e6 49 c1 ee 03 43 80 3c 2e 00 74 08 4c 89 e7 e8 18 90 db ff 49 8b 1c 24 48 83 c3 11 48 89 d8 48 c1 e8 03 <42> 8a 04 28 84 c0 0f 85 53 01 00 00 0f b6 1b 31 ff 89 de e8 51 46
RSP: 0018:ffffc900003df260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff8881075d3b40 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc900003df290 R08: ffffffff81d84dff R09: ffffed102132ca5e
R10: ffffed102132ca5e R11: 1ffff1102132ca5d R12: ffff8881099655f0
R13: dffffc0000000000 R14: 1ffff1102132cabe R15: 0000000000000001
FS: 0000555555c13300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055af8a403048 CR3: 000000011f59d000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: c8 02 00 00 enterq $0x2,$0x0
4: 4d 89 e6 mov %r12,%r14
7: 49 c1 ee 03 shr $0x3,%r14
b: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
10: 74 08 je 0x1a
12: 4c 89 e7 mov %r12,%rdi
15: e8 18 90 db ff callq 0xffdb9032
1a: 49 8b 1c 24 mov (%r12),%rbx
1e: 48 83 c3 11 add $0x11,%rbx
22: 48 89 d8 mov %rbx,%rax
25: 48 c1 e8 03 shr $0x3,%rax
* 29: 42 8a 04 28 mov (%rax,%r13,1),%al <-- trapping instruction
2d: 84 c0 test %al,%al
2f: 0f 85 53 01 00 00 jne 0x188
35: 0f b6 1b movzbl (%rbx),%ebx
38: 31 ff xor %edi,%edi
3a: 89 de mov %ebx,%esi
3c: e8 .byte 0xe8
3d: 51 push %rcx
3e: 46 rex.RX
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Oct 30, 2022, 4:49:47 PM10/30/22
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 0118fb827bc7 Merge branch 'android12-5.10' into branch 'an..
syzbot found the following issue on:
git tree: android12-5.10-lts
console+strace: https://syzkaller.appspot.com/x/log.txt?x=151c42ea880000
kernel config: https://syzkaller.appspot.com/x/.config?x=585a67b78cadff5
dashboard link: https://syzkaller.appspot.com/bug?extid=ce0fb3a44af82b598be7
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13da5f5a880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17850861880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/cc18609231c0/disk-0118fb82.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/1d1a695e1b6f/vmlinux-0118fb82.xz
kernel image: https://storage.googleapis.com/syzbot-assets/05f981b5731d/bzImage-0118fb82.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/cdba073b2a75/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
EXT4-fs error (device loop0): ext4_get_journal_inode:5259: inode #3: comm syz-executor123: casefold flag without casefold feature
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 0 PID: 371 Comm: syz-executor123 Not tainted 5.10.149-syzkaller-01350-g0118fb827bc7 #0
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:700 [inline]
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xce/0x2b0 fs/crypto/inline_crypt.c:460
Code: 5d 00 81 e3 00 f0 00 00 bf 00 80 00 00 89 de e8 98 28 a7 ff 81 fb 00 80 00 00 75 7b 4c 89 f9 49 8d 5e 11 48 89 d8 48 c1 e8 03 <42> 8a 04 38 84 c0 0f 85 58 01 00 00 0f b6 1b 31 ff 89 de e8 ba 27
RSP: 0018:ffffc90000b572e0 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: dffffc0000000000
RDX: ffff8881065fe2c0 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc90000b57310 R08: ffffffff81c5c5a8 R09: ffffed1021c70ee8
R10: ffffed1021c70ee8 R11: 1ffff11021c70ee7 R12: 0000000000000001
R13: ffff88810e3877b8 R14: 0000000000000000 R15: dffffc0000000000
FS: 000055555580c300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f448fad06a8 CR3: 000000011e2d4000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_iomap_begin+0x933/0xc00 fs/ext4/inode.c:3564
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
iomap_apply+0xf9/0x7f0 fs/iomap/apply.c:46
iomap_bmap+0x168/0x1f0 fs/iomap/fiemap.c:134
ext4_bmap+0x3a7/0x420 fs/ext4/inode.c:3303
bmap+0xa5/0xe0 fs/inode.c:1706
jbd2_journal_init_inode+0x9d/0x390 fs/jbd2/journal.c:1437
ext4_get_journal fs/ext4/super.c:5294 [inline]
ext4_load_journal+0x30b/0x1440 fs/ext4/super.c:5428
ext4_fill_super+0x60b3/0x9150 fs/ext4/super.c:4804
mount_bdev+0x25f/0x370 fs/super.c:1419
ext4_mount+0x34/0x40 fs/ext4/super.c:6611
legacy_get_tree+0xf0/0x190 fs/fs_context.c:592
vfs_get_tree+0x88/0x290 fs/super.c:1549
do_new_mount+0x289/0xad0 fs/namespace.c:2899
path_mount+0x58d/0xce0 fs/namespace.c:3229
do_mount fs/namespace.c:3242 [inline]
__do_sys_mount fs/namespace.c:3450 [inline]
__se_sys_mount+0x2d2/0x3c0 fs/namespace.c:3427
__x64_sys_mount+0xbf/0xd0 fs/namespace.c:3427
do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x61/0xc6
RIP: 0033:0x7fde88aaf02a
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff185cfd58 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fde88aaf02a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff185cfd70
RBP: 00007fff185cfd70 R08: 00007fff185cfdb0 R09: 000055555580c2c0
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004
R13: 00007fff185cfdb0 R14: 0000000000000026 R15: 0000000020000590
Modules linked in:
---[ end trace eb3635f51acde573 ]---
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:700 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xce/0x2b0 fs/crypto/inline_crypt.c:460
Code: 5d 00 81 e3 00 f0 00 00 bf 00 80 00 00 89 de e8 98 28 a7 ff 81 fb 00 80 00 00 75 7b 4c 89 f9 49 8d 5e 11 48 89 d8 48 c1 e8 03 <42> 8a 04 38 84 c0 0f 85 58 01 00 00 0f b6 1b 31 ff 89 de e8 ba 27
RSP: 0018:ffffc90000b572e0 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: dffffc0000000000
RDX: ffff8881065fe2c0 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc90000b57310 R08: ffffffff81c5c5a8 R09: ffffed1021c70ee8
R10: ffffed1021c70ee8 R11: 1ffff11021c70ee7 R12: 0000000000000001
R13: ffff88810e3877b8 R14: 0000000000000000 R15: dffffc0000000000
FS: 000055555580c300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f448fad06a8 CR3: 000000011e2d4000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
0: 5d pop %rbp
1: 00 81 e3 00 f0 00 add %al,0xf000e3(%rcx)
7: 00 bf 00 80 00 00 add %bh,0x8000(%rdi)
d: 89 de mov %ebx,%esi
f: e8 98 28 a7 ff callq 0xffa728ac
14: 81 fb 00 80 00 00 cmp $0x8000,%ebx
1a: 75 7b jne 0x97
1c: 4c 89 f9 mov %r15,%rcx
1f: 49 8d 5e 11 lea 0x11(%r14),%rbx
23: 48 89 d8 mov %rbx,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 8a 04 38 mov (%rax,%r15,1),%al <-- trapping instruction
2e: 84 c0 test %al,%al
30: 0f 85 58 01 00 00 jne 0x18e
36: 0f b6 1b movzbl (%rbx),%ebx
39: 31 ff xor %edi,%edi
3b: 89 de mov %ebx,%esi
3d: e8 .byte 0xe8
3e: ba .byte 0xba
3f: 27 (bad)
Jun Nie
Dec 12, 2022, 5:13:23 AM12/12/22
to syzkaller-android-bugs
#syz test: https://android.googlesource.com/kernel/common android13-5.15-lts
Jun Nie
Dec 12, 2022, 5:14:43 AM12/12/22
to syzbot+ba9dac...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com
#syz test: https://android.googlesource.com/kernel/common android13-5.15-lts
syzbot
Dec 12, 2022, 5:17:22 PM12/12/22
to jun...@linaro.org, syzkaller-a...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in fscrypt_limit_io_blocks
EXT4-fs error (device loop0): ext4_get_journal_inode:5143: inode #3: comm syz-executor.0: casefold flag without casefold feature
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RSP: 0018:ffffc9000051f260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff88810bf462c0 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc9000051f290 R08: ffffffff81d852cf R09: ffffed10212f1e05
R10: ffffed10212f1e05 R11: 1ffff110212f1e04 R12: ffff88810978f328
R13: dffffc0000000000 R14: 1ffff110212f1e65 R15: 0000000000000001
FS: 00007f27d7727700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
ext4_iomap_begin+0xa05/0xd90 fs/ext4/inode.c:3483
bmap+0xa5/0xe0 fs/inode.c:1714
jbd2_journal_init_inode+0x9e/0x3f0 fs/jbd2/journal.c:1491
ext4_get_journal fs/ext4/super.c:5178 [inline]
ext4_load_journal+0x30b/0x1440 fs/ext4/super.c:5312
ext4_fill_super+0x6241/0x9650 fs/ext4/super.c:4658
mount_bdev+0x280/0x3b0 fs/super.c:1368
ext4_mount+0x34/0x40 fs/ext4/super.c:6540
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f27d7726f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f27d7bb4ada
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f27d7726fe0
RBP: 00007f27d7727020 R08: 00007f27d7727020 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f27d7726fe0 R15: 0000000020012f00
</TASK>
Modules linked in:
---[ end trace 49eeb0a751e5b36a ]---
RSP: 0018:ffffc9000051f260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff88810bf462c0 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc9000051f290 R08: ffffffff81d852cf R09: ffffed10212f1e05
R10: ffffed10212f1e05 R11: 1ffff110212f1e04 R12: ffff88810978f328
R13: dffffc0000000000 R14: 1ffff110212f1e65 R15: 0000000000000001
FS: 00007f27d7727700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
3e: 3d .byte 0x3d
Tested on:
commit: 7048384c Revert "net: macb: Specify PHY PM management ..
git tree: android13-5.15-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=125b0ecd880000
kernel config: https://syzkaller.appspot.com/x/.config?x=127798ba4fe52ecb
dashboard link: https://syzkaller.appspot.com/bug?extid=ba9dac45bc76c490b7c3
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
general protection fault in fscrypt_limit_io_blocks
EXT4-fs error (device loop0): ext4_get_journal_inode:5143: inode #3: comm syz-executor.0: casefold flag without casefold feature
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 462 Comm: syz-executor.0 Not tainted 5.15.77-syzkaller-04939-g7048384c9872 #0
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:798 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
Code: c4 c8 02 00 00 4d 89 e6 49 c1 ee 03 43 80 3c 2e 00 74 08 4c 89 e7 e8 f8 8b db ff 49 8b 1c 24 48 83 c3 11 48 89 d8 48 c1 e8 03 <42> 8a 04 28 84 c0 0f 85 53 01 00 00 0f b6 1b 31 ff 89 de e8 11 3d
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
RSP: 0018:ffffc9000051f260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff88810bf462c0 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc9000051f290 R08: ffffffff81d852cf R09: ffffed10212f1e05
R10: ffffed10212f1e05 R11: 1ffff110212f1e04 R12: ffff88810978f328
R13: dffffc0000000000 R14: 1ffff110212f1e65 R15: 0000000000000001
FS: 00007f27d7727700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a12f0c5300 CR3: 0000000120b08000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ext4_iomap_begin+0xa05/0xd90 fs/ext4/inode.c:3483
iomap_iter+0x660/0x830 fs/iomap/iter.c:74
iomap_bmap+0x2b5/0x550 fs/iomap/fiemap.c:113
ext4_bmap+0x3b0/0x430 fs/ext4/inode.c:3223
iomap_bmap+0x2b5/0x550 fs/iomap/fiemap.c:113
bmap+0xa5/0xe0 fs/inode.c:1714
jbd2_journal_init_inode+0x9e/0x3f0 fs/jbd2/journal.c:1491
ext4_get_journal fs/ext4/super.c:5178 [inline]
ext4_load_journal+0x30b/0x1440 fs/ext4/super.c:5312
ext4_fill_super+0x6241/0x9650 fs/ext4/super.c:4658
mount_bdev+0x280/0x3b0 fs/super.c:1368
ext4_mount+0x34/0x40 fs/ext4/super.c:6540
legacy_get_tree+0xf0/0x190 fs/fs_context.c:610
vfs_get_tree+0x88/0x290 fs/super.c:1498
do_new_mount+0x289/0xad0 fs/namespace.c:2994
path_mount+0x60b/0x1050 fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount+0x2d2/0x3c0 fs/namespace.c:3522
__x64_sys_mount+0xbf/0xd0 fs/namespace.c:3522
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f27d7bb4ada
vfs_get_tree+0x88/0x290 fs/super.c:1498
do_new_mount+0x289/0xad0 fs/namespace.c:2994
path_mount+0x60b/0x1050 fs/namespace.c:3324
do_mount fs/namespace.c:3337 [inline]
__do_sys_mount fs/namespace.c:3545 [inline]
__se_sys_mount+0x2d2/0x3c0 fs/namespace.c:3522
__x64_sys_mount+0xbf/0xd0 fs/namespace.c:3522
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x61/0xcb
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f27d7726f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00007f27d7bb4ada
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f27d7726fe0
RBP: 00007f27d7727020 R08: 00007f27d7727020 R09: 0000000020000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000000
R13: 0000000020000100 R14: 00007f27d7726fe0 R15: 0000000020012f00
</TASK>
Modules linked in:
---[ end trace 49eeb0a751e5b36a ]---
RIP: 0010:__fscrypt_inode_uses_inline_crypto fs/crypto/inline_crypt.c:233 [inline]
RIP: 0010:fscrypt_inode_uses_inline_crypto include/linux/fscrypt.h:798 [inline]
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
Code: c4 c8 02 00 00 4d 89 e6 49 c1 ee 03 43 80 3c 2e 00 74 08 4c 89 e7 e8 f8 8b db ff 49 8b 1c 24 48 83 c3 11 48 89 d8 48 c1 e8 03 <42> 8a 04 28 84 c0 0f 85 53 01 00 00 0f b6 1b 31 ff 89 de e8 11 3d
RIP: 0010:fscrypt_limit_io_blocks+0xc7/0x2a0 fs/crypto/inline_crypt.c:477
RSP: 0018:ffffc9000051f260 EFLAGS: 00010202
RAX: 0000000000000002 RBX: 0000000000000011 RCX: 0000000000000000
RDX: ffff88810bf462c0 RSI: 0000000000008000 RDI: 0000000000008000
RBP: ffffc9000051f290 R08: ffffffff81d852cf R09: ffffed10212f1e05
R10: ffffed10212f1e05 R11: 1ffff110212f1e04 R12: ffff88810978f328
R13: dffffc0000000000 R14: 1ffff110212f1e65 R15: 0000000000000001
FS: 00007f27d7727700(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055a12f0c5300 CR3: 0000000120b08000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: c8 02 00 00 enterq $0x2,$0x0
4: 4d 89 e6 mov %r12,%r14
7: 49 c1 ee 03 shr $0x3,%r14
b: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
10: 74 08 je 0x1a
12: 4c 89 e7 mov %r12,%rdi
15: e8 f8 8b db ff callq 0xffdb8c12
0: c8 02 00 00 enterq $0x2,$0x0
4: 4d 89 e6 mov %r12,%r14
7: 49 c1 ee 03 shr $0x3,%r14
b: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1)
10: 74 08 je 0x1a
12: 4c 89 e7 mov %r12,%rdi
1a: 49 8b 1c 24 mov (%r12),%rbx
1e: 48 83 c3 11 add $0x11,%rbx
22: 48 89 d8 mov %rbx,%rax
25: 48 c1 e8 03 shr $0x3,%rax
* 29: 42 8a 04 28 mov (%rax,%r13,1),%al <-- trapping instruction
2d: 84 c0 test %al,%al
2f: 0f 85 53 01 00 00 jne 0x188
35: 0f b6 1b movzbl (%rbx),%ebx
38: 31 ff xor %edi,%edi
3a: 89 de mov %ebx,%esi
3c: e8 .byte 0xe8
3d: 11 .byte 0x11
1e: 48 83 c3 11 add $0x11,%rbx
22: 48 89 d8 mov %rbx,%rax
25: 48 c1 e8 03 shr $0x3,%rax
* 29: 42 8a 04 28 mov (%rax,%r13,1),%al <-- trapping instruction
2d: 84 c0 test %al,%al
2f: 0f 85 53 01 00 00 jne 0x188
35: 0f b6 1b movzbl (%rbx),%ebx
38: 31 ff xor %edi,%edi
3a: 89 de mov %ebx,%esi
3c: e8 .byte 0xe8
3e: 3d .byte 0x3d
Tested on:
commit: 7048384c Revert "net: macb: Specify PHY PM management ..
git tree: android13-5.15-lts
console output: https://syzkaller.appspot.com/x/log.txt?x=125b0ecd880000
kernel config: https://syzkaller.appspot.com/x/.config?x=127798ba4fe52ecb
dashboard link: https://syzkaller.appspot.com/bug?extid=ba9dac45bc76c490b7c3
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
syzbot
Dec 13, 2022, 12:40:40 PM12/13/22
to jun...@linaro.org, jun...@linaro.org, syzkaller-a...@googlegroups.com
I see the command, but I cannot identify the bug that was meant.
Several bugs with the exact same title were earlier sent to the mailing list.
Please resend the email to syzbo...@syzkaller.appspotmail.com address
that is the sender of the original bug report (also present in the Reported-by tag).
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-android-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-android...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-android-bugs/24c52240-7555-4b6e-8b62-02e06f6a5cfdn%40googlegroups.com.
Several bugs with the exact same title were earlier sent to the mailing list.
Please resend the email to syzbo...@syzkaller.appspotmail.com address
that is the sender of the original bug report (also present in the Reported-by tag).
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-android-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-android...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-android-bugs/24c52240-7555-4b6e-8b62-02e06f6a5cfdn%40googlegroups.com.
syzbot
Apr 18, 2023, 4:19:41 AM4/18/23
to jone...@google.com, syzkaller-a...@googlegroups.com, tudor....@linaro.org
This bug is marked as fixed by commit:
ext4: don't allow journal inode to have encrypt flag
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Android 5.10
Dashboard link: https://syzkaller.appspot.com/bug?extid=ce0fb3a44af82b598be7
---
[1] I expect the commit to be present in:
1. android12-5.10-lts branch of
https://android.googlesource.com/kernel/common
ext4: don't allow journal inode to have encrypt flag
But I can't find it in the tested trees[1] for more than 90 days.
Is it a correct commit? Please update it by replying:
#syz fix: exact-commit-title
Until then the bug is still considered open and new crashes with
the same signature are ignored.
Kernel: Android 5.10
Dashboard link: https://syzkaller.appspot.com/bug?extid=ce0fb3a44af82b598be7
---
[1] I expect the commit to be present in:
1. android12-5.10-lts branch of
https://android.googlesource.com/kernel/common
Tudor Ambarus
Apr 18, 2023, 6:33:53 AM4/18/23
to syzbot, jone...@google.com, syzkaller-a...@googlegroups.com, Aleksandr Nogikh
Aleksandr,
Would you please check why we get these false reports? The patch is
already integrated in the mentioned branch, see below.
aosp/android12-5.10-lts:
a41d63f204716 ext4: don't allow journal inode to have encrypt flag
Thanks,
ta
Would you please check why we get these false reports? The patch is
already integrated in the mentioned branch, see below.
a41d63f204716 ext4: don't allow journal inode to have encrypt flag
Thanks,
ta
syzbot
May 2, 2023, 6:34:44 AM5/2/23
to jone...@google.com, nog...@google.com, syzkaller-a...@googlegroups.com, tudor....@linaro.org
Aleksandr Nogikh
May 2, 2023, 6:43:45 AM5/2/23
to syzbot, jone...@google.com, syzkaller-a...@googlegroups.com, tudor....@linaro.org
FTR syzbot is still unable to compile a new ci2-android-5-10 image, so
syzbot keeps on reminding us about fixing commits not being present.
syzbot keeps on reminding us about fixing commits not being present.
Tudor Ambarus
May 2, 2023, 7:44:13 AM5/2/23
to Aleksandr Nogikh, syzbot, jone...@google.com, syzkaller-a...@googlegroups.com
On 5/2/23 11:43, Aleksandr Nogikh wrote:
> FTR syzbot is still unable to compile a new ci2-android-5-10 image, so
> syzbot keeps on reminding us about fixing commits not being present.
Reply all
Reply to author
Forward
0 new messages