[syzbot] [ntfs3?] UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
71 views
Skip to first unread message
syzbot
Jul 9, 2023, 8:32:52 AM7/9/23
to almaz.ale...@paragon-software.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, ll...@lists.linux.dev, nat...@kernel.org, ndesau...@google.com, nt...@lists.linux.dev, syzkall...@googlegroups.com, tr...@redhat.com
Hello,
syzbot found the following issue on:
HEAD commit: e40939bbfc68 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15866358a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c84f463eb74eab24
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101c2da4a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/257596b75aaf/disk-e40939bb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9c75b8d61081/vmlinux-e40939bb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8f0233129f4f/Image-e40939bb.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5b0c90b3f3a1/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e29514...@syzkaller.appspotmail.com
ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
================================================================================
UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:126:2
index 255 is out of range for type 'struct folio *[15]'
CPU: 1 PID: 8246 Comm: syz-executor.0 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
dump_stack+0x1c/0x28 lib/dump_stack.c:113
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:348
folio_batch_add include/linux/pagevec.h:126 [inline]
find_lock_entries+0x8fc/0xd84 mm/filemap.c:2127
truncate_inode_pages_range+0x1b0/0xf74 mm/truncate.c:364
truncate_inode_pages mm/truncate.c:449 [inline]
truncate_inode_pages_final+0x90/0xc0 mm/truncate.c:484
ntfs_evict_inode+0x20/0x48 fs/ntfs3/inode.c:1791
evict+0x260/0x68c fs/inode.c:665
iput_final fs/inode.c:1747 [inline]
iput+0x734/0x818 fs/inode.c:1773
ntfs_fill_super+0x327c/0x3990 fs/ntfs3/super.c:1267
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1455
vfs_get_tree+0x90/0x274 fs/super.c:1510
do_new_mount+0x25c/0x8c4 fs/namespace.c:3039
path_mount+0x590/0xe04 fs/namespace.c:3369
do_mount fs/namespace.c:3382 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x244 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:191
el0_svc+0x4c/0x160 arch/arm64/kernel/entry-common.c:647
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:665
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
================================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: e40939bbfc68 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15866358a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c84f463eb74eab24
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=101c2da4a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/257596b75aaf/disk-e40939bb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9c75b8d61081/vmlinux-e40939bb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8f0233129f4f/Image-e40939bb.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/5b0c90b3f3a1/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e29514...@syzkaller.appspotmail.com
ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
================================================================================
UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:126:2
index 255 is out of range for type 'struct folio *[15]'
CPU: 1 PID: 8246 Comm: syz-executor.0 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
Call trace:
dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
dump_stack+0x1c/0x28 lib/dump_stack.c:113
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:348
folio_batch_add include/linux/pagevec.h:126 [inline]
find_lock_entries+0x8fc/0xd84 mm/filemap.c:2127
truncate_inode_pages_range+0x1b0/0xf74 mm/truncate.c:364
truncate_inode_pages mm/truncate.c:449 [inline]
truncate_inode_pages_final+0x90/0xc0 mm/truncate.c:484
ntfs_evict_inode+0x20/0x48 fs/ntfs3/inode.c:1791
evict+0x260/0x68c fs/inode.c:665
iput_final fs/inode.c:1747 [inline]
iput+0x734/0x818 fs/inode.c:1773
ntfs_fill_super+0x327c/0x3990 fs/ntfs3/super.c:1267
get_tree_bdev+0x360/0x54c fs/super.c:1303
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1455
vfs_get_tree+0x90/0x274 fs/super.c:1510
do_new_mount+0x25c/0x8c4 fs/namespace.c:3039
path_mount+0x590/0xe04 fs/namespace.c:3369
do_mount fs/namespace.c:3382 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/namespace.c:3568 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3568
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x244 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x198 arch/arm64/kernel/syscall.c:191
el0_svc+0x4c/0x160 arch/arm64/kernel/entry-common.c:647
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:665
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
================================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to change bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 23, 2023, 9:14:41 AM8/23/23
to almaz.ale...@paragon-software.com, linux-...@vger.kernel.org, linux-...@vger.kernel.org, ll...@lists.linux.dev, nat...@kernel.org, ndesau...@google.com, nt...@lists.linux.dev, syzkall...@googlegroups.com, tr...@redhat.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 35e2132122ba Merge branch 'for-next/core' into for-kernelci
kernel config: https://syzkaller.appspot.com/x/.config?x=4f6a8d3c0bd07f11
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a2eeb0680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12224553a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6808a9c4c8df/disk-35e21321.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/85a6cfc7b474/vmlinux-35e21321.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a3958fe16b1c/Image-35e21321.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/b81535b17c61/mount_1.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e29514...@syzkaller.appspotmail.com
================================================================================
UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:74:2
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
find_lock_entries+0x8fc/0xd84 mm/filemap.c:2089
evict+0x260/0x68c fs/inode.c:664
iput_final fs/inode.c:1788 [inline]
iput+0x734/0x818 fs/inode.c:1814
ntfs_fill_super+0x3648/0x3f90 fs/ntfs3/super.c:1420
get_tree_bdev+0x378/0x570 fs/super.c:1318
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1647
vfs_get_tree+0x90/0x274 fs/super.c:1519
do_new_mount+0x25c/0x8c8 fs/namespace.c:3335
path_mount+0x590/0xe04 fs/namespace.c:3662
do_mount fs/namespace.c:3675 [inline]
__do_sys_mount fs/namespace.c:3884 [inline]
__se_sys_mount fs/namespace.c:3861 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3861
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
el0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
HEAD commit: 35e2132122ba Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=16924717a80000
kernel config: https://syzkaller.appspot.com/x/.config?x=4f6a8d3c0bd07f11
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16a2eeb0680000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12224553a80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6808a9c4c8df/disk-35e21321.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/85a6cfc7b474/vmlinux-35e21321.xz
kernel image: https://storage.googleapis.com/syzbot-assets/a3958fe16b1c/Image-35e21321.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/b81535b17c61/mount_1.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e29514...@syzkaller.appspotmail.com
UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:74:2
index 255 is out of range for type 'struct folio *[15]'
CPU: 1 PID: 12841 Comm: syz-executor402 Not tainted 6.5.0-rc7-syzkaller-g35e2132122ba #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Call trace:
dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
dump_stack+0x1c/0x28 lib/dump_stack.c:113
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:348
folio_batch_add include/linux/pagevec.h:74 [inline]
dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:233
show_stack+0x2c/0x44 arch/arm64/kernel/stacktrace.c:240
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106
dump_stack+0x1c/0x28 lib/dump_stack.c:113
ubsan_epilogue lib/ubsan.c:217 [inline]
__ubsan_handle_out_of_bounds+0xfc/0x148 lib/ubsan.c:348
find_lock_entries+0x8fc/0xd84 mm/filemap.c:2089
truncate_inode_pages_range+0x1b0/0xf74 mm/truncate.c:364
truncate_inode_pages mm/truncate.c:449 [inline]
truncate_inode_pages_final+0x90/0xc0 mm/truncate.c:484
ntfs_evict_inode+0x20/0x48 fs/ntfs3/inode.c:1790
truncate_inode_pages mm/truncate.c:449 [inline]
truncate_inode_pages_final+0x90/0xc0 mm/truncate.c:484
evict+0x260/0x68c fs/inode.c:664
iput_final fs/inode.c:1788 [inline]
iput+0x734/0x818 fs/inode.c:1814
ntfs_fill_super+0x3648/0x3f90 fs/ntfs3/super.c:1420
get_tree_bdev+0x378/0x570 fs/super.c:1318
ntfs_fs_get_tree+0x28/0x38 fs/ntfs3/super.c:1647
vfs_get_tree+0x90/0x274 fs/super.c:1519
do_new_mount+0x25c/0x8c8 fs/namespace.c:3335
path_mount+0x590/0xe04 fs/namespace.c:3662
do_mount fs/namespace.c:3675 [inline]
__do_sys_mount fs/namespace.c:3884 [inline]
__se_sys_mount fs/namespace.c:3861 [inline]
__arm64_sys_mount+0x45c/0x594 fs/namespace.c:3861
__invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51
el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136
do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155
el0_svc+0x58/0x16c arch/arm64/kernel/entry-common.c:678
el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696
el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:591
================================================================================
---
================================================================================
---
Rajeshwar Shinde
Aug 23, 2023, 2:44:58 PM8/23/23
to syzbot+e29514...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
Rajeshwar Shinde
Aug 23, 2023, 4:10:09 PM8/23/23
to syzbot+e29514...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test: git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
syzbot
Aug 23, 2023, 4:10:10 PM8/23/23
to cool...@gmail.com, cool...@gmail.com, syzkall...@googlegroups.com
> #syz test: git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
"git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git" does not look like a valid git repo address.
> for-kernelci
"git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git" does not look like a valid git repo address.
> for-kernelci
syzbot
Aug 23, 2023, 4:14:52 PM8/23/23
to cool...@gmail.com, cool...@gmail.com, syzkall...@googlegroups.com
> #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git
"<http://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git>" does not look like a valid git branch or commit.
> <http://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git>
> for-kernelci
"<http://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git>" does not look like a valid git branch or commit.
> <http://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git>
> for-kernelci
Rajeshwar Shinde
Aug 23, 2023, 4:25:30 PM8/23/23
to syzbot+e29514...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
syzbot
Aug 23, 2023, 5:55:29 PM8/23/23
to cool...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
geTLB: 0 KiB vmemmap can be freed for a 64.0 KiB page
[ 0.445921][ T13] Callback from call_rcu_tasks() invoked.
[ 0.446125][ T1] raid6: neonx8 gen() 4368 MB/s
[ 0.616180][ T1] raid6: neonx4 gen() 4106 MB/s
[ 0.786545][ T1] raid6: neonx2 gen() 3719 MB/s
[ 0.956701][ T1] raid6: neonx1 gen() 2574 MB/s
[ 1.127281][ T1] raid6: int64x8 gen() 2839 MB/s
[ 1.297202][ T1] raid6: int64x4 gen() 2700 MB/s
[ 1.467555][ T1] raid6: int64x2 gen() 2091 MB/s
[ 1.637796][ T1] raid6: int64x1 gen() 1446 MB/s
[ 1.637816][ T1] raid6: using algorithm neonx8 gen() 4368 MB/s
[ 1.808040][ T1] raid6: .... xor() 2528 MB/s, rmw enabled
[ 1.808060][ T1] raid6: using neon recovery algorithm
[ 1.809922][ T1] ACPI: Added _OSI(Module Device)
[ 1.809936][ T1] ACPI: Added _OSI(Processor Device)
[ 1.809948][ T1] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 1.809959][ T1] ACPI: Added _OSI(Processor Aggregator Device)
[ 1.823025][ T1] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 1.836261][ T1] ACPI: Interpreter enabled
[ 1.836272][ T1] ACPI: Using GIC for interrupt routing
[ 1.836449][ T1] ACPI: MCFG table detected, 1 entries
[ 1.859852][ T1] ARMH0011:00: ttyAMA0 at MMIO 0x9000000 (irq = 12, base_baud = 0) is a SBSA
[ 1.859914][ T1] printk: console [ttyAMA0] enabled
[ 2.103274][ T1] ARMH0011:01: ttyAMA1 at MMIO 0x9001000 (irq = 13, base_baud = 0) is a SBSA
[ 2.109381][ T1] ARMH0011:02: ttyAMA2 at MMIO 0x9002000 (irq = 14, base_baud = 0) is a SBSA
[ 2.115246][ T1] ARMH0011:03: ttyAMA3 at MMIO 0x9003000 (irq = 15, base_baud = 0) is a SBSA
[ 2.122956][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-0f])
[ 2.124385][ T1] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
[ 2.127391][ T1] acpi PNP0A08:00: _OSC: platform does not support [LTR]
[ 2.131084][ T1] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME AER PCIeCapability]
[ 2.134681][ T1] acpi PNP0A08:00: ECAM area [mem 0x3f000000-0x3fffffff] reserved by PNP0C02:00
[ 2.139438][ T1] acpi PNP0A08:00: ECAM at [mem 0x3f000000-0x3fffffff] for [bus 00-0f]
[ 2.141271][ T1] ACPI: Remapped I/O 0x000000003eff0000 to [io 0x0000-0xffff window]
[ 2.144044][ T1] PCI host bridge to bus 0000:00
[ 2.144907][ T1] pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff window]
[ 2.146330][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0xffff window]
[ 2.147629][ T1] pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff window]
[ 2.149186][ T1] pci_bus 0000:00: root bus resource [bus 00-0f]
[ 2.151042][ T1] pci 0000:00:00.0: [1ae0:0042] type 00 class 0x020000
[ 2.154945][ T1] pci 0000:00:00.0: reg 0x10: [mem 0x10203000-0x10203fff]
[ 2.157270][ T1] pci 0000:00:00.0: reg 0x14: [mem 0x10202000-0x1020203f]
[ 2.159708][ T1] pci 0000:00:00.0: reg 0x18: [mem 0x10100000-0x101fffff]
[ 2.162189][ T1] pci 0000:00:01.0: [1af4:1005] type 00 class 0x00ff00
[ 2.167024][ T1] pci 0000:00:01.0: reg 0x10: [io 0x0000-0x001f]
[ 2.170434][ T1] pci 0000:00:01.0: reg 0x14: [mem 0x10201000-0x1020103f]
[ 2.179411][ T1] pci 0000:00:02.0: [1ae0:001f] type 00 class 0x010802
[ 2.187632][ T1] pci 0000:00:02.0: reg 0x10: [mem 0x10000000-0x10003fff 64bit]
[ 2.193518][ T1] pci 0000:00:02.0: reg 0x20: [mem 0x10200000-0x1020003f]
[ 2.198406][ T1] pci 0000:00:00.0: BAR 2: assigned [mem 0x10000000-0x100fffff]
[ 2.200323][ T1] pci 0000:00:02.0: BAR 0: assigned [mem 0x8000000000-0x8000003fff 64bit]
[ 2.204150][ T1] pci 0000:00:00.0: BAR 0: assigned [mem 0x10100000-0x10100fff]
[ 2.206039][ T1] pci 0000:00:00.0: BAR 1: assigned [mem 0x10101000-0x1010103f]
[ 2.207894][ T1] pci 0000:00:01.0: BAR 1: assigned [mem 0x10101040-0x1010107f]
[ 2.209842][ T1] pci 0000:00:02.0: BAR 4: assigned [mem 0x10101080-0x101010bf]
[ 2.211867][ T1] pci 0000:00:01.0: BAR 0: assigned [io 0x1000-0x101f]
[ 2.213825][ T1] pci_bus 0000:00: resource 4 [mem 0x10000000-0x3efeffff window]
[ 2.215145][ T1] pci_bus 0000:00: resource 5 [io 0x0000-0xffff window]
[ 2.216311][ T1] pci_bus 0000:00: resource 6 [mem 0x8000000000-0xffffffffff window]
[ 2.218468][ T1] ACPI: PCI: Interrupt link GSI0 configured for IRQ 35
[ 2.219839][ T1] ACPI: PCI: Interrupt link GSI1 configured for IRQ 36
[ 2.221195][ T1] ACPI: PCI: Interrupt link GSI2 configured for IRQ 37
[ 2.222552][ T1] ACPI: PCI: Interrupt link GSI3 configured for IRQ 38
[ 2.229749][ T1] iommu: Default domain type: Translated
[ 2.230818][ T1] iommu: DMA domain TLB invalidation policy: strict mode
[ 2.234013][ T1] SCSI subsystem initialized
[ 2.243147][ T1] ACPI: bus type USB registered
[ 2.244251][ T1] usbcore: registered new interface driver usbfs
[ 2.245479][ T1] usbcore: registered new interface driver hub
[ 2.246657][ T1] usbcore: registered new device driver usb
[ 2.249623][ T1] mc: Linux media interface: v0.10
[ 2.250714][ T1] videodev: Linux video capture interface: v2.00
[ 2.254037][ T1] pps_core: LinuxPPS API ver. 1 registered
[ 2.255052][ T1] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giom...@linux.it>
[ 2.256831][ T1] PTP clock support registered
[ 2.260568][ T1] EDAC MC: Ver: 3.0.0
[ 2.262977][ T1] scmi_core: SCMI protocol bus registered
[ 2.265133][ T1] efivars: Registered efivars operations
[ 2.268646][ T1] FPGA manager framework
[ 2.272372][ T1] Advanced Linux Sound Architecture Driver Initialized.
[ 2.283218][ T1] Bluetooth: Core ver 2.22
[ 2.285867][ T1] NET: Registered PF_BLUETOOTH protocol family
[ 2.286945][ T1] Bluetooth: HCI device and connection manager initialized
[ 2.288198][ T1] Bluetooth: HCI socket layer initialized
[ 2.289166][ T1] Bluetooth: L2CAP socket layer initialized
[ 2.290220][ T1] Bluetooth: SCO socket layer initialized
[ 2.291276][ T1] NET: Registered PF_ATMPVC protocol family
[ 2.292306][ T1] NET: Registered PF_ATMSVC protocol family
[ 2.295311][ T1] NetLabel: Initializing
[ 2.296025][ T1] NetLabel: domain hash size = 128
[ 2.296924][ T1] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
[ 2.298279][ T1] NetLabel: unlabeled traffic allowed by default
[ 2.300533][ T1] nfc: nfc_init: NFC Core ver 0.1
[ 2.303382][ T1] NET: Registered PF_NFC protocol family
[ 2.305019][ T1] vgaarb: loaded
[ 2.307537][ T1] clocksource: Switched to clocksource arch_sys_counter
[ 2.310421][ T1] VFS: Disk quotas dquot_6.6.0
[ 2.311550][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 2.313330][ T1] FS-Cache: Loaded
[ 2.314786][ T1] CacheFiles: Loaded
[ 2.315896][ T1] TOMOYO: 2.6.0
[ 2.316505][ T1] Mandatory Access Control activated.
[ 2.317901][ T1] pnp: PnP ACPI init
[ 2.319807][ T1] system 00:00: [mem 0x3f000000-0x3fffffff window] could not be reserved
[ 2.321825][ T1] pnp: PnP ACPI: found 1 devices
[ 2.349667][ T1] NET: Registered PF_INET protocol family
[ 2.351128][ T1] IP idents hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[ 2.358624][ T1] tcp_listen_portaddr_hash hash table entries: 4096 (order: 6, 294912 bytes, linear)
[ 2.360482][ T1] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ 2.362023][ T1] TCP established hash table entries: 65536 (order: 7, 524288 bytes, linear)
[ 2.369193][ T1] TCP bind hash table entries: 65536 (order: 11, 9437184 bytes, vmalloc)
[ 2.375513][ T1] TCP: Hash tables configured (established 65536 bind 65536)
[ 2.377769][ T1] MPTCP token hash table entries: 8192 (order: 7, 720896 bytes, linear)
[ 2.380068][ T1] UDP hash table entries: 4096 (order: 7, 655360 bytes, linear)
[ 2.382185][ T1] UDP-Lite hash table entries: 4096 (order: 7, 655360 bytes, linear)
[ 2.384311][ T1] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 2.386784][ T1] RPC: Registered named UNIX socket transport module.
[ 2.388041][ T1] RPC: Registered udp transport module.
[ 2.389011][ T1] RPC: Registered tcp transport module.
[ 2.389972][ T1] RPC: Registered tcp-with-tls transport module.
[ 2.391035][ T1] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 2.394157][ T1] NET: Registered PF_XDP protocol family
[ 2.395258][ T1] PCI: CLS 0 bytes, default 64
[ 2.397731][ T1] ACPI: bus type thunderbolt registered
[ 2.400382][ T57] Unable to handle kernel paging request at virtual address dfff800000000001
[ 2.401891][ T57] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 2.403292][ T57] Mem abort info:
[ 2.403888][ T57] ESR = 0x0000000096000005
[ 2.404676][ T57] EC = 0x25: DABT (current EL), IL = 32 bits
[ 2.405740][ T57] SET = 0, FnV = 0
[ 2.406422][ T57] EA = 0, S1PTW = 0
[ 2.407077][ T57] FSC = 0x05: level 1 translation fault
[ 2.407701][ T1] kvm [1]: HYP mode not available
[ 2.408124][ T57] Data abort info:
[ 2.409545][ T57] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 2.410414][ T58] Unable to handle kernel paging request at virtual address dfff800000000001
[ 2.410630][ T57] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 2.412106][ T58] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 2.413084][ T57] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 2.414515][ T58] Mem abort info:
[ 2.415516][ T57] [dfff800000000001] address between user and kernel address ranges
[ 2.416130][ T58] ESR = 0x0000000096000005
[ 2.417467][ T57] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 2.418249][ T58] EC = 0x25: DABT (current EL), IL = 32 bits
[ 2.419411][ T57] Modules linked in:
[ 2.420414][ T58] SET = 0, FnV = 0
[ 2.420424][ T58] EA = 0, S1PTW = 0
[ 2.421069][ T57] CPU: 0 PID: 57 Comm: kworker/u4:1 Not tainted 6.5.0-rc7-syzkaller-00063-g35e2132122ba-dirty #0
[ 2.421699][ T58] FSC = 0x05: level 1 translation fault
[ 2.422363][ T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 2.424122][ T58] Data abort info:
[ 2.425075][ T57] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 2.426777][ T58] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 2.427398][ T57] pc : folio_memcg+0x2c/0x174
[ 2.428728][ T58] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 2.429766][ T57] lr : folio_lruvec_lock_irqsave+0x28/0x268
[ 2.430541][ T58] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 2.431526][ T57] sp : ffff800095917910
[ 2.432511][ T58] [dfff800000000001] address between user and kernel address ranges
[ 2.433553][ T57] x29: ffff800095917910 x28: 0000000000000001 x27: dfff800000000000
[ 2.436954][ T57] x26: ffff700012b22f6c x25: 0000000000000000 x24: 1fffe0003683c938
[ 2.438334][ T57] x23: 0000000000000001 x22: dfff800000000000 x21: 1ffff00012b22f38
[ 2.439713][ T57] x20: 0000000000000008 x19: 0000000000000000 x18: ffff8000959177c0
[ 2.441149][ T57] x17: ffff800080a9bb38 x16: ffff80008a575470 x15: 0000000000000001
[ 2.442742][ T57] x14: 1ffff0001229f3a8 x13: dfff800000000000 x12: 0000000000000000
[ 2.444110][ T57] x11: 0000000000000001 x10: 0000000000000000 x9 : 0000000000000000
[ 2.445456][ T57] x8 : ffff0000c3ed0000 x7 : 0000000000000000 x6 : 0000000000000000
[ 2.446839][ T57] x5 : ffff800091553b50 x4 : 0000000000000002 x3 : ffff800080318494
[ 2.448239][ T57] x2 : 0000000000000001 x1 : ffff8000959179e0 x0 : 0000000000000000
[ 2.449642][ T57] Call trace:
[ 2.450209][ T57] folio_memcg+0x2c/0x174
[ 2.450943][ T57] folio_lruvec_lock_irqsave+0x28/0x268
[ 2.451910][ T57] folio_batch_move_lru+0x280/0x4cc
[ 2.452807][ T57] lru_add_drain_cpu+0xb8/0x4b0
[ 2.453651][ T57] lru_add_drain+0x8c/0x168
[ 2.454439][ T57] exit_mmap+0x1b0/0xb04
[ 2.455185][ T57] __mmput+0xec/0x390
[ 2.455880][ T57] mmput+0x70/0xac
[ 2.456520][ T57] free_bprm+0x128/0x324
[ 2.457260][ T57] kernel_execve+0x328/0x7f0
[ 2.458050][ T57] call_usermodehelper_exec_async+0x21c/0x370
[ 2.459119][ T57] ret_from_fork+0x10/0x20
[ 2.459891][ T57] Code: 91002014 f2fbfff6 d343fe97 aa0003f3 (38766ae8)
[ 2.461067][ T57] ---[ end trace 0000000000000000 ]---
[ 2.462033][ T57] Kernel panic - not syncing: Oops: Fatal exception
[ 2.463191][ T57] SMP: stopping secondary CPUs
[ 3.549009][ T57] SMP: failed to stop secondary CPUs 0-1
[ 3.550020][ T57] Kernel Offset: disabled
[ 3.550774][ T57] CPU features: 0x00000010,38010021,88017203
[ 3.551841][ T57] Memory Limit: none
[ 3.552511][ T57] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3088422762=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at b81ca3f66
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_arm64
aarch64-linux-gnu-gcc -o ./bin/linux_arm64/syz-executor executor/executor.cc \
-O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_arm64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=161a791fa80000
Tested on:
commit: 35e21321 Merge branch 'for-next/core' into for-kernelci
syzbot tried to test the proposed patch but the build/boot failed:
geTLB: 0 KiB vmemmap can be freed for a 64.0 KiB page
[ 0.445921][ T13] Callback from call_rcu_tasks() invoked.
[ 0.446125][ T1] raid6: neonx8 gen() 4368 MB/s
[ 0.616180][ T1] raid6: neonx4 gen() 4106 MB/s
[ 0.786545][ T1] raid6: neonx2 gen() 3719 MB/s
[ 0.956701][ T1] raid6: neonx1 gen() 2574 MB/s
[ 1.127281][ T1] raid6: int64x8 gen() 2839 MB/s
[ 1.297202][ T1] raid6: int64x4 gen() 2700 MB/s
[ 1.467555][ T1] raid6: int64x2 gen() 2091 MB/s
[ 1.637796][ T1] raid6: int64x1 gen() 1446 MB/s
[ 1.637816][ T1] raid6: using algorithm neonx8 gen() 4368 MB/s
[ 1.808040][ T1] raid6: .... xor() 2528 MB/s, rmw enabled
[ 1.808060][ T1] raid6: using neon recovery algorithm
[ 1.809922][ T1] ACPI: Added _OSI(Module Device)
[ 1.809936][ T1] ACPI: Added _OSI(Processor Device)
[ 1.809948][ T1] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 1.809959][ T1] ACPI: Added _OSI(Processor Aggregator Device)
[ 1.823025][ T1] ACPI: 2 ACPI AML tables successfully acquired and loaded
[ 1.836261][ T1] ACPI: Interpreter enabled
[ 1.836272][ T1] ACPI: Using GIC for interrupt routing
[ 1.836449][ T1] ACPI: MCFG table detected, 1 entries
[ 1.859852][ T1] ARMH0011:00: ttyAMA0 at MMIO 0x9000000 (irq = 12, base_baud = 0) is a SBSA
[ 1.859914][ T1] printk: console [ttyAMA0] enabled
[ 2.103274][ T1] ARMH0011:01: ttyAMA1 at MMIO 0x9001000 (irq = 13, base_baud = 0) is a SBSA
[ 2.109381][ T1] ARMH0011:02: ttyAMA2 at MMIO 0x9002000 (irq = 14, base_baud = 0) is a SBSA
[ 2.115246][ T1] ARMH0011:03: ttyAMA3 at MMIO 0x9003000 (irq = 15, base_baud = 0) is a SBSA
[ 2.122956][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-0f])
[ 2.124385][ T1] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI HPX-Type3]
[ 2.127391][ T1] acpi PNP0A08:00: _OSC: platform does not support [LTR]
[ 2.131084][ T1] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME AER PCIeCapability]
[ 2.134681][ T1] acpi PNP0A08:00: ECAM area [mem 0x3f000000-0x3fffffff] reserved by PNP0C02:00
[ 2.139438][ T1] acpi PNP0A08:00: ECAM at [mem 0x3f000000-0x3fffffff] for [bus 00-0f]
[ 2.141271][ T1] ACPI: Remapped I/O 0x000000003eff0000 to [io 0x0000-0xffff window]
[ 2.144044][ T1] PCI host bridge to bus 0000:00
[ 2.144907][ T1] pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff window]
[ 2.146330][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0xffff window]
[ 2.147629][ T1] pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff window]
[ 2.149186][ T1] pci_bus 0000:00: root bus resource [bus 00-0f]
[ 2.151042][ T1] pci 0000:00:00.0: [1ae0:0042] type 00 class 0x020000
[ 2.154945][ T1] pci 0000:00:00.0: reg 0x10: [mem 0x10203000-0x10203fff]
[ 2.157270][ T1] pci 0000:00:00.0: reg 0x14: [mem 0x10202000-0x1020203f]
[ 2.159708][ T1] pci 0000:00:00.0: reg 0x18: [mem 0x10100000-0x101fffff]
[ 2.162189][ T1] pci 0000:00:01.0: [1af4:1005] type 00 class 0x00ff00
[ 2.167024][ T1] pci 0000:00:01.0: reg 0x10: [io 0x0000-0x001f]
[ 2.170434][ T1] pci 0000:00:01.0: reg 0x14: [mem 0x10201000-0x1020103f]
[ 2.179411][ T1] pci 0000:00:02.0: [1ae0:001f] type 00 class 0x010802
[ 2.187632][ T1] pci 0000:00:02.0: reg 0x10: [mem 0x10000000-0x10003fff 64bit]
[ 2.193518][ T1] pci 0000:00:02.0: reg 0x20: [mem 0x10200000-0x1020003f]
[ 2.198406][ T1] pci 0000:00:00.0: BAR 2: assigned [mem 0x10000000-0x100fffff]
[ 2.200323][ T1] pci 0000:00:02.0: BAR 0: assigned [mem 0x8000000000-0x8000003fff 64bit]
[ 2.204150][ T1] pci 0000:00:00.0: BAR 0: assigned [mem 0x10100000-0x10100fff]
[ 2.206039][ T1] pci 0000:00:00.0: BAR 1: assigned [mem 0x10101000-0x1010103f]
[ 2.207894][ T1] pci 0000:00:01.0: BAR 1: assigned [mem 0x10101040-0x1010107f]
[ 2.209842][ T1] pci 0000:00:02.0: BAR 4: assigned [mem 0x10101080-0x101010bf]
[ 2.211867][ T1] pci 0000:00:01.0: BAR 0: assigned [io 0x1000-0x101f]
[ 2.213825][ T1] pci_bus 0000:00: resource 4 [mem 0x10000000-0x3efeffff window]
[ 2.215145][ T1] pci_bus 0000:00: resource 5 [io 0x0000-0xffff window]
[ 2.216311][ T1] pci_bus 0000:00: resource 6 [mem 0x8000000000-0xffffffffff window]
[ 2.218468][ T1] ACPI: PCI: Interrupt link GSI0 configured for IRQ 35
[ 2.219839][ T1] ACPI: PCI: Interrupt link GSI1 configured for IRQ 36
[ 2.221195][ T1] ACPI: PCI: Interrupt link GSI2 configured for IRQ 37
[ 2.222552][ T1] ACPI: PCI: Interrupt link GSI3 configured for IRQ 38
[ 2.229749][ T1] iommu: Default domain type: Translated
[ 2.230818][ T1] iommu: DMA domain TLB invalidation policy: strict mode
[ 2.234013][ T1] SCSI subsystem initialized
[ 2.243147][ T1] ACPI: bus type USB registered
[ 2.244251][ T1] usbcore: registered new interface driver usbfs
[ 2.245479][ T1] usbcore: registered new interface driver hub
[ 2.246657][ T1] usbcore: registered new device driver usb
[ 2.249623][ T1] mc: Linux media interface: v0.10
[ 2.250714][ T1] videodev: Linux video capture interface: v2.00
[ 2.254037][ T1] pps_core: LinuxPPS API ver. 1 registered
[ 2.255052][ T1] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giom...@linux.it>
[ 2.256831][ T1] PTP clock support registered
[ 2.260568][ T1] EDAC MC: Ver: 3.0.0
[ 2.262977][ T1] scmi_core: SCMI protocol bus registered
[ 2.265133][ T1] efivars: Registered efivars operations
[ 2.268646][ T1] FPGA manager framework
[ 2.272372][ T1] Advanced Linux Sound Architecture Driver Initialized.
[ 2.283218][ T1] Bluetooth: Core ver 2.22
[ 2.285867][ T1] NET: Registered PF_BLUETOOTH protocol family
[ 2.286945][ T1] Bluetooth: HCI device and connection manager initialized
[ 2.288198][ T1] Bluetooth: HCI socket layer initialized
[ 2.289166][ T1] Bluetooth: L2CAP socket layer initialized
[ 2.290220][ T1] Bluetooth: SCO socket layer initialized
[ 2.291276][ T1] NET: Registered PF_ATMPVC protocol family
[ 2.292306][ T1] NET: Registered PF_ATMSVC protocol family
[ 2.295311][ T1] NetLabel: Initializing
[ 2.296025][ T1] NetLabel: domain hash size = 128
[ 2.296924][ T1] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
[ 2.298279][ T1] NetLabel: unlabeled traffic allowed by default
[ 2.300533][ T1] nfc: nfc_init: NFC Core ver 0.1
[ 2.303382][ T1] NET: Registered PF_NFC protocol family
[ 2.305019][ T1] vgaarb: loaded
[ 2.307537][ T1] clocksource: Switched to clocksource arch_sys_counter
[ 2.310421][ T1] VFS: Disk quotas dquot_6.6.0
[ 2.311550][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 2.313330][ T1] FS-Cache: Loaded
[ 2.314786][ T1] CacheFiles: Loaded
[ 2.315896][ T1] TOMOYO: 2.6.0
[ 2.316505][ T1] Mandatory Access Control activated.
[ 2.317901][ T1] pnp: PnP ACPI init
[ 2.319807][ T1] system 00:00: [mem 0x3f000000-0x3fffffff window] could not be reserved
[ 2.321825][ T1] pnp: PnP ACPI: found 1 devices
[ 2.349667][ T1] NET: Registered PF_INET protocol family
[ 2.351128][ T1] IP idents hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[ 2.358624][ T1] tcp_listen_portaddr_hash hash table entries: 4096 (order: 6, 294912 bytes, linear)
[ 2.360482][ T1] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
[ 2.362023][ T1] TCP established hash table entries: 65536 (order: 7, 524288 bytes, linear)
[ 2.369193][ T1] TCP bind hash table entries: 65536 (order: 11, 9437184 bytes, vmalloc)
[ 2.375513][ T1] TCP: Hash tables configured (established 65536 bind 65536)
[ 2.377769][ T1] MPTCP token hash table entries: 8192 (order: 7, 720896 bytes, linear)
[ 2.380068][ T1] UDP hash table entries: 4096 (order: 7, 655360 bytes, linear)
[ 2.382185][ T1] UDP-Lite hash table entries: 4096 (order: 7, 655360 bytes, linear)
[ 2.384311][ T1] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 2.386784][ T1] RPC: Registered named UNIX socket transport module.
[ 2.388041][ T1] RPC: Registered udp transport module.
[ 2.389011][ T1] RPC: Registered tcp transport module.
[ 2.389972][ T1] RPC: Registered tcp-with-tls transport module.
[ 2.391035][ T1] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 2.394157][ T1] NET: Registered PF_XDP protocol family
[ 2.395258][ T1] PCI: CLS 0 bytes, default 64
[ 2.397731][ T1] ACPI: bus type thunderbolt registered
[ 2.400382][ T57] Unable to handle kernel paging request at virtual address dfff800000000001
[ 2.401891][ T57] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 2.403292][ T57] Mem abort info:
[ 2.403888][ T57] ESR = 0x0000000096000005
[ 2.404676][ T57] EC = 0x25: DABT (current EL), IL = 32 bits
[ 2.405740][ T57] SET = 0, FnV = 0
[ 2.406422][ T57] EA = 0, S1PTW = 0
[ 2.407077][ T57] FSC = 0x05: level 1 translation fault
[ 2.407701][ T1] kvm [1]: HYP mode not available
[ 2.408124][ T57] Data abort info:
[ 2.409545][ T57] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 2.410414][ T58] Unable to handle kernel paging request at virtual address dfff800000000001
[ 2.410630][ T57] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 2.412106][ T58] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
[ 2.413084][ T57] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 2.414515][ T58] Mem abort info:
[ 2.415516][ T57] [dfff800000000001] address between user and kernel address ranges
[ 2.416130][ T58] ESR = 0x0000000096000005
[ 2.417467][ T57] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[ 2.418249][ T58] EC = 0x25: DABT (current EL), IL = 32 bits
[ 2.419411][ T57] Modules linked in:
[ 2.420414][ T58] SET = 0, FnV = 0
[ 2.420424][ T58] EA = 0, S1PTW = 0
[ 2.421069][ T57] CPU: 0 PID: 57 Comm: kworker/u4:1 Not tainted 6.5.0-rc7-syzkaller-00063-g35e2132122ba-dirty #0
[ 2.421699][ T58] FSC = 0x05: level 1 translation fault
[ 2.422363][ T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 2.424122][ T58] Data abort info:
[ 2.425075][ T57] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 2.426777][ T58] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 2.427398][ T57] pc : folio_memcg+0x2c/0x174
[ 2.428728][ T58] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 2.429766][ T57] lr : folio_lruvec_lock_irqsave+0x28/0x268
[ 2.430541][ T58] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 2.431526][ T57] sp : ffff800095917910
[ 2.432511][ T58] [dfff800000000001] address between user and kernel address ranges
[ 2.433553][ T57] x29: ffff800095917910 x28: 0000000000000001 x27: dfff800000000000
[ 2.436954][ T57] x26: ffff700012b22f6c x25: 0000000000000000 x24: 1fffe0003683c938
[ 2.438334][ T57] x23: 0000000000000001 x22: dfff800000000000 x21: 1ffff00012b22f38
[ 2.439713][ T57] x20: 0000000000000008 x19: 0000000000000000 x18: ffff8000959177c0
[ 2.441149][ T57] x17: ffff800080a9bb38 x16: ffff80008a575470 x15: 0000000000000001
[ 2.442742][ T57] x14: 1ffff0001229f3a8 x13: dfff800000000000 x12: 0000000000000000
[ 2.444110][ T57] x11: 0000000000000001 x10: 0000000000000000 x9 : 0000000000000000
[ 2.445456][ T57] x8 : ffff0000c3ed0000 x7 : 0000000000000000 x6 : 0000000000000000
[ 2.446839][ T57] x5 : ffff800091553b50 x4 : 0000000000000002 x3 : ffff800080318494
[ 2.448239][ T57] x2 : 0000000000000001 x1 : ffff8000959179e0 x0 : 0000000000000000
[ 2.449642][ T57] Call trace:
[ 2.450209][ T57] folio_memcg+0x2c/0x174
[ 2.450943][ T57] folio_lruvec_lock_irqsave+0x28/0x268
[ 2.451910][ T57] folio_batch_move_lru+0x280/0x4cc
[ 2.452807][ T57] lru_add_drain_cpu+0xb8/0x4b0
[ 2.453651][ T57] lru_add_drain+0x8c/0x168
[ 2.454439][ T57] exit_mmap+0x1b0/0xb04
[ 2.455185][ T57] __mmput+0xec/0x390
[ 2.455880][ T57] mmput+0x70/0xac
[ 2.456520][ T57] free_bprm+0x128/0x324
[ 2.457260][ T57] kernel_execve+0x328/0x7f0
[ 2.458050][ T57] call_usermodehelper_exec_async+0x21c/0x370
[ 2.459119][ T57] ret_from_fork+0x10/0x20
[ 2.459891][ T57] Code: 91002014 f2fbfff6 d343fe97 aa0003f3 (38766ae8)
[ 2.461067][ T57] ---[ end trace 0000000000000000 ]---
[ 2.462033][ T57] Kernel panic - not syncing: Oops: Fatal exception
[ 2.463191][ T57] SMP: stopping secondary CPUs
[ 3.549009][ T57] SMP: failed to stop secondary CPUs 0-1
[ 3.550020][ T57] Kernel Offset: disabled
[ 3.550774][ T57] CPU features: 0x00000010,38010021,88017203
[ 3.551841][ T57] Memory Limit: none
[ 3.552511][ T57] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE="auto"
GOARCH="amd64"
GOBIN=""
GOCACHE="/syzkaller/.cache/go-build"
GOENV="/syzkaller/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/syzkaller/jobs-2/linux/gopath/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/syzkaller/jobs-2/linux/gopath"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.1"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build3088422762=/tmp/go-build -gno-record-gcc-switches"
git status (err=<nil>)
HEAD detached at b81ca3f66
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=arm64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e -X 'github.com/google/syzkaller/prog.gitRevisionDate=20230822-122036'" "-tags=syz_target syz_os_linux syz_arch_arm64 " -o ./bin/linux_arm64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_arm64
aarch64-linux-gnu-gcc -o ./bin/linux_arm64/syz-executor executor/executor.cc \
-O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_arm64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"b81ca3f66f8d2d8b397c3c1dc5f14e77c2936b1e\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=161a791fa80000
Tested on:
commit: 35e21321 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
kernel config: https://syzkaller.appspot.com/x/.config?x=4f6a8d3c0bd07f11
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
patch: https://syzkaller.appspot.com/x/patch.diff?x=13a2a15ba80000
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syzbot
Aug 23, 2023, 6:21:25 PM8/23/23
to cool...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
================================================================================
UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:74:2
index 255 is out of range for type 'struct folio *[15]'
CPU: 1 PID: 9560 Comm: syz-executor.4 Not tainted 6.5.0-rc7-syzkaller-00063-g35e2132122ba #0
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
UBSAN: array-index-out-of-bounds in truncate_inode_pages_final
================================================================================
UBSAN: array-index-out-of-bounds in ./include/linux/pagevec.h:74:2
index 255 is out of range for type 'struct folio *[15]'
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
Tested on:
commit: 35e21321 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
console output: https://syzkaller.appspot.com/x/log.txt?x=15be26eba80000
commit: 35e21321 Merge branch 'for-next/core' into for-kernelci
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
kernel config: https://syzkaller.appspot.com/x/.config?x=4f6a8d3c0bd07f11
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Note: no patches were applied.
dashboard link: https://syzkaller.appspot.com/bug?extid=e295147e14b474e4ad70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Reply all
Reply to author
Forward
0 new messages