[syzbot] [ocfs2?] KMSAN: uninit-value in _find_next_bit
11 views
Skip to first unread message
syzbot
Mar 21, 2025, 4:52:35 PM3/21/25
to jl...@evilplan.org, jose...@linux.alibaba.com, linux-...@vger.kernel.org, ma...@fasheh.com, ocfs2...@lists.linux.dev, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 76b6905c11fd Merge tag 'mm-hotfixes-stable-2025-03-17-20-0..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16e3c5e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10060a78580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137eb19b980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/65bb985940e1/disk-76b6905c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0f4133d60a27/vmlinux-76b6905c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0ca5769b6e70/bzImage-76b6905c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d3375a361225/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=108c9068580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7ea0b9...@syzkaller.appspotmail.com
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_recover_local_quota_file fs/ocfs2/quota_local.c:488 [inline]
ocfs2_finish_quota_recovery+0xc4f/0x3ea0 fs/ocfs2/quota_local.c:641
ocfs2_complete_recovery+0x229f/0x38a0 fs/ocfs2/journal.c:1357
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_recovery_load_quota+0x415/0x1150 fs/ocfs2/quota_local.c:360
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:753
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 3555 Comm: kworker/u8:11 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 76b6905c11fd Merge tag 'mm-hotfixes-stable-2025-03-17-20-0..
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16e3c5e4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10060a78580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=137eb19b980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/65bb985940e1/disk-76b6905c.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/0f4133d60a27/vmlinux-76b6905c.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0ca5769b6e70/bzImage-76b6905c.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d3375a361225/mount_0.gz
fsck result: OK (log: https://syzkaller.appspot.com/x/fsck.log?x=108c9068580000)
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7ea0b9...@syzkaller.appspotmail.com
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_recover_local_quota_file fs/ocfs2/quota_local.c:488 [inline]
ocfs2_finish_quota_recovery+0xc4f/0x3ea0 fs/ocfs2/quota_local.c:641
ocfs2_complete_recovery+0x229f/0x38a0 fs/ocfs2/journal.c:1357
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_recovery_load_quota+0x415/0x1150 fs/ocfs2/quota_local.c:360
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:753
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 3555 Comm: kworker/u8:11 Not tainted 6.14.0-rc7-syzkaller-00067-g76b6905c11fd #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Edward Adam Davis
Mar 21, 2025, 9:40:41 PM3/21/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..c1c52571b0ed 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -485,7 +485,7 @@ static int ocfs2_recover_local_quota_file(struct inode *lqinode,
break;
}
dchunk = (struct ocfs2_local_disk_chunk *)hbh->b_data;
- for_each_set_bit(bit, rchunk->rc_bitmap, ol_chunk_entries(sb)) {
+ for_each_set_bit(bit, rchunk->rc_bitmap, (ol_chunk_entries(sb) + 7) >> 3) {
qbh = NULL;
status = ocfs2_read_quota_block(lqinode,
ol_dqblk_block(sb, chunk, bit),
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..c1c52571b0ed 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -485,7 +485,7 @@ static int ocfs2_recover_local_quota_file(struct inode *lqinode,
break;
}
dchunk = (struct ocfs2_local_disk_chunk *)hbh->b_data;
- for_each_set_bit(bit, rchunk->rc_bitmap, ol_chunk_entries(sb)) {
+ for_each_set_bit(bit, rchunk->rc_bitmap, (ol_chunk_entries(sb) + 7) >> 3) {
qbh = NULL;
status = ocfs2_read_quota_block(lqinode,
ol_dqblk_block(sb, chunk, bit),
syzbot
Mar 22, 2025, 2:02:06 AM3/22/25
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+7ea0b9...@syzkaller.appspotmail.com
Tested-by: syzbot+7ea0b9...@syzkaller.appspotmail.com
Tested on:
commit: 88d324e6 Merge tag 'spi-fix-v6.14-rc7' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1316043f980000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-by: syzbot+7ea0b9...@syzkaller.appspotmail.com
Tested-by: syzbot+7ea0b9...@syzkaller.appspotmail.com
Tested on:
commit: 88d324e6 Merge tag 'spi-fix-v6.14-rc7' of git://git.ke..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1316043f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=12f2b3b0580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Note: testing is done by a robot and is best-effort only.
Edward Adam Davis
Mar 22, 2025, 4:42:15 AM3/22/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..03a66d75be8b 100644
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -307,6 +307,9 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
kfree(rc);
return -ENOMEM;
}
+ printk("ents: %u, sb: %p, chunk: %d, blksize: %lu, rcb: %p, inited size: %d, %s\n",
+ ol_chunk_entries(sb), sb, chunk, sb->s_blocksize, rc->rc_bitmap,
+ (ol_chunk_entries(sb) + 7) >> 3, __func__);
memcpy(rc->rc_bitmap, dchunk->dqc_bitmap,
(ol_chunk_entries(sb) + 7) >> 3);
list_add_tail(&rc->rc_list, head);
@@ -485,6 +488,8 @@ static int ocfs2_recover_local_quota_file(struct inode *lqinode,
break;
}
dchunk = (struct ocfs2_local_disk_chunk *)hbh->b_data;
+ printk("ents: %u, sb: %p, chunk: %d, blksize: %lu, rcb: %p, offset: %d, %s\n",
}
dchunk = (struct ocfs2_local_disk_chunk *)hbh->b_data;
+ ol_chunk_entries(sb), sb, chunk, sb->s_blocksize, rchunk->rc_bitmap, bit, __func__);
for_each_set_bit(bit, rchunk->rc_bitmap, ol_chunk_entries(sb)) {
syzbot
Mar 22, 2025, 5:05:05 AM3/22/25
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
ocfs2: Finishing quota recovery on device (7,0) for slot 0
ents: 3990, sb: ffff888042873800, chunk: 0, blksize: 512, rcb: ffff88804b966800, offset: -1, ocfs2_recover_local_quota_file
=====================================================
ocfs2_finish_quota_recovery+0xcc4/0x3fd0 fs/ocfs2/quota_local.c:646
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:758
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
ocfs2: Finishing quota recovery on device (7,0) for slot 0
ents: 3990, sb: ffff888042873800, chunk: 0, blksize: 512, rcb: ffff88804b966800, offset: -1, ocfs2_recover_local_quota_file
=====================================================
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_recover_local_quota_file fs/ocfs2/quota_local.c:493 [inline]
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_finish_quota_recovery+0xcc4/0x3fd0 fs/ocfs2/quota_local.c:646
ocfs2_complete_recovery+0x229f/0x38a0 fs/ocfs2/journal.c:1357
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_recovery_load_quota+0x415/0x1450 fs/ocfs2/quota_local.c:363
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:758
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 1 UID: 0 PID: 6462 Comm: kworker/u8:0 Not tainted 6.14.0-rc7-syzkaller-g88d324e69ea9-dirty #0
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
console output: https://syzkaller.appspot.com/x/log.txt?x=13b095e4580000
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=13d9043f980000
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Edward Adam Davis
Mar 22, 2025, 10:36:42 PM3/22/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..0543362d7d9f 100644
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -307,6 +307,11 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
kfree(rc);
return -ENOMEM;
}
+ printk("ents: %u, sb: %p, chunk: %d, blksize: %lu, rcb: %p, inited size: %d, %s\n",
+ ol_chunk_entries(sb), sb, chunk, sb->s_blocksize, rc->rc_bitmap,
+ (ol_chunk_entries(sb) + 7) >> 3, __func__);
+ ocfs2_test_bit_unaligned(ol_chunk_entries(sb), dchunk->dqc_bitmap);
return -ENOMEM;
}
+ printk("ents: %u, sb: %p, chunk: %d, blksize: %lu, rcb: %p, inited size: %d, %s\n",
+ ol_chunk_entries(sb), sb, chunk, sb->s_blocksize, rc->rc_bitmap,
+ (ol_chunk_entries(sb) + 7) >> 3, __func__);
+ printk("?warn here: %d, %s\n", ocfs2_test_bit_unaligned(ol_chunk_entries(sb), dchunk->dqc_bitmap), __func__);
syzbot
Mar 23, 2025, 5:52:03 AM3/23/25
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
ocfs2: Finishing quota recovery on device (7,0) for slot 0
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
ocfs2: Finishing quota recovery on device (7,0) for slot 0
=====================================================
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_recover_local_quota_file fs/ocfs2/quota_local.c:493 [inline]
ocfs2_finish_quota_recovery+0xc4f/0x3ea0 fs/ocfs2/quota_local.c:646
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_recover_local_quota_file fs/ocfs2/quota_local.c:493 [inline]
ocfs2_complete_recovery+0x229f/0x38a0 fs/ocfs2/journal.c:1357
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_recovery_load_quota+0x425/0x1760 fs/ocfs2/quota_local.c:365
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:758
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 3540 Comm: kworker/u8:14 Not tainted 6.14.0-rc7-syzkaller-g586de92313fc-dirty #0
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
Tested on:
commit: 586de923 Merge tag 'i2c-for-6.14-rc8' of git://git.ker..
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
Tested on:
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=11e47e98580000
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=101973b0580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Edward Adam Davis
Mar 23, 2025, 6:24:29 AM3/23/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..a6e8376045b5 100644
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -307,6 +307,12 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
kfree(rc);
return -ENOMEM;
}
+ printk("ents: %u, sb: %p, chunk: %d, blksize: %lu, rcb: %p, inited size: %d, %s\n",
+ ol_chunk_entries(sb), sb, chunk, sb->s_blocksize, rc->rc_bitmap,
+ (ol_chunk_entries(sb) + 7) >> 3, __func__);
+ int bit;
return -ENOMEM;
}
+ printk("ents: %u, sb: %p, chunk: %d, blksize: %lu, rcb: %p, inited size: %d, %s\n",
+ ol_chunk_entries(sb), sb, chunk, sb->s_blocksize, rc->rc_bitmap,
+ (ol_chunk_entries(sb) + 7) >> 3, __func__);
+ for_each_set_bit(bit, (void*)dchunk->dqc_bitmap, ol_chunk_entries(sb));
+ printk("dqc_bitmap inited all chunk entires. %s\n", __func__);
syzbot
Mar 23, 2025, 6:43:03 AM3/23/25
to ead...@qq.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
ocfs2: Finishing quota recovery on device (7,0) for slot 0
=====================================================
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_recover_local_quota_file fs/ocfs2/quota_local.c:494 [inline]
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
ocfs2: Finishing quota recovery on device (7,0) for slot 0
=====================================================
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_finish_quota_recovery+0xc4f/0x3ea0 fs/ocfs2/quota_local.c:647
ocfs2_complete_recovery+0x229f/0x38a0 fs/ocfs2/journal.c:1357
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_recovery_load_quota+0x40a/0x1650 fs/ocfs2/quota_local.c:366
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xc1a/0x1e80 kernel/workqueue.c:3319
worker_thread+0xea7/0x14f0 kernel/workqueue.c:3400
kthread+0x6b9/0xef0 kernel/kthread.c:464
ret_from_fork+0x6d/0x90 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:759
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 1 UID: 0 PID: 3002 Comm: kworker/u8:16 Not tainted 6.14.0-rc7-syzkaller-g586de92313fc-dirty #0
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
Tested on:
commit: 586de923 Merge tag 'i2c-for-6.14-rc8' of git://git.ker..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12c5443f980000
Workqueue: ocfs2_wq ocfs2_complete_recovery
=====================================================
Tested on:
commit: 586de923 Merge tag 'i2c-for-6.14-rc8' of git://git.ker..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=13def004580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Lizhi Xu
Mar 23, 2025, 9:01:46 PM3/23/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..cc8bb0650b8f 100644
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -309,6 +309,9 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
}
memcpy(rc->rc_bitmap, dchunk->dqc_bitmap,
(ol_chunk_entries(sb) + 7) >> 3);
+ printk("bitmap has been memcpy to rc, %s\n", __func__);
memcpy(rc->rc_bitmap, dchunk->dqc_bitmap,
(ol_chunk_entries(sb) + 7) >> 3);
+ for_each_set_bit(bit, rc->rc_bitmap, ol_chunk_entries(sb));
+ printk("bitmap has been inited, %s\n", __func__);
list_add_tail(&rc->rc_list, head);
return 0;
}
syzbot
Mar 23, 2025, 9:21:05 PM3/23/25
to linux-...@vger.kernel.org, lizh...@windriver.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
fs/ocfs2/quota_local.c:313:19: error: use of undeclared identifier 'bit'
Tested on:
commit: 586de923 Merge tag 'i2c-for-6.14-rc8' of git://git.ker..
git tree: upstream
syzbot tried to test the proposed patch but the build/boot failed:
fs/ocfs2/quota_local.c:313:19: error: use of undeclared identifier 'bit'
Tested on:
commit: 586de923 Merge tag 'i2c-for-6.14-rc8' of git://git.ker..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=15f7f3b0580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Lizhi Xu
Mar 23, 2025, 9:39:02 PM3/23/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..1969772729eb 100644
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -309,6 +309,8 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
}
memcpy(rc->rc_bitmap, dchunk->dqc_bitmap,
(ol_chunk_entries(sb) + 7) >> 3);
+ int bit;
memcpy(rc->rc_bitmap, dchunk->dqc_bitmap,
(ol_chunk_entries(sb) + 7) >> 3);
+ for_each_set_bit(bit, rc->rc_bitmap, ol_chunk_entries(sb));
syzbot
Mar 23, 2025, 10:23:07 PM3/23/25
to linux-...@vger.kernel.org, lizh...@windriver.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
(syz.0.16,6650,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in _find_next_bit
JBD2: Ignoring recovery information on journal
ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
=====================================================
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:313 [inline]
BUG: KMSAN: uninit-value in _find_next_bit+0x11c/0x130 lib/find_bit.c:145
_find_next_bit+0x11c/0x130 lib/find_bit.c:145
find_next_bit include/linux/find.h:69 [inline]
ocfs2_recovery_load_quota+0x68e/0x1350 fs/ocfs2/quota_local.c:362
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:755
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_recovery_load_quota+0x404/0x1350 fs/ocfs2/quota_local.c:362
slab_post_alloc_hook mm/slub.c:4121 [inline]
slab_alloc_node mm/slub.c:4164 [inline]
__do_kmalloc_node mm/slub.c:4293 [inline]
__kmalloc_noprof+0x923/0x1230 mm/slub.c:4306
kmalloc_noprof include/linux/slab.h:905 [inline]
ocfs2_add_recovery_chunk fs/ocfs2/quota_local.c:305 [inline]
ocfs2_local_read_info+0x139e/0x2c10 fs/ocfs2/quota_local.c:755
dquot_load_quota_sb+0xa35/0xdc0 fs/quota/dquot.c:2459
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 1 UID: 0 PID: 6650 Comm: syz.0.16 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc-dirty #0
dquot_load_quota_inode+0x662/0x9f0 fs/quota/dquot.c:2496
ocfs2_enable_quotas+0x1d4/0x6e0 fs/ocfs2/super.c:930
ocfs2_fill_super+0xa6b7/0xb550 fs/ocfs2/super.c:1140
get_tree_bdev_flags+0x6ec/0x910 fs/super.c:1636
get_tree_bdev+0x37/0x50 fs/super.c:1659
ocfs2_get_tree+0x34/0x40 fs/ocfs2/super.c:1184
vfs_get_tree+0xb1/0x5a0 fs/super.c:1814
do_new_mount+0x71f/0x15e0 fs/namespace.c:3560
path_mount+0x742/0x1f10 fs/namespace.c:3887
do_mount fs/namespace.c:3900 [inline]
__do_sys_mount fs/namespace.c:4111 [inline]
__se_sys_mount+0x71f/0x800 fs/namespace.c:4088
__x64_sys_mount+0xe4/0x150 fs/namespace.c:4088
x64_sys_call+0x39bf/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:166
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
=====================================================
Tested on:
commit: 586de923 Merge tag 'i2c-for-6.14-rc8' of git://git.ker..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=1d4644c4063c5098
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1613fe98580000
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syzbot
Mar 25, 2025, 9:59:07 PM3/25/25
to linux-...@vger.kernel.org, ocfs2...@lists.linux.dev, richar...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
us 0000:00: resource 4 [io 0x0000-0x0cf7 window]
[ 6.611729][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 6.614346][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.616924][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.624654][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.628537][ T1] PCI: CLS 0 bytes, default 64
[ 6.630437][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.632704][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.635938][ T1] ACPI: bus type thunderbolt registered
[ 6.765209][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.850100][ T1] kvm_amd: CPU 1 isn't AMD or Hygon
[ 6.851373][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6eddb419, max_idle_ns: 440795238405 ns
[ 6.857108][ T1] clocksource: Switched to clocksource tsc
[ 6.883495][ T65] kworker/u8:4 (65) used greatest stack depth: 11832 bytes left
[ 6.889522][ T66] kworker/u8:3 (66) used greatest stack depth: 10984 bytes left
[ 27.208530][ T1] Initialise system trusted keyrings
[ 27.218330][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 27.231513][ T1] DLM installed
[ 27.247670][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 27.271132][ T1] NFS: Registering the id_resolver key type
[ 27.277462][ T1] Key type id_resolver registered
[ 27.282686][ T1] Key type id_legacy registered
[ 27.288363][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 27.296225][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 27.333103][ T1] Key type cifs.spnego registered
[ 27.339373][ T1] Key type cifs.idmap registered
[ 27.352720][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 27.358946][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 27.366297][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 27.372753][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 27.379120][ T1] QNX4 filesystem 0.2.3 registered.
[ 27.384778][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 27.392301][ T1] fuse: init (API version 7.42)
[ 27.403332][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 27.412516][ T1] orangefs_init: module version upstream loaded
[ 27.420673][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 27.468138][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 27.496532][ T1] 9p: Installing v9fs 9p2000 file system support
[ 27.504768][ T1] NILFS version 2 loaded
[ 27.509106][ T1] befs: version: 0.9.3
[ 27.514617][ T1] ocfs2: Registered cluster interface o2cb
[ 27.521829][ T1] ocfs2: Registered cluster interface user
[ 27.531815][ T1] OCFS2 User DLM kernel interface loaded
[ 27.557799][ T1] gfs2: GFS2 installed
[ 27.602711][ T1] ceph: loaded (mds proto 32)
[ 31.788483][ T1] NET: Registered PF_ALG protocol family
[ 31.794660][ T1] xor: automatically using best checksumming function avx
[ 31.802658][ T1] async_tx: api initialized (async)
[ 31.808258][ T1] Key type asymmetric registered
[ 31.813372][ T1] Asymmetric key parser 'x509' registered
[ 31.819440][ T1] Asymmetric key parser 'pkcs8' registered
[ 31.825504][ T1] Key type pkcs7_test registered
[ 31.831461][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 31.842315][ T1] io scheduler mq-deadline registered
[ 31.848032][ T1] io scheduler kyber registered
[ 31.853733][ T1] io scheduler bfq registered
[ 31.872561][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 31.882251][ T127] kworker/u8:5 (127) used greatest stack depth: 10624 bytes left
[ 31.896988][ T1] ACPI: button: Power Button [PWRF]
[ 31.904914][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 31.915245][ T1] ACPI: button: Sleep Button [SLPF]
[ 31.950129][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 32.035057][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 32.040824][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 32.114546][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.120352][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 32.195707][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 32.201394][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 32.258757][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 33.408986][ T1] N_HDLC line discipline registered with maxframe=4096
[ 33.416297][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 33.429926][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 33.462358][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 33.491731][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 33.524186][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 33.577101][ T1] Non-volatile memory driver v1.3
[ 33.587337][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 33.594496][ T1] #PF: supervisor read access in kernel mode
[ 33.594496][ T1] #PF: error_code(0x0000) - not-present page
[ 33.594496][ T1] PGD 0 P4D 0
[ 33.594496][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 33.594496][ T1] CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-01979-g61af143fbea4-dirty #0 PREEMPT(undef)
[ 33.624396][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 33.634086][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 33.644292][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 b4 b2 ad fb 8b 18 44 8b 3a 41
[ 33.664287][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 33.664287][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 33.674041][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 33.684352][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 33.694105][ T1] R10: ffff8880bba43020 R11: ffffffff86cfbc29 R12: 0000000000000000
[ 33.694105][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 33.704327][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 33.714083][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.724299][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 33.734034][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.734034][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.744273][ T1] Call Trace:
[ 33.754028][ T1] <TASK>
[ 33.754028][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 33.764298][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.764298][ T1] ? __die_body+0xce/0x1a0
[ 33.774026][ T1] ? __die+0x20f/0x270
[ 33.774026][ T1] ? page_fault_oops+0xe58/0xfb0
[ 33.774026][ T1] ? exc_page_fault+0x56c/0x700
[ 33.784287][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 33.794040][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.794040][ T1] ? msix_capability_init+0x95c/0x18c0
[ 33.804364][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 33.804364][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.814074][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 33.814074][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 33.824317][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 33.834083][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.834083][ T1] vp_find_vqs+0x6c/0xa80
[ 33.844490][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.844490][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 33.854046][ T1] probe_common+0x3b4/0x970
[ 33.854046][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 33.864284][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.864284][ T1] virtrng_probe+0x2d/0x40
[ 33.874036][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 33.874036][ T1] virtio_dev_probe+0x1640/0x19a0
[ 33.884351][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 33.884351][ T1] really_probe+0x4dc/0xd90
[ 33.894100][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.894100][ T1] __driver_probe_device+0x2ab/0x5d0
[ 33.904311][ T1] driver_probe_device+0x72/0x890
[ 33.914058][ T1] __driver_attach+0x7ea/0xb50
[ 33.914058][ T1] bus_for_each_dev+0x350/0x540
[ 33.914058][ T1] ? __pfx___driver_attach+0x10/0x10
[ 33.924300][ T1] driver_attach+0x51/0x70
[ 33.934048][ T1] bus_add_driver+0x74c/0xdb0
[ 33.934048][ T1] driver_register+0x3fb/0x660
[ 33.934048][ T1] __register_virtio_driver+0xf1/0x120
[ 33.944314][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.954051][ T1] virtio_rng_driver_init+0x2e/0x40
[ 33.954051][ T1] do_one_initcall+0x228/0xbf0
[ 33.964344][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.964344][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.974071][ T1] ? irqentry_enter+0x37/0x60
[ 33.980235][ T1] ? sysvec_apic_timer_interrupt+0x52/0x90
[ 33.984318][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.994074][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.994074][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.004347][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.004347][ T1] ? parameq+0x43a/0x470
[ 34.014040][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.014040][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.024360][ T1] ? parse_args+0xfde/0x10a0
[ 34.024360][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.034052][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.034052][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.044310][ T1] do_initcall_level+0x140/0x350
[ 34.054046][ T1] do_initcalls+0x1a6/0x2f0
[ 34.054046][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 34.054046][ T1] do_basic_setup+0x22/0x30
[ 34.066107][ T1] kernel_init_freeable+0x306/0x4c0
[ 34.074047][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.074047][ T1] kernel_init+0x2f/0x800
[ 34.084307][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.084307][ T1] ret_from_fork+0x6d/0x90
[ 34.094354][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.094354][ T1] ret_from_fork_asm+0x1a/0x30
[ 34.104353][ T1] RIP: 1f0f:0x0
[ 34.104353][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 34.114061][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 34.124569][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.124569][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.134075][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.144315][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.154402][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 34.164295][ T1] </TASK>
[ 34.164295][ T1] Modules linked in:
[ 34.164295][ T1] CR2: 0000000000000000
[ 34.174038][ T1] ---[ end trace 0000000000000000 ]---
[ 34.174038][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.184305][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 b4 b2 ad fb 8b 18 44 8b 3a 41
[ 34.204268][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.214047][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.214047][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.224282][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.234034][ T1] R10: ffff8880bba43020 R11: ffffffff86cfbc29 R12: 0000000000000000
[ 34.244291][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.254082][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 34.264357][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.264357][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.274080][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.284395][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.294083][ T1] Kernel panic - not syncing: Fatal exception
[ 34.294083][ T1] Kernel Offset: disabled
[ 34.294083][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.6'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build647643234=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 22a6c2b175
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=22a6c2b1752ef57d8d612e233d35f6be8c3bf7df -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250318-101307'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"22a6c2b1752ef57d8d612e233d35f6be8c3bf7df\"
/usr/bin/ld: /tmp/ccvpz9QI.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1584024c580000
Tested on:
commit: 61af143f Merge tag 'Smack-for-6.15' of https://github...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=c96d28eebe225e12
syzbot tried to test the proposed patch but the build/boot failed:
us 0000:00: resource 4 [io 0x0000-0x0cf7 window]
[ 6.611729][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 6.614346][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.616924][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.624654][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.628537][ T1] PCI: CLS 0 bytes, default 64
[ 6.630437][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.632704][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.635938][ T1] ACPI: bus type thunderbolt registered
[ 6.765209][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.850100][ T1] kvm_amd: CPU 1 isn't AMD or Hygon
[ 6.851373][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6eddb419, max_idle_ns: 440795238405 ns
[ 6.857108][ T1] clocksource: Switched to clocksource tsc
[ 6.883495][ T65] kworker/u8:4 (65) used greatest stack depth: 11832 bytes left
[ 6.889522][ T66] kworker/u8:3 (66) used greatest stack depth: 10984 bytes left
[ 27.208530][ T1] Initialise system trusted keyrings
[ 27.218330][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 27.231513][ T1] DLM installed
[ 27.247670][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 27.271132][ T1] NFS: Registering the id_resolver key type
[ 27.277462][ T1] Key type id_resolver registered
[ 27.282686][ T1] Key type id_legacy registered
[ 27.288363][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 27.296225][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 27.333103][ T1] Key type cifs.spnego registered
[ 27.339373][ T1] Key type cifs.idmap registered
[ 27.352720][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 27.358946][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 27.366297][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 27.372753][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 27.379120][ T1] QNX4 filesystem 0.2.3 registered.
[ 27.384778][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 27.392301][ T1] fuse: init (API version 7.42)
[ 27.403332][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 27.412516][ T1] orangefs_init: module version upstream loaded
[ 27.420673][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 27.468138][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 27.496532][ T1] 9p: Installing v9fs 9p2000 file system support
[ 27.504768][ T1] NILFS version 2 loaded
[ 27.509106][ T1] befs: version: 0.9.3
[ 27.514617][ T1] ocfs2: Registered cluster interface o2cb
[ 27.521829][ T1] ocfs2: Registered cluster interface user
[ 27.531815][ T1] OCFS2 User DLM kernel interface loaded
[ 27.557799][ T1] gfs2: GFS2 installed
[ 27.602711][ T1] ceph: loaded (mds proto 32)
[ 31.788483][ T1] NET: Registered PF_ALG protocol family
[ 31.794660][ T1] xor: automatically using best checksumming function avx
[ 31.802658][ T1] async_tx: api initialized (async)
[ 31.808258][ T1] Key type asymmetric registered
[ 31.813372][ T1] Asymmetric key parser 'x509' registered
[ 31.819440][ T1] Asymmetric key parser 'pkcs8' registered
[ 31.825504][ T1] Key type pkcs7_test registered
[ 31.831461][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 31.842315][ T1] io scheduler mq-deadline registered
[ 31.848032][ T1] io scheduler kyber registered
[ 31.853733][ T1] io scheduler bfq registered
[ 31.872561][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 31.882251][ T127] kworker/u8:5 (127) used greatest stack depth: 10624 bytes left
[ 31.896988][ T1] ACPI: button: Power Button [PWRF]
[ 31.904914][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 31.915245][ T1] ACPI: button: Sleep Button [SLPF]
[ 31.950129][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 32.035057][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 32.040824][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 32.114546][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.120352][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 32.195707][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 32.201394][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 32.258757][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 33.408986][ T1] N_HDLC line discipline registered with maxframe=4096
[ 33.416297][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 33.429926][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 33.462358][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 33.491731][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 33.524186][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 33.577101][ T1] Non-volatile memory driver v1.3
[ 33.587337][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 33.594496][ T1] #PF: supervisor read access in kernel mode
[ 33.594496][ T1] #PF: error_code(0x0000) - not-present page
[ 33.594496][ T1] PGD 0 P4D 0
[ 33.594496][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 33.594496][ T1] CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-01979-g61af143fbea4-dirty #0 PREEMPT(undef)
[ 33.624396][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 33.634086][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 33.644292][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 b4 b2 ad fb 8b 18 44 8b 3a 41
[ 33.664287][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 33.664287][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 33.674041][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 33.684352][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 33.694105][ T1] R10: ffff8880bba43020 R11: ffffffff86cfbc29 R12: 0000000000000000
[ 33.694105][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 33.704327][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 33.714083][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 33.724299][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 33.734034][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 33.734034][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 33.744273][ T1] Call Trace:
[ 33.754028][ T1] <TASK>
[ 33.754028][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 33.764298][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.764298][ T1] ? __die_body+0xce/0x1a0
[ 33.774026][ T1] ? __die+0x20f/0x270
[ 33.774026][ T1] ? page_fault_oops+0xe58/0xfb0
[ 33.774026][ T1] ? exc_page_fault+0x56c/0x700
[ 33.784287][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 33.794040][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 33.794040][ T1] ? msix_capability_init+0x95c/0x18c0
[ 33.804364][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 33.804364][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.814074][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 33.814074][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 33.824317][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 33.834083][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.834083][ T1] vp_find_vqs+0x6c/0xa80
[ 33.844490][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.844490][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 33.854046][ T1] probe_common+0x3b4/0x970
[ 33.854046][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 33.864284][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.864284][ T1] virtrng_probe+0x2d/0x40
[ 33.874036][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 33.874036][ T1] virtio_dev_probe+0x1640/0x19a0
[ 33.884351][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 33.884351][ T1] really_probe+0x4dc/0xd90
[ 33.894100][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.894100][ T1] __driver_probe_device+0x2ab/0x5d0
[ 33.904311][ T1] driver_probe_device+0x72/0x890
[ 33.914058][ T1] __driver_attach+0x7ea/0xb50
[ 33.914058][ T1] bus_for_each_dev+0x350/0x540
[ 33.914058][ T1] ? __pfx___driver_attach+0x10/0x10
[ 33.924300][ T1] driver_attach+0x51/0x70
[ 33.934048][ T1] bus_add_driver+0x74c/0xdb0
[ 33.934048][ T1] driver_register+0x3fb/0x660
[ 33.934048][ T1] __register_virtio_driver+0xf1/0x120
[ 33.944314][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.954051][ T1] virtio_rng_driver_init+0x2e/0x40
[ 33.954051][ T1] do_one_initcall+0x228/0xbf0
[ 33.964344][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 33.964344][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 33.974071][ T1] ? irqentry_enter+0x37/0x60
[ 33.980235][ T1] ? sysvec_apic_timer_interrupt+0x52/0x90
[ 33.984318][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 33.994074][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 33.994074][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.004347][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.004347][ T1] ? parameq+0x43a/0x470
[ 34.014040][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.014040][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.024360][ T1] ? parse_args+0xfde/0x10a0
[ 34.024360][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.034052][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.034052][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.044310][ T1] do_initcall_level+0x140/0x350
[ 34.054046][ T1] do_initcalls+0x1a6/0x2f0
[ 34.054046][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 34.054046][ T1] do_basic_setup+0x22/0x30
[ 34.066107][ T1] kernel_init_freeable+0x306/0x4c0
[ 34.074047][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.074047][ T1] kernel_init+0x2f/0x800
[ 34.084307][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.084307][ T1] ret_from_fork+0x6d/0x90
[ 34.094354][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.094354][ T1] ret_from_fork_asm+0x1a/0x30
[ 34.104353][ T1] RIP: 1f0f:0x0
[ 34.104353][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 34.114061][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 34.124569][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.124569][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.134075][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.144315][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.154402][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 34.164295][ T1] </TASK>
[ 34.164295][ T1] Modules linked in:
[ 34.164295][ T1] CR2: 0000000000000000
[ 34.174038][ T1] ---[ end trace 0000000000000000 ]---
[ 34.174038][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.184305][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 b4 b2 ad fb 8b 18 44 8b 3a 41
[ 34.204268][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.214047][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.214047][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.224282][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.234034][ T1] R10: ffff8880bba43020 R11: ffffffff86cfbc29 R12: 0000000000000000
[ 34.244291][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.254082][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 34.264357][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.264357][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.274080][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.284395][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.294083][ T1] Kernel panic - not syncing: Fatal exception
[ 34.294083][ T1] Kernel Offset: disabled
[ 34.294083][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/syzkaller/jobs-2/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.6'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build647643234=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 22a6c2b175
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=22a6c2b1752ef57d8d612e233d35f6be8c3bf7df -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250318-101307'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"22a6c2b1752ef57d8d612e233d35f6be8c3bf7df\"
/usr/bin/ld: /tmp/ccvpz9QI.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1584024c580000
Tested on:
commit: 61af143f Merge tag 'Smack-for-6.15' of https://github...
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=c96d28eebe225e12
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1058024c580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syzbot
Mar 25, 2025, 10:43:05 PM3/25/25
to linux-...@vger.kernel.org, richar...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
d00-0xffff window]
syzbot tried to test the proposed patch but the build/boot failed:
[ 6.656788][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.658493][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.665366][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.668676][ T1] PCI: CLS 0 bytes, default 64
[ 6.670292][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.672676][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.675325][ T1] ACPI: bus type thunderbolt registered
[ 6.803712][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.838838][ T62] kworker/u8:3 (62) used greatest stack depth: 11960 bytes left
[ 6.921338][ T61] kworker/u8:3 (61) used greatest stack depth: 10624 bytes left
[ 6.950433][ T1] kvm_amd: CPU 0 isn't AMD or Hygon
[ 6.951845][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6ebe4598, max_idle_ns: 440795211488 ns
[ 7.032367][ T1] clocksource: Switched to clocksource tsc
[ 28.149270][ T1] Initialise system trusted keyrings
[ 28.159166][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 28.170925][ T1] DLM installed
[ 28.184821][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 28.206648][ T1] NFS: Registering the id_resolver key type
[ 28.213155][ T1] Key type id_resolver registered
[ 28.219287][ T1] Key type id_legacy registered
[ 28.224463][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 28.233124][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 28.270691][ T1] Key type cifs.spnego registered
[ 28.277562][ T1] Key type cifs.idmap registered
[ 28.290673][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 28.296967][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 28.303976][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 28.310453][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 28.317169][ T1] QNX4 filesystem 0.2.3 registered.
[ 28.322689][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 28.330316][ T1] fuse: init (API version 7.42)
[ 28.341243][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 28.350107][ T1] orangefs_init: module version upstream loaded
[ 28.358335][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 28.399230][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 28.425334][ T1] 9p: Installing v9fs 9p2000 file system support
[ 28.433158][ T1] NILFS version 2 loaded
[ 28.437605][ T1] befs: version: 0.9.3
[ 28.442821][ T1] ocfs2: Registered cluster interface o2cb
[ 28.450015][ T1] ocfs2: Registered cluster interface user
[ 28.457650][ T1] OCFS2 User DLM kernel interface loaded
[ 28.478095][ T1] gfs2: GFS2 installed
[ 28.520991][ T1] ceph: loaded (mds proto 32)
[ 32.625706][ T1] NET: Registered PF_ALG protocol family
[ 32.631717][ T1] xor: automatically using best checksumming function avx
[ 32.639844][ T1] async_tx: api initialized (async)
[ 32.645219][ T1] Key type asymmetric registered
[ 32.650713][ T1] Asymmetric key parser 'x509' registered
[ 32.656758][ T1] Asymmetric key parser 'pkcs8' registered
[ 32.663044][ T1] Key type pkcs7_test registered
[ 32.669091][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 32.679411][ T1] io scheduler mq-deadline registered
[ 32.685026][ T1] io scheduler kyber registered
[ 32.690920][ T1] io scheduler bfq registered
[ 32.709039][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 32.729404][ T1] ACPI: button: Power Button [PWRF]
[ 32.737352][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 32.748217][ T1] ACPI: button: Sleep Button [SLPF]
[ 32.774787][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 32.863966][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 32.871214][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 32.945814][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.951577][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 33.026375][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 33.032191][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 33.089460][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 34.226900][ T1] N_HDLC line discipline registered with maxframe=4096
[ 34.234889][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 34.249802][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 34.284139][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 34.313774][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 34.345912][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 34.395124][ T1] Non-volatile memory driver v1.3
[ 34.407451][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 34.415494][ T1] #PF: supervisor read access in kernel mode
[ 34.416986][ T1] #PF: error_code(0x0000) - not-present page
[ 34.416986][ T1] PGD 0 P4D 0
[ 34.416986][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 34.416986][ T1] CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-02023-gee6740fd34eb-dirty #0 PREEMPT(undef)
[ 34.416986][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 34.416986][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.416986][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 e4 a8 ad fb 8b 18 44 8b 3a 41
[ 34.416986][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.416986][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.416986][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.506029][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.506029][ T1] R10: ffff8880bba43020 R11: ffffffff86cfc5e9 R12: 0000000000000000
[ 34.506029][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.506029][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 34.506029][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.506029][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.556031][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.556031][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.556031][ T1] Call Trace:
[ 34.556031][ T1] <TASK>
[ 34.556031][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 34.556031][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 34.556031][ T1] ? __die_body+0xce/0x1a0
[ 34.556031][ T1] ? __die+0x20f/0x270
[ 34.556031][ T1] ? page_fault_oops+0xe58/0xfb0
[ 34.605985][ T1] ? exc_page_fault+0x56c/0x700
[ 34.605985][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 34.605985][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 34.605985][ T1] ? msix_capability_init+0x95c/0x18c0
[ 34.605985][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 34.605985][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.605985][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 34.605985][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 34.605985][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 34.656028][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 34.656028][ T1] vp_find_vqs+0x6c/0xa80
[ 34.656028][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.656028][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 34.656028][ T1] probe_common+0x3b4/0x970
[ 34.656028][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 34.656028][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.656028][ T1] virtrng_probe+0x2d/0x40
[ 34.656028][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 34.656028][ T1] virtio_dev_probe+0x1640/0x19a0
[ 34.706032][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 34.706032][ T1] really_probe+0x4dc/0xd90
[ 34.706032][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.706032][ T1] __driver_probe_device+0x2ab/0x5d0
[ 34.706032][ T1] driver_probe_device+0x72/0x890
[ 34.706032][ T1] __driver_attach+0x7ea/0xb50
[ 34.706032][ T1] bus_for_each_dev+0x350/0x540
[ 34.706032][ T1] ? __pfx___driver_attach+0x10/0x10
[ 34.706032][ T1] driver_attach+0x51/0x70
[ 34.755983][ T1] bus_add_driver+0x74c/0xdb0
[ 34.755983][ T1] driver_register+0x3fb/0x660
[ 34.755983][ T1] __register_virtio_driver+0xf1/0x120
[ 34.755983][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.755983][ T1] virtio_rng_driver_init+0x2e/0x40
[ 34.755983][ T1] do_one_initcall+0x228/0xbf0
[ 34.755983][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 34.755983][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.755983][ T1] ? advisor_target_scan_time_store+0x120/0x180
[ 34.805996][ T1] ? irqentry_enter+0x37/0x60
[ 34.805996][ T1] ? sysvec_apic_timer_interrupt+0x52/0x90
[ 34.805996][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.805996][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.805996][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.805996][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.805996][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.805996][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.805996][ T1] ? parameq+0x43a/0x470
[ 34.856033][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.856033][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.856033][ T1] ? parse_args+0xfde/0x10a0
[ 34.856033][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.856033][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.856033][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.856033][ T1] do_initcall_level+0x140/0x350
[ 34.856033][ T1] do_initcalls+0x1a6/0x2f0
[ 34.856033][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 34.906320][ T1] do_basic_setup+0x22/0x30
[ 34.906320][ T1] kernel_init_freeable+0x306/0x4c0
[ 34.906320][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.906320][ T1] kernel_init+0x2f/0x800
[ 34.906320][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.906320][ T1] ret_from_fork+0x6d/0x90
[ 34.906320][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.906320][ T1] ret_from_fork_asm+0x1a/0x30
[ 34.906320][ T1] RIP: 1f0f:0x0
[ 34.906320][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 34.956009][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 34.956009][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.956009][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.956009][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.956009][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.997502][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 35.005965][ T1] </TASK>
[ 35.005965][ T1] Modules linked in:
[ 35.005965][ T1] CR2: 0000000000000000
[ 35.005965][ T1] ---[ end trace 0000000000000000 ]---
[ 35.005965][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 35.005965][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 e4 a8 ad fb 8b 18 44 8b 3a 41
[ 35.005965][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 35.056178][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 35.056178][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 35.056178][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 35.056178][ T1] R10: ffff8880bba43020 R11: ffffffff86cfc5e9 R12: 0000000000000000
[ 35.056178][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 35.056178][ T1] FS: 0000000000000000(0000) GS:ffff8881ab2b0000(0000) knlGS:0000000000000000
[ 35.106029][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 35.106029][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 35.106029][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 35.106029][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 35.106029][ T1] Kernel panic - not syncing: Fatal exception
[ 35.106029][ T1] Kernel Offset: disabled
[ 35.106029][ T1] Rebooting in 86400 seconds..
git status (err=<nil>)
HEAD detached at 22a6c2b175
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=22a6c2b1752ef57d8d612e233d35f6be8c3bf7df -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250318-101307'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"22a6c2b1752ef57d8d612e233d35f6be8c3bf7df\"
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1492a804580000
Error text is too large and was truncated, full error text is at:
Tested on:
commit: ee6740fd Merge tag 'crc-for-linus' of git://git.kernel..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=28ae396b18d2fa02
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1294024c580000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
I Hsin Cheng
Mar 25, 2025, 11:54:50 PM3/25/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, ocfs2...@lists.linux.dev, syzkall...@googlegroups.com, I Hsin Cheng
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
---
fs/ocfs2/quota_local.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..c0bbfdab40ec 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -302,7 +302,7 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
if (!rc)
return -ENOMEM;
rc->rc_chunk = chunk;
- rc->rc_bitmap = kmalloc(sb->s_blocksize, GFP_NOFS);
+ rc->rc_bitmap = kzalloc(sb->s_blocksize, GFP_NOFS);
if (!rc->rc_bitmap) {
kfree(rc);
return -ENOMEM;
--
2.43.0
---
fs/ocfs2/quota_local.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..c0bbfdab40ec 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -302,7 +302,7 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
if (!rc)
return -ENOMEM;
rc->rc_chunk = chunk;
- rc->rc_bitmap = kmalloc(sb->s_blocksize, GFP_NOFS);
+ rc->rc_bitmap = kzalloc(sb->s_blocksize, GFP_NOFS);
if (!rc->rc_bitmap) {
kfree(rc);
return -ENOMEM;
--
2.43.0
I Hsin Cheng
Mar 25, 2025, 11:54:50 PM3/25/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com, I Hsin Cheng
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..3f57fdeb72fa 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -307,8 +307,7 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
kfree(rc);
return -ENOMEM;
}
- memcpy(rc->rc_bitmap, dchunk->dqc_bitmap,
- (ol_chunk_entries(sb) + 7) >> 3);
+ memcpy(rc->rc_bitmap, dchunk->dqc_bitmap, ol_chunk_entries(sb));
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..3f57fdeb72fa 100644
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
@@ -307,8 +307,7 @@ static int ocfs2_add_recovery_chunk(struct super_block *sb,
kfree(rc);
return -ENOMEM;
}
- memcpy(rc->rc_bitmap, dchunk->dqc_bitmap,
- (ol_chunk_entries(sb) + 7) >> 3);
+ memcpy(rc->rc_bitmap, dchunk->dqc_bitmap, ol_chunk_entries(sb));
I Hsin Cheng
Mar 25, 2025, 11:54:50 PM3/25/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com, I Hsin Cheng
#syz test
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
index 2956d888c131..c0bbfdab40ec 100644
diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
--- a/fs/ocfs2/quota_local.c
+++ b/fs/ocfs2/quota_local.c
I Hsin Cheng
Mar 25, 2025, 11:54:50 PM3/25/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, linux-...@vger.kernel.org, ocfs2...@lists.linux.dev, syzkall...@googlegroups.com, I Hsin Cheng
---
fs/ocfs2/quota_local.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
fs/ocfs2/quota_local.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
2.43.0
I Hsin Cheng
Mar 25, 2025, 11:54:55 PM3/25/25
to syzbot+7ea0b9...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, I Hsin Cheng
#syz test
syzbot
Mar 25, 2025, 11:58:05 PM3/25/25
to linux-...@vger.kernel.org, richar...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
syzbot tried to test the proposed patch but the build/boot failed:
[ 6.506580][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 6.508089][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.509596][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.515905][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.519548][ T1] PCI: CLS 0 bytes, default 64
[ 6.520781][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.522091][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.524148][ T1] ACPI: bus type thunderbolt registered
[ 6.648922][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.655169][ T60] kworker/u8:1 (60) used greatest stack depth: 11832 bytes left
[ 6.778216][ T1] kvm_amd: CPU 0 isn't AMD or Hygon
[ 6.779453][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6fcd5f2d, max_idle_ns: 440795232554 ns
[ 6.814252][ T1] clocksource: Switched to clocksource tsc
[ 6.898864][ T68] kworker/u8:1 (68) used greatest stack depth: 10984 bytes left
[ 27.843041][ T1] Initialise system trusted keyrings
[ 27.853143][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 27.865718][ T1] DLM installed
[ 27.881610][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 27.906244][ T1] NFS: Registering the id_resolver key type
[ 27.912497][ T1] Key type id_resolver registered
[ 27.917702][ T1] Key type id_legacy registered
[ 27.922928][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 27.930818][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 27.966950][ T1] Key type cifs.spnego registered
[ 27.972902][ T1] Key type cifs.idmap registered
[ 27.985648][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 27.991470][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 27.998559][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 28.004842][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 28.010941][ T1] QNX4 filesystem 0.2.3 registered.
[ 28.016412][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 28.023812][ T1] fuse: init (API version 7.42)
[ 28.035789][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 28.045065][ T1] orangefs_init: module version upstream loaded
[ 28.052993][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 28.095903][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 28.122315][ T1] 9p: Installing v9fs 9p2000 file system support
[ 28.129727][ T1] NILFS version 2 loaded
[ 28.134211][ T1] befs: version: 0.9.3
[ 28.139346][ T1] ocfs2: Registered cluster interface o2cb
[ 28.147012][ T1] ocfs2: Registered cluster interface user
[ 28.154336][ T1] OCFS2 User DLM kernel interface loaded
[ 28.174523][ T1] gfs2: GFS2 installed
[ 28.217219][ T1] ceph: loaded (mds proto 32)
[ 32.287427][ T1] NET: Registered PF_ALG protocol family
[ 32.293437][ T1] xor: automatically using best checksumming function avx
[ 32.301591][ T1] async_tx: api initialized (async)
[ 32.307143][ T1] Key type asymmetric registered
[ 32.312168][ T1] Asymmetric key parser 'x509' registered
[ 32.318053][ T1] Asymmetric key parser 'pkcs8' registered
[ 32.324128][ T1] Key type pkcs7_test registered
[ 32.329936][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 32.340417][ T1] io scheduler mq-deadline registered
[ 32.346104][ T1] io scheduler kyber registered
[ 32.351472][ T1] io scheduler bfq registered
[ 32.369070][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 32.384877][ T143] kworker/u8:5 (143) used greatest stack depth: 10624 bytes left
[ 32.394209][ T1] ACPI: button: Power Button [PWRF]
[ 32.401799][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 32.412805][ T1] ACPI: button: Sleep Button [SLPF]
[ 32.442696][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 32.530523][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 32.537013][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 32.608277][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.614144][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 32.687397][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 32.693107][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 32.750147][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 33.886156][ T1] N_HDLC line discipline registered with maxframe=4096
[ 33.893302][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 33.907129][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 33.940503][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 33.968684][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 34.000032][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 34.046989][ T1] Non-volatile memory driver v1.3
[ 34.058253][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 34.064179][ T1] #PF: supervisor read access in kernel mode
[ 34.064179][ T1] #PF: error_code(0x0000) - not-present page
[ 34.064179][ T1] PGD 0 P4D 0
[ 34.064179][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 34.064179][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-02121-g47618bc87540-dirty #0 PREEMPT(undef)
[ 34.064179][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 34.064179][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.064179][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 a4 a8 ad fb 8b 18 44 8b 3a 41
[ 34.064179][ T1] RSP: 0000:ffff888100652fb0 EFLAGS: 00010246
[ 34.064179][ T1] RAX: ffff8880bba53080 RBX: ffffc90000b3f008 RCX: 0000000100253080
[ 34.064179][ T1] RDX: ffff888100253080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.154103][ T1] RBP: ffff888100653178 R08: ffffea000000000f R09: 0000000000000000
[ 34.163818][ T1] R10: ffff8880bba53020 R11: 00000000abcd0100 R12: 0000000000000000
[ 34.163818][ T1] R13: 0000000000000000 R14: ffff888100618b58 R15: 000000000000000b
[ 34.174052][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1b0000(0000) knlGS:0000000000000000
[ 34.183803][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.194108][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.204163][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.204163][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.214091][ T1] Call Trace:
[ 34.223810][ T1] <TASK>
[ 34.223810][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 34.223810][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 34.234036][ T1] ? __die_body+0xce/0x1a0
[ 34.243791][ T1] ? __die+0x20f/0x270
[ 34.243791][ T1] ? page_fault_oops+0xe58/0xfb0
[ 34.243791][ T1] ? exc_page_fault+0x56c/0x700
[ 34.254065][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 34.263795][ T1] ? msix_capability_init+0x95c/0x18c0
[ 34.263795][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 34.274033][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.274033][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 34.283801][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 34.283801][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 34.294061][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 34.303794][ T1] vp_find_vqs+0x6c/0xa80
[ 34.303794][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.314061][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 34.314061][ T1] probe_common+0x3b4/0x970
[ 34.323800][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 34.323800][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.334052][ T1] virtrng_probe+0x2d/0x40
[ 34.334052][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 34.343812][ T1] virtio_dev_probe+0x1640/0x19a0
[ 34.343812][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 34.354059][ T1] really_probe+0x4dc/0xd90
[ 34.354059][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.363809][ T1] __driver_probe_device+0x2ab/0x5d0
[ 34.363809][ T1] driver_probe_device+0x72/0x890
[ 34.374045][ T1] __driver_attach+0x7ea/0xb50
[ 34.374045][ T1] bus_for_each_dev+0x350/0x540
[ 34.383800][ T1] ? __pfx___driver_attach+0x10/0x10
[ 34.383800][ T1] driver_attach+0x51/0x70
[ 34.394042][ T1] bus_add_driver+0x74c/0xdb0
[ 34.394042][ T1] driver_register+0x3fb/0x660
[ 34.403848][ T1] __register_virtio_driver+0xf1/0x120
[ 34.403848][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.414084][ T1] virtio_rng_driver_init+0x2e/0x40
[ 34.423821][ T1] do_one_initcall+0x228/0xbf0
[ 34.423821][ T1] ? irqentry_enter+0x37/0x60
[ 34.423821][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.434066][ T1] ? sysvec_call_function_single+0x30/0x90
[ 34.443805][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.443805][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.454049][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.454049][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.463811][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.474047][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.474047][ T1] ? parameq+0x43a/0x470
[ 34.483822][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.483822][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.494069][ T1] ? parse_args+0xfde/0x10a0
[ 34.494069][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.504050][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.504050][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.514205][ T1] do_initcall_level+0x140/0x350
[ 34.514205][ T1] do_initcalls+0x1a6/0x2f0
[ 34.523815][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 34.534049][ T1] do_basic_setup+0x22/0x30
[ 34.534049][ T1] kernel_init_freeable+0x306/0x4c0
[ 34.543806][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.543806][ T1] kernel_init+0x2f/0x800
[ 34.543806][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.554058][ T1] ret_from_fork+0x6d/0x90
[ 34.554058][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.563806][ T1] ret_from_fork_asm+0x1a/0x30
[ 34.563806][ T1] RIP: 1f0f:0x0
[ 34.574053][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 34.583818][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 34.583818][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.594051][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.603793][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.614068][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.623858][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 34.623858][ T1] </TASK>
[ 34.634075][ T1] Modules linked in:
[ 34.634075][ T1] CR2: 0000000000000000
[ 34.643831][ T1] ---[ end trace 0000000000000000 ]---
[ 34.643831][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.654061][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 a4 a8 ad fb 8b 18 44 8b 3a 41
[ 34.674030][ T1] RSP: 0000:ffff888100652fb0 EFLAGS: 00010246
[ 34.674030][ T1] RAX: ffff8880bba53080 RBX: ffffc90000b3f008 RCX: 0000000100253080
[ 34.683804][ T1] RDX: ffff888100253080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.694025][ T1] RBP: ffff888100653178 R08: ffffea000000000f R09: 0000000000000000
[ 34.703790][ T1] R10: ffff8880bba53020 R11: 00000000abcd0100 R12: 0000000000000000
[ 34.714060][ T1] R13: 0000000000000000 R14: ffff888100618b58 R15: 000000000000000b
[ 34.714060][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1b0000(0000) knlGS:0000000000000000
[ 34.723810][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.734134][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.743873][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.754117][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.754117][ T1] Kernel panic - not syncing: Fatal exception
[ 34.763814][ T1] Kernel Offset: disabled
[ 34.763814][ T1] Rebooting in 86400 seconds..
git status (err=<nil>)
HEAD detached at 22a6c2b175
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=22a6c2b1752ef57d8d612e233d35f6be8c3bf7df -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250318-101307'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"22a6c2b1752ef57d8d612e233d35f6be8c3bf7df\"
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=1714543f980000
Error text is too large and was truncated, full error text is at:
Tested on:
commit: 47618bc8 Merge tag 'spi-v6.15' of git://git.kernel.org..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=6db78484161f9735
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1194e43f980000
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syzbot
Mar 26, 2025, 12:15:04 AM3/26/25
to linux-...@vger.kernel.org, richar...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
transport module.
syzbot tried to test the proposed patch but the build/boot failed:
[ 6.590030][ T1] NET: Registered PF_XDP protocol family
[ 6.591410][ T1] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
[ 6.592986][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 6.594741][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 6.596233][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window]
[ 6.602638][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 6.605956][ T1] PCI: CLS 0 bytes, default 64
[ 6.607860][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 6.610273][ T1] software IO TLB: mapped [mem 0x00000000bbffd000-0x00000000bfffd000] (64MB)
[ 6.613162][ T1] ACPI: bus type thunderbolt registered
[ 6.737939][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer
[ 6.770832][ T62] kworker/u8:3 (62) used greatest stack depth: 11960 bytes left
[ 6.867316][ T1] kvm_amd: CPU 1 isn't AMD or Hygon
[ 6.868703][ T1] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x1fb6fb5cc36, max_idle_ns: 440795309794 ns
[ 6.903230][ T1] clocksource: Switched to clocksource tsc
[ 6.980617][ T65] kworker/u8:1 (65) used greatest stack depth: 10624 bytes left
[ 28.032797][ T1] Initialise system trusted keyrings
[ 28.042630][ T1] workingset: timestamp_bits=40 max_order=21 bucket_order=0
[ 28.054020][ T1] DLM installed
[ 28.068719][ T1] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 28.092968][ T1] NFS: Registering the id_resolver key type
[ 28.099227][ T1] Key type id_resolver registered
[ 28.104418][ T1] Key type id_legacy registered
[ 28.109851][ T1] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
[ 28.118200][ T1] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
[ 28.152197][ T1] Key type cifs.spnego registered
[ 28.158513][ T1] Key type cifs.idmap registered
[ 28.171052][ T1] ntfs3: Enabled Linux POSIX ACLs support
[ 28.177056][ T1] ntfs3: Read-only LZX/Xpress compression included
[ 28.184143][ T1] efs: 1.0a - http://aeschi.ch.eu.org/efs/
[ 28.190393][ T1] romfs: ROMFS MTD (C) 2007 Red Hat, Inc.
[ 28.196835][ T1] QNX4 filesystem 0.2.3 registered.
[ 28.202341][ T1] qnx6: QNX6 filesystem 1.0.0 registered.
[ 28.209765][ T1] fuse: init (API version 7.42)
[ 28.220628][ T1] orangefs_debugfs_init: called with debug mask: :none: :0:
[ 28.229581][ T1] orangefs_init: module version upstream loaded
[ 28.237636][ T1] JFS: nTxBlock = 8192, nTxLock = 65536
[ 28.279418][ T1] SGI XFS with ACLs, security attributes, realtime, quota, no debug enabled
[ 28.305216][ T1] 9p: Installing v9fs 9p2000 file system support
[ 28.312653][ T1] NILFS version 2 loaded
[ 28.317099][ T1] befs: version: 0.9.3
[ 28.322254][ T1] ocfs2: Registered cluster interface o2cb
[ 28.329520][ T1] ocfs2: Registered cluster interface user
[ 28.336965][ T1] OCFS2 User DLM kernel interface loaded
[ 28.355938][ T1] gfs2: GFS2 installed
[ 28.404424][ T1] ceph: loaded (mds proto 32)
[ 32.490559][ T1] NET: Registered PF_ALG protocol family
[ 32.496806][ T1] xor: automatically using best checksumming function avx
[ 32.505203][ T1] async_tx: api initialized (async)
[ 32.510582][ T1] Key type asymmetric registered
[ 32.515739][ T1] Asymmetric key parser 'x509' registered
[ 32.521552][ T1] Asymmetric key parser 'pkcs8' registered
[ 32.527609][ T1] Key type pkcs7_test registered
[ 32.534059][ T1] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 238)
[ 32.544358][ T1] io scheduler mq-deadline registered
[ 32.550218][ T1] io scheduler kyber registered
[ 32.555723][ T1] io scheduler bfq registered
[ 32.573258][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 32.593674][ T1] ACPI: button: Power Button [PWRF]
[ 32.601364][ T1] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 32.611866][ T1] ACPI: button: Sleep Button [SLPF]
[ 32.639617][ T1] ioatdma: Intel(R) QuickData Technology Driver 5.00
[ 32.729614][ T1] ACPI: \_SB_.LNKC: Enabled at IRQ 11
[ 32.737060][ T1] virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
[ 32.814037][ T1] ACPI: \_SB_.LNKD: Enabled at IRQ 10
[ 32.819840][ T1] virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
[ 32.894636][ T1] ACPI: \_SB_.LNKB: Enabled at IRQ 10
[ 32.900546][ T1] virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
[ 32.957220][ T1] virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
[ 34.110401][ T1] N_HDLC line discipline registered with maxframe=4096
[ 34.118652][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 34.130570][ T1] 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 34.165230][ T1] 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 34.192689][ T1] 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
[ 34.223638][ T1] 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
[ 34.274886][ T1] Non-volatile memory driver v1.3
[ 34.286192][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 34.294136][ T1] #PF: supervisor read access in kernel mode
[ 34.294504][ T1] #PF: error_code(0x0000) - not-present page
[ 34.294504][ T1] PGD 0 P4D 0
[ 34.294504][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 34.294504][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-syzkaller-02121-g47618bc87540 #0 PREEMPT(undef)
[ 34.294504][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 34.334927][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.334927][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 e4 a8 ad fb 8b 18 44 8b 3a 41
[ 34.334927][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.334927][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.334927][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.384959][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.384959][ T1] R10: ffff8880bba43020 R11: 00000000abcd0100 R12: 0000000000000000
[ 34.384959][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.384959][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1b0000(0000) knlGS:0000000000000000
[ 34.384959][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.384959][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.384959][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.434955][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.434955][ T1] Call Trace:
[ 34.434955][ T1] <TASK>
[ 34.434955][ T1] ? show_trace_log_lvl+0x268/0x3d0
[ 34.434955][ T1] ? __pci_enable_msix_range+0xad9/0xc40
[ 34.434955][ T1] ? __die_body+0xce/0x1a0
[ 34.434955][ T1] ? __die+0x20f/0x270
[ 34.434955][ T1] ? page_fault_oops+0xe58/0xfb0
[ 34.434955][ T1] ? exc_page_fault+0x56c/0x700
[ 34.484952][ T1] ? asm_exc_page_fault+0x2b/0x30
[ 34.484952][ T1] ? msix_capability_init+0x95c/0x18c0
[ 34.484952][ T1] __pci_enable_msix_range+0xad9/0xc40
[ 34.484952][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.484952][ T1] ? kmsan_internal_set_shadow_origin+0x6c/0x100
[ 34.484952][ T1] pci_alloc_irq_vectors_affinity+0x111/0x3a0
[ 34.484952][ T1] vp_find_vqs_msix+0x84d/0x1560
[ 34.484952][ T1] ? kmsan_internal_unpoison_memory+0x14/0x20
[ 34.484952][ T1] vp_find_vqs+0x6c/0xa80
[ 34.534964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.534964][ T1] ? __pfx_vp_find_vqs+0x10/0x10
[ 34.534964][ T1] probe_common+0x3b4/0x970
[ 34.534964][ T1] ? __pfx_random_recv_done+0x10/0x10
[ 34.534964][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.534964][ T1] virtrng_probe+0x2d/0x40
[ 34.534964][ T1] ? __pfx_virtrng_probe+0x10/0x10
[ 34.534964][ T1] virtio_dev_probe+0x1640/0x19a0
[ 34.534964][ T1] ? __pfx_virtio_dev_probe+0x10/0x10
[ 34.584963][ T1] really_probe+0x4dc/0xd90
[ 34.584963][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.584963][ T1] __driver_probe_device+0x2ab/0x5d0
[ 34.584963][ T1] driver_probe_device+0x72/0x890
[ 34.584963][ T1] __driver_attach+0x7ea/0xb50
[ 34.584963][ T1] bus_for_each_dev+0x350/0x540
[ 34.584963][ T1] ? __pfx___driver_attach+0x10/0x10
[ 34.584963][ T1] driver_attach+0x51/0x70
[ 34.584963][ T1] bus_add_driver+0x74c/0xdb0
[ 34.584963][ T1] driver_register+0x3fb/0x660
[ 34.635200][ T1] __register_virtio_driver+0xf1/0x120
[ 34.635200][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.635200][ T1] virtio_rng_driver_init+0x2e/0x40
[ 34.635200][ T1] do_one_initcall+0x228/0xbf0
[ 34.635200][ T1] ? irqentry_enter+0x37/0x60
[ 34.635200][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.635200][ T1] ? sysvec_call_function_single+0x30/0x90
[ 34.635200][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.635200][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.684997][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.684997][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.684997][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.684997][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.684997][ T1] ? parameq+0x43a/0x470
[ 34.684997][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.684997][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.684997][ T1] ? parse_args+0xfde/0x10a0
[ 34.684997][ T1] ? kmsan_get_metadata+0x13e/0x1c0
[ 34.734934][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 34.734934][ T1] ? __pfx_virtio_rng_driver_init+0x10/0x10
[ 34.734934][ T1] do_initcall_level+0x140/0x350
[ 34.734934][ T1] do_initcalls+0x1a6/0x2f0
[ 34.734934][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 34.734934][ T1] do_basic_setup+0x22/0x30
[ 34.734934][ T1] kernel_init_freeable+0x306/0x4c0
[ 34.734934][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.734934][ T1] kernel_init+0x2f/0x800
[ 34.734934][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.784962][ T1] ret_from_fork+0x6d/0x90
[ 34.784962][ T1] ? __pfx_kernel_init+0x10/0x10
[ 34.784962][ T1] ret_from_fork_asm+0x1a/0x30
[ 34.784962][ T1] RIP: 1f0f:0x0
[ 34.784962][ T1] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 34.784962][ T1] RSP: 0000:0000000000000000 EFLAGS: 841f0f2e66 ORIG_RAX: 1f0f2e6600000000
[ 34.784962][ T1] RAX: 0000000000000000 RBX: 1f0f2e6600000000 RCX: 2e66000000000084
[ 34.784962][ T1] RDX: 0000000000841f0f RSI: 000000841f0f2e66 RDI: 00841f0f2e660000
[ 34.834921][ T1] RBP: 00841f0f2e660000 R08: 00841f0f2e660000 R09: 000000841f0f2e66
[ 34.834921][ T1] R10: 0000000000841f0f R11: 2e66000000000084 R12: 000000841f0f2e66
[ 34.834921][ T1] R13: 0000000000841f0f R14: 2e66000000000084 R15: 1f0f2e6600000000
[ 34.834921][ T1] </TASK>
[ 34.834921][ T1] Modules linked in:
[ 34.834921][ T1] CR2: 0000000000000000
[ 34.834921][ T1] ---[ end trace 0000000000000000 ]---
[ 34.834921][ T1] RIP: 0010:msix_capability_init+0x95c/0x18c0
[ 34.884997][ T1] Code: ff ff ff 48 89 9d 60 fe ff ff 48 89 9d 08 ff ff ff 48 83 bd 30 ff ff ff 00 4c 8b 75 c8 0f 85 1d 02 00 00 48 8b bd 58 ff ff ff <44> 8b 27 b8 00 00 40 00 41 21 c4 e8 e4 a8 ad fb 8b 18 44 8b 3a 41
[ 34.884997][ T1] RSP: 0000:ffff888100642fb0 EFLAGS: 00010246
[ 34.884997][ T1] RAX: ffff8880bba43080 RBX: ffffc90000b3f008 RCX: 0000000100243080
[ 34.884997][ T1] RDX: ffff888100243080 RSI: ffff88813fffacc0 RDI: 0000000000000000
[ 34.884997][ T1] RBP: ffff888100643178 R08: ffffea000000000f R09: 0000000000000000
[ 34.934980][ T1] R10: ffff8880bba43020 R11: 00000000abcd0100 R12: 0000000000000000
[ 34.934980][ T1] R13: 0000000000000000 R14: ffff8881408d0b58 R15: 000000000000000b
[ 34.934980][ T1] FS: 0000000000000000(0000) GS:ffff8881ab1b0000(0000) knlGS:0000000000000000
[ 34.934980][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 34.934980][ T1] CR2: 0000000000000000 CR3: 0000000011a80000 CR4: 00000000003526f0
[ 34.934980][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 34.984958][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 34.984958][ T1] Kernel panic - not syncing: Fatal exception
[ 34.984958][ T1] Kernel Offset: disabled
[ 34.984958][ T1] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64'
GOTOOLDIR='/syzkaller/jobs/linux/gopath/pkg/mod/golang.org/tool...@v0.0.1-go1.23.6.linux-amd64/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.6'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOVERSION='go1.23.6'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build622590353=/tmp/go-build -gno-record-gcc-switches'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
git status (err=<nil>)
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=22a6c2b1752ef57d8d612e233d35f6be8c3bf7df -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250318-101307'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"22a6c2b1752ef57d8d612e233d35f6be8c3bf7df\"
/usr/bin/ld: /tmp/cc2MzyaW.o: in function `Connection::Connect(char const*, char const*)':
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=22a6c2b1752ef57d8d612e233d35f6be8c3bf7df -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250318-101307'" -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"22a6c2b1752ef57d8d612e233d35f6be8c3bf7df\"
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=14fe0a4c580000
Error text is too large and was truncated, full error text is at:
Tested on:
commit: 47618bc8 Merge tag 'spi-v6.15' of git://git.kernel.org..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=6db78484161f9735
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea0b96c4ddb49fd1a70
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Reply all
Reply to author
Forward
0 new messages