BUG: unable to handle kernel NULL pointer dereference in get_block
11 views
Skip to first unread message
syzbot
Mar 17, 2020, 6:07:14 AM3/17/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 339485c9 Linux 4.19.110
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=123f8d19e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8d390b1a40a32588
dashboard link: https://syzkaller.appspot.com/bug?extid=fe13a9e814dd76a3fcfe
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fe13a9...@syzkaller.appspotmail.com
MINIX-fs: mounting unchecked file system, running fsck is recommended
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 8ddcb067 P4D 8ddcb067 PUD a0e40067 PMD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1056 Comm: syz-executor.4 Not tainted 4.19.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:209 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
Code: 00 00 49 8b bc 24 28 01 00 00 b9 08 00 00 00 e8 2a 57 bc ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 4a 7c 87 49 89 c4 e8 e4 82 4e ff <f0> 49 0f ba 2c 24 02 40 0f 92 c6 31 ff 40 88 74 24 78 e8 dd 2a 6f
RSP: 0018:ffff888039c87788 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff888039c87888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808f0385a4
RBP: ffff888039c87920 R08: ffff88808f038580 R09: fffff940003d70e7
R10: fffff940003d70e6 R11: ffffea0001eb8737 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888039c8784c R15: 0000000000000c98
FS: 00007f277eaff700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a8875000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
minix_get_block+0xe5/0x110 fs/minix/inode.c:379
__block_write_begin_int+0x480/0x17a0 fs/buffer.c:1967
__block_write_begin fs/buffer.c:2017 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2076
minix_write_begin+0x35/0xe0 fs/minix/inode.c:415
generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3162
__generic_file_write_iter+0x24c/0x610 mm/filemap.c:3287
generic_file_write_iter+0x37f/0x729 mm/filemap.c:3315
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x206/0x550 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f277eafec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f277eaff6d4 RCX: 000000000045c849
RDX: 000000000000fdef RSI: 00000000200002c0 RDI: 0000000000000003
RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c97 R14: 00000000004cec41 R15: 000000000076c04c
Modules linked in:
CR2: 0000000000000000
---[ end trace f8b2fc02d1a558aa ]---
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:209 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
Code: 00 00 49 8b bc 24 28 01 00 00 b9 08 00 00 00 e8 2a 57 bc ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 4a 7c 87 49 89 c4 e8 e4 82 4e ff <f0> 49 0f ba 2c 24 02 40 0f 92 c6 31 ff 40 88 74 24 78 e8 dd 2a 6f
RSP: 0018:ffff888039c87788 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff888039c87888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808f0385a4
RBP: ffff888039c87920 R08: ffff88808f038580 R09: fffff940003d70e7
R10: fffff940003d70e6 R11: ffffea0001eb8737 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888039c8784c R15: 0000000000000c98
FS: 00007f277eaff700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a8875000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following crash on:
HEAD commit: 339485c9 Linux 4.19.110
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=123f8d19e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8d390b1a40a32588
dashboard link: https://syzkaller.appspot.com/bug?extid=fe13a9e814dd76a3fcfe
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fe13a9...@syzkaller.appspotmail.com
MINIX-fs: mounting unchecked file system, running fsck is recommended
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 8ddcb067 P4D 8ddcb067 PUD a0e40067 PMD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1056 Comm: syz-executor.4 Not tainted 4.19.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:209 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
Code: 00 00 49 8b bc 24 28 01 00 00 b9 08 00 00 00 e8 2a 57 bc ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 4a 7c 87 49 89 c4 e8 e4 82 4e ff <f0> 49 0f ba 2c 24 02 40 0f 92 c6 31 ff 40 88 74 24 78 e8 dd 2a 6f
RSP: 0018:ffff888039c87788 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff888039c87888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808f0385a4
RBP: ffff888039c87920 R08: ffff88808f038580 R09: fffff940003d70e7
R10: fffff940003d70e6 R11: ffffea0001eb8737 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888039c8784c R15: 0000000000000c98
FS: 00007f277eaff700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a8875000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
minix_get_block+0xe5/0x110 fs/minix/inode.c:379
__block_write_begin_int+0x480/0x17a0 fs/buffer.c:1967
__block_write_begin fs/buffer.c:2017 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2076
minix_write_begin+0x35/0xe0 fs/minix/inode.c:415
generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3162
__generic_file_write_iter+0x24c/0x610 mm/filemap.c:3287
generic_file_write_iter+0x37f/0x729 mm/filemap.c:3315
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x206/0x550 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45c849
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f277eafec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f277eaff6d4 RCX: 000000000045c849
RDX: 000000000000fdef RSI: 00000000200002c0 RDI: 0000000000000003
RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c97 R14: 00000000004cec41 R15: 000000000076c04c
Modules linked in:
CR2: 0000000000000000
---[ end trace f8b2fc02d1a558aa ]---
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:209 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
Code: 00 00 49 8b bc 24 28 01 00 00 b9 08 00 00 00 e8 2a 57 bc ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 4a 7c 87 49 89 c4 e8 e4 82 4e ff <f0> 49 0f ba 2c 24 02 40 0f 92 c6 31 ff 40 88 74 24 78 e8 dd 2a 6f
RSP: 0018:ffff888039c87788 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff888039c87888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808f0385a4
RBP: ffff888039c87920 R08: ffff88808f038580 R09: fffff940003d70e7
R10: fffff940003d70e6 R11: ffffea0001eb8737 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff888039c8784c R15: 0000000000000c98
FS: 00007f277eaff700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a8875000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Mar 17, 2020, 6:29:14 AM3/17/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 339485c9 Linux 4.19.110
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14a96a1de00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=107acd55e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fe13a9...@syzkaller.appspotmail.com
MINIX-fs: mounting unchecked file system, running fsck is recommended
minix_free_inode: bit 1 already cleared
minix_free_inode: bit 1 already cleared
CPU: 0 PID: 8007 Comm: syz-executor871 Not tainted 4.19.110-syzkaller #0
RAX: 0000000000000007 RBX: ffff8880934ff888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808d618324
RBP: ffff8880934ff920 R08: ffff88808d618300 R09: fffff940004582c7
R10: fffff940004582c6 R11: ffffea00022c1637 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8880934ff84c R15: 0000000000000c98
FS: 00007f1f191ad700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
Code: 5d ca fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b ca fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f1f191acce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006ddc38 RCX: 000000000044b339
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc3c
R13: 00007ffca4f25b2f R14: 00007f1f191ad9c0 R15: 0000000000000001
RAX: 0000000000000007 RBX: ffff8880934ff888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808d618324
RBP: ffff8880934ff920 R08: ffff88808d618300 R09: fffff940004582c7
R10: fffff940004582c6 R11: ffffea00022c1637 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8880934ff84c R15: 0000000000000c98
FS: 00007f1f191ad700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
HEAD commit: 339485c9 Linux 4.19.110
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=8d390b1a40a32588
dashboard link: https://syzkaller.appspot.com/bug?extid=fe13a9e814dd76a3fcfe
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15deda1de00000
dashboard link: https://syzkaller.appspot.com/bug?extid=fe13a9e814dd76a3fcfe
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=107acd55e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fe13a9...@syzkaller.appspotmail.com
MINIX-fs: mounting unchecked file system, running fsck is recommended
MINIX-fs: mounting unchecked file system, running fsck is recommended
MINIX-fs: mounting unchecked file system, running fsck is recommended
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
MINIX-fs: mounting unchecked file system, running fsck is recommended
PGD a95dd067 P4D a95dd067 PUD 94208067 PMD 0
MINIX-fs: mounting unchecked file system, running fsck is recommended
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
MINIX-fs: mounting unchecked file system, running fsck is recommended
minix_free_inode: bit 1 already cleared
Oops: 0002 [#1] PREEMPT SMP KASAN
minix_free_inode: bit 1 already cleared
CPU: 0 PID: 8007 Comm: syz-executor871 Not tainted 4.19.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
MINIX-fs: mounting unchecked file system, running fsck is recommended
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:209 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
minix_free_inode: bit 1 already cleared
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
Code: 00 00 49 8b bc 24 28 01 00 00 b9 08 00 00 00 e8 2a 57 bc ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 4a 7c 87 49 89 c4 e8 e4 82 4e ff <f0> 49 0f ba 2c 24 02 40 0f 92 c6 31 ff 40 88 74 24 78 e8 dd 2a 6f
RSP: 0018:ffff8880934ff788 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff8880934ff888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808d618324
RBP: ffff8880934ff920 R08: ffff88808d618300 R09: fffff940004582c7
R10: fffff940004582c6 R11: ffffea00022c1637 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8880934ff84c R15: 0000000000000c98
FS: 00007f1f191ad700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000a0dd2000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
minix_get_block+0xe5/0x110 fs/minix/inode.c:379
__block_write_begin_int+0x480/0x17a0 fs/buffer.c:1967
__block_write_begin fs/buffer.c:2017 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2076
minix_write_begin+0x35/0xe0 fs/minix/inode.c:415
generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3162
__generic_file_write_iter+0x24c/0x610 mm/filemap.c:3287
generic_file_write_iter+0x37f/0x729 mm/filemap.c:3315
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x206/0x550 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44b339
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
minix_get_block+0xe5/0x110 fs/minix/inode.c:379
__block_write_begin_int+0x480/0x17a0 fs/buffer.c:1967
__block_write_begin fs/buffer.c:2017 [inline]
block_write_begin+0x58/0x2e0 fs/buffer.c:2076
minix_write_begin+0x35/0xe0 fs/minix/inode.c:415
generic_perform_write+0x1f8/0x4d0 mm/filemap.c:3162
__generic_file_write_iter+0x24c/0x610 mm/filemap.c:3287
generic_file_write_iter+0x37f/0x729 mm/filemap.c:3315
call_write_iter include/linux/fs.h:1820 [inline]
new_sync_write fs/read_write.c:474 [inline]
__vfs_write+0x512/0x760 fs/read_write.c:487
vfs_write+0x206/0x550 fs/read_write.c:549
ksys_write+0x12b/0x2a0 fs/read_write.c:599
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: 5d ca fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b ca fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f1f191acce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000006ddc38 RCX: 000000000044b339
RDX: 000000000000fdef RSI: 00000000200002c0 RDI: 0000000000000003
RBP: 00000000006ddc30 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc3c
R13: 00007ffca4f25b2f R14: 00007f1f191ad9c0 R15: 0000000000000001
Modules linked in:
CR2: 0000000000000000
---[ end trace 68f5fa087cfde757 ]---
CR2: 0000000000000000
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:209 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
Code: 00 00 49 8b bc 24 28 01 00 00 b9 08 00 00 00 e8 2a 57 bc ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 4a 7c 87 49 89 c4 e8 e4 82 4e ff <f0> 49 0f ba 2c 24 02 40 0f 92 c6 31 ff 40 88 74 24 78 e8 dd 2a 6f
RSP: 0018:ffff8880934ff788 EFLAGS: 00010246
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:223 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x76c/0x1300 fs/minix/itree_common.c:191
Code: 00 00 49 8b bc 24 28 01 00 00 b9 08 00 00 00 e8 2a 57 bc ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 4a 7c 87 49 89 c4 e8 e4 82 4e ff <f0> 49 0f ba 2c 24 02 40 0f 92 c6 31 ff 40 88 74 24 78 e8 dd 2a 6f
RAX: 0000000000000007 RBX: ffff8880934ff888 RCX: 1ffffffff11f8a30
RDX: 0000000000000000 RSI: ffffffff88b92960 RDI: ffff88808d618324
RBP: ffff8880934ff920 R08: ffff88808d618300 R09: fffff940004582c7
R10: fffff940004582c6 R11: ffffea00022c1637 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8880934ff84c R15: 0000000000000c98
FS: 00007f1f191ad700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004c344c CR3: 00000000a0dd2000 CR4: 00000000001406f0
syzbot
Mar 17, 2020, 6:42:14 AM3/17/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 12cd844a Linux 4.14.173
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=161f1345e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8a9d0602a0f7791e
dashboard link: https://syzkaller.appspot.com/bug?extid=cb4500d8db7b875b297e
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
IP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline]
IP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
IP: trylock_buffer include/linux/buffer_head.h:359 [inline]
IP: lock_buffer include/linux/buffer_head.h:365 [inline]
IP: alloc_branch fs/minix/itree_common.c:88 [inline]
IP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191
PGD 415e0067 P4D 415e0067 PUD 417cb067 PMD 0
CPU: 0 PID: 16965 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
RSP: 0018:ffff88804d0af808 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff88804d0af910 RCX: 1ffffffff10279bc
RDX: 0000000000000000 RSI: ffffffff87d842e0 RDI: ffff8880a9062564
RBP: ffff88804d0af988 R08: 0000000000000001 R09: 0000000000000003
R10: ffff8880a9062e38 R11: ffff8880a9062540 R12: ffff88804d0af8d4
R13: ffff88808235a530 R14: dffffc0000000000 R15: 0000000000000000
FS: 00007fe1d4a5f700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2027
__block_write_begin fs/buffer.c:2077 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2136
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
generic_file_write_iter+0x2fa/0x650 mm/filemap.c:3200
call_write_iter include/linux/fs.h:1777 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
vfs_write+0x192/0x4e0 fs/read_write.c:544
SYSC_write fs/read_write.c:590 [inline]
SyS_write+0xf2/0x210 fs/read_write.c:582
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007fe1d4a5ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fe1d4a5f6d4 RCX: 000000000045c849
RDX: 00000000ffffff2e RSI: 0000000020000040 RDI: 0000000000000006
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
Code: ca 08 00 00 49 8b bf 28 01 00 00 b9 08 00 00 00 e8 5f 07 c6 ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 f2 b9 86 49 89 c7 e8 e9 48 6d ff <f0> 41 0f ba 2f 02 0f 83 1f fe ff ff e8 98 33 89 ff 4c 89 ff e8
RIP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline] RSP: ffff88804d0af808
RIP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline] RSP: ffff88804d0af808
RIP: trylock_buffer include/linux/buffer_head.h:359 [inline] RSP: ffff88804d0af808
RIP: lock_buffer include/linux/buffer_head.h:365 [inline] RSP: ffff88804d0af808
RIP: alloc_branch fs/minix/itree_common.c:88 [inline] RSP: ffff88804d0af808
RIP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191 RSP: ffff88804d0af808
CR2: 0000000000000000
kauditd_printk_skb: 83 callbacks suppressed
audit: type=1800 audit(1584441702.876:783): pid=16986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=17362 res=0
---[ end trace 0349c4c6669cbf00 ]---
init_special_inode: bogus i_mode (0) for inode loop1:1
syzbot found the following crash on:
HEAD commit: 12cd844a Linux 4.14.173
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=161f1345e00000
kernel config: https://syzkaller.appspot.com/x/.config?x=8a9d0602a0f7791e
dashboard link: https://syzkaller.appspot.com/bug?extid=cb4500d8db7b875b297e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cb4500...@syzkaller.appspotmail.com
netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
MINIX-fs: mounting unchecked file system, running fsck is recommended
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline]
IP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
IP: trylock_buffer include/linux/buffer_head.h:359 [inline]
IP: lock_buffer include/linux/buffer_head.h:365 [inline]
IP: alloc_branch fs/minix/itree_common.c:88 [inline]
IP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191
PGD 415e0067 P4D 415e0067 PUD 417cb067 PMD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 16965 Comm: syz-executor.2 Not tainted 4.14.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a9062540 task.stack: ffff88804d0a8000
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RSP: 0018:ffff88804d0af808 EFLAGS: 00010246
RAX: 0000000000000007 RBX: ffff88804d0af910 RCX: 1ffffffff10279bc
RDX: 0000000000000000 RSI: ffffffff87d842e0 RDI: ffff8880a9062564
RBP: ffff88804d0af988 R08: 0000000000000001 R09: 0000000000000003
R10: ffff8880a9062e38 R11: ffff8880a9062540 R12: ffff88804d0af8d4
R13: ffff88808235a530 R14: dffffc0000000000 R15: 0000000000000000
FS: 00007fe1d4a5f700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000005bbef000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
minix_get_block+0xd6/0x100 fs/minix/inode.c:379
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2027
__block_write_begin fs/buffer.c:2077 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2136
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
generic_file_write_iter+0x2fa/0x650 mm/filemap.c:3200
call_write_iter include/linux/fs.h:1777 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
vfs_write+0x192/0x4e0 fs/read_write.c:544
SYSC_write fs/read_write.c:590 [inline]
SyS_write+0xf2/0x210 fs/read_write.c:582
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45c849
RSP: 002b:00007fe1d4a5ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fe1d4a5f6d4 RCX: 000000000045c849
RDX: 00000000ffffff2e RSI: 0000000020000040 RDI: 0000000000000006
RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000c97 R14: 00000000004cec41 R15: 000000000076bf0c
Code: ca 08 00 00 49 8b bf 28 01 00 00 b9 08 00 00 00 e8 5f 07 c6 ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 f2 b9 86 49 89 c7 e8 e9 48 6d ff <f0> 41 0f ba 2f 02 0f 83 1f fe ff ff e8 98 33 89 ff 4c 89 ff e8
RIP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline] RSP: ffff88804d0af808
RIP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline] RSP: ffff88804d0af808
RIP: trylock_buffer include/linux/buffer_head.h:359 [inline] RSP: ffff88804d0af808
RIP: lock_buffer include/linux/buffer_head.h:365 [inline] RSP: ffff88804d0af808
RIP: alloc_branch fs/minix/itree_common.c:88 [inline] RSP: ffff88804d0af808
RIP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191 RSP: ffff88804d0af808
CR2: 0000000000000000
kauditd_printk_skb: 83 callbacks suppressed
audit: type=1800 audit(1584441702.876:783): pid=16986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=17362 res=0
---[ end trace 0349c4c6669cbf00 ]---
init_special_inode: bogus i_mode (0) for inode loop1:1
MINIX-fs: mounting unchecked file system, running fsck is recommended
syzbot
Mar 17, 2020, 7:11:16 AM3/17/20
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following crash on:
HEAD commit: 12cd844a Linux 4.14.173
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17696a1de00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f3f1f9e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cb4500...@syzkaller.appspotmail.com
audit: type=1400 audit(1584443215.298:36): avc: denied { map } for pid=7402 comm="syz-executor833" path="/root/syz-executor833497343" dev="sda1" ino=16484 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
RAX: 0000000000000007 RBX: ffff88808501f910 RCX: 1ffffffff10279bc
RDX: 0000000000000000 RSI: ffffffff87d842e0 RDI: ffff888093a7c1e4
RBP: ffff88808501f988 R08: 0000000000000001 R09: 0000000000000002
R10: ffff888093a7ca90 R11: ffff888093a7c1c0 R12: ffff88808501f8d4
R13: ffff8880941ad960 R14: dffffc0000000000 R15: 0000000000000000
FS: 000000000162a940(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
RSP: 002b:00007fff8a02d308 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fff8a02d310 RCX: 0000000000444c19
RDX: 00000000ffffff2e RSI: 0000000020000040 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000401000 R09: 0000000000401000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402880
R13: 0000000000402910 R14: 0000000000000000 R15: 0000000000000000
RIP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline] RSP: ffff88808501f808
RIP: trylock_buffer include/linux/buffer_head.h:359 [inline] RSP: ffff88808501f808
RIP: lock_buffer include/linux/buffer_head.h:365 [inline] RSP: ffff88808501f808
RIP: alloc_branch fs/minix/itree_common.c:88 [inline] RSP: ffff88808501f808
RIP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191 RSP: ffff88808501f808
CR2: 0000000000000000
---[ end trace 6336850785786139 ]---
HEAD commit: 12cd844a Linux 4.14.173
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=8a9d0602a0f7791e
dashboard link: https://syzkaller.appspot.com/bug?extid=cb4500d8db7b875b297e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11beda1de00000
dashboard link: https://syzkaller.appspot.com/bug?extid=cb4500d8db7b875b297e
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16f3f1f9e00000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cb4500...@syzkaller.appspotmail.com
MINIX-fs: mounting unchecked file system, running fsck is recommended
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline]
IP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
IP: trylock_buffer include/linux/buffer_head.h:359 [inline]
IP: lock_buffer include/linux/buffer_head.h:365 [inline]
IP: alloc_branch fs/minix/itree_common.c:88 [inline]
IP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191
PGD 8e431067 P4D 8e431067 PUD a107f067 PMD 0
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline]
IP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
IP: trylock_buffer include/linux/buffer_head.h:359 [inline]
IP: lock_buffer include/linux/buffer_head.h:365 [inline]
IP: alloc_branch fs/minix/itree_common.c:88 [inline]
IP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 7402 Comm: syz-executor833 Not tainted 4.14.173-syzkaller #0
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888093a7c1c0 task.stack: ffff888085018000
RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline]
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191
RSP: 0018:ffff88808501f808 EFLAGS: 00010246
RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline]
RIP: 0010:trylock_buffer include/linux/buffer_head.h:359 [inline]
RIP: 0010:lock_buffer include/linux/buffer_head.h:365 [inline]
RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline]
RIP: 0010:get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191
RAX: 0000000000000007 RBX: ffff88808501f910 RCX: 1ffffffff10279bc
RDX: 0000000000000000 RSI: ffffffff87d842e0 RDI: ffff888093a7c1e4
RBP: ffff88808501f988 R08: 0000000000000001 R09: 0000000000000002
R10: ffff888093a7ca90 R11: ffff888093a7c1c0 R12: ffff88808501f8d4
R13: ffff8880941ad960 R14: dffffc0000000000 R15: 0000000000000000
FS: 000000000162a940(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000007d4bb000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
minix_get_block+0xd6/0x100 fs/minix/inode.c:379
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2027
__block_write_begin fs/buffer.c:2077 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2136
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
generic_file_write_iter+0x2fa/0x650 mm/filemap.c:3200
call_write_iter include/linux/fs.h:1777 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
vfs_write+0x192/0x4e0 fs/read_write.c:544
SYSC_write fs/read_write.c:590 [inline]
SyS_write+0xf2/0x210 fs/read_write.c:582
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x444c19
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
minix_get_block+0xd6/0x100 fs/minix/inode.c:379
__block_write_begin_int+0x337/0x1030 fs/buffer.c:2027
__block_write_begin fs/buffer.c:2077 [inline]
block_write_begin+0x58/0x260 fs/buffer.c:2136
minix_write_begin+0x35/0xc0 fs/minix/inode.c:415
generic_perform_write+0x1c9/0x420 mm/filemap.c:3047
__generic_file_write_iter+0x227/0x590 mm/filemap.c:3172
generic_file_write_iter+0x2fa/0x650 mm/filemap.c:3200
call_write_iter include/linux/fs.h:1777 [inline]
new_sync_write fs/read_write.c:469 [inline]
__vfs_write+0x44e/0x630 fs/read_write.c:482
vfs_write+0x192/0x4e0 fs/read_write.c:544
SYSC_write fs/read_write.c:590 [inline]
SyS_write+0xf2/0x210 fs/read_write.c:582
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RSP: 002b:00007fff8a02d308 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fff8a02d310 RCX: 0000000000444c19
RDX: 00000000ffffff2e RSI: 0000000020000040 RDI: 0000000000000004
RBP: 0000000000000000 R08: 0000000000401000 R09: 0000000000401000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402880
R13: 0000000000402910 R14: 0000000000000000 R15: 0000000000000000
Code: ca 08 00 00 49 8b bf 28 01 00 00 b9 08 00 00 00 e8 5f 07 c6 ff 31 d2 be 6c 01 00 00 48 c7 c7 e0 f2 b9 86 49 89 c7 e8 e9 48 6d ff <f0> 41 0f ba 2f 02 0f 83 1f fe ff ff e8 98 33 89 ff 4c 89 ff e8
RIP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline] RSP: ffff88808501f808
RIP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:233 [inline] RSP: ffff88808501f808
RIP: trylock_buffer include/linux/buffer_head.h:359 [inline] RSP: ffff88808501f808
RIP: lock_buffer include/linux/buffer_head.h:365 [inline] RSP: ffff88808501f808
RIP: alloc_branch fs/minix/itree_common.c:88 [inline] RSP: ffff88808501f808
RIP: get_block+0x6a7/0x10f0 fs/minix/itree_common.c:191 RSP: ffff88808501f808
CR2: 0000000000000000
---[ end trace 6336850785786139 ]---
syzbot
Sep 10, 2020, 4:47:09 AM9/10/20
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 3c775629a5ffe3f6305f9a4f53d8167f629435ad
Author: Eric Biggers <ebig...@google.com>
Date: Wed Aug 12 01:35:24 2020 +0000
fs/minix: check return value of sb_getblk()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15f1333e900000
start commit: 01364dad Linux 4.14.174
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=664dd71881ab2b2d
dashboard link: https://syzkaller.appspot.com/bug?extid=cb4500d8db7b875b297e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c926bde00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11c034b7e00000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs/minix: check return value of sb_getblk()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 3c775629a5ffe3f6305f9a4f53d8167f629435ad
Author: Eric Biggers <ebig...@google.com>
Date: Wed Aug 12 01:35:24 2020 +0000
fs/minix: check return value of sb_getblk()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=15f1333e900000
start commit: 01364dad Linux 4.14.174
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=664dd71881ab2b2d
dashboard link: https://syzkaller.appspot.com/bug?extid=cb4500d8db7b875b297e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14c926bde00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11c034b7e00000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: fs/minix: check return value of sb_getblk()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Sep 13, 2020, 10:37:05 PM9/13/20
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 954fc7da99a9513d5e6b3ccf38f6f7c9af5a276d
Author: Eric Biggers <ebig...@google.com>
Date: Wed Aug 12 01:35:30 2020 +0000
fs/minix: reject too-large maximum file size
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17dad253900000
start commit: fdc07232 Linux 4.19.120
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=7848de5371b4200c
dashboard link: https://syzkaller.appspot.com/bug?extid=fe13a9e814dd76a3fcfe
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13d3b070100000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=168d1d38100000
If the result looks correct, please mark the issue as fixed by replying with:
Reply all
Reply to author
Forward
0 new messages