[xfs?] BUG: unable to handle kernel paging request in crc_128
9 views
Skip to first unread message
syzbot
Jan 5, 2023, 4:41:47 PM1/5/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=177f69e6480000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=3039b688887067bcffb7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146799ec480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/df5e8ad5a21b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3039b6...@syzkaller.appspotmail.com
XFS (loop3): Continuing onwards, but if log hangs are experienced then please report this message in the bug report.
XFS (loop3): Torn write (CRC failure) detected at log block 0xffff888091eefa48. Truncating head block from 0x50.
BUG: unable to handle kernel paging request at ffffc900080f4000
PGD 13be43067 P4D 13be43067 PUD 23b831067 PMD a5ff2067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 25818 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:crc_128+0x14/0x1e
Code: 00 00 4c 8d 99 00 0c 00 00 48 81 c1 00 04 00 00 4d 31 c9 4d 31 d2 f2 4c 0f 38 f1 81 00 fc ff ff f2 4c 0f 38 f1 8a 00 fc ff ff <f2> 4d 0f 38 f1 93 00 fc ff ff f2 4c 0f 38 f1 81 08 fc ff ff f2 4c
RSP: 0018:ffff888091eef2b0 EFLAGS: 00010246
RAX: 0000000000000080 RBX: 00000000000087ff RCX: ffffc900080f3c00
RDX: ffffc900080f4000 RSI: 00000000000087ff RDI: ffffffff886862e0
RBP: 000000000000ffff R08: 00000000053b283c R09: 000000002a3791e3
R10: 0000000000000000 R11: ffffc900080f4400 R12: ffff888091eef390
R13: ffffc900080ec000 R14: 0000000000000000 R15: ffff888091eef3c8
FS: 00005555565f3400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900080f4000 CR3: 00000000b3fba000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
CR2: ffffc900080f4000
---[ end trace ad013d673acb2fb5 ]---
RIP: 0010:crc_128+0x14/0x1e
Code: 00 00 4c 8d 99 00 0c 00 00 48 81 c1 00 04 00 00 4d 31 c9 4d 31 d2 f2 4c 0f 38 f1 81 00 fc ff ff f2 4c 0f 38 f1 8a 00 fc ff ff <f2> 4d 0f 38 f1 93 00 fc ff ff f2 4c 0f 38 f1 81 08 fc ff ff f2 4c
RSP: 0018:ffff888091eef2b0 EFLAGS: 00010246
RAX: 0000000000000080 RBX: 00000000000087ff RCX: ffffc900080f3c00
RDX: ffffc900080f4000 RSI: 00000000000087ff RDI: ffffffff886862e0
RBP: 000000000000ffff R08: 00000000053b283c R09: 000000002a3791e3
R10: 0000000000000000 R11: ffffc900080f4400 R12: ffff888091eef390
R13: ffffc900080ec000 R14: 0000000000000000 R15: ffff888091eef3c8
FS: 00005555565f3400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900080f4000 CR3: 00000000b3fba000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 4c 8d 99 00 0c 00 00 lea 0xc00(%rcx),%r11
9: 48 81 c1 00 04 00 00 add $0x400,%rcx
10: 4d 31 c9 xor %r9,%r9
13: 4d 31 d2 xor %r10,%r10
16: f2 4c 0f 38 f1 81 00 crc32q -0x400(%rcx),%r8
1d: fc ff ff
20: f2 4c 0f 38 f1 8a 00 crc32q -0x400(%rdx),%r9
27: fc ff ff
* 2a: f2 4d 0f 38 f1 93 00 crc32q -0x400(%r11),%r10 <-- trapping instruction
31: fc ff ff
34: f2 4c 0f 38 f1 81 08 crc32q -0x3f8(%rcx),%r8
3b: fc ff ff
3e: f2 repnz
3f: 4c rex.WR
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=177f69e6480000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=3039b688887067bcffb7
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=146799ec480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/df5e8ad5a21b/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3039b6...@syzkaller.appspotmail.com
XFS (loop3): Continuing onwards, but if log hangs are experienced then please report this message in the bug report.
XFS (loop3): Torn write (CRC failure) detected at log block 0xffff888091eefa48. Truncating head block from 0x50.
BUG: unable to handle kernel paging request at ffffc900080f4000
PGD 13be43067 P4D 13be43067 PUD 23b831067 PMD a5ff2067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 25818 Comm: syz-executor.3 Not tainted 4.19.211-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:crc_128+0x14/0x1e
Code: 00 00 4c 8d 99 00 0c 00 00 48 81 c1 00 04 00 00 4d 31 c9 4d 31 d2 f2 4c 0f 38 f1 81 00 fc ff ff f2 4c 0f 38 f1 8a 00 fc ff ff <f2> 4d 0f 38 f1 93 00 fc ff ff f2 4c 0f 38 f1 81 08 fc ff ff f2 4c
RSP: 0018:ffff888091eef2b0 EFLAGS: 00010246
RAX: 0000000000000080 RBX: 00000000000087ff RCX: ffffc900080f3c00
RDX: ffffc900080f4000 RSI: 00000000000087ff RDI: ffffffff886862e0
RBP: 000000000000ffff R08: 00000000053b283c R09: 000000002a3791e3
R10: 0000000000000000 R11: ffffc900080f4400 R12: ffff888091eef390
R13: ffffc900080ec000 R14: 0000000000000000 R15: ffff888091eef3c8
FS: 00005555565f3400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900080f4000 CR3: 00000000b3fba000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
CR2: ffffc900080f4000
---[ end trace ad013d673acb2fb5 ]---
RIP: 0010:crc_128+0x14/0x1e
Code: 00 00 4c 8d 99 00 0c 00 00 48 81 c1 00 04 00 00 4d 31 c9 4d 31 d2 f2 4c 0f 38 f1 81 00 fc ff ff f2 4c 0f 38 f1 8a 00 fc ff ff <f2> 4d 0f 38 f1 93 00 fc ff ff f2 4c 0f 38 f1 81 08 fc ff ff f2 4c
RSP: 0018:ffff888091eef2b0 EFLAGS: 00010246
RAX: 0000000000000080 RBX: 00000000000087ff RCX: ffffc900080f3c00
RDX: ffffc900080f4000 RSI: 00000000000087ff RDI: ffffffff886862e0
RBP: 000000000000ffff R08: 00000000053b283c R09: 000000002a3791e3
R10: 0000000000000000 R11: ffffc900080f4400 R12: ffff888091eef390
R13: ffffc900080ec000 R14: 0000000000000000 R15: ffff888091eef3c8
FS: 00005555565f3400(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900080f4000 CR3: 00000000b3fba000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 00 add %al,(%rax)
2: 4c 8d 99 00 0c 00 00 lea 0xc00(%rcx),%r11
9: 48 81 c1 00 04 00 00 add $0x400,%rcx
10: 4d 31 c9 xor %r9,%r9
13: 4d 31 d2 xor %r10,%r10
16: f2 4c 0f 38 f1 81 00 crc32q -0x400(%rcx),%r8
1d: fc ff ff
20: f2 4c 0f 38 f1 8a 00 crc32q -0x400(%rdx),%r9
27: fc ff ff
* 2a: f2 4d 0f 38 f1 93 00 crc32q -0x400(%r11),%r10 <-- trapping instruction
31: fc ff ff
34: f2 4c 0f 38 f1 81 08 crc32q -0x3f8(%rcx),%r8
3b: fc ff ff
3e: f2 repnz
3f: 4c rex.WR
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages