[v5.15] kernel BUG in gfs2_withdraw
2 views
Skip to first unread message
syzbot
Sep 24, 2024, 3:11:27 AM9/24/24
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3a5928702e71 Linux 5.15.167
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15262a27980000
kernel config: https://syzkaller.appspot.com/x/.config?x=171882977b524c53
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c528fa1b9a940707cd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/22ee27cb312d/disk-3a592870.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90bf6a3e3d20/vmlinux-3a592870.xz
kernel image: https://storage.googleapis.com/syzbot-assets/096dd2c73ac3/Image-3a592870.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4c528...@syzkaller.appspotmail.com
bh = 8330 (magic number)
function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493
gfs2: fsid=syz:syz.0: about to withdraw this file system
------------[ cut here ]------------
kernel BUG at fs/gfs2/util.c:341!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 5195 Comm: syz.2.216 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
lr : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
sp : ffff800020156b80
x29: ffff800020156ca0 x28: ffff70000402ad80 x27: dfff800000000000
x26: 1fffe00019848857 x25: ffff800020156c00 x24: ffff800012010fe0
x23: 0000000000000716 x22: ffff0000cc244340 x21: ffff0000cc2440a8
x20: ffff0000cc2442bc x19: ffff0000cc244000 x18: 0000000000010000
x17: 0000000000010000 x16: ffff8000082ec9a8 x15: 0000000000000005
x14: 1ffff0000295806a x13: dfff800000000000 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002674a000 x9 : 0000000000040000
x8 : ffff80000a312728 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000804605c
x2 : 0000000000000006 x1 : 0000000000000004 x0 : 0000000000000000
Call trace:
gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
gfs2_meta_check_ii+0x80/0x9c fs/gfs2/util.c:498
gfs2_metatype_check_i fs/gfs2/util.h:126 [inline]
gfs2_meta_buffer+0x2c8/0x394 fs/gfs2/meta_io.c:493
gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline]
gfs2_inode_refresh+0xc4/0xdf4 fs/gfs2/glops.c:481
inode_go_lock+0xfc/0x390 fs/gfs2/glops.c:510
do_promote+0x680/0xa80 fs/gfs2/glock.c:507
finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
gfs2_lookupi+0x368/0x538 fs/gfs2/inode.c:321
gfs2_lookup_simple+0xe4/0x174 fs/gfs2/inode.c:273
init_journal+0x194/0x1f6c fs/gfs2/ops_fstype.c:748
init_inodes+0xe0/0x2d8 fs/gfs2/ops_fstype.c:891
gfs2_fill_super+0x1640/0x2010 fs/gfs2/ops_fstype.c:1249
get_tree_bdev+0x360/0x54c fs/super.c:1323
gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1332
vfs_get_tree+0x90/0x274 fs/super.c:1528
do_new_mount+0x278/0x8fc fs/namespace.c:3005
path_mount+0x594/0x101c fs/namespace.c:3335
do_mount fs/namespace.c:3348 [inline]
__do_sys_mount fs/namespace.c:3556 [inline]
__se_sys_mount fs/namespace.c:3533 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: f9401fe0 97970ed1 17ffff43 9786cde5 (d4210000)
---[ end trace 5014a25413b6df94 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3a5928702e71 Linux 5.15.167
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15262a27980000
kernel config: https://syzkaller.appspot.com/x/.config?x=171882977b524c53
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c528fa1b9a940707cd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/22ee27cb312d/disk-3a592870.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90bf6a3e3d20/vmlinux-3a592870.xz
kernel image: https://storage.googleapis.com/syzbot-assets/096dd2c73ac3/Image-3a592870.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4c528...@syzkaller.appspotmail.com
bh = 8330 (magic number)
function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493
gfs2: fsid=syz:syz.0: about to withdraw this file system
------------[ cut here ]------------
kernel BUG at fs/gfs2/util.c:341!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 5195 Comm: syz.2.216 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
lr : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
sp : ffff800020156b80
x29: ffff800020156ca0 x28: ffff70000402ad80 x27: dfff800000000000
x26: 1fffe00019848857 x25: ffff800020156c00 x24: ffff800012010fe0
x23: 0000000000000716 x22: ffff0000cc244340 x21: ffff0000cc2440a8
x20: ffff0000cc2442bc x19: ffff0000cc244000 x18: 0000000000010000
x17: 0000000000010000 x16: ffff8000082ec9a8 x15: 0000000000000005
x14: 1ffff0000295806a x13: dfff800000000000 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002674a000 x9 : 0000000000040000
x8 : ffff80000a312728 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000804605c
x2 : 0000000000000006 x1 : 0000000000000004 x0 : 0000000000000000
Call trace:
gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
gfs2_meta_check_ii+0x80/0x9c fs/gfs2/util.c:498
gfs2_metatype_check_i fs/gfs2/util.h:126 [inline]
gfs2_meta_buffer+0x2c8/0x394 fs/gfs2/meta_io.c:493
gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline]
gfs2_inode_refresh+0xc4/0xdf4 fs/gfs2/glops.c:481
inode_go_lock+0xfc/0x390 fs/gfs2/glops.c:510
do_promote+0x680/0xa80 fs/gfs2/glock.c:507
finish_xmote+0x478/0xbb4 fs/gfs2/glock.c:678
do_xmote+0x6e4/0x1054 fs/gfs2/glock.c:824
run_queue+0x3f8/0x6bc fs/gfs2/glock.c:872
gfs2_glock_nq+0xa60/0x144c fs/gfs2/glock.c:1534
gfs2_glock_nq_init fs/gfs2/glock.h:246 [inline]
gfs2_lookupi+0x368/0x538 fs/gfs2/inode.c:321
gfs2_lookup_simple+0xe4/0x174 fs/gfs2/inode.c:273
init_journal+0x194/0x1f6c fs/gfs2/ops_fstype.c:748
init_inodes+0xe0/0x2d8 fs/gfs2/ops_fstype.c:891
gfs2_fill_super+0x1640/0x2010 fs/gfs2/ops_fstype.c:1249
get_tree_bdev+0x360/0x54c fs/super.c:1323
gfs2_get_tree+0x54/0x1b4 fs/gfs2/ops_fstype.c:1332
vfs_get_tree+0x90/0x274 fs/super.c:1528
do_new_mount+0x278/0x8fc fs/namespace.c:3005
path_mount+0x594/0x101c fs/namespace.c:3335
do_mount fs/namespace.c:3348 [inline]
__do_sys_mount fs/namespace.c:3556 [inline]
__se_sys_mount fs/namespace.c:3533 [inline]
__arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: f9401fe0 97970ed1 17ffff43 9786cde5 (d4210000)
---[ end trace 5014a25413b6df94 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Sep 24, 2024, 4:25:29 AM9/24/24
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3a5928702e71 Linux 5.15.167
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=160f92a9980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/22ee27cb312d/disk-3a592870.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90bf6a3e3d20/vmlinux-3a592870.xz
kernel image: https://storage.googleapis.com/syzbot-assets/096dd2c73ac3/Image-3a592870.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/eef488f67e69/mount_18.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4c528...@syzkaller.appspotmail.com
bh = 8330 (magic number)
function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493
gfs2: fsid=syz:syz.0: about to withdraw this file system
------------[ cut here ]------------
kernel BUG at fs/gfs2/util.c:341!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4132 Comm: syz.0.15 Not tainted 5.15.167-syzkaller #0
x29: ffff800020456ca0 x28: ffff70000408ad80 x27: dfff800000000000
x26: 1fffe0001ac5f857 x25: ffff800020456c00 x24: ffff800012010fe0
x23: 0000000000000716 x22: ffff0000d62fc340 x21: ffff0000d62fc0a8
x20: ffff0000d62fc2bc x19: ffff0000d62fc000 x18: 0000000000000001
x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff
x14: ffff0000c0ce0000 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000c0ce0000
x8 : ffff80000a312728 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000204562f8 x4 : ffff800014b9fae0 x3 : ffff800008557c4c
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000000
---[ end trace 71bd596ad3b435f2 ]---
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 3a5928702e71 Linux 5.15.167
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=171882977b524c53
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c528fa1b9a940707cd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=110f92a9980000
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c528fa1b9a940707cd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/22ee27cb312d/disk-3a592870.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90bf6a3e3d20/vmlinux-3a592870.xz
kernel image: https://storage.googleapis.com/syzbot-assets/096dd2c73ac3/Image-3a592870.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4c528...@syzkaller.appspotmail.com
bh = 8330 (magic number)
function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493
gfs2: fsid=syz:syz.0: about to withdraw this file system
------------[ cut here ]------------
kernel BUG at fs/gfs2/util.c:341!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
lr : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
sp : ffff800020456b80
lr : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
x29: ffff800020456ca0 x28: ffff70000408ad80 x27: dfff800000000000
x26: 1fffe0001ac5f857 x25: ffff800020456c00 x24: ffff800012010fe0
x23: 0000000000000716 x22: ffff0000d62fc340 x21: ffff0000d62fc0a8
x20: ffff0000d62fc2bc x19: ffff0000d62fc000 x18: 0000000000000001
x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff
x14: ffff0000c0ce0000 x13: 0000000000000001 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000c0ce0000
x8 : ffff80000a312728 x7 : 0000000000000001 x6 : 0000000000000001
x5 : ffff8000204562f8 x4 : ffff800014b9fae0 x3 : ffff800008557c4c
x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000000
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
syzbot
Sep 24, 2024, 5:56:29 AM9/24/24
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 3a5928702e71 Linux 5.15.167
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=164d2a27980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=171852a9980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/22ee27cb312d/disk-3a592870.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90bf6a3e3d20/vmlinux-3a592870.xz
kernel image: https://storage.googleapis.com/syzbot-assets/096dd2c73ac3/Image-3a592870.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7f7a2a43f59d/mount_16.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4c528...@syzkaller.appspotmail.com
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
x29: ffff80001de26ca0 x28: ffff700003bc4d80 x27: dfff800000000000
x26: 1fffe000197f2857 x25: ffff80001de26c00 x24: ffff800012010fe0
x23: 0000000000000716 x22: ffff0000cbf94340 x21: ffff0000cbf940a8
x20: ffff0000cbf942bc x19: ffff0000cbf94000 x18: 1fffe00036835d8e
x17: 1fffe00036835d8e x16: ffff800011ac23e0 x15: ffff800014b5ef40
x14: 1ffff0000295806a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000d8a13680
x2 : ffff0001b41aed10 x1 : 0000000000000004 x0 : 0000000000000000
---[ end trace 76603aa17b18c0cf ]---
HEAD commit: 3a5928702e71 Linux 5.15.167
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=171882977b524c53
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c528fa1b9a940707cd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17fc0989980000
dashboard link: https://syzkaller.appspot.com/bug?extid=d4c528fa1b9a940707cd
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=171852a9980000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/22ee27cb312d/disk-3a592870.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/90bf6a3e3d20/vmlinux-3a592870.xz
kernel image: https://storage.googleapis.com/syzbot-assets/096dd2c73ac3/Image-3a592870.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+d4c528...@syzkaller.appspotmail.com
bh = 8330 (magic number)
function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493
gfs2: fsid=syz:syz.0: about to withdraw this file system
------------[ cut here ]------------
kernel BUG at fs/gfs2/util.c:341!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 4017 Comm: syz-executor214 Not tainted 5.15.167-syzkaller #0
function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 493
gfs2: fsid=syz:syz.0: about to withdraw this file system
------------[ cut here ]------------
kernel BUG at fs/gfs2/util.c:341!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
lr : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
sp : ffff80001de26b80
lr : gfs2_withdraw+0x1214/0x12a4 fs/gfs2/util.c:341
x29: ffff80001de26ca0 x28: ffff700003bc4d80 x27: dfff800000000000
x26: 1fffe000197f2857 x25: ffff80001de26c00 x24: ffff800012010fe0
x23: 0000000000000716 x22: ffff0000cbf94340 x21: ffff0000cbf940a8
x20: ffff0000cbf942bc x19: ffff0000cbf94000 x18: 1fffe00036835d8e
x17: 1fffe00036835d8e x16: ffff800011ac23e0 x15: ffff800014b5ef40
x14: 1ffff0000295806a x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000d8a13680
x8 : ffff80000a312728 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000a987d1c
x2 : ffff0001b41aed10 x1 : 0000000000000004 x0 : 0000000000000000
Reply all
Reply to author
Forward
0 new messages