[v6.1] kernel BUG in ocfs2_truncate_log_needs_flush
2 views
Skip to first unread message
syzbot
Oct 27, 2024, 10:34:27 PM10/27/24
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7ec6f9fa3d97 Linux 6.1.114
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13fa7e5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=344cdb747ab79921
dashboard link: https://syzkaller.appspot.com/bug?extid=18de60b55094b34bfa0a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e7551ab2b38b/disk-7ec6f9fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/99ca69a69b01/vmlinux-7ec6f9fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0d62742f11c2/Image-7ec6f9fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+18de60...@syzkaller.appspotmail.com
(syz.1.37,4503,0):ocfs2_truncate_log_needs_flush:5815 ERROR: bug expression: le16_to_cpu(tl->tl_used) > le16_to_cpu(tl->tl_count)
(syz.1.37,4503,0):ocfs2_truncate_log_needs_flush:5815 ERROR: slot 0, invalid truncate log parameters: used = 2304, count = 39
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5815!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4503 Comm: syz.1.37 Not tainted 6.1.114-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ocfs2_truncate_log_needs_flush+0x298/0x29c fs/ocfs2/alloc.c:5812
lr : ocfs2_truncate_log_needs_flush+0x298/0x29c fs/ocfs2/alloc.c:5812
sp : ffff800021a57240
x29: ffff800021a572c0 x28: ffff800021a57240 x27: 1000000000000000
x26: 1fffe0001eb7d558 x25: 1fffe0001eb7d558 x24: dfff800000000000
x23: ffff800021a57260 x22: ffff800021a57280 x21: 0000000000000900
x20: 0000000000000000 x19: ffff0000f5beaac0 x18: 1fffe0003679f176
x17: ffff8000159cd000 x16: ffff800012290d3c x15: ffff0001b3cf8bbc
x14: 1ffff00002b3a0b0 x13: dfff800000000000 x12: 0000000000040000
x11: 0000000000007e33 x10: ffff800021ea9000 x9 : fdbc9b92f1be8000
x8 : fdbc9b92f1be8000 x7 : ffff80000827d390 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000aaa90ac
x2 : ffff0001b3cf8cd0 x1 : 0000000100000000 x0 : 000000000000007d
Call trace:
ocfs2_truncate_log_needs_flush+0x298/0x29c fs/ocfs2/alloc.c:5812
ocfs2_xattr_set+0xb8c/0x1478 fs/ocfs2/xattr.c:3629
ocfs2_xattr_security_set+0x4c/0x64 fs/ocfs2/xattr.c:7255
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 5282d6e2 2a1403e4 2a1503e5 94075ce7 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7ec6f9fa3d97 Linux 6.1.114
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13fa7e5f980000
kernel config: https://syzkaller.appspot.com/x/.config?x=344cdb747ab79921
dashboard link: https://syzkaller.appspot.com/bug?extid=18de60b55094b34bfa0a
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e7551ab2b38b/disk-7ec6f9fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/99ca69a69b01/vmlinux-7ec6f9fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0d62742f11c2/Image-7ec6f9fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+18de60...@syzkaller.appspotmail.com
(syz.1.37,4503,0):ocfs2_truncate_log_needs_flush:5815 ERROR: bug expression: le16_to_cpu(tl->tl_used) > le16_to_cpu(tl->tl_count)
(syz.1.37,4503,0):ocfs2_truncate_log_needs_flush:5815 ERROR: slot 0, invalid truncate log parameters: used = 2304, count = 39
------------[ cut here ]------------
kernel BUG at fs/ocfs2/alloc.c:5815!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4503 Comm: syz.1.37 Not tainted 6.1.114-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ocfs2_truncate_log_needs_flush+0x298/0x29c fs/ocfs2/alloc.c:5812
lr : ocfs2_truncate_log_needs_flush+0x298/0x29c fs/ocfs2/alloc.c:5812
sp : ffff800021a57240
x29: ffff800021a572c0 x28: ffff800021a57240 x27: 1000000000000000
x26: 1fffe0001eb7d558 x25: 1fffe0001eb7d558 x24: dfff800000000000
x23: ffff800021a57260 x22: ffff800021a57280 x21: 0000000000000900
x20: 0000000000000000 x19: ffff0000f5beaac0 x18: 1fffe0003679f176
x17: ffff8000159cd000 x16: ffff800012290d3c x15: ffff0001b3cf8bbc
x14: 1ffff00002b3a0b0 x13: dfff800000000000 x12: 0000000000040000
x11: 0000000000007e33 x10: ffff800021ea9000 x9 : fdbc9b92f1be8000
x8 : fdbc9b92f1be8000 x7 : ffff80000827d390 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000001 x3 : ffff80000aaa90ac
x2 : ffff0001b3cf8cd0 x1 : 0000000100000000 x0 : 000000000000007d
Call trace:
ocfs2_truncate_log_needs_flush+0x298/0x29c fs/ocfs2/alloc.c:5812
ocfs2_xattr_set+0xb8c/0x1478 fs/ocfs2/xattr.c:3629
ocfs2_xattr_security_set+0x4c/0x64 fs/ocfs2/xattr.c:7255
__vfs_setxattr+0x388/0x3a4 fs/xattr.c:182
__vfs_setxattr_noperm+0x110/0x528 fs/xattr.c:216
__vfs_setxattr_locked+0x1ec/0x218 fs/xattr.c:277
vfs_setxattr+0x1a8/0x344 fs/xattr.c:309
do_setxattr fs/xattr.c:594 [inline]
setxattr+0x230/0x294 fs/xattr.c:617
path_setxattr+0x17c/0x258 fs/xattr.c:636
__do_sys_setxattr fs/xattr.c:652 [inline]
__se_sys_setxattr fs/xattr.c:648 [inline]
__arm64_sys_setxattr+0xbc/0xd8 fs/xattr.c:648
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 5282d6e2 2a1403e4 2a1503e5 94075ce7 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Feb 4, 2025, 9:34:19 PM2/4/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages