[v5.15] kernel BUG in ocfs2_group_extend
3 views
Skip to first unread message
syzbot
May 12, 2025, 11:02:27 AM5/12/25
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3b8db0e4f263 Linux 5.15.182
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1266f768580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f93aaf95aed43225
dashboard link: https://syzkaller.appspot.com/bug?extid=ad2fdcac9889c9b22f73
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b5fc99635e8/disk-3b8db0e4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5351a5e4c264/vmlinux-3b8db0e4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e022b133e1a6/bzImage-3b8db0e4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ad2fdc...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/resize.c:300!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5624 Comm: syz.8.232 Not tainted 5.15.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
RIP: 0010:ocfs2_group_extend+0x9ab/0x9b0 fs/ocfs2/resize.c:300
Code: 13 fa ff ff 48 8b 4c 24 10 80 e1 07 fe c1 38 c1 0f 8c 25 fa ff ff 48 8b 7c 24 10 e8 df d6 9b fe e9 16 fa ff ff e8 c5 63 56 fe <0f> 0b 0f 1f 00 55 41 57 41 56 41 54 53 89 f3 49 89 fe e8 ae 63 56
RSP: 0018:ffffc90002effb40 EFLAGS: 00010283
RAX: ffffffff83215a4b RBX: 00000000ffffffff RCX: 0000000000080000
RDX: ffffc900104d4000 RSI: 000000000000312e RDI: 000000000000312f
RBP: ffffc90002effcf0 R08: dffffc0000000000 R09: fffffbfff1ad1576
R10: fffffbfff1ad1576 R11: 1ffffffff1ad1575 R12: ffff88805061d098
R13: dffffc0000000000 R14: ffff888055a54e00 R15: ffff88805061cfb8
FS: 00007fa470ab66c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000b3a000 CR3: 0000000062f28000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ocfs2_ioctl+0x6d1/0x720 fs/ocfs2/ioctl.c:873
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fa472c6f969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa470ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa472e97080 RCX: 00007fa472c6f969
RDX: 0000200000000500 RSI: 0000000040046f01 RDI: 000000000000000a
RBP: 00007fa472cf1ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa472e97080 R15: 00007ffd64246ea8
</TASK>
Modules linked in:
---[ end trace ec634bc7aa345fb8 ]---
RIP: 0010:ocfs2_group_extend+0x9ab/0x9b0 fs/ocfs2/resize.c:300
Code: 13 fa ff ff 48 8b 4c 24 10 80 e1 07 fe c1 38 c1 0f 8c 25 fa ff ff 48 8b 7c 24 10 e8 df d6 9b fe e9 16 fa ff ff e8 c5 63 56 fe <0f> 0b 0f 1f 00 55 41 57 41 56 41 54 53 89 f3 49 89 fe e8 ae 63 56
RSP: 0018:ffffc90002effb40 EFLAGS: 00010283
RAX: ffffffff83215a4b RBX: 00000000ffffffff RCX: 0000000000080000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 3b8db0e4f263 Linux 5.15.182
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1266f768580000
kernel config: https://syzkaller.appspot.com/x/.config?x=f93aaf95aed43225
dashboard link: https://syzkaller.appspot.com/bug?extid=ad2fdcac9889c9b22f73
compiler: Debian clang version 20.1.2 (++20250402124445+58df0ef89dd6-1~exp1~20250402004600.97), Debian LLD 20.1.2
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/4b5fc99635e8/disk-3b8db0e4.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/5351a5e4c264/vmlinux-3b8db0e4.xz
kernel image: https://storage.googleapis.com/syzbot-assets/e022b133e1a6/bzImage-3b8db0e4.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ad2fdc...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at fs/ocfs2/resize.c:300!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5624 Comm: syz.8.232 Not tainted 5.15.182-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
RIP: 0010:ocfs2_group_extend+0x9ab/0x9b0 fs/ocfs2/resize.c:300
Code: 13 fa ff ff 48 8b 4c 24 10 80 e1 07 fe c1 38 c1 0f 8c 25 fa ff ff 48 8b 7c 24 10 e8 df d6 9b fe e9 16 fa ff ff e8 c5 63 56 fe <0f> 0b 0f 1f 00 55 41 57 41 56 41 54 53 89 f3 49 89 fe e8 ae 63 56
RSP: 0018:ffffc90002effb40 EFLAGS: 00010283
RAX: ffffffff83215a4b RBX: 00000000ffffffff RCX: 0000000000080000
RDX: ffffc900104d4000 RSI: 000000000000312e RDI: 000000000000312f
RBP: ffffc90002effcf0 R08: dffffc0000000000 R09: fffffbfff1ad1576
R10: fffffbfff1ad1576 R11: 1ffffffff1ad1575 R12: ffff88805061d098
R13: dffffc0000000000 R14: ffff888055a54e00 R15: ffff88805061cfb8
FS: 00007fa470ab66c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000b3a000 CR3: 0000000062f28000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ocfs2_ioctl+0x6d1/0x720 fs/ocfs2/ioctl.c:873
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:874 [inline]
__se_sys_ioctl+0xfa/0x170 fs/ioctl.c:860
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7fa472c6f969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa470ab6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fa472e97080 RCX: 00007fa472c6f969
RDX: 0000200000000500 RSI: 0000000040046f01 RDI: 000000000000000a
RBP: 00007fa472cf1ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa472e97080 R15: 00007ffd64246ea8
</TASK>
Modules linked in:
---[ end trace ec634bc7aa345fb8 ]---
RIP: 0010:ocfs2_group_extend+0x9ab/0x9b0 fs/ocfs2/resize.c:300
Code: 13 fa ff ff 48 8b 4c 24 10 80 e1 07 fe c1 38 c1 0f 8c 25 fa ff ff 48 8b 7c 24 10 e8 df d6 9b fe e9 16 fa ff ff e8 c5 63 56 fe <0f> 0b 0f 1f 00 55 41 57 41 56 41 54 53 89 f3 49 89 fe e8 ae 63 56
RSP: 0018:ffffc90002effb40 EFLAGS: 00010283
RAX: ffffffff83215a4b RBX: 00000000ffffffff RCX: 0000000000080000
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Aug 20, 2025, 11:02:23 AM8/20/25
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages