lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <66f970b6.050a0220.6bad9.001a.GAE@google.com>
Date: Sun, 29 Sep 2024 08:22:30 -0700
From: syzbot <syzbot+c3ef47c4433fe4281f50@...kaller.appspotmail.com>
To: jlbec@...lplan.org, joseph.qi@...ux.alibaba.com, 
	linux-kernel@...r.kernel.org, mark@...heh.com, ocfs2-devel@...ts.linux.dev, 
	syzkaller-bugs@...glegroups.com
Subject: [syzbot] [ocfs2?] kernel BUG in ocfs2_page_mkwrite

Hello,

syzbot found the following issue on:

HEAD commit:    684a64bf32b6 Merge tag 'nfs-for-6.12-1' of git://git.linux..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1518ca80580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=bd75e1a00004094f
dashboard link: https://syzkaller.appspot.com/bug?extid=c3ef47c4433fe4281f50
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7bc7510fe41f/non_bootable_disk-684a64bf.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f05b4b08a420/vmlinux-684a64bf.xz
kernel image: https://storage.googleapis.com/syzbot-assets/d59f9edaf3bc/bzImage-684a64bf.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c3ef47c4433fe4281f50@...kaller.appspotmail.com

Buffer I/O error on dev loop0, logical block 11096, async page read
Buffer I/O error on dev loop0, logical block 11097, async page read
(syz.0.0,5102,0):ocfs2_extend_trans:438 ERROR: status = -30
(syz.0.0,5102,0):ocfs2_try_to_merge_extent:3809 ERROR: status = -30
(syz.0.0,5102,0):__ocfs2_journal_access:705 ERROR: Error -30 getting 1 access to buffer!
(syz.0.0,5102,0):ocfs2_write_end_nolock:1967 ERROR: status = -30
------------[ cut here ]------------
kernel BUG at fs/ocfs2/mmap.c:107!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5102 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-10547-g684a64bf32b6 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__ocfs2_page_mkwrite fs/ocfs2/mmap.c:107 [inline]
RIP: 0010:ocfs2_page_mkwrite+0xec0/0xed0 fs/ocfs2/mmap.c:144
Code: 06 50 05 fe 4c 89 f0 48 83 e0 01 75 0a e8 18 4b 05 fe e9 44 f7 ff ff 49 ff ce e8 0b 4b 05 fe e9 3c f7 ff ff e8 01 4b 05 fe 90 <0f> 0b e8 f9 4a 05 fe e9 3a fe ff ff 0f 1f 40 00 90 90 90 90 90 90
RSP: 0018:ffffc9000b0a7540 EFLAGS: 00010293
RAX: ffffffff838f6a3f RBX: 00000000ffffffe2 RCX: ffff8880006d2440
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 00000000ffffffe2
RBP: ffffc9000b0a76e8 R08: ffffffff838f678a R09: 1ffffffff284d117
R10: dffffc0000000000 R11: fffffbfff284d118 R12: 000000000000e000
R13: 1ffffd4000270684 R14: 0000000000001000 R15: 0000000000000000
FS:  000055558f8ee500(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000e000 CR3: 000000004b98e000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 do_page_mkwrite+0x198/0x480 mm/memory.c:3162
 wp_page_shared mm/memory.c:3563 [inline]
 do_wp_page+0x23d3/0x52d0 mm/memory.c:3713
 handle_pte_fault+0x10e3/0x6800 mm/memory.c:5767
 __handle_mm_fault mm/memory.c:5894 [inline]
 handle_mm_fault+0x1106/0x1bb0 mm/memory.c:6062
 do_user_addr_fault arch/x86/mm/fault.c:1389 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x2b9/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f815a94740c
Code: 00 00 00 74 a0 83 f9 c0 0f 87 56 fe ff ff 62 e1 fe 28 6f 4e 01 48 29 fe 48 83 c7 3f 49 8d 0c 10 48 83 e7 c0 48 01 fe 48 29 f9 <f3> a4 62 c1 fe 28 7f 00 62 c1 fe 28 7f 48 01 c3 0f 1f 40 00 4c 8b
RSP: 002b:00007fffee1acf88 EFLAGS: 00010202
RAX: 0000000020009680 RBX: 0000000000000004 RCX: 0000000000000b8b
RDX: 000000000000550b RSI: 00007f815a21333e RDI: 000000002000e000
RBP: 00007f815ab37a80 R08: 0000000020009680 R09: 0000000000000002
R10: 0000000000000000 R11: 0000000000000002 R12: 00000000000120b8
R13: 00007fffee1ad090 R14: 0000000000000032 R15: fffffffffffffffe
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__ocfs2_page_mkwrite fs/ocfs2/mmap.c:107 [inline]
RIP: 0010:ocfs2_page_mkwrite+0xec0/0xed0 fs/ocfs2/mmap.c:144
Code: 06 50 05 fe 4c 89 f0 48 83 e0 01 75 0a e8 18 4b 05 fe e9 44 f7 ff ff 49 ff ce e8 0b 4b 05 fe e9 3c f7 ff ff e8 01 4b 05 fe 90 <0f> 0b e8 f9 4a 05 fe e9 3a fe ff ff 0f 1f 40 00 90 90 90 90 90 90
RSP: 0018:ffffc9000b0a7540 EFLAGS: 00010293
RAX: ffffffff838f6a3f RBX: 00000000ffffffe2 RCX: ffff8880006d2440
RDX: 0000000000000000 RSI: 0000000000001000 RDI: 00000000ffffffe2
RBP: ffffc9000b0a76e8 R08: ffffffff838f678a R09: 1ffffffff284d117
R10: dffffc0000000000 R11: fffffbfff284d118 R12: 000000000000e000
R13: 1ffffd4000270684 R14: 0000000000001000 R15: 0000000000000000
FS:  000055558f8ee500(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055af02d95058 CR3: 000000004b98e000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ