[<prev] [next>] [day] [month] [year] [list]
Message-ID:
<TYSPR06MB715874368EFB5D2A09C527B1F68D2@TYSPR06MB7158.apcprd06.prod.outlook.com>
Date: Fri, 2 May 2025 03:22:13 +0000
From: "huk23@...udan.edu.cn" <huk23@...udan.edu.cn>
To: Kent Overstreet <kent.overstreet@...ux.dev>
CC: "jjtan24@...udan.edu.cn" <jjtan24@...udan.edu.cn>,
白烁冉 <baishuoran@...eu.edu.cn>, linux-bcachefs
<linux-bcachefs@...r.kernel.org>, "syzkaller@...glegroups.com"
<syzkaller@...glegroups.com>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>
Subject: WARNING in bch2_fs_release
Dear Maintainers,
When using our customized Syzkaller to fuzz the latest Linux kernel, the following crash (11th)was triggered.
HEAD commit: 6537cfb395f352782918d8ee7b7f10ba2cc3cbf2
git tree: upstream
Output:https:https://github.com/pghk13/Kernel-Bug/blob/main/1220_6.13rc_KASAN/2.%E5%9B%9E%E5%BD%92-11/11-KASAN_%20slab-use-after-free%20Read%20in%20move_to_new_folio/11call_trace.txt
Kernel config:https://github.com/pghk13/Kernel-Bug/blob/main/config.txt
C reproducer:https:https://github.com/pghk13/Kernel-Bug/blob/main/1220_6.13rc_KASAN/2.%E5%9B%9E%E5%BD%92-11/11-KASAN_%20slab-use-after-free%20Read%20in%20move_to_new_folio/11repro.c
Syzlang reproducer: https://github.com/pghk13/Kernel-Bug/blob/main/1220_6.13rc_KASAN/2.%E5%9B%9E%E5%BD%92-11/11-KASAN_%20slab-use-after-free%20Read%20in%20move_to_new_folio/11repro.txt
The error is located on line 592 of the fs/bcachefs/super.c file, in the bch2_fs_release function. Based on the error message and the call stack, the problem is that all reserved resources are not properly released when the bcachefs file system is down.
We have reproduced this issue several times on 6.15-rc1 again.
If you fix this issue, please add the following tag to the commit:
Reported-by: Kun Hu <huk23@...udan.edu.cn>, Jiaji Qin <jjtan24@...udan.edu.cn>, Shuoran Bai <baishuoran@...eu.edu.cn>
==================================================================
online_reserved not 0 at shutdown: 1
WARNING: CPU: 1 PID: 13366 at fs/bcachefs/super.c:592 bch2_fs_release+0x735/0x8b0
Modules linked in:
CPU: 1 UID: 0 PID: 13366 Comm: syz.1.45 Not tainted 6.15.0-rc1 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:bch2_fs_release+0x735/0x8b0
Code: 89 ef e8 be 4f d1 ff e9 86 fa ff ff e8 e4 ae 54 fd 90 0f 0b e8 dc ae 54 fd 90 48 c7 c7 a0 87 e6 8b 4c 89 e6 e8 cc 31 14 fd 90 <0f> 0b 90 90 48 b8 00 00 00 00 00 fc ff df 48 8b 54 24 10 48 c1 ea
RSP: 0018:ffffc900026c7358 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff888075e00068 RCX: ffffffff817a9669
RDX: 0000000000000001 RSI: ffff88801fba4900 RDI: 0000000000000002
RBP: ffff888075e00000 R08: fffffbfff1c4bb00 R09: ffffed100fdc47ba
R10: ffffed100fdc47b9 R11: ffff88807ee23dcb R12: 0000000000000001
R13: 0000607f1491e148 R14: dffffc0000000000 R15: 0000000000000000
FS: 00007fcb10ebf700(0000) GS:ffff8880eb36b000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f93c5d4c000 CR3: 000000006c2e6000 CR4: 0000000000750ef0
PKRU: 00000000
Call Trace:
<TASK>
kobject_put+0x1b2/0x4c0
bch2_fs_alloc+0xcfe/0x29b0
bch2_fs_open+0x945/0x1160
bch2_fs_get_tree+0x3c9/0x20c0
vfs_get_tree+0x93/0x340
path_mount+0x1270/0x1b90
do_mount+0xb3/0x110
__x64_sys_mount+0x193/0x230
do_syscall_64+0xcf/0x260
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcb0ffaf51e
Code: ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcb10ebe9b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000005905 RCX: 00007fcb0ffaf51e
RDX: 00000000200058c0 RSI: 0000000020005900 RDI: 00007fcb10ebea10
RBP: 00007fcb10ebea50 R08: 00007fcb10ebea50 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200058c0
R13: 0000000020005900 R14: 00007fcb10ebea10 R15: 00000000200001c0
thanks,
Kun Hu
Powered by blists - more mailing lists