lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c482c91d-5a5b-4f82-81c1-b694962009ea@kernel.dk>
Date: Fri, 5 Sep 2025 12:41:39 -0600
From: Jens Axboe <axboe@...nel.dk>
To: Naresh Kamboju <naresh.kamboju@...aro.org>,
 Linux btrfs <linux-btrfs@...r.kernel.org>,
 linux-block <linux-block@...r.kernel.org>, linux-fsdevel@...r.kernel.org,
 open list <linux-kernel@...r.kernel.org>, lkft-triage@...ts.linaro.org,
 Linux Regressions <regressions@...ts.linux.dev>
Cc: Christoph Hellwig <hch@....de>, David Sterba <dsterba@...e.cz>,
 "Darrick J. Wong" <djwong@...nel.org>,
 Anders Roxell <anders.roxell@...aro.org>, Arnd Bergmann <arnd@...db.de>,
 Dan Carpenter <dan.carpenter@...aro.org>,
 Ben Copeland <benjamin.copeland@...aro.org>,
 David Hildenbrand <david@...hat.com>
Subject: Re: qemu-arm64: xfstests crash in bio_iov_iter_get_pages on
 next-20250904

On 9/5/25 6:58 AM, Naresh Kamboju wrote:
> The following regressions were detected on qemu-arm64 while running
> xfstests with the Linux next-20250904 tag. The system crashed with an
> internal error in bio_iov_iter_get_pages(), resulting in an Oops during
> direct I/O write operations.
> 
> Regression Analysis:
> - New regression? yes
> - Reproducibility? yes
> 
> First seen on next-20250904
> Bad: next-20250904 and next-20250905
> Good: next-20250822
> 
> Test regression: next-20250904 qemu-arm64 xfstests Internal error Oops
> bio_iov_iter_get_pages
> 
> Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>
> 
> qemu-arm64:
> Test:
> * xfstests
> 
> Test crash:
> 
> [ 2074.633472] Internal error: Oops: 0000000096000004 [#1]  SMP
> [ 2074.639619] Modules linked in: sm3_ce sha3_ce fuse drm backlight dm_mod
> [ 2074.651698] CPU: 0 UID: 0 PID: 154238 Comm: xfs_io Not tainted
> 6.17.0-rc4-next-20250904 #1 PREEMPT
> [ 2074.652132] Hardware name: linux,dummy-virt (DT)
> [ 2074.652429] pstate: 22402009 (nzCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
> [ 2074.652716] pc : bio_iov_iter_get_pages (block/bio.c:1074
> block/bio.c:1272 block/bio.c:1336)
> [ 2074.701159] lr : bio_iov_iter_get_pages (block/bio.c:1072
> block/bio.c:1272 block/bio.c:1336)
> [ 2074.701366] sp : ffff800080f83950
> [ 2074.701506] x29: ffff800080f83980 x28: 000000000006f000 x27: fff00000c03b9408
> [ 2074.701853] x26: 0000000000001000 x25: 0000000000000091 x24: ffffc1ffc153b480
> [ 2074.702133] x23: 0000000000000002 x22: 00000000ffffffff x21: 0000000000000100
> [ 2074.702421] x20: 0000000000000001 x19: 0000000000001000 x18: 0000000000001000
> [ 2074.702710] x17: 0000000000000000 x16: 0000000000000000 x15: fff00000ff6e9a80
> [ 2074.702987] x14: fff0000007413500 x13: ffffa44770f6e000 x12: ffffc1ffc0000000
> [ 2074.703264] x11: 0000000000001000 x10: fff00000cf850800 x9 : fff00000cf850b78
> [ 2074.703510] x8 : ffffc1ffc153ac08 x7 : 0000ffff9626f000 x6 : 0000000000000fff
> [ 2074.703794] x5 : 0000000000021000 x4 : ffffc1ffbf000000 x3 : 7878782f78787878
> [ 2074.704079] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000001000
> [ 2074.704436] Call trace:
> [ 2074.704685] bio_iov_iter_get_pages (block/bio.c:1074
> block/bio.c:1272 block/bio.c:1336) (P)
> [ 2074.704971] iomap_dio_bio_iter (fs/iomap/direct-io.c:437)
> [ 2074.705167] __iomap_dio_rw (include/linux/uio.h:228
> fs/iomap/direct-io.c:530 fs/iomap/direct-io.c:559
> fs/iomap/direct-io.c:729)
> [ 2074.705331] btrfs_direct_write+0x1f4/0x3bc
> [ 2074.713828] btrfs_do_write_iter+0x18c/0x1ec
> [ 2074.725568] btrfs_file_write_iter+0x14/0x20
> [ 2074.725936] vfs_write (fs/read_write.c:593 fs/read_write.c:686)
> [ 2074.731508] __arm64_sys_pwrite64 (fs/read_write.c:793
> fs/read_write.c:801 fs/read_write.c:798 fs/read_write.c:798)
> [ 2074.731822] invoke_syscall (arch/arm64/kernel/syscall.c:35
> arch/arm64/kernel/syscall.c:49)
> [ 2074.737438] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:132)
> [ 2074.737885] do_el0_svc (arch/arm64/kernel/syscall.c:151)
> [ 2074.738235] el0_svc (arch/arm64/kernel/entry-common.c:879)
> [ 2074.785073] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:899)
> [ 2074.785245] el0t_64_sync (arch/arm64/kernel/entry.S:596)
> [ 2074.785643] Code: f9400fea d2820000 7940c377 f8795943 (f9400462)
> All code
> ========
>    0: f9400fea ldr x10, [sp, #24]
>    4: d2820000 mov x0, #0x1000                // #4096
>    8: 7940c377 ldrh w23, [x27, #96]
>    c: f8795943 ldr x3, [x10, w25, uxtw #3]
>   10:* f9400462 ldr x2, [x3, #8] <-- trapping instruction
> 
> Code starting with the faulting instruction
> ===========================================
>    0: f9400462 ldr x2, [x3, #8]
> [ 2074.786668] ---[ end trace 0000000000000000 ]---
> 
> 
> ## Source
> * Kernel version: 6.17.0-rc4-next-20250904
> * Git tree: https://kernel.googlesource.com/pub/scm/linux/kernel/git/next/linux-next.git
> * Git describe: next-20250904
> * Git commit: 4ac65880ebca1b68495bd8704263b26c050ac010
> * Architectures / Devices: qemu-arm64
> * Toolchains: gcc-13
> * Kconfigs: defconfig+xfstests
> * xfstests: v2024.12.01
> 
> ## Build
> * Test log: https://qa-reports.linaro.org/api/testruns/29762004/log_file/
> * Test details:
> https://regressions.linaro.org/lkft/linux-next-master/next-20250904/log-parser-test/internal-error-oops-oops-smp/
> * Test plan: https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/32E6ypoTqaDjAEJISuUAAgkPUva
> * Build link: https://storage.tuxsuite.com/public/linaro/lkft/builds/32E6us2qcXmnop3jTYQMOB9eVPt/
> * Kernel config:
> https://storage.tuxsuite.com/public/linaro/lkft/builds/32E6us2qcXmnop3jTYQMOB9eVPt/config
> * xfstests: https://storage.tuxboot.com/overlays/debian/trixie/arm64/xfstests/v2024.12.01/xfstests.tar.xz
> 
> --
> Linaro LKFT
> https://lkft.linaro.org

Adding David and leaving report intact, perhaps try if it's the same
that syzbot reported:

https://lore.kernel.org/io-uring/68babfe5.a00a0220.eb3d.0011.GAE@google.com/T/#m28a0c46852dbbfb8ae655256f4e8270d81a33076

-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ