syzbot

 sign-in | mailing list | source | docs
🐞 Open [1299]
Subsystems
🐞 Fixed [5495]
🐞 Invalid [13053]
Missing Backports [116]
Kernel Health Bugs/Month Bug Lifetimes Fuzzing Crashes
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

general protection fault in __block_commit_write

Status: upstream: reported C repro on 2024/02/05 09:01
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+18df508cf00a0598d9a6@syzkaller.appspotmail.com
Fix commit: 83f4414b8f84 ext4: sanity check for NULL pointer after ext4_force_shutdown
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb], missing on: [ci-qemu-native-arm64-kvm ci-qemu2-riscv64 ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64]
First crash: 174d, last: 26d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: kernel BUG in ext4_write_inline_data (log)
Repro: syz .config
  
Discussions (4)
Title Replies (including bot) Last reply
[PATCH] kernel/ext4: sanity check for NULL pointer after ext4_force_shutdown 2 (2) 2024/07/11 02:35
[syzbot] [ext4?] general protection fault in __block_commit_write 0 (4) 2024/07/01 08:46
Re: [syzbot] [PATCH] handle EFSCORRUPTED, drop EXT4_STATE_MAY_INLINE_DATA sanity check 0 (1) 2024/07/01 08:45
Re: [syzbot] [PATCH] handle EFSCORRUPTED, drop EXT4_STATE_MAY_INLINE_DATA sanity check 0 (1) 2024/07/01 08:29
Last patch testing requests (9)
Created Duration User Patch Repo Result
2024/07/01 08:46 28m wojciech.gladysz@infogain.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master report log
2024/07/01 08:45 2h22m wojciech.gladysz@infogain.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master OK log
2024/07/01 08:34 2h08m wojciech.gladysz@infogain.com git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2024/07/01 08:29 4m wojciech.gladysz@infogain.com patch https://linux.googlesource.com/linux/kernel/git/torvalds/linux --- error
2024/06/03 02:36 18m retest repro git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci report log
2024/06/03 01:56 20m retest repro upstream OK log
2024/06/03 01:52 15m retest repro upstream report log
2024/04/29 01:48 22m retest repro upstream report log
2024/02/18 13:47 21m retest repro upstream report log

Sample crash report:
Unable to handle kernel paging request at virtual address dfff800000000004
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff800000000004] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 20274 Comm: syz-executor185 Not tainted 6.9.0-rc7-syzkaller-gfda5695d692c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __block_commit_write+0x64/0x2b0 fs/buffer.c:2167
lr : __block_commit_write+0x3c/0x2b0 fs/buffer.c:2160
sp : ffff8000a1957600
x29: ffff8000a1957610 x28: dfff800000000000 x27: ffff0000e30e34b0
x26: 0000000000000000 x25: dfff800000000000 x24: dfff800000000000
x23: fffffdffc397c9e0 x22: 0000000000000020 x21: 0000000000000020
x20: 0000000000000040 x19: fffffdffc397c9c0 x18: 1fffe000367bd196
x17: ffff80008eead000 x16: ffff80008ae89e3c x15: 00000000200000c0
x14: 1fffe0001cbe4e04 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000001 x10: 0000000000ff0100 x9 : 0000000000000000
x8 : 0000000000000004 x7 : 0000000000000000 x6 : 0000000000000000
x5 : fffffdffc397c9c0 x4 : 0000000000000020 x3 : 0000000000000020
x2 : 0000000000000040 x1 : 0000000000000020 x0 : fffffdffc397c9c0
Call trace:
 __block_commit_write+0x64/0x2b0 fs/buffer.c:2167
 block_write_end+0xb4/0x104 fs/buffer.c:2253
 ext4_da_do_write_end fs/ext4/inode.c:2955 [inline]
 ext4_da_write_end+0x2c4/0xa40 fs/ext4/inode.c:3028
 generic_perform_write+0x394/0x588 mm/filemap.c:3985
 ext4_buffered_write_iter+0x2c0/0x4ec fs/ext4/file.c:299
 ext4_file_write_iter+0x188/0x1780
 call_write_iter include/linux/fs.h:2110 [inline]
 new_sync_write fs/read_write.c:497 [inline]
 vfs_write+0x968/0xc3c fs/read_write.c:590
 ksys_write+0x15c/0x26c fs/read_write.c:643
 __do_sys_write fs/read_write.c:655 [inline]
 __se_sys_write fs/read_write.c:652 [inline]
 __arm64_sys_write+0x7c/0x90 fs/read_write.c:652
 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:48
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:133
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:152
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Code: 97f85911 f94002da 91008356 d343fec8 (38796908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	97f85911 	bl	0xffffffffffe16444
   4:	f94002da 	ldr	x26, [x22]
   8:	91008356 	add	x22, x26, #0x20
   c:	d343fec8 	lsr	x8, x22, #3
* 10:	38796908 	ldrb	w8, [x8, x25] <-- trapping instruction

Crashes (7):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/20 01:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c c0f1611a .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __block_commit_write
2024/05/08 13:13 upstream dccb07f2914c 4cf3f9b3 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro #1] [mounted in repro #2] ci2-upstream-fs general protection fault in __block_commit_write
2024/02/04 04:31 upstream 56897d51886f a67b2c42 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-badwrites-root general protection fault in __block_commit_write
2024/04/29 12:40 upstream e67572cd2204 27e33c58 .config strace log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root general protection fault in __block_commit_write
2024/05/08 10:11 upstream dccb07f2914c 4cf3f9b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in __block_commit_write
2024/04/29 11:21 upstream e67572cd2204 27e33c58 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __block_commit_write
2024/02/03 18:03 upstream 56897d51886f a67b2c42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in __block_commit_write
* Struck through repros no longer work on HEAD.