syzbot


general protection fault in gfs2_withdraw

Status: fixed on 2021/04/09 19:46
Subsystems: gfs2
[Documentation on labels]
Reported-by: syzbot+50a8a9cf8127f2c6f5df@syzkaller.appspotmail.com
Fix commit: d5bf630f355d gfs2: bypass signal_our_withdraw if no journal
First crash: 1335d, last: 1183d
Cause bisection: introduced by (bisect log) :
commit 601ef0d52e9617588fcff3df26953592f2eb44ac
Author: Bob Peterson <rpeterso@redhat.com>
Date: Tue Jan 28 19:23:45 2020 +0000

  gfs2: Force withdraw to replay journals and wait for it to finish

Crash: general protection fault in gfs2_withdraw (log)
Repro: C syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 5.10 000/157] 5.10.26-rc1 review 167 (167) 2021/03/24 14:28
[PATCH 5.11 00/31] 5.11.8-rc1 review 43 (43) 2021/03/20 09:52
general protection fault in gfs2_withdraw 3 (6) 2020/09/30 14:18

Sample crash report:
loop0: detected capacity change from 37488 to 0
gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
gfs2: fsid=syz:syz: Now mounting FS...
gfs2: fsid=syz:syz.0: fatal: invalid metadata block
  bh = 2075 (magic number)
  function = gfs2_meta_indirect_buffer, file = fs/gfs2/meta_io.c, line = 488
gfs2: fsid=syz:syz.0: about to withdraw this file system
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 0 PID: 8475 Comm: syz-executor937 Not tainted 5.11.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:signal_our_withdraw fs/gfs2/util.c:97 [inline]
RIP: 0010:gfs2_withdraw.cold+0xff/0xbee fs/gfs2/util.c:294
Code: 00 48 c1 e0 2a 80 3c 02 00 0f 85 1c 02 00 00 4c 8b bb 08 09 00 00 b8 ff ff 37 00 48 c1 e0 2a 49 8d 7f 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 74 05 e8 10 7e f9 f8 4d 8b 7f 70 b8 ff ff 37 00 48 c1
RSP: 0018:ffffc9000110f370 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffff888018348000 RCX: 0000000000000000
RDX: 000000000000000e RSI: ffffffff88bb89c6 RDI: 0000000000000070
RBP: ffff8880183482c5 R08: 0000000000000038 R09: 0000000000000000
R10: ffffffff88bb89b5 R11: 0000000000000000 R12: ffff8880183480a8
R13: ffff888018348348 R14: ffffffff8990ea40 R15: 0000000000000000
FS:  0000000000b34880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d3242ec160 CR3: 00000000143c5000 CR4: 0000000000350ef0
Call Trace:
 gfs2_meta_check_ii+0x68/0xa0 fs/gfs2/util.c:450
 gfs2_metatype_check_i fs/gfs2/util.h:126 [inline]
 gfs2_meta_indirect_buffer+0x3a3/0x3f0 fs/gfs2/meta_io.c:488
 gfs2_meta_inode_buffer fs/gfs2/meta_io.h:70 [inline]
 gfs2_inode_refresh+0x95/0xdf0 fs/gfs2/glops.c:478
 inode_go_lock+0x309/0x4a0 fs/gfs2/glops.c:508
 do_promote+0x4a0/0xb70 fs/gfs2/glock.c:395
 finish_xmote+0x671/0xe40 fs/gfs2/glock.c:562
 do_xmote+0x821/0xbc0 fs/gfs2/glock.c:688
 run_queue+0x323/0x680 fs/gfs2/glock.c:753
 gfs2_glock_nq+0x70a/0x11a0 fs/gfs2/glock.c:1408
 gfs2_glock_nq_init fs/gfs2/glock.h:238 [inline]
 gfs2_lookupi+0x314/0x630 fs/gfs2/inode.c:322
 gfs2_lookup_simple+0x99/0xe0 fs/gfs2/inode.c:273
 init_journal fs/gfs2/ops_fstype.c:714 [inline]
 init_inodes+0x3cb/0x2650 fs/gfs2/ops_fstype.c:857
 gfs2_fill_super+0x1a84/0x24e0 fs/gfs2/ops_fstype.c:1184
 get_tree_bdev+0x421/0x740 fs/super.c:1291
 gfs2_get_tree+0x4a/0x270 fs/gfs2/ops_fstype.c:1260
 vfs_get_tree+0x89/0x2f0 fs/super.c:1496
 do_new_mount fs/namespace.c:2878 [inline]
 path_mount+0x13ad/0x20c0 fs/namespace.c:3208
 do_mount fs/namespace.c:3221 [inline]
 __do_sys_mount fs/namespace.c:3429 [inline]
 __se_sys_mount fs/namespace.c:3406 [inline]
 __x64_sys_mount+0x27f/0x300 fs/namespace.c:3406
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x45b45a
Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007ffe227b2028 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffe227b2080 RCX: 000000000045b45a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffe227b2040
RBP: 00007ffe227b2040 R08: 00007ffe227b2080 R09: 00007ffe00000015
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000919
R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003
Modules linked in:
---[ end trace 08f1e840d7d342c3 ]---
RIP: 0010:signal_our_withdraw fs/gfs2/util.c:97 [inline]
RIP: 0010:gfs2_withdraw.cold+0xff/0xbee fs/gfs2/util.c:294
Code: 00 48 c1 e0 2a 80 3c 02 00 0f 85 1c 02 00 00 4c 8b bb 08 09 00 00 b8 ff ff 37 00 48 c1 e0 2a 49 8d 7f 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 74 05 e8 10 7e f9 f8 4d 8b 7f 70 b8 ff ff 37 00 48 c1
RSP: 0018:ffffc9000110f370 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffff888018348000 RCX: 0000000000000000
RDX: 000000000000000e RSI: ffffffff88bb89c6 RDI: 0000000000000070
RBP: ffff8880183482c5 R08: 0000000000000038 R09: 0000000000000000
R10: ffffffff88bb89b5 R11: 0000000000000000 R12: ffff8880183480a8
R13: ffff888018348348 R14: ffffffff8990ea40 R15: 0000000000000000
FS:  0000000000b34880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055d3242ec160 CR3: 00000000143c5000 CR4: 0000000000350ef0

Crashes (81):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/12/30 11:04 upstream 139711f033f6 0fa352f2 .config console log report syz C ci-upstream-kasan-gce-root
2020/12/22 11:05 upstream 8653b778e454 04201c06 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/12/08 10:44 upstream cd796ed33450 51a9082e .config console log report syz C ci-upstream-kasan-gce-root
2020/12/06 15:53 upstream 33256ce19411 f12ba0c5 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/12/06 05:24 upstream b3298500b23f 50503117 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/12/05 06:14 upstream e87297fa080a 20366b87 .config console log report syz C ci-upstream-kasan-gce-root
2020/11/16 23:07 upstream 09162bc32c88 1bf9a662 .config console log report syz C ci-upstream-kasan-gce-root
2020/11/14 13:13 upstream f01c30de86f1 1bf9a662 .config console log report syz C ci-upstream-kasan-gce-root
2020/11/12 00:41 upstream eccc87672492 cca87986 .config console log report syz C ci-upstream-kasan-gce-root
2020/11/10 08:29 upstream 407ab579637c 64069d48 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/13 02:15 upstream bbf5c979011a d32b0bbf .config console log report syz C ci-upstream-kasan-gce-root
2020/10/12 22:09 upstream bbf5c979011a d32b0bbf .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/12 07:48 upstream 3dd0130f2430 4a77ae0b .config console log report syz C ci-upstream-kasan-gce-root
2020/10/11 22:23 upstream da690031a5d6 4a77ae0b .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/11 20:33 upstream da690031a5d6 4a77ae0b .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/10/11 10:59 upstream da690031a5d6 4a77ae0b .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/10/11 05:39 upstream da690031a5d6 4a77ae0b .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/11 00:41 upstream 6f2f486d57c4 4a77ae0b .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/10 08:14 upstream 6f2f486d57c4 93817d89 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/08 00:56 upstream c85fb28b6f99 1880b4a9 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/10/07 23:59 upstream c85fb28b6f99 1880b4a9 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/10/07 06:55 upstream c85fb28b6f99 1880b4a9 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/05 08:24 upstream 549738f15da0 5ef9c291 .config console log report syz C ci-upstream-kasan-gce-root
2020/10/05 07:34 upstream 549738f15da0 5ef9c291 .config console log report syz C ci-upstream-kasan-gce-root
2020/09/30 12:15 upstream ccc1d052eff9 5abc3f1a .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/09/30 02:23 upstream ccc1d052eff9 5abc3f1a .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/09/26 17:41 upstream 7c7ec3226f5f 2d5ea0cb .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/09/26 17:20 upstream 7c7ec3226f5f 2d5ea0cb .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/12/11 02:29 linux-next 14240d4c5b25 f900b48c .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/11/30 02:57 linux-next 6174f05255e6 a0092f9d .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/11/27 13:35 linux-next 6147c83fd749 5018c946 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/11/15 22:51 linux-next 92edc4aef867 1bf9a662 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/11/09 13:04 linux-next c34f157421f6 64069d48 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/11/03 00:29 linux-next b49976d8ef64 8bc4594f .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2021/02/17 20:54 upstream f40ddce88593 14052202 .config console log report info ci-upstream-kasan-gce-root general protection fault in gfs2_withdraw
2021/01/25 10:19 upstream 6ee1d745b7c9 52e37319 .config console log report info ci-upstream-kasan-gce-selinux-root general protection fault in gfs2_withdraw
2021/01/22 21:30 upstream 83d09ad4b950 4080af96 .config console log report info ci-upstream-kasan-gce-smack-root general protection fault in gfs2_withdraw
2020/12/06 08:06 upstream 33256ce19411 f12ba0c5 .config console log report info ci-upstream-kasan-gce-smack-root
2020/11/27 18:15 upstream 85a2c56cb445 486f93ef .config console log report info ci-upstream-kasan-gce-selinux-root
2020/11/14 09:32 upstream f01c30de86f1 1bf9a662 .config console log report info ci-upstream-kasan-gce-smack-root
2020/11/12 11:39 upstream 3d5e28bff7ad 77a55c8e .config console log report info ci-upstream-kasan-gce-root
2020/10/10 19:42 upstream 6f2f486d57c4 4a77ae0b .config console log report info ci-upstream-kasan-gce-root
2020/10/06 22:57 upstream c85fb28b6f99 1880b4a9 .config console log report info ci-upstream-kasan-gce-smack-root
2020/09/30 21:36 upstream 02de58b24d2e 8516f6d3 .config console log report info ci-upstream-kasan-gce-smack-root
2020/09/27 21:39 upstream 16bc1d5432eb 5dd8aee8 .config console log report info ci-qemu-upstream
2020/09/26 00:04 upstream 171d4ff79f96 4a006f63 .config console log report info ci-upstream-kasan-gce-smack-root
2020/09/21 09:44 upstream ba4f184e126b c81d99c8 .config console log report info ci-qemu-upstream
2021/02/21 01:40 upstream f40ddce88593 3e5ed8b4 .config console log report info ci-qemu2-arm64-compat BUG: unable to handle kernel paging request in gfs2_withdraw
2021/02/07 12:10 upstream 825b5991a46e 2ce644fc .config console log report info ci-qemu2-arm64-compat BUG: unable to handle kernel paging request in gfs2_withdraw
2021/01/28 14:14 upstream 76c057c84d28 eefc07f2 .config console log report info ci-qemu2-arm64-compat BUG: unable to handle kernel paging request in gfs2_withdraw
2020/10/20 12:32 upstream 270315b8235e ff4a3345 .config console log report info ci-qemu-upstream-386
2020/10/17 12:31 upstream 071a0578b0ce fea47c01 .config console log report info ci-qemu-upstream-386
2020/10/12 09:31 upstream bbf5c979011a 4a77ae0b .config console log report info ci-qemu-upstream-386
2020/10/11 20:19 upstream 3dd0130f2430 4a77ae0b .config console log report info ci-qemu-upstream-386
2020/10/05 22:28 upstream 7575fdda569b 1880b4a9 .config console log report info ci-qemu-upstream-386
2020/10/03 15:00 upstream d3d45f8220d6 ca27b3bc .config console log report info ci-qemu-upstream-386
2020/10/03 01:10 upstream d3d45f8220d6 2653fa43 .config console log report info ci-qemu-upstream-386
2020/10/02 10:03 upstream 472e5b056f00 9602ddf4 .config console log report info ci-qemu-upstream-386
2020/10/01 21:46 upstream fcadab740480 9602ddf4 .config console log report info ci-qemu-upstream-386
2020/10/01 21:21 upstream fcadab740480 9602ddf4 .config console log report info ci-qemu-upstream-386
2020/09/30 19:29 upstream 02de58b24d2e a9767fb2 .config console log report info ci-qemu-upstream-386
2020/09/30 18:51 upstream 02de58b24d2e a9767fb2 .config console log report info ci-qemu-upstream-386
2020/09/29 15:23 upstream fb0155a09b02 5abc3f1a .config console log report info ci-qemu-upstream-386
2020/09/29 15:12 upstream fb0155a09b02 5abc3f1a .config console log report info ci-qemu-upstream-386
2020/09/28 22:24 upstream a4d63c3732f1 1b88c6d5 .config console log report info ci-qemu-upstream-386
2020/09/28 21:09 upstream a4d63c3732f1 1b88c6d5 .config console log report info ci-qemu-upstream-386
2020/09/28 18:09 upstream a4d63c3732f1 6bfdbe89 .config console log report info ci-qemu-upstream-386
2020/09/28 17:57 upstream a4d63c3732f1 6bfdbe89 .config console log report info ci-qemu-upstream-386
2020/09/28 08:45 upstream a1b8638ba132 6bfdbe89 .config console log report info ci-qemu-upstream-386
2020/09/27 23:19 upstream a1b8638ba132 5dd8aee8 .config console log report info ci-qemu-upstream-386
2020/09/27 01:20 upstream a1bffa48745a 5dd8aee8 .config console log report info ci-qemu-upstream-386
2020/09/26 14:12 upstream 7c7ec3226f5f 2d5ea0cb .config console log report info ci-qemu-upstream-386
2020/09/24 00:37 upstream c9c9e6a49f89 54289b08 .config console log report info ci-qemu-upstream-386
2020/09/23 08:24 upstream 805c6d3c1921 287cd75a .config console log report info ci-qemu-upstream-386
2020/09/22 18:34 upstream eff48ddeab78 3e8f6c27 .config console log report info ci-qemu-upstream-386
2020/09/22 12:13 upstream 98477740630f 3e8f6c27 .config console log report info ci-qemu-upstream-386
2020/09/21 22:18 upstream 98477740630f 9e1fa68e .config console log report info ci-qemu-upstream-386
2020/09/21 11:39 upstream ba4f184e126b c81d99c8 .config console log report info ci-qemu-upstream-386
2020/10/30 20:03 linux-next 4e78c578cb98 a6e3ac3b .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/09/24 18:01 linux-next d1d2220c7f39 54289b08 .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.