syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG in z_erofs_map_blocks_iter

Status: fixed on 2021/05/31 08:56
Reported-by: syzbot+703309d49447cffbbcbb@syzkaller.appspotmail.com
Fix commit: 006270aa8f9c erofs: add unsupported inode i_format check
First crash: 1149d, last: 1088d
Fix bisection: fixed by (bisect log) :
commit 006270aa8f9c32c8fc723b0b2874b91fd10c1290
Author: Gao Xiang <hsiangkao@redhat.com>
Date: Mon Mar 29 00:36:14 2021 +0000

  erofs: add unsupported inode i_format check

  
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2021/05/30 19:38 3h09m bisect fix linux-4.19.y job log (1)
2021/04/30 16:39 23m bisect fix linux-4.19.y job log (0) log

Sample crash report:
erofs: read_super, device -> /dev/loop0
erofs: options -> 
erofs: root inode @ nid 36
erofs: mounted on /dev/loop0 with opts: .
------------[ cut here ]------------
kernel BUG at drivers/staging/erofs/unzip_vle.c:1562!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8383 Comm: syz-executor.0 Not tainted 4.19.189-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vle_get_logical_extent_head drivers/staging/erofs/unzip_vle.c:1562 [inline]
RIP: 0010:z_erofs_map_blocks_iter+0x122e/0x1aa0 drivers/staging/erofs/unzip_vle.c:1666
Code: 0f 95 c0 84 c1 0f 85 82 08 00 00 48 8b 04 24 8b 5b 04 44 8b 60 20 e9 77 fc ff ff 66 45 85 e4 0f 84 8c 01 00 00 e8 42 99 27 fb <0f> 0b e8 3b 99 27 fb 48 89 ef e8 63 ae 46 fb 48 8b 54 24 20 48 b8
RSP: 0018:ffff888094aff208 EFLAGS: 00010293
RAX: ffff888094ad2000 RBX: ffff8880af534778 RCX: ffffffff863abffb
RDX: 0000000000000000 RSI: ffffffff863ac52e RDI: 0000000000000003
RBP: ffff8880aa1230c0 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000003
R13: dffffc0000000000 R14: ffffea0002bd4d00 R15: 0000000000000480
FS:  000000000197f400(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001c3f CR3: 00000000a5f86000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 erofs_map_blocks_iter+0x6d/0x3b0 drivers/staging/erofs/data.c:168
 z_erofs_do_read_page+0x670/0x2820 drivers/staging/erofs/unzip_vle.c:644
 z_erofs_vle_normalaccess_readpage+0x136/0x460 drivers/staging/erofs/unzip_vle.c:1353
 do_read_cache_page+0x533/0x1170 mm/filemap.c:2828
 read_mapping_page include/linux/pagemap.h:402 [inline]
 find_target_block_classic drivers/staging/erofs/namei.c:112 [inline]
 erofs_namei+0x1ab/0x1740 drivers/staging/erofs/namei.c:189
 erofs_lookup+0x143/0x500 drivers/staging/erofs/namei.c:232
 __lookup_slow+0x246/0x4a0 fs/namei.c:1672
 lookup_slow fs/namei.c:1689 [inline]
 walk_component+0x7ac/0xda0 fs/namei.c:1811
 lookup_last fs/namei.c:2274 [inline]
 path_lookupat+0x1ff/0x8d0 fs/namei.c:2319
 filename_lookup+0x1ac/0x5a0 fs/namei.c:2349
 user_path include/linux/namei.h:62 [inline]
 do_mount+0x147/0x2f10 fs/namespace.c:2739
 ksys_mount+0xcf/0x130 fs/namespace.c:3015
 __do_sys_mount fs/namespace.c:3029 [inline]
 __se_sys_mount fs/namespace.c:3026 [inline]
 __x64_sys_mount+0xba/0x150 fs/namespace.c:3026
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4665f9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff90af6ff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 00000000004665f9
RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000000
RBP: 00000000004bfce1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fff90af7190 R14: 000000000056bf60 R15: 0000000000009f72
Modules linked in:
---[ end trace fa42ddfdca1afec0 ]---
RIP: 0010:vle_get_logical_extent_head drivers/staging/erofs/unzip_vle.c:1562 [inline]
RIP: 0010:z_erofs_map_blocks_iter+0x122e/0x1aa0 drivers/staging/erofs/unzip_vle.c:1666
Code: 0f 95 c0 84 c1 0f 85 82 08 00 00 48 8b 04 24 8b 5b 04 44 8b 60 20 e9 77 fc ff ff 66 45 85 e4 0f 84 8c 01 00 00 e8 42 99 27 fb <0f> 0b e8 3b 99 27 fb 48 89 ef e8 63 ae 46 fb 48 8b 54 24 20 48 b8
RSP: 0018:ffff888094aff208 EFLAGS: 00010293
RAX: ffff888094ad2000 RBX: ffff8880af534778 RCX: ffffffff863abffb
RDX: 0000000000000000 RSI: ffffffff863ac52e RDI: 0000000000000003
RBP: ffff8880aa1230c0 R08: 0000000000000000 R09: 0000000000000002
R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000003
R13: dffffc0000000000 R14: ffffea0002bd4d00 R15: 0000000000000480
FS:  000000000197f400(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001c3f CR3: 00000000a5f86000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/04/30 19:33 linux-4.19.y 97a8651cadce 77e2b668 .config console log report syz ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/03/31 16:39 linux-4.19.y 2034d6f0838e 6a81331a .config console log report syz ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/03/24 20:22 linux-4.19.y 78fec1611cbf 607e3baf .config console log report syz ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/03/23 17:40 linux-4.19.y 125222814e7b e613994b .config console log report syz ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/03/03 01:37 linux-4.19.y 2d19be4653f5 e5b64d68 .config console log report syz ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/02/28 22:21 linux-4.19.y 2d19be4653f5 4c37c133 .config console log report syz ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/03/23 17:23 linux-4.19.y 125222814e7b e613994b .config console log report info ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/03/03 01:43 linux-4.19.y 2d19be4653f5 e5b64d68 .config console log report info ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/03/03 01:19 linux-4.19.y 2d19be4653f5 e5b64d68 .config console log report info ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
2021/02/28 22:05 linux-4.19.y 2d19be4653f5 4c37c133 .config console log report info ci2-linux-4-19 kernel BUG in z_erofs_map_blocks_iter
* Struck through repros no longer work on HEAD.