syzbot

 sign-in | mailing list | source | docs
🐞 Open [1080] Subsystems 🐞 Fixed [5302] 🐞 Invalid [12651] Missing Backports [93] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in mb_cache_destroy

Status: upstream: reported C repro on 2024/04/30 07:19
Subsystems: ext4
[Documentation on labels]
Reported-by: syzbot+dd43bd0f7474512edc47@syzkaller.appspotmail.com
Fix commit: 0c0b4a49d3e7 ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-linux-next-kasan-gce-root ci2-upstream-fs ci2-upstream-kcsan-gce], missing on: [ci-qemu2-riscv64 ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-net-next-test-gce ci2-upstream-usb]
First crash: 21d, last: 2d03h
Cause bisection: introduced by (bisect log) :
commit 67d7d8ad99beccd9fe92d585b87f1760dc9018e3
Author: Baokun Li <libaokun1@huawei.com>
Date: Thu Jun 16 02:13:56 2022 +0000

  ext4: fix use-after-free in ext4_xattr_set_entry

Crash: WARNING in mb_cache_destroy (log)
Repro: C syz .config
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH 1/2] ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() 2 (2) 2024/05/06 20:37
[syzbot] [ext4?] WARNING in mb_cache_destroy 7 (9) 2024/05/04 02:00

Sample crash report:
loop0: detected capacity change from 512 to 64
EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290 fs/mbcache.c:419
Modules linked in:
CPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-syzkaller-00005-gb947cc5bf6d7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
RIP: 0010:mb_cache_destroy+0x224/0x290 fs/mbcache.c:419
Code: 24 08 4c 89 f6 e8 9c e6 ff ff eb 05 e8 45 3b 6e ff 4c 8b 34 24 49 39 ee 74 33 e8 37 3b 6e ff e9 6a fe ff ff e8 2d 3b 6e ff 90 <0f> 0b 90 eb 83 44 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c 58 ff ff ff
RSP: 0018:ffffc90003677a88 EFLAGS: 00010293
RAX: ffffffff8227d393 RBX: 0000000000000002 RCX: ffff88807c9ebc00
RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
RBP: ffff88801aeb3858 R08: ffffffff8227d312 R09: 1ffff1100dd2e204
R10: dffffc0000000000 R11: ffffed100dd2e205 R12: 1ffff1100dd2e200
R13: ffff88806e971020 R14: ffff88806e971000 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ec96f85460 CR3: 000000000e134000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ext4_put_super+0x6d4/0xcd0 fs/ext4/super.c:1375
 generic_shutdown_super+0x136/0x2d0 fs/super.c:641
 kill_block_super+0x44/0x90 fs/super.c:1675
 ext4_kill_sb+0x68/0xa0 fs/ext4/super.c:7327
 deactivate_locked_super+0xc4/0x130 fs/super.c:472
 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1267
 task_work_run+0x24f/0x310 kernel/task_work.c:180
 exit_task_work include/linux/task_work.h:38 [inline]
 do_exit+0xa1b/0x27e0 kernel/exit.c:878
 do_group_exit+0x207/0x2c0 kernel/exit.c:1027
 __do_sys_exit_group kernel/exit.c:1038 [inline]
 __se_sys_exit_group kernel/exit.c:1036 [inline]
 __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4207bbec89
Code: Unable to access opcode bytes at 0x7f4207bbec5f.
RSP: 002b:00007ffd518b18c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f4207bbec89
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007f4207c3b390 R08: ffffffffffffffb8 R09: 00007ffd518b19a0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4207c3b390
R13: 0000000000000000 R14: 00007f4207c3c100 R15: 00007f4207b8cf60
 </TASK>

Crashes (738):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/04/30 00:11 upstream b947cc5bf6d7 27e33c58 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/04/29 23:56 upstream b947cc5bf6d7 f10afd69 .config console log report syz C [disk image (non-bootable)] [vmlinux] [kernel image] [mounted in repro] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/19 00:00 upstream 4b377b4868ef c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/18 19:11 upstream 4b377b4868ef c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/18 17:17 upstream 4b377b4868ef c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/18 04:06 upstream 7ee332c9f12b c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/18 04:06 upstream 7ee332c9f12b c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/17 20:31 upstream ff2632d7d08e a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/17 18:34 upstream ff2632d7d08e a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/17 14:30 upstream ea5f6ad9ad96 a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/17 12:47 upstream ea5f6ad9ad96 a12e99e7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/17 08:55 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/17 01:22 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/16 21:48 upstream ea5f6ad9ad96 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/16 21:48 upstream ea5f6ad9ad96 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/16 16:43 upstream 3c999d1ae3c7 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/16 08:42 upstream 3c999d1ae3c7 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/16 06:52 upstream 3c999d1ae3c7 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/16 00:50 upstream 1b294a1f3561 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/15 23:28 upstream 1b294a1f3561 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/15 22:14 upstream 1b294a1f3561 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/15 17:29 upstream 1b294a1f3561 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/15 16:01 upstream 1b294a1f3561 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/15 16:01 upstream 1b294a1f3561 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/15 14:58 upstream 1b294a1f3561 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/15 12:16 upstream 1b294a1f3561 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/15 09:45 upstream 4b95dc87362a fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/15 09:33 upstream 1b10b390d945 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/15 07:54 upstream 1b10b390d945 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/15 07:31 upstream 1b10b390d945 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/15 07:27 upstream 1b10b390d945 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/14 12:27 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/14 11:03 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/13 21:33 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/13 19:11 upstream cd97950cbcab fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/13 16:37 upstream a38297e3fb01 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/13 15:30 upstream a38297e3fb01 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/13 10:49 upstream a38297e3fb01 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/13 08:16 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/13 06:54 upstream a38297e3fb01 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root WARNING in mb_cache_destroy
2024/05/13 02:35 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root WARNING in mb_cache_destroy
2024/05/17 10:25 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/17 10:23 upstream ea5f6ad9ad96 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/16 12:42 upstream 3c999d1ae3c7 ef5d53ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/16 04:24 upstream 33e02dc69afb ef5d53ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/16 01:59 upstream 33e02dc69afb ef5d53ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/15 21:37 upstream 33e02dc69afb ef5d53ed .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/15 12:02 upstream 1b294a1f3561 7e8e0c0f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/13 05:16 upstream ba16c1cf11c9 9026e142 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream WARNING in mb_cache_destroy
2024/05/10 06:56 upstream 448b3fe5a0ea de979bc2 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm32 WARNING in mb_cache_destroy
2024/05/02 11:58 upstream 0106679839f7 3ba885bc .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu2-arm64-compat WARNING in mb_cache_destroy
* Struck through repros no longer work on HEAD.