syzbot


BUG: unable to handle kernel paging request in hfs_find_init

Status: upstream: reported C repro on 2023/04/05 08:29
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+f0a7f52364cc475f0297@syzkaller.appspotmail.com
First crash: 377d, last: 21d
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2023/06/18 upstream (ToT) 1b29d271614a C [report] BUG: unable to handle kernel paging request in hfs_find_init
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in hfs_find_init hfs C done 705 7h22m 2208d 0/26 upstream: reported C repro on 2018/03/31 20:47
linux-6.1 BUG: unable to handle kernel paging request in hfs_find_init origin:upstream C 24 6d23h 400d 0/3 upstream: reported C repro on 2023/03/13 10:13
linux-4.14 general protection fault in hfs_find_init hfs C 3 410d 500d 0/1 upstream: reported C repro on 2022/12/03 11:10
linux-4.19 general protection fault in hfs_find_init hfs C 12 411d 507d 0/1 upstream: reported C repro on 2022/11/26 21:41
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2024/02/01 21:58 25m bisect fix linux-5.15.y error job log (0)
2024/01/01 07:12 49m bisect fix linux-5.15.y job log (0) log
2023/11/13 02:24 2h11m bisect fix linux-5.15.y job log (0) log
2023/10/11 18:49 51m bisect fix linux-5.15.y job log (0) log

Sample crash report:
loop0: detected capacity change from 0 to 64
Unable to handle kernel paging request at virtual address dfff800000000008
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff800000000008] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 3962 Comm: syz-executor754 Not tainted 5.15.152-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hfs_find_init+0x6c/0x1c8 fs/hfs/bfind.c:21
lr : hfs_find_init+0x30/0x1c8 fs/hfs/bfind.c:16
sp : ffff800018e07090
x29: ffff800018e07090 x28: dfff800000000000 x27: 0000000000000000
x26: ffff0000c96e0180 x25: 0000000000000008 x24: dfff800000000000
x23: ffff7000031c0e28 x22: ffff800018e07178 x21: 0000000000000040
x20: ffff800018e07160 x19: 0000000000000000 x18: ffff800018e06be0
x17: 0000000000000000 x16: ffff80000824dad4 x15: 000000000000b7d4
x14: 000000004785e7c9 x13: dfff800000000000 x12: 0000000000000007
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000c9469b40
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff80001758bcb0 x4 : 0000000000000000 x3 : 0000000000000030
x2 : 0000000000000008 x1 : ffff800018e07160 x0 : ffff800018e07170
Call trace:
 hfs_find_init+0x6c/0x1c8 fs/hfs/bfind.c:21
 hfs_ext_read_extent fs/hfs/extent.c:200 [inline]
 hfs_get_block+0x290/0x9fc fs/hfs/extent.c:366
 block_read_full_page+0x2a0/0xc4c fs/buffer.c:2290
 hfs_readpage+0x28/0x38 fs/hfs/inode.c:39
 do_read_cache_page+0x60c/0x950
 read_cache_page+0x68/0x84 mm/filemap.c:3574
 read_mapping_page include/linux/pagemap.h:515 [inline]
 hfs_btree_open+0x420/0xe50 fs/hfs/btree.c:78
 hfs_mdb_get+0x10ec/0x1c4c fs/hfs/mdb.c:199
 hfs_fill_super+0xd64/0x13b4 fs/hfs/super.c:406
 mount_bdev+0x274/0x370 fs/super.c:1387
 hfs_mount+0x44/0x58 fs/hfs/super.c:456
 legacy_get_tree+0xd4/0x16c fs/fs_context.c:611
 vfs_get_tree+0x90/0x274 fs/super.c:1517
 do_new_mount+0x278/0x8fc fs/namespace.c:3005
 path_mount+0x594/0x101c fs/namespace.c:3335
 do_mount fs/namespace.c:3348 [inline]
 __do_sys_mount fs/namespace.c:3556 [inline]
 __se_sys_mount fs/namespace.c:3533 [inline]
 __arm64_sys_mount+0x510/0x5e0 fs/namespace.c:3533
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: 97e40d3c 91010275 f90002df d343feb9 (38f86b28) 
---[ end trace 887759da0d121bb9 ]---
----------------
Code disassembly (best guess):
   0:	97e40d3c 	bl	0xffffffffff9034f0
   4:	91010275 	add	x21, x19, #0x40
   8:	f90002df 	str	xzr, [x22]
   c:	d343feb9 	lsr	x25, x21, #3
* 10:	38f86b28 	ldrsb	w8, [x25, x24] <-- trapping instruction

Crashes (18):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/03/15 23:20 linux-5.15.y b95c01af2113 d615901c .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/06/17 19:09 linux-5.15.y 471e639e59d1 f3921d4d .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/12/02 02:14 linux-5.15.y a78d278e01b1 f819d6f7 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan general protection fault in hfs_find_init
2023/07/28 22:14 linux-5.15.y 09996673e313 92476829 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan general protection fault in hfs_find_init
2024/03/26 16:48 linux-5.15.y b95c01af2113 bcd9b39f .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2024/03/15 23:09 linux-5.15.y b95c01af2113 d615901c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2024/03/06 08:46 linux-5.15.y 80efc6265290 f39a7eed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/08/27 23:07 linux-5.15.y 5ddfe5cc8716 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/08/27 19:21 linux-5.15.y 5ddfe5cc8716 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/06/17 18:59 linux-5.15.y 471e639e59d1 f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/04/17 19:21 linux-5.15.y 4fdad925aa1a c6ec7083 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/04/17 03:54 linux-5.15.y 4fdad925aa1a ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/04/16 01:36 linux-5.15.y 4fdad925aa1a ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/04/05 08:29 linux-5.15.y c957cbb87315 831373d3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 BUG: unable to handle kernel paging request in hfs_find_init
2023/12/01 16:58 linux-5.15.y a78d278e01b1 f819d6f7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in hfs_find_init
2023/08/27 22:46 linux-5.15.y 5ddfe5cc8716 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in hfs_find_init
2023/04/22 17:56 linux-5.15.y 3299fb36854f 2b32bd34 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in hfs_find_init
2023/04/11 14:13 linux-5.15.y d86dfc4d95cd 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan general protection fault in hfs_find_init
* Struck through repros no longer work on HEAD.