syzbot


KASAN: user-memory-access Write in __destroy_inode

Status: upstream: reported C repro on 2023/05/28 20:49
Bug presence: origin:upstream
[Documentation on labels]
Reported-by: syzbot+8cc84e9be19865da71db@syzkaller.appspotmail.com
First crash: 521d, last: 5h04m
Fix bisection: failed (error log, bisect log)
  
Bug presence (1)
Date Name Commit Repro Result
2023/05/28 upstream (ToT) 7877cb91f108 C [report] KASAN: user-memory-access Write in __destroy_inode
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KASAN: user-memory-access Write in __destroy_inode jfs C error 2500 5h39m 545d 0/28 upstream: reported C repro on 2023/05/04 09:32
linux-6.1 KASAN: user-memory-access Write in __destroy_inode origin:upstream C 259 4d01h 515d 0/3 upstream: reported C repro on 2023/06/03 22:53
Fix bisection attempts (9)
Created Duration User Patch Repo Result
2024/05/27 20:14 0m bisect fix linux-5.15.y error job log
2024/03/27 04:10 1h44m bisect fix linux-5.15.y OK (0) job log log
2024/02/25 18:37 55m bisect fix linux-5.15.y OK (0) job log log
2024/01/17 16:21 1h26m bisect fix linux-5.15.y OK (0) job log log
2023/12/17 19:49 2h03m bisect fix linux-5.15.y OK (0) job log log
2023/11/17 12:39 2h28m bisect fix linux-5.15.y OK (0) job log log
2023/10/17 05:09 1h43m bisect fix linux-5.15.y OK (0) job log log
2023/09/12 20:14 1h47m bisect fix linux-5.15.y OK (0) job log log
2023/06/29 00:30 1h09m bisect fix linux-5.15.y OK (0) job log log

Sample crash report:
ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 5
ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 6
ERROR: (device loop0): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 7
==================================================================
BUG: KASAN: user-memory-access in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
BUG: KASAN: user-memory-access in atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:167 [inline]
BUG: KASAN: user-memory-access in __refcount_sub_and_test include/linux/refcount.h:272 [inline]
BUG: KASAN: user-memory-access in __refcount_dec_and_test include/linux/refcount.h:315 [inline]
BUG: KASAN: user-memory-access in refcount_dec_and_test include/linux/refcount.h:333 [inline]
BUG: KASAN: user-memory-access in posix_acl_release include/linux/posix_acl.h:57 [inline]
BUG: KASAN: user-memory-access in __destroy_inode+0x427/0x5e0 fs/inode.c:273
Write of size 4 at addr 0000000b00000000 by task syz-executor313/3569

CPU: 1 PID: 3569 Comm: syz-executor313 Not tainted 5.15.167-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1e3/0x2d0 lib/dump_stack.c:106
 __kasan_report mm/kasan/report.c:438 [inline]
 kasan_report+0x161/0x1c0 mm/kasan/report.c:451
 kasan_check_range+0x27e/0x290 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_fetch_sub_release include/linux/atomic/atomic-instrumented.h:167 [inline]
 __refcount_sub_and_test include/linux/refcount.h:272 [inline]
 __refcount_dec_and_test include/linux/refcount.h:315 [inline]
 refcount_dec_and_test include/linux/refcount.h:333 [inline]
 posix_acl_release include/linux/posix_acl.h:57 [inline]
 __destroy_inode+0x427/0x5e0 fs/inode.c:273
 destroy_inode fs/inode.c:284 [inline]
 evict+0x7d6/0x930 fs/inode.c:637
 dispose_list fs/inode.c:655 [inline]
 evict_inodes+0x601/0x6a0 fs/inode.c:705
 generic_shutdown_super+0x99/0x2c0 fs/super.c:454
 kill_block_super+0x7a/0xe0 fs/super.c:1425
 deactivate_locked_super+0xa0/0x110 fs/super.c:335
 cleanup_mnt+0x44e/0x500 fs/namespace.c:1143
 task_work_run+0x129/0x1a0 kernel/task_work.c:188
 exit_task_work include/linux/task_work.h:33 [inline]
 do_exit+0x6a3/0x2480 kernel/exit.c:874
 do_group_exit+0x144/0x310 kernel/exit.c:996
 __do_sys_exit_group kernel/exit.c:1007 [inline]
 __se_sys_exit_group kernel/exit.c:1005 [inline]
 __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1005
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x66/0xd0
RIP: 0033:0x7f8a6d3c0009
Code: Unable to access opcode bytes at RIP 0x7f8a6d3bffdf.
RSP: 002b:00007ffd9dbb4d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f8a6d3c0009
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 00007f8a6d442370 R08: ffffffffffffffb8 R09: 0000000000000000
R10: 0000000000001000 R11: 0000000000000246 R12: 00007f8a6d442370
R13: 0000000000000000 R14: 00007f8a6d4430e0 R15: 00007f8a6d38dd70
 </TASK>
==================================================================

Crashes (133):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/10/12 17:52 linux-5.15.y 3a5928702e71 084d8178 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2023/05/28 20:49 linux-5.15.y 1fe619a7d252 cf184559 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/04/21 06:11 linux-5.15.y c52b9710c83d af24b050 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-linux-5-15-kasan-arm64 KASAN: user-memory-access Write in __destroy_inode
2024/10/30 18:14 linux-5.15.y 74cdd62cb470 fb888278 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/29 19:51 linux-5.15.y 74cdd62cb470 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/29 09:37 linux-5.15.y 74cdd62cb470 66aeb999 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/29 00:49 linux-5.15.y 74cdd62cb470 9efb3cc7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/29 00:46 linux-5.15.y 74cdd62cb470 9efb3cc7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/28 20:28 linux-5.15.y 74cdd62cb470 9efb3cc7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/28 11:57 linux-5.15.y 74cdd62cb470 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/28 10:08 linux-5.15.y 74cdd62cb470 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/27 05:41 linux-5.15.y 74cdd62cb470 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/26 23:19 linux-5.15.y 74cdd62cb470 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/26 23:19 linux-5.15.y 74cdd62cb470 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/26 07:10 linux-5.15.y 74cdd62cb470 65e8686b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/25 17:42 linux-5.15.y 74cdd62cb470 045e728d .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/25 05:59 linux-5.15.y 74cdd62cb470 c79b8ca5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/24 18:42 linux-5.15.y 74cdd62cb470 0d144d1a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/24 18:41 linux-5.15.y 74cdd62cb470 0d144d1a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/23 05:08 linux-5.15.y 74cdd62cb470 15fa2979 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/22 20:21 linux-5.15.y 74cdd62cb470 a93682b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/22 10:01 linux-5.15.y 584a40a22cb9 a93682b3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/21 19:08 linux-5.15.y 584a40a22cb9 f1e4447c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/21 19:08 linux-5.15.y 584a40a22cb9 f1e4447c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/19 03:54 linux-5.15.y 584a40a22cb9 cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 19:53 linux-5.15.y 584a40a22cb9 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 00:03 linux-5.15.y 3a5928702e71 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 00:02 linux-5.15.y 3a5928702e71 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 00:00 linux-5.15.y 3a5928702e71 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 00:00 linux-5.15.y 3a5928702e71 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 00:00 linux-5.15.y 3a5928702e71 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 00:00 linux-5.15.y 3a5928702e71 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/17 00:00 linux-5.15.y 3a5928702e71 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/16 04:00 linux-5.15.y 3a5928702e71 bde2d81c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/16 04:00 linux-5.15.y 3a5928702e71 bde2d81c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/16 04:00 linux-5.15.y 3a5928702e71 bde2d81c .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 15:58 linux-5.15.y 3a5928702e71 7eb57b4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 15:58 linux-5.15.y 3a5928702e71 7eb57b4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 15:57 linux-5.15.y 3a5928702e71 7eb57b4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 15:55 linux-5.15.y 3a5928702e71 7eb57b4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 15:53 linux-5.15.y 3a5928702e71 7eb57b4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 15:53 linux-5.15.y 3a5928702e71 7eb57b4a .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 03:00 linux-5.15.y 3a5928702e71 b01b6661 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 02:58 linux-5.15.y 3a5928702e71 b01b6661 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/10/15 02:54 linux-5.15.y 3a5928702e71 b01b6661 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan KASAN: user-memory-access Write in __destroy_inode
2024/07/20 18:26 linux-5.15.y 7c6d66f0266f b88348e9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-5-15-kasan-arm64 KASAN: user-memory-access Write in __destroy_inode
* Struck through repros no longer work on HEAD.