syzbot


general protection fault in open_xa_dir

Status: auto-obsoleted due to no activity on 2024/11/01 02:44
Reported-by: syzbot+b26364fca004f13cd92e@syzkaller.appspotmail.com
First crash: 144d, last: 143d
Similar bugs (7)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in open_xa_dir reiserfs C 82 604d 831d 0/28 auto-obsoleted due to no activity on 2023/08/18 00:17
upstream general protection fault in open_xa_dir reiserfs C done 3 1524d 1536d 15/28 fixed on 2020/11/16 12:12
upstream general protection fault in open_xa_dir (2) reiserfs 1 984d 980d 0/28 auto-closed as invalid on 2022/07/04 17:03
linux-4.14 general protection fault in open_xa_dir C done 1 1544d 1544d 1/1 fixed on 2020/10/22 20:19
linux-4.19 general protection fault in open_xa_dir C unreliable 1 1536d 1536d 0/1 upstream: reported C repro on 2020/09/30 05:05
linux-5.15 BUG: unable to handle kernel paging request in open_xa_dir origin:upstream missing-backport C error 2 5d00h 237d 0/3 upstream: reported C repro on 2024/04/21 09:30
linux-6.1 BUG: unable to handle kernel paging request in open_xa_dir origin:lts-only C 5 3d22h 4d03h 0/3 upstream: reported C repro on 2024/12/10 20:35

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 PID: 3550 Comm: kworker/1:4 Not tainted 6.1.100-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
Workqueue: events free_ruleset_work
RIP: 0010:d_really_is_negative include/linux/dcache.h:466 [inline]
RIP: 0010:open_xa_root fs/reiserfs/xattr.c:124 [inline]
RIP: 0010:open_xa_dir+0x101/0x610 fs/reiserfs/xattr.c:152
Code: 05 00 00 49 03 1e 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 9d 42 b1 ff 4c 8b 3b 49 83 c7 68 4c 89 fb 48 c1 eb 03 <42> 80 3c 23 00 74 08 4c 89 ff e8 80 42 b1 ff 49 8b 3f 48 85 ff 0f
RSP: 0018:ffffc9000423f760 EFLAGS: 00010202
RAX: 1ffff1100ae21eb3 RBX: 000000000000000d RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: ffffc9000423f7d1
RBP: ffffc9000423f850 R08: dffffc0000000000 R09: ffffc9000423f7c0
R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1100eb7a8cf R14: ffff888075bd4678 R15: 0000000000000068
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005605ecff7000 CR3: 0000000017b70000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 reiserfs_for_each_xattr+0x1a4/0xb40 fs/reiserfs/xattr.c:252
 reiserfs_delete_xattrs+0x1b/0x80 fs/reiserfs/xattr.c:364
 reiserfs_evict_inode+0x20c/0x460 fs/reiserfs/inode.c:53
 evict+0x2a4/0x620 fs/inode.c:666
 release_inode+0x152/0x2e0 security/landlock/fs.c:77
 landlock_put_object+0x82/0xb0 security/landlock/object.c:64
 free_rule security/landlock/ruleset.c:110 [inline]
 free_ruleset+0x83/0x170 security/landlock/ruleset.c:365
 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292
 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439
 kthread+0x28d/0x320 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:d_really_is_negative include/linux/dcache.h:466 [inline]
RIP: 0010:open_xa_root fs/reiserfs/xattr.c:124 [inline]
RIP: 0010:open_xa_dir+0x101/0x610 fs/reiserfs/xattr.c:152
Code: 05 00 00 49 03 1e 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 9d 42 b1 ff 4c 8b 3b 49 83 c7 68 4c 89 fb 48 c1 eb 03 <42> 80 3c 23 00 74 08 4c 89 ff e8 80 42 b1 ff 49 8b 3f 48 85 ff 0f
RSP: 0018:ffffc9000423f760 EFLAGS: 00010202
RAX: 1ffff1100ae21eb3 RBX: 000000000000000d RCX: 0000000000000000
RDX: 0000000000000011 RSI: 0000000000000000 RDI: ffffc9000423f7d1
RBP: ffffc9000423f850 R08: dffffc0000000000 R09: ffffc9000423f7c0
R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000
R13: 1ffff1100eb7a8cf R14: ffff888075bd4678 R15: 0000000000000068
FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5725d59120 CR3: 000000007db84000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	00 00                	add    %al,(%rax)
   2:	49 03 1e             	add    (%r14),%rbx
   5:	48 89 d8             	mov    %rbx,%rax
   8:	48 c1 e8 03          	shr    $0x3,%rax
   c:	42 80 3c 20 00       	cmpb   $0x0,(%rax,%r12,1)
  11:	74 08                	je     0x1b
  13:	48 89 df             	mov    %rbx,%rdi
  16:	e8 9d 42 b1 ff       	call   0xffb142b8
  1b:	4c 8b 3b             	mov    (%rbx),%r15
  1e:	49 83 c7 68          	add    $0x68,%r15
  22:	4c 89 fb             	mov    %r15,%rbx
  25:	48 c1 eb 03          	shr    $0x3,%rbx
* 29:	42 80 3c 23 00       	cmpb   $0x0,(%rbx,%r12,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 ff             	mov    %r15,%rdi
  33:	e8 80 42 b1 ff       	call   0xffb142b8
  38:	49 8b 3f             	mov    (%r15),%rdi
  3b:	48 85 ff             	test   %rdi,%rdi
  3e:	0f                   	.byte 0xf

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/07/24 02:43 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/24 02:42 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/24 02:42 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/24 02:41 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/24 02:39 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/24 02:39 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/24 02:39 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/23 21:41 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
2024/07/23 21:41 linux-6.1.y 9b3f9a5b12dc e50e8da5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-6-1-kasan general protection fault in open_xa_dir
* Struck through repros no longer work on HEAD.