syzbot

 sign-in | mailing list | source | docs
🐞 Open [992] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12509] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in __brelse

Status: fixed on 2023/02/24 13:50
Subsystems: udf
[Documentation on labels]
Reported-by: syzbot+7902cd7684bc35306224@syzkaller.appspotmail.com
Fix commit: c791730f2554 udf: Avoid double brelse() in udf_rename()
First crash: 576d, last: 433d
Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in __brelse (log)
Repro: C syz .config
  
Discussions (10)
Title Replies (including bot) Last reply
[PATCH AUTOSEL 6.1 01/22] fs: jfs: fix shift-out-of-bounds in dbAllocAG 24 (24) 2022/12/18 11:28
[PATCH AUTOSEL 6.0 01/16] fs: jfs: fix shift-out-of-bounds in dbAllocAG 18 (18) 2022/12/18 11:26
[PATCH AUTOSEL 5.4 1/9] fs: jfs: fix shift-out-of-bounds in dbAllocAG 10 (10) 2022/12/17 18:05
[PATCH AUTOSEL 4.9 1/8] fs: jfs: fix shift-out-of-bounds in dbAllocAG 8 (8) 2022/12/17 15:30
[PATCH AUTOSEL 4.14 1/8] fs: jfs: fix shift-out-of-bounds in dbAllocAG 8 (8) 2022/12/17 15:30
[PATCH AUTOSEL 4.19 1/8] fs: jfs: fix shift-out-of-bounds in dbAllocAG 8 (8) 2022/12/17 15:30
[PATCH AUTOSEL 5.10 1/9] fs: jfs: fix shift-out-of-bounds in dbAllocAG 9 (9) 2022/12/17 15:29
[PATCH AUTOSEL 5.15 01/10] fs: jfs: fix shift-out-of-bounds in dbAllocAG 10 (10) 2022/12/17 15:29
[PATCH] udf: Avoid double brelse() in udf_rename() 2 (2) 2022/10/24 15:38
[syzbot] WARNING in __brelse 1 (2) 2022/10/01 22:50
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in __brelse (3) fs C done done 21 10d 274d 0/26 upstream: reported C repro on 2023/07/26 14:30
android-49 WARNING in __brelse C 6 1849d 1839d 0/3 public: reported C repro on 2019/04/14 00:00
linux-4.14 WARNING in __brelse vfs udf C 6 436d 542d 0/1 upstream: reported C repro on 2022/10/31 19:01
linux-6.1 WARNING in __brelse 5 1d21h 53d 0/3 upstream: reported on 2024/03/03 15:14
android-414 WARNING in __brelse C 10 1849d 1841d 0/1 public: reported C repro on 2019/04/12 00:00
upstream WARNING in __brelse (2) udf 1 425d 421d 0/26 auto-obsoleted due to no activity on 2023/06/25 16:51
linux-5.15 WARNING in __brelse 1 376d 376d 0/3 auto-obsoleted due to no activity on 2023/08/14 05:07
linux-4.19 WARNING in __brelse vfs reiserfs ext4 udf C 43 417d 573d 0/1 upstream: reported C repro on 2022/10/01 01:04

Sample crash report:
------------[ cut here ]------------
VFS: brelse: Trying to free free buffer
WARNING: CPU: 0 PID: 0 at fs/buffer.c:1145 __brelse fs/buffer.c:1145 [inline]
WARNING: CPU: 0 PID: 0 at fs/buffer.c:1145 __brelse+0x67/0xa0 fs/buffer.c:1139
Modules linked in:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:__brelse fs/buffer.c:1145 [inline]
RIP: 0010:__brelse+0x67/0xa0 fs/buffer.c:1139
Code: 7c 04 84 d2 75 4e 44 8b 63 60 31 ff 44 89 e6 e8 af 12 95 ff 45 85 e4 75 1c e8 d5 15 95 ff 48 c7 c7 a0 c6 fc 89 e8 50 29 62 07 <0f> 0b 5b 5d 41 5c e9 be 15 95 ff e8 b9 15 95 ff be 04 00 00 00 48
RSP: 0018:ffffc90000007f40 EFLAGS: 00010082
RAX: 0000000000000000 RBX: ffff888070cc90e8 RCX: 0000000000000000
RDX: ffffffff8bcbc9c0 RSI: ffffffff81622b98 RDI: fffff52000000fda
RBP: ffff888070cc9148 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000080010002 R11: 0000000000000000 R12: 0000000000000000
R13: dffffc0000000000 R14: ffff8880b9a35fc0 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000561499cb4318 CR3: 0000000079fd9000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 brelse include/linux/buffer_head.h:326 [inline]
 __invalidate_bh_lrus fs/buffer.c:1380 [inline]
 invalidate_bh_lru+0x99/0x150 fs/buffer.c:1393
 __flush_smp_call_function_queue+0x205/0x9a0 kernel/smp.c:630
 __sysvec_call_function_single+0xca/0x4d0 arch/x86/kernel/smp.c:248
 sysvec_call_function_single+0x8e/0xc0 arch/x86/kernel/smp.c:243
 </IRQ>
 <TASK>
 asm_sysvec_call_function_single+0x16/0x20 arch/x86/include/asm/idtentry.h:657
RIP: 0010:native_save_fl arch/x86/include/asm/irqflags.h:29 [inline]
RIP: 0010:arch_local_save_flags arch/x86/include/asm/irqflags.h:70 [inline]
RIP: 0010:arch_irqs_disabled arch/x86/include/asm/irqflags.h:130 [inline]
RIP: 0010:acpi_safe_halt drivers/acpi/processor_idle.c:113 [inline]
RIP: 0010:acpi_idle_do_entry+0x1fd/0x2a0 drivers/acpi/processor_idle.c:572
Code: 89 de e8 86 93 ea f7 84 db 75 ac e8 ed 96 ea f7 e8 48 0e f1 f7 eb 0c e8 e1 96 ea f7 0f 00 2d ba 93 c2 00 e8 d5 96 ea f7 fb f4 <9c> 5b 81 e3 00 02 00 00 fa 31 ff 48 89 de e8 b0 93 ea f7 48 85 db
RSP: 0018:ffffffff8bc07d28 EFLAGS: 00000293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffffffff8bcbc9c0 RSI: ffffffff899215ab RDI: 0000000000000000
RBP: ffff888017601864 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
R13: ffff888017601800 R14: ffff888017601864 R15: ffff888145fe4004
 acpi_idle_enter+0x364/0x500 drivers/acpi/processor_idle.c:709
 cpuidle_enter_state+0x1ab/0xd30 drivers/cpuidle/cpuidle.c:239
 cpuidle_enter+0x4a/0xa0 drivers/cpuidle/cpuidle.c:356
 call_cpuidle kernel/sched/idle.c:155 [inline]
 cpuidle_idle_call kernel/sched/idle.c:236 [inline]
 do_idle+0x3f7/0x590 kernel/sched/idle.c:303
 cpu_startup_entry+0x14/0x20 kernel/sched/idle.c:400
 rest_init+0x169/0x270 init/main.c:729
 arch_call_rest_init+0xf/0x14 init/main.c:890
 start_kernel+0x478/0x499 init/main.c:1145
 secondary_startup_64_no_verify+0xce/0xdb
 </TASK>
----------------
Code disassembly (best guess):
   0:	89 de                	mov    %ebx,%esi
   2:	e8 86 93 ea f7       	callq  0xf7ea938d
   7:	84 db                	test   %bl,%bl
   9:	75 ac                	jne    0xffffffb7
   b:	e8 ed 96 ea f7       	callq  0xf7ea96fd
  10:	e8 48 0e f1 f7       	callq  0xf7f10e5d
  15:	eb 0c                	jmp    0x23
  17:	e8 e1 96 ea f7       	callq  0xf7ea96fd
  1c:	0f 00 2d ba 93 c2 00 	verw   0xc293ba(%rip)        # 0xc293dd
  23:	e8 d5 96 ea f7       	callq  0xf7ea96fd
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	9c                   	pushfq <-- trapping instruction
  2b:	5b                   	pop    %rbx
  2c:	81 e3 00 02 00 00    	and    $0x200,%ebx
  32:	fa                   	cli
  33:	31 ff                	xor    %edi,%edi
  35:	48 89 de             	mov    %rbx,%rsi
  38:	e8 b0 93 ea f7       	callq  0xf7ea93ed
  3d:	48 85 db             	test   %rbx,%rbx

Crashes (22):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/11/15 16:30 upstream e01d50cbd6ee 97de9cfc .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root WARNING in __brelse
2022/11/09 04:37 upstream f141df371335 060f945e .config strace log report syz C [mounted in repro] ci-upstream-kasan-gce-root WARNING in __brelse
2022/10/09 22:20 upstream a6afa4199d3d aea5da89 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-kasan-gce-root WARNING in __brelse
2022/10/05 17:51 upstream 2bca25eaeba6 267e3bb1 .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-kasan-gce-root WARNING in __brelse
2022/09/28 09:33 upstream 46452d3786a8 75c78242 .config strace log report syz C ci-upstream-kasan-gce-root WARNING in __brelse
2022/10/31 08:19 linux-next 4d48f589d294 2a71366b .config strace log report syz C [disk image] [vmlinux] [mounted in repro] ci-upstream-linux-next-kasan-gce-root WARNING in __brelse
2023/02/17 22:41 upstream ec35307e18ba 3e7039f4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in __brelse
2023/02/06 12:26 upstream 4ec5183ec486 be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs WARNING in __brelse
2023/01/27 09:44 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in __brelse
2023/01/21 04:45 upstream edc00350d205 cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs WARNING in __brelse
2023/01/02 03:33 upstream e4cf7c25bae5 ab32d508 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs WARNING in __brelse
2022/12/25 00:26 upstream 72a85e2b0a1e 9da18ae8 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in __brelse
2022/12/19 07:20 upstream f9ff5644bcc0 05494336 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in __brelse
2022/11/11 05:48 upstream 1767a722a708 3ead01ad .config console log report info ci-upstream-kasan-gce-root WARNING in __brelse
2022/11/05 15:56 upstream 10d916c86eca 6d752409 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root WARNING in __brelse
2023/01/03 07:51 upstream 69b41ac87e4a ab32d508 .config console log report info ci-qemu-upstream-386 WARNING in __brelse
2022/12/24 06:21 upstream a27405b2ed9c 9da18ae8 .config console log report info ci-qemu-upstream-386 WARNING in __brelse
2022/10/09 23:00 linux-next aaa11ce2ffc8 aea5da89 .config console log report info [disk image] [vmlinux] ci-upstream-linux-next-kasan-gce-root WARNING in __brelse
2023/02/05 17:54 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci ca72d58361ee be607b78 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in __brelse
2023/02/01 17:28 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci f57a12aa375c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in __brelse
2022/12/04 06:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci e3cb714fb489 e080de16 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 WARNING in __brelse
2022/10/06 19:56 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 131b38ac .config console log report info ci-upstream-gce-arm64 WARNING in __brelse
* Struck through repros no longer work on HEAD.