syzbot


general protection fault in create_empty_buffers (3)

Status: auto-obsoleted due to no activity on 2023/04/06 14:08
Reported-by: syzbot+9a544569c22d2d03f08b@syzkaller.appspotmail.com
First crash: 716d, last: 716d
Similar bugs (8)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in create_empty_buffers (3) fs 1 1607d 1607d 0/28 auto-closed as invalid on 2020/10/27 18:42
upstream general protection fault in create_empty_buffers (4) nilfs 2 576d 609d 0/28 auto-obsoleted due to no activity on 2023/07/26 06:29
linux-6.1 general protection fault in create_empty_buffers origin:upstream missing-backport C unreliable 1 473d 518d 0/3 upstream: reported C repro on 2023/06/23 12:51
linux-5.15 general protection fault in create_empty_buffers origin:lts-only syz done 1 524d 524d 0/3 upstream: reported syz repro on 2023/06/17 23:50
upstream general protection fault in create_empty_buffers 3820 2644d 2580d 0/28 closed as invalid on 2017/10/31 10:04
upstream general protection fault in create_empty_buffers (2) fs 1 2266d 2266d 0/28 auto-closed as invalid on 2019/03/08 22:46
android-54 general protection fault in create_empty_buffers 1 1500d 1500d 0/2 auto-closed as invalid on 2021/02/12 03:39
android-54 general protection fault in create_empty_buffers (2) 1 1293d 1293d 0/2 auto-closed as invalid on 2021/09/06 17:43

Sample crash report:
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 22285 Comm: udevd Not tainted 5.4.219-syzkaller-00096-gd7e5d5321233 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
RIP: 0010:create_empty_buffers+0x57/0x500 fs/buffer.c:1533
Code: ef 48 89 de ba 01 00 00 00 e8 f5 e0 ff ff 48 89 c5 48 89 04 24 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 1a a2 ed ff 4c 09 7d 00 48 83 c5
RSP: 0018:ffff8881ec147848 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000020000000 RCX: ffff8881e6af0000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff81a5f2c9 R09: fffff94000f35fa1
R10: fffff94000f35fa1 R11: 1ffffd4000f35fa0 R12: ffffea00079afd00
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007f054812b840(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb7df675dc0 CR3: 00000001e4dd5000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 create_page_buffers+0x12a/0x1e0 fs/buffer.c:1647
 block_read_full_page+0xe5/0xa10 fs/buffer.c:2237
 generic_file_buffered_read mm/filemap.c:2207 [inline]
 generic_file_read_iter+0xd07/0x2180 mm/filemap.c:2343
 blkdev_read_iter+0x12a/0x180 fs/block_dev.c:2043
 call_read_iter include/linux/fs.h:1970 [inline]
 new_sync_read fs/read_write.c:414 [inline]
 __vfs_read+0x5e0/0x760 fs/read_write.c:427
 vfs_read+0x166/0x370 fs/read_write.c:461
 ksys_read+0x198/0x2c0 fs/read_write.c:587
 do_syscall_64+0xcb/0x1c0 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
Modules linked in:
---[ end trace c587d90e10c35931 ]---
RIP: 0010:create_empty_buffers+0x57/0x500 fs/buffer.c:1533
Code: ef 48 89 de ba 01 00 00 00 e8 f5 e0 ff ff 48 89 c5 48 89 04 24 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 1a a2 ed ff 4c 09 7d 00 48 83 c5
RSP: 0018:ffff8881ec147848 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000020000000 RCX: ffff8881e6af0000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff81a5f2c9 R09: fffff94000f35fa1
R10: fffff94000f35fa1 R11: 1ffffd4000f35fa0 R12: ffffea00079afd00
R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000000
FS:  00007f054812b840(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002d43 CR3: 00000001e4dd5000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	ef                   	out    %eax,(%dx)
   1:	48 89 de             	mov    %rbx,%rsi
   4:	ba 01 00 00 00       	mov    $0x1,%edx
   9:	e8 f5 e0 ff ff       	callq  0xffffe103
   e:	48 89 c5             	mov    %rax,%rbp
  11:	48 89 04 24          	mov    %rax,(%rsp)
  15:	66 66 2e 0f 1f 84 00 	data16 nopw %cs:0x0(%rax,%rax,1)
  1c:	00 00 00 00
  20:	0f 1f 00             	nopl   (%rax)
  23:	48 89 e8             	mov    %rbp,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1) <-- trapping instruction
  2f:	74 08                	je     0x39
  31:	48 89 ef             	mov    %rbp,%rdi
  34:	e8 1a a2 ed ff       	callq  0xffeda253
  39:	4c 09 7d 00          	or     %r15,0x0(%rbp)
  3d:	48                   	rex.W
  3e:	83                   	.byte 0x83
  3f:	c5                   	.byte 0xc5

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/12/07 14:08 android12-5.4 d7e5d5321233 d88f3abb .config console log report info ci2-android-5-4-kasan general protection fault in create_empty_buffers
* Struck through repros no longer work on HEAD.