syzbot


general protection fault in reiserfs_security_init

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+690cb1e51970435f9775@syzkaller.appspotmail.com
Fix commit: 5e46d1b78a03 reiserfs: update reiserfs_xattrs_initialized() condition
First crash: 738d, last: 544d

Cause bisection: introduced by (bisect log) :
commit 1592c4b9935fa8a3b7c297955bb872a357e5a3b6
Author: Linhua Xu <linhua.xu@unisoc.com>
Date: Wed Mar 25 08:25:28 2020 +0000

  pinctrl: sprd: Add pin high impedance mode support

Crash: WARNING: ODEBUG bug in netdev_run_todo (log)
Repro: C syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2021/03/25 06:36 10m penguin-kernel@i-love.sakura.ne.jp patch upstream report log
2021/03/24 14:19 10m penguin-kernel@i-love.sakura.ne.jp patch upstream report log
2021/03/24 13:58 11m penguin-kernel@i-love.sakura.ne.jp patch upstream report log
2021/02/21 01:15 35m penguin-kernel@i-love.sakura.ne.jp patch upstream OK
2020/10/02 03:14 9m anant.thazhemadam@gmail.com patch https://github.com/google/kmsan.git master report log

Sample crash report:
REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
REISERFS (device loop0): checking transaction log (loop0)
REISERFS (device loop0): Using rupasov hash to sort names
general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 0 PID: 8372 Comm: syz-executor538 Not tainted 5.11.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:d_really_is_negative include/linux/dcache.h:475 [inline]
RIP: 0010:reiserfs_xattr_jcreate_nblocks fs/reiserfs/xattr.h:78 [inline]
RIP: 0010:reiserfs_security_init+0x28f/0x530 fs/reiserfs/xattr_security.c:70
Code: 48 c1 e9 03 80 3c 11 00 0f 85 91 02 00 00 49 8b 87 a0 05 00 00 48 ba 00 00 00 00 00 fc ff df 48 8d 78 68 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 4d 02 00 00 48 83 78 68 00 0f 84 be 01 00 00 48
RSP: 0018:ffffc9000161f970 EFLAGS: 00010212
RAX: 0000000000000000 RBX: 0000000000000036 RCX: 000000000000000d
RDX: dffffc0000000000 RSI: 000000000000006c RDI: 0000000000000068
RBP: ffff8880322e87a0 R08: 0000000000000000 R09: ffffc9000161fa18
R10: ffffffff82007170 R11: 0000000000000000 R12: 000000000000057d
R13: ffff8880156f8000 R14: 0000000000000000 R15: ffff888022e30000
FS:  0000000001ef8300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffe488ef68 CR3: 0000000013e1d000 CR4: 0000000000350ef0
Call Trace:
 reiserfs_mkdir+0x2c9/0x980 fs/reiserfs/namei.c:821
 create_privroot fs/reiserfs/xattr.c:889 [inline]
 reiserfs_xattr_init+0x4de/0xb60 fs/reiserfs/xattr.c:1011
 reiserfs_fill_super+0x2166/0x2e00 fs/reiserfs/super.c:2177
 mount_bdev+0x34d/0x410 fs/super.c:1367
 legacy_get_tree+0x105/0x220 fs/fs_context.c:592
 vfs_get_tree+0x89/0x2f0 fs/super.c:1497
 do_new_mount fs/namespace.c:2881 [inline]
 path_mount+0x13ad/0x20c0 fs/namespace.c:3211
 do_mount fs/namespace.c:3224 [inline]
 __do_sys_mount fs/namespace.c:3432 [inline]
 __se_sys_mount fs/namespace.c:3409 [inline]
 __x64_sys_mount+0x27f/0x300 fs/namespace.c:3409
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x44518a
Code: 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff8cc5f788 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fff8cc5f7e0 RCX: 000000000044518a
RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff8cc5f7a0
RBP: 00007fff8cc5f7a0 R08: 00007fff8cc5f7e0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000290
R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000006
Modules linked in:
---[ end trace 242d271a8eb82b35 ]---
RIP: 0010:d_really_is_negative include/linux/dcache.h:475 [inline]
RIP: 0010:reiserfs_xattr_jcreate_nblocks fs/reiserfs/xattr.h:78 [inline]
RIP: 0010:reiserfs_security_init+0x28f/0x530 fs/reiserfs/xattr_security.c:70
Code: 48 c1 e9 03 80 3c 11 00 0f 85 91 02 00 00 49 8b 87 a0 05 00 00 48 ba 00 00 00 00 00 fc ff df 48 8d 78 68 48 89 f9 48 c1 e9 03 <80> 3c 11 00 0f 85 4d 02 00 00 48 83 78 68 00 0f 84 be 01 00 00 48
RSP: 0018:ffffc9000161f970 EFLAGS: 00010212
RAX: 0000000000000000 RBX: 0000000000000036 RCX: 000000000000000d
RDX: dffffc0000000000 RSI: 000000000000006c RDI: 0000000000000068
RBP: ffff8880322e87a0 R08: 0000000000000000 R09: ffffc9000161fa18
R10: ffffffff82007170 R11: 0000000000000000 R12: 000000000000057d
R13: ffff8880156f8000 R14: 0000000000000000 R15: ffff888022e30000
FS:  0000000001ef8300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffe488ef68 CR3: 0000000013e1d000 CR4: 0000000000350ef0

Crashes (26311):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2021/02/24 04:35 upstream 3b9cdafb5358 fcc6d71b .config log report syz C general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/02/01 23:05 upstream 1048ba83fb1c e6b95f32 .config log report syz C general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/01/24 07:59 upstream e1ae4b0be158 52e37319 .config log report syz C general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/23 07:48 linux-next e3128d2f068e 8092f30d .config log report syz C general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2020/10/11 11:40 upstream da690031a5d6 4a77ae0b .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/10/09 01:56 upstream 3d006ee42dde 92390980 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/10/08 06:56 upstream c85fb28b6f99 1880b4a9 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/10/04 23:09 upstream 22fbc037cd32 5ef9c291 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/10/04 22:24 upstream 22fbc037cd32 5ef9c291 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/10/03 17:15 upstream d3d45f8220d6 2653fa43 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/10/03 14:16 upstream d3d45f8220d6 2653fa43 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/09/29 16:51 upstream fb0155a09b02 1b88c6d5 .config log report syz C
ci-upstream-kasan-gce-root 2020/09/21 01:16 upstream 325d0eab4f31 9564d2e9 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/09/20 19:48 upstream 325d0eab4f31 9564d2e9 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/09/21 01:55 linux-next b652d2a5f2a4 9564d2e9 .config log report syz C
ci-upstream-kasan-gce-smack-root 2021/03/31 00:08 upstream 2bb25b3a748a 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/30 23:15 upstream 2bb25b3a748a 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/30 22:12 upstream 2bb25b3a748a 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/30 21:52 upstream 2bb25b3a748a 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/29 23:02 upstream 1e43c377a79f 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/29 21:10 upstream 1e43c377a79f 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/29 14:42 upstream a5e13c6df0e4 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/29 13:17 upstream a5e13c6df0e4 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/29 13:07 upstream a5e13c6df0e4 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/29 12:02 upstream a5e13c6df0e4 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/28 22:26 upstream 36a14638f7c0 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/28 21:25 upstream 36a14638f7c0 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/28 20:54 upstream 81b1d39fd39a a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/28 19:52 upstream 81b1d39fd39a a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/27 11:52 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/27 10:16 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/27 08:35 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/26 20:48 upstream db24726bfefa a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/26 18:34 upstream db24726bfefa a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/26 18:31 upstream db24726bfefa a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-root 2021/03/26 17:27 upstream db24726bfefa a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-kasan-gce-smack-root 2021/03/26 17:24 upstream db24726bfefa a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/30 01:29 upstream 1e43c377a79f 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/30 00:04 upstream 1e43c377a79f 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/29 22:42 upstream 1e43c377a79f 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/29 21:38 upstream 1e43c377a79f 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/29 16:19 upstream a5e13c6df0e4 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/29 14:18 upstream a5e13c6df0e4 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/29 02:29 upstream 36a14638f7c0 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/29 02:23 upstream 36a14638f7c0 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/29 01:17 upstream 36a14638f7c0 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/28 23:38 upstream 36a14638f7c0 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/27 03:37 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/27 02:54 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/27 01:52 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/27 00:40 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-qemu-upstream-386 2021/03/26 23:31 upstream 0f4498cef9f5 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/04/01 08:42 linux-next 931294922e65 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/31 10:40 linux-next 931294922e65 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/31 01:42 linux-next 931294922e65 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/29 19:51 linux-next 931294922e65 6a81331a .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/29 18:48 linux-next 931294922e65 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/27 12:58 linux-next 931294922e65 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/27 08:59 linux-next 931294922e65 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/03/27 07:34 linux-next 931294922e65 a8529b82 .config log report info general protection fault in reiserfs_security_init
ci-upstream-linux-next-kasan-gce-root 2021/01/17 13:52 linux-next b3a3cbdec55b 813be542 .config log report info
ci-upstream-linux-next-kasan-gce-root 2020/09/19 12:30 linux-next b652d2a5f2a4 53ce8104 .config log report info
* Struck through repros no longer work on HEAD.