syzbot


general protection fault in jffs2_parse_param

Status: fixed on 2021/03/10 01:48
Subsystems: fs mtd
[Documentation on labels]
Reported-by: syzbot+9765367bb86a19d38732@syzkaller.appspotmail.com
Fix commit: a61df3c413e4 jffs2: Fix NULL pointer dereference in rp_size fs option parsing
First crash: 1275d, last: 1186d
Cause bisection: failed (error log, bisect log)
  
Fix bisection: fixed by (bisect log) :
commit a61df3c413e49b0042f9caf774c58512d1cc71b7
Author: Jamie Iles <jamie@nuviainc.com>
Date: Mon Oct 12 13:12:04 2020 +0000

  jffs2: Fix NULL pointer dereference in rp_size fs option parsing

  
Discussions (2)
Title Replies (including bot) Last reply
general protection fault in jffs2_parse_param 1 (3) 2021/01/25 09:36
[Linux-kernel-mentees] [PATCH] fs: jffs2: super: Fix null pointer dereference in jffs2_parse_param() 1 (1) 2020/10/03 20:33
Last patch testing requests (4)
Created Duration User Patch Repo Result
2020/10/03 06:19 16m anmol.karan123@gmail.com patch upstream OK
2020/10/02 20:36 17m anmol.karan123@gmail.com patch upstream OK
2020/10/02 20:35 9m anmol.karan123@gmail.com upstream report log
2020/10/02 11:39 9m anmol.karan123@gmail.com upstream report log

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 8494 Comm: syz-executor008 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:jffs2_parse_param+0x141/0x330 fs/jffs2/super.c:206
Code: 48 c1 ea 03 4d 63 fc 80 3c 02 00 0f 85 de 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 75 00 49 8d 7e 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 c8 01 00 00 4d 8b 76 08 4c 89 ff 4c 89 f6 e8 06
RSP: 0018:ffffc900010ffb78 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888021a15400 RCX: ffffffff828600a4
RDX: 0000000000000001 RSI: ffffffff828600b6 RDI: 0000000000000008
RBP: 1ffff9200021ff6f R08: 0000000000000001 R09: ffff888020b6c193
R10: 00000000003fffff R11: 0000000000000000 R12: 0000000000000000
R13: ffff888018786000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000e17880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000043e830 CR3: 0000000011702000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vfs_parse_fs_param fs/fs_context.c:117 [inline]
 vfs_parse_fs_param+0x203/0x550 fs/fs_context.c:98
 vfs_parse_fs_string+0xe6/0x150 fs/fs_context.c:161
 generic_parse_monolithic+0x16f/0x1f0 fs/fs_context.c:201
 do_new_mount fs/namespace.c:2871 [inline]
 path_mount+0x1365/0x20c0 fs/namespace.c:3205
 do_mount fs/namespace.c:3218 [inline]
 __do_sys_mount fs/namespace.c:3426 [inline]
 __se_sys_mount fs/namespace.c:3403 [inline]
 __x64_sys_mount+0x27f/0x300 fs/namespace.c:3403
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x44699a
Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d ae fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5a ae fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007ffe25615308 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffe25615350 RCX: 000000000044699a
RDX: 0000000020000380 RSI: 00000000200003c0 RDI: 0000000000000000
RBP: 0000000000000000 R08: 00007ffe25615350 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c80
R13: 0000000000401d10 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace dbb122c89773c3af ]---
RIP: 0010:jffs2_parse_param+0x141/0x330 fs/jffs2/super.c:206
Code: 48 c1 ea 03 4d 63 fc 80 3c 02 00 0f 85 de 01 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 75 00 49 8d 7e 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 c8 01 00 00 4d 8b 76 08 4c 89 ff 4c 89 f6 e8 06
RSP: 0018:ffffc900010ffb78 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: ffff888021a15400 RCX: ffffffff828600a4
RDX: 0000000000000001 RSI: ffffffff828600b6 RDI: 0000000000000008
RBP: 1ffff9200021ff6f R08: 0000000000000001 R09: ffff888020b6c193
R10: 00000000003fffff R11: 0000000000000000 R12: 0000000000000000
R13: ffff888018786000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000e17880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000043e830 CR3: 0000000011702000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1632):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/11/07 09:53 upstream bf3e76289cd2 64069d48 .config console log report syz C ci-upstream-kasan-gce-root
2020/11/06 19:11 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-kasan-gce-root
2020/11/06 07:19 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/11/06 05:11 upstream 521b619acdc8 64069d48 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/10/13 07:05 upstream bbf5c979011a d32b0bbf .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/10/05 21:29 upstream 549738f15da0 1880b4a9 .config console log report syz C ci-upstream-kasan-gce-root
2020/10/04 21:02 upstream 22fbc037cd32 5ef9c291 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/03 19:28 upstream d3d45f8220d6 2653fa43 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/03 16:16 upstream d3d45f8220d6 2653fa43 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/10/02 22:49 upstream 472e5b056f00 4969d6ca .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/09/27 05:06 upstream eeddbe6841cd 2d5ea0cb .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/09/21 00:23 upstream 325d0eab4f31 9564d2e9 .config console log report syz C ci-upstream-kasan-gce-root
2020/09/20 19:20 upstream 325d0eab4f31 9564d2e9 .config console log report syz C ci-upstream-kasan-gce-smack-root
2020/09/20 16:56 upstream 325d0eab4f31 9564d2e9 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2020/11/03 06:05 linux-next b49976d8ef64 cba33199 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/09/20 20:03 linux-next b652d2a5f2a4 9564d2e9 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2020/12/18 13:10 upstream d64c6f96ba86 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/18 05:06 upstream d64c6f96ba86 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/17 22:29 upstream accefff5b547 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/17 02:35 upstream 5e60366d56c6 04201c06 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/16 15:55 upstream d635a69dd498 f213e07e .config console log report info ci-upstream-kasan-gce-root
2020/12/16 13:39 upstream d635a69dd498 f213e07e .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/16 06:43 upstream d635a69dd498 f213e07e .config console log report info ci-upstream-kasan-gce-root
2020/12/16 06:05 upstream d635a69dd498 f213e07e .config console log report info ci-upstream-kasan-gce-root
2020/12/16 04:57 upstream d635a69dd498 f213e07e .config console log report info ci-upstream-kasan-gce-root
2020/12/16 01:12 upstream 148842c98a24 97183ed7 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/15 19:23 upstream 148842c98a24 97183ed7 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/15 18:22 upstream 148842c98a24 97183ed7 .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/15 15:53 upstream 148842c98a24 97183ed7 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/15 13:16 upstream 148842c98a24 97183ed7 .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/15 10:51 upstream 148842c98a24 97183ed7 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/14 22:56 upstream 2c85ebc57b3e 97183ed7 .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/14 21:37 upstream 2c85ebc57b3e 97183ed7 .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/14 12:51 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-root
2020/12/14 11:41 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/14 09:03 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-root
2020/12/14 06:54 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-root
2020/12/14 05:48 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-root
2020/12/14 05:10 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/14 02:29 upstream 6bff9bb8a292 b22a7ec3 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/13 18:45 upstream 6bff9bb8a292 bca53db9 .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/13 10:02 upstream 7b1b868e1d91 bca53db9 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/13 05:01 upstream 7b1b868e1d91 bca53db9 .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/12 19:00 upstream 7f376f1917d7 bca53db9 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/12 16:21 upstream 7f376f1917d7 bca53db9 .config console log report info ci-upstream-kasan-gce-root
2020/12/12 01:21 upstream 33dc9614dc20 ba24ffcd .config console log report info ci-upstream-kasan-gce-root
2020/12/11 22:05 upstream 33dc9614dc20 ba24ffcd .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/11 17:13 upstream 33dc9614dc20 ba24ffcd .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/11 15:07 upstream 33dc9614dc20 ba24ffcd .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/11 06:02 upstream 9fca90cf2892 f900b48c .config console log report info ci-qemu-upstream
2020/12/11 04:00 upstream a2f5ea9e314b f900b48c .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/11 02:54 upstream a2f5ea9e314b f900b48c .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/10 23:16 upstream a2f5ea9e314b f900b48c .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/10 19:32 upstream a2f5ea9e314b f900b48c .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/10 03:54 upstream a68a0262abda c090b4da .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/10 01:19 upstream a68a0262abda c090b4da .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/09 15:05 upstream 7d8761ba27fc 40cc414d .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/09 13:56 upstream 7d8761ba27fc 40cc414d .config console log report info ci-upstream-kasan-gce-smack-root
2020/12/09 11:00 upstream 7d8761ba27fc 40cc414d .config console log report info ci-upstream-kasan-gce-selinux-root
2020/09/20 15:02 upstream 325d0eab4f31 9564d2e9 .config console log report info ci-upstream-kasan-gce-selinux-root
2020/12/14 08:23 upstream 2c85ebc57b3e b22a7ec3 .config console log report info ci-qemu-upstream-386
2020/12/13 14:37 linux-next 14240d4c5b25 bca53db9 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/13 07:39 linux-next 14240d4c5b25 bca53db9 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/13 05:43 linux-next 14240d4c5b25 bca53db9 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/13 02:03 linux-next 14240d4c5b25 bca53db9 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/13 00:28 linux-next 14240d4c5b25 bca53db9 .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/12 02:33 linux-next 14240d4c5b25 ba24ffcd .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/11 09:57 linux-next 14240d4c5b25 f900b48c .config console log report info ci-upstream-linux-next-kasan-gce-root
2020/12/10 02:22 linux-next a9e26cb5f261 c090b4da .config console log report info ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.