| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported |
|---|---|---|---|---|---|---|
| WARNING: locking bug in take_dentry_name_snapshot reiserfs overlayfs | C | error | done | 14 | 642d | 703d |
syzbot |
sign-in | mailing list | source | docs |
| Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported |
|---|---|---|---|---|---|---|
| WARNING: locking bug in take_dentry_name_snapshot reiserfs overlayfs | C | error | done | 14 | 642d | 703d |
| Title | Replies (including bot) | Last reply |
|---|---|---|
| [syzbot] BUG: unable to handle kernel paging request in take_dentry_name_snapshot | 1 (4) | 2023/10/04 08:35 |
| [syzbot] Monthly overlayfs report (Oct 2023) | 0 (1) | 2023/10/04 07:30 |
| [syzbot] Monthly overlayfs report (May 2023) | 0 (1) | 2023/05/06 08:19 |
| [syzbot] Monthly overlayfs report | 0 (1) | 2023/04/05 08:55 |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | BUG: spinlock bad magic in lock_sock_nested (2) bluetooth | 1 | 1093d | 1093d | 0/28 | auto-closed as invalid on 2022/04/18 01:34 | |||
| upstream | BUG: spinlock bad magic in lock_sock_nested bluetooth | 26 | 1234d | 1590d | 0/28 | auto-closed as invalid on 2021/12/27 15:41 | |||
| linux-5.15 | BUG: spinlock bad magic in release_metapage origin:upstream | C | 47 | 22h44m | 121d | 0/3 | upstream: reported C repro on 2024/09/15 11:43 | ||
| upstream | BUG: spinlock bad magic in btrfs_stop_all_workers btrfs | 5 | 210d | 210d | 26/28 | fixed on 2024/07/31 03:12 | |||
| upstream | BUG: spinlock bad magic in skb_queue_tail afs net | 1 | 757d | 753d | 0/28 | auto-obsoleted due to no activity on 2023/03/19 17:50 | |||
| linux-6.1 | BUG: spinlock bad magic in release_metapage origin:upstream | C | 27 | 41d | 103d | 0/3 | upstream: reported C repro on 2024/10/04 04:01 | ||
| upstream | BUG: spinlock bad magic in release_metapage jfs | C | inconclusive | 247 | 1d16h | 127d | 0/28 | upstream: reported C repro on 2024/09/10 08:16 |
| Created | Duration | User | Patch | Repo | Result |
|---|---|---|---|---|---|
| 2023/08/24 06:51 | 16m | retest repro | linux-next | report log | |
| 2023/08/24 06:51 | 16m | retest repro | upstream | report log | |
| 2023/08/24 06:51 | 14m | retest repro | linux-next | report log |
loop0: detected capacity change from 0 to 32768 read_mapping_page failed! ERROR: (device loop0): txCommit: ERROR: (device loop0): remounting filesystem as read-only BUG: spinlock bad magic on CPU#0, syz-executor256/5058 ================================================================== BUG: KASAN: slab-out-of-bounds in string_nocheck lib/vsprintf.c:646 [inline] BUG: KASAN: slab-out-of-bounds in string+0x218/0x2b0 lib/vsprintf.c:728 Read of size 1 at addr ffff8880111e9be0 by task syz-executor256/5058 CPU: 0 PID: 5058 Comm: syz-executor256 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 string_nocheck lib/vsprintf.c:646 [inline] string+0x218/0x2b0 lib/vsprintf.c:728 vsnprintf+0x1101/0x1da0 lib/vsprintf.c:2824 vprintk_store+0x480/0x1160 kernel/printk/printk.c:2222 vprintk_emit+0x1a7/0x770 kernel/printk/printk.c:2323 _printk+0xd5/0x120 kernel/printk/printk.c:2367 spin_dump kernel/locking/spinlock_debug.c:64 [inline] spin_bug+0x13b/0x1d0 kernel/locking/spinlock_debug.c:78 debug_spin_lock_before kernel/locking/spinlock_debug.c:86 [inline] do_raw_spin_lock+0x209/0x370 kernel/locking/spinlock_debug.c:115 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:111 [inline] _raw_spin_lock_irqsave+0xe1/0x120 kernel/locking/spinlock.c:162 __wake_up_common_lock+0x25/0x1e0 kernel/sched/wait.c:105 unlock_metapage fs/jfs/jfs_metapage.c:38 [inline] release_metapage+0xbb/0x870 fs/jfs/jfs_metapage.c:765 xtTruncate+0x1006/0x3270 jfs_free_zero_link+0x46e/0x6e0 fs/jfs/namei.c:759 jfs_evict_inode+0x35f/0x440 fs/jfs/inode.c:153 evict+0x2a8/0x630 fs/inode.c:667 __dentry_kill+0x20d/0x630 fs/dcache.c:603 shrink_kill+0xa9/0x2c0 fs/dcache.c:1048 shrink_dentry_list+0x2c0/0x5b0 fs/dcache.c:1075 shrink_dcache_parent+0xcb/0x3b0 do_one_tree+0x23/0xe0 fs/dcache.c:1538 shrink_dcache_for_umount+0x7d/0x130 fs/dcache.c:1555 generic_shutdown_super+0x6a/0x2d0 fs/super.c:619 kill_block_super+0x44/0x90 fs/super.c:1675 deactivate_locked_super+0xc4/0x130 fs/super.c:472 cleanup_mnt+0x426/0x4c0 fs/namespace.c:1267 task_work_run+0x24f/0x310 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xa1b/0x27e0 kernel/exit.c:878 do_group_exit+0x207/0x2c0 kernel/exit.c:1027 __do_sys_exit_group kernel/exit.c:1038 [inline] __se_sys_exit_group kernel/exit.c:1036 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f9a6c9f67c9 Code: Unable to access opcode bytes at 0x7f9a6c9f679f. RSP: 002b:00007ffcd4e72d88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f9a6c9f67c9 RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 RBP: 00007f9a6ca772d0 R08: ffffffffffffffb8 R09: 00007ffcd4e72e60 R10: 0000000020000980 R11: 0000000000000246 R12: 00007f9a6ca772d0 R13: 0000000000000000 R14: 00007f9a6ca78040 R15: 00007f9a6c9c4d00 </TASK> The buggy address belongs to the object at ffff8880111e9bc0 which belongs to the cache jfs_ip of size 2240 The buggy address is located 32 bytes inside of allocated 2240-byte region [ffff8880111e9bc0, ffff8880111ea480) The buggy address belongs to the physical page: page:ffffea0000447a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111e8 head:ffffea0000447a00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) page_type: 0xffffffff() raw: 00fff00000000840 ffff88801932d780 dead000000000122 0000000000000000 raw: 0000000000000000 00000000800d000d 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_RECLAIMABLE), pid 5058, tgid 5058 (syz-executor256), ts 57103346413, free_ts 16196088355 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x1ea/0x210 mm/page_alloc.c:1533 prep_new_page mm/page_alloc.c:1540 [inline] get_page_from_freelist+0x33ea/0x3580 mm/page_alloc.c:3311 __alloc_pages+0x256/0x680 mm/page_alloc.c:4569 __alloc_pages_node include/linux/gfp.h:238 [inline] alloc_pages_node include/linux/gfp.h:261 [inline] alloc_slab_page+0x5f/0x160 mm/slub.c:2175 allocate_slab mm/slub.c:2338 [inline] new_slab+0x84/0x2f0 mm/slub.c:2391 ___slab_alloc+0xc73/0x1260 mm/slub.c:3525 __slab_alloc mm/slub.c:3610 [inline] __slab_alloc_node mm/slub.c:3663 [inline] slab_alloc_node mm/slub.c:3835 [inline] kmem_cache_alloc_lru+0x253/0x350 mm/slub.c:3864 alloc_inode_sb include/linux/fs.h:3088 [inline] jfs_alloc_inode+0x28/0x70 fs/jfs/super.c:105 alloc_inode fs/inode.c:261 [inline] iget_locked+0x1ad/0x850 fs/inode.c:1280 jfs_iget+0x22/0x3b0 fs/jfs/inode.c:29 jfs_lookup+0x226/0x410 fs/jfs/namei.c:1469 __lookup_slow+0x28c/0x3f0 fs/namei.c:1692 lookup_slow+0x53/0x70 fs/namei.c:1709 walk_component+0x2e1/0x410 fs/namei.c:2004 lookup_last fs/namei.c:2461 [inline] path_lookupat+0x16f/0x450 fs/namei.c:2485 filename_lookup+0x256/0x610 fs/namei.c:2514 page last free pid 1 tgid 1 stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1140 [inline] free_unref_page_prepare+0x95d/0xa80 mm/page_alloc.c:2346 free_unref_page+0x37/0x3f0 mm/page_alloc.c:2486 free_reserved_page include/linux/mm.h:3117 [inline] free_reserved_area+0x198/0x240 mm/page_alloc.c:5708 free_init_pages arch/x86/mm/init.c:930 [inline] free_kernel_image_pages arch/x86/mm/init.c:946 [inline] free_initmem+0x9a/0x110 arch/x86/mm/init.c:973 kernel_init+0x31/0x2a0 init/main.c:1448 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 Memory state around the buggy address: ffff8880111e9a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880111e9b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc >ffff8880111e9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880111e9c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8880111e9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2024/04/06 11:38 | upstream | fe46a7dd189e | ca620dd8 | .config | strace log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci2-upstream-fs | BUG: spinlock bad magic in release_metapage | |
| 2024/04/06 11:07 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 707081b61156 | ca620dd8 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-gce-arm64 | BUG: spinlock bad magic in release_metapage | |
| 2023/03/27 08:51 | upstream | 197b6b60ae7b | fbf0499a | .config | console log | report | syz | [mounted in repro] | ci-upstream-kasan-gce-root | BUG: spinlock bad magic in take_dentry_name_snapshot | ||
| 2023/03/03 18:47 | linux-next | 1acf39ef8f14 | f8902b57 | .config | console log | report | syz | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-linux-next-kasan-gce-root | BUG: spinlock bad magic in take_dentry_name_snapshot | ||
| 2023/01/25 16:13 | linux-next | 691781f561e9 | 9dfcf09c | .config | console log | report | syz | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-linux-next-kasan-gce-root | BUG: spinlock bad magic in take_dentry_name_snapshot | ||
| 2022/12/23 05:31 | upstream | 8395ae05cb5a | 9da18ae8 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] [mounted in repro] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |
| 2023/05/17 08:16 | upstream | f1fcbaa18b28 | eaac4681 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-selinux-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/04/24 19:40 | upstream | 1a0beef98b58 | c778c7f4 | .config | console log | report | info | ci-qemu-upstream | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2023/03/18 18:06 | upstream | 478a351ce0d6 | 7939252e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/02/20 03:56 | upstream | c9c3395d5e3d | bcdf85f8 | .config | console log | report | info | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2023/02/07 14:15 | upstream | 05ecb680708a | 7d00f0e1 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/02/07 12:18 | upstream | 05ecb680708a | 7d00f0e1 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/02/03 08:31 | upstream | 66a87fff1a87 | 16d19e30 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/01/26 19:08 | upstream | 7c46948a6e9c | 9dfcf09c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/01/11 10:04 | upstream | 7dd4b804e080 | 1dac8c7a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2022/12/26 22:00 | upstream | 1b929c02afd3 | 9da18ae8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/02/16 07:03 | upstream | 033c40a89f55 | 6be0f1f5 | .config | console log | report | info | ci-qemu-upstream-386 | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2023/02/07 02:59 | upstream | 05ecb680708a | 5bc3be51 | .config | console log | report | info | ci-qemu-upstream-386 | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2023/01/15 15:52 | upstream | f0f70ddb8f3b | a63719e7 | .config | console log | report | info | ci-qemu-upstream-386 | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2023/01/15 00:18 | upstream | 7c6984405241 | a63719e7 | .config | console log | report | info | ci-qemu-upstream-386 | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2023/01/14 23:24 | upstream | 7c6984405241 | a63719e7 | .config | console log | report | info | ci-qemu-upstream-386 | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2022/11/29 00:35 | upstream | b7b275e60bcd | ca9683b8 | .config | console log | report | info | ci-qemu-upstream-386 | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2022/11/26 21:23 | upstream | 644e9524388a | f4470a7b | .config | console log | report | info | ci-qemu-upstream-386 | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | |||
| 2022/12/20 02:31 | linux-next | e45fb347b630 | c52b2efb | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2022/12/18 15:34 | linux-next | ca39c4daa6f7 | 05494336 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2022/11/29 17:39 | linux-next | 9e46a7996732 | 05dc7993 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | BUG: unable to handle kernel paging request in take_dentry_name_snapshot | ||
| 2023/10/04 02:47 | upstream | 5e62ed3b1c8a | 65faba36 | .config | console log | report | info | [disk image (non-bootable)] [vmlinux] [kernel image] | ci-qemu-upstream-386 | BUG: spinlock bad magic in release_metapage | ||
| 2023/03/16 20:16 | upstream | 0ddc84d2dd43 | 18b58603 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-kasan-gce-root | BUG: spinlock bad magic in take_dentry_name_snapshot | ||
| 2023/01/19 07:21 | upstream | 7287904c8771 | 66fca3ae | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-upstream-fs | KASAN: wild-memory-access Read in take_dentry_name_snapshot | ||
| 2024/04/06 10:37 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 707081b61156 | ca620dd8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | BUG: spinlock bad magic in release_metapage |