syzbot


BUG: unable to handle kernel paging request in ovl_copy_xattr

Status: auto-obsoleted due to no activity on 2023/07/04 00:09
Subsystems: overlayfs
[Documentation on labels]
Reported-by: syzbot+d63643338a33351b6ade@syzkaller.appspotmail.com
First crash: 469d, last: 379d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] BUG: unable to handle kernel paging request in ovl_copy_xattr 0 (1) 2023/01/14 11:40

Sample crash report:
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support RENAME_WHITEOUT.
overlayfs: failed to set xattr on upper
overlayfs: ...falling back to index=off,metacopy=off.
BUG: unable to handle page fault for address: ffffff91f3a90101
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD c572067 P4D c572067 PUD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 13125 Comm: syz-executor.5 Not tainted 6.2.0-syzkaller-13563-gf915322fe014 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:ovl_copy_xattr+0x10f/0xc90 fs/overlayfs/copy_up.c:85
Code: 00 00 00 fc ff df 48 8d 7b 02 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 fc 06 00 00 <0f> b7 5b 02 31 ff 83 e3 08 89 de e8 31 8e a1 fe 66 85 db 75 1a 45
RSP: 0018:ffffc90014e67710 EFLAGS: 00010246
RAX: 0000000000000002 RBX: ffffff91f3a900ff RCX: ffffc90006149000
RDX: 0000000000000000 RSI: ffffffff82e368d6 RDI: ffffff91f3a90101
RBP: ffffc90014e67b08 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000205 R12: ffff88807aefe180
R13: ffff8880369485e0 R14: ffff888073b69d58 R15: ffffc90014e67b08
FS:  00007fd5799b8700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffff91f3a90101 CR3: 000000003b324000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 ovl_copy_up_metadata+0x191/0x960 fs/overlayfs/copy_up.c:616
 ovl_copy_up_workdir fs/overlayfs/copy_up.c:733 [inline]
 ovl_do_copy_up fs/overlayfs/copy_up.c:879 [inline]
 ovl_copy_up_one+0xa6d/0x2cc0 fs/overlayfs/copy_up.c:1049
 ovl_copy_up_flags+0x150/0x1d0 fs/overlayfs/copy_up.c:1095
 ovl_link fs/overlayfs/dir.c:708 [inline]
 ovl_link+0x78/0x250 fs/overlayfs/dir.c:698
 vfs_link+0x5c7/0xa90 fs/namei.c:4522
 do_linkat+0x448/0x5e0 fs/namei.c:4593
 __do_sys_link fs/namei.c:4627 [inline]
 __se_sys_link fs/namei.c:4625 [inline]
 __x64_sys_link+0x81/0xa0 fs/namei.c:4625
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fd578c8c0f9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd5799b8168 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
RAX: ffffffffffffffda RBX: 00007fd578dabf80 RCX: 00007fd578c8c0f9
RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000020000400
RBP: 00007fd578ce7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffdc794f92f R14: 00007fd5799b8300 R15: 0000000000022000
 </TASK>
Modules linked in:
CR2: ffffff91f3a90101
---[ end trace 0000000000000000 ]---
RIP: 0010:ovl_copy_xattr+0x10f/0xc90 fs/overlayfs/copy_up.c:85
Code: 00 00 00 fc ff df 48 8d 7b 02 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 fc 06 00 00 <0f> b7 5b 02 31 ff 83 e3 08 89 de e8 31 8e a1 fe 66 85 db 75 1a 45
RSP: 0018:ffffc90014e67710 EFLAGS: 00010246
RAX: 0000000000000002 RBX: ffffff91f3a900ff RCX: ffffc90006149000
RDX: 0000000000000000 RSI: ffffffff82e368d6 RDI: ffffff91f3a90101
RBP: ffffc90014e67b08 R08: 0000000000000003 R09: 0000000000000000
R10: 0000000000000008 R11: 0000000000000205 R12: ffff88807aefe180
R13: ffff8880369485e0 R14: ffff888073b69d58 R15: ffffc90014e67b08
FS:  00007fd5799b8700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffff91f3a90101 CR3: 000000003b324000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 5 bytes skipped:
   0:	df 48 8d             	fisttps -0x73(%rax)
   3:	7b 02                	jnp    0x7
   5:	48 89 fa             	mov    %rdi,%rdx
   8:	48 c1 ea 03          	shr    $0x3,%rdx
   c:	0f b6 14 02          	movzbl (%rdx,%rax,1),%edx
  10:	48 89 f8             	mov    %rdi,%rax
  13:	83 e0 07             	and    $0x7,%eax
  16:	83 c0 01             	add    $0x1,%eax
  19:	38 d0                	cmp    %dl,%al
  1b:	7c 08                	jl     0x25
  1d:	84 d2                	test   %dl,%dl
  1f:	0f 85 fc 06 00 00    	jne    0x721
* 25:	0f b7 5b 02          	movzwl 0x2(%rbx),%ebx <-- trapping instruction
  29:	31 ff                	xor    %edi,%edi
  2b:	83 e3 08             	and    $0x8,%ebx
  2e:	89 de                	mov    %ebx,%esi
  30:	e8 31 8e a1 fe       	callq  0xfea18e66
  35:	66 85 db             	test   %bx,%bx
  38:	75 1a                	jne    0x54
  3a:	45                   	rex.RB

Crashes (10):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/03/06 00:08 upstream f915322fe014 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/02/03 21:23 upstream 66a87fff1a87 1b2f701a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/02/01 08:35 upstream c0b67534c95c b68fb8d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/01/26 09:01 upstream 7c46948a6e9c 9dfcf09c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/01/20 23:03 upstream edc00350d205 dd15ff29 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/01/14 11:39 upstream 97ec4d559d93 a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/01/10 08:14 upstream 5a41237ad1d4 48bc529a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/01/05 22:08 upstream 41c03ba9beea 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2022/12/06 06:37 upstream bce9332220bd 045cbb84 .config console log report info ci2-upstream-fs BUG: unable to handle kernel paging request in ovl_copy_xattr
2023/01/07 15:22 linux-next cc3c08b41a9c 1dac8c7a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel paging request in ovl_copy_xattr
* Struck through repros no longer work on HEAD.