syzbot


general protection fault in gfs2_dump_glock (2)

Status: upstream: reported C repro on 2023/03/06 17:44
Subsystems: gfs2
[Documentation on labels]
Reported-by: syzbot+427fed3295e9a7e887f2@syzkaller.appspotmail.com
First crash: 388d, last: 80d
Cause bisection: introduced by (bisect log) :
commit a8b76910e465d718effce0cad306a21fa4f3526b
Author: Valentin Schneider <valentin.schneider@arm.com>
Date: Wed Nov 10 20:24:44 2021 +0000

  preempt: Restore preemption model selection configs

Crash: KASAN: stack-out-of-bounds Read in gfs2_dump_glock (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <jack@suse.cz>
Date: Wed Nov 1 17:43:10 2023 +0000

  fs: Block writes to mounted block devices

  
Discussions (9)
Title Replies (including bot) Last reply
[syzbot] [cluster?] general protection fault in gfs2_dump_glock (2) 2 (5) 2024/02/19 12:56
[syzbot] Monthly gfs2 report (Jan 2024) 0 (1) 2024/01/09 18:20
[syzbot] Monthly gfs2 report (Dec 2023) 0 (1) 2023/12/07 09:56
[syzbot] Monthly gfs2 report (Nov 2023) 0 (1) 2023/11/06 23:07
[syzbot] Monthly gfs2 report (Oct 2023) 0 (1) 2023/10/05 13:58
[syzbot] Monthly gfs2 report (Sep 2023) 0 (1) 2023/09/04 08:33
[syzbot] Monthly gfs2 report (May 2023) 0 (1) 2023/05/31 08:44
[syzbot] Monthly gfs2 report (Apr 2023) 0 (1) 2023/04/30 08:01
[syzbot] Monthly cluster report 1 (2) 2023/03/30 10:09
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-6.1 KASAN: stack-out-of-bounds Read in gfs2_dump_glock origin:upstream C 4 29d 331d 0/3 upstream: reported C repro on 2023/05/02 11:39
upstream general protection fault in gfs2_dump_glock gfs2 C 25 399d 801d 22/26 fixed on 2023/02/24 13:50
Last patch testing requests (12)
Created Duration User Patch Repo Result
2024/02/06 22:51 23m retest repro upstream OK log
2024/02/06 22:41 19m retest repro upstream OK log
2024/02/06 22:51 23m retest repro upstream OK log
2024/02/06 22:41 19m retest repro upstream OK log
2024/01/24 19:22 40m retest repro upstream OK log
2024/01/24 18:25 34m retest repro upstream OK log
2024/01/24 18:25 28m retest repro upstream OK log
2024/01/24 18:25 22m retest repro upstream OK log
2024/01/24 18:25 26m retest repro linux-next OK log
2023/11/28 21:59 14m retest repro upstream report log
2023/09/05 09:23 0m nogikh@google.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4cc4cc28ec4154c4f1395648ab67ac9fd3e71fdc error OK
2023/09/05 09:23 1m nogikh@google.com https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git a8b76910e465d718effce0cad306a21fa4f3526b error OK
Fix bisection attempts (3)
Created Duration User Patch Repo Result
2024/02/19 05:29 6h28m bisect fix upstream job log (1)
2023/11/02 11:00 4h31m bisect fix upstream job log (0) log
2023/08/16 17:09 2h33m bisect fix upstream job log (0) log
Cause bisection attempts (3)
Created Duration User Patch Repo Result
2023/09/04 18:37 7h16m bisect upstream job log (1) log
2023/08/27 18:04 12h16m bisect upstream error job log (0)
marked invalid by nogikh@google.com
2023/03/06 05:54 8h09m bisect upstream error job log (0)
marked invalid by nogikh@google.com

Sample crash report:
  function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:5240 [syz-executor237] __gfs2_lookup+0xa1/0x290 fs/gfs2/inode.c:896
gfs2: fsid=syz:syz.0:  H: s:SH f:AH e:0 p:5242 [syz-executor237] do_inode_permission fs/namei.c:462 [inline]
gfs2: fsid=syz:syz.0:  H: s:SH f:AH e:0 p:5242 [syz-executor237] inode_permission fs/namei.c:529 [inline]
gfs2: fsid=syz:syz.0:  H: s:SH f:AH e:0 p:5242 [syz-executor237] inode_permission+0x384/0x5e0 fs/namei.c:504
general protection fault, probably for non-canonical address 0xdffffc0000001024: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000000000008120-0x0000000000008127]
CPU: 1 PID: 5240 Comm: syz-executor237 Not tainted 6.7.0-rc1-syzkaller-00012-g9bacdd8996c7 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:pid_is_meaningful fs/gfs2/glock.c:1457 [inline]
RIP: 0010:dump_holder fs/gfs2/glock.c:2254 [inline]
RIP: 0010:gfs2_dump_glock+0x11d3/0x1c80 fs/gfs2/glock.c:2370
Code: e8 32 66 dc 06 31 ff 89 c3 89 c6 e8 27 28 e4 fd 85 db 58 0f 85 75 04 00 00 e8 a9 2c e4 fd 49 8d 5c 24 20 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 74 08 3c 01 0f 8e 79 06 00 00 41 0f b7 6c 24
RSP: 0018:ffffc9000374f208 EFLAGS: 00010206
RAX: 0000000000001024 RBX: 0000000000008120 RCX: ffffffff83a25eec
RDX: ffff88807e30e180 RSI: ffffffff83a25a67 RDI: 0000000000000001
RBP: ffffffff8b19c320 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000008100
R13: ffffc9000374f2f8 R14: ffffc9000377f922 R15: dffffc0000000000
FS:  00007f44d5f3d6c0(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f44d5f3e000 CR3: 000000001f90c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 gfs2_consist_inode_i+0x104/0x150 fs/gfs2/util.c:456
 gfs2_dirent_scan+0x2f9/0x3c0 fs/gfs2/dir.c:602
 gfs2_dirent_search+0x455/0x5c0 fs/gfs2/dir.c:850
 gfs2_dir_search+0x98/0x2e0 fs/gfs2/dir.c:1650
 gfs2_lookupi+0x4b6/0x6e0 fs/gfs2/inode.c:340
 __gfs2_lookup+0xa1/0x290 fs/gfs2/inode.c:896
 gfs2_atomic_open+0xd9/0x240 fs/gfs2/inode.c:1297
 atomic_open fs/namei.c:3340 [inline]
 lookup_open.isra.0+0xc8e/0x13b0 fs/namei.c:3448
 open_last_lookups fs/namei.c:3546 [inline]
 path_openat+0x922/0x2c50 fs/namei.c:3776
 do_filp_open+0x1de/0x430 fs/namei.c:3809
 do_sys_openat2+0x176/0x1e0 fs/open.c:1440
 do_sys_open fs/open.c:1455 [inline]
 __do_sys_open fs/open.c:1463 [inline]
 __se_sys_open fs/open.c:1459 [inline]
 __x64_sys_open+0x154/0x1e0 fs/open.c:1459
 do_syscall_x64 arch/x86/entry/common.c:51 [inline]
 do_syscall_64+0x40/0x110 arch/x86/entry/common.c:82
 entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f44d5f80a59
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f44d5f3d218 EFLAGS: 00000246
 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 00007f44d601a6a8 RCX: 00007f44d5f80a59
RDX: 0000000000000008 RSI: 0000000000000002 RDI: 0000000020000280
RBP: 00007f44d601a6a0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f44d601a6ac
R13: 0030656c69662f2e R14: 00007f44d5fd50c0 R15: 0032656c69662f2e
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:pid_is_meaningful fs/gfs2/glock.c:1457 [inline]
RIP: 0010:dump_holder fs/gfs2/glock.c:2254 [inline]
RIP: 0010:gfs2_dump_glock+0x11d3/0x1c80 fs/gfs2/glock.c:2370
Code: e8 32 66 dc 06 31 ff 89 c3 89 c6 e8 27 28 e4 fd 85 db 58 0f 85 75 04 00 00 e8 a9 2c e4 fd 49 8d 5c 24 20 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 74 08 3c 01 0f 8e 79 06 00 00 41 0f b7 6c 24
RSP: 0018:ffffc9000374f208 EFLAGS: 00010206
RAX: 0000000000001024 RBX: 0000000000008120 RCX: ffffffff83a25eec
RDX: ffff88807e30e180 RSI: ffffffff83a25a67 RDI: 0000000000000001
RBP: ffffffff8b19c320 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000008100
R13: ffffc9000374f2f8 R14: ffffc9000377f922 R15: dffffc0000000000
FS:  00007f44d5f3d6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f44d5fbc950 CR3: 000000001f90c000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	e8 32 66 dc 06       	call   0x6dc6637
   5:	31 ff                	xor    %edi,%edi
   7:	89 c3                	mov    %eax,%ebx
   9:	89 c6                	mov    %eax,%esi
   b:	e8 27 28 e4 fd       	call   0xfde42837
  10:	85 db                	test   %ebx,%ebx
  12:	58                   	pop    %rax
  13:	0f 85 75 04 00 00    	jne    0x48e
  19:	e8 a9 2c e4 fd       	call   0xfde42cc7
  1e:	49 8d 5c 24 20       	lea    0x20(%r12),%rbx
  23:	48 89 d8             	mov    %rbx,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	42 0f b6 04 38       	movzbl (%rax,%r15,1),%eax <-- trapping instruction
  2f:	84 c0                	test   %al,%al
  31:	74 08                	je     0x3b
  33:	3c 01                	cmp    $0x1,%al
  35:	0f 8e 79 06 00 00    	jle    0x6b4
  3b:	41                   	rex.B
  3c:	0f                   	.byte 0xf
  3d:	b7 6c                	mov    $0x6c,%bh
  3f:	24                   	.byte 0x24

Crashes (48):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/11/14 19:57 upstream 9bacdd8996c7 cb976f63 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root general protection fault in gfs2_dump_glock
2023/08/22 06:07 upstream f7757129e3de 6b415825 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in gfs2_dump_glock
2023/07/11 22:45 upstream 3f01e9fed845 2f19aa4f .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root general protection fault in gfs2_dump_glock
2023/05/23 09:34 upstream 421ca22e3138 4bce1a3e .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-smack-root general protection fault in gfs2_dump_glock
2023/12/06 06:31 upstream bee0e7762ad2 f819d6f7 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-selinux-root KASAN: stack-out-of-bounds Read in gfs2_dump_glock
2023/05/01 03:08 upstream 58390c8ce1bd 62df2017 .config strace log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: stack-out-of-bounds Read in gfs2_dump_glock
2023/03/06 05:02 upstream f915322fe014 f8902b57 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs KASAN: vmalloc-out-of-bounds Read in gfs2_dump_glock
2023/06/11 04:42 linux-next 715abedee4cd 7086cdb9 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-linux-next-kasan-gce-root KASAN: global-out-of-bounds Read in gfs2_dump_glock
2024/01/08 12:28 upstream 0dd3ee311255 d0304e9c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/29 19:33 upstream 8735c7c84d1b fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/29 03:14 upstream 505e701c0b2c fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/27 18:06 upstream fbafc3e621c3 fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/15 08:45 upstream c7402612e2e6 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/14 18:19 upstream 5bd7ef53ffe5 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/13 20:45 upstream 5bd7ef53ffe5 3222d10c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/13 00:18 upstream eaadbbaaff74 ebcad15c .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/12/11 13:16 upstream a39b6ac3781d 28b24332 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/05/04 03:36 upstream 89b7fd5d7f3c b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in gfs2_dump_glock
2023/05/04 03:21 upstream 89b7fd5d7f3c b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in gfs2_dump_glock
2023/05/04 03:19 upstream 89b7fd5d7f3c b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in gfs2_dump_glock
2023/05/03 21:03 upstream 348551ddaf31 b5918830 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/05/02 23:59 upstream 7df047b3f0aa 48e0a81d .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/05/02 15:18 upstream 865fdb08197e 52d40fd2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/05/02 04:40 upstream c8c655c34e33 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/05/02 00:49 upstream c8c655c34e33 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/05/01 19:11 upstream 58390c8ce1bd 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/05/01 06:18 upstream 58390c8ce1bd 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/04/30 23:39 upstream 58390c8ce1bd 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/04/30 19:41 upstream 825a0714d2b3 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in gfs2_dump_glock
2023/04/30 18:32 upstream 825a0714d2b3 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/04/30 09:44 upstream 825a0714d2b3 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/04/29 20:16 upstream 1ae78a14516b 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/04/29 20:02 upstream 89d77f71f493 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in gfs2_dump_glock
2023/04/29 17:43 upstream 89d77f71f493 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in gfs2_dump_glock
2023/03/31 02:15 upstream 8bb95a1662f8 f325deb0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2023/03/22 07:50 upstream 2faac9a98f01 8b4eb097 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in gfs2_dump_glock
2023/03/06 00:57 upstream f915322fe014 f8902b57 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in gfs2_dump_glock
2024/01/04 19:58 upstream 5eff55d725a4 28c42cff .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: stack-out-of-bounds Read in gfs2_dump_glock
2023/12/31 13:36 upstream 453f5db0619e fb427a07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: vmalloc-out-of-bounds Read in gfs2_dump_glock
2023/05/01 16:19 upstream 58390c8ce1bd 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: stack-out-of-bounds Read in gfs2_dump_glock
2023/04/30 10:43 upstream 825a0714d2b3 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: stack-out-of-bounds Read in gfs2_dump_glock
2023/04/30 08:28 upstream 1ae78a14516b 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: vmalloc-out-of-bounds Read in gfs2_dump_glock
2023/04/29 15:18 upstream 89d77f71f493 62df2017 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs KASAN: stack-out-of-bounds Read in gfs2_dump_glock
2023/04/16 16:44 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in gfs2_dump_glock
2023/04/15 06:29 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1f5b16c51aef ec410564 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in gfs2_dump_glock
2023/04/13 07:37 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 7920df21c1b7 82d5e53e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in gfs2_dump_glock
2023/04/10 16:05 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a 71147e29 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in gfs2_dump_glock
2023/04/07 19:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 9a03cbd79d3a f7ba566d .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in gfs2_dump_glock
* Struck through repros no longer work on HEAD.