syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

invalid opcode in submit_bh_wbc

Status: auto-closed as invalid on 2019/10/25 08:52
Reported-by: syzbot+b33f3c6d530c10848da3@syzkaller.appspotmail.com
First crash: 1822d, last: 1822d

Sample crash report:
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9014 Comm: syz-executor.0 Not tainted 4.19.37 #5
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:submit_bh_wbc+0x61d/0x790 fs/buffer.c:3054
Code: 45 d0 48 8d 43 10 48 89 45 c0 e9 1b fc ff ff e8 09 33 b2 ff f0 80 63 01 f7 e9 1f fb ff ff e8 fa 32 b2 ff 0f 0b e8 f3 32 b2 ff <0f> 0b e8 ec 32 b2 ff 0f 0b e8 e5 32 b2 ff 0f 0b e8 de 32 b2 ff 0f
RSP: 0018:ffff88805c3a7c28 EFLAGS: 00010202
RAX: 0000000000040000 RBX: ffff888057bbf3f0 RCX: ffffc90005e77000
RDX: 0000000000019250 RSI: ffffffff81b9148d RDI: 0000000000000001
RBP: ffff88805c3a7c70 R08: ffff888086396280 R09: ffffed100af77e8b
R10: ffffed100af77e8a R11: ffff888057bbf453 R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000000 R15: 0000000000000001
FS:  00007fa395037700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc38b699330 CR3: 00000000a10f8000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 submit_bh fs/buffer.c:3101 [inline]
 __sync_dirty_buffer+0x111/0x2e0 fs/buffer.c:3187
 sync_dirty_buffer+0x1b/0x20 fs/buffer.c:3200
 fat_set_state+0x242/0x330 fs/fat/inode.c:702
 fat_put_super+0x46/0xd0 fs/fat/inode.c:728
 generic_shutdown_super+0x14e/0x370 fs/super.c:456
 kill_block_super+0xa0/0x100 fs/super.c:1185
 deactivate_locked_super+0x9a/0x100 fs/super.c:329
 deactivate_super fs/super.c:360 [inline]
 deactivate_super+0x1bd/0x1e0 fs/super.c:356
 cleanup_mnt+0xbf/0x160 fs/namespace.c:1098
 __cleanup_mnt+0x16/0x20 fs/namespace.c:1105
 task_work_run+0x14a/0x1c0 kernel/task_work.c:113
 tracehook_notify_resume include/linux/tracehook.h:193 [inline]
 exit_to_usermode_loop+0x273/0x2c0 arch/x86/entry/common.c:166
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x52d/0x610 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45b81a
Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 2d 8e fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0a 8e fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007fa395036a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffea RBX: 00007fa395036b40 RCX: 000000000045b81a
RDX: 00007fa395036ae0 RSI: 00000000200002c0 RDI: 00007fa395036b00
RBP: 0000000000000001 R08: 00007fa395036b40 R09: 00007fa395036ae0
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
R13: 00000000004c79d9 R14: 00000000004dda18 R15: 00000000ffffffff
Modules linked in:
---[ end trace ad7a07155ff353c2 ]---
RIP: 0010:submit_bh_wbc+0x61d/0x790 fs/buffer.c:3054
loop_set_status: loop0 () has still dirty pages (nrpages=1)
Code: 45 d0 48 8d 43 10 48 89 45 c0 e9 1b fc ff ff e8 09 33 b2 ff f0 80 63 01 f7 e9 1f fb ff ff e8 fa 32 b2 ff 0f 0b e8 f3 32 b2 ff <0f> 0b e8 ec 32 b2 ff 0f 0b e8 e5 32 b2 ff 0f 0b e8 de 32 b2 ff 0f
kobject: 'loop4' (0000000048a03c7d): kobject_uevent_env
RSP: 0018:ffff88805c3a7c28 EFLAGS: 00010202
RAX: 0000000000040000 RBX: ffff888057bbf3f0 RCX: ffffc90005e77000
kobject: 'loop4' (0000000048a03c7d): fill_kobj_path: path = '/devices/virtual/block/loop4'
kobject: 'loop0' (0000000098d8e1f5): kobject_uevent_env
RDX: 0000000000019250 RSI: ffffffff81b9148d RDI: 0000000000000001
kobject: 'loop0' (0000000098d8e1f5): fill_kobj_path: path = '/devices/virtual/block/loop0'
RBP: ffff88805c3a7c70 R08: ffff888086396280 R09: ffffed100af77e8b
R10: ffffed100af77e8a R11: ffff888057bbf453 R12: 0000000000000000
R13: 0000000000000800 R14: 0000000000000000 R15: 0000000000000001
FS:  00007fa395037700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd652fde3c CR3: 00000000a10f8000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/04/30 05:50 linux-4.19.y 19bb613acb9a 20f16bef .config console log report ci2-linux-4-19
* Struck through repros no longer work on HEAD.