* general protection fault in open_fs_devices
@ 2018-06-06 13:17 syzbot
2018-06-06 14:41 ` David Sterba
` (4 more replies)
0 siblings, 5 replies; 10+ messages in thread
From: syzbot @ 2018-06-06 13:17 UTC (permalink / raw)
To: clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1732a6f7800000
kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680
dashboard link: https://syzkaller.appspot.com/bug?extid=909a5177749d7990ffa4
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16ba31f7800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d4ac8f800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 0
/dev/loop0
print_req_error: I/O error, dev loop1, sector 128
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 0 PID: 4540 Comm: syz-executor962 Not tainted 4.17.0+ #86
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0 00
00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f
85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
btrfs_open_devices+0xc0/0xd0 fs/btrfs/volumes.c:1155
btrfs_mount_root+0x91f/0x1e70 fs/btrfs/super.c:1568
mount_fs+0xae/0x328 fs/super.c:1277
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
btrfs_mount+0x4a1/0x213e fs/btrfs/super.c:1661
mount_fs+0xae/0x328 fs/super.c:1277
vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
vfs_kern_mount fs/namespace.c:1027 [inline]
do_new_mount fs/namespace.c:2518 [inline]
do_mount+0x564/0x30b0 fs/namespace.c:2848
ksys_mount+0x12d/0x140 fs/namespace.c:3064
__do_sys_mount fs/namespace.c:3078 [inline]
__se_sys_mount fs/namespace.c:3075 [inline]
__x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4431fa
Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd e5 fb ff c3 66 2e 0f
1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff
ff 0f 83 da e5 fb ff c3 66 0f 1f 84 00 00 00 00 00
RSP: 002b:00007ffc2d953358 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004431fa
RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffc2d953370
RBP: 0000000000000004 R08: 00000000200000c0 R09: 000000000000000a
R10: 0000000000000000 R11: 0000000000000297 R12: 000000000000000d
R13: 0000000008100000 R14: 0030656c69662f2e R15: fe03f80fe03f80ff
Modules linked in:
Dumping ftrace buffer:
(ftrace buffer empty)
---[ end trace d8b96c29a3ffd356 ]---
RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0 00
00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f
85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-06-06 13:17 general protection fault in open_fs_devices syzbot
@ 2018-06-06 14:41 ` David Sterba
2018-06-06 16:28 ` Anand Jain
` (3 subsequent siblings)
4 siblings, 0 replies; 10+ messages in thread
From: David Sterba @ 2018-06-06 14:41 UTC (permalink / raw)
To: syzbot; +Cc: clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
On Wed, Jun 06, 2018 at 06:17:02AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of git://git.kernel.o..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1732a6f7800000
> kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680
> dashboard link: https://syzkaller.appspot.com/bug?extid=909a5177749d7990ffa4
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16ba31f7800000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d4ac8f800000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
>
> random: sshd: uninitialized urandom read (32 bytes read)
> BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 0
> /dev/loop0
> print_req_error: I/O error, dev loop1, sector 128
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] SMP KASAN
> CPU: 0 PID: 4540 Comm: syz-executor962 Not tainted 4.17.0+ #86
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
Strange that this got that far, the image reconstructed from the
reproducer misses a lot of structural information that should prevent
mount:
superblock: bytenr=65536, device=zimg
---------------------------------------------------------
csum_type 0 (crc32c)
csum_size 4
csum 0x8da4363a [DON'T MATCH]
bytenr 65536
flags 0x1
( WRITTEN )
magic _BHRfS_M [match]
fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a
label
generation 0
root 0
sys_array_size 0
chunk_root_generation 0
root_level 0
chunk_root 0
chunk_root_level 0
log_root 0
log_root_transid 0
log_root_level 0
total_bytes 0
bytes_used 0
sectorsize 0
nodesize 0
leafsize (deprecated) 0
stripesize 0
root_dir 0
num_devices 0
compat_flags 0x0
compat_ro_flags 0x0
incompat_flags 0x0
cache_generation 0
uuid_tree_generation 0
dev_item.uuid 00000000-0000-0000-0000-000000000000
dev_item.fsid 00000000-0000-0000-0000-000000000000 [DON'T MATCH]
dev_item.type 0
dev_item.total_bytes 0
dev_item.bytes_used 0
dev_item.io_align 0
dev_item.io_width 0
dev_item.sector_size 0
dev_item.devid 0
dev_item.dev_group 0
dev_item.seek_speed 0
dev_item.bandwidth 0
dev_item.generation 0
sys_chunk_array[2048]:
backup_roots[4]:
Possibly the ioctl (implementing device scan, triggered by udev) was called on
the loop device at some point. The checks there are not that strict as in the
mount path but also don't do anything else than associate the device id
and fsid.
The warning itself catches a state where the counter of devices has an
unexpected value, so that's probably worth further analysis.
We have pending patches to add more sanity checks to the scanning ioctl,
IIRC they were not in the state to be merged but could address the
warning (and also the one from the close_fs_devices).
I was not able to reproduce the warning on current master (that contains
the recent btrfs pull), will try on the exact commit reported.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-06-06 13:17 general protection fault in open_fs_devices syzbot
2018-06-06 14:41 ` David Sterba
@ 2018-06-06 16:28 ` Anand Jain
2018-06-07 17:03 ` Dmitry Vyukov
2018-06-19 18:05 ` David Sterba
` (2 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Anand Jain @ 2018-06-06 16:28 UTC (permalink / raw)
To: syzbot, clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
On 06/06/2018 09:17 PM, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of
> git://git.kernel.o..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1732a6f7800000
> kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=909a5177749d7990ffa4
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16ba31f7800000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d4ac8f800000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
>
> random: sshd: uninitialized urandom read (32 bytes read)
> BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid
> 0 /dev/loop0
> print_req_error: I/O error, dev loop1, sector 128
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] SMP KASAN
> CPU: 0 PID: 4540 Comm: syz-executor962 Not tainted 4.17.0+ #86
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
Which means there was some other thread which freed our %fs_devices.
As this thread is still in open_ctree() so the contending thread can't
be the ioctl(). So btrfs_free_stale_devices() is the only thread which
can free our %fs_devices in this case.
This is fixed in [1] in the mailing list.
[1]
[PATCH 3/3] btrfs: fix race between mkfs and mount
Thanks, Anand
> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
> FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> btrfs_open_devices+0xc0/0xd0 fs/btrfs/volumes.c:1155
> btrfs_mount_root+0x91f/0x1e70 fs/btrfs/super.c:1568
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
> vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
> btrfs_mount+0x4a1/0x213e fs/btrfs/super.c:1661
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
> vfs_kern_mount fs/namespace.c:1027 [inline]
> do_new_mount fs/namespace.c:2518 [inline]
> do_mount+0x564/0x30b0 fs/namespace.c:2848
> ksys_mount+0x12d/0x140 fs/namespace.c:3064
> __do_sys_mount fs/namespace.c:3078 [inline]
> __se_sys_mount fs/namespace.c:3075 [inline]
> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
> do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x4431fa
> Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd e5 fb ff c3 66 2e
> 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
> f0 ff ff 0f 83 da e5 fb ff c3 66 0f 1f 84 00 00 00 00 00
> RSP: 002b:00007ffc2d953358 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004431fa
> RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffc2d953370
> RBP: 0000000000000004 R08: 00000000200000c0 R09: 000000000000000a
> R10: 0000000000000000 R11: 0000000000000297 R12: 000000000000000d
> R13: 0000000008100000 R14: 0030656c69662f2e R15: fe03f80fe03f80ff
> Modules linked in:
> Dumping ftrace buffer:
> (ftrace buffer empty)
> ---[ end trace d8b96c29a3ffd356 ]---
> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
> FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-06-06 16:28 ` Anand Jain
@ 2018-06-07 17:03 ` Dmitry Vyukov
0 siblings, 0 replies; 10+ messages in thread
From: Dmitry Vyukov @ 2018-06-07 17:03 UTC (permalink / raw)
To: Anand Jain
Cc: syzbot, clm, dsterba, Josef Bacik, linux-btrfs, LKML, syzkaller-bugs
On Wed, Jun 6, 2018 at 6:28 PM, Anand Jain <anand.jain@oracle.com> wrote:
>
>
> On 06/06/2018 09:17 PM, syzbot wrote:
>
>
>
> Which means there was some other thread which freed our %fs_devices.
> As this thread is still in open_ctree() so the contending thread can't
> be the ioctl(). So btrfs_free_stale_devices() is the only thread which
> can free our %fs_devices in this case.
>
> This is fixed in [1] in the mailing list.
>
> [1]
> [PATCH 3/3] btrfs: fix race between mkfs and mount
Let's tell about this syzbot:
#syz fix: btrfs: fix race between mkfs and mount
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-06-06 13:17 general protection fault in open_fs_devices syzbot
2018-06-06 14:41 ` David Sterba
2018-06-06 16:28 ` Anand Jain
@ 2018-06-19 18:05 ` David Sterba
2018-06-19 18:27 ` syzbot
2018-07-10 18:43 ` Anand Jain
2018-07-10 18:48 ` Anand Jain
4 siblings, 1 reply; 10+ messages in thread
From: David Sterba @ 2018-06-19 18:05 UTC (permalink / raw)
To: syzbot; +Cc: clm, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
On Wed, Jun 06, 2018 at 06:17:02AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of git://git.kernel.o..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1732a6f7800000
> kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680
> dashboard link: https://syzkaller.appspot.com/bug?extid=909a5177749d7990ffa4
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16ba31f7800000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d4ac8f800000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git test-syzbot-fs-devices
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-06-19 18:05 ` David Sterba
@ 2018-06-19 18:27 ` syzbot
0 siblings, 0 replies; 10+ messages in thread
From: syzbot @ 2018-06-19 18:27 UTC (permalink / raw)
To: clm, dsterba, dsterba, jbacik, linux-btrfs, linux-kernel, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
Tested on:
commit: b0b8c45747a5 wip streamline uuid locking in btrfs_mount_root
git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux.git/test-syzbot-fs-devices
kernel config: https://syzkaller.appspot.com/x/.config?x=26c272eeaa8c437e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Re: general protection fault in open_fs_devices
2018-07-10 18:43 ` Anand Jain
@ 2018-07-10 18:40 ` syzbot
0 siblings, 0 replies; 10+ messages in thread
From: syzbot @ 2018-07-10 18:40 UTC (permalink / raw)
To: Anand Jain; +Cc: anand.jain, dsterba, linux-btrfs, syzkaller-bugs
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes, Size: 5990 bytes --]
> #syz test: git://git@github.com:asj/btrfs-devel.git misc-next
"git://git@github.com:asj/btrfs-devel.git" does not look like a valid git
repo address.
> On 06/06/2018 09:17 PM, syzbot wrote:
>> Hello,
>> syzbot found the following crash on:
>> HEAD commit:Â Â Â af6c5d5e01ad Merge branch 'for-4.18' of
>> git://git.kernel.o..
>> git tree:Â Â Â Â Â Â upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1732a6f7800000
>> kernel config:Â
>> https://syzkaller.appspot.com/x/.config?x=12ff770540994680
>> dashboard link:
>> https://syzkaller.appspot.com/bug?extid=909a5177749d7990ffa4
>> compiler:Â Â Â Â Â Â gcc (GCC) 8.0.1 20180413 (experimental)
>> syzkaller
>> repro:https://syzkaller.appspot.com/x/repro.syz?x=16ba31f7800000
>> C reproducer:Â Â https://syzkaller.appspot.com/x/repro.c?x=16d4ac8f800000
>> IMPORTANT: if you fix the bug, please add the following tag to the
>> commit:
>> Reported-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
>> random: sshd: uninitialized urandom read (32 bytes read)
>> BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid
>> 0 /dev/loop0
>> print_req_error: I/O error, dev loop1, sector 128
>> kasan: CONFIG_KASAN_INLINE enabled
>> kasan: GPF could be caused by NULL-ptr deref or user memory access
>> general protection fault: 0000 [#1] SMP KASAN
>> CPU: 0 PID: 4540 Comm: syz-executor962 Not tainted 4.17.0+ #86
>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
>> Google 01/01/2011
>> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
>> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
>> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
>> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
>> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
>> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
>> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
>> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
>> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
>> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
>> FS:Â 00000000017dd880(0000) GS:ffff8801dae00000(0000)
>> knlGS:0000000000000000
>> CS:Â 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> Call Trace:
>> Â btrfs_open_devices+0xc0/0xd0 fs/btrfs/volumes.c:1155
>> Â btrfs_mount_root+0x91f/0x1e70 fs/btrfs/super.c:1568
>> Â mount_fs+0xae/0x328 fs/super.c:1277
>> Â vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
>> Â vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
>> Â btrfs_mount+0x4a1/0x213e fs/btrfs/super.c:1661
>> Â mount_fs+0xae/0x328 fs/super.c:1277
>> Â vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
>> Â vfs_kern_mount fs/namespace.c:1027 [inline]
>> Â do_new_mount fs/namespace.c:2518 [inline]
>> Â do_mount+0x564/0x30b0 fs/namespace.c:2848
>> Â ksys_mount+0x12d/0x140 fs/namespace.c:3064
>> Â __do_sys_mount fs/namespace.c:3078 [inline]
>> Â __se_sys_mount fs/namespace.c:3075 [inline]
>> Â __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
>> Â do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
>> Â entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x4431fa
>> Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd e5 fb ff c3 66 2e
>> 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
>> f0 ff ff 0f 83 da e5 fb ff c3 66 0f 1f 84 00 00 00 00 00
>> RSP: 002b:00007ffc2d953358 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
>> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004431fa
>> RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffc2d953370
>> RBP: 0000000000000004 R08: 00000000200000c0 R09: 000000000000000a
>> R10: 0000000000000000 R11: 0000000000000297 R12: 000000000000000d
>> R13: 0000000008100000 R14: 0030656c69662f2e R15: fe03f80fe03f80ff
>> Modules linked in:
>> Dumping ftrace buffer:
>> Â Â (ftrace buffer empty)
>> ---[ end trace d8b96c29a3ffd356 ]---
>> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
>> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
>> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
>> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
>> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
>> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
>> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
>> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
>> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
>> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
>> FS:Â 00000000017dd880(0000) GS:ffff8801dae00000(0000)
>> knlGS:0000000000000000
>> CS:Â 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> ---
>> This bug is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>> syzbot will keep track of this bug report. See:
>> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
>> syzbot.
>> syzbot can test patches for this bug, for details see:
>> https://goo.gl/tpsmEJ#testing-patches
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
ÿôèº{.nÇ+‰·Ÿ®‰†+%ŠËÿ±éݶ\x17¥Šwÿº{.nÇ+‰·¥Š{±ý»k~ÏâžØ^n‡r¡ö¦zË\x1aëh™¨èÚ&£ûàz¿äz¹Þ—ú+€Ê+zf£¢·hšˆ§~††Ûiÿÿïêÿ‘êçz_è®\x0fæj:+v‰¨þ)ߣøm
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-06-06 13:17 general protection fault in open_fs_devices syzbot
` (2 preceding siblings ...)
2018-06-19 18:05 ` David Sterba
@ 2018-07-10 18:43 ` Anand Jain
2018-07-10 18:40 ` syzbot
2018-07-10 18:48 ` Anand Jain
4 siblings, 1 reply; 10+ messages in thread
From: Anand Jain @ 2018-07-10 18:43 UTC (permalink / raw)
To: syzbot; +Cc: dsterba, linux-btrfs, syzkaller-bugs
#syz test: git://git@github.com:asj/btrfs-devel.git misc-next
On 06/06/2018 09:17 PM, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of
> git://git.kernel.o..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1732a6f7800000
> kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=909a5177749d7990ffa4
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16ba31f7800000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d4ac8f800000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
>
> random: sshd: uninitialized urandom read (32 bytes read)
> BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid
> 0 /dev/loop0
> print_req_error: I/O error, dev loop1, sector 128
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] SMP KASAN
> CPU: 0 PID: 4540 Comm: syz-executor962 Not tainted 4.17.0+ #86
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
> FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> btrfs_open_devices+0xc0/0xd0 fs/btrfs/volumes.c:1155
> btrfs_mount_root+0x91f/0x1e70 fs/btrfs/super.c:1568
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
> vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
> btrfs_mount+0x4a1/0x213e fs/btrfs/super.c:1661
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
> vfs_kern_mount fs/namespace.c:1027 [inline]
> do_new_mount fs/namespace.c:2518 [inline]
> do_mount+0x564/0x30b0 fs/namespace.c:2848
> ksys_mount+0x12d/0x140 fs/namespace.c:3064
> __do_sys_mount fs/namespace.c:3078 [inline]
> __se_sys_mount fs/namespace.c:3075 [inline]
> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
> do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x4431fa
> Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd e5 fb ff c3 66 2e
> 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
> f0 ff ff 0f 83 da e5 fb ff c3 66 0f 1f 84 00 00 00 00 00
> RSP: 002b:00007ffc2d953358 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004431fa
> RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffc2d953370
> RBP: 0000000000000004 R08: 00000000200000c0 R09: 000000000000000a
> R10: 0000000000000000 R11: 0000000000000297 R12: 000000000000000d
> R13: 0000000008100000 R14: 0030656c69662f2e R15: fe03f80fe03f80ff
> Modules linked in:
> Dumping ftrace buffer:
> (ftrace buffer empty)
> ---[ end trace d8b96c29a3ffd356 ]---
> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
> FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-06-06 13:17 general protection fault in open_fs_devices syzbot
` (3 preceding siblings ...)
2018-07-10 18:43 ` Anand Jain
@ 2018-07-10 18:48 ` Anand Jain
2018-07-10 19:08 ` syzbot
4 siblings, 1 reply; 10+ messages in thread
From: Anand Jain @ 2018-07-10 18:48 UTC (permalink / raw)
To: syzbot; +Cc: linux-btrfs, syzkaller-bugs
#syz test: https://github.com/asj/btrfs-devel.git misc-next
On 06/06/2018 09:17 PM, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: af6c5d5e01ad Merge branch 'for-4.18' of
> git://git.kernel.o..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=1732a6f7800000
> kernel config: https://syzkaller.appspot.com/x/.config?x=12ff770540994680
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=909a5177749d7990ffa4
> compiler: gcc (GCC) 8.0.1 20180413 (experimental)
> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=16ba31f7800000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16d4ac8f800000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
>
> random: sshd: uninitialized urandom read (32 bytes read)
> BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid
> 0 /dev/loop0
> print_req_error: I/O error, dev loop1, sector 128
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] SMP KASAN
> CPU: 0 PID: 4540 Comm: syz-executor962 Not tainted 4.17.0+ #86
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
> FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> btrfs_open_devices+0xc0/0xd0 fs/btrfs/volumes.c:1155
> btrfs_mount_root+0x91f/0x1e70 fs/btrfs/super.c:1568
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
> vfs_kern_mount+0x40/0x60 fs/namespace.c:1027
> btrfs_mount+0x4a1/0x213e fs/btrfs/super.c:1661
> mount_fs+0xae/0x328 fs/super.c:1277
> vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
> vfs_kern_mount fs/namespace.c:1027 [inline]
> do_new_mount fs/namespace.c:2518 [inline]
> do_mount+0x564/0x30b0 fs/namespace.c:2848
> ksys_mount+0x12d/0x140 fs/namespace.c:3064
> __do_sys_mount fs/namespace.c:3078 [inline]
> __se_sys_mount fs/namespace.c:3075 [inline]
> __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
> do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
> entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x4431fa
> Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd e5 fb ff c3 66 2e
> 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
> f0 ff ff 0f 83 da e5 fb ff c3 66 0f 1f 84 00 00 00 00 00
> RSP: 002b:00007ffc2d953358 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
> RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004431fa
> RDX: 0000000020000080 RSI: 0000000020000040 RDI: 00007ffc2d953370
> RBP: 0000000000000004 R08: 00000000200000c0 R09: 000000000000000a
> R10: 0000000000000000 R11: 0000000000000297 R12: 000000000000000d
> R13: 0000000008100000 R14: 0030656c69662f2e R15: fe03f80fe03f80ff
> Modules linked in:
> Dumping ftrace buffer:
> (ftrace buffer empty)
> ---[ end trace d8b96c29a3ffd356 ]---
> RIP: 0010:open_fs_devices+0x7e8/0xc60 fs/btrfs/volumes.c:1124
> Code: 48 8b 85 e0 fe ff ff 41 c7 87 14 01 00 00 01 00 00 00 48 8d b8 a0
> 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02
> 00 0f 85 01 04 00 00 48 8b 85 e0 fe ff ff 49 8d 7f 50 48
> RSP: 0018:ffff8801d06971d8 EFLAGS: 00010206
> RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff82c386af
> RDX: 0000000000000014 RSI: ffffffff82c386bd RDI: 00000000000000a0
> RBP: ffff8801d0697348 R08: ffff8801ad4fc580 R09: ffff8801d0697240
> R10: ffffed003a0d2e5c R11: ffff8801d06972e7 R12: ffff8801ad4f8158
> R13: ffff8801ad4f80d8 R14: dffffc0000000000 R15: ffff8801ad4f8080
> FS: 00000000017dd880(0000) GS:ffff8801dae00000(0000)
> knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000ede000 CR3: 00000001adaac000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
> syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: general protection fault in open_fs_devices
2018-07-10 18:48 ` Anand Jain
@ 2018-07-10 19:08 ` syzbot
0 siblings, 0 replies; 10+ messages in thread
From: syzbot @ 2018-07-10 19:08 UTC (permalink / raw)
To: anand.jain, linux-btrfs, syzkaller-bugs
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger
crash:
Reported-and-tested-by:
syzbot+909a5177749d7990ffa4@syzkaller.appspotmail.com
Tested on:
commit: d38c078c856c btrfs: add helper function check device delet..
git tree: https://github.com/asj/btrfs-devel.git/misc-next
kernel config: https://syzkaller.appspot.com/x/.config?x=f3049e25df7e85a
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Note: testing is done by a robot and is best-effort only.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2018-07-10 19:08 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-06-06 13:17 general protection fault in open_fs_devices syzbot
2018-06-06 14:41 ` David Sterba
2018-06-06 16:28 ` Anand Jain
2018-06-07 17:03 ` Dmitry Vyukov
2018-06-19 18:05 ` David Sterba
2018-06-19 18:27 ` syzbot
2018-07-10 18:43 ` Anand Jain
2018-07-10 18:40 ` syzbot
2018-07-10 18:48 ` Anand Jain
2018-07-10 19:08 ` syzbot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.