Linux-ext4 Archive on lore.kernel.org
 help / color / Atom feed
* general protection fault in ext4_writepages
@ 2019-11-10 23:44 syzbot
  2019-11-11  5:12 ` Ritesh Harjani
  0 siblings, 1 reply; 6+ messages in thread
From: syzbot @ 2019-11-10 23:44 UTC (permalink / raw)
  To: adilger.kernel, linux-ext4, linux-kernel, riteshh, syzkaller-bugs, tytso

Hello,

syzbot found the following crash on:

HEAD commit:    dcd34bd2 Add linux-next specific files for 20191106
git tree:       linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=11a0a4fce00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=742545dcdea21726
dashboard link: https://syzkaller.appspot.com/bug?extid=9567fda428fba259deba
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1645c42ce00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1108a23ae00000

The bug was bisected to:

commit c8cc88163f40df39e50cda63ac361631864b453e
Author: Ritesh Harjani <riteshh@linux.ibm.com>
Date:   Wed Oct 16 07:37:10 2019 +0000

     ext4: Add support for blocksize < pagesize in dioread_nolock

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1044c6b4e00000
final crash:    https://syzkaller.appspot.com/x/report.txt?x=1244c6b4e00000
console output: https://syzkaller.appspot.com/x/log.txt?x=1444c6b4e00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+9567fda428fba259deba@syzkaller.appspotmail.com
Fixes: c8cc88163f40 ("ext4: Add support for blocksize < pagesize in  
dioread_nolock")

RDX: 0000000000000000 RSI: 0000000100000003 RDI: 0000000000000003
RBP: 0000000000000004 R08: 0000000000000001 R09: 00007fffd7a50033
R10: 0000000028120001 R11: 0000000000000246 R12: 0000000000401ef0
R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8639 Comm: syz-executor031 Not tainted 5.4.0-rc6-next-20191106  
#0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2557 [inline]
RIP: 0010:ext4_writepages+0x17b4/0x2e80 fs/ext4/inode.c:2911
Code: ff ff e8 1f cf b0 ff 48 8b 85 30 fe ff ff 48 8b 8d 00 fe ff ff 48 8d  
78 10 48 89 fa 48 c1 ea 03 0f b6 89 c2 00 00 00 48 d3 e3 <42> 80 3c 2a 00  
0f 85 03 16 00 00 48 89 58 10 48 c7 c0 08 ad c4 89
RSP: 0018:ffff88808bf77890 EFLAGS: 00010206
RAX: fffffffffffffff4 RBX: 00000000007ff000 RCX: 000000000000000c
RDX: 0000000000000000 RSI: ffffffff820534cd RDI: 0000000000000004
RBP: ffff88808bf77ac0 R08: 0000000000000000 R09: ffffed1015d06b7d
R10: ffffed1015d06b7c R11: ffff8880ae835be3 R12: 0000000000000000
R13: dffffc0000000000 R14: 00000000000007ff R15: ffff888086499488
FS:  0000000001162880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000009366b000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
  ? 0xffffffff81000000
  do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344
  __filemap_fdatawrite_range+0x2bc/0x3b0 mm/filemap.c:421
  filemap_write_and_wait_range mm/filemap.c:681 [inline]
  filemap_write_and_wait_range+0xfc/0x1d0 mm/filemap.c:675
  ext4_punch_hole+0x27d/0x1320 fs/ext4/inode.c:4314
  ext4_fallocate+0x419/0x2470 fs/ext4/extents.c:4889
  vfs_fallocate+0x4aa/0xa50 fs/open.c:309
  ksys_fallocate+0x58/0xa0 fs/open.c:332
  __do_sys_fallocate fs/open.c:340 [inline]
  __se_sys_fallocate fs/open.c:338 [inline]
  __x64_sys_fallocate+0x97/0xf0 fs/open.c:338
  do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440609
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7  
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff  
ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fffd7a50c58 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
RAX: ffffffffffffffda RBX: 00007fffd7a50c60 RCX: 0000000000440609
RDX: 0000000000000000 RSI: 0000000100000003 RDI: 0000000000000003
RBP: 0000000000000004 R08: 0000000000000001 R09: 00007fffd7a50033
R10: 0000000028120001 R11: 0000000000000246 R12: 0000000000401ef0
R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 0ee46d2ea32148f5 ]---
RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2557 [inline]
RIP: 0010:ext4_writepages+0x17b4/0x2e80 fs/ext4/inode.c:2911
Code: ff ff e8 1f cf b0 ff 48 8b 85 30 fe ff ff 48 8b 8d 00 fe ff ff 48 8d  
78 10 48 89 fa 48 c1 ea 03 0f b6 89 c2 00 00 00 48 d3 e3 <42> 80 3c 2a 00  
0f 85 03 16 00 00 48 89 58 10 48 c7 c0 08 ad c4 89
RSP: 0018:ffff88808bf77890 EFLAGS: 00010206
RAX: fffffffffffffff4 RBX: 00000000007ff000 RCX: 000000000000000c
RDX: 0000000000000000 RSI: ffffffff820534cd RDI: 0000000000000004
RBP: ffff88808bf77ac0 R08: 0000000000000000 R09: ffffed1015d06b7d
R10: ffffed1015d06b7c R11: ffff8880ae835be3 R12: 0000000000000000
R13: dffffc0000000000 R14: 00000000000007ff R15: ffff888086499488
FS:  0000000001162880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000009366b000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: general protection fault in ext4_writepages
  2019-11-10 23:44 general protection fault in ext4_writepages syzbot
@ 2019-11-11  5:12 ` Ritesh Harjani
  2019-11-11  5:32   ` Ritesh Harjani
  0 siblings, 1 reply; 6+ messages in thread
From: Ritesh Harjani @ 2019-11-11  5:12 UTC (permalink / raw)
  To: syzbot, adilger.kernel, linux-ext4, linux-kernel, syzkaller-bugs,
	tytso, Jan Kara

Hello Ted,

This issue seems to be coming via fault injection failure in slab
allocation. This should be fixed via below patch on your latest ext4
branch.

https://marc.info/?l=linux-ext4&m=804&w=2

Please let me know if anything else is needed.

-ritesh

On 11/11/19 5:14 AM, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    dcd34bd2 Add linux-next specific files for 20191106
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=11a0a4fce00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=742545dcdea21726
> dashboard link: 
> https://syzkaller.appspot.com/bug?extid=9567fda428fba259deba
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1645c42ce00000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1108a23ae00000
> 
> The bug was bisected to:
> 
> commit c8cc88163f40df39e50cda63ac361631864b453e
> Author: Ritesh Harjani <riteshh@linux.ibm.com>
> Date:   Wed Oct 16 07:37:10 2019 +0000
> 
>      ext4: Add support for blocksize < pagesize in dioread_nolock
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1044c6b4e00000
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=1244c6b4e00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1444c6b4e00000
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+9567fda428fba259deba@syzkaller.appspotmail.com
> Fixes: c8cc88163f40 ("ext4: Add support for blocksize < pagesize in 
> dioread_nolock")
> 
> RDX: 0000000000000000 RSI: 0000000100000003 RDI: 0000000000000003
> RBP: 0000000000000004 R08: 0000000000000001 R09: 00007fffd7a50033
> R10: 0000000028120001 R11: 0000000000000246 R12: 0000000000401ef0
> R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] PREEMPT SMP KASAN
> CPU: 0 PID: 8639 Comm: syz-executor031 Not tainted 
> 5.4.0-rc6-next-20191106 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS 
> Google 01/01/2011
> RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2557 [inline]
> RIP: 0010:ext4_writepages+0x17b4/0x2e80 fs/ext4/inode.c:2911
> Code: ff ff e8 1f cf b0 ff 48 8b 85 30 fe ff ff 48 8b 8d 00 fe ff ff 48 
> 8d 78 10 48 89 fa 48 c1 ea 03 0f b6 89 c2 00 00 00 48 d3 e3 <42> 80 3c 
> 2a 00 0f 85 03 16 00 00 48 89 58 10 48 c7 c0 08 ad c4 89
> RSP: 0018:ffff88808bf77890 EFLAGS: 00010206
> RAX: fffffffffffffff4 RBX: 00000000007ff000 RCX: 000000000000000c
> RDX: 0000000000000000 RSI: ffffffff820534cd RDI: 0000000000000004
> RBP: ffff88808bf77ac0 R08: 0000000000000000 R09: ffffed1015d06b7d
> R10: ffffed1015d06b7c R11: ffff8880ae835be3 R12: 0000000000000000
> R13: dffffc0000000000 R14: 00000000000007ff R15: ffff888086499488
> FS:  0000000001162880(0000) GS:ffff8880ae800000(0000) 
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000009366b000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>   ? 0xffffffff81000000
>   do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344
>   __filemap_fdatawrite_range+0x2bc/0x3b0 mm/filemap.c:421
>   filemap_write_and_wait_range mm/filemap.c:681 [inline]
>   filemap_write_and_wait_range+0xfc/0x1d0 mm/filemap.c:675
>   ext4_punch_hole+0x27d/0x1320 fs/ext4/inode.c:4314
>   ext4_fallocate+0x419/0x2470 fs/ext4/extents.c:4889
>   vfs_fallocate+0x4aa/0xa50 fs/open.c:309
>   ksys_fallocate+0x58/0xa0 fs/open.c:332
>   __do_sys_fallocate fs/open.c:340 [inline]
>   __se_sys_fallocate fs/open.c:338 [inline]
>   __x64_sys_fallocate+0x97/0xf0 fs/open.c:338
>   do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
>   entry_SYSCALL_64_after_hwframe+0x49/0xbe
> RIP: 0033:0x440609
> Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 
> f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 
> f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
> RSP: 002b:00007fffd7a50c58 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
> RAX: ffffffffffffffda RBX: 00007fffd7a50c60 RCX: 0000000000440609
> RDX: 0000000000000000 RSI: 0000000100000003 RDI: 0000000000000003
> RBP: 0000000000000004 R08: 0000000000000001 R09: 00007fffd7a50033
> R10: 0000000028120001 R11: 0000000000000246 R12: 0000000000401ef0
> R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000
> Modules linked in:
> ---[ end trace 0ee46d2ea32148f5 ]---
> RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2557 [inline]
> RIP: 0010:ext4_writepages+0x17b4/0x2e80 fs/ext4/inode.c:2911
> Code: ff ff e8 1f cf b0 ff 48 8b 85 30 fe ff ff 48 8b 8d 00 fe ff ff 48 
> 8d 78 10 48 89 fa 48 c1 ea 03 0f b6 89 c2 00 00 00 48 d3 e3 <42> 80 3c 
> 2a 00 0f 85 03 16 00 00 48 89 58 10 48 c7 c0 08 ad c4 89
> RSP: 0018:ffff88808bf77890 EFLAGS: 00010206
> RAX: fffffffffffffff4 RBX: 00000000007ff000 RCX: 000000000000000c
> RDX: 0000000000000000 RSI: ffffffff820534cd RDI: 0000000000000004
> RBP: ffff88808bf77ac0 R08: 0000000000000000 R09: ffffed1015d06b7d
> R10: ffffed1015d06b7c R11: ffff8880ae835be3 R12: 0000000000000000
> R13: dffffc0000000000 R14: 00000000000007ff R15: ffff888086499488
> FS:  0000000001162880(0000) GS:ffff8880ae800000(0000) 
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 000000009366b000 CR4: 00000000001406f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> 
> 
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@googlegroups.com.
> 
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> For information about bisection process see: 
> https://goo.gl/tpsmEJ#bisection
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: general protection fault in ext4_writepages
  2019-11-11  5:12 ` Ritesh Harjani
@ 2019-11-11  5:32   ` Ritesh Harjani
  2019-11-11 18:24     ` Theodore Y. Ts'o
  0 siblings, 1 reply; 6+ messages in thread
From: Ritesh Harjani @ 2019-11-11  5:32 UTC (permalink / raw)
  To: syzbot, adilger.kernel, linux-ext4, linux-kernel, syzkaller-bugs,
	tytso, Jan Kara
  Cc: Ritesh Harjani


Updating the link.

On 11/11/19 10:42 AM, Ritesh Harjani wrote:
> Hello Ted,
> 
> This issue seems to be coming via fault injection failure in slab
> allocation. This should be fixed via below patch on your latest ext4
> branch.
> 
> https://marc.info/?l=linux-ext4&m=804&w=2
https://marc.info/?l=linux-ext4&m=157303310723804&w=2


> 
> Please let me know if anything else is needed.
> 
> -ritesh
> 
> On 11/11/19 5:14 AM, syzbot wrote:
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit:    dcd34bd2 Add linux-next specific files for 20191106
>> git tree:       linux-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=11a0a4fce00000
>> kernel config:  
>> https://syzkaller.appspot.com/x/.config?x=742545dcdea21726
>> dashboard link: 
>> https://syzkaller.appspot.com/bug?extid=9567fda428fba259deba
>> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
>> syz repro:      
>> https://syzkaller.appspot.com/x/repro.syz?x=1645c42ce00000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1108a23ae00000
>>
>> The bug was bisected to:
>>
>> commit c8cc88163f40df39e50cda63ac361631864b453e
>> Author: Ritesh Harjani <riteshh@linux.ibm.com>
>> Date:   Wed Oct 16 07:37:10 2019 +0000
>>
>>      ext4: Add support for blocksize < pagesize in dioread_nolock
>>
>> bisection log:  
>> https://syzkaller.appspot.com/x/bisect.txt?x=1044c6b4e00000
>> final crash:    
>> https://syzkaller.appspot.com/x/report.txt?x=1244c6b4e00000
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1444c6b4e00000
>>
>> IMPORTANT: if you fix the bug, please add the following tag to the 
>> commit:
>> Reported-by: syzbot+9567fda428fba259deba@syzkaller.appspotmail.com
>> Fixes: c8cc88163f40 ("ext4: Add support for blocksize < pagesize in 
>> dioread_nolock")
>>
>> RDX: 0000000000000000 RSI: 0000000100000003 RDI: 0000000000000003
>> RBP: 0000000000000004 R08: 0000000000000001 R09: 00007fffd7a50033
>> R10: 0000000028120001 R11: 0000000000000246 R12: 0000000000401ef0
>> R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000
>> kasan: CONFIG_KASAN_INLINE enabled
>> kasan: GPF could be caused by NULL-ptr deref or user memory access
>> general protection fault: 0000 [#1] PREEMPT SMP KASAN
>> CPU: 0 PID: 8639 Comm: syz-executor031 Not tainted 
>> 5.4.0-rc6-next-20191106 #0
>> Hardware name: Google Google Compute Engine/Google Compute Engine, 
>> BIOS Google 01/01/2011
>> RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2557 [inline]
>> RIP: 0010:ext4_writepages+0x17b4/0x2e80 fs/ext4/inode.c:2911
>> Code: ff ff e8 1f cf b0 ff 48 8b 85 30 fe ff ff 48 8b 8d 00 fe ff ff 
>> 48 8d 78 10 48 89 fa 48 c1 ea 03 0f b6 89 c2 00 00 00 48 d3 e3 <42> 80 
>> 3c 2a 00 0f 85 03 16 00 00 48 89 58 10 48 c7 c0 08 ad c4 89
>> RSP: 0018:ffff88808bf77890 EFLAGS: 00010206
>> RAX: fffffffffffffff4 RBX: 00000000007ff000 RCX: 000000000000000c
>> RDX: 0000000000000000 RSI: ffffffff820534cd RDI: 0000000000000004
>> RBP: ffff88808bf77ac0 R08: 0000000000000000 R09: ffffed1015d06b7d
>> R10: ffffed1015d06b7c R11: ffff8880ae835be3 R12: 0000000000000000
>> R13: dffffc0000000000 R14: 00000000000007ff R15: ffff888086499488
>> FS:  0000000001162880(0000) GS:ffff8880ae800000(0000) 
>> knlGS:0000000000000000
>> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000000000 CR3: 000000009366b000 CR4: 00000000001406f0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> Call Trace:
>>   ? 0xffffffff81000000
>>   do_writepages+0xfa/0x2a0 mm/page-writeback.c:2344
>>   __filemap_fdatawrite_range+0x2bc/0x3b0 mm/filemap.c:421
>>   filemap_write_and_wait_range mm/filemap.c:681 [inline]
>>   filemap_write_and_wait_range+0xfc/0x1d0 mm/filemap.c:675
>>   ext4_punch_hole+0x27d/0x1320 fs/ext4/inode.c:4314
>>   ext4_fallocate+0x419/0x2470 fs/ext4/extents.c:4889
>>   vfs_fallocate+0x4aa/0xa50 fs/open.c:309
>>   ksys_fallocate+0x58/0xa0 fs/open.c:332
>>   __do_sys_fallocate fs/open.c:340 [inline]
>>   __se_sys_fallocate fs/open.c:338 [inline]
>>   __x64_sys_fallocate+0x97/0xf0 fs/open.c:338
>>   do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
>>   entry_SYSCALL_64_after_hwframe+0x49/0xbe
>> RIP: 0033:0x440609
>> Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 
>> 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 
>> 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
>> RSP: 002b:00007fffd7a50c58 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
>> RAX: ffffffffffffffda RBX: 00007fffd7a50c60 RCX: 0000000000440609
>> RDX: 0000000000000000 RSI: 0000000100000003 RDI: 0000000000000003
>> RBP: 0000000000000004 R08: 0000000000000001 R09: 00007fffd7a50033
>> R10: 0000000028120001 R11: 0000000000000246 R12: 0000000000401ef0
>> R13: 0000000000401f80 R14: 0000000000000000 R15: 0000000000000000
>> Modules linked in:
>> ---[ end trace 0ee46d2ea32148f5 ]---
>> RIP: 0010:mpage_map_and_submit_extent fs/ext4/inode.c:2557 [inline]
>> RIP: 0010:ext4_writepages+0x17b4/0x2e80 fs/ext4/inode.c:2911
>> Code: ff ff e8 1f cf b0 ff 48 8b 85 30 fe ff ff 48 8b 8d 00 fe ff ff 
>> 48 8d 78 10 48 89 fa 48 c1 ea 03 0f b6 89 c2 00 00 00 48 d3 e3 <42> 80 
>> 3c 2a 00 0f 85 03 16 00 00 48 89 58 10 48 c7 c0 08 ad c4 89
>> RSP: 0018:ffff88808bf77890 EFLAGS: 00010206
>> RAX: fffffffffffffff4 RBX: 00000000007ff000 RCX: 000000000000000c
>> RDX: 0000000000000000 RSI: ffffffff820534cd RDI: 0000000000000004
>> RBP: ffff88808bf77ac0 R08: 0000000000000000 R09: ffffed1015d06b7d
>> R10: ffffed1015d06b7c R11: ffff8880ae835be3 R12: 0000000000000000
>> R13: dffffc0000000000 R14: 00000000000007ff R15: ffff888086499488
>> FS:  0000000001162880(0000) GS:ffff8880ae800000(0000) 
>> knlGS:0000000000000000
>> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000000000 CR3: 000000009366b000 CR4: 00000000001406f0
>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>>
>>
>> ---
>> This bug is generated by a bot. It may contain errors.
>> See https://goo.gl/tpsmEJ for more information about syzbot.
>> syzbot engineers can be reached at syzkaller@googlegroups.com.
>>
>> syzbot will keep track of this bug report. See:
>> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
>> For information about bisection process see: 
>> https://goo.gl/tpsmEJ#bisection
>> syzbot can test patches for this bug, for details see:
>> https://goo.gl/tpsmEJ#testing-patches
> 


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: general protection fault in ext4_writepages
  2019-11-11  5:32   ` Ritesh Harjani
@ 2019-11-11 18:24     ` Theodore Y. Ts'o
  2019-11-11 19:25       ` syzbot
  0 siblings, 1 reply; 6+ messages in thread
From: Theodore Y. Ts'o @ 2019-11-11 18:24 UTC (permalink / raw)
  To: Ritesh Harjani
  Cc: syzbot, adilger.kernel, linux-ext4, linux-kernel, syzkaller-bugs,
	Jan Kara

On Mon, Nov 11, 2019 at 11:02:31AM +0530, Ritesh Harjani wrote:
> 
> Updating the link.
> 
> On 11/11/19 10:42 AM, Ritesh Harjani wrote:
> > Hello Ted,
> > 
> > This issue seems to be coming via fault injection failure in slab
> > allocation. This should be fixed via below patch on your latest ext4
> > branch.
> > 
> > https://marc.info/?l=linux-ext4&m=804&w=2
> https://marc.info/?l=linux-ext4&m=157303310723804&w=2

Agreed, although unfortunately I wasn't able to make the reproducer
cause a failure _without_ the patch.  Perhaps something other than
enabling FAILSLAB and KASAN was needed?

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git test

Let's see if the Syzbot can confirm that the patch addresses the problem.

      	     	 	    	    	 - Ted

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: general protection fault in ext4_writepages
  2019-11-11 18:24     ` Theodore Y. Ts'o
@ 2019-11-11 19:25       ` syzbot
  2019-11-19  3:16         ` Eric Biggers
  0 siblings, 1 reply; 6+ messages in thread
From: syzbot @ 2019-11-11 19:25 UTC (permalink / raw)
  To: adilger.kernel, jack, linux-ext4, linux-kernel, riteshh,
	syzkaller-bugs, tytso

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger  
crash:

Reported-and-tested-by:  
syzbot+9567fda428fba259deba@syzkaller.appspotmail.com

Tested on:

commit:         4d06bfb9 ext4: Add error handling for io_end_vec struct al..
git tree:        
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git test
kernel config:  https://syzkaller.appspot.com/x/.config?x=2cc209e226c8fbbd
dashboard link: https://syzkaller.appspot.com/bug?extid=9567fda428fba259deba
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)

Note: testing is done by a robot and is best-effort only.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: general protection fault in ext4_writepages
  2019-11-11 19:25       ` syzbot
@ 2019-11-19  3:16         ` Eric Biggers
  0 siblings, 0 replies; 6+ messages in thread
From: Eric Biggers @ 2019-11-19  3:16 UTC (permalink / raw)
  To: syzbot
  Cc: adilger.kernel, jack, linux-ext4, linux-kernel, riteshh,
	syzkaller-bugs, tytso

On Mon, Nov 11, 2019 at 11:25:00AM -0800, syzbot wrote:
> Hello,
> 
> syzbot has tested the proposed patch and the reproducer did not trigger
> crash:
> 
> Reported-and-tested-by:
> syzbot+9567fda428fba259deba@syzkaller.appspotmail.com
> 
> Tested on:
> 
> commit:         4d06bfb9 ext4: Add error handling for io_end_vec struct al..
> git tree:
> https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git test
> kernel config:  https://syzkaller.appspot.com/x/.config?x=2cc209e226c8fbbd
> dashboard link: https://syzkaller.appspot.com/bug?extid=9567fda428fba259deba
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> 
> Note: testing is done by a robot and is best-effort only.
> 

Marking this fixed for syzbot.

#syz fix: ext4: Add error handling for io_end_vec struct allocation

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, back to index

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-10 23:44 general protection fault in ext4_writepages syzbot
2019-11-11  5:12 ` Ritesh Harjani
2019-11-11  5:32   ` Ritesh Harjani
2019-11-11 18:24     ` Theodore Y. Ts'o
2019-11-11 19:25       ` syzbot
2019-11-19  3:16         ` Eric Biggers

Linux-ext4 Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-ext4/0 linux-ext4/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-ext4 linux-ext4/ https://lore.kernel.org/linux-ext4 \
		linux-ext4@vger.kernel.org
	public-inbox-index linux-ext4

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-ext4


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git