linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* kernel BUG at lib/string.c:LINE! (5)
@ 2020-09-15 11:00 syzbot
  2020-09-16  8:19 ` syzbot
  2020-09-17 13:14 ` David Sterba
  0 siblings, 2 replies; 4+ messages in thread
From: syzbot @ 2020-09-15 11:00 UTC (permalink / raw)
  To: clm, dsterba, josef, linux-btrfs, linux-kernel, syzkaller-bugs

Hello,

syzbot found the following issue on:

HEAD commit:    e4c26faa Merge tag 'usb-5.9-rc5' of git://git.kernel.org/p..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13b17bed900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c61610091f4ca8c4
dashboard link: https://syzkaller.appspot.com/bug?extid=e864a35d361e1d4e29a5
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=177582be900000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13deb2b5900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e864a35d361e1d4e29a5@syzkaller.appspotmail.com

detected buffer overflow in memcpy
------------[ cut here ]------------
kernel BUG at lib/string.c:1129!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 26 Comm: kworker/u4:2 Not tainted 5.9.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: btrfs-endio-meta btrfs_work_helper
RIP: 0010:fortify_panic+0xf/0x20 lib/string.c:1129
Code: 89 c7 48 89 74 24 08 48 89 04 24 e8 ab 39 00 fe 48 8b 74 24 08 48 8b 04 24 eb d5 48 89 fe 48 c7 c7 40 22 97 88 e8 b0 8c a9 fd <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 41 57 41 56 41
RSP: 0018:ffffc90000e27980 EFLAGS: 00010286
RAX: 0000000000000022 RBX: ffff8880a80dca64 RCX: 0000000000000000
RDX: ffff8880a90860c0 RSI: ffffffff815dba07 RDI: fffff520001c4f22
RBP: ffff8880a80dca00 R08: 0000000000000022 R09: ffff8880ae7318e7
R10: 0000000000000000 R11: 0000000000077578 R12: 00000000ffffff6e
R13: 0000000000000008 R14: ffffc90000e27a40 R15: 1ffff920001c4f3c
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000557335f440d0 CR3: 000000009647d000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 memcpy include/linux/string.h:405 [inline]
 btree_readpage_end_io_hook.cold+0x206/0x221 fs/btrfs/disk-io.c:642
 end_bio_extent_readpage+0x4de/0x10c0 fs/btrfs/extent_io.c:2854
 bio_endio+0x3cf/0x7f0 block/bio.c:1449
 end_workqueue_fn+0x114/0x170 fs/btrfs/disk-io.c:1695
 btrfs_work_helper+0x221/0xe20 fs/btrfs/async-thread.c:318
 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415
 kthread+0x3b5/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294
Modules linked in:
---[ end trace b68924293169feef ]---
RIP: 0010:fortify_panic+0xf/0x20 lib/string.c:1129
Code: 89 c7 48 89 74 24 08 48 89 04 24 e8 ab 39 00 fe 48 8b 74 24 08 48 8b 04 24 eb d5 48 89 fe 48 c7 c7 40 22 97 88 e8 b0 8c a9 fd <0f> 0b cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 41 57 41 56 41
RSP: 0018:ffffc90000e27980 EFLAGS: 00010286
RAX: 0000000000000022 RBX: ffff8880a80dca64 RCX: 0000000000000000
RDX: ffff8880a90860c0 RSI: ffffffff815dba07 RDI: fffff520001c4f22
RBP: ffff8880a80dca00 R08: 0000000000000022 R09: ffff8880ae7318e7
R10: 0000000000000000 R11: 0000000000077578 R12: 00000000ffffff6e
R13: 0000000000000008 R14: ffffc90000e27a40 R15: 1ffff920001c4f3c
FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f95b7c4d008 CR3: 000000009647d000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: kernel BUG at lib/string.c:LINE! (5)
  2020-09-15 11:00 kernel BUG at lib/string.c:LINE! (5) syzbot
@ 2020-09-16  8:19 ` syzbot
  2020-09-16  8:45   ` Johannes Thumshirn
  2020-09-17 13:14 ` David Sterba
  1 sibling, 1 reply; 4+ messages in thread
From: syzbot @ 2020-09-16  8:19 UTC (permalink / raw)
  To: anand.jain, clm, dsterba, johannes.thumshirn, josef, jthumshirn,
	linux-btrfs, linux-kernel, syzkaller-bugs

syzbot has bisected this issue to:

commit 3951e7f050ac6a38bbc859fc3cd6093890c31d1c
Author: Johannes Thumshirn <jthumshirn@suse.de>
Date:   Mon Oct 7 09:11:01 2019 +0000

    btrfs: add xxhash64 to checksumming algorithms

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10aadcc5900000
start commit:   e4c26faa Merge tag 'usb-5.9-rc5' of git://git.kernel.org/p..
git tree:       upstream
final oops:     https://syzkaller.appspot.com/x/report.txt?x=12aadcc5900000
console output: https://syzkaller.appspot.com/x/log.txt?x=14aadcc5900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c61610091f4ca8c4
dashboard link: https://syzkaller.appspot.com/bug?extid=e864a35d361e1d4e29a5
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=177582be900000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13deb2b5900000

Reported-by: syzbot+e864a35d361e1d4e29a5@syzkaller.appspotmail.com
Fixes: 3951e7f050ac ("btrfs: add xxhash64 to checksumming algorithms")

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: kernel BUG at lib/string.c:LINE! (5)
  2020-09-16  8:19 ` syzbot
@ 2020-09-16  8:45   ` Johannes Thumshirn
  0 siblings, 0 replies; 4+ messages in thread
From: Johannes Thumshirn @ 2020-09-16  8:45 UTC (permalink / raw)
  To: syzbot, anand.jain, clm, dsterba, josef, jthumshirn, linux-btrfs,
	linux-kernel, syzkaller-bugs

On 16/09/2020 10:19, syzbot wrote:
> syzbot has bisected this issue to:
> 
> commit 3951e7f050ac6a38bbc859fc3cd6093890c31d1c
> Author: Johannes Thumshirn <jthumshirn@suse.de>
> Date:   Mon Oct 7 09:11:01 2019 +0000
> 
>     btrfs: add xxhash64 to checksumming algorithms
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10aadcc5900000
> start commit:   e4c26faa Merge tag 'usb-5.9-rc5' of git://git.kernel.org/p..
> git tree:       upstream
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=12aadcc5900000
> console output: https://syzkaller.appspot.com/x/log.txt?x=14aadcc5900000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=c61610091f4ca8c4
> dashboard link: https://syzkaller.appspot.com/bug?extid=e864a35d361e1d4e29a5
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=177582be900000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13deb2b5900000
> 
> Reported-by: syzbot+e864a35d361e1d4e29a5@syzkaller.appspotmail.com
> Fixes: 3951e7f050ac ("btrfs: add xxhash64 to checksumming algorithms")
> 
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection
> 

This commit only allowed 8 byte checksums, but d5178578bcd4 ("btrfs: directly
call into crypto framework for checksumming") is the one that was missing the
conversion in btree_readpage_end_io_hook() and a prerequisite for 3951e7f050ac
("btrfs: add xxhash64 to checksumming algorithms"). So I think it makes more 
sense to add d5178578bcd4 to the fixes line.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: kernel BUG at lib/string.c:LINE! (5)
  2020-09-15 11:00 kernel BUG at lib/string.c:LINE! (5) syzbot
  2020-09-16  8:19 ` syzbot
@ 2020-09-17 13:14 ` David Sterba
  1 sibling, 0 replies; 4+ messages in thread
From: David Sterba @ 2020-09-17 13:14 UTC (permalink / raw)
  To: syzbot; +Cc: clm, dsterba, josef, linux-btrfs, linux-kernel, syzkaller-bugs

On Tue, Sep 15, 2020 at 04:00:21AM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    e4c26faa Merge tag 'usb-5.9-rc5' of git://git.kernel.org/p..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=13b17bed900000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=c61610091f4ca8c4
> dashboard link: https://syzkaller.appspot.com/bug?extid=e864a35d361e1d4e29a5
> compiler:       gcc (GCC) 10.1.0-syz 20200507
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=177582be900000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13deb2b5900000
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+e864a35d361e1d4e29a5@syzkaller.appspotmail.com

#syz fix: btrfs: fix overflow when copying corrupt csums for a message

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-09-17 13:17 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-15 11:00 kernel BUG at lib/string.c:LINE! (5) syzbot
2020-09-16  8:19 ` syzbot
2020-09-16  8:45   ` Johannes Thumshirn
2020-09-17 13:14 ` David Sterba

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).