kernel BUG in gfs2_glock_nq

From: Yikebaer Aizezi
Date: Mon Sep 25 2023 - 05:03:38 EST

Next message: Gaurav Jain: "RE: [EXTERNAL] RE: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 + Poly1305 self test failure"
Previous message: Hans Verkuil: "Re: [PATCH v12 1/7] media: v4l2: Add ignore_streaming flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

When using Healer to fuzz the Latest Linux-6.6-rc3, the following crash
was triggered.

HEAD commit: 6465e260f48790807eef06b583b38ca9789b6072 ( Linux 6.6-rc3）
git tree: upstream

console output:
https://drive.google.com/file/d/1q_XmbjLsz22Y32vqe0FAv5qbxbcDC_9r/view?usp=drive_link
kernel config:https://drive.google.com/file/d/13ZZEh_dhL4SiUoKcDF0bv4YP1IEgAAE8/view?usp=drive_link
C reproducer:https://drive.google.com/file/d/18efm0TG5Sk3deVXG7ZDDpknAcIEHBeru/view?usp=drive_link
Syzlang reproducer:
https://drive.google.com/file/d/189JUztMVaBcO8rmli6Rk2yRAp02TcAtP/view?usp=drive_link

If you fix this issue, please add the following tag to the commit:
Reported-by: Yikebaer Aizezi <yikebaer61@xxxxxxxxx>

------------[ cut here ]------------
kernel BUG at fs/gfs2/glock.c:1544!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8029 Comm: syz-executor374 Not tainted 6.6.0-rc3-g6465e260f487 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
RIP: 0010:add_to_queue fs/gfs2/glock.c:1544 [inline]
RIP: 0010:gfs2_glock_nq+0xbf3/0x1420 fs/gfs2/glock.c:1569
Code: 3c 03 0f 8e f5 05 00 00 8b 53 18 4c 89 e6 48 c7 c7 e0 0c 3c 8a
e8 7d e2 d0 fd 48 8b 34 24 ba 01 00 00 00 31 ff e8 4d 57 ff ff <0f> 0b
e8 46 38 ed fd 48 89 ef e8 fe 94 ff ff 41 89 c4 e9 c0 f9 ff
RSP: 0018:ffffc90002dc7920 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88802e790000 RCX: 0000000000000000
RDX: ffff888019f19e00 RSI: ffffffff83941059 RDI: ffffffff8a3c43d0
RBP: ffff88801723d438 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 7366203a32736667 R12: ffff88810303d270
R13: 0000000000001f5d R14: ffff88801723d400 R15: ffff88801723d422
FS: 0000000000000000(0000) GS:ffff888063c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fecce4a2000 CR3: 000000002857d000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
gfs2_glock_nq_init fs/gfs2/glock.h:252 [inline]
do_sync+0x45a/0xdf0 fs/gfs2/quota.c:921
gfs2_quota_sync+0x37b/0x5c0 fs/gfs2/quota.c:1347
gfs2_sync_fs+0x40/0xb0 fs/gfs2/super.c:667
sync_filesystem fs/sync.c:56 [inline]
sync_filesystem+0x105/0x280 fs/sync.c:30
generic_shutdown_super+0x7a/0x3c0 fs/super.c:666
kill_block_super+0x38/0x70 fs/super.c:1646
gfs2_kill_sb+0x374/0x420 fs/gfs2/ops_fstype.c:1811
deactivate_locked_super+0x94/0x170 fs/super.c:481
deactivate_super+0xad/0xd0 fs/super.c:514
cleanup_mnt+0x2ae/0x3d0 fs/namespace.c:1254
task_work_run+0x164/0x250 kernel/task_work.c:180
exit_task_work include/linux/task_work.h:38 [inline]
do_exit+0xa86/0x2990 kernel/exit.c:874
do_group_exit+0xd0/0x2a0 kernel/exit.c:1024
__do_sys_exit_group kernel/exit.c:1035 [inline]
__se_sys_exit_group kernel/exit.c:1033 [inline]
__x64_sys_exit_group+0x3a/0x50 kernel/exit.c:1033
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7fa392914c51
Code: Unable to access opcode bytes at 0x7fa392914c27.
RSP: 002b:00007ffd30a95fb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007fa3929bc1b0 RCX: 00007fa392914c51
RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
RBP: 0000000000000001 R08: ffffffffffffffb8 R09: 00327366673d656c
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa3929bc1b0
R13: 0000000000000000 R14: 00007fa3929bcf40 R15: 00007fa3928ca060
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:add_to_queue fs/gfs2/glock.c:1544 [inline]
RIP: 0010:gfs2_glock_nq+0xbf3/0x1420 fs/gfs2/glock.c:1569
Code: 3c 03 0f 8e f5 05 00 00 8b 53 18 4c 89 e6 48 c7 c7 e0 0c 3c 8a
e8 7d e2 d0 fd 48 8b 34 24 ba 01 00 00 00 31 ff e8 4d 57 ff ff <0f> 0b
e8 46 38 ed fd 48 89 ef e8 fe 94 ff ff 41 89 c4 e9 c0 f9 ff
RSP: 0018:ffffc90002dc7920 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff88802e790000 RCX: 0000000000000000
RDX: ffff888019f19e00 RSI: ffffffff83941059 RDI: ffffffff8a3c43d0
RBP: ffff88801723d438 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 7366203a32736667 R12: ffff88810303d270
R13: 0000000000001f5d R14: ffff88801723d400 R15: ffff88801723d422
FS: 0000000000000000(0000) GS:ffff888063c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fecce4a2000 CR3: 000000002857d000 CR4: 0000000000750ef0
PKRU: 55555554

Next message: Gaurav Jain: "RE: [EXTERNAL] RE: [EXT] Re: [PATCH] crypto: caam/jr - fix Chacha20 + Poly1305 self test failure"
Previous message: Hans Verkuil: "Re: [PATCH v12 1/7] media: v4l2: Add ignore_streaming flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]