[syzbot] WARNING in rmqueue
9 views
Skip to first unread message
syzbot
Nov 29, 2022, 3:43:39āÆAM11/29/22
to ch...@kernel.org, huy...@coolpad.com, jeff...@linux.alibaba.com, linux...@lists.ozlabs.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, xi...@kernel.org
Hello,
syzbot found the following issue on:
HEAD commit: b7b275e60bcd Linux 6.1-rc7
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16a70187880000
kernel config: https://syzkaller.appspot.com/x/.config?x=2325e409a9a893e1
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15dde8a1880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15685e8d880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/525233126d34/disk-b7b275e6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e8299bf41400/vmlinux-b7b275e6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/eebf691dbf6f/bzImage-b7b275e6.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d643567f551d/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+aafb3f...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 __count_numa_events include/linux/vmstat.h:249 [inline]
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 zone_statistics mm/page_alloc.c:3692 [inline]
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 rmqueue_buddy mm/page_alloc.c:3728 [inline]
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 rmqueue+0x1d6b/0x1ed0 mm/page_alloc.c:3853
Modules linked in:
CPU: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: erofs_unzipd z_erofs_decompressqueue_work
RIP: 0010:rmqueue+0x1d6b/0x1ed0 mm/page_alloc.c:3837
Code: 48 8b 02 65 48 ff 40 20 49 83 f6 05 42 80 3c 2b 00 74 08 4c 89 e7 e8 a4 44 0b 00 49 8b 04 24 65 4a ff 44 f0 10 e9 2a fe ff ff <0f> 0b e9 29 e3 ff ff 48 89 df be 08 00 00 00 e8 31 46 0b 00 f0 41
RSP: 0018:ffffc90000b97260 EFLAGS: 00010202
RAX: f301f204f1f1f1f1 RBX: ffff88813fffae00 RCX: 000000000000adc2
RDX: 1ffff92000172e70 RSI: 1ffff92000172e70 RDI: ffff88813fffae00
RBP: ffffc90000b97420 R08: 0000000000000901 R09: 0000000000000009
R10: ffffed1027fff5b3 R11: 1ffff11027fff5b2 R12: ffff88813fffc310
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88813fffa700
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7bec722f10 CR3: 000000004a430000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
get_page_from_freelist+0x4b6/0x7c0 mm/page_alloc.c:4288
__alloc_pages+0x259/0x560 mm/page_alloc.c:5558
vm_area_alloc_pages mm/vmalloc.c:2975 [inline]
__vmalloc_area_node mm/vmalloc.c:3043 [inline]
__vmalloc_node_range+0x8f4/0x1290 mm/vmalloc.c:3213
kvmalloc_node+0x13e/0x180 mm/util.c:606
kvmalloc include/linux/slab.h:706 [inline]
kvmalloc_array include/linux/slab.h:724 [inline]
kvcalloc include/linux/slab.h:729 [inline]
z_erofs_decompress_pcluster fs/erofs/zdata.c:1049 [inline]
z_erofs_decompress_queue+0x693/0x2c30 fs/erofs/zdata.c:1155
z_erofs_decompressqueue_work+0x95/0xe0 fs/erofs/zdata.c:1167
process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: b7b275e60bcd Linux 6.1-rc7
git tree: upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=16a70187880000
kernel config: https://syzkaller.appspot.com/x/.config?x=2325e409a9a893e1
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15dde8a1880000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15685e8d880000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/525233126d34/disk-b7b275e6.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e8299bf41400/vmlinux-b7b275e6.xz
kernel image: https://storage.googleapis.com/syzbot-assets/eebf691dbf6f/bzImage-b7b275e6.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/d643567f551d/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+aafb3f...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 __count_numa_events include/linux/vmstat.h:249 [inline]
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 zone_statistics mm/page_alloc.c:3692 [inline]
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 rmqueue_buddy mm/page_alloc.c:3728 [inline]
WARNING: CPU: 0 PID: 48 at mm/page_alloc.c:3837 rmqueue+0x1d6b/0x1ed0 mm/page_alloc.c:3853
Modules linked in:
CPU: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: erofs_unzipd z_erofs_decompressqueue_work
RIP: 0010:rmqueue+0x1d6b/0x1ed0 mm/page_alloc.c:3837
Code: 48 8b 02 65 48 ff 40 20 49 83 f6 05 42 80 3c 2b 00 74 08 4c 89 e7 e8 a4 44 0b 00 49 8b 04 24 65 4a ff 44 f0 10 e9 2a fe ff ff <0f> 0b e9 29 e3 ff ff 48 89 df be 08 00 00 00 e8 31 46 0b 00 f0 41
RSP: 0018:ffffc90000b97260 EFLAGS: 00010202
RAX: f301f204f1f1f1f1 RBX: ffff88813fffae00 RCX: 000000000000adc2
RDX: 1ffff92000172e70 RSI: 1ffff92000172e70 RDI: ffff88813fffae00
RBP: ffffc90000b97420 R08: 0000000000000901 R09: 0000000000000009
R10: ffffed1027fff5b3 R11: 1ffff11027fff5b2 R12: ffff88813fffc310
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88813fffa700
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7bec722f10 CR3: 000000004a430000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
get_page_from_freelist+0x4b6/0x7c0 mm/page_alloc.c:4288
__alloc_pages+0x259/0x560 mm/page_alloc.c:5558
vm_area_alloc_pages mm/vmalloc.c:2975 [inline]
__vmalloc_area_node mm/vmalloc.c:3043 [inline]
__vmalloc_node_range+0x8f4/0x1290 mm/vmalloc.c:3213
kvmalloc_node+0x13e/0x180 mm/util.c:606
kvmalloc include/linux/slab.h:706 [inline]
kvmalloc_array include/linux/slab.h:724 [inline]
kvcalloc include/linux/slab.h:729 [inline]
z_erofs_decompress_pcluster fs/erofs/zdata.c:1049 [inline]
z_erofs_decompress_queue+0x693/0x2c30 fs/erofs/zdata.c:1155
z_erofs_decompressqueue_work+0x95/0xe0 fs/erofs/zdata.c:1167
process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Hillf Danton
Nov 29, 2022, 4:41:05āÆAM11/29/22
to syzbot, linux-...@vger.kernel.org, syzkall...@googlegroups.com
On 29 Nov 2022 00:43:37 -0800
Pass gfp to rmqueue() without __GFP_NOFAIL included.
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b7b275e60bcd
--- x/mm/page_alloc.c
+++ p/mm/page_alloc.c
@@ -4286,7 +4286,7 @@ retry:
try_this_zone:
page = rmqueue(ac->preferred_zoneref->zone, zone, order,
- gfp_mask, alloc_flags, ac->migratetype);
+ gfp_mask & ~__GFP_NOFAIL, alloc_flags, ac->migratetype);
if (page) {
prep_new_page(page, order, gfp_mask, alloc_flags);
--
> syzbot found the following issue on:
>
> HEAD commit: b7b275e60bcd Linux 6.1-rc7
> git tree: upstream
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15685e8d880000
>
> HEAD commit: b7b275e60bcd Linux 6.1-rc7
> git tree: upstream
Pass gfp to rmqueue() without __GFP_NOFAIL included.
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b7b275e60bcd
--- x/mm/page_alloc.c
+++ p/mm/page_alloc.c
@@ -4286,7 +4286,7 @@ retry:
try_this_zone:
page = rmqueue(ac->preferred_zoneref->zone, zone, order,
- gfp_mask, alloc_flags, ac->migratetype);
+ gfp_mask & ~__GFP_NOFAIL, alloc_flags, ac->migratetype);
if (page) {
prep_new_page(page, order, gfp_mask, alloc_flags);
--
syzbot
Nov 29, 2022, 12:08:35āÆPM11/29/22
to hda...@sina.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in z_erofs_decompress_queue
BUG: unable to handle page fault for address: fffff5210193fffa
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffed067 P4D 23ffed067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.0-rc7-syzkaller-dirty #0
RIP: 0010:z_erofs_parse_out_bvecs fs/erofs/zdata.c:969 [inline]
RIP: 0010:z_erofs_decompress_pcluster fs/erofs/zdata.c:1056 [inline]
RIP: 0010:z_erofs_decompress_queue+0xad1/0x2c30 fs/erofs/zdata.c:1155
Code: a8 00 00 00 42 80 3c 20 00 74 0a 48 8b 7c 24 70 e8 d4 1c f6 fd 89 db 48 c1 e3 03 48 03 9c 24 40 03 00 00 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 b0 1c f6 fd 48 83 3b 00 0f 84 bd
RSP: 0018:ffffc90000b97780 EFLAGS: 00010a06
RAX: 1ffff92000172f58 RBX: ffffc9080c9fffd0 RCX: 0000000000000000
RDX: ffff888018b2d7c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000b97b90 R08: ffffffff83e894a8 R09: fffff52001940000
R10: fffffbfff23bc68d R11: 1ffffffff23bc68c R12: dffffc0000000000
R13: 00000000ffff9f00 R14: 1ffff9210193fffa R15: ffff8880717b71f0
CR2: fffff5210193fffa
---[ end trace 0000000000000000 ]---
RIP: 0010:z_erofs_do_decompressed_bvec fs/erofs/zdata.c:896 [inline]
RIP: 0010:z_erofs_parse_out_bvecs fs/erofs/zdata.c:969 [inline]
RIP: 0010:z_erofs_decompress_pcluster fs/erofs/zdata.c:1056 [inline]
RIP: 0010:z_erofs_decompress_queue+0xad1/0x2c30 fs/erofs/zdata.c:1155
Code: a8 00 00 00 42 80 3c 20 00 74 0a 48 8b 7c 24 70 e8 d4 1c f6 fd 89 db 48 c1 e3 03 48 03 9c 24 40 03 00 00 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 b0 1c f6 fd 48 83 3b 00 0f 84 bd
RSP: 0018:ffffc90000b97780 EFLAGS: 00010a06
RAX: 1ffff92000172f58 RBX: ffffc9080c9fffd0 RCX: 0000000000000000
RDX: ffff888018b2d7c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000b97b90 R08: ffffffff83e894a8 R09: fffff52001940000
R10: fffffbfff23bc68d R11: 1ffffffff23bc68c R12: dffffc0000000000
R13: 00000000ffff9f00 R14: 1ffff9210193fffa R15: ffff8880717b71f0
Code disassembly (best guess):
0: a8 00 test $0x0,%al
2: 00 00 add %al,(%rax)
4: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1)
9: 74 0a je 0x15
b: 48 8b 7c 24 70 mov 0x70(%rsp),%rdi
10: e8 d4 1c f6 fd callq 0xfdf61ce9
15: 89 db mov %ebx,%ebx
17: 48 c1 e3 03 shl $0x3,%rbx
1b: 48 03 9c 24 40 03 00 add 0x340(%rsp),%rbx
22: 00
23: 49 89 de mov %rbx,%r14
26: 49 c1 ee 03 shr $0x3,%r14
* 2a: 43 80 3c 26 00 cmpb $0x0,(%r14,%r12,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 df mov %rbx,%rdi
34: e8 b0 1c f6 fd callq 0xfdf61ce9
39: 48 83 3b 00 cmpq $0x0,(%rbx)
3d: 0f .byte 0xf
3e: 84 .byte 0x84
3f: bd .byte 0xbd
Tested on:
commit: b7b275e6 Linux 6.1-rc7
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=15bd42a7880000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in z_erofs_decompress_queue
BUG: unable to handle page fault for address: fffff5210193fffa
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffed067 P4D 23ffed067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 48 Comm: kworker/u5:0 Not tainted 6.1.0-rc7-syzkaller-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: erofs_unzipd z_erofs_decompressqueue_work
RIP: 0010:z_erofs_do_decompressed_bvec fs/erofs/zdata.c:896 [inline]
Workqueue: erofs_unzipd z_erofs_decompressqueue_work
RIP: 0010:z_erofs_parse_out_bvecs fs/erofs/zdata.c:969 [inline]
RIP: 0010:z_erofs_decompress_pcluster fs/erofs/zdata.c:1056 [inline]
RIP: 0010:z_erofs_decompress_queue+0xad1/0x2c30 fs/erofs/zdata.c:1155
Code: a8 00 00 00 42 80 3c 20 00 74 0a 48 8b 7c 24 70 e8 d4 1c f6 fd 89 db 48 c1 e3 03 48 03 9c 24 40 03 00 00 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 b0 1c f6 fd 48 83 3b 00 0f 84 bd
RSP: 0018:ffffc90000b97780 EFLAGS: 00010a06
RAX: 1ffff92000172f58 RBX: ffffc9080c9fffd0 RCX: 0000000000000000
RDX: ffff888018b2d7c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000b97b90 R08: ffffffff83e894a8 R09: fffff52001940000
R10: fffffbfff23bc68d R11: 1ffffffff23bc68c R12: dffffc0000000000
R13: 00000000ffff9f00 R14: 1ffff9210193fffa R15: ffff8880717b71f0
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff5210193fffa CR3: 00000000277fc000 CR4: 00000000003506f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
z_erofs_decompressqueue_work+0x95/0xe0 fs/erofs/zdata.c:1167
process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Modules linked in:
process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
kthread+0x266/0x300 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
CR2: fffff5210193fffa
---[ end trace 0000000000000000 ]---
RIP: 0010:z_erofs_do_decompressed_bvec fs/erofs/zdata.c:896 [inline]
RIP: 0010:z_erofs_parse_out_bvecs fs/erofs/zdata.c:969 [inline]
RIP: 0010:z_erofs_decompress_pcluster fs/erofs/zdata.c:1056 [inline]
RIP: 0010:z_erofs_decompress_queue+0xad1/0x2c30 fs/erofs/zdata.c:1155
Code: a8 00 00 00 42 80 3c 20 00 74 0a 48 8b 7c 24 70 e8 d4 1c f6 fd 89 db 48 c1 e3 03 48 03 9c 24 40 03 00 00 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 b0 1c f6 fd 48 83 3b 00 0f 84 bd
RSP: 0018:ffffc90000b97780 EFLAGS: 00010a06
RAX: 1ffff92000172f58 RBX: ffffc9080c9fffd0 RCX: 0000000000000000
RDX: ffff888018b2d7c0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90000b97b90 R08: ffffffff83e894a8 R09: fffff52001940000
R10: fffffbfff23bc68d R11: 1ffffffff23bc68c R12: dffffc0000000000
R13: 00000000ffff9f00 R14: 1ffff9210193fffa R15: ffff8880717b71f0
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff5210193fffa CR3: 00000000277fc000 CR4: 00000000003506f0
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Code disassembly (best guess):
0: a8 00 test $0x0,%al
2: 00 00 add %al,(%rax)
4: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1)
9: 74 0a je 0x15
b: 48 8b 7c 24 70 mov 0x70(%rsp),%rdi
10: e8 d4 1c f6 fd callq 0xfdf61ce9
15: 89 db mov %ebx,%ebx
17: 48 c1 e3 03 shl $0x3,%rbx
1b: 48 03 9c 24 40 03 00 add 0x340(%rsp),%rbx
22: 00
23: 49 89 de mov %rbx,%r14
26: 49 c1 ee 03 shr $0x3,%r14
* 2a: 43 80 3c 26 00 cmpb $0x0,(%r14,%r12,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 df mov %rbx,%rdi
34: e8 b0 1c f6 fd callq 0xfdf61ce9
39: 48 83 3b 00 cmpq $0x0,(%rbx)
3d: 0f .byte 0xf
3e: 84 .byte 0x84
3f: bd .byte 0xbd
Tested on:
commit: b7b275e6 Linux 6.1-rc7
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=15bd42a7880000
kernel config: https://syzkaller.appspot.com/x/.config?x=2325e409a9a893e1
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11028fed880000
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
Gao Xiang
Apr 10, 2023, 5:03:09āÆAM4/10/23
to syzbot, linux...@lists.ozlabs.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, xi...@kernel.org
On 2022/11/29 16:43, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: b7b275e60bcd Linux 6.1-rc7
> git tree: upstream
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=16a70187880000
> kernel config: https://syzkaller.appspot.com/x/.config?x=2325e409a9a893e1
> dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15dde8a1880000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15685e8d880000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/525233126d34/disk-b7b275e6.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/e8299bf41400/vmlinux-b7b275e6.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/eebf691dbf6f/bzImage-b7b275e6.xz
> mounted in repro: https://storage.googleapis.com/syzbot-assets/d643567f551d/mount_0.gz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+aafb3f...@syzkaller.appspotmail.com
syzbot
Apr 10, 2023, 5:26:24āÆAM4/10/23
to hsia...@linux.alibaba.com, linux...@lists.ozlabs.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, xi...@kernel.org
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in z_erofs_decompress_queue
BUG: unable to handle page fault for address: fffff52101a3fff9
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in z_erofs_decompress_queue
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffed067 P4D 23ffed067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4398 Comm: kworker/u5:1 Not tainted 6.3.0-rc6-syzkaller-g09a9639e56c0 #0
#PF: error_code(0x0000) - not-present page
PGD 23ffed067 P4D 23ffed067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: erofs_worker z_erofs_decompressqueue_work
RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40
Code: 0a 48 8b 7c 24 68 e8 51 fe 00 fe 89 db 48 c1 e3 03 48 03 9c 24 20 03 00 00 49 89 de 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 06 00 74 08 48 89 df e8 23 fe 00 fe 48 83 3b 00 0f 84 a1
RSP: 0018:ffffc90006a5f7c0 EFLAGS: 00010a06
RAX: dffffc0000000000 RBX: ffffc9080d1fffc8 RCX: 1ffff92000d4bf5c
RDX: ffff88802b800000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90006a5fbb0 R08: ffffffff83ddecfa R09: fffff52001a40000
R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000ffff8f00
R13: ffff888073fad0b8 R14: 1ffff92101a3fff9 R15: ffffea0001b54b40
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff52101a3fff9 CR3: 000000002b4b9000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
z_erofs_decompressqueue_work+0x99/0xe0
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work+0x8f6/0x1170
worker_thread+0xa63/0x1210
kthread+0x270/0x300
ret_from_fork+0x1f/0x30
</TASK>
Modules linked in:
CR2: fffff52101a3fff9
---[ end trace 0000000000000000 ]---
RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40
Code: 0a 48 8b 7c 24 68 e8 51 fe 00 fe 89 db 48 c1 e3 03 48 03 9c 24 20 03 00 00 49 89 de 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 06 00 74 08 48 89 df e8 23 fe 00 fe 48 83 3b 00 0f 84 a1
RSP: 0018:ffffc90006a5f7c0 EFLAGS: 00010a06
RAX: dffffc0000000000 RBX: ffffc9080d1fffc8 RCX: 1ffff92000d4bf5c
RDX: ffff88802b800000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90006a5fbb0 R08: ffffffff83ddecfa R09: fffff52001a40000
R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000ffff8f00
R13: ffff888073fad0b8 R14: 1ffff92101a3fff9 R15: ffffea0001b54b40
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff52101a3fff9 CR3: 000000002b4b9000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Code disassembly (best guess), 1 bytes skipped:
0: 48 8b 7c 24 68 mov 0x68(%rsp),%rdi
5: e8 51 fe 00 fe callq 0xfe00fe5b
a: 89 db mov %ebx,%ebx
c: 48 c1 e3 03 shl $0x3,%rbx
10: 48 03 9c 24 20 03 00 add 0x320(%rsp),%rbx
17: 00
18: 49 89 de mov %rbx,%r14
1b: 49 c1 ee 03 shr $0x3,%r14
1f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
26: fc ff df
* 29: 41 80 3c 06 00 cmpb $0x0,(%r14,%rax,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 23 fe 00 fe callq 0xfe00fe5b
38: 48 83 3b 00 cmpq $0x0,(%rbx)
3c: 0f .byte 0xf
3d: 84 .byte 0x84
3e: a1 .byte 0xa1
Tested on:
commit: 09a9639e Linux 6.3-rc6
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ v6.3-rc6
console output: https://syzkaller.appspot.com/x/log.txt?x=1125d353c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=174dd96f08254844
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
Gao Xiang
Apr 11, 2023, 3:43:19āÆAM4/11/23
to syzbot, linux...@lists.ozlabs.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, xi...@kernel.org
On 2023/4/10 17:26, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
syzbot
Apr 11, 2023, 3:45:17āÆAM4/11/23
to hsia...@linux.alibaba.com, linux...@lists.ozlabs.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, xi...@kernel.org
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git//dev-next: failed to run ["git" "fetch" "--force" "2dd127424840ba106193cac6a90d288b6cc7557c" "dev-next"]: exit status 128
fatal: couldn't find remote ref dev-next
Tested on:
commit: [unknown
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git/ dev-next
syzbot tried to test the proposed patch but the build/boot failed:
failed to checkout kernel repo https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git//dev-next: failed to run ["git" "fetch" "--force" "2dd127424840ba106193cac6a90d288b6cc7557c" "dev-next"]: exit status 128
fatal: couldn't find remote ref dev-next
Tested on:
commit: [unknown
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git/ dev-next
Gao Xiang
Apr 11, 2023, 3:45:18āÆAM4/11/23
to syzbot, linux...@lists.ozlabs.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, xi...@kernel.org
On 2023/4/10 17:26, syzbot wrote:
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> BUG: unable to handle kernel paging request in z_erofs_decompress_queue
#syz test: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git/ dev-test
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> BUG: unable to handle kernel paging request in z_erofs_decompress_queue
syzbot
Apr 11, 2023, 4:13:24āÆAM4/11/23
to hsia...@linux.alibaba.com, linux...@lists.ozlabs.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, xi...@kernel.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+aafb3f...@syzkaller.appspotmail.com
Tested on:
commit: 349ea8a3 erofs: enable long extended attribute name pr..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git/ dev-test
console output: https://syzkaller.appspot.com/x/log.txt?x=113f800fc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=a7094f4ecb462be3
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+aafb3f...@syzkaller.appspotmail.com
Tested on:
commit: 349ea8a3 erofs: enable long extended attribute name pr..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs.git/ dev-test
console output: https://syzkaller.appspot.com/x/log.txt?x=113f800fc80000
kernel config: https://syzkaller.appspot.com/x/.config?x=a7094f4ecb462be3
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages