[v5.15] BUG: unable to handle kernel paging request in bio_associate_blkg_from_css
0 views
Skip to first unread message
syzbot
Mar 13, 2023, 9:08:42 PM3/13/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2ddbd0f967b3 Linux 5.15.102
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14044b88c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=d6af46e4bd7d6a2f
dashboard link: https://syzkaller.appspot.com/bug?extid=fb4a7a9674b6e09b8d41
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f85a34c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13089bccc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d46a989959b6/disk-2ddbd0f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4d06a9b2ddaf/vmlinux-2ddbd0f9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0921009430c0/Image-2ddbd0f9.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/35a07f2bb76f/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fb4a7a...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address dfff8000000000bd
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff8000000000bd] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4052 Comm: syz-executor293 Not tainted 5.15.102-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bio_associate_blkg_from_css+0xfc/0x870 block/blk-cgroup.c:1854
lr : bio_associate_blkg_from_css+0xd8/0x870 block/blk-cgroup.c:1851
sp : ffff80001c847420
x29: ffff80001c847460 x28: dfff800000000000 x27: 1fffe000182428f2
x26: 1fffe000182428f9 x25: 0000000000000000 x24: ffff0000c12147c8
x23: ffff800018658090 x22: ffff800014bba580 x21: 00000000000005e8
x20: ffff0000c1214788 x19: 1fffe000182428f1 x18: ffff80001c846c20
x17: ff80800008b5952c x16: ffff8000082ed0d4 x15: ffff800008a1303c
x14: 1ffff0000293806a x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000a8c2eb4 x10: 0000000000000000 x9 : ffff80000a8c2eb4
x8 : 00000000000000bd x7 : ffff80000a8c3d50 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : ffff800018657f80 x0 : ffff0000c1214780
Call trace:
bio_associate_blkg_from_css+0xfc/0x870 block/blk-cgroup.c:1854
bio_associate_blkg+0x218/0x340 block/blk-cgroup.c:1880
lbmStartIO+0x1b0/0x430 fs/jfs/jfs_logmgr.c:2130
lbmWrite+0x320/0x404 fs/jfs/jfs_logmgr.c:2079
lmNextPage+0x2f0/0x860
lmWriteRecord+0xb84/0xfb0 fs/jfs/jfs_logmgr.c:537
lmLogSync+0x41c/0x98c fs/jfs/jfs_logmgr.c:977
jfs_syncpt+0x74/0x98 fs/jfs/jfs_logmgr.c:1049
jfs_sync_fs+0x8c/0xac fs/jfs/super.c:690
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x29c fs/super.c:448
kill_block_super+0x70/0xdc fs/super.c:1396
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:597
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
Code: 97803c23 f9400288 9117a115 d343fea8 (387c6908)
---[ end trace 41ee242656d7e303 ]---
----------------
Code disassembly (best guess):
0: 97803c23 bl 0xfffffffffe00f08c
4: f9400288 ldr x8, [x20]
8: 9117a115 add x21, x8, #0x5e8
c: d343fea8 lsr x8, x21, #3
* 10: 387c6908 ldrb w8, [x8, x28] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 2ddbd0f967b3 Linux 5.15.102
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14044b88c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=d6af46e4bd7d6a2f
dashboard link: https://syzkaller.appspot.com/bug?extid=fb4a7a9674b6e09b8d41
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f85a34c80000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13089bccc80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/d46a989959b6/disk-2ddbd0f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4d06a9b2ddaf/vmlinux-2ddbd0f9.xz
kernel image: https://storage.googleapis.com/syzbot-assets/0921009430c0/Image-2ddbd0f9.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/35a07f2bb76f/mount_0.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+fb4a7a...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address dfff8000000000bd
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff8000000000bd] address between user and kernel address ranges
Internal error: Oops: 96000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4052 Comm: syz-executor293 Not tainted 5.15.102-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : bio_associate_blkg_from_css+0xfc/0x870 block/blk-cgroup.c:1854
lr : bio_associate_blkg_from_css+0xd8/0x870 block/blk-cgroup.c:1851
sp : ffff80001c847420
x29: ffff80001c847460 x28: dfff800000000000 x27: 1fffe000182428f2
x26: 1fffe000182428f9 x25: 0000000000000000 x24: ffff0000c12147c8
x23: ffff800018658090 x22: ffff800014bba580 x21: 00000000000005e8
x20: ffff0000c1214788 x19: 1fffe000182428f1 x18: ffff80001c846c20
x17: ff80800008b5952c x16: ffff8000082ed0d4 x15: ffff800008a1303c
x14: 1ffff0000293806a x13: ffffffffffffffff x12: 0000000000000000
x11: ff8080000a8c2eb4 x10: 0000000000000000 x9 : ffff80000a8c2eb4
x8 : 00000000000000bd x7 : ffff80000a8c3d50 x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : ffff800018657f80 x0 : ffff0000c1214780
Call trace:
bio_associate_blkg_from_css+0xfc/0x870 block/blk-cgroup.c:1854
bio_associate_blkg+0x218/0x340 block/blk-cgroup.c:1880
lbmStartIO+0x1b0/0x430 fs/jfs/jfs_logmgr.c:2130
lbmWrite+0x320/0x404 fs/jfs/jfs_logmgr.c:2079
lmNextPage+0x2f0/0x860
lmWriteRecord+0xb84/0xfb0 fs/jfs/jfs_logmgr.c:537
lmLogSync+0x41c/0x98c fs/jfs/jfs_logmgr.c:977
jfs_syncpt+0x74/0x98 fs/jfs/jfs_logmgr.c:1049
jfs_sync_fs+0x8c/0xac fs/jfs/super.c:690
sync_filesystem+0xe8/0x218 fs/sync.c:56
generic_shutdown_super+0x70/0x29c fs/super.c:448
kill_block_super+0x70/0xdc fs/super.c:1396
deactivate_locked_super+0xb8/0x13c fs/super.c:335
deactivate_super+0x108/0x128 fs/super.c:366
cleanup_mnt+0x3c0/0x474 fs/namespace.c:1143
__cleanup_mnt+0x20/0x30 fs/namespace.c:1150
task_work_run+0x130/0x1e4 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
do_notify_resume+0x262c/0x32b8 arch/arm64/kernel/signal.c:946
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:133 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:138 [inline]
el0_svc+0xfc/0x1f0 arch/arm64/kernel/entry-common.c:597
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:614
el0t_64_sync+0x1a0/0x1a4 <unknown>:584
Code: 97803c23 f9400288 9117a115 d343fea8 (387c6908)
---[ end trace 41ee242656d7e303 ]---
----------------
Code disassembly (best guess):
0: 97803c23 bl 0xfffffffffe00f08c
4: f9400288 ldr x8, [x20]
8: 9117a115 add x21, x8, #0x5e8
c: d343fea8 lsr x8, x21, #3
* 10: 387c6908 ldrb w8, [x8, x28] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages