BUG: unable to handle kernel paging request in locks_delete_global_blocked
4 views
Skip to first unread message
syzbot
Sep 9, 2021, 1:53:28 PM9/9/21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 49624efa65ac Merge tag 'denywrite-for-5.15' of git://githu..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17b8fbbd300000
kernel config: https://syzkaller.appspot.com/x/.config?x=faed7df0f442c217
dashboard link: https://syzkaller.appspot.com/bug?extid=3b6a2efca0a7fa3404d6
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
CC: [bfi...@fieldses.org jla...@kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3b6a2e...@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: ffffffffffffffe8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD b68f067 P4D b68f067 PUD b691067 PMD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5303 Comm: systemd-udevd Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:hlist_unhashed include/linux/list.h:808 [inline]
RIP: 0010:hlist_del_init include/linux/list.h:865 [inline]
RIP: 0010:hash_del include/linux/hashtable.h:107 [inline]
RIP: 0010:locks_delete_global_blocked+0x75/0x190 fs/locks.c:716
Code: 0f 85 c5 00 00 00 e8 ba ef 8d ff 48 8d 7b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e7 00 00 00 <48> 8b 6b 20 48 85 ed 0f 84 8b 00 00 00 e8 89 ef 8d ff 48 8d 7b 18
RSP: 0018:ffffc900017ffa40 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffffffffffc8 RCX: 0000000000000000
RDX: 1ffffffffffffffd RSI: ffffffff81e83186 RDI: ffffffffffffffe8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
R10: ffffffff81e83179 R11: 0000000000000000 R12: ffffffffffffffc8
R13: ffff888000137d20 R14: 1ffff11000026fa9 R15: 0000000000000008
FS: 00007f15b24c78c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffe8 CR3: 00000000155bd000 CR4: 0000000000350ef0
Call Trace:
__locks_delete_block fs/locks.c:726 [inline]
__locks_wake_up_blocks+0xd2/0x2c0 fs/locks.c:737
locks_wake_up_blocks fs/locks.c:873 [inline]
locks_wake_up_blocks fs/locks.c:860 [inline]
locks_unlink_lock_ctx fs/locks.c:889 [inline]
locks_delete_lock_ctx+0x14f/0x310 fs/locks.c:895
flock_lock_inode+0x851/0x1110 fs/locks.c:1092
locks_remove_flock+0x2b6/0x300 fs/locks.c:2637
locks_remove_file+0xd3/0x570 fs/locks.c:2679
__fput+0x1bb/0x9f0 fs/file_table.c:272
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:209
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f15b160d270
Code: 73 01 c3 48 8b 0d 38 7d 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 59 c1 20 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ee fb ff ff 48 89 04 24
RSP: 002b:00007ffea604ac08 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f15b160d270
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f15b24c7710 R08: 000055c6bc9d26e0 R09: 000055c6bc9d2400
R10: 00007f15b24c78c0 R11: 0000000000000246 R12: 0000000000000000
R13: 000055c6bc9d29c0 R14: 0000000000000003 R15: 000000000000000e
Modules linked in:
CR2: ffffffffffffffe8
---[ end trace f419f42f7d812a8a ]---
RIP: 0010:hlist_unhashed include/linux/list.h:808 [inline]
RIP: 0010:hlist_del_init include/linux/list.h:865 [inline]
RIP: 0010:hash_del include/linux/hashtable.h:107 [inline]
RIP: 0010:locks_delete_global_blocked+0x75/0x190 fs/locks.c:716
Code: 0f 85 c5 00 00 00 e8 ba ef 8d ff 48 8d 7b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e7 00 00 00 <48> 8b 6b 20 48 85 ed 0f 84 8b 00 00 00 e8 89 ef 8d ff 48 8d 7b 18
RSP: 0018:ffffc900017ffa40 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffffffffffc8 RCX: 0000000000000000
RDX: 1ffffffffffffffd RSI: ffffffff81e83186 RDI: ffffffffffffffe8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
R10: ffffffff81e83179 R11: 0000000000000000 R12: ffffffffffffffc8
R13: ffff888000137d20 R14: 1ffff11000026fa9 R15: 0000000000000008
FS: 00007f15b24c78c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffe8 CR3: 00000000155bd000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
0: 0f 85 c5 00 00 00 jne 0xcb
6: e8 ba ef 8d ff callq 0xff8defc5
b: 48 8d 7b 20 lea 0x20(%rbx),%rdi
f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
16: fc ff df
19: 48 89 fa mov %rdi,%rdx
1c: 48 c1 ea 03 shr $0x3,%rdx
20: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
24: 0f 85 e7 00 00 00 jne 0x111
* 2a: 48 8b 6b 20 mov 0x20(%rbx),%rbp <-- trapping instruction
2e: 48 85 ed test %rbp,%rbp
31: 0f 84 8b 00 00 00 je 0xc2
37: e8 89 ef 8d ff callq 0xff8defc5
3c: 48 8d 7b 18 lea 0x18(%rbx),%rdi
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 49624efa65ac Merge tag 'denywrite-for-5.15' of git://githu..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17b8fbbd300000
kernel config: https://syzkaller.appspot.com/x/.config?x=faed7df0f442c217
dashboard link: https://syzkaller.appspot.com/bug?extid=3b6a2efca0a7fa3404d6
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
CC: [bfi...@fieldses.org jla...@kernel.org linux-...@vger.kernel.org linux-...@vger.kernel.org vi...@zeniv.linux.org.uk]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3b6a2e...@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: ffffffffffffffe8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD b68f067 P4D b68f067 PUD b691067 PMD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 5303 Comm: systemd-udevd Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:hlist_unhashed include/linux/list.h:808 [inline]
RIP: 0010:hlist_del_init include/linux/list.h:865 [inline]
RIP: 0010:hash_del include/linux/hashtable.h:107 [inline]
RIP: 0010:locks_delete_global_blocked+0x75/0x190 fs/locks.c:716
Code: 0f 85 c5 00 00 00 e8 ba ef 8d ff 48 8d 7b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e7 00 00 00 <48> 8b 6b 20 48 85 ed 0f 84 8b 00 00 00 e8 89 ef 8d ff 48 8d 7b 18
RSP: 0018:ffffc900017ffa40 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffffffffffc8 RCX: 0000000000000000
RDX: 1ffffffffffffffd RSI: ffffffff81e83186 RDI: ffffffffffffffe8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
R10: ffffffff81e83179 R11: 0000000000000000 R12: ffffffffffffffc8
R13: ffff888000137d20 R14: 1ffff11000026fa9 R15: 0000000000000008
FS: 00007f15b24c78c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffe8 CR3: 00000000155bd000 CR4: 0000000000350ef0
Call Trace:
__locks_delete_block fs/locks.c:726 [inline]
__locks_wake_up_blocks+0xd2/0x2c0 fs/locks.c:737
locks_wake_up_blocks fs/locks.c:873 [inline]
locks_wake_up_blocks fs/locks.c:860 [inline]
locks_unlink_lock_ctx fs/locks.c:889 [inline]
locks_delete_lock_ctx+0x14f/0x310 fs/locks.c:895
flock_lock_inode+0x851/0x1110 fs/locks.c:1092
locks_remove_flock+0x2b6/0x300 fs/locks.c:2637
locks_remove_file+0xd3/0x570 fs/locks.c:2679
__fput+0x1bb/0x9f0 fs/file_table.c:272
task_work_run+0xdd/0x1a0 kernel/task_work.c:164
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:209
__syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302
do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f15b160d270
Code: 73 01 c3 48 8b 0d 38 7d 20 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d 59 c1 20 00 00 75 10 b8 03 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ee fb ff ff 48 89 04 24
RSP: 002b:00007ffea604ac08 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007f15b160d270
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
RBP: 00007f15b24c7710 R08: 000055c6bc9d26e0 R09: 000055c6bc9d2400
R10: 00007f15b24c78c0 R11: 0000000000000246 R12: 0000000000000000
R13: 000055c6bc9d29c0 R14: 0000000000000003 R15: 000000000000000e
Modules linked in:
CR2: ffffffffffffffe8
---[ end trace f419f42f7d812a8a ]---
RIP: 0010:hlist_unhashed include/linux/list.h:808 [inline]
RIP: 0010:hlist_del_init include/linux/list.h:865 [inline]
RIP: 0010:hash_del include/linux/hashtable.h:107 [inline]
RIP: 0010:locks_delete_global_blocked+0x75/0x190 fs/locks.c:716
Code: 0f 85 c5 00 00 00 e8 ba ef 8d ff 48 8d 7b 20 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e7 00 00 00 <48> 8b 6b 20 48 85 ed 0f 84 8b 00 00 00 e8 89 ef 8d ff 48 8d 7b 18
RSP: 0018:ffffc900017ffa40 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffffffffffffffc8 RCX: 0000000000000000
RDX: 1ffffffffffffffd RSI: ffffffff81e83186 RDI: ffffffffffffffe8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000003
R10: ffffffff81e83179 R11: 0000000000000000 R12: ffffffffffffffc8
R13: ffff888000137d20 R14: 1ffff11000026fa9 R15: 0000000000000008
FS: 00007f15b24c78c0(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffe8 CR3: 00000000155bd000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
0: 0f 85 c5 00 00 00 jne 0xcb
6: e8 ba ef 8d ff callq 0xff8defc5
b: 48 8d 7b 20 lea 0x20(%rbx),%rdi
f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
16: fc ff df
19: 48 89 fa mov %rdi,%rdx
1c: 48 c1 ea 03 shr $0x3,%rdx
20: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
24: 0f 85 e7 00 00 00 jne 0x111
* 2a: 48 8b 6b 20 mov 0x20(%rbx),%rbp <-- trapping instruction
2e: 48 85 ed test %rbp,%rbp
31: 0f 84 8b 00 00 00 je 0xc2
37: e8 89 ef 8d ff callq 0xff8defc5
3c: 48 8d 7b 18 lea 0x18(%rbx),%rdi
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 4, 2021, 12:48:15 PM12/4/21
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages