[v6.1] INFO: trying to register non-static key in ocfs2_dlm_shutdown
3 views
Skip to first unread message
syzbot
Oct 11, 2024, 9:18:27 PM10/11/24
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: aa4cd140bba5 Linux 6.1.112
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10807840580000
kernel config: https://syzkaller.appspot.com/x/.config?x=33931c04473f8585
dashboard link: https://syzkaller.appspot.com/bug?extid=cf10996a1bb1b4cbfa63
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2a9778339706/disk-aa4cd140.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b568a6da8a9b/vmlinux-aa4cd140.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3c56af7eb2c4/bzImage-aa4cd140.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf1099...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 PID: 3958 Comm: syz-executor Not tainted 6.1.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
assign_lock_key+0x230/0x260 kernel/locking/lockdep.c:974
register_lock_class+0x28a/0x990 kernel/locking/lockdep.c:1287
__lock_acquire+0xd3/0x1f80 kernel/locking/lockdep.c:4928
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
ocfs2_mark_lockres_freeing+0x15a/0x690 fs/ocfs2/dlmglue.c:3514
ocfs2_simple_drop_lockres fs/ocfs2/dlmglue.c:3570 [inline]
ocfs2_drop_osb_locks fs/ocfs2/dlmglue.c:3578 [inline]
ocfs2_dlm_shutdown+0x36/0x230 fs/ocfs2/dlmglue.c:3388
ocfs2_dismount_volume+0x490/0x960 fs/ocfs2/super.c:1920
generic_shutdown_super+0x130/0x340 fs/super.c:501
kill_block_super+0x7a/0xe0 fs/super.c:1470
deactivate_locked_super+0xa0/0x110 fs/super.c:332
cleanup_mnt+0x490/0x520 fs/namespace.c:1186
task_work_run+0x246/0x300 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5fe497f327
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd46004778 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f5fe49f0134 RCX: 00007f5fe497f327
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd46004830
RBP: 00007ffd46004830 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd460058b0
R13: 00007f5fe49f0134 R14: 000000000001928d R15: 00007ffd460058f0
</TASK>
ocfs2: Unmounting device (7,2) on (node local)
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 PID: 3958 Comm: syz-executor Not tainted 6.1.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
RIP: 0010:ocfs2_evict_inode+0x32e1/0x4c30 fs/ocfs2/inode.c:1220
Code: 24 98 00 00 00 74 08 4c 89 f7 e8 da 16 80 fe 48 b9 00 00 00 00 00 fc ff df 48 01 cb 4d 8b 36 49 83 c6 08 4c 89 f0 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 f7 e8 b1 16 80 fe 49 8b 3e 48 8b 34 24 48
RSP: 0018:ffffc90003cbf300 EFLAGS: 00010202
RAX: 0000000000000001 RBX: fffff52000797e74 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003cbfa50 R08: ffffffff836219fe R09: ffffed100b01f617
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880580fb220
R13: 1ffff1100b01f644 R14: 0000000000000008 R15: ffff8880580faac0
FS: 000055558c135500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f821d5052d8 CR3: 00000000672a4000 CR4: 00000000003506e0
Call Trace:
<TASK>
evict+0x529/0x930 fs/inode.c:701
__ocfs2_free_slot_info fs/ocfs2/slot_map.c:307 [inline]
ocfs2_free_slot_info+0x90/0x260 fs/ocfs2/slot_map.c:443
ocfs2_delete_osb+0x58/0x180 fs/ocfs2/super.c:2499
ocfs2_dismount_volume+0x59d/0x960 fs/ocfs2/super.c:1938
generic_shutdown_super+0x130/0x340 fs/super.c:501
kill_block_super+0x7a/0xe0 fs/super.c:1470
deactivate_locked_super+0xa0/0x110 fs/super.c:332
cleanup_mnt+0x490/0x520 fs/namespace.c:1186
task_work_run+0x246/0x300 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5fe497f327
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd46004778 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f5fe49f0134 RCX: 00007f5fe497f327
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd46004830
RBP: 00007ffd46004830 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd460058b0
R13: 00007f5fe49f0134 R14: 000000000001928d R15: 00007ffd460058f0
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
RIP: 0010:ocfs2_evict_inode+0x32e1/0x4c30 fs/ocfs2/inode.c:1220
Code: 24 98 00 00 00 74 08 4c 89 f7 e8 da 16 80 fe 48 b9 00 00 00 00 00 fc ff df 48 01 cb 4d 8b 36 49 83 c6 08 4c 89 f0 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 f7 e8 b1 16 80 fe 49 8b 3e 48 8b 34 24 48
RSP: 0018:ffffc90003cbf300 EFLAGS: 00010202
RAX: 0000000000000001 RBX: fffff52000797e74 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003cbfa50 R08: ffffffff836219fe R09: ffffed100b01f617
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880580fb220
R13: 1ffff1100b01f644 R14: 0000000000000008 R15: ffff8880580faac0
FS: 000055558c135500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f821d5052d8 CR3: 00000000672a4000 CR4: 00000000003506e0
----------------
Code disassembly (best guess):
0: 24 98 and $0x98,%al
2: 00 00 add %al,(%rax)
4: 00 74 08 4c add %dh,0x4c(%rax,%rcx,1)
8: 89 f7 mov %esi,%edi
a: e8 da 16 80 fe call 0xfe8016e9
f: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx
16: fc ff df
19: 48 01 cb add %rcx,%rbx
1c: 4d 8b 36 mov (%r14),%r14
1f: 49 83 c6 08 add $0x8,%r14
23: 4c 89 f0 mov %r14,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 4c 89 f7 mov %r14,%rdi
33: e8 b1 16 80 fe call 0xfe8016e9
38: 49 8b 3e mov (%r14),%rdi
3b: 48 8b 34 24 mov (%rsp),%rsi
3f: 48 rex.W
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: aa4cd140bba5 Linux 6.1.112
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10807840580000
kernel config: https://syzkaller.appspot.com/x/.config?x=33931c04473f8585
dashboard link: https://syzkaller.appspot.com/bug?extid=cf10996a1bb1b4cbfa63
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2a9778339706/disk-aa4cd140.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/b568a6da8a9b/vmlinux-aa4cd140.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3c56af7eb2c4/bzImage-aa4cd140.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf1099...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 1 PID: 3958 Comm: syz-executor Not tainted 6.1.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106
assign_lock_key+0x230/0x260 kernel/locking/lockdep.c:974
register_lock_class+0x28a/0x990 kernel/locking/lockdep.c:1287
__lock_acquire+0xd3/0x1f80 kernel/locking/lockdep.c:4928
lock_acquire+0x1f8/0x5a0 kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
ocfs2_mark_lockres_freeing+0x15a/0x690 fs/ocfs2/dlmglue.c:3514
ocfs2_simple_drop_lockres fs/ocfs2/dlmglue.c:3570 [inline]
ocfs2_drop_osb_locks fs/ocfs2/dlmglue.c:3578 [inline]
ocfs2_dlm_shutdown+0x36/0x230 fs/ocfs2/dlmglue.c:3388
ocfs2_dismount_volume+0x490/0x960 fs/ocfs2/super.c:1920
generic_shutdown_super+0x130/0x340 fs/super.c:501
kill_block_super+0x7a/0xe0 fs/super.c:1470
deactivate_locked_super+0xa0/0x110 fs/super.c:332
cleanup_mnt+0x490/0x520 fs/namespace.c:1186
task_work_run+0x246/0x300 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5fe497f327
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd46004778 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f5fe49f0134 RCX: 00007f5fe497f327
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd46004830
RBP: 00007ffd46004830 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd460058b0
R13: 00007f5fe49f0134 R14: 000000000001928d R15: 00007ffd460058f0
</TASK>
ocfs2: Unmounting device (7,2) on (node local)
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 PID: 3958 Comm: syz-executor Not tainted 6.1.112-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
RIP: 0010:ocfs2_evict_inode+0x32e1/0x4c30 fs/ocfs2/inode.c:1220
Code: 24 98 00 00 00 74 08 4c 89 f7 e8 da 16 80 fe 48 b9 00 00 00 00 00 fc ff df 48 01 cb 4d 8b 36 49 83 c6 08 4c 89 f0 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 f7 e8 b1 16 80 fe 49 8b 3e 48 8b 34 24 48
RSP: 0018:ffffc90003cbf300 EFLAGS: 00010202
RAX: 0000000000000001 RBX: fffff52000797e74 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003cbfa50 R08: ffffffff836219fe R09: ffffed100b01f617
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880580fb220
R13: 1ffff1100b01f644 R14: 0000000000000008 R15: ffff8880580faac0
FS: 000055558c135500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f821d5052d8 CR3: 00000000672a4000 CR4: 00000000003506e0
Call Trace:
<TASK>
evict+0x529/0x930 fs/inode.c:701
__ocfs2_free_slot_info fs/ocfs2/slot_map.c:307 [inline]
ocfs2_free_slot_info+0x90/0x260 fs/ocfs2/slot_map.c:443
ocfs2_delete_osb+0x58/0x180 fs/ocfs2/super.c:2499
ocfs2_dismount_volume+0x59d/0x960 fs/ocfs2/super.c:1938
generic_shutdown_super+0x130/0x340 fs/super.c:501
kill_block_super+0x7a/0xe0 fs/super.c:1470
deactivate_locked_super+0xa0/0x110 fs/super.c:332
cleanup_mnt+0x490/0x520 fs/namespace.c:1186
task_work_run+0x246/0x300 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xde/0x100 kernel/entry/common.c:177
exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:210
__syscall_exit_to_user_mode_work kernel/entry/common.c:292 [inline]
syscall_exit_to_user_mode+0x60/0x270 kernel/entry/common.c:303
do_syscall_64+0x47/0xb0 arch/x86/entry/common.c:87
entry_SYSCALL_64_after_hwframe+0x68/0xd2
RIP: 0033:0x7f5fe497f327
Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffd46004778 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f5fe49f0134 RCX: 00007f5fe497f327
RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd46004830
RBP: 00007ffd46004830 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd460058b0
R13: 00007f5fe49f0134 R14: 000000000001928d R15: 00007ffd460058f0
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
RIP: 0010:ocfs2_evict_inode+0x32e1/0x4c30 fs/ocfs2/inode.c:1220
Code: 24 98 00 00 00 74 08 4c 89 f7 e8 da 16 80 fe 48 b9 00 00 00 00 00 fc ff df 48 01 cb 4d 8b 36 49 83 c6 08 4c 89 f0 48 c1 e8 03 <80> 3c 08 00 74 08 4c 89 f7 e8 b1 16 80 fe 49 8b 3e 48 8b 34 24 48
RSP: 0018:ffffc90003cbf300 EFLAGS: 00010202
RAX: 0000000000000001 RBX: fffff52000797e74 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90003cbfa50 R08: ffffffff836219fe R09: ffffed100b01f617
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880580fb220
R13: 1ffff1100b01f644 R14: 0000000000000008 R15: ffff8880580faac0
FS: 000055558c135500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f821d5052d8 CR3: 00000000672a4000 CR4: 00000000003506e0
----------------
Code disassembly (best guess):
0: 24 98 and $0x98,%al
2: 00 00 add %al,(%rax)
4: 00 74 08 4c add %dh,0x4c(%rax,%rcx,1)
8: 89 f7 mov %esi,%edi
a: e8 da 16 80 fe call 0xfe8016e9
f: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx
16: fc ff df
19: 48 01 cb add %rcx,%rbx
1c: 4d 8b 36 mov (%r14),%r14
1f: 49 83 c6 08 add $0x8,%r14
23: 4c 89 f0 mov %r14,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 4c 89 f7 mov %r14,%rdi
33: e8 b1 16 80 fe call 0xfe8016e9
38: 49 8b 3e mov (%r14),%rdi
3b: 48 8b 34 24 mov (%rsp),%rsi
3f: 48 rex.W
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jan 6, 2025, 1:20:31 AM1/6/25
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 7dc732d24ff7 Linux 6.1.123
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13381edf980000
kernel config: https://syzkaller.appspot.com/x/.config?x=da1827eaa51b65c3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e944b0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12663418580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b77a36eba7b4/disk-7dc732d2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f5334562da28/vmlinux-7dc732d2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f0a16f9a500c/Image-7dc732d2.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7b9e62376dc1/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf1099...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 4295 Comm: syz-executor544 Not tainted 6.1.123-syzkaller #0
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
assign_lock_key+0x274/0x2a8 kernel/locking/lockdep.c:974
register_lock_class+0x148/0x6a8 kernel/locking/lockdep.c:1287
__lock_acquire+0x184/0x7680 kernel/locking/lockdep.c:4928
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
ocfs2_mark_lockres_freeing+0x164/0x788 fs/ocfs2/dlmglue.c:3515
ocfs2_simple_drop_lockres fs/ocfs2/dlmglue.c:3571 [inline]
ocfs2_drop_osb_locks fs/ocfs2/dlmglue.c:3579 [inline]
ocfs2_dlm_shutdown+0x44/0x230 fs/ocfs2/dlmglue.c:3389
ocfs2_dismount_volume+0x404/0x99c fs/ocfs2/super.c:1920
ocfs2_put_super+0x110/0x3e8 fs/ocfs2/super.c:1609
generic_shutdown_super+0x130/0x328 fs/super.c:501
kill_block_super+0x70/0xdc fs/super.c:1470
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2080/0x2cb8 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
ocfs2: Unmounting device (7,4) on (node local)
Unable to handle kernel paging request at virtual address dfff800000000001
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000001] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4295 Comm: syz-executor544 Not tainted 6.1.123-syzkaller #0
pc : ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
pc : ocfs2_evict_inode+0xd7c/0x497c fs/ocfs2/inode.c:1220
lr : ocfs2_clear_inode fs/ocfs2/inode.c:1199 [inline]
lr : ocfs2_evict_inode+0xd08/0x497c fs/ocfs2/inode.c:1220
sp : ffff800021136de0
x29: ffff800021137500 x28: ffff700004226dd0 x27: 1fffe0001c3f866c
x26: ffff0000e1fc3360 x25: 1fffe0001c3f8670 x24: ffff800021136e80
x23: ffff0000e1fc2ac0 x22: ffff0000d9d1c000 x21: dfff800000000000
x20: ffff0000d9d1c290 x19: 0000000000000008 x18: 1fffe0003679bf76
x17: ffff800015a8d000 x16: ffff80001232d384 x15: ffff800008ad8710
x14: ffff800008a4c04c x13: ffff800008a4bee4 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff0000e1fc3338
x8 : 0000000000000001 x7 : 0000000000000000 x6 : ffff800009f6ae00
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082f9d58
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
ocfs2_evict_inode+0xd7c/0x497c fs/ocfs2/inode.c:1220
evict+0x418/0x894 fs/inode.c:705
iput_final fs/inode.c:1834 [inline]
iput+0x7c0/0x8a4 fs/inode.c:1860
__ocfs2_free_slot_info fs/ocfs2/slot_map.c:307 [inline]
ocfs2_free_slot_info+0x80/0x20c fs/ocfs2/slot_map.c:443
ocfs2_delete_osb+0x64/0x150 fs/ocfs2/super.c:2504
ocfs2_dismount_volume+0x4e0/0x99c fs/ocfs2/super.c:1938
ocfs2_put_super+0x110/0x3e8 fs/ocfs2/super.c:1609
generic_shutdown_super+0x130/0x328 fs/super.c:501
kill_block_super+0x70/0xdc fs/super.c:1470
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2080/0x2cb8 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 97a82975 f9400288 91002113 d343fe68 (38756908)
4: f9400288 ldr x8, [x20]
8: 91002113 add x19, x8, #0x8
c: d343fe68 lsr x8, x19, #3
* 10: 38756908 ldrb w8, [x8, x21] <-- trapping instruction
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 7dc732d24ff7 Linux 6.1.123
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13381edf980000
kernel config: https://syzkaller.appspot.com/x/.config?x=da1827eaa51b65c3
dashboard link: https://syzkaller.appspot.com/bug?extid=cf10996a1bb1b4cbfa63
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16e944b0580000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12663418580000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b77a36eba7b4/disk-7dc732d2.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/f5334562da28/vmlinux-7dc732d2.xz
kernel image: https://storage.googleapis.com/syzbot-assets/f0a16f9a500c/Image-7dc732d2.gz.xz
mounted in repro: https://storage.googleapis.com/syzbot-assets/7b9e62376dc1/mount_2.gz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf1099...@syzkaller.appspotmail.com
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call trace:
dump_backtrace+0x1c8/0x1f4 arch/arm64/kernel/stacktrace.c:158
show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:165
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x108/0x170 lib/dump_stack.c:106
dump_stack+0x1c/0x58 lib/dump_stack.c:113
assign_lock_key+0x274/0x2a8 kernel/locking/lockdep.c:974
register_lock_class+0x148/0x6a8 kernel/locking/lockdep.c:1287
__lock_acquire+0x184/0x7680 kernel/locking/lockdep.c:4928
lock_acquire+0x26c/0x7cc kernel/locking/lockdep.c:5662
__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
_raw_spin_lock_irqsave+0x6c/0xb4 kernel/locking/spinlock.c:162
ocfs2_mark_lockres_freeing+0x164/0x788 fs/ocfs2/dlmglue.c:3515
ocfs2_simple_drop_lockres fs/ocfs2/dlmglue.c:3571 [inline]
ocfs2_drop_osb_locks fs/ocfs2/dlmglue.c:3579 [inline]
ocfs2_dlm_shutdown+0x44/0x230 fs/ocfs2/dlmglue.c:3389
ocfs2_dismount_volume+0x404/0x99c fs/ocfs2/super.c:1920
ocfs2_put_super+0x110/0x3e8 fs/ocfs2/super.c:1609
generic_shutdown_super+0x130/0x328 fs/super.c:501
kill_block_super+0x70/0xdc fs/super.c:1470
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2080/0x2cb8 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
ocfs2: Unmounting device (7,4) on (node local)
Unable to handle kernel paging request at virtual address dfff800000000001
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
Mem abort info:
ESR = 0x0000000096000006
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x06: level 2 translation fault
Data abort info:
ISV = 0, ISS = 0x00000006
CM = 0, WnR = 0
[dfff800000000001] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4295 Comm: syz-executor544 Not tainted 6.1.123-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
pc : ocfs2_evict_inode+0xd7c/0x497c fs/ocfs2/inode.c:1220
lr : ocfs2_clear_inode fs/ocfs2/inode.c:1199 [inline]
lr : ocfs2_evict_inode+0xd08/0x497c fs/ocfs2/inode.c:1220
sp : ffff800021136de0
x29: ffff800021137500 x28: ffff700004226dd0 x27: 1fffe0001c3f866c
x26: ffff0000e1fc3360 x25: 1fffe0001c3f8670 x24: ffff800021136e80
x23: ffff0000e1fc2ac0 x22: ffff0000d9d1c000 x21: dfff800000000000
x20: ffff0000d9d1c290 x19: 0000000000000008 x18: 1fffe0003679bf76
x17: ffff800015a8d000 x16: ffff80001232d384 x15: ffff800008ad8710
x14: ffff800008a4c04c x13: ffff800008a4bee4 x12: 0000000000000001
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff0000e1fc3338
x8 : 0000000000000001 x7 : 0000000000000000 x6 : ffff800009f6ae00
x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000082f9d58
x2 : 0000000000000001 x1 : 0000000000000000 x0 : 0000000000000000
Call trace:
ocfs2_clear_inode fs/ocfs2/inode.c:1208 [inline]
ocfs2_evict_inode+0xd7c/0x497c fs/ocfs2/inode.c:1220
evict+0x418/0x894 fs/inode.c:705
iput_final fs/inode.c:1834 [inline]
iput+0x7c0/0x8a4 fs/inode.c:1860
__ocfs2_free_slot_info fs/ocfs2/slot_map.c:307 [inline]
ocfs2_free_slot_info+0x80/0x20c fs/ocfs2/slot_map.c:443
ocfs2_delete_osb+0x64/0x150 fs/ocfs2/super.c:2504
ocfs2_dismount_volume+0x4e0/0x99c fs/ocfs2/super.c:1938
ocfs2_put_super+0x110/0x3e8 fs/ocfs2/super.c:1609
generic_shutdown_super+0x130/0x328 fs/super.c:501
kill_block_super+0x70/0xdc fs/super.c:1470
deactivate_locked_super+0xac/0x124 fs/super.c:332
deactivate_super+0xf0/0x110 fs/super.c:363
cleanup_mnt+0x394/0x41c fs/namespace.c:1186
__cleanup_mnt+0x20/0x30 fs/namespace.c:1193
task_work_run+0x240/0x2f0 kernel/task_work.c:203
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
do_notify_resume+0x2080/0x2cb8 arch/arm64/kernel/signal.c:1132
prepare_exit_to_user_mode arch/arm64/kernel/entry-common.c:137 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:142 [inline]
el0_svc+0x9c/0x168 arch/arm64/kernel/entry-common.c:638
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 97a82975 f9400288 91002113 d343fe68 (38756908)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 97a82975 bl 0xfffffffffea0a5d4
Code disassembly (best guess):
4: f9400288 ldr x8, [x20]
8: 91002113 add x19, x8, #0x8
c: d343fe68 lsr x8, x19, #3
* 10: 38756908 ldrb w8, [x8, x21] <-- trapping instruction
---
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages