syzbot


general protection fault in bio_associate_blkg_from_css

Status: moderation: reported on 2025/01/15 09:18
Subsystems: block cgroups
[Documentation on labels]
Reported-by: syzbot+4e43e7b2f0a4aa58f0b1@syzkaller.appspotmail.com
First crash: 4d04h, last: 4d04h
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-5.15 BUG: unable to handle kernel paging request in bio_associate_blkg_from_css origin:lts-only C error 61353 now 673d 0/3 upstream: reported C repro on 2023/03/14 01:08

Sample crash report:
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support RENAME_WHITEOUT.
Oops: general protection fault, probably for non-canonical address 0x1fffffff47ae587d: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:rcu_read_lock_held_common kernel/rcu/update.c:113 [inline]
RIP: 0010:rcu_read_lock_held+0x1d/0x50 kernel/rcu/update.c:349
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 e8 96 00 45 0a 85 c0 74 26 31 db e8 bb 3e 01 00 84 c0 74 20 e8 52 9b 01 <00> 84 c0 74 17 48 c7 c7 e0 7a 93 8e be ff ff ff ff 5b e9 8c fc 44
RSP: 0018:ffffc9000d31d828 EFLAGS: 00010246
RAX: 1ffffffff1d27901 RBX: 0000000000000000 RCX: 0000000080000000
RDX: ffff88801f114880 RSI: ffffffff8c5fb080 RDI: ffff88801fc3f8a0
RBP: dffffc0000000000 R08: ffffffff84abe5e5 R09: 1ffffffff2854b10
R10: dffffc0000000000 R11: fffffbfff2854b11 R12: ffff888052d33110
R13: 1ffff1100a5a6637 R14: 0000000000000000 R15: ffff888052d331b8
FS:  00007ff8d87586c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 0000000038262000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 blkg_lookup block/blk-cgroup.h:259 [inline]
 blkg_lookup_create block/blk-cgroup.c:480 [inline]
 blkg_tryget_closest block/blk-cgroup.c:2054 [inline]
 bio_associate_blkg_from_css+0x380/0xc70 block/blk-cgroup.c:2088
 bio_associate_blkg+0x170/0x230 block/blk-cgroup.c:2119
 bio_init block/bio.c:265 [inline]
 bio_alloc_bioset+0x4cf/0x1130 block/bio.c:580
 bio_alloc include/linux/bio.h:374 [inline]
 submit_bh_wbc+0x275/0x580 fs/buffer.c:2794
 submit_bh fs/buffer.c:2819 [inline]
 __sync_dirty_buffer+0x23d/0x390 fs/buffer.c:2857
 ntfs_write_bh+0x5f7/0x7c0 fs/ntfs3/fsntfs.c:1481
 mi_write+0x9b/0x1e0 fs/ntfs3/record.c:397
 indx_update_dup+0x69a/0x860 fs/ntfs3/index.c:2699
 ni_update_parent+0xa18/0xdd0 fs/ntfs3/frecord.c:3224
 ni_write_inode+0xd9f/0x1020 fs/ntfs3/frecord.c:3315
 write_inode fs/fs-writeback.c:1525 [inline]
 __writeback_single_inode+0x708/0x10d0 fs/fs-writeback.c:1745
 writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1801
 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2871
 __generic_file_fsync+0x134/0x1a0 fs/libfs.c:1543
 generic_file_fsync+0x70/0xf0 fs/libfs.c:1573
 ovl_sync_file+0x3a/0x50 fs/overlayfs/copy_up.c:254
 ovl_copy_up_metadata+0xac1/0xef0 fs/overlayfs/copy_up.c:724
 ovl_copy_up_workdir fs/overlayfs/copy_up.c:816 [inline]
 ovl_do_copy_up fs/overlayfs/copy_up.c:1001 [inline]
 ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
 ovl_copy_up_flags+0x20ca/0x4720 fs/overlayfs/copy_up.c:1257
 ovl_open+0x139/0x310 fs/overlayfs/file.c:211
 do_dentry_open+0xbe1/0x1b70 fs/open.c:945
 vfs_open+0x3e/0x330 fs/open.c:1075
 dentry_open+0x61/0xa0 fs/open.c:1098
 ima_calc_file_hash+0x16b/0x1b30 security/integrity/ima/ima_crypto.c:553
 ima_collect_measurement+0x520/0xb10 security/integrity/ima/ima_api.c:293
 process_measurement+0x1351/0x1fb0 security/integrity/ima/ima_main.c:372
 ima_file_check+0xd9/0x120 security/integrity/ima/ima_main.c:572
 security_file_post_open+0xb9/0x280 security/security.c:3121
 do_open fs/namei.c:3830 [inline]
 path_openat+0x2ccd/0x3590 fs/namei.c:3987
 do_filp_open+0x27f/0x4e0 fs/namei.c:4014
 do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
 do_sys_open fs/open.c:1417 [inline]
 __do_sys_openat fs/open.c:1433 [inline]
 __se_sys_openat fs/open.c:1428 [inline]
 __x64_sys_openat+0x247/0x2a0 fs/open.c:1428
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff8d7985d29
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff8d8758038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ff8d7b75fa0 RCX: 00007ff8d7985d29
RDX: 0000000000000083 RSI: 0000000020000000 RDI: ffffffffffffff9c
RBP: 00007ff8d7a01b08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007ff8d7b75fa0 R15: 00007ffd449a4078
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:rcu_read_lock_held_common kernel/rcu/update.c:113 [inline]
RIP: 0010:rcu_read_lock_held+0x1d/0x50 kernel/rcu/update.c:349
Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 e8 96 00 45 0a 85 c0 74 26 31 db e8 bb 3e 01 00 84 c0 74 20 e8 52 9b 01 <00> 84 c0 74 17 48 c7 c7 e0 7a 93 8e be ff ff ff ff 5b e9 8c fc 44
RSP: 0018:ffffc9000d31d828 EFLAGS: 00010246
RAX: 1ffffffff1d27901 RBX: 0000000000000000 RCX: 0000000080000000
RDX: ffff88801f114880 RSI: ffffffff8c5fb080 RDI: ffff88801fc3f8a0
RBP: dffffc0000000000 R08: ffffffff84abe5e5 R09: 1ffffffff2854b10
R10: dffffc0000000000 R11: fffffbfff2854b11 R12: ffff888052d33110
R13: 1ffff1100a5a6637 R14: 0000000000000000 R15: ffff888052d331b8
FS:  00007ff8d87586c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020001000 CR3: 0000000038262000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/01/11 09:09 upstream 77a903cd8e5a 6dbc6a9b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root general protection fault in bio_associate_blkg_from_css
* Struck through repros no longer work on HEAD.