syzbot


general protection fault in put_pwq_unlocked (2)

Status: upstream: reported on 2024/10/20 06:45
Subsystems: btrfs
[Documentation on labels]
Reported-by: syzbot+aa930d41d2f32904c5da@syzkaller.appspotmail.com
First crash: 70d, last: 1h04m
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [btrfs?] general protection fault in put_pwq_unlocked (2) 0 (1) 2024/10/20 06:45
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in put_pwq_unlocked btrfs 7 184d 198d 26/28 fixed on 2024/07/31 03:12

Sample crash report:
syz.4.149: attempt to access beyond end of device
loop4: rw=4096, sector=0, nr_sectors = 1 limit=0
Oops: general protection fault, probably for non-canonical address 0xe67fbc801ffff113: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: maybe wild-memory-access in range [0x33fe0400ffff8898-0x33fe0400ffff889f]
CPU: 0 UID: 0 PID: 6369 Comm: syz.4.149 Not tainted 6.13.0-rc1-syzkaller-00036-g5076001689e4 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:__lock_acquire+0x6a/0x2100 kernel/locking/lockdep.c:5089
Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d bb 9b 9d 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 a8 7b 8c 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc9000d0df830 EFLAGS: 00010002
RAX: 067fc0801ffff113 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 33fe0400ffff8898
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff2030367 R12: ffff888027e20000
R13: 0000000000000000 R14: 0000000000000000 R15: 33fe0400ffff8898
FS:  00007fcc4b2f86c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5e2b963360 CR3: 000000007eec2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 __raw_spin_lock_irq include/linux/spinlock_api_smp.h:119 [inline]
 _raw_spin_lock_irq+0xd3/0x120 kernel/locking/spinlock.c:170
 put_pwq_unlocked+0x42/0x190 kernel/workqueue.c:1662
 destroy_workqueue+0x99d/0xc40 kernel/workqueue.c:5897
 xfs_fs_fill_super+0x5c3/0x1590 fs/xfs/xfs_super.c:1823
 get_tree_bdev_flags+0x48c/0x5c0 fs/super.c:1636
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4057 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcc4a57ff19
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcc4b2f8058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fcc4a745fa0 RCX: 00007fcc4a57ff19
RDX: 00000000200000c0 RSI: 0000000020000100 RDI: 0000000020000000
RBP: 00007fcc4a5f3986 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000808c12 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcc4a745fa0 R15: 00007ffd0dcf8558
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0x6a/0x2100 kernel/locking/lockdep.c:5089
Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d bb 9b 9d 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 a8 7b 8c 00 48 be 00 00 00 00 00 fc
RSP: 0018:ffffc9000d0df830 EFLAGS: 00010002
RAX: 067fc0801ffff113 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 33fe0400ffff8898
RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000001
R10: dffffc0000000000 R11: fffffbfff2030367 R12: ffff888027e20000
R13: 0000000000000000 R14: 0000000000000000 R15: 33fe0400ffff8898
FS:  00007fcc4b2f86c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f5e2b963360 CR3: 000000007eec2000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	b6 04                	mov    $0x4,%dh
   2:	30 84 c0 0f 85 f8 16 	xor    %al,0x16f8850f(%rax,%rax,8)
   9:	00 00                	add    %al,(%rax)
   b:	45 31 f6             	xor    %r14d,%r14d
   e:	83 3d bb 9b 9d 0e 00 	cmpl   $0x0,0xe9d9bbb(%rip)        # 0xe9d9bd0
  15:	0f 84 c8 13 00 00    	je     0x13e3
  1b:	89 54 24 60          	mov    %edx,0x60(%rsp)
  1f:	89 5c 24 38          	mov    %ebx,0x38(%rsp)
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 30 00          	cmpb   $0x0,(%rax,%rsi,1) <-- trapping instruction
  2e:	74 12                	je     0x42
  30:	4c 89 ff             	mov    %r15,%rdi
  33:	e8 a8 7b 8c 00       	call   0x8c7be0
  38:	48                   	rex.W
  39:	be 00 00 00 00       	mov    $0x0,%esi
  3e:	00 fc                	add    %bh,%ah

Crashes (24):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/05 18:48 upstream 5076001689e4 29f61fce .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/12/04 03:03 upstream ceb8bf2ceaa7 b50eb251 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/12/01 05:53 upstream bcc8eda6d349 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/30 16:55 upstream 2ba9f676d0a2 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/29 11:11 upstream 7af08b57bcb9 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/26 14:23 upstream 7eef7e306d3c e9a9a9f2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/22 07:15 upstream 28eb75e178d3 4b25d554 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/20 06:58 upstream bf9aa14fc523 7d02db5a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/16 20:56 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/16 15:01 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/11 17:12 upstream 2d5404caa8c7 0c4b1325 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/10 05:29 upstream de2f378f2b77 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/09 06:31 upstream f1dce1f09380 6b856513 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/11/06 18:10 upstream 2e1b3cc9d7f7 df3dc63b .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/10/21 08:33 upstream 42f7652d3eb5 cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/10/20 03:14 upstream f9e4825524aa cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/10/19 12:50 upstream 3d5ad2d4eca3 cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/10/18 11:49 upstream 4d939780b705 666f77ed .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/09/26 14:16 upstream 11a299a7933e 0d19f247 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs general protection fault in put_pwq_unlocked
2024/12/01 01:08 linux-next f486c8aa16b8 68914665 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in put_pwq_unlocked
2024/11/24 14:01 linux-next cfba9f07a1d6 68da6d95 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in put_pwq_unlocked
2024/11/03 05:14 linux-next c88416ba074a f00eed24 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in put_pwq_unlocked
2024/10/20 06:44 linux-next 15e7d45e786a cd6fc0a3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in put_pwq_unlocked
2024/11/16 15:18 upstream e8bdb3c8be08 cfe3a04a .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs BUG: unable to handle kernel paging request in put_pwq_unlocked
* Struck through repros no longer work on HEAD.