syzbot


general protection fault in rcu_core (2)

Status: auto-obsoleted due to no activity on 2024/04/17 10:35
Subsystems: reiserfs
[Documentation on labels]
Reported-by: syzbot+b23c4c9d3d228ba328d7@syzkaller.appspotmail.com
First crash: 487d, last: 271d
Cause bisection: introduced by (bisect log) :
commit 2acf15b94d5b8ea8392c4b6753a6ffac3135cd78
Author: Yu Kuai <yukuai3@huawei.com>
Date: Fri Jul 2 04:07:43 2021 +0000

  reiserfs: add check for root_inode in reiserfs_fill_super

Crash: possible deadlock in fs_reclaim_acquire (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 6f861765464f43a71462d52026fbddfc858239a5
Author: Jan Kara <jack@suse.cz>
Date: Wed Nov 1 17:43:10 2023 +0000

  fs: Block writes to mounted block devices

  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [reiserfs?] general protection fault in rcu_core (2) 2 (5) 2024/03/04 12:37
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in rcu_core kernel syz done 1 1914d 1914d 12/28 fixed on 2019/08/27 17:15
upstream BUG: unable to handle kernel NULL pointer dereference in rcu_core (2) arm 3 664d 679d 0/28 auto-obsoleted due to no activity on 2023/03/11 02:30
upstream BUG: unable to handle kernel NULL pointer dereference in rcu_core kernel 1 1680d 1676d 0/28 auto-closed as invalid on 2020/04/29 14:31
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/03/02 10:21 1h02m retest repro upstream OK log
2023/12/23 08:16 1h49m retest repro upstream report log
2023/10/22 08:39 13m retest repro upstream report log
2023/08/31 03:38 1h11m retest repro upstream report log
Fix bisection attempts (6)
Created Duration User Patch Repo Result
2024/03/04 03:59 8h36m bisect fix upstream OK (1) job log
2024/01/08 08:16 2h18m bisect fix upstream OK (0) job log log
2023/12/09 05:31 2h35m bisect fix upstream OK (0) job log log
2023/11/09 01:07 2h17m bisect fix upstream OK (0) job log log
2023/10/08 00:53 2h40m bisect fix upstream OK (0) job log log
2023/08/09 14:20 2h19m bisect fix upstream OK (0) job log log
Cause bisection attempts (2)
Created Duration User Patch Repo Result
2023/06/14 10:55 11h22m bisect upstream OK (1) job log log
2023/06/06 15:14 3h55m bisect upstream error job log

Sample crash report:
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 0 P4D 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0-syzkaller-01406-ge8f75c0270d9 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90000007e68 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8880b983d340 RCX: a8465ad1c6353a91
RDX: 1ffffffff1892c10 RSI: 0000000000000101 RDI: ffff888077215b80
RBP: 0000000000000001 R08: ffffffff816f28bd R09: ffffffff9153dd1f
R10: fffffbfff22a7ba3 R11: 0000000000000400 R12: dffffc0000000000
R13: ffff888077215b80 R14: ffffc90000007ee8 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000002c80d000 CR4: 0000000000350ef0
Call Trace:
 <IRQ>
 rcu_do_batch kernel/rcu/tree.c:2135 [inline]
 rcu_core+0x802/0x1c10 kernel/rcu/tree.c:2399
 __do_softirq+0x1d4/0x905 kernel/softirq.c:553
 invoke_softirq kernel/softirq.c:427 [inline]
 __irq_exit_rcu kernel/softirq.c:632 [inline]
 irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1109
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:645
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:72 [inline]
RIP: 0010:acpi_safe_halt+0x40/0x50 drivers/acpi/processor_idle.c:113
Code: eb 03 83 e3 01 89 de 0f 1f 44 00 00 84 db 75 1b 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d e7 57 a0 00 0f 1f 44 00 00 fb f4 <fa> 5b c3 cc 0f 1f 00 66 0f 1f 84 00 00 00 00 00 55 48 89 fd 53 0f
RSP: 0018:ffffffff8c407d18 EFLAGS: 00000246
RAX: ffffffff8c4955c0 RBX: 0000000000000000 RCX: ffffffff8a11ed45
RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88801369c064 R08: 0000000000000001 R09: ffff8880b9836d2b
R10: ffffed1017306da5 R11: 0000000000000000 R12: 0000000000000001
R13: ffff88801369c000 R14: ffff88801369c064 R15: 0000000000000000
 acpi_idle_do_entry+0x53/0x70 drivers/acpi/processor_idle.c:573
 acpi_idle_enter+0x173/0x290 drivers/acpi/processor_idle.c:707
 cpuidle_enter_state+0xd3/0x6f0 drivers/cpuidle/cpuidle.c:267
 cpuidle_enter+0x4e/0xa0 drivers/cpuidle/cpuidle.c:388
 cpuidle_idle_call kernel/sched/idle.c:215 [inline]
 do_idle+0x2fe/0x3c0 kernel/sched/idle.c:282
 cpu_startup_entry+0x18/0x20 kernel/sched/idle.c:379
 rest_init+0x16f/0x2b0 init/main.c:733
 arch_call_rest_init+0x13/0x30 init/main.c:830
 start_kernel+0x3b1/0x490 init/main.c:1074
 x86_64_start_reservations+0x18/0x30 arch/x86/kernel/head64.c:556
 x86_64_start_kernel+0xb3/0xc0 arch/x86/kernel/head64.c:537
 secondary_startup_64_no_verify+0x167/0x16b
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc90000007e68 EFLAGS: 00010246

RAX: 0000000000000000 RBX: ffff8880b983d340 RCX: a8465ad1c6353a91
RDX: 1ffffffff1892c10 RSI: 0000000000000101 RDI: ffff888077215b80
RBP: 0000000000000001 R08: ffffffff816f28bd R09: ffffffff9153dd1f
R10: fffffbfff22a7ba3 R11: 0000000000000400 R12: dffffc0000000000
R13: ffff888077215b80 R14: ffffc90000007ee8 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000002c80d000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	eb 03                	jmp    0x5
   2:	83 e3 01             	and    $0x1,%ebx
   5:	89 de                	mov    %ebx,%esi
   7:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   c:	84 db                	test   %bl,%bl
   e:	75 1b                	jne    0x2b
  10:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  15:	eb 0c                	jmp    0x23
  17:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  1c:	0f 00 2d e7 57 a0 00 	verw   0xa057e7(%rip)        # 0xa0580a
  23:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  28:	fb                   	sti
  29:	f4                   	hlt
* 2a:	fa                   	cli <-- trapping instruction
  2b:	5b                   	pop    %rbx
  2c:	c3                   	retq
  2d:	cc                   	int3
  2e:	0f 1f 00             	nopl   (%rax)
  31:	66 0f 1f 84 00 00 00 	nopw   0x0(%rax,%rax,1)
  38:	00 00
  3a:	55                   	push   %rbp
  3b:	48 89 fd             	mov    %rdi,%rbp
  3e:	53                   	push   %rbx
  3f:	0f                   	.byte 0xf

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/06/28 17:48 upstream e8f75c0270d9 8064cb02 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in rcu_core
2023/06/06 13:02 upstream f8dba31b0a82 a4ae4f42 .config console log report syz C [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in rcu_core
2023/06/06 12:38 upstream f8dba31b0a82 a4ae4f42 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in rcu_core
2023/06/26 10:05 upstream 6995e2de6891 09ffe269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in rcu_core
* Struck through repros no longer work on HEAD.