syzbot


general protection fault in simple_recursive_removal (2)
Status: upstream: reported C repro on 2022/04/05 23:08
Reported-by: syzbot+17404da5afdf21e8d612@syzkaller.appspotmail.com
First crash: 63d, last: 27d

Cause bisection: failed (bisect log)
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in simple_recursive_removal 2 813d 868d 0/22 closed as dup on 2020/06/28 17:09
Patch testing requests:
Created Duration User Patch Repo Result
2022/04/06 07:31 11m hdanton@sina.com patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ ce4c854ee868 OK

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000002a: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000150-0x0000000000000157]
CPU: 0 PID: 3660 Comm: udevd Not tainted 5.18.0-rc1-syzkaller-00184-g1831fed55973 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__lock_acquire+0x6a/0x1f80 kernel/locking/lockdep.c:4899
Code: ff df 8a 04 10 84 c0 0f 85 60 16 00 00 83 3d e0 69 79 0c 00 0f 84 10 15 00 00 83 3d ff 99 17 0b 00 74 2c 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 58 cf 6f 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003d9f9a8 EFLAGS: 00010002
RAX: 000000000000002a RBX: 0000000000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000150
RBP: ffff88801950ba00 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1bc0666 R11: 1ffffffff1bc0665 R12: 0000000000000000
R13: 0000000000000150 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f0cae52d840(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd77ffbe90 CR3: 000000001f903000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 lock_acquire+0x1a7/0x400 kernel/locking/lockdep.c:5641
 down_write+0x95/0x170 kernel/locking/rwsem.c:1514
 inode_lock include/linux/fs.h:748 [inline]
 simple_recursive_removal+0x8e/0x860 fs/libfs.c:276
 debugfs_remove+0x45/0x60 fs/debugfs/inode.c:742
 blk_mq_debugfs_unregister_queue_rqos+0x3c/0x60 block/blk-mq-debugfs.c:840
 rq_qos_exit+0x23/0xf0 block/blk-rq-qos.c:297
 disk_release_mq block/genhd.c:1142 [inline]
 disk_release+0x174/0x300 block/genhd.c:1168
 device_release+0x98/0x1c0
 kobject_cleanup+0x235/0x470 lib/kobject.c:705
 blkdev_close+0x55/0x80 block/fops.c:512
 __fput+0x3b9/0x820 fs/file_table.c:317
 task_work_run+0x146/0x1c0 kernel/task_work.c:164
 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
 exit_to_user_mode_loop+0x134/0x160 kernel/entry/common.c:169
 exit_to_user_mode_prepare+0xad/0x110 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:283 [inline]
 syscall_exit_to_user_mode+0x2e/0x70 kernel/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f0cae125fc3
Code: 48 ff ff ff b8 ff ff ff ff e9 3e ff ff ff 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8
RSP: 002b:00007ffd77ffeb98 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 00007f0cae52d6a8 RCX: 00007f0cae125fc3
RDX: 000000000000001c RSI: 00007ffd77ffe398 RDI: 0000000000000008
RBP: 000055572a3b90c0 R08: 0000000000000007 R09: 000055572a3b5240
R10: 00007f0cae1b4fc0 R11: 0000000000000246 R12: 0000000000000002
R13: 000055572a39caa0 R14: 0000000000000008 R15: 000055572a393910
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__lock_acquire+0x6a/0x1f80 kernel/locking/lockdep.c:4899
Code: ff df 8a 04 10 84 c0 0f 85 60 16 00 00 83 3d e0 69 79 0c 00 0f 84 10 15 00 00 83 3d ff 99 17 0b 00 74 2c 4c 89 e8 48 c1 e8 03 <80> 3c 10 00 74 12 4c 89 ef e8 58 cf 6f 00 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003d9f9a8 EFLAGS: 00010002
RAX: 000000000000002a RBX: 0000000000000000 RCX: 0000000000000000
RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 0000000000000150
RBP: ffff88801950ba00 R08: 0000000000000001 R09: 0000000000000000
R10: fffffbfff1bc0666 R11: 1ffffffff1bc0665 R12: 0000000000000000
R13: 0000000000000150 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f0cae52d840(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd77ffbe90 CR3: 000000001f903000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	df 8a 04 10 84 c0    	fisttps -0x3f7beffc(%rdx)
   6:	0f 85 60 16 00 00    	jne    0x166c
   c:	83 3d e0 69 79 0c 00 	cmpl   $0x0,0xc7969e0(%rip)        # 0xc7969f3
  13:	0f 84 10 15 00 00    	je     0x1529
  19:	83 3d ff 99 17 0b 00 	cmpl   $0x0,0xb1799ff(%rip)        # 0xb179a1f
  20:	74 2c                	je     0x4e
  22:	4c 89 e8             	mov    %r13,%rax
  25:	48 c1 e8 03          	shr    $0x3,%rax
* 29:	80 3c 10 00          	cmpb   $0x0,(%rax,%rdx,1) <-- trapping instruction
  2d:	74 12                	je     0x41
  2f:	4c 89 ef             	mov    %r13,%rdi
  32:	e8 58 cf 6f 00       	callq  0x6fcf8f
  37:	48                   	rex.W
  38:	ba 00 00 00 00       	mov    $0x0,%edx
  3d:	00 fc                	add    %bh,%ah

Crashes (19):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2022/04/08 22:04 upstream 1831fed55973 15be3cba .config log report syz C general protection fault in simple_recursive_removal
ci-upstream-kasan-gce 2022/04/06 00:44 upstream ce4c854ee868 0127c10f .config log report syz C general protection fault in simple_recursive_removal
ci-upstream-linux-next-kasan-gce-root 2022/04/09 14:30 linux-next ff511c1c68a5 e22c3da3 .config log report syz C general protection fault in simple_recursive_removal
ci-upstream-kasan-gce-root 2022/04/05 23:07 upstream ce4c854ee868 0127c10f .config log report syz general protection fault in simple_recursive_removal
ci-upstream-kasan-gce 2022/04/23 18:04 upstream 13bc32bad705 131df97d .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce-smack-root 2022/04/18 00:27 upstream b2d229d4ddb1 8bcc32a6 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce 2022/04/16 11:42 upstream 59250f8a7f3a 8bcc32a6 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce 2022/04/13 13:57 upstream a19944809fe9 faabdb86 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce 2022/04/10 11:48 upstream e1f700ebd6be e22c3da3 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce 2022/04/09 17:30 upstream f1b45d8ccb98 e22c3da3 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce 2022/04/09 13:13 upstream 6c7376da2358 e22c3da3 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce-root 2022/04/05 21:35 upstream ce4c854ee868 0127c10f .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce-selinux-root 2022/04/05 19:36 upstream ce4c854ee868 0127c10f .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce-386 2022/04/07 18:01 upstream 3e732ebf7316 c6ff3e05 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce-386 2022/04/07 16:22 upstream 3e732ebf7316 c6ff3e05 .config log report info general protection fault in simple_recursive_removal
ci-upstream-kasan-gce-386 2022/04/07 04:03 upstream 3e732ebf7316 97582466 .config log report info general protection fault in simple_recursive_removal
ci-upstream-linux-next-kasan-gce-root 2022/04/30 03:31 linux-next 5469f0c06732 ad6b95d8 .config log report info general protection fault in simple_recursive_removal
ci-upstream-linux-next-kasan-gce-root 2022/04/05 10:17 linux-next 3ccc91681259 5915c2cb .config log report info general protection fault in simple_recursive_removal
ci-upstream-linux-next-kasan-gce-root 2022/03/25 11:46 linux-next fd4fbb998102 89bc8608 .config log report info general protection fault in simple_recursive_removal