syzbot


general protection fault in submit_bio_checks

Status: upstream: reported C repro on 2022/01/31 04:06
Reported-by: syzbot+2b3f18414c37b42dcc94@syzkaller.appspotmail.com
Fix commit: 78e3437450be block: call bio_associate_blkg from bio_reset
Patched on: [ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm32 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-leak ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce ci-upstream-kmsan-gce-386 ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-riscv64]
First crash: 153d, last: 126d

Cause bisection: introduced by (bisect log) :
commit a7c50c940477bae89fb2b4f51bd969a2d95d7512
Author: Christoph Hellwig <hch@lst.de>
Date: Mon Jan 24 09:11:07 2022 +0000

  block: pass a block_device and opf to bio_reset

Crash: general protection fault in submit_bio_checks (log)
Repro: C syz .config
Patch testing requests:
Created Duration User Patch Repo Result
2022/02/04 07:07 9m hch@lst.de git://git.infradead.org/users/hch/block.git bio-reset-fix OK
2022/02/04 07:00 4m hch@lst.de git://git.infradead.org/users/hch/block.git bio-reset-fix error

Sample crash report:
general protection fault, probably for non-canonical address 0xdffffc000000002f: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000178-0x000000000000017f]
CPU: 0 PID: 3630 Comm: syz-executor110 Not tainted 5.17.0-rc2-next-20220204-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:blk_throtl_bio block/blk-throttle.h:175 [inline]
RIP: 0010:submit_bio_checks+0x7c0/0x1bf0 block/blk-core.c:765
Code: 08 3c 03 0f 8e 4a 11 00 00 48 b8 00 00 00 00 00 fc ff df 44 8b 6d 10 41 83 e5 01 4a 8d bc 2b 7c 01 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 09 11 00 00
RSP: 0018:ffffc900028ef680 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000002f RSI: ffffffff83d5f91e RDI: 000000000000017d
RBP: ffff8880159e4400 R08: ffffffff8a044fc0 R09: 0000000000000000
R10: ffffffff83d5f910 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000fffffffe R15: ffff88801a4fbb9c
FS:  0000555555b78300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555555b81628 CR3: 00000000190b0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __submit_bio+0xaf/0x360 block/blk-core.c:802
 __submit_bio_noacct_mq block/blk-core.c:881 [inline]
 submit_bio_noacct block/blk-core.c:907 [inline]
 submit_bio_noacct+0x6c9/0x8a0 block/blk-core.c:896
 submit_bio block/blk-core.c:968 [inline]
 submit_bio+0x1ea/0x430 block/blk-core.c:926
 write_dev_flush fs/btrfs/disk-io.c:4243 [inline]
 barrier_all_devices fs/btrfs/disk-io.c:4293 [inline]
 write_all_supers+0x3038/0x4440 fs/btrfs/disk-io.c:4388
 btrfs_commit_transaction+0x1be3/0x3180 fs/btrfs/transaction.c:2362
 btrfs_commit_super+0xc1/0x100 fs/btrfs/disk-io.c:4562
 close_ctree+0x314/0xccc fs/btrfs/disk-io.c:4671
 generic_shutdown_super+0x14c/0x400 fs/super.c:462
 kill_anon_super+0x36/0x60 fs/super.c:1056
 btrfs_kill_super+0x38/0x50 fs/btrfs/super.c:2365
 deactivate_locked_super+0x94/0x160 fs/super.c:332
 deactivate_super+0xad/0xd0 fs/super.c:363
 cleanup_mnt+0x3a2/0x540 fs/namespace.c:1159
 task_work_run+0xdd/0x1a0 kernel/task_work.c:164
 tracehook_notify_resume include/linux/tracehook.h:188 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:175 [inline]
 exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207
 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]
 syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300
 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f3a312e48b7
Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffff8a6f9b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f3a312e48b7
RDX: 00007ffff8a6fa79 RSI: 000000000000000a RDI: 00007ffff8a6fa70
RBP: 00007ffff8a6fa70 R08: 00000000ffffffff R09: 00007ffff8a6f850
R10: 0000555555b79653 R11: 0000000000000206 R12: 00007ffff8a70ae0
R13: 0000555555b795f0 R14: 00007ffff8a6f9e0 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:blk_throtl_bio block/blk-throttle.h:175 [inline]
RIP: 0010:submit_bio_checks+0x7c0/0x1bf0 block/blk-core.c:765
Code: 08 3c 03 0f 8e 4a 11 00 00 48 b8 00 00 00 00 00 fc ff df 44 8b 6d 10 41 83 e5 01 4a 8d bc 2b 7c 01 00 00 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 09 11 00 00
RSP: 0018:ffffc900028ef680 EFLAGS: 00010203
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000002f RSI: ffffffff83d5f91e RDI: 000000000000017d
RBP: ffff8880159e4400 R08: ffffffff8a044fc0 R09: 0000000000000000
R10: ffffffff83d5f910 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000001 R14: 00000000fffffffe R15: ffff88801a4fbb9c
FS:  0000555555b78300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000555555b81628 CR3: 00000000190b0000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	08 3c 03             	or     %bh,(%rbx,%rax,1)
   3:	0f 8e 4a 11 00 00    	jle    0x1153
   9:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  10:	fc ff df
  13:	44 8b 6d 10          	mov    0x10(%rbp),%r13d
  17:	41 83 e5 01          	and    $0x1,%r13d
  1b:	4a 8d bc 2b 7c 01 00 	lea    0x17c(%rbx,%r13,1),%rdi
  22:	00
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax <-- trapping instruction
  2e:	48 89 fa             	mov    %rdi,%rdx
  31:	83 e2 07             	and    $0x7,%edx
  34:	38 d0                	cmp    %dl,%al
  36:	7f 08                	jg     0x40
  38:	84 c0                	test   %al,%al
  3a:	0f 85 09 11 00 00    	jne    0x1149

Crashes (1258):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2022/02/12 09:07 linux-next ef6b35306dd8 8b9ca619 .config log report syz C general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/03 18:20 linux-next 2d3d8c7643a5 4ebb2798 .config log report syz C general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/23 00:38 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/22 18:27 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/22 16:04 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/22 14:57 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/22 13:23 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/22 05:26 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 22:50 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 21:20 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 20:10 linux-next ef6b35306dd8 6e821dbf .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 18:46 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 18:41 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 16:07 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 15:03 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 12:51 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 11:03 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 08:40 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 07:16 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 06:01 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 04:46 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/21 03:32 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 23:41 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 21:40 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 20:21 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 18:24 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 15:11 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 14:07 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 13:01 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 11:52 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 11:52 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 10:44 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 06:52 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 04:56 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 03:27 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/20 00:50 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 22:23 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 20:06 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 16:07 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 13:42 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 13:00 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 10:33 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 09:03 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 04:17 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/19 03:10 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/18 22:03 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/18 20:59 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/18 19:54 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/18 13:27 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/02/18 11:39 linux-next ef6b35306dd8 3cd800e4 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/01/31 00:02 linux-next b605fdc54c2b 495e00c5 .config log report info general protection fault in submit_bio_checks
ci-upstream-linux-next-kasan-gce-root 2022/01/27 03:58 linux-next 0eb96e2c58c0 2cbffd88 .config log report info general protection fault in submit_bio_checks