syzbot


BUG: unable to handle kernel paging request in qlist_free_all (5)

Status: auto-closed as invalid on 2019/09/24 08:20
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+dbf57d12973d31a0bf29@syzkaller.appspotmail.com
First crash: 1829d, last: 1827d
Similar bugs (6)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: unable to handle kernel NULL pointer dereference in qlist_free_all (2) 8 805d 1042d 0/1 auto-closed as invalid on 2022/05/13 11:55
upstream BUG: unable to handle kernel paging request in qlist_free_all (2) mm 4 2307d 2312d 0/26 closed as invalid on 2017/12/05 10:45
upstream BUG: unable to handle kernel paging request in qlist_free_all mm 1 2341d 2341d 0/26 closed as invalid on 2017/10/30 13:35
upstream BUG: unable to handle kernel paging request in qlist_free_all (7) kernel 20 846d 1067d 0/26 auto-closed as invalid on 2022/03/03 13:56
upstream BUG: unable to handle kernel paging request in qlist_free_all (4) kernel syz 17 2090d 2210d 0/26 closed as dup on 2018/07/08 14:57
upstream BUG: unable to handle kernel paging request in qlist_free_all (6) kernfs 1 1270d 1266d 0/26 auto-closed as invalid on 2021/01/03 14:25

Sample crash report:
BUG: unable to handle kernel paging request at ffffe8ffffe00000
#PF error: [normal kernel read fault]
PGD 12c25b067 P4D 12c25b067 PUD 12c25c067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9526 Comm: ps Not tainted 5.0.0+ #137
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43
Code: 90 90 90 90 90 90 48 89 f8 48 83 fa 20 0f 82 03 01 00 00 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f 9f 00 00 00 48 89 d1 <f3> a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 3b 48 83 ea 20 48
RSP: 0018:ffff8880653c7bf8 EFLAGS: 00010006
RAX: ffffe8ffffda3010 RBX: 00000000000000d8 RCX: 00000007fffa31c0
RDX: 00000007fffffaf0 RSI: ffffe8ffffe00000 RDI: ffffe8ffffdff940
RBP: ffff8880653c7c60 R08: 1ffff11013673b60 R09: ffffed1013673b61
R10: ffffed1013673b60 R11: ffff88809b39db03 R12: ffff8880a7e42c80
R13: ffff8880979f4b40 R14: ffff8880653c7c20 R15: ffffe8ffffda3000
FS:  00007f379669c700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffe00000 CR3: 00000000a8e99000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 qlink_free mm/kasan/quarantine.c:148 [inline]
 qlist_free_all+0x85/0x150 mm/kasan/quarantine.c:167
 quarantine_reduce+0x169/0x1b0 mm/kasan/quarantine.c:260
 __kasan_kmalloc.constprop.0+0xa3/0xe0 mm/kasan/common.c:478
 kasan_slab_alloc+0xf/0x20 mm/kasan/common.c:505
 slab_post_alloc_hook mm/slab.h:436 [inline]
 slab_alloc mm/slab.c:3392 [inline]
 kmem_cache_alloc+0x11a/0x6f0 mm/slab.c:3554
 getname_flags fs/namei.c:138 [inline]
 getname_flags+0xd6/0x5b0 fs/namei.c:128
 getname+0x1a/0x20 fs/namei.c:209
 do_sys_open+0x2c9/0x5d0 fs/open.c:1057
 __do_sys_open fs/open.c:1081 [inline]
 __se_sys_open fs/open.c:1076 [inline]
 __x64_sys_open+0x7e/0xc0 fs/open.c:1076
 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f3795fa3120
Code: 48 8b 15 1b 4d 2b 00 f7 d8 64 89 02 83 c8 ff c3 90 90 90 90 90 90 90 90 90 90 83 3d d5 a4 2b 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 5e 8c 01 00 48 89 04 24
RSP: 002b:00007ffe56e5ab78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
RAX: ffffffffffffffda RBX: 0000000000616760 RCX: 00007f3795fa3120
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007f3796471d00
RBP: 0000000000001000 R08: 0000000000000000 R09: 00007f379626ba10
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3796470d00
R13: 00000000012b11e0 R14: 0000000000000005 R15: 0000000000000000
Modules linked in:
CR2: ffffe8ffffe00000
---[ end trace a9e29e539966b878 ]---
RIP: 0010:__memmove+0x24/0x1a0 arch/x86/lib/memmove_64.S:43
Code: 90 90 90 90 90 90 48 89 f8 48 83 fa 20 0f 82 03 01 00 00 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f 9f 00 00 00 48 89 d1 <f3> a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 3b 48 83 ea 20 48
RSP: 0018:ffff8880653c7bf8 EFLAGS: 00010006
RAX: ffffe8ffffda3010 RBX: 00000000000000d8 RCX: 00000007fffa31c0
RDX: 00000007fffffaf0 RSI: ffffe8ffffe00000 RDI: ffffe8ffffdff940
RBP: ffff8880653c7c60 R08: 1ffff11013673b60 R09: ffffed1013673b61
R10: ffffed1013673b60 R11: ffff88809b39db03 R12: ffff8880a7e42c80
R13: ffff8880979f4b40 R14: ffff8880653c7c20 R15: ffffe8ffffda3000
FS:  00007f379669c700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffe00000 CR3: 00000000a8e99000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/03/26 12:44 net-old 27602e2c44da 55684ce1 .config console log report ci-upstream-net-this-kasan-gce
2019/03/28 08:19 net-next-old 356d71e00d27 f94f56fe .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.