syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

INFO: trying to register non-static key in unmap_page_range (2)

Status: auto-closed as invalid on 2021/10/24 01:38
Reported-by: syzbot+da5446662d669fe90c83@syzkaller.appspotmail.com
First crash: 1059d, last: 1035d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 INFO: trying to register non-static key in unmap_page_range 1 1425d 1425d 0/1 auto-closed as invalid on 2020/09/29 05:44
upstream INFO: trying to register non-static key in unmap_page_range mm 1 1333d 1329d 0/26 auto-closed as invalid on 2020/12/30 10:17

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
CPU: 0 PID: 10568 Comm: systemd-udevd Not tainted 4.19.195-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 assign_lock_key kernel/locking/lockdep.c:728 [inline]
 register_lock_class+0xe82/0x11c0 kernel/locking/lockdep.c:754
 __lock_acquire+0x17d/0x3ff0 kernel/locking/lockdep.c:3304
 lock_acquire+0x170/0x3c0 kernel/locking/lockdep.c:3908
 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]
 _raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:144
 spin_lock include/linux/spinlock.h:329 [inline]
 zap_pte_range mm/memory.c:1311 [inline]
 zap_pmd_range mm/memory.c:1452 [inline]
 zap_pud_range mm/memory.c:1481 [inline]
 zap_p4d_range mm/memory.c:1502 [inline]
 unmap_page_range+0xa1c/0x2a70 mm/memory.c:1523
IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
 unmap_single_vma+0x198/0x300 mm/memory.c:1568
 unmap_vmas+0xa9/0x180 mm/memory.c:1598
 exit_mmap+0x2b9/0x530 mm/mmap.c:3093
 __mmput kernel/fork.c:1015 [inline]
 mmput+0x14e/0x4a0 kernel/fork.c:1036
 exit_mm kernel/exit.c:549 [inline]
 do_exit+0xaec/0x2be0 kernel/exit.c:857
 do_group_exit+0x125/0x310 kernel/exit.c:967
 __do_sys_exit_group kernel/exit.c:978 [inline]
 __se_sys_exit_group kernel/exit.c:976 [inline]
 __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:976
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
RIP: 0033:0x7f6c710fe618
Code: Bad RIP value.
RSP: 002b:00007ffcc0f7fde8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007ffcc0f7feb0 RCX: 00007f6c710fe618
RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
RBP: 00007ffcc0f7ff60 R08: 00000000000000e7 R09: fffffffffffffe50
R10: 00000000ffffffff R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000003 R15: 000000000000000e
IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 45859)!
EXT4-fs (loop5): group descriptors corrupted!
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 45859)!
EXT4-fs (loop5): group descriptors corrupted!
IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
BTRFS: device fsid ae799b69-81d1-4c28-b557-59da836a744a devid 1 transid 7 /dev/loop5
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
BTRFS info (device loop5): disk space caching is enabled
BTRFS info (device loop5): has skinny extents
IPVS: ftp: loaded support on port[0] = 21
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
attempt to access beyond end of device
loop5: rw=4096, want=43072, limit=267
attempt to access beyond end of device
loop5: rw=4096, want=59456, limit=267
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
BTRFS error (device loop5): failed to read chunk root
IPVS: ftp: loaded support on port[0] = 21
BTRFS error (device loop5): open_ctree failed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
BTRFS info (device loop5): disk space caching is enabled
device geneve2 entered promiscuous mode
BTRFS info (device loop5): has skinny extents
attempt to access beyond end of device
loop5: rw=4096, want=43072, limit=267
attempt to access beyond end of device
loop5: rw=4096, want=59456, limit=267
BTRFS error (device loop5): failed to read chunk root
BTRFS error (device loop5): open_ctree failed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
BTRFS info (device loop5): disk space caching is enabled
BTRFS info (device loop5): has skinny extents
attempt to access beyond end of device
loop5: rw=4096, want=43072, limit=267
attempt to access beyond end of device
loop5: rw=4096, want=59456, limit=267
BTRFS error (device loop5): failed to read chunk root
BTRFS error (device loop5): open_ctree failed
BTRFS info (device loop5): disk space caching is enabled
l2tp_mt_check6: 32 callbacks suppressed
xt_l2tp: v2 doesn't support IP mode
BTRFS info (device loop5): has skinny extents
xt_l2tp: v2 doesn't support IP mode
attempt to access beyond end of device
loop5: rw=4096, want=43072, limit=267
attempt to access beyond end of device
loop5: rw=4096, want=59456, limit=267
xt_l2tp: v2 doesn't support IP mode
BTRFS error (device loop5): failed to read chunk root
BTRFS error (device loop5): open_ctree failed
xt_l2tp: v2 doesn't support IP mode
xt_l2tp: v2 doesn't support IP mode
xt_l2tp: v2 doesn't support IP mode
xt_l2tp: v2 doesn't support IP mode
xt_l2tp: v2 doesn't support IP mode
xt_l2tp: v2 doesn't support IP mode
xt_l2tp: v2 doesn't support IP mode
EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 64)!
EXT4-fs (loop4): group descriptors corrupted!
EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 64)!
EXT4-fs (loop4): group descriptors corrupted!
device bond0 entered promiscuous mode
device bond_slave_0 entered promiscuous mode
device bond_slave_1 entered promiscuous mode
EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 64)!
EXT4-fs error (device loop5): ext4_fill_super:4443: inode #2: comm syz-executor.5: iget: root inode unallocated
EXT4-fs (loop4): group descriptors corrupted!
EXT4-fs (loop5): get root inode failed
EXT4-fs (loop5): mount failed
EXT4-fs error (device loop5): ext4_fill_super:4443: inode #2: comm syz-executor.5: iget: root inode unallocated
EXT4-fs (loop5): get root inode failed
EXT4-fs (loop5): mount failed
nla_parse: 9 callbacks suppressed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 64)!
EXT4-fs (loop4): group descriptors corrupted!
EXT4-fs error (device loop5): ext4_fill_super:4443: inode #2: comm syz-executor.5: iget: root inode unallocated
EXT4-fs (loop5): get root inode failed
EXT4-fs (loop5): mount failed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 not in group (block 64)!
EXT4-fs (loop4): group descriptors corrupted!
EXT4-fs error (device loop5): ext4_fill_super:4443: inode #2: comm syz-executor.5: iget: root inode unallocated
EXT4-fs (loop5): get root inode failed
EXT4-fs (loop5): mount failed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
EXT4-fs error (device loop5): ext4_fill_super:4443: inode #2: comm syz-executor.5: iget: root inode unallocated
EXT4-fs (loop5): get root inode failed
EXT4-fs (loop5): mount failed
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
F2FS-fs (loop4): Invalid blocksize (1), supports only 4KB

F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
F2FS-fs (loop4): Invalid blocksize (1), supports only 4KB

F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
audit: type=1800 audit(1624671485.996:42): pid=12299 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.1" name="memory.current" dev="sda1" ino=14659 res=0

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/06/26 01:38 linux-4.19.y eb575cd5d7f6 ae6bf8dd .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in unmap_page_range
2021/06/02 04:48 linux-4.19.y 6b7b0056defc 032639db .config console log report info ci2-linux-4-19 INFO: trying to register non-static key in unmap_page_range
* Struck through repros no longer work on HEAD.