From: syzbot <syzbot+aafb3f37cfeb6534c4ac@syzkaller.appspotmail.com>
To: hsiangkao@linux.alibaba.com, linux-erofs@lists.ozlabs.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
xiang@kernel.org
Subject: Re: [syzbot] [erofs?] WARNING in rmqueue
Date: Mon, 10 Apr 2023 02:26:23 -0700 [thread overview]
Message-ID: <000000000000ebd27d05f8f7f713@google.com> (raw)
In-Reply-To: <90d29dc6-39b3-439c-904b-7a2207610d64@linux.alibaba.com>
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in z_erofs_decompress_queue
BUG: unable to handle page fault for address: fffff52101a3fff9
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 23ffed067 P4D 23ffed067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 4398 Comm: kworker/u5:1 Not tainted 6.3.0-rc6-syzkaller-g09a9639e56c0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/30/2023
Workqueue: erofs_worker z_erofs_decompressqueue_work
RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40
Code: 0a 48 8b 7c 24 68 e8 51 fe 00 fe 89 db 48 c1 e3 03 48 03 9c 24 20 03 00 00 49 89 de 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 06 00 74 08 48 89 df e8 23 fe 00 fe 48 83 3b 00 0f 84 a1
RSP: 0018:ffffc90006a5f7c0 EFLAGS: 00010a06
RAX: dffffc0000000000 RBX: ffffc9080d1fffc8 RCX: 1ffff92000d4bf5c
RDX: ffff88802b800000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90006a5fbb0 R08: ffffffff83ddecfa R09: fffff52001a40000
R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000ffff8f00
R13: ffff888073fad0b8 R14: 1ffff92101a3fff9 R15: ffffea0001b54b40
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff52101a3fff9 CR3: 000000002b4b9000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
z_erofs_decompressqueue_work+0x99/0xe0
process_one_work+0x8f6/0x1170
worker_thread+0xa63/0x1210
kthread+0x270/0x300
ret_from_fork+0x1f/0x30
</TASK>
Modules linked in:
CR2: fffff52101a3fff9
---[ end trace 0000000000000000 ]---
RIP: 0010:z_erofs_decompress_queue+0xb7e/0x2b40
Code: 0a 48 8b 7c 24 68 e8 51 fe 00 fe 89 db 48 c1 e3 03 48 03 9c 24 20 03 00 00 49 89 de 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 06 00 74 08 48 89 df e8 23 fe 00 fe 48 83 3b 00 0f 84 a1
RSP: 0018:ffffc90006a5f7c0 EFLAGS: 00010a06
RAX: dffffc0000000000 RBX: ffffc9080d1fffc8 RCX: 1ffff92000d4bf5c
RDX: ffff88802b800000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90006a5fbb0 R08: ffffffff83ddecfa R09: fffff52001a40000
R10: 0000000000000000 R11: dffffc0000000001 R12: 00000000ffff8f00
R13: ffff888073fad0b8 R14: 1ffff92101a3fff9 R15: ffffea0001b54b40
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff52101a3fff9 CR3: 000000002b4b9000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 48 8b 7c 24 68 mov 0x68(%rsp),%rdi
5: e8 51 fe 00 fe callq 0xfe00fe5b
a: 89 db mov %ebx,%ebx
c: 48 c1 e3 03 shl $0x3,%rbx
10: 48 03 9c 24 20 03 00 add 0x320(%rsp),%rbx
17: 00
18: 49 89 de mov %rbx,%r14
1b: 49 c1 ee 03 shr $0x3,%r14
1f: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
26: fc ff df
* 29: 41 80 3c 06 00 cmpb $0x0,(%r14,%rax,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 23 fe 00 fe callq 0xfe00fe5b
38: 48 83 3b 00 cmpq $0x0,(%rbx)
3c: 0f .byte 0xf
3d: 84 .byte 0x84
3e: a1 .byte 0xa1
Tested on:
commit: 09a9639e Linux 6.3-rc6
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ v6.3-rc6
console output: https://syzkaller.appspot.com/x/log.txt?x=1125d353c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=174dd96f08254844
dashboard link: https://syzkaller.appspot.com/bug?extid=aafb3f37cfeb6534c4ac
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Note: no patches were applied.
next prev parent reply other threads:[~2023-04-10 9:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-29 8:43 [syzbot] WARNING in rmqueue syzbot
2022-11-29 17:08 ` syzbot
2023-04-10 9:03 ` Gao Xiang
2023-04-10 9:26 ` syzbot [this message]
2023-04-11 7:43 ` [syzbot] [erofs?] " Gao Xiang
2023-04-11 7:45 ` syzbot
2023-04-11 7:45 ` Gao Xiang
2023-04-11 8:13 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000ebd27d05f8f7f713@google.com \
--to=syzbot+aafb3f37cfeb6534c4ac@syzkaller.appspotmail.com \
--cc=hsiangkao@linux.alibaba.com \
--cc=linux-erofs@lists.ozlabs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=xiang@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.