[syzbot] [maple-tree?] BUG: unable to handle kernel paging request in mas_walk
18 views
Skip to first unread message
syzbot
Jun 3, 2024, 10:23:26 PMJun 3
to Liam.H...@oracle.com, ak...@linux-foundation.org, linux-...@vger.kernel.org, linu...@kvack.org, maple...@lists.infradead.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address 00700000077b9b78
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[00700000077b9b78] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3186 Comm: syz-executor162 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
Hardware name: linux,dummy-virt (DT)
pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : ma_data_end lib/maple_tree.c:1419 [inline]
pc : mtree_range_walk lib/maple_tree.c:2771 [inline]
pc : mas_state_walk lib/maple_tree.c:3678 [inline]
pc : mas_walk+0x194/0x328 lib/maple_tree.c:4909
lr : lock_vma_under_rcu+0x58/0x134 mm/memory.c:5840
sp : ffff800088cabd50
x29: ffff800088cabd50 x28: f2f0000005e50000 x27: 0000000000000000
x26: 0000000000000004 x25: f7f0000005c03900 x24: 0000000082000007
x23: 0000ffff82687800 x22: 0000000000000354 x21: 0000ffff82687800
x20: 0000ffff82687800 x19: ffff800088cabeb0 x18: ff7ffffffffffbff
x17: 0000aaaadab2dc00 x16: 1e4e000000ef7371 x15: 0000000000000001
x14: ffffffffffffffff x13: 0000000000000000 x12: ffff800081e3d1e8
x11: 0000000000000001 x10: f2700000077b9b8c x9 : f2700000077b9b00
x8 : 0000ffff82687800 x7 : 0000000000000001 x6 : 000000000000000e
x5 : 0000000000000001 x4 : ffff800088cabd78 x3 : 0000aaaadab2dc00
x2 : 000000000000000e x1 : 000000000000000f x0 : f2700000077b9b08
Call trace:
ma_data_end lib/maple_tree.c:1418 [inline]
mtree_range_walk lib/maple_tree.c:2771 [inline]
mas_state_walk lib/maple_tree.c:3678 [inline]
mas_walk+0x194/0x328 lib/maple_tree.c:4909
do_page_fault+0xd4/0x480 arch/arm64/mm/fault.c:567
do_translation_fault+0xac/0xbc arch/arm64/mm/fault.c:690
do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:826
el0_ia+0xa4/0x118 arch/arm64/kernel/entry-common.c:598
el0t_64_sync_handler+0xd0/0x12c arch/arm64/kernel/entry-common.c:736
el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
Code: 91002120 51000426 92401cc2 12001cc6 (f8627802)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 91002120 add x0, x9, #0x8
4: 51000426 sub w6, w1, #0x1
8: 92401cc2 and x2, x6, #0xff
c: 12001cc6 and w6, w6, #0xff
* 10: f8627802 ldr x2, [x0, x2, lsl #3] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address 00700000077b9b78
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[00700000077b9b78] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3186 Comm: syz-executor162 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
Hardware name: linux,dummy-virt (DT)
pstate: 81400009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : ma_data_end lib/maple_tree.c:1419 [inline]
pc : mtree_range_walk lib/maple_tree.c:2771 [inline]
pc : mas_state_walk lib/maple_tree.c:3678 [inline]
pc : mas_walk+0x194/0x328 lib/maple_tree.c:4909
lr : lock_vma_under_rcu+0x58/0x134 mm/memory.c:5840
sp : ffff800088cabd50
x29: ffff800088cabd50 x28: f2f0000005e50000 x27: 0000000000000000
x26: 0000000000000004 x25: f7f0000005c03900 x24: 0000000082000007
x23: 0000ffff82687800 x22: 0000000000000354 x21: 0000ffff82687800
x20: 0000ffff82687800 x19: ffff800088cabeb0 x18: ff7ffffffffffbff
x17: 0000aaaadab2dc00 x16: 1e4e000000ef7371 x15: 0000000000000001
x14: ffffffffffffffff x13: 0000000000000000 x12: ffff800081e3d1e8
x11: 0000000000000001 x10: f2700000077b9b8c x9 : f2700000077b9b00
x8 : 0000ffff82687800 x7 : 0000000000000001 x6 : 000000000000000e
x5 : 0000000000000001 x4 : ffff800088cabd78 x3 : 0000aaaadab2dc00
x2 : 000000000000000e x1 : 000000000000000f x0 : f2700000077b9b08
Call trace:
ma_data_end lib/maple_tree.c:1418 [inline]
mtree_range_walk lib/maple_tree.c:2771 [inline]
mas_state_walk lib/maple_tree.c:3678 [inline]
mas_walk+0x194/0x328 lib/maple_tree.c:4909
do_page_fault+0xd4/0x480 arch/arm64/mm/fault.c:567
do_translation_fault+0xac/0xbc arch/arm64/mm/fault.c:690
do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:826
el0_ia+0xa4/0x118 arch/arm64/kernel/entry-common.c:598
el0t_64_sync_handler+0xd0/0x12c arch/arm64/kernel/entry-common.c:736
el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
Code: 91002120 51000426 92401cc2 12001cc6 (f8627802)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: 91002120 add x0, x9, #0x8
4: 51000426 sub w6, w1, #0x1
8: 92401cc2 and x2, x6, #0xff
c: 12001cc6 and w6, w6, #0xff
* 10: f8627802 ldr x2, [x0, x2, lsl #3] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Liam R. Howlett
Jun 4, 2024, 9:41:56 AMJun 4
to syzbot, ak...@linux-foundation.org, linux-...@vger.kernel.org, linu...@kvack.org, maple...@lists.infradead.org, syzkall...@googlegroups.com
* syzbot <syzbot+c67d06...@syzkaller.appspotmail.com> [240603 22:23]:
I'm looking into this but it's not easily recreated because I keep
hitting another but with the reproducer [1]. I tried the HEAD commit
and the more recent v6.10-rc2.
I have a decent idea of what is going on here, but need to prove the
fix.
[1] https://syzkaller.appspot.com/bug?extid=7eaa0d7b9fccf21052f1
Thanks,
Liam
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
Never a good thing.
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
I'm looking into this but it's not easily recreated because I keep
hitting another but with the reproducer [1]. I tried the HEAD commit
and the more recent v6.10-rc2.
I have a decent idea of what is going on here, but need to prove the
fix.
[1] https://syzkaller.appspot.com/bug?extid=7eaa0d7b9fccf21052f1
Thanks,
Liam
syzbot
Jun 4, 2024, 11:06:46 AMJun 4
to linux-...@vger.kernel.org, syzkall...@googlegroups.com
For archival purposes, forwarding an incoming command email to
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [maple-tree?] BUG: unable to handle kernel paging request in mas_walk
Author: liam.h...@oracle.com
linux-...@vger.kernel.org, syzkall...@googlegroups.com.
***
Subject: Re: [syzbot] [maple-tree?] BUG: unable to handle kernel paging request in mas_walk
Author: liam.h...@oracle.com
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
#syz test: git://git.infradead.org/users/jedix/linux-maple.git syz_20240603
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
syzbot
Jun 4, 2024, 11:18:06 AMJun 4
to liam.h...@oracle.com, linux-...@vger.kernel.org, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in corrupted
Unable to handle kernel paging request at virtual address 007f8000826099b8
Tested on:
commit: 63ab6007 maple_tree: Check dead node in mas_walk() whe..
git tree: git://git.infradead.org/users/jedix/linux-maple.git syz_20240603
console output: https://syzkaller.appspot.com/x/log.txt?x=14842a16980000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
BUG: unable to handle kernel paging request in corrupted
Unable to handle kernel paging request at virtual address 007f8000826099b8
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[007f8000826099b8] address between user and kernel address ranges
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
Tested on:
commit: 63ab6007 maple_tree: Check dead node in mas_walk() whe..
git tree: git://git.infradead.org/users/jedix/linux-maple.git syz_20240603
console output: https://syzkaller.appspot.com/x/log.txt?x=14842a16980000
kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Note: no patches were applied.
dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Liam R. Howlett
Jun 4, 2024, 12:42:27 PMJun 4
to syzbot, ak...@linux-foundation.org, linux-...@vger.kernel.org, linu...@kvack.org, maple...@lists.infradead.org, syzkall...@googlegroups.com
* syzbot <syzbot+c67d06...@syzkaller.appspotmail.com> [240603 22:23]:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
#sys test git://git.infradead.org/users/jedix/linux-maple.git syz_20240603
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
Liam R. Howlett
Jun 4, 2024, 2:08:50 PMJun 4
to syzbot, ak...@linux-foundation.org, linux-...@vger.kernel.org, linu...@kvack.org, maple...@lists.infradead.org, syzkall...@googlegroups.com
* syzbot <syzbot+c67d06...@syzkaller.appspotmail.com> [240603 22:23]:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
I don't think the bot is testing my forced update of the tree, so I'll
>
> syzbot found the following issue on:
>
> HEAD commit: 4a4be1ad3a6e Revert "vfs: Delete the associated dentry whe..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=128638ba980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=bd6024aedb15e15c
> dashboard link: https://syzkaller.appspot.com/bug?extid=c67d06ab25a9bc4adf35
> compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> userspace arch: arm64
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=106f71aa980000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16b4ffc6980000
>
> Downloadable assets:
> disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-4a4be1ad.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/75957361122b/vmlinux-4a4be1ad.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6c766b0ec377/Image-4a4be1ad.gz.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+c67d06...@syzkaller.appspotmail.com
>
> Unable to handle kernel paging request at virtual address 00700000077b9b78
try again.
#sys test git://git.infradead.org/users/jedix/linux-maple.git syz_20240603_v2
This is a revert a some patches - which seems to stop all the crashing
for me.
Looks to be the same as this [1] syzbot report. All seem to be related
to madvise and these patches are the last to modify the area (besides
mseal() specifically calling out madvise, but that would not cause the
issue).
The patches I revered also name arm64 as special.
[1] https://syzkaller.appspot.com/bug?extid=7eaa0d7b9fccf21052f1
Liam R. Howlett
Jun 13, 2024, 3:02:23 PM (13 days ago) Jun 13
to syzbot, ak...@linux-foundation.org, linux-...@vger.kernel.org, linu...@kvack.org, maple...@lists.infradead.org, syzkall...@googlegroups.com
* Liam R. Howlett <Liam.H...@oracle.com> [240604 14:08]:
This should be fixed in 6.10-rc3 because of the arm fix in the area I
suspected. I have no way of verifying that since the bot decided to
stop responding.
This puts us in a difficult situation of needing to jump on bot bugs for
security concerns and wasting copious amounts of time chasing our own
tails.
suspected. I have no way of verifying that since the bot decided to
stop responding.
This puts us in a difficult situation of needing to jump on bot bugs for
security concerns and wasting copious amounts of time chasing our own
tails.
Reply all
Reply to author
Forward
0 new messages