[v6.1] kernel BUG in vmf_insert_pfn
0 views
Skip to first unread message
syzbot
Feb 21, 2024, 5:19:22 AMFeb 21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 8b4118fabd6e Linux 6.1.78
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1153c734180000
kernel config: https://syzkaller.appspot.com/x/.config?x=88ef89f70d190671
dashboard link: https://syzkaller.appspot.com/bug?extid=e528195b78192cea6fdf
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/081869225fc6/disk-8b4118fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d2352caf51d2/vmlinux-8b4118fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43ad130ed88b/Image-8b4118fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e52819...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at mm/memory.c:2230!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 11690 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
pc : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
lr : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
lr : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
sp : ffff80001f4773e0
x29: ffff80001f4773e0 x28: ffff000127ead340 x27: ffff0000cd854000
x26: 0000000010000400 x25: 0000000004040475 x24: dfff800000000000
x23: 0000000000000420 x22: 0020000000000fc3 x21: 000000000010bd72
x20: ffff0000ca12da20 x19: 0000000020002000 x18: ffff80001f476f60
x17: ffff8000188c9000 x16: ffff80000825f234 x15: 0000000000000002
x14: 0000000010000400 x13: ffff000127ead340 x12: 0000000000040000
x11: 00000000000013eb x10: ffff80001e789000 x9 : ffff80000885127c
x8 : 00000000000013ec x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018b23088 x4 : 0000000000000002 x3 : ffff8000082faf98
x2 : 000000000010bd72 x1 : 0000000000000420 x0 : 0000000000000420
Call trace:
vmf_insert_pfn_prot mm/memory.c:2230 [inline]
vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
drm_gem_shmem_fault+0x1ac/0x21c drivers/gpu/drm/drm_gem_shmem_helper.c:562
__do_fault+0x11c/0x3d8 mm/memory.c:4241
do_read_fault mm/memory.c:4592 [inline]
do_fault mm/memory.c:4721 [inline]
handle_pte_fault mm/memory.c:4993 [inline]
__handle_mm_fault mm/memory.c:5135 [inline]
handle_mm_fault+0x1f90/0x3ef0 mm/memory.c:5256
__do_page_fault arch/arm64/mm/fault.c:499 [inline]
do_page_fault+0x330/0x890 arch/arm64/mm/fault.c:583
do_translation_fault+0x94/0xc8 arch/arm64/mm/fault.c:667
do_mem_abort+0x74/0x200 arch/arm64/mm/fault.c:803
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:580
__arch_copy_from_user+0x94/0x230 arch/arm64/lib/copy_template.S:91
fb_ioctl+0xec/0x134 drivers/video/fbdev/core/fbmem.c:1204
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: d4210000 97f29ead d4210000 97f29eab (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 8b4118fabd6e Linux 6.1.78
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1153c734180000
kernel config: https://syzkaller.appspot.com/x/.config?x=88ef89f70d190671
dashboard link: https://syzkaller.appspot.com/bug?extid=e528195b78192cea6fdf
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/081869225fc6/disk-8b4118fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d2352caf51d2/vmlinux-8b4118fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43ad130ed88b/Image-8b4118fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e52819...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at mm/memory.c:2230!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 11690 Comm: syz-executor.4 Not tainted 6.1.78-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
pc : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
lr : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
lr : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
sp : ffff80001f4773e0
x29: ffff80001f4773e0 x28: ffff000127ead340 x27: ffff0000cd854000
x26: 0000000010000400 x25: 0000000004040475 x24: dfff800000000000
x23: 0000000000000420 x22: 0020000000000fc3 x21: 000000000010bd72
x20: ffff0000ca12da20 x19: 0000000020002000 x18: ffff80001f476f60
x17: ffff8000188c9000 x16: ffff80000825f234 x15: 0000000000000002
x14: 0000000010000400 x13: ffff000127ead340 x12: 0000000000040000
x11: 00000000000013eb x10: ffff80001e789000 x9 : ffff80000885127c
x8 : 00000000000013ec x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800018b23088 x4 : 0000000000000002 x3 : ffff8000082faf98
x2 : 000000000010bd72 x1 : 0000000000000420 x0 : 0000000000000420
Call trace:
vmf_insert_pfn_prot mm/memory.c:2230 [inline]
vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
drm_gem_shmem_fault+0x1ac/0x21c drivers/gpu/drm/drm_gem_shmem_helper.c:562
__do_fault+0x11c/0x3d8 mm/memory.c:4241
do_read_fault mm/memory.c:4592 [inline]
do_fault mm/memory.c:4721 [inline]
handle_pte_fault mm/memory.c:4993 [inline]
__handle_mm_fault mm/memory.c:5135 [inline]
handle_mm_fault+0x1f90/0x3ef0 mm/memory.c:5256
__do_page_fault arch/arm64/mm/fault.c:499 [inline]
do_page_fault+0x330/0x890 arch/arm64/mm/fault.c:583
do_translation_fault+0x94/0xc8 arch/arm64/mm/fault.c:667
do_mem_abort+0x74/0x200 arch/arm64/mm/fault.c:803
el1_abort+0x3c/0x5c arch/arm64/kernel/entry-common.c:367
el1h_64_sync_handler+0x60/0xac arch/arm64/kernel/entry-common.c:427
el1h_64_sync+0x64/0x68 arch/arm64/kernel/entry.S:580
__arch_copy_from_user+0x94/0x230 arch/arm64/lib/copy_template.S:91
fb_ioctl+0xec/0x134 drivers/video/fbdev/core/fbmem.c:1204
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:870 [inline]
__se_sys_ioctl fs/ioctl.c:856 [inline]
__arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:856
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: d4210000 97f29ead d4210000 97f29eab (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Feb 21, 2024, 6:32:22 AMFeb 21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 8b4118fabd6e Linux 6.1.78
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14962752180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108edb0c180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/081869225fc6/disk-8b4118fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d2352caf51d2/vmlinux-8b4118fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43ad130ed88b/Image-8b4118fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e52819...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at mm/memory.c:2230!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4222 Comm: syz-executor155 Not tainted 6.1.78-syzkaller #0
x29: ffff80001dc473e0 x28: ffff0000d5ac3780 x27: ffff0000cded8000
x20: ffff0000ca5fe1b0 x19: 0000000020002000 x18: ffff80001dc46f60
x17: ffff8000188c9000 x16: ffff80000825f234 x15: 0000000000000000
x14: 0000000010000400 x13: ffff0000d5ac3780 x12: 0000000000ff0100
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff80000885127c
x8 : ffff0000d5ac3780 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff8000189f4938 x4 : 0000000000000002 x3 : ffff8000082faf98
x2 : 000000000010d205 x1 : 0000000000000420 x0 : 0000000000000420
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
HEAD commit: 8b4118fabd6e Linux 6.1.78
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=88ef89f70d190671
dashboard link: https://syzkaller.appspot.com/bug?extid=e528195b78192cea6fdf
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17c2a09c180000
dashboard link: https://syzkaller.appspot.com/bug?extid=e528195b78192cea6fdf
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=108edb0c180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/081869225fc6/disk-8b4118fa.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/d2352caf51d2/vmlinux-8b4118fa.xz
kernel image: https://storage.googleapis.com/syzbot-assets/43ad130ed88b/Image-8b4118fa.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+e52819...@syzkaller.appspotmail.com
------------[ cut here ]------------
kernel BUG at mm/memory.c:2230!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
pc : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
lr : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
lr : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
sp : ffff80001dc473e0
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
pc : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
lr : vmf_insert_pfn_prot mm/memory.c:2230 [inline]
lr : vmf_insert_pfn+0x1a0/0x1ac mm/memory.c:2269
x29: ffff80001dc473e0 x28: ffff0000d5ac3780 x27: ffff0000cded8000
x26: 0000000010000400 x25: 0000000004040475 x24: dfff800000000000
x23: 0000000000000420 x22: 0020000000000fc3 x21: 000000000010d205
x20: ffff0000ca5fe1b0 x19: 0000000020002000 x18: ffff80001dc46f60
x17: ffff8000188c9000 x16: ffff80000825f234 x15: 0000000000000000
x14: 0000000010000400 x13: ffff0000d5ac3780 x12: 0000000000ff0100
x11: 0000000000ff0100 x10: 0000000000000000 x9 : ffff80000885127c
x8 : ffff0000d5ac3780 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff8000189f4938 x4 : 0000000000000002 x3 : ffff8000082faf98
x2 : 000000000010d205 x1 : 0000000000000420 x0 : 0000000000000420
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
Reply all
Reply to author
Forward
0 new messages