syzbot


BUG: unable to handle kernel paging request in __switch_to

Status: fixed on 2018/01/03 02:35
Subsystems: kernel
[Documentation on labels]
Reported-by: syzbot+1f445b1009b8eeededa30fe62ccf685f2ec9d155@syzkaller.appspotmail.com
Fix commit: 7fb983b4dd56 x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
First crash: 2502d, last: 2502d
Duplicate bugs (10)
duplicates (10):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
BUG: unable to handle kernel paging request in lock_release kernel 113 2495d 2498d 0/28 closed as dup on 2017/12/19 12:17
BUG: unable to handle kernel paging request in __get_user_4 net 8 2498d 2498d 0/28 closed as dup on 2017/12/19 12:16
BUG: unable to handle kernel paging request in ttwu_do_wakeup kernel 6 2499d 2498d 0/28 closed as dup on 2017/12/19 12:15
BUG: unable to handle kernel paging request in lock_acquire kernel 178 2494d 2498d 0/28 closed as dup on 2017/12/19 12:17
BUG: unable to handle kernel paging request in wait_lapic_expire kvm 2 2502d 2498d 0/28 closed as dup on 2017/12/19 12:14
BUG: unable to handle kernel paging request in copy_user_handle_tail kernel 7 2495d 2498d 0/28 closed as dup on 2017/12/19 12:17
BUG: unable to handle kernel paging request in do_futex kernel 1 2501d 2501d 0/28 closed as dup on 2017/12/19 12:13
BUG: unable to handle kernel paging request in delayed_put_task_struct trace 1 2503d 2498d 0/28 closed as dup on 2017/12/19 12:15
BUG: unable to handle kernel paging request in try_to_wake_up kernel 1 2502d 2498d 0/28 closed as dup on 2017/12/19 12:14
BUG: unable to handle kernel paging request in kvm_cpu_has_pending_timer kvm 2 2498d 2497d 0/28 closed as dup on 2017/12/19 12:13

Sample crash report:
*** Guest State ***
BUG: unable to handle kernel paging request at fffffffffffffff8
IP: switch_fpu_prepare arch/x86/include/asm/fpu/internal.h:535 [inline]
IP: __switch_to+0x95b/0x1330 arch/x86/kernel/process_64.c:407
PGD 5e28067 P4D 5e28067 PUD 5e2a067 PMD 0 
Oops: 0002 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4355 Comm: syz-executor1 Not tainted 4.15.0-rc1-next-20171129+ #55
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8801cf1e80c0 task.stack: ffff8801d03a8000
RIP: 0010:switch_fpu_prepare arch/x86/include/asm/fpu/internal.h:535 [inline]
RIP: 0010:__switch_to+0x95b/0x1330 arch/x86/kernel/process_64.c:407
RSP: 0018:ffff8801cb867468 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801cc0b8500 RCX: ffff8801cc0b9a00
RDX: 1ffff10039e3d2d0 RSI: 0000000000000000 RDI: ffff8801cf1e96c0
RBP: ffff8801cb867628 R08: ffff8801db427918 R09: 1ffff1003a075dfe
R10: ffff8801cf1e80c0 R11: 0000000000000003 R12: ffff8801cf1e80c0
R13: ffff8801cf1e96c0 R14: ffff8801cf1e9680 R15: ffff8801cf1e95c0
FS:  00007f16e6ea0700(0000) GS:ffff8801db400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff8 CR3: 00000001cc778000 CR4: 00000000001426f0
Call Trace:
Code: b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e d5 06 00 00 8b 85 70 fe ff ff 41 89 84 24 c0 15 00 00 <cc> 1f 44 00 00 65 8b 05 99 01 dc 7e 89 c0 48 0f a3 05 df 97 39 
RIP: switch_fpu_prepare arch/x86/include/asm/fpu/internal.h:535 [inline] RSP: ffff8801cb867468
RIP: __switch_to+0x95b/0x1330 arch/x86/kernel/process_64.c:407 RSP: ffff8801cb867468
CR2: fffffffffffffff8
---[ end trace 6254ce9c3b92dfb6 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2017/11/29 15:49 linux-next d127129e85a0 29b0fd90 .config console log report ci-upstream-next-kasan-gce
* Struck through repros no longer work on HEAD.