syzbot


BUG: unable to handle kernel paging request in do_mount

Status: upstream: reported C repro on 2022/05/16 12:59
Subsystems: vfs
[Documentation on labels]
Reported-by: syzbot+73d624a1519a6b17fbf5@syzkaller.appspotmail.com
First crash: 767d, last: 476d
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in do_mount fs C 194 2063d 2101d 12/27 fixed on 2019/05/20 19:44
Fix bisection attempts (2)
Created Duration User Patch Repo Result
2023/03/03 11:32 25m bisect fix linux-4.14.y job log (0) log
2022/10/28 02:08 26m bisect fix linux-4.14.y job log (0) log

Sample crash report:
RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 00007ffe094a0170 R08: 00007ffe094a0050 R09: 0000000000000002
R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000002
R13: 00000000000f4240 R14: 00007ffe094a01b4 R15: 00007ffe094a01c0
BUG: unable to handle kernel paging request at fffffffffffffffc
IP: do_new_mount fs/namespace.c:2577 [inline]
IP: do_mount+0x1ef2/0x2a30 fs/namespace.c:2905
PGD 8e6b067 P4D 8e6b067 PUD 8e6d067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 8040 Comm: syz-executor219 Not tainted 4.14.302-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
task: ffff8880b32e8240 task.stack: ffff888095b50000
RIP: 0010:do_new_mount fs/namespace.c:2577 [inline]
RIP: 0010:do_mount+0x1ef2/0x2a30 fs/namespace.c:2905
RSP: 0018:ffff888095b57d90 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: 00000000fffffff4 RCX: 0000000000000000
RDX: 1fffffffffffffff RSI: ffffffff87cd1200 RDI: fffffffffffffffc
RBP: fffffffffffffff4 R08: ffffffff8ba437cc R09: 0000000000000001
R10: 0000000000000000 R11: ffff8880b32e8240 R12: ffff8880aab33e28
R13: ffffffff891eab60 R14: 0000000000000000 R15: 0000000000000060
FS:  00005555559a93c0(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffffc CR3: 000000009ed6f000 CR4: 00000000003406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 SYSC_mount fs/namespace.c:3121 [inline]
 SyS_mount+0xa8/0x120 fs/namespace.c:3098
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x5e/0xd3
RIP: 0033:0x7fbf382da47a
RSP: 002b:00007ffe094a0048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffe094a0050 RCX: 00007fbf382da47a
RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 00007ffe094a0170 R08: 00007ffe094a0050 R09: 0000000000000002
R10: 0000000000000081 R11: 0000000000000246 R12: 0000000000000002
R13: 00000000000f4240 R14: 00007ffe094a01b4 R15: 00007ffe094a01c0
Code: c6 ff 48 89 ef 48 63 eb e8 7c 61 ff ff 48 8d 7d 08 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 80 3c 02 00 0f 85 4b 08 00 00 <48> 8b 5d 08 e8 35 ab c6 ff 48 8d 7b 70 e8 ec 41 b2 ff 4c 89 ef 
RIP: do_new_mount fs/namespace.c:2577 [inline] RSP: ffff888095b57d90
RIP: do_mount+0x1ef2/0x2a30 fs/namespace.c:2905 RSP: ffff888095b57d90
CR2: fffffffffffffffc
---[ end trace cb57e5529951600b ]---
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	ff 48 89             	decl   -0x77(%rax)
   3:	ef                   	out    %eax,(%dx)
   4:	48 63 eb             	movslq %ebx,%rbp
   7:	e8 7c 61 ff ff       	callq  0xffff6188
   c:	48 8d 7d 08          	lea    0x8(%rbp),%rdi
  10:	b8 ff ff 37 00       	mov    $0x37ffff,%eax
  15:	48 89 fa             	mov    %rdi,%rdx
  18:	48 c1 e0 2a          	shl    $0x2a,%rax
  1c:	48 c1 ea 03          	shr    $0x3,%rdx
  20:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  24:	0f 85 4b 08 00 00    	jne    0x875
* 2a:	48 8b 5d 08          	mov    0x8(%rbp),%rbx <-- trapping instruction
  2e:	e8 35 ab c6 ff       	callq  0xffc6ab68
  33:	48 8d 7b 70          	lea    0x70(%rbx),%rdi
  37:	e8 ec 41 b2 ff       	callq  0xffb24228
  3c:	4c 89 ef             	mov    %r13,%rdi

Crashes (21):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/01/12 18:56 linux-4.14.y c4215ee4771b 96166539 .config console log report syz C [disk image] [vmlinux] [kernel image] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/08/31 22:46 linux-4.14.y e548869f356f 51e54e30 .config console log report syz C [disk image] [vmlinux] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/05/16 13:47 linux-4.14.y 690285a9380d 744a39e2 .config console log report syz C ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2023/02/01 08:20 linux-4.14.y 3949d1610004 b68fb8d6 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2023/01/22 07:41 linux-4.14.y 97205fccccdc cc0f9968 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2023/01/15 22:46 linux-4.14.y c4215ee4771b a63719e7 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2023/01/12 17:44 linux-4.14.y c4215ee4771b 96166539 .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/10/31 23:54 linux-4.14.y 41f36d7859a7 2a71366b .config console log report info [disk image] [vmlinux] [kernel image] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/09/22 11:33 linux-4.14.y 4edbf74132a4 60af5050 .config console log report info [disk image] [vmlinux] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/09/18 15:05 linux-4.14.y 5df8b4735177 dd9a85ff .config console log report info [disk image] [vmlinux] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/09/18 08:56 linux-4.14.y 5df8b4735177 dd9a85ff .config console log report info [disk image] [vmlinux] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/09/11 15:07 linux-4.14.y 65640c873dcf 356d8217 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/08/31 21:54 linux-4.14.y e548869f356f 51e54e30 .config console log report info [disk image] [vmlinux] ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/08/18 05:11 linux-4.14.y b641242202ed a9409d47 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/07/30 13:24 linux-4.14.y b641242202ed fef302b1 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/07/25 03:07 linux-4.14.y 9c3bf9cf362f 22343af4 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/07/14 13:01 linux-4.14.y 424a46ea058e 5d921b08 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/07/03 10:58 linux-4.14.y ed2e96e11936 1434eec0 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/06/15 10:49 linux-4.14.y 1ccc597f801c 127d1faf .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/05/20 08:33 linux-4.14.y dffb5c6ff09c cb1ac2e7 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
2022/05/16 12:58 linux-4.14.y 690285a9380d 744a39e2 .config console log report info ci2-linux-4-14 BUG: unable to handle kernel paging request in do_mount
* Struck through repros no longer work on HEAD.