syzbot

 sign-in | mailing list | source | docs
🐞 Open [1672]
Subsystems
🐞 Fixed [6088]
🐞 Invalid [15143]
Missing Backports [162]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: unable to handle kernel paging request in __virt_addr_valid

Status: moderation: reported on 2025/03/04 07:51
Subsystems: ntfs3
[Documentation on labels]
Reported-by: syzbot+88ed29a7844c5c1aa421@syzkaller.appspotmail.com
First crash: 11d, last: 11d

Sample crash report:
loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
BUG: unable to handle page fault for address: ffffffff816eb1fa
#PF: supervisor write access in kernel mode
#PF: error_code(0x0003) - permissions violation
PGD e93c067 P4D e93c067 PUD e93d063 PMD 16001a1 
Oops: Oops: 0003 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.14.0-rc4-syzkaller-00169-g1e15510b71c9 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:rcu_read_unlock_sched include/linux/rcupdate.h:964 [inline]
RIP: 0010:pfn_valid include/linux/mmzone.h:2077 [inline]
RIP: 0010:__virt_addr_valid+0x4e5/0x530 arch/x86/mm/physaddr.c:65
Code: 53 00 31 c0 eb a3 e8 ea 0c 53 00 e9 fe fb ff ff e8 e0 0c 53 00 e8 3b 8c bb ff 48 89 e0 31 db eb 0d e8 cf 0c 53 00 e8 2a 8c bb <ff> 48 89 e0 48 89 c4 e9 65 ff ff ff 48 c7 c1 81 d7 3c 90 80 e1 07
RSP: 0018:ffffc9000d45f668 EFLAGS: 00010246
RAX: ffffffff816eb271 RBX: 0000000000000001 RCX: 0000000000100000
RDX: ffffc9000e342000 RSI: 0000000000007562 RDI: 0000000000007563
RBP: 0000000000000000 R08: ffffffff816eb1d9 R09: 1ffffffff2079dae
R10: dffffc0000000000 R11: fffffbfff2079daf R12: 000000004515b798
R13: 1ffff92001a8bee4 R14: ffffffff816eaf13 R15: ffff88802fffa640
FS:  00007fd7595606c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff816eb1fa CR3: 0000000043198000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 kasan_addr_to_slab+0xd/0x80 mm/kasan/common.c:37
 kasan_record_aux_stack+0xf/0xc0 mm/kasan/generic.c:533
 __call_rcu_common kernel/rcu/tree.c:3065 [inline]
 call_rcu+0x168/0xac0 kernel/rcu/tree.c:3172
 destroy_inode fs/inode.c:391 [inline]
 evict+0x836/0x9a0 fs/inode.c:827
 ntfs_fill_super+0x3e15/0x4720 fs/ntfs3/super.c:1472
 get_tree_bdev_flags+0x48c/0x5c0 fs/super.c:1636
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3560
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd75878e90a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd75955fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fd75955fef0 RCX: 00007fd75878e90a
RDX: 0000400000000000 RSI: 000040000001f380 RDI: 00007fd75955feb0
RBP: 0000400000000000 R08: 00007fd75955fef0 R09: 0000000000004800
R10: 0000000000004800 R11: 0000000000000246 R12: 000040000001f380
R13: 00007fd75955feb0 R14: 000000000001f356 R15: 0000400000000080
 </TASK>
Modules linked in:
CR2: ffffffff816eb1fa
---[ end trace 0000000000000000 ]---
RIP: 0010:rcu_read_unlock_sched include/linux/rcupdate.h:964 [inline]
RIP: 0010:pfn_valid include/linux/mmzone.h:2077 [inline]
RIP: 0010:__virt_addr_valid+0x4e5/0x530 arch/x86/mm/physaddr.c:65
Code: 53 00 31 c0 eb a3 e8 ea 0c 53 00 e9 fe fb ff ff e8 e0 0c 53 00 e8 3b 8c bb ff 48 89 e0 31 db eb 0d e8 cf 0c 53 00 e8 2a 8c bb <ff> 48 89 e0 48 89 c4 e9 65 ff ff ff 48 c7 c1 81 d7 3c 90 80 e1 07
RSP: 0018:ffffc9000d45f668 EFLAGS: 00010246
RAX: ffffffff816eb271 RBX: 0000000000000001 RCX: 0000000000100000
RDX: ffffc9000e342000 RSI: 0000000000007562 RDI: 0000000000007563
RBP: 0000000000000000 R08: ffffffff816eb1d9 R09: 1ffffffff2079dae
R10: dffffc0000000000 R11: fffffbfff2079daf R12: 000000004515b798
R13: 1ffff92001a8bee4 R14: ffffffff816eaf13 R15: ffff88802fffa640
FS:  00007fd7595606c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff816eb1fa CR3: 0000000043198000 CR4: 0000000000352ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/02/28 07:45 upstream 1e15510b71c9 6a8fcbc4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root BUG: unable to handle kernel paging request in __virt_addr_valid
* Struck through repros no longer work on HEAD.