syzbot

 sign-in | mailing list | source | docs
🐞 Open [133] 🐞 Fixed [1] 🐞 Invalid [44] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

kernel BUG in mmap_region

Status: upstream: reported C repro on 2023/06/11 16:08
Bug presence: origin:downstream
[Documentation on labels]
Reported-by: syzbot+af3fbbcc17d7f34395be@syzkaller.appspotmail.com
First crash: 383d, last: 25d
Cause bisection: introduced by (bisect log) :
commit 2f5f352e6ab38f361d615b0ca691ccc69d094818
Author: Liam R. Howlett <Liam.Howlett@oracle.com>
Date: Thu May 18 14:55:44 2023 +0000

  FROMGIT: BACKPORT: mm: avoid rewalk in mmap_region

Crash: kernel BUG in mmap_region (log)
Repro: C syz .config
  
Bug presence (3)
Date Name Commit Repro Result
2023/09/28 android14-6.1 (ToT) c240f4ed0054 C [report] kernel BUG in mmap_region
2023/09/28 lts (merge base) b1644a0031cf C Didn't crash
2023/09/28 upstream (ToT) 633b47cb009d C Didn't crash
Last patch testing requests (9)
Created Duration User Patch Repo Result
2024/06/03 18:52 19m retest repro android14-6.1 report log
2024/06/03 18:52 5m retest repro android14-6.1 report log
2024/04/15 12:50 1h50m retest repro android14-6.1 report log
2024/03/23 23:24 9m retest repro android14-6.1 report log
2024/03/23 23:24 9m retest repro android14-6.1 report log
2024/02/05 10:56 7m retest repro android14-6.1 report log
2023/12/22 00:28 13m retest repro android14-6.1 report log
2023/12/07 23:51 25m retest repro android14-6.1 report log
2023/10/12 13:08 23m retest repro android14-6.1 report log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2024/05/20 17:50 39m bisect fix android14-6.1 OK (0) job log log

Sample crash report:
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd5da6aee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007ffd5da6af10 RCX: 00007faada411d39
RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020ffd000
RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000008000000
R10: 0000000000000011 R11: 0000000000000246 R12: 00007ffd5da6af0c
R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
 </TASK>
------------[ cut here ]------------
kernel BUG at mm/mmap.c:2815!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 309 Comm: syz-executor189 Not tainted 6.1.57-syzkaller-00029-g899194d7e909 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:mmap_region+0x225e/0x2390 mm/mmap.c:2815
Code: 03 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 1e fc ff ff 48 89 df e8 83 62 09 00 e9 11 fc ff ff e8 79 bf c2 ff 0f 0b e8 72 bf c2 ff <0f> 0b 65 8b 05 79 9b 4f 7e 41 89 c6 4c 89 f0 48 c1 e8 06 48 8d 3c
RSP: 0018:ffffc90000e27a40 EFLAGS: 00010293
RAX: ffffffff81b275de RBX: 0000000020ffefff RCX: ffff88811b238000
RDX: 0000000000000000 RSI: 0000000020ffefff RDI: 0000000020fff000
RBP: ffffc90000e27c50 R08: ffffffff81b26221 R09: ffffffff84ee3d13
R10: 0000000000000003 R11: ffff88811b238000 R12: ffffc90000e27ba8
R13: dffffc0000000000 R14: 0000000020ffd000 R15: 0000000020fff000
FS:  0000555556186380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007faada471885 CR3: 000000012167b000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 do_mmap+0x853/0xe30 mm/mmap.c:1459
 vm_mmap_pgoff+0x208/0x430 mm/util.c:525
 ksys_mmap_pgoff+0x15d/0x1e0 mm/mmap.c:1505
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:93 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:86 [inline]
 __x64_sys_mmap+0x103/0x120 arch/x86/kernel/sys_x86_64.c:86
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7faada411d39
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd5da6aee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 00007ffd5da6af10 RCX: 00007faada411d39
RDX: 0000000000000000 RSI: 0000000000002000 RDI: 0000000020ffd000
RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000008000000
R10: 0000000000000011 R11: 0000000000000246 R12: 00007ffd5da6af0c
R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:mmap_region+0x225e/0x2390 mm/mmap.c:2815
Code: 03 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 1e fc ff ff 48 89 df e8 83 62 09 00 e9 11 fc ff ff e8 79 bf c2 ff 0f 0b e8 72 bf c2 ff <0f> 0b 65 8b 05 79 9b 4f 7e 41 89 c6 4c 89 f0 48 c1 e8 06 48 8d 3c
RSP: 0018:ffffc90000e27a40 EFLAGS: 00010293
RAX: ffffffff81b275de RBX: 0000000020ffefff RCX: ffff88811b238000
RDX: 0000000000000000 RSI: 0000000020ffefff RDI: 0000000020fff000
RBP: ffffc90000e27c50 R08: ffffffff81b26221 R09: ffffffff84ee3d13
R10: 0000000000000003 R11: ffff88811b238000 R12: ffffc90000e27ba8
R13: dffffc0000000000 R14: 0000000020ffd000 R15: 0000000020fff000
FS:  0000555556186380(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007faada471885 CR3: 000000012167b000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	28 00                	sub    %al,(%rax)
   2:	00 00                	add    %al,(%rax)
   4:	75 05                	jne    0xb
   6:	48 83 c4 28          	add    $0x28,%rsp
   a:	c3                   	ret
   b:	e8 c1 17 00 00       	call   0x17d1
  10:	90                   	nop
  11:	48 89 f8             	mov    %rdi,%rax
  14:	48 89 f7             	mov    %rsi,%rdi
  17:	48 89 d6             	mov    %rdx,%rsi
  1a:	48 89 ca             	mov    %rcx,%rdx
  1d:	4d 89 c2             	mov    %r8,%r10
  20:	4d 89 c8             	mov    %r9,%r8
  23:	4c 8b 4c 24 08       	mov    0x8(%rsp),%r9
  28:	0f 05                	syscall
* 2a:	48 3d 01 f0 ff ff    	cmp    $0xfffffffffffff001,%rax <-- trapping instruction
  30:	73 01                	jae    0x33
  32:	c3                   	ret
  33:	48 c7 c1 b8 ff ff ff 	mov    $0xffffffffffffffb8,%rcx
  3a:	f7 d8                	neg    %eax
  3c:	64 89 01             	mov    %eax,%fs:(%rcx)
  3f:	48                   	rex.W

Crashes (31):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/01/18 18:08 android14-6.1 899194d7e909 239abf84 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/09/28 11:04 android14-6.1 c240f4ed0054 c2ab1e5d .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/06/11 15:57 android14-6.1 7641ff0a300a 49519f06 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/03/09 23:18 android14-6.1 5f66e7c904ee 6ee49f2e .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/03/02 14:12 android14-6.1 09ca5740fbbe 25905f5d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/02/27 02:11 android14-6.1 c622e98ddc8e da36a36b .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/02/25 00:49 android14-6.1 8c0f9174731d 8d446f15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/02/18 13:30 android14-6.1 92432f07d663 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/01/20 23:41 android14-6.1 aba5a3fe094e 9bd8dcda .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/01/19 10:17 android14-6.1 cfe8cce4e8a1 21772ce4 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2024/01/18 17:55 android14-6.1 899194d7e909 239abf84 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/11/23 23:38 android14-6.1 95307ec5c864 5b429f39 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/11/18 05:07 android14-6.1 1b639e97b8fc cb976f63 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/10/30 21:25 android14-6.1 9e4f6e1ef8ce b5729d82 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/10/20 07:23 android14-6.1 7e1cb3bdec3c a42250d2 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/10/19 19:52 android14-6.1 f82e0808101f 42e1d524 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/10/15 12:20 android14-6.1 acb072863888 f757a323 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/09/28 10:53 android14-6.1 c240f4ed0054 c2ab1e5d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/09/17 01:03 android14-6.1 d3212c2dbaba 0b6a67ac .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/09/12 15:00 android14-6.1 2eb5b31ac1e3 59da8366 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/08/30 03:44 android14-6.1 e0c4636bd239 ce731e62 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/08/28 06:33 android14-6.1 5ef132d5643b 7ba13a15 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/08/19 20:54 android14-6.1 c2611a04b92f d216d8a0 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/07/20 07:04 android14-6.1 4a207efbe0b5 4547cdf9 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/07/16 04:39 android14-6.1 f6707f352b54 35d9ecc5 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/07/11 23:19 android14-6.1 f3c6324daa33 2f19aa4f .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/07/04 22:05 android14-6.1 39385f756876 f99c2404 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/06/29 00:17 android14-6.1 251aa28d1640 ca69c785 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/06/18 07:24 android14-6.1 35fe0d393f80 f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/06/17 23:43 android14-6.1 35fe0d393f80 f3921d4d .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
2023/06/11 15:45 android14-6.1 7641ff0a300a 49519f06 .config console log report info [disk image] [vmlinux] [kernel image] ci2-android-6-1 kernel BUG in mmap_region
* Struck through repros no longer work on HEAD.