syzbot


general protection fault in __pte_offset_map_lock

Status: upstream: reported C repro on 2024/05/05 18:37
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+f96e045d95fe10c0e800@syzkaller.appspotmail.com
First crash: 51d, last: 1d12h
Cause bisection: introduced by (bisect log) :
commit 1d65b771bc08cd054cf6d3766a72e113dc46d62f
Author: Hugh Dickins <hughd@google.com>
Date: Wed Jul 12 04:41:04 2023 +0000

  mm/khugepaged: retract_page_tables() without mmap or vma lock

Crash: BUG: unable to handle kernel NULL pointer dereference in __pte_offset_map_lock (log)
Repro: syz .config
  
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] [mm?] general protection fault in __pte_offset_map_lock 0 (2) 2024/05/09 05:56
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in __pte_offset_map_lock mm C 2 229d 239d 25/27 fixed on 2024/01/20 21:18
Last patch testing requests (1)
Created Duration User Patch Repo Result
2024/06/14 03:02 20m retest repro upstream report log

Sample crash report:
Unable to handle kernel paging request at virtual address ffff7fbff7e00005
KASAN: probably wild-memory-access in range [0xfffffdffbf000028-0xfffffdffbf00002f]
Mem abort info:
  ESR = 0x0000000096000007
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x07: level 3 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000001ad5bd000
[ffff7fbff7e00005] pgd=0000000000000000, p4d=1000000233f68003, pud=1000000233f67003, pmd=1000000233f66003, pte=0000000000000000
Internal error: Oops: 0000000096000007 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 9675 Comm: syz-executor299 Not tainted 6.9.0-rc4-syzkaller-g6a71d2909427 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 80401005 (Nzcv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : ptlock_ptr include/linux/mm.h:2889 [inline]
pc : pte_lockptr include/linux/mm.h:2913 [inline]
pc : __pte_offset_map_lock+0x15c/0x2ac mm/pgtable-generic.c:372
lr : __pte_offset_map_lock+0xe0/0x2ac
sp : ffff80009ff26ea0
x29: ffff80009ff26f60 x28: fffeffffc0000000 x27: 0000000020e00000
x26: fffffdffbf000028 x25: ffff700013fe4ddc x24: ffff80009ff26f00
x23: 1ffff00013fe4de4 x22: ffff80009ff26f20 x21: ffff0000d0854838
x20: dfff800000000000 x19: 0000000000000000 x18: 1fffe00018c6a29c
x17: ffff80008ee7d000 x16: ffff80008ae725bc x15: 0000000000000002
x14: ffff80008ee80668 x13: dfff800000000000 x12: 00000000afeb9c68
x11: 1fffe0001a10a907 x10: ffffc1ffc0000000 x9 : 0000000000000000
x8 : 1fffffbff7e00005 x7 : ffff800080952aac x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002
x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff80008e8179a0
Call trace:
 ptlock_ptr include/linux/mm.h:2889 [inline]
 pte_lockptr include/linux/mm.h:2913 [inline]
 __pte_offset_map_lock+0x15c/0x2ac mm/pgtable-generic.c:372
 pte_offset_map_lock include/linux/mm.h:2978 [inline]
 zap_pte_range mm/memory.c:1584 [inline]
 zap_pmd_range mm/memory.c:1722 [inline]
 zap_pud_range mm/memory.c:1751 [inline]
 zap_p4d_range mm/memory.c:1772 [inline]
 unmap_page_range+0x8a8/0x2f5c mm/memory.c:1793
 unmap_single_vma mm/memory.c:1839 [inline]
 unmap_vmas+0x378/0x598 mm/memory.c:1883
 exit_mmap+0x214/0xd74 mm/mmap.c:3267
 __mmput+0xec/0x390 kernel/fork.c:1345
 mmput+0x70/0xac kernel/fork.c:1367
 exit_mm+0x148/0x210 kernel/exit.c:569
 do_exit+0x468/0x1ac8 kernel/exit.c:865
 do_group_exit+0x194/0x22c kernel/exit.c:1027
 get_signal+0x1414/0x1530 kernel/signal.c:2911
 do_signal+0x238/0x3e8c arch/arm64/kernel/signal.c:1308
 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148
 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
 exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
 el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713
 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598
Code: aa09a908 8b481b48 9100a11a d343ff48 (38746908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	aa09a908 	orr	x8, x8, x9, lsl #42
   4:	8b481b48 	add	x8, x26, x8, lsr #6
   8:	9100a11a 	add	x26, x8, #0x28
   c:	d343ff48 	lsr	x8, x26, #3
* 10:	38746908 	ldrb	w8, [x8, x20] <-- trapping instruction

Crashes (58):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/05/03 15:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 375d4445 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __pte_offset_map_lock
2024/05/03 20:14 upstream f03359bca01b 375d4445 .config strace log report syz [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __pte_offset_map_lock
2024/05/03 04:55 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 ddfc15a1 .config console log report syz [disk image] [vmlinux] [kernel image] [mounted in repro] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __pte_offset_map_lock
2024/06/20 14:06 upstream 2ccbdf43d5e7 dac2aa43 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/19 11:15 upstream 2ccbdf43d5e7 41b7e219 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/06/19 09:25 upstream 2ccbdf43d5e7 41b7e219 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/18 15:34 upstream 2ccbdf43d5e7 639d6cdf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/17 09:25 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/15 21:56 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/15 21:54 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/15 21:53 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/15 21:45 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/15 21:45 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/06/15 21:25 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/06/15 21:03 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/06/15 20:50 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/06/15 20:45 upstream 2ccbdf43d5e7 f429ab00 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/05/29 07:33 upstream e0cce98fe279 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __pte_offset_map_lock
2024/05/28 12:31 upstream 2bfcfd584ff5 f550015e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/23 22:06 upstream 8f6a15f095a6 8f98448e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/21 17:52 upstream 8f6a15f095a6 1014eca7 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/05/18 15:49 upstream 4b377b4868ef c0f1611a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in __pte_offset_map_lock
2024/05/16 12:28 upstream 3c999d1ae3c7 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/16 12:10 upstream 3c999d1ae3c7 ef5d53ed .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __pte_offset_map_lock
2024/05/15 16:53 upstream 1b294a1f3561 0b3dad46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/14 17:54 upstream a5131c3fdf26 fdb4c10c .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __pte_offset_map_lock
2024/05/12 03:37 upstream cf87f46fd34d 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/11 22:04 upstream cf87f46fd34d 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in __pte_offset_map_lock
2024/05/11 16:36 upstream cf87f46fd34d 9026e142 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __pte_offset_map_lock
2024/05/10 13:52 upstream 448b3fe5a0ea f7c35481 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/05/10 06:01 upstream 448b3fe5a0ea de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce general protection fault in __pte_offset_map_lock
2024/05/09 21:45 upstream 45db3ab70092 de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/09 20:45 upstream 45db3ab70092 de979bc2 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/05/08 20:16 upstream 6d7ddd805123 4cf3f9b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/05 23:32 upstream b9158815de52 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/04 14:50 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root general protection fault in __pte_offset_map_lock
2024/05/04 14:10 upstream 7367539ad4b0 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/04 06:31 upstream 3d25a941ea50 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-badwrites-root general protection fault in __pte_offset_map_lock
2024/05/04 06:24 upstream 3d25a941ea50 610f2a54 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root general protection fault in __pte_offset_map_lock
2024/05/07 21:39 upstream dccb07f2914c cb2dcc0e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 general protection fault in __pte_offset_map_lock
2024/06/20 20:56 upstream 50736169ecc8 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in __pte_offset_map_lock
2024/05/07 01:37 upstream ee5b455b0ada fa7a5cf0 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream general protection fault in __pte_offset_map_lock
2024/06/19 00:42 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in __pte_offset_map_lock
2024/06/16 06:13 upstream 2ccbdf43d5e7 c2e07261 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 general protection fault in __pte_offset_map_lock
2024/05/01 18:34 linux-next f68868ba718e 3ba885bc .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in __pte_offset_map_lock
2024/05/31 02:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci fda5695d692c 34889ee3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __pte_offset_map_lock
2024/05/08 04:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 1c9135d29e9e 4cf3f9b3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __pte_offset_map_lock
2024/05/03 13:01 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 375d4445 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __pte_offset_map_lock
2024/05/03 04:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 6a71d2909427 ddfc15a1 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 BUG: unable to handle kernel paging request in __pte_offset_map_lock
* Struck through repros no longer work on HEAD.