syzbot


BUG: unable to handle kernel paging request in cfb_imageblit

Status: upstream: reported C repro on 2020/10/30 06:53
Reported-by: syzbot+09743b2475fb76b24936@syzkaller.appspotmail.com
First crash: 704d, last: 84d

Fix bisection: the fix commit could be any of (bisect log):
  3f2ecb86cb90 Linux 4.14.212
  e853993d29aa Linux 4.14.269
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: unable to handle kernel paging request in cfb_imageblit C error 367 23d 757d 0/1 upstream: reported C repro on 2020/09/06 22:24
upstream BUG: unable to handle kernel paging request in cfb_imageblit (2) 1 386d 382d 0/24 auto-closed as invalid on 2022/01/10 12:19
upstream BUG: unable to handle kernel paging request in cfb_imageblit C done done 30 684d 727d 17/24 fixed on 2020/12/23 11:40

Sample crash report:
BUG: unable to handle kernel paging request at ffff888001000180
IP: __writel arch/x86/include/asm/io.h:71 [inline]
IP: slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline]
IP: cfb_imageblit+0xa30/0xe40 drivers/video/fbdev/core/cfbimgblt.c:302
PGD c9c5067 P4D c9c5067 PUD c9c6067 PMD 80000000010001e1 
Oops: 0003 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 9657 Comm: agetty Not tainted 4.14.212-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880a0f80400 task.stack: ffff88808fdd8000
RIP: 0010:__writel arch/x86/include/asm/io.h:71 [inline]
RIP: 0010:slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline]
RIP: 0010:cfb_imageblit+0xa30/0xe40 drivers/video/fbdev/core/cfbimgblt.c:302
RSP: 0018:ffff88808fddf6e0 EFLAGS: 00010297
RAX: ffff888001000184 RBX: 000000000000001c RCX: 000000000000001c
RDX: 0000000000000000 RSI: ffff888001000180 RDI: dffffc0000000000
RBP: 0000000000000000 R08: ffff888238869faf R09: 0000000000000000
R10: ffff8880a0f80d00 R11: 0000000000000000 R12: ffff888238869fa4
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fdccfe7e500(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888001000180 CR3: 00000000a0852000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1208 [inline]
 vga16fb_imageblit+0x630/0x2140 drivers/video/fbdev/vga16fb.c:1261
 soft_cursor+0x50a/0xa50 drivers/video/fbdev/core/softcursor.c:74
 bit_cursor+0xf7a/0x1580 drivers/video/fbdev/core/bitblit.c:377
 fbcon_cursor+0x480/0x640 drivers/video/fbdev/core/fbcon.c:1287
 set_cursor drivers/tty/vt/vt.c:603 [inline]
 set_cursor+0x189/0x1e0 drivers/tty/vt/vt.c:594
 con_flush_chars drivers/tty/vt/vt.c:2885 [inline]
 con_flush_chars drivers/tty/vt/vt.c:2874 [inline]
 con_write+0x81/0xa0 drivers/tty/vt/vt.c:2806
 do_output_char+0x4f5/0x750 drivers/tty/n_tty.c:447
 __process_echoes+0x313/0x8c0 drivers/tty/n_tty.c:739
 flush_echoes drivers/tty/n_tty.c:829 [inline]
 __receive_buf drivers/tty/n_tty.c:1648 [inline]
 n_tty_receive_buf_common+0x9a3/0x25a0 drivers/tty/n_tty.c:1742
 tiocsti drivers/tty/tty_io.c:2186 [inline]
 tty_ioctl+0xe5a/0x13c0 drivers/tty/tty_io.c:2572
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x75a/0xff0 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x7f/0xb0 fs/ioctl.c:692
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7fdccf9a2017
RSP: 002b:00007ffc54d47918 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffc54d47b5d RCX: 00007fdccf9a2017
RDX: 00007ffc54d47b5c RSI: 0000000000005412 RDI: 0000000000000000
RBP: 00007ffc54d47ba0 R08: ffffffffffffff98 R09: 00007ffc54d47990
R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc54d47934
R13: 00007ffc54d47a90 R14: 00007ffc54d47990 R15: 0000000000000000
Code: 45 7c 24 20 e8 02 26 15 fe 89 d9 44 89 f8 d3 e0 41 09 c5 39 5c 24 08 0f 87 76 ff ff ff e8 e9 25 15 fe 48 8b 74 24 10 48 8d 46 04 <44> 89 2e 39 5c 24 08 0f 85 44 ff ff ff 45 31 ed 48 89 44 24 10 
RIP: __writel arch/x86/include/asm/io.h:71 [inline] RSP: ffff88808fddf6e0
RIP: slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline] RSP: ffff88808fddf6e0
RIP: cfb_imageblit+0xa30/0xe40 drivers/video/fbdev/core/cfbimgblt.c:302 RSP: ffff88808fddf6e0
CR2: ffff888001000180
---[ end trace 7fb458dd46aa49d2 ]---

Crashes (47):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-14 2020/12/23 23:01 linux-4.14.y 3f2ecb86cb90 c2c1d1dd .config log report syz C
ci2-linux-4-14 2020/10/30 06:53 linux-4.14.y 2b7915014161 a0c7169a .config log report syz
ci2-linux-4-14 2022/07/11 15:29 linux-4.14.y 1048779a1d7d f3f217ff .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2022/06/07 13:16 linux-4.14.y b8f3be299d51 b2706118 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2022/06/02 13:20 linux-4.14.y 501eec4f9e13 6e12f05f .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2022/02/05 02:42 linux-4.14.y b86ee2b7ae42 e13a05ed .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2022/01/27 10:06 linux-4.14.y bbb957e1bd4a 2cbffd88 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2022/01/14 13:05 linux-4.14.y 4ba8e26127c3 b8d780ab .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2022/01/11 05:12 linux-4.14.y bfdef05c8da4 ddb0ab8c .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/05/05 10:39 linux-4.14.y 7d7d1c0ab3eb 06c27ff5 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/30 13:06 linux-4.14.y 7d7d1c0ab3eb 77e2b668 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/30 12:40 linux-4.14.y 7d7d1c0ab3eb 77e2b668 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/22 08:47 linux-4.14.y cf256fbcbe34 2bc8999a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/20 07:59 linux-4.14.y cf256fbcbe34 c0ced557 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/20 07:48 linux-4.14.y cf256fbcbe34 c0ced557 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/19 10:08 linux-4.14.y cf256fbcbe34 50f523d7 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/19 05:29 linux-4.14.y cf256fbcbe34 7e2b734b .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/04/18 22:19 linux-4.14.y cf256fbcbe34 7e2b734b .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/03/29 13:17 linux-4.14.y 670d6552eda8 a8529b82 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/03/22 04:21 linux-4.14.y cb83ddcd5332 bea32f74 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/03/21 15:56 linux-4.14.y cb83ddcd5332 4c9a64da .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/03/01 23:09 linux-4.14.y 3242aa3a635c 183afb6c .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/03/01 19:42 linux-4.14.y 3242aa3a635c 183afb6c .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/02/25 16:00 linux-4.14.y 3242aa3a635c 76f7fc95 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/02/25 08:47 linux-4.14.y 3242aa3a635c fcc6d71b .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/02/20 15:57 linux-4.14.y 29c52025152b 3e5ed8b4 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/02/08 05:10 linux-4.14.y 2c8a3fceddf0 2ce644fc .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/01/30 05:06 linux-4.14.y 2d2791fce891 fc9fd31e .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-14 2021/01/09 09:39 linux-4.14.y 1752938529c6 a6c52263 .config log report info
ci2-linux-4-14 2021/01/01 20:56 linux-4.14.y 1752938529c6 79264ae3 .config log report info
ci2-linux-4-14 2020/12/29 10:03 linux-4.14.y 3f2ecb86cb90 8259d56c .config log report info
ci2-linux-4-14 2020/12/28 21:24 linux-4.14.y 3f2ecb86cb90 8259d56c .config log report info
ci2-linux-4-14 2020/12/27 12:07 linux-4.14.y 3f2ecb86cb90 821e0b09 .config log report info
ci2-linux-4-14 2020/12/27 06:17 linux-4.14.y 3f2ecb86cb90 821e0b09 .config log report info
ci2-linux-4-14 2020/12/26 12:13 linux-4.14.y 3f2ecb86cb90 821e0b09 .config log report info
ci2-linux-4-14 2020/12/23 12:04 linux-4.14.y 3f2ecb86cb90 c2c1d1dd .config log report info
ci2-linux-4-14 2020/12/23 08:11 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/22 09:39 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/20 03:32 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/20 02:27 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/19 16:02 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/19 15:14 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/19 06:27 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/18 18:06 linux-4.14.y 3f2ecb86cb90 04201c06 .config log report info
ci2-linux-4-14 2020/12/08 23:59 linux-4.14.y 47cbf4cc32db 40cc414d .config log report info
ci2-linux-4-14 2020/12/04 18:58 linux-4.14.y c196b3a9c83a 20366b87 .config log report info
ci2-linux-4-14 2020/10/30 08:36 linux-4.14.y 2b7915014161 a0c7169a .config log report info
* Struck through repros no longer work on HEAD.