syzbot


BUG: unable to handle kernel paging request in cfb_imageblit

Status: upstream: reported C repro on 2020/09/06 22:24
Reported-by: syzbot+d2aff3a642e5b1a163c2@syzkaller.appspotmail.com
First crash: 757d, last: 23d

Fix bisection: failed (bisect log)
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.14 BUG: unable to handle kernel paging request in cfb_imageblit C inconclusive 47 84d 703d 0/1 upstream: reported C repro on 2020/10/30 06:53
upstream BUG: unable to handle kernel paging request in cfb_imageblit (2) 1 386d 382d 0/24 auto-closed as invalid on 2022/01/10 12:19
upstream BUG: unable to handle kernel paging request in cfb_imageblit C done done 30 684d 727d 17/24 fixed on 2020/12/23 11:40

Sample crash report:
BUG: unable to handle kernel paging request at 0000000000137408
PGD 100067 P4D 100067 PUD 101067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9875 Comm: syz-executor373 Not tainted 4.19.143-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__writel arch/x86/include/asm/io.h:71 [inline]
RIP: 0010:slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline]
RIP: 0010:cfb_imageblit+0x99b/0x1040 drivers/video/fbdev/core/cfbimgblt.c:302
Code: e0 09 44 24 04 e8 35 a4 e7 fd 45 39 e7 0f 87 44 ff ff ff e8 37 a3 e7 fd 48 8b 44 24 08 8b 4c 24 04 48 8d 78 04 48 89 7c 24 08 <89> 08 44 89 e6 44 89 ff e8 08 a4 e7 fd 45 39 e7 0f 85 04 ff ff ff
RSP: 0018:ffff888000137160 EFLAGS: 00010293
RAX: 0000000000137408 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff83820e99 RDI: 000000000013740c
RBP: 0000000000000000 R08: ffff8880a5748f7f R09: 000000000000001c
R10: 0000000000000004 R11: 0000000000000000 R12: 000000000000001c
R13: 0000000000000000 R14: ffff8880a5748f72 R15: 000000000000001c
FS:  00007f48dc3f7700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000137408 CR3: 000000000005f000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vga_imageblit_expand drivers/video/fbdev/vga16fb.c:1207 [inline]
 vga16fb_imageblit+0x6b4/0x2260 drivers/video/fbdev/vga16fb.c:1260
 soft_cursor+0x514/0xa30 drivers/video/fbdev/core/softcursor.c:74
 bit_cursor+0x1239/0x1820 drivers/video/fbdev/core/bitblit.c:386
 fbcon_cursor+0x555/0x760 drivers/video/fbdev/core/fbcon.c:1372
 set_cursor drivers/tty/vt/vt.c:915 [inline]
 set_cursor+0x1dd/0x230 drivers/tty/vt/vt.c:906
 con_flush_chars drivers/tty/vt/vt.c:3225 [inline]
 con_flush_chars drivers/tty/vt/vt.c:3214 [inline]
 con_write+0x8f/0xb0 drivers/tty/vt/vt.c:3146
 do_output_char+0x5de/0x850 drivers/tty/n_tty.c:445
 process_output drivers/tty/n_tty.c:512 [inline]
 n_tty_write+0x46e/0xff0 drivers/tty/n_tty.c:2343
 do_tty_write drivers/tty/tty_io.c:960 [inline]
 tty_write+0x496/0x810 drivers/tty/tty_io.c:1044
 __vfs_write+0xf7/0x770 fs/read_write.c:485
 __kernel_write+0x109/0x370 fs/read_write.c:506
 write_pipe_buf+0x153/0x1f0 fs/splice.c:798
 splice_from_pipe_feed fs/splice.c:503 [inline]
 __splice_from_pipe+0x389/0x800 fs/splice.c:627
 splice_from_pipe fs/splice.c:662 [inline]
 default_file_splice_write+0xd8/0x180 fs/splice.c:810
 do_splice_from fs/splice.c:852 [inline]
 direct_splice_actor+0x115/0x160 fs/splice.c:1025
 splice_direct_to_actor+0x33f/0x8d0 fs/splice.c:980
 do_splice_direct+0x1a7/0x270 fs/splice.c:1068
 do_sendfile+0x550/0xc30 fs/read_write.c:1447
 __do_sys_sendfile64 fs/read_write.c:1508 [inline]
 __se_sys_sendfile64+0x147/0x160 fs/read_write.c:1494
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446ad9
Code: e8 9c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b 07 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f48dc3f6d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446ad9
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: 00000000006dbc50 R08: 65732f636f72702f R09: 65732f636f72702f
R10: 0800000080004103 R11: 0000000000000246 R12: 00000000006dbc5c
R13: 00007f48dc3f6d20 R14: 00007f48dc3f6d20 R15: 20c49ba5e353f7cf
Modules linked in:
CR2: 0000000000137408
---[ end trace 722a8ad8a5d4be3b ]---
RIP: 0010:__writel arch/x86/include/asm/io.h:71 [inline]
RIP: 0010:slow_imageblit drivers/video/fbdev/core/cfbimgblt.c:178 [inline]
RIP: 0010:cfb_imageblit+0x99b/0x1040 drivers/video/fbdev/core/cfbimgblt.c:302
Code: e0 09 44 24 04 e8 35 a4 e7 fd 45 39 e7 0f 87 44 ff ff ff e8 37 a3 e7 fd 48 8b 44 24 08 8b 4c 24 04 48 8d 78 04 48 89 7c 24 08 <89> 08 44 89 e6 44 89 ff e8 08 a4 e7 fd 45 39 e7 0f 85 04 ff ff ff
RSP: 0018:ffff888000137160 EFLAGS: 00010293
RAX: 0000000000137408 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff83820e99 RDI: 000000000013740c
RBP: 0000000000000000 R08: ffff8880a5748f7f R09: 000000000000001c
R10: 0000000000000004 R11: 0000000000000000 R12: 000000000000001c
R13: 0000000000000000 R14: ffff8880a5748f72 R15: 000000000000001c
FS:  00007f48dc3f7700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000137408 CR3: 000000000005f000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (367):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-19 2020/09/06 22:23 linux-4.19.y c37da90efff5 abf9ba4f .config log report syz C
ci2-linux-4-19 2020/11/09 22:29 linux-4.19.y b94de4d19498 cba33199 .config log report syz
ci2-linux-4-19 2020/10/20 00:45 linux-4.19.y ad326970d25c ff4a3345 .config log report syz
ci2-linux-4-19 2022/09/11 04:49 linux-4.19.y 3f8a27f9e27b 356d8217 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/08 11:42 linux-4.19.y 3f8a27f9e27b f3027468 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/08 04:49 linux-4.19.y 3f8a27f9e27b 435aeef7 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/07 12:25 linux-4.19.y 3f8a27f9e27b c5b7bc57 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/07 11:30 linux-4.19.y 3f8a27f9e27b c5b7bc57 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/06 23:36 linux-4.19.y 3f8a27f9e27b 5fc30c37 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/06 15:09 linux-4.19.y 3f8a27f9e27b 65aea2b9 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/06 12:24 linux-4.19.y 3f8a27f9e27b 65aea2b9 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/06 08:54 linux-4.19.y 3f8a27f9e27b 9dcd38fc .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/05 23:39 linux-4.19.y 3f8a27f9e27b 9dcd38fc .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/05 11:39 linux-4.19.y 3f8a27f9e27b 922294ab .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/05 10:17 linux-4.19.y 3f8a27f9e27b 922294ab .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/05 07:47 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/05 04:07 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/05 02:22 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/04 23:21 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/04 21:55 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/04 19:23 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/04 16:16 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/04 10:25 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/03 18:37 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/03 15:12 linux-4.19.y 3f8a27f9e27b 28811d0a .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/03 13:34 linux-4.19.y 3f8a27f9e27b 49e94a20 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/03 11:44 linux-4.19.y 3f8a27f9e27b 49e94a20 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/02 03:03 linux-4.19.y 3f8a27f9e27b a805568e .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/01 16:02 linux-4.19.y 3f8a27f9e27b 86c46e46 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/09/01 00:40 linux-4.19.y 3f8a27f9e27b 51e54e30 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/30 20:48 linux-4.19.y 3f8a27f9e27b 4a380809 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/29 13:01 linux-4.19.y 3f8a27f9e27b 94da0b6b .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/29 03:40 linux-4.19.y 3f8a27f9e27b 07177916 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/28 12:01 linux-4.19.y 3f8a27f9e27b 07177916 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/27 09:46 linux-4.19.y 3f8a27f9e27b 07177916 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/26 13:23 linux-4.19.y 3f8a27f9e27b e5a303f1 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/24 12:15 linux-4.19.y 3f8a27f9e27b 514514f6 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/24 01:07 linux-4.19.y 3f8a27f9e27b cea8b0f7 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/23 11:10 linux-4.19.y 3f8a27f9e27b cea8b0f7 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/21 11:57 linux-4.19.y 3f8a27f9e27b 26a13b38 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/19 15:20 linux-4.19.y 3f8a27f9e27b 26a13b38 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/19 11:17 linux-4.19.y 3f8a27f9e27b 26a13b38 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/18 17:37 linux-4.19.y 3f8a27f9e27b d58e263f .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/17 09:39 linux-4.19.y 3f8a27f9e27b 4e72d229 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/17 08:30 linux-4.19.y 3f8a27f9e27b 4e72d229 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/16 21:25 linux-4.19.y 3f8a27f9e27b 9e4b39c2 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/16 16:03 linux-4.19.y 3f8a27f9e27b 7a7cb304 .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2022/08/14 08:38 linux-4.19.y 3f8a27f9e27b 8dfcaa3d .config log report info BUG: unable to handle kernel paging request in cfb_imageblit
ci2-linux-4-19 2021/01/15 23:01 linux-4.19.y 675cc038067f 65a7a854 .config log report info
* Struck through repros no longer work on HEAD.