syzbot


kernel BUG in vmf_insert_pfn_prot
Status: upstream: reported C repro on 2021/09/17 09:22
Reported-by: syzbot+2d4f8693f438d2bd4bdb@syzkaller.appspotmail.com
First crash: 253d, last: 1d11h

Cause bisection: introduced by (bisect log) :
commit 8b93d1d7dbd578fd296e70008b29c0f62d09d7cb
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Thu Aug 12 13:14:10 2021 +0000

  drm/shmem-helper: Switch to vmf_insert_pfn

Crash: kernel BUG in vmf_insert_pfn_prot (log)
Repro: C syz .config
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
invalid opcode in vmf_insert_pfn_prot 2 205d 201d 0/22 closed as dup on 2021/12/04 10:09
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at mm/memory.c:LINE! C error 6 73d 736d 0/1 upstream: reported C repro on 2020/05/21 22:29
upstream kernel BUG in __handle_mm_fault 2 393d 392d 0/22 auto-closed as invalid on 2021/06/29 08:42
linux-4.14 kernel BUG at mm/memory.c:LINE! syz inconclusive 2 651d 736d 0/1 upstream: reported syz repro on 2020/05/21 23:25
upstream kernel BUG at mm/memory.c:LINE! 1 1420d 1419d 9/22 fixed on 2018/08/08 18:10

Sample crash report:
------------[ cut here ]------------
kernel BUG at mm/memory.c:2132!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3605 Comm: syz-executor126 Not tainted 5.18.0-rc6-syzkaller-00015-g0ac824f379fb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 mm/memory.c:2132
Code: 0f 0b e8 bb 6a c7 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 37 6d c7 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 98 6a c7 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 87 6a c7 ff 4d 21 ee 4c 89
RSP: 0018:ffffc90002f3f5b8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff920005e7eb9 RCX: 0000000000000000
RDX: ffff888019250000 RSI: ffffffff81b1d618 RDI: 0000000000000003
RBP: ffff888074daea50 R08: 0000000000000020 R09: ffffc90002f3f59f
R10: ffffffff81b1d609 R11: 0000000000000001 R12: 0000000020002000
R13: 000000000001a6bd R14: 000000000c140476 R15: 0000000000000020
FS:  0000555556809300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020002000 CR3: 000000001f0f1000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 drm_gem_shmem_fault+0x1e3/0x290 drivers/gpu/drm/drm_gem_shmem_helper.c:561
 __do_fault+0x10d/0x8c0 mm/memory.c:3915
 do_read_fault mm/memory.c:4240 [inline]
 do_fault mm/memory.c:4369 [inline]
 handle_pte_fault mm/memory.c:4627 [inline]
 __handle_mm_fault+0x2764/0x4150 mm/memory.c:4763
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4861
 do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
 handle_page_fault arch/x86/mm/fault.c:1484 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1540
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0010:fault_in_readable+0x175/0x290 mm/gup.c:1720
Code: f3 c9 ff 49 39 dd 0f 84 06 01 00 00 45 31 f6 eb 11 e8 6f f3 c9 ff 48 81 c3 00 10 00 00 4c 39 eb 74 1d e8 5e f3 c9 ff 45 89 f7 <8a> 03 31 ff 44 89 fe 88 44 24 28 e8 6b f5 c9 ff 45 85 ff 74 d2 e8
RSP: 0018:ffffc90002f3f9e0 EFLAGS: 00050293
RAX: 0000000000000000 RBX: 0000000020002000 RCX: 0000000000000000
RDX: ffff888019250000 RSI: ffffffff81af4d52 RDI: 0000000000000003
RBP: 0000000020001040 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff81af4cf6 R11: 0000000000000000 R12: 0000000000001000
R13: 0000000020003000 R14: 0000000000000000 R15: 0000000000000000
 fault_in_iov_iter_readable lib/iov_iter.c:458 [inline]
 fault_in_iov_iter_readable+0x11f/0x1f0 lib/iov_iter.c:444
 generic_perform_write+0x19e/0x560 mm/filemap.c:3777
 ext4_buffered_write_iter+0x15b/0x330 fs/ext4/file.c:270
 ext4_file_write_iter+0x43c/0x1510 fs/ext4/file.c:679
 call_write_iter include/linux/fs.h:2050 [inline]
 new_sync_write+0x38a/0x560 fs/read_write.c:504
 vfs_write+0x7c0/0xac0 fs/read_write.c:591
 ksys_write+0x127/0x250 fs/read_write.c:644
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f7fabdf5b89
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe890ed408 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7fabdf5b89
RDX: 000000000000fea7 RSI: 0000000020000040 RDI: 0000000000000004
RBP: 00007f7fabdb9d30 R08: 00000000000a9000 R09: 0000000000000000
R10: 00000000000a9000 R11: 0000000000000246 R12: 00007f7fabdb9dc0
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 mm/memory.c:2132
Code: 0f 0b e8 bb 6a c7 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 37 6d c7 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 98 6a c7 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 87 6a c7 ff 4d 21 ee 4c 89
RSP: 0018:ffffc90002f3f5b8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff920005e7eb9 RCX: 0000000000000000
RDX: ffff888019250000 RSI: ffffffff81b1d618 RDI: 0000000000000003
RBP: ffff888074daea50 R08: 0000000000000020 R09: ffffc90002f3f59f
R10: ffffffff81b1d609 R11: 0000000000000001 R12: 0000000020002000
R13: 000000000001a6bd R14: 000000000c140476 R15: 0000000000000020
FS:  0000555556809300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7fabdd07b5 CR3: 000000001f0f1000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	f3 c9                	repz leaveq
   2:	ff 49 39             	decl   0x39(%rcx)
   5:	dd 0f                	fisttpll (%rdi)
   7:	84 06                	test   %al,(%rsi)
   9:	01 00                	add    %eax,(%rax)
   b:	00 45 31             	add    %al,0x31(%rbp)
   e:	f6 eb                	imul   %bl
  10:	11 e8                	adc    %ebp,%eax
  12:	6f                   	outsl  %ds:(%rsi),(%dx)
  13:	f3 c9                	repz leaveq
  15:	ff 48 81             	decl   -0x7f(%rax)
  18:	c3                   	retq
  19:	00 10                	add    %dl,(%rax)
  1b:	00 00                	add    %al,(%rax)
  1d:	4c 39 eb             	cmp    %r13,%rbx
  20:	74 1d                	je     0x3f
  22:	e8 5e f3 c9 ff       	callq  0xffc9f385
  27:	45 89 f7             	mov    %r14d,%r15d
* 2a:	8a 03                	mov    (%rbx),%al <-- trapping instruction
  2c:	31 ff                	xor    %edi,%edi
  2e:	44 89 fe             	mov    %r15d,%esi
  31:	88 44 24 28          	mov    %al,0x28(%rsp)
  35:	e8 6b f5 c9 ff       	callq  0xffc9f5a5
  3a:	45 85 ff             	test   %r15d,%r15d
  3d:	74 d2                	je     0x11
  3f:	e8                   	.byte 0xe8

Crashes (1416):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2022/05/13 05:37 upstream 0ac824f379fb 9ad6612a .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-selinux-root 2022/05/13 05:17 upstream 0ac824f379fb 9ad6612a .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/01/07 08:00 upstream b2b436ec0205 6acc789a .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2021/09/18 15:55 linux-next 9004fd387338 70b76c1d .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/05/22 15:50 upstream eaea45fc0e7b 7268fa62 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/05/18 23:26 upstream ef1302160bfb 50c53f39 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-smack-root 2022/05/13 19:12 upstream f3f19f939c11 107f6434 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-selinux-root 2022/05/13 05:01 upstream 0ac824f379fb 9ad6612a .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/05/10 16:50 upstream 9be9ed2612b5 8b277b8e .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/04/25 16:02 upstream af2d861d4cd2 c889aef9 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/04/21 12:04 upstream b253435746d9 d4befee1 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-smack-root 2022/04/19 02:52 upstream b2d229d4ddb1 8bcc32a6 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/04/13 22:15 upstream a19944809fe9 b17b2923 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/04/13 16:28 upstream a19944809fe9 faabdb86 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/04/11 11:48 upstream ce522ba9ef7e e22c3da3 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/04/06 22:03 upstream 3e732ebf7316 97582466 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-smack-root 2022/04/05 02:22 upstream 312310928417 5915c2cb .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/04/02 18:58 upstream 88e6c0207623 79a2a8fc .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/04/01 04:54 upstream b4a5ea09b293 68fc921a .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/31 09:28 upstream 787af64d05cd 9d49f3a7 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/30 06:48 upstream 1930a6e739c4 6bdac766 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/28 09:26 upstream f82da161ea75 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/27 13:45 upstream f022814633e1 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-selinux-root 2022/03/27 09:33 upstream bddac7c1e02b 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/26 13:51 upstream 52d543b5497c 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/25 18:42 upstream 34af78c4e616 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/24 19:23 upstream ed4643521e6a 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/03/24 16:40 upstream ed4643521e6a 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/24 12:42 upstream ed4643521e6a 89bc8608 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/24 07:10 upstream 1bc191051dca 5ff41e94 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/22 23:36 upstream b47d5a4f6b8d d88ef0c5 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/22 09:14 upstream eaa54b1458ca e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/22 03:17 upstream f443e374ae13 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/22 02:02 upstream f443e374ae13 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/21 18:44 upstream f443e374ae13 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/21 07:43 upstream f443e374ae13 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/21 03:36 upstream f443e374ae13 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/20 13:31 upstream 14702b3b2438 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/20 12:12 upstream 14702b3b2438 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-smack-root 2022/03/20 07:45 upstream 97e9c8eb4bb1 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/20 05:50 upstream 97e9c8eb4bb1 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/19 23:59 upstream 97e9c8eb4bb1 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/19 11:36 upstream 34e047aa16c0 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/18 23:08 upstream 551acdc3c3d2 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/18 21:08 upstream 551acdc3c3d2 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/18 19:42 upstream 551acdc3c3d2 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/18 18:11 upstream 551acdc3c3d2 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/18 14:11 upstream 551acdc3c3d2 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/18 13:07 upstream 551acdc3c3d2 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/03/18 10:32 upstream 551acdc3c3d2 e2d91b1d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-qemu-upstream 2022/01/18 02:46 upstream 0c947b893d69 731a2d23 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-386 2022/04/20 08:17 upstream b7f73403a3e9 7d7bc738 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-qemu-upstream-386 2022/01/19 01:50 upstream 99613159ad74 731a2d23 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-qemu2-arm64-compat 2021/11/25 07:20 upstream 5f53fa508db0 545ab074 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/05/26 23:09 linux-next b1d84fc09a96 3037caa9 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/04/24 17:24 linux-next f1244c81da13 131df97d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/04/21 12:05 linux-next f1244c81da13 d4befee1 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2021/09/17 09:13 linux-next 9004fd387338 5b989942 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2021/09/17 08:58 linux-next 9004fd387338 5b989942 .config log report info kernel BUG in vmf_insert_pfn_prot