kernel BUG in vmf_insert_pfn

kernel BUG in vmf_insert_pfn_prot
Status: upstream: reported C repro on 2021/09/17 09:22
Reported-by: syzbot+2d4f8693f438d2bd4bdb@syzkaller.appspotmail.com
First crash: 37d, last: 16h56m

Cause bisection: introduced by (bisect log) :
commit 8b93d1d7dbd578fd296e70008b29c0f62d09d7cb
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Thu Aug 12 13:14:10 2021 +0000

drm/shmem-helper: Switch to vmf_insert_pfn

Crash: kernel BUG in vmf_insert_pfn_prot (log)
Repro: C syz .config

similar bugs (4):
Kernel	Title	Repro	Fix bisect	Count	Last	Reported	Patched	Status
linux-4.19	kernel BUG at mm/memory.c:LINE!	C		3	29d	520d	0/1	upstream: reported C repro on 2020/05/21 22:29
upstream	kernel BUG in __handle_mm_fault			2	177d	176d	0/22	auto-closed as invalid on 2021/06/29 08:42
linux-4.14	kernel BUG at mm/memory.c:LINE!	syz	inconclusive	2	436d	520d	0/1	upstream: reported syz repro on 2020/05/21 23:25
upstream	kernel BUG at mm/memory.c:LINE!			1	1204d	1203d	9/22	fixed on 2018/08/08 18:10

Sample crash report:

------------[ cut here ]------------
kernel BUG at mm/memory.c:2103!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 6537 Comm: syz-executor894 Not tainted 5.15.0-rc1-next-20210917-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vmf_insert_pfn_prot+0x248/0x450 mm/memory.c:2103
Code: 0f 0b e8 6b d0 ca ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 b7 d5 ca ff 49 83 ff 20 0f 85 a5 fe ff ff e8 48 d0 ca ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 37 d0 ca ff 4d 21 ee 4c 89
RSP: 0000:ffffc90002c5fbd0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff9200058bf7c RCX: 0000000000000000
RDX: ffff888014d81c80 RSI: ffffffff81ab3e18 RDI: 0000000000000003
RBP: ffff88806ec18318 R08: 0000000000000020 R09: ffffc90002c5fbb7
R10: ffffffff81ab3e09 R11: 0000000000000000 R12: 0000000020000000
R13: 000000000001a305 R14: 0000000008140476 R15: 0000000000000020
FS:  00007fd624da5700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000600 CR3: 000000006e41e000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 drm_gem_shmem_fault+0x1e3/0x290 drivers/gpu/drm/drm_gem_shmem_helper.c:564
 __do_fault+0x10d/0x4d0 mm/memory.c:3848
 do_cow_fault mm/memory.c:4184 [inline]
 do_fault mm/memory.c:4285 [inline]
 handle_pte_fault mm/memory.c:4541 [inline]
 __handle_mm_fault+0x370e/0x5120 mm/memory.c:4676
 handle_mm_fault+0x1c8/0x790 mm/memory.c:4774
 do_user_addr_fault+0x48b/0x11c0 arch/x86/mm/fault.c:1390
 handle_page_fault arch/x86/mm/fault.c:1475 [inline]
 exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1531
 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0033:0x7fd624db0238
Code: c0 75 63 48 8d 75 0c b9 40 42 0f 00 ba 81 00 00 00 c7 45 0c 01 00 00 00 bf ca 00 00 00 31 c0 e8 0e 2a 04 00 eb 85 0f 1f 40 00 <4c> 89 24 25 00 06 00 20 45 31 c0 31 c9 31 c0 c6 04 25 08 06 00 20
RSP: 002b:00007fd624da5320 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 00007fd624e7b3e8 RCX: 00007fd624df2c59
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd624e7b3e8
RBP: 00007fd624e7b3e0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 3162662f7665642f
R13: 00007ffe82f363ff R14: 00007fd624da5400 R15: 0000000000022000
Modules linked in:
---[ end trace 0e8bfa618299b282 ]---
RIP: 0010:vmf_insert_pfn_prot+0x248/0x450 mm/memory.c:2103
Code: 0f 0b e8 6b d0 ca ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 b7 d5 ca ff 49 83 ff 20 0f 85 a5 fe ff ff e8 48 d0 ca ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 37 d0 ca ff 4d 21 ee 4c 89
RSP: 0000:ffffc90002c5fbd0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff9200058bf7c RCX: 0000000000000000
RDX: ffff888014d81c80 RSI: ffffffff81ab3e18 RDI: 0000000000000003
RBP: ffff88806ec18318 R08: 0000000000000020 R09: ffffc90002c5fbb7
R10: ffffffff81ab3e09 R11: 0000000000000000 R12: 0000000020000000
R13: 000000000001a305 R14: 0000000008140476 R15: 0000000000000020
FS:  00007fd624da5700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f27acc516c0 CR3: 000000006e41e000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (403):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Title
ci-upstream-linux-next-kasan-gce-root	2021/09/18 15:55	linux-next	9004fd387338	70b76c1d	.config	log	report	syz	C		kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/23 20:14	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/23 18:45	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/23 18:01	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/23 11:26	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/23 05:37	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/23 02:21	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/23 00:59	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/22 23:57	linux-next	cf6c9d12750c	282f03fb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/22 17:32	linux-next	3196a52aff93	55f90bc6	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/22 11:14	linux-next	3196a52aff93	55f90bc6	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/21 23:12	linux-next	3196a52aff93	c5cb7da8	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/21 23:12	linux-next	3196a52aff93	c5cb7da8	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/21 11:42	linux-next	3196a52aff93	f111d03b	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/21 09:03	linux-next	51dba6e335ff	f111d03b	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/21 04:11	linux-next	51dba6e335ff	f111d03b	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/21 02:43	linux-next	51dba6e335ff	f111d03b	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/20 21:48	linux-next	51dba6e335ff	418a00eb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/20 21:28	linux-next	51dba6e335ff	418a00eb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/20 14:30	linux-next	51dba6e335ff	418a00eb	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/20 05:20	linux-next	60e8840126bd	466b7db1	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/19 10:17	linux-next	60e8840126bd	24dc29db	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/18 14:20	linux-next	60e8840126bd	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/18 05:47	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/18 04:15	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/18 02:39	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/18 01:29	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/18 00:13	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/17 23:48	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/17 19:31	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/17 17:49	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/17 00:25	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/16 13:50	linux-next	7c832d2f9b95	0c5d9412	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/15 03:10	linux-next	8006b911c90a	7aa5fe41	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/15 03:01	linux-next	8006b911c90a	7aa5fe41	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/14 22:15	linux-next	8006b911c90a	7aa5fe41	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/12 06:21	linux-next	d3134eb5de85	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/12 04:48	linux-next	d3134eb5de85	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/11 18:36	linux-next	d3134eb5de85	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/11 18:35	linux-next	d3134eb5de85	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/11 04:46	linux-next	683f29b781ae	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/11 03:40	linux-next	683f29b781ae	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/10 21:29	linux-next	683f29b781ae	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/10/10 21:29	linux-next	683f29b781ae	838e7e2c	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/09/17 09:13	linux-next	9004fd387338	5b989942	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root	2021/09/17 08:58	linux-next	9004fd387338	5b989942	.config	log	report			info	kernel BUG in vmf_insert_pfn_prot