syzbot

 sign-in | mailing list | source | docs
🐞 Open [968] 🐞 Fixed [4037] 🐞 Invalid [9002] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

kernel BUG in vmf_insert_pfn_prot

Status: upstream: reported C repro on 2021/09/17 09:22
Reported-by: syzbot+2d4f8693f438d2bd4bdb@syzkaller.appspotmail.com
First crash: 384d, last: 4h49m

Cause bisection: introduced by (bisect log) :
commit 8b93d1d7dbd578fd296e70008b29c0f62d09d7cb
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date: Thu Aug 12 13:14:10 2021 +0000

  drm/shmem-helper: Switch to vmf_insert_pfn

Crash: kernel BUG in vmf_insert_pfn_prot (log)
Repro: C syz .config
duplicates (1):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
invalid opcode in vmf_insert_pfn_prot 2 337d 333d 0/24 closed as dup on 2021/12/04 10:09
similar bugs (4):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 kernel BUG at mm/memory.c:LINE! C error 7 111d 868d 0/1 upstream: reported C repro on 2020/05/21 22:29
upstream kernel BUG in __handle_mm_fault 2 524d 524d 0/24 auto-closed as invalid on 2021/06/29 08:42
linux-4.14 kernel BUG at mm/memory.c:LINE! C inconclusive 3 115d 868d 0/1 upstream: reported C repro on 2020/05/21 23:25
upstream kernel BUG at mm/memory.c:LINE! 1 1551d 1550d 9/24 fixed on 2018/08/08 18:10

Sample crash report:
------------[ cut here ]------------
kernel BUG at mm/memory.c:2218!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 3608 Comm: syz-executor941 Not tainted 6.0.0-syzkaller-05118-g833477fce7a1 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 mm/memory.c:2218
Code: 0f 0b e8 8b 9d c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 57 9a c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 68 9d c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 57 9d c6 ff 4d 21 ee 4c 89
RSP: 0018:ffffc900030ef8e8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff9200061df1f RCX: 0000000000000000
RDX: ffff88807e59c140 RSI: ffffffff81b3a3f8 RDI: 0000000000000007
RBP: ffff88802125a528 R08: 0000000000000007 R09: 0000000000000020
R10: 0000000000000020 R11: 0000000000000000 R12: 0000000020000000
R13: 000000000001e9f3 R14: 000000000c040474 R15: 0000000000000020
FS:  0000555556f243c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000240 CR3: 000000001e965000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 drm_gem_shmem_fault+0x1e3/0x290 drivers/gpu/drm/drm_gem_shmem_helper.c:562
 __do_fault+0x10d/0x610 mm/memory.c:4173
 do_read_fault mm/memory.c:4524 [inline]
 do_fault mm/memory.c:4653 [inline]
 handle_pte_fault mm/memory.c:4917 [inline]
 __handle_mm_fault+0x2130/0x39b0 mm/memory.c:5059
 handle_mm_fault+0x1c8/0x780 mm/memory.c:5157
 do_user_addr_fault+0x475/0x1210 arch/x86/mm/fault.c:1407
 handle_page_fault arch/x86/mm/fault.c:1498 [inline]
 exc_page_fault+0x94/0x170 arch/x86/mm/fault.c:1554
 asm_exc_page_fault+0x22/0x30 arch/x86/include/asm/idtentry.h:570
RIP: 0010:do_strncpy_from_user lib/strncpy_from_user.c:41 [inline]
RIP: 0010:strncpy_from_user+0x1bd/0x3c0 lib/strncpy_from_user.c:139
Code: ed 08 4d 89 74 1d 00 bf 07 00 00 00 48 83 c3 08 48 89 ee e8 c5 79 5a fd 48 83 fd 07 0f 86 c0 01 00 00 e8 d6 7c 5a fd 45 31 ff <49> 8b 04 1c 31 ff 44 89 fe 49 89 c6 e8 82 79 5a fd 45 85 ff 0f 84
RSP: 0018:ffffc900030efd08 EFLAGS: 00050246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88807e59c140 RSI: ffffffff841fc48a RDI: 0000000000000007
RBP: 0000000000000fe0 R08: 0000000000000007 R09: 0000000000000007
R10: 0000000000000fe0 R11: 0000000000000000 R12: 0000000020000240
R13: ffff88807e37a9a0 R14: ffff88807e37a9a0 R15: 0000000000000000
 getname_flags.part.0+0x95/0x4f0 fs/namei.c:150
 getname_flags include/linux/audit.h:320 [inline]
 getname+0x8e/0xd0 fs/namei.c:218
 do_sys_openat2+0xf5/0x4c0 fs/open.c:1307
 do_sys_open fs/open.c:1329 [inline]
 __do_sys_openat fs/open.c:1345 [inline]
 __se_sys_openat fs/open.c:1340 [inline]
 __x64_sys_openat+0x13f/0x1f0 fs/open.c:1340
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f6f30426159
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffde672f708 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007ffde672f718 RCX: 00007f6f30426159
RDX: 000000000000275a RSI: 0000000020000240 RDI: 00000000ffffff9c
RBP: 00007ffde672f710 R08: 00007ffde672f710 R09: 00007f6f303e9020
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:vmf_insert_pfn_prot+0x248/0x460 mm/memory.c:2218
Code: 0f 0b e8 8b 9d c6 ff 4d 89 f7 bf 20 00 00 00 41 83 e7 28 4c 89 fe e8 57 9a c6 ff 49 83 ff 20 0f 85 a5 fe ff ff e8 68 9d c6 ff <0f> 0b 49 be ff ff ff ff ff ff 0f 00 e8 57 9d c6 ff 4d 21 ee 4c 89
RSP: 0018:ffffc900030ef8e8 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff9200061df1f RCX: 0000000000000000
RDX: ffff88807e59c140 RSI: ffffffff81b3a3f8 RDI: 0000000000000007
RBP: ffff88802125a528 R08: 0000000000000007 R09: 0000000000000020
R10: 0000000000000020 R11: 0000000000000000 R12: 0000000020000000
R13: 000000000001e9f3 R14: 000000000c040474 R15: 0000000000000020
FS:  0000555556f243c0(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000240 CR3: 000000001e965000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	ed                   	in     (%dx),%eax
   1:	08 4d 89             	or     %cl,-0x77(%rbp)
   4:	74 1d                	je     0x23
   6:	00 bf 07 00 00 00    	add    %bh,0x7(%rdi)
   c:	48 83 c3 08          	add    $0x8,%rbx
  10:	48 89 ee             	mov    %rbp,%rsi
  13:	e8 c5 79 5a fd       	callq  0xfd5a79dd
  18:	48 83 fd 07          	cmp    $0x7,%rbp
  1c:	0f 86 c0 01 00 00    	jbe    0x1e2
  22:	e8 d6 7c 5a fd       	callq  0xfd5a7cfd
  27:	45 31 ff             	xor    %r15d,%r15d
* 2a:	49 8b 04 1c          	mov    (%r12,%rbx,1),%rax <-- trapping instruction
  2e:	31 ff                	xor    %edi,%edi
  30:	44 89 fe             	mov    %r15d,%esi
  33:	49 89 c6             	mov    %rax,%r14
  36:	e8 82 79 5a fd       	callq  0xfd5a79bd
  3b:	45 85 ff             	test   %r15d,%r15d
  3e:	0f                   	.byte 0xf
  3f:	84                   	.byte 0x84

Crashes (1554):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2022/10/06 19:05 upstream 833477fce7a1 131b38ac .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/10/05 07:21 upstream 0326074ff465 267e3bb1 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/10/04 07:50 upstream 4fe89d07dcc2 feb56351 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-selinux-root 2022/09/17 20:05 upstream a335366bad13 dd9a85ff .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-smack-root 2022/09/11 09:07 upstream b96fbd602d35 356d8217 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-smack-root 2022/08/18 17:27 upstream 274a2eebf80c d58e263f .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/07/17 04:30 upstream c658cabbfd32 95cb00d1 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/07/02 21:25 upstream 089866061428 1434eec0 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/05/13 05:37 upstream 0ac824f379fb 9ad6612a .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-selinux-root 2022/05/13 05:17 upstream 0ac824f379fb 9ad6612a .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/01/07 08:00 upstream b2b436ec0205 6acc789a .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/08/27 04:27 linux-next 8d0c42c9e807 07177916 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/08/10 05:10 linux-next 6c8f479764eb c2a623d6 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2021/09/18 15:55 linux-next 9004fd387338 70b76c1d .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/10/04 07:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report syz C kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/10/05 23:33 upstream 2bca25eaeba6 2c6543ad .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/10/05 19:22 upstream 0326074ff465 267e3bb1 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/10/01 01:52 upstream 5a77386984b5 feb56351 .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/09/27 02:09 upstream f76349cf4145 d59ba983 .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/09/25 13:57 upstream 105a36f3694e 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/09/24 16:19 upstream a63f2e7cb110 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/09/23 01:56 upstream dc164f4fb00a 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/09/22 03:45 upstream 06f7db949993 60af5050 .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/09/21 23:16 upstream 06f7db949993 60af5050 .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/09/20 21:19 upstream 60891ec99e14 c4b8ccfd .config log report info kernel BUG in vmf_insert_pfn_prot
ci2-upstream-fs 2022/09/20 00:09 upstream 521a547ced64 dd9a85ff .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-selinux-root 2022/09/18 02:20 upstream a335366bad13 dd9a85ff .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/09/12 01:38 upstream 4ed9c1e971b1 356d8217 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-smack-root 2022/09/11 20:26 upstream b96fbd602d35 356d8217 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-qemu-upstream 2022/09/10 06:42 upstream ce888220d5c7 356d8217 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-root 2022/09/06 06:13 upstream 53e99dcff61e 9dcd38fc .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/09/06 03:44 upstream 53e99dcff61e 9dcd38fc .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/08/30 10:58 upstream dcf8e5633e2e 5b44472d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/08/26 22:48 upstream 3e5c673f0d75 e5a303f1 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/08/26 21:39 upstream 3e5c673f0d75 e5a303f1 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce 2022/08/26 10:55 upstream 4c612826bec1 15195ea3 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-kasan-gce-386 2022/09/17 03:48 upstream 6879c2d3b960 dd9a85ff .config log report info kernel BUG in vmf_insert_pfn_prot
ci-qemu2-arm64-mte 2022/09/11 08:09 upstream b96fbd602d35 356d8217 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-qemu-upstream-386 2022/05/30 04:44 upstream c3a9a3c5f559 a46af346 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-qemu2-arm64-compat 2021/11/25 07:20 upstream 5f53fa508db0 545ab074 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/09/29 20:24 linux-next aaa11ce2ffc8 1d385642 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/09/21 05:20 linux-next e47eb90a0a9a c4b8ccfd .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/09/19 09:41 linux-next e47eb90a0a9a dd9a85ff .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/09/05 21:04 linux-next e47eb90a0a9a 922294ab .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2022/08/26 02:16 linux-next b5d939c95186 9b5bf4cd .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2021/09/17 09:13 linux-next 9004fd387338 5b989942 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-linux-next-kasan-gce-root 2021/09/17 08:58 linux-next 9004fd387338 5b989942 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/10/05 17:48 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 267e3bb1 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/10/04 05:40 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/10/03 20:46 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/10/02 20:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/10/02 19:03 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci bbed346d5a96 feb56351 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/29 15:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 1d385642 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/28 21:26 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 e2556bc3 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/27 19:02 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 87840e00 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/27 00:53 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 10323ddf .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/26 06:08 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/25 23:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/25 07:17 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/24 13:41 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci c194837ebb57 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/23 19:30 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci d2cd2931d2fd 0042f2b4 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/19 14:39 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a6b443748715 dd9a85ff .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/17 06:42 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a6b443748715 dd9a85ff .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/16 10:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a6b443748715 dd9a85ff .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/09/02 10:33 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 85413d1e802e a805568e .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/08/31 13:19 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 51e54e30 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/08/31 05:51 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 4a380809 .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/08/30 11:09 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d 5b44472d .config log report info kernel BUG in vmf_insert_pfn_prot
ci-upstream-gce-arm64 2022/08/26 20:04 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci a41a877bc12d e5a303f1 .config log report info kernel BUG in vmf_insert_pfn_prot
* Struck through repros no longer work on HEAD.