syzbot


BUG: unable to handle kernel NULL pointer dereference in page_fault_oops

Status: closed as invalid on 2024/09/13 11:13
Subsystems: kernel
[Documentation on labels]
First crash: 182d, last: 174d

Sample crash report:
------------[ cut here ]------------
Voluntary context switch within RCU read-side critical section!
BUG: kernel NULL pointer dereference, address: 0000000000000001
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 800000002a18d067 P4D 800000002a18d067 PUD 1fcdc067 PMD 0 
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 5444 Comm: syz.0.40 Not tainted 6.11.0-rc5-next-20240827-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
RIP: 0010:memcpy_orig+0x1e/0x140 arch/x86/lib/memcpy_64.S:65
Code: 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 89 f8 48 83 fa 20 0f 82 86 00 00 00 40 38 fe 7c 35 48 83 ea 20 48 83 ea 20 <4c> 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 48 8d 76 20 4c 89 07
RSP: 0018:ffffc900047bdef8 EFLAGS: 00010046
RAX: ffffffff8e881f88 RBX: ffffffff8e881f88 RCX: ffffffff8173ba76
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff8e881f88
RBP: ffffc900047be150 R08: ffffffff8e881fc7 R09: 1ffffffff1d103f8
R10: dffffc0000000000 R11: fffffbfff1d103f9 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000041b58ab3
FS:  0000555574f50500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000001 CR3: 000000001b71e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 vprintk_store+0xaa6/0x1160 kernel/printk/printk.c:2316
 vprintk_emit+0x39b/0xa10 kernel/printk/printk.c:2378
 _printk+0xd5/0x120 kernel/printk/printk.c:2424
 page_fault_oops+0x540/0xcc0 arch/x86/mm/fault.c:705
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5ed/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffc900047be620 EFLAGS: 00010046
RAX: ffffc900047be8b0 RBX: 0000000000000045 RCX: ffffffff8bb93308
RDX: 0000000000000008 RSI: ffffffff8e0a80a5 RDI: ffffc900047be8b0
RBP: ffffc900047be710 R08: 3d3d3d3d3d3d3301 R09: 3d3d3d3d3d3d3301
R10: dffffc0000000000 R11: fffff520008f7d17 R12: ffffffff8e0a80ea
R13: dffffc0000000000 R14: ffffc900047be8b0 R15: ffffffff8e0a80a5
 </TASK>
Modules linked in:
CR2: 0000000000000001
---[ end trace 0000000000000000 ]---
RIP: 0010:memcpy_orig+0x1e/0x140 arch/x86/lib/memcpy_64.S:65
Code: 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 89 f8 48 83 fa 20 0f 82 86 00 00 00 40 38 fe 7c 35 48 83 ea 20 48 83 ea 20 <4c> 8b 06 4c 8b 4e 08 4c 8b 56 10 4c 8b 5e 18 48 8d 76 20 4c 89 07
RSP: 0018:ffffc900047bdef8 EFLAGS: 00010046
RAX: ffffffff8e881f88 RBX: ffffffff8e881f88 RCX: ffffffff8173ba76
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff8e881f88
RBP: ffffc900047be150 R08: ffffffff8e881fc7 R09: 1ffffffff1d103f8
R10: dffffc0000000000 R11: fffffbfff1d103f9 R12: dffffc0000000000
R13: 0000000000000000 R14: 0000000000000001 R15: 0000000041b58ab3
FS:  0000555574f50500(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 000000001b71e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	90                   	nop
   9:	90                   	nop
   a:	90                   	nop
   b:	90                   	nop
   c:	66 0f 1f 00          	nopw   (%rax)
  10:	48 89 f8             	mov    %rdi,%rax
  13:	48 83 fa 20          	cmp    $0x20,%rdx
  17:	0f 82 86 00 00 00    	jb     0xa3
  1d:	40 38 fe             	cmp    %dil,%sil
  20:	7c 35                	jl     0x57
  22:	48 83 ea 20          	sub    $0x20,%rdx
  26:	48 83 ea 20          	sub    $0x20,%rdx
* 2a:	4c 8b 06             	mov    (%rsi),%r8 <-- trapping instruction
  2d:	4c 8b 4e 08          	mov    0x8(%rsi),%r9
  31:	4c 8b 56 10          	mov    0x10(%rsi),%r10
  35:	4c 8b 5e 18          	mov    0x18(%rsi),%r11
  39:	48 8d 76 20          	lea    0x20(%rsi),%rsi
  3d:	4c 89 07             	mov    %r8,(%rdi)

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/08/27 21:22 linux-next 6f923748057a 6c853ff9 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in page_fault_oops
2024/08/20 10:19 linux-next bb1b0acdcd66 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel NULL pointer dereference in page_fault_oops
2024/08/23 12:53 linux-next c79c85875f1a ce8a9099 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: sleeping function called from invalid context in page_fault_oops
2024/08/22 01:54 linux-next eb8c5ca373cb ca02180f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root general protection fault in page_fault_oops
2024/08/20 22:39 linux-next bb1b0acdcd66 9f0ab3fb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: unable to handle kernel paging request in page_fault_oops
* Struck through repros no longer work on HEAD.