kernel BUG in __tlb_remove_page

Title	Replies (including bot)	Last reply
[syzbot] kernel BUG in __tlb_remove_page_size	0 (2)	2021/08/06 22:20

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	kernel BUG in __tlb_remove_page_size (2) mm arch	C	error		42	437d	446d	0/26	auto-obsoleted due to no activity on 2023/07/25 18:17

upstream

kernel BUG in __tlb_remove_page_size (2) mm arch

error

437d

446d

0/26

auto-obsoleted due to no activity on 2023/07/25 18:17

Created	Duration	User	Patch	Repo	Result
2022/09/10 06:27	16m	retest repro		upstream	OK log

Created

Duration

User

Patch

Repo

Result

2022/09/10 06:27

16m

retest repro

upstream

OK log

release_pages+0x856/0x20a0 mm/swap.c:972 tlb_batch_pages_flush mm/mmu_gather.c:49 [inline] tlb_flush_mmu_free mm/mmu_gather.c:242 [inline] tlb_flush_mmu mm/mmu_gather.c:249 [inline] tlb_finish_mmu+0x165/0x8c0 mm/mmu_gather.c:340 exit_mmap+0x1ea/0x620 mm/mmap.c:3204 __mmput+0x122/0x470 kernel/fork.c:1101 mmput+0x58/0x60 kernel/fork.c:1122 exit_mm kernel/exit.c:501 [inline] do_exit+0xae2/0x2a50 kernel/exit.c:812 do_group_exit+0x125/0x310 kernel/exit.c:922 __do_sys_exit_group kernel/exit.c:933 [inline] __se_sys_exit_group kernel/exit.c:931 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:931 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae ------------[ cut here ]------------ kernel BUG at mm/mmu_gather.c:87! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 10208 Comm: syz-executor.4 Not tainted 5.13.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__tlb_remove_page_size+0x1f1/0x420 mm/mmu_gather.c:87 Code: d2 0f 85 ef 01 00 00 8b 6d 0c e9 34 ff ff ff e8 65 0d c8 ff 0f 0b e8 5e 0d c8 ff 48 c7 c6 60 93 96 89 4c 89 f7 e8 9f ce fa ff <0f> 0b e8 48 0d c8 ff 4c 8d 6b 24 48 b8 00 00 00 00 00 fc ff df 4c RSP: 0018:ffffc90002757748 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffffc90002757a60 RCX: 0000000000000000 RDX: ffff888032eeb880 RSI: ffffffff81ad7ce1 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff88e1c1e9 R11: 00000000ffffffff R12: 0000000000000000 R13: 0000000000000001 R14: ffffea0000d09e00 R15: ffffc90002757a88 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 000000000ab8a404 CR3: 000000003792f000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __tlb_remove_page include/asm-generic/tlb.h:440 [inline] zap_pte_range mm/memory.c:1272 [inline] zap_pmd_range mm/memory.c:1384 [inline] zap_pud_range mm/memory.c:1413 [inline] zap_p4d_range mm/memory.c:1434 [inline] unmap_page_range+0xf22/0x2890 mm/memory.c:1455 unmap_single_vma+0x198/0x300 mm/memory.c:1500 unmap_vmas+0x16d/0x2f0 mm/memory.c:1532 exit_mmap+0x1d0/0x620 mm/mmap.c:3202 __mmput+0x122/0x470 kernel/fork.c:1101 mmput+0x58/0x60 kernel/fork.c:1122 exit_mm kernel/exit.c:501 [inline] do_exit+0xae2/0x2a50 kernel/exit.c:812 do_group_exit+0x125/0x310 kernel/exit.c:922 get_signal+0x47f/0x2150 kernel/signal.c:2796 arch_do_signal_or_restart+0x2a9/0x1eb0 arch/x86/kernel/signal.c:789 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/0x290 kernel/entry/common.c:209 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:302 __do_fast_syscall_32+0x72/0xf0 arch/x86/entry/common.c:181 do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:203 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c RIP: 0023:0xf7ff1549 Code: Unable to access opcode bytes at RIP 0xf7ff151f. RSP: 002b:00000000f77eb68c EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 RAX: 0000000000000001 RBX: 000000000819afcc RCX: 0000000000000081 RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000080525a9 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: ---[ end trace 67c535245c014435 ]--- RIP: 0010:__tlb_remove_page_size+0x1f1/0x420 mm/mmu_gather.c:87 Code: d2 0f 85 ef 01 00 00 8b 6d 0c e9 34 ff ff ff e8 65 0d c8 ff 0f 0b e8 5e 0d c8 ff 48 c7 c6 60 93 96 89 4c 89 f7 e8 9f ce fa ff <0f> 0b e8 48 0d c8 ff 4c 8d 6b 24 48 b8 00 00 00 00 00 fc ff df 4c RSP: 0018:ffffc90002757748 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffffc90002757a60 RCX: 0000000000000000 RDX: ffff888032eeb880 RSI: ffffffff81ad7ce1 RDI: 0000000000000003 RBP: 0000000000000000 R08: 0000000000000029 R09: 00000000ffffffff R10: ffffffff88e1c1e9 R11: 00000000ffffffff R12: 0000000000000000 R13: 0000000000000001 R14: ffffea0000d09e00 R15: ffffc90002757a88 FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 CR2: 000000000ab8a404 CR3: 000000003792f000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (4):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	VM info	Manager	Title
2021/07/04 04:45	upstream	3dbdb38e2869	55aa55c2	.config	console log	report	syz		ci-upstream-kasan-gce-386	kernel BUG in __tlb_remove_page_size
2021/07/07 15:54	upstream	3dbdb38e2869	4846d5c1	.config	console log	report		info	ci-upstream-kasan-gce-selinux-root	kernel BUG in __tlb_remove_page_size
2021/07/05 16:25	upstream	3dbdb38e2869	55aa55c2	.config	console log	report		info	ci-upstream-kasan-gce-selinux-root	kernel BUG in __tlb_remove_page_size
2021/07/04 04:31	upstream	3dbdb38e2869	55aa55c2	.config	console log	report		info	ci-upstream-kasan-gce-386	kernel BUG in __tlb_remove_page_size

Crashes (4):

Assets (help?)