syzbot


BUG: unable to handle kernel paging request in unmap_page_range (2)

Status: auto-closed as invalid on 2020/07/20 23:14
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+67c02ebe6e92c78e10ac@syzkaller.appspotmail.com
First crash: 1437d, last: 1437d
Similar bugs (2)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: unable to handle kernel paging request in unmap_page_range 1 1312d 1312d 0/1 auto-closed as invalid on 2020/12/23 06:48
upstream BUG: unable to handle kernel paging request in unmap_page_range mm 5 2032d 2056d 0/26 closed as invalid on 2018/09/05 12:51

Sample crash report:
BUG: unable to handle page fault for address: ffff8882133627f8
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD d401067 P4D d401067 PUD d404067 PMD 186063 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 28679 Comm: syz-executor.0 Not tainted 5.7.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unmap_page_range+0x196/0x25d0 mm/memory.c:1264
Code: 89 44 24 50 48 8b 44 24 70 48 c1 e8 03 42 80 3c 28 00 0f 85 72 21 00 00 48 8b 44 24 70 4c 8b a4 24 98 00 00 00 4c 8b 7c 24 50 <48> 8b 28 4c 89 e6 4c 89 ff e8 3c 8b d2 ff 48 89 eb 48 83 e3 9f 4d
RSP: 0018:ffffc90007eff778 EFLAGS: 00010246
RAX: ffff8882133627f8 RBX: ffff8880a28c6480 RCX: ffffffff81a0a383
RDX: ffffff8000000000 RSI: ffffffff81a0a428 RDI: ffff8880a28c64d0
RBP: ffff88808d83d250 R08: ffff88808b7e6300 R09: ffffed101296e2f1
R10: ffff888094b71783 R11: ffffed101296e2f0 R12: 00007ff213a89fff
R13: dffffc0000000000 R14: 00007ff21388a000 R15: 00007fffffffffff
FS:  00007ff212468700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8882133627f8 CR3: 000000009d1a2000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 unmap_single_vma+0x196/0x300 mm/memory.c:1312
 unmap_vmas+0x16f/0x2f0 mm/memory.c:1344
 exit_mmap+0x2aa/0x510 mm/mmap.c:3150
 __mmput kernel/fork.c:1085 [inline]
 mmput+0x168/0x4b0 kernel/fork.c:1106
 exit_mm kernel/exit.c:479 [inline]
 do_exit+0xa51/0x2dd0 kernel/exit.c:782
 do_group_exit+0x125/0x340 kernel/exit.c:893
 get_signal+0x47b/0x24e0 kernel/signal.c:2735
 do_signal+0x81/0x2240 arch/x86/kernel/signal.c:784
 exit_to_usermode_loop+0x26c/0x360 arch/x86/entry/common.c:161
 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:279 [inline]
 do_syscall_64+0x6b1/0x7d0 arch/x86/entry/common.c:305
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c829
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff212467cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 000000000078bfa8 RCX: 000000000045c829
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000078bfac
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000001b R11: 0000000000000246 R12: 000000000078bfac
R13: 0000000000c9fb6f R14: 00007ff2124689c0 R15: 000000000078bfac
Modules linked in:
CR2: ffff8882133627f8
BUG: unable to handle page fault for address: ffff88821a9c1c00
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD d401067 P4D d401067 PUD d404067 PMD 1b2063 PTE 0
Oops: 0002 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 28679 Comm: syz-executor.0 Not tainted 5.7.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:soft_cursor+0x311/0xa20 drivers/video/fbdev/core/softcursor.c:50
Code: 40 0f 9e c6 84 c9 0f 95 c0 40 84 c6 0f 85 7f 06 00 00 84 d2 0f 95 c1 0f 9e c0 84 c1 0f 85 6f 06 00 00 49 8b 46 18 8b 5c 24 10 <48> 89 45 00 49 8b 46 20 48 89 45 08 49 8b 46 28 48 89 45 10 49 8b
RSP: 0018:ffffc90007eff098 EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 1ffff92000fdfe01 RDI: ffffc90007eff1d8
RBP: ffff88821a9c1c00 R08: ffff88808b7e6300 R09: fffffbfff13d6f59
R10: ffffffff89eb7ac3 R11: fffffbfff13d6f58 R12: 0000000000000060
R13: 0000000000000010 R14: ffffc90007eff1c0 R15: ffff888218d12000
FS:  00007ff212468700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88821a9c1c00 CR3: 000000009d1a2000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 bit_cursor+0x1230/0x1900 drivers/video/fbdev/core/bitblit.c:386
 fbcon_cursor+0x477/0x650 drivers/video/fbdev/core/fbcon.c:1411
 fbcon_blank+0x87e/0xc10 drivers/video/fbdev/core/fbcon.c:2415
 do_unblank_screen drivers/tty/vt/vt.c:4304 [inline]
 do_unblank_screen+0x248/0x430 drivers/tty/vt/vt.c:4272
 bust_spinlocks+0x5b/0xe0 lib/bust_spinlocks.c:26
 oops_end+0x2b/0xf0 arch/x86/kernel/dumpstack.c:336
 no_context+0x5a0/0x9f0 arch/x86/mm/fault.c:849
 __bad_area_nosemaphore+0xa6/0x420 arch/x86/mm/fault.c:935
 do_kern_addr_fault arch/x86/mm/fault.c:1299 [inline]
 do_page_fault+0x932/0x13da arch/x86/mm/fault.c:1533
 page_fault+0x39/0x40 arch/x86/entry/entry_64.S:1203
RIP: 0010:unmap_page_range+0x196/0x25d0 mm/memory.c:1264
Code: 89 44 24 50 48 8b 44 24 70 48 c1 e8 03 42 80 3c 28 00 0f 85 72 21 00 00 48 8b 44 24 70 4c 8b a4 24 98 00 00 00 4c 8b 7c 24 50 <48> 8b 28 4c 89 e6 4c 89 ff e8 3c 8b d2 ff 48 89 eb 48 83 e3 9f 4d
RSP: 0018:ffffc90007eff778 EFLAGS: 00010246
RAX: ffff8882133627f8 RBX: ffff8880a28c6480 RCX: ffffffff81a0a383
RDX: ffffff8000000000 RSI: ffffffff81a0a428 RDI: ffff8880a28c64d0
RBP: ffff88808d83d250 R08: ffff88808b7e6300 R09: ffffed101296e2f1
R10: ffff888094b71783 R11: ffffed101296e2f0 R12: 00007ff213a89fff
R13: dffffc0000000000 R14: 00007ff21388a000 R15: 00007fffffffffff
 unmap_single_vma+0x196/0x300 mm/memory.c:1312
 unmap_vmas+0x16f/0x2f0 mm/memory.c:1344
 exit_mmap+0x2aa/0x510 mm/mmap.c:3150
 __mmput kernel/fork.c:1085 [inline]
 mmput+0x168/0x4b0 kernel/fork.c:1106
 exit_mm kernel/exit.c:479 [inline]
 do_exit+0xa51/0x2dd0 kernel/exit.c:782
 do_group_exit+0x125/0x340 kernel/exit.c:893
 get_signal+0x47b/0x24e0 kernel/signal.c:2735
 do_signal+0x81/0x2240 arch/x86/kernel/signal.c:784
 exit_to_usermode_loop+0x26c/0x360 arch/x86/entry/common.c:161
 prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:279 [inline]
 do_syscall_64+0x6b1/0x7d0 arch/x86/entry/common.c:305
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x45c829
Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ff212467cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: 0000000000000001 RBX: 000000000078bfa8 RCX: 000000000045c829
RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000078bfac
RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000
R10: 000000000000001b R11: 0000000000000246 R12: 000000000078bfac
R13: 0000000000c9fb6f R14: 00007ff2124689c0 R15: 000000000078bfac
Modules linked in:
CR2: ffff88821a9c1c00
---[ end trace 08563f484627ae32 ]---
RIP: 0010:unmap_page_range+0x196/0x25d0 mm/memory.c:1264
Code: 89 44 24 50 48 8b 44 24 70 48 c1 e8 03 42 80 3c 28 00 0f 85 72 21 00 00 48 8b 44 24 70 4c 8b a4 24 98 00 00 00 4c 8b 7c 24 50 <48> 8b 28 4c 89 e6 4c 89 ff e8 3c 8b d2 ff 48 89 eb 48 83 e3 9f 4d
RSP: 0018:ffffc90007eff778 EFLAGS: 00010246
RAX: ffff8882133627f8 RBX: ffff8880a28c6480 RCX: ffffffff81a0a383
RDX: ffffff8000000000 RSI: ffffffff81a0a428 RDI: ffff8880a28c64d0
RBP: ffff88808d83d250 R08: ffff88808b7e6300 R09: ffffed101296e2f1
R10: ffff888094b71783 R11: ffffed101296e2f0 R12: 00007ff213a89fff
R13: dffffc0000000000 R14: 00007ff21388a000 R15: 00007fffffffffff
FS:  00007ff212468700(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff88821a9c1c00 CR3: 000000009d1a2000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/04/21 23:13 upstream 189522da8b3a 2e44d63e .config console log report ci-upstream-kasan-gce
* Struck through repros no longer work on HEAD.