From: syzbot <syzbot+443228fd71f385302265@syzkaller.appspotmail.com> To: konishi.ryusuke@gmail.com, linux-kernel@vger.kernel.org, linux-nilfs@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: [syzbot] WARNING in __virt_to_phys Date: Sun, 18 Sep 2022 23:12:37 -0700 [thread overview] Message-ID: <0000000000002bcef705e90199cd@google.com> (raw) Hello, syzbot found the following issue on: HEAD commit: a6b443748715 Merge branch 'for-next/core', remote-tracking.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=14fc366f080000 kernel config: https://syzkaller.appspot.com/x/.config?x=14bf9ec0df433b27 dashboard link: https://syzkaller.appspot.com/bug?extid=443228fd71f385302265 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/81b491dd5861/disk-a6b44374.raw.xz vmlinux: https://storage.googleapis.com/69c979cdc99a/vmlinux-a6b44374.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+443228fd71f385302265@syzkaller.appspotmail.com virt_to_phys used for non-linear address: 00000000b6fc6bf9 (0x44006b7369643d45) WARNING: CPU: 0 PID: 24583 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x80/0x98 arch/arm64/mm/physaddr.c:17 Modules linked in: CPU: 0 PID: 24583 Comm: syz-executor.3 Not tainted 6.0.0-rc4-syzkaller-17255-ga6b443748715 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __virt_to_phys+0x80/0x98 arch/arm64/mm/physaddr.c:17 lr : __virt_to_phys+0x7c/0x98 arch/arm64/mm/physaddr.c:12 sp : ffff80001f993b00 x29: ffff80001f993b00 x28: 0000000000000000 x27: ffff0000ed649d68 x26: ffff0000fa388000 x25: 00000000ffff8000 x24: 0000000000000000 x23: ffff000108325800 x22: 00000000ffff8000 x21: 0000000040000000 x20: 44016b7369643d45 x19: 44006b7369643d45 x18: 00000000000001b8 x17: ffff80000c00d6bc x16: ffff80000db78658 x15: ffff0000fa388000 x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000 x11: 0000000000005389 x10: ffff800017fb2000 x9 : 48cd7cd042b5b300 x8 : ffff80000cf0e000 x7 : ffff800008162e5c x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000007 x1 : 0000000100000000 x0 : 000000000000004f Call trace: __virt_to_phys+0x80/0x98 arch/arm64/mm/physaddr.c:17 virt_to_folio include/linux/mm.h:856 [inline] kfree+0x70/0x348 mm/slub.c:4556 nilfs_mdt_destroy+0x24/0x3c fs/nilfs2/mdt.c:497 nilfs_free_inode+0x2c/0x54 fs/nilfs2/super.c:168 i_callback fs/inode.c:249 [inline] alloc_inode+0xdc/0x104 fs/inode.c:274 new_inode_pseudo fs/inode.c:1019 [inline] new_inode+0x2c/0xc0 fs/inode.c:1047 nilfs_new_inode+0x48/0x378 fs/nilfs2/inode.c:334 nilfs_create+0x74/0x17c fs/nilfs2/namei.c:85 vfs_create+0x1c8/0x270 fs/namei.c:3115 do_mknodat+0x274/0x3e8 fs/namei.c:3942 __do_sys_mknodat fs/namei.c:3970 [inline] __se_sys_mknodat fs/namei.c:3967 [inline] __arm64_sys_mknodat+0x4c/0x64 fs/namei.c:3967 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:624 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:642 el0t_64_sync+0x18c/0x190 irq event stamp: 2368 hardirqs last enabled at (2367): [<ffff800008162eec>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline] hardirqs last enabled at (2367): [<ffff800008162eec>] finish_lock_switch+0x94/0xe8 kernel/sched/core.c:4942 hardirqs last disabled at (2368): [<ffff80000bfc5c8c>] el1_dbg+0x24/0x5c arch/arm64/kernel/entry-common.c:395 softirqs last enabled at (2364): [<ffff8000080102e4>] _stext+0x2e4/0x37c softirqs last disabled at (2287): [<ffff800008017c48>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79 ---[ end trace 0000000000000000 ]--- Unable to handle kernel paging request at virtual address 000fffadd38710c8 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [000fffadd38710c8] address between user and kernel address ranges Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 24583 Comm: syz-executor.3 Tainted: G W 6.0.0-rc4-syzkaller-17255-ga6b443748715 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : _compound_head include/linux/page-flags.h:253 [inline] pc : virt_to_folio include/linux/mm.h:858 [inline] pc : kfree+0x80/0x348 mm/slub.c:4556 lr : virt_to_folio include/linux/mm.h:856 [inline] lr : kfree+0x70/0x348 mm/slub.c:4556 sp : ffff80001f993b20 x29: ffff80001f993b30 x28: 0000000000000000 x27: ffff0000ed649d68 x26: ffff0000fa388000 x25: 00000000ffff8000 x24: 0000000000000000 x23: ffff000108325800 x22: 00000000ffff8000 x21: 010fffadd38710c0 x20: ffff800008f58ab8 x19: 44006b7369643d45 x18: 00000000000001b8 x17: ffff80000c00d6bc x16: ffff80000db78658 x15: ffff0000fa388000 x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000 x11: 0000000000005389 x10: ffff800017fb2000 x9 : fffffc0000000000 x8 : 0004400eb74e1c43 x7 : ffff800008162e5c x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000007 x1 : 0000000100000000 x0 : 4400eb7521c43d45 Call trace: virt_to_folio include/linux/mm.h:856 [inline] kfree+0x80/0x348 mm/slub.c:4556 nilfs_mdt_destroy+0x24/0x3c fs/nilfs2/mdt.c:497 nilfs_free_inode+0x2c/0x54 fs/nilfs2/super.c:168 i_callback fs/inode.c:249 [inline] alloc_inode+0xdc/0x104 fs/inode.c:274 new_inode_pseudo fs/inode.c:1019 [inline] new_inode+0x2c/0xc0 fs/inode.c:1047 nilfs_new_inode+0x48/0x378 fs/nilfs2/inode.c:334 nilfs_create+0x74/0x17c fs/nilfs2/namei.c:85 vfs_create+0x1c8/0x270 fs/namei.c:3115 do_mknodat+0x274/0x3e8 fs/namei.c:3942 __do_sys_mknodat fs/namei.c:3970 [inline] __se_sys_mknodat fs/namei.c:3967 [inline] __arm64_sys_mknodat+0x4c/0x64 fs/namei.c:3967 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:624 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:642 el0t_64_sync+0x18c/0x190 Code: d34cfc08 cb953108 b25657e9 8b081935 (f94006a8) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: d34cfc08 lsr x8, x0, #12 4: cb953108 sub x8, x8, x21, asr #12 8: b25657e9 mov x9, #0xfffffc0000000000 // #-4398046511104 c: 8b081935 add x21, x9, x8, lsl #6 * 10: f94006a8 ldr x8, [x21, #8] <-- trapping instruction --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+443228fd71f385302265-Pl5Pbv+GP7P466ipTTIvnc23WoclnBCfAL8bYrjMMd8@public.gmane.org> To: konishi.ryusuke-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-nilfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, syzkaller-bugs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Subject: [syzbot] WARNING in __virt_to_phys Date: Sun, 18 Sep 2022 23:12:37 -0700 [thread overview] Message-ID: <0000000000002bcef705e90199cd@google.com> (raw) Hello, syzbot found the following issue on: HEAD commit: a6b443748715 Merge branch 'for-next/core', remote-tracking.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci console output: https://syzkaller.appspot.com/x/log.txt?x=14fc366f080000 kernel config: https://syzkaller.appspot.com/x/.config?x=14bf9ec0df433b27 dashboard link: https://syzkaller.appspot.com/bug?extid=443228fd71f385302265 compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 userspace arch: arm64 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image: https://storage.googleapis.com/81b491dd5861/disk-a6b44374.raw.xz vmlinux: https://storage.googleapis.com/69c979cdc99a/vmlinux-a6b44374.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+443228fd71f385302265-Pl5Pbv+GP7P466ipTTIvnc23WoclnBCfAL8bYrjMMd8@public.gmane.org virt_to_phys used for non-linear address: 00000000b6fc6bf9 (0x44006b7369643d45) WARNING: CPU: 0 PID: 24583 at arch/arm64/mm/physaddr.c:15 __virt_to_phys+0x80/0x98 arch/arm64/mm/physaddr.c:17 Modules linked in: CPU: 0 PID: 24583 Comm: syz-executor.3 Not tainted 6.0.0-rc4-syzkaller-17255-ga6b443748715 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __virt_to_phys+0x80/0x98 arch/arm64/mm/physaddr.c:17 lr : __virt_to_phys+0x7c/0x98 arch/arm64/mm/physaddr.c:12 sp : ffff80001f993b00 x29: ffff80001f993b00 x28: 0000000000000000 x27: ffff0000ed649d68 x26: ffff0000fa388000 x25: 00000000ffff8000 x24: 0000000000000000 x23: ffff000108325800 x22: 00000000ffff8000 x21: 0000000040000000 x20: 44016b7369643d45 x19: 44006b7369643d45 x18: 00000000000001b8 x17: ffff80000c00d6bc x16: ffff80000db78658 x15: ffff0000fa388000 x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000 x11: 0000000000005389 x10: ffff800017fb2000 x9 : 48cd7cd042b5b300 x8 : ffff80000cf0e000 x7 : ffff800008162e5c x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000007 x1 : 0000000100000000 x0 : 000000000000004f Call trace: __virt_to_phys+0x80/0x98 arch/arm64/mm/physaddr.c:17 virt_to_folio include/linux/mm.h:856 [inline] kfree+0x70/0x348 mm/slub.c:4556 nilfs_mdt_destroy+0x24/0x3c fs/nilfs2/mdt.c:497 nilfs_free_inode+0x2c/0x54 fs/nilfs2/super.c:168 i_callback fs/inode.c:249 [inline] alloc_inode+0xdc/0x104 fs/inode.c:274 new_inode_pseudo fs/inode.c:1019 [inline] new_inode+0x2c/0xc0 fs/inode.c:1047 nilfs_new_inode+0x48/0x378 fs/nilfs2/inode.c:334 nilfs_create+0x74/0x17c fs/nilfs2/namei.c:85 vfs_create+0x1c8/0x270 fs/namei.c:3115 do_mknodat+0x274/0x3e8 fs/namei.c:3942 __do_sys_mknodat fs/namei.c:3970 [inline] __se_sys_mknodat fs/namei.c:3967 [inline] __arm64_sys_mknodat+0x4c/0x64 fs/namei.c:3967 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:624 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:642 el0t_64_sync+0x18c/0x190 irq event stamp: 2368 hardirqs last enabled at (2367): [<ffff800008162eec>] raw_spin_rq_unlock_irq kernel/sched/sched.h:1367 [inline] hardirqs last enabled at (2367): [<ffff800008162eec>] finish_lock_switch+0x94/0xe8 kernel/sched/core.c:4942 hardirqs last disabled at (2368): [<ffff80000bfc5c8c>] el1_dbg+0x24/0x5c arch/arm64/kernel/entry-common.c:395 softirqs last enabled at (2364): [<ffff8000080102e4>] _stext+0x2e4/0x37c softirqs last disabled at (2287): [<ffff800008017c48>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:79 ---[ end trace 0000000000000000 ]--- Unable to handle kernel paging request at virtual address 000fffadd38710c8 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [000fffadd38710c8] address between user and kernel address ranges Internal error: Oops: 96000004 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 24583 Comm: syz-executor.3 Tainted: G W 6.0.0-rc4-syzkaller-17255-ga6b443748715 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : _compound_head include/linux/page-flags.h:253 [inline] pc : virt_to_folio include/linux/mm.h:858 [inline] pc : kfree+0x80/0x348 mm/slub.c:4556 lr : virt_to_folio include/linux/mm.h:856 [inline] lr : kfree+0x70/0x348 mm/slub.c:4556 sp : ffff80001f993b20 x29: ffff80001f993b30 x28: 0000000000000000 x27: ffff0000ed649d68 x26: ffff0000fa388000 x25: 00000000ffff8000 x24: 0000000000000000 x23: ffff000108325800 x22: 00000000ffff8000 x21: 010fffadd38710c0 x20: ffff800008f58ab8 x19: 44006b7369643d45 x18: 00000000000001b8 x17: ffff80000c00d6bc x16: ffff80000db78658 x15: ffff0000fa388000 x14: 0000000000000000 x13: 00000000ffffffff x12: 0000000000040000 x11: 0000000000005389 x10: ffff800017fb2000 x9 : fffffc0000000000 x8 : 0004400eb74e1c43 x7 : ffff800008162e5c x6 : 0000000000000000 x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000007 x1 : 0000000100000000 x0 : 4400eb7521c43d45 Call trace: virt_to_folio include/linux/mm.h:856 [inline] kfree+0x80/0x348 mm/slub.c:4556 nilfs_mdt_destroy+0x24/0x3c fs/nilfs2/mdt.c:497 nilfs_free_inode+0x2c/0x54 fs/nilfs2/super.c:168 i_callback fs/inode.c:249 [inline] alloc_inode+0xdc/0x104 fs/inode.c:274 new_inode_pseudo fs/inode.c:1019 [inline] new_inode+0x2c/0xc0 fs/inode.c:1047 nilfs_new_inode+0x48/0x378 fs/nilfs2/inode.c:334 nilfs_create+0x74/0x17c fs/nilfs2/namei.c:85 vfs_create+0x1c8/0x270 fs/namei.c:3115 do_mknodat+0x274/0x3e8 fs/namei.c:3942 __do_sys_mknodat fs/namei.c:3970 [inline] __se_sys_mknodat fs/namei.c:3967 [inline] __arm64_sys_mknodat+0x4c/0x64 fs/namei.c:3967 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:624 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:642 el0t_64_sync+0x18c/0x190 Code: d34cfc08 cb953108 b25657e9 8b081935 (f94006a8) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: d34cfc08 lsr x8, x0, #12 4: cb953108 sub x8, x8, x21, asr #12 8: b25657e9 mov x9, #0xfffffc0000000000 // #-4398046511104 c: 8b081935 add x21, x9, x8, lsl #6 * 10: f94006a8 ldr x8, [x21, #8] <-- trapping instruction --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next reply other threads:[~2022-09-19 6:12 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-09-19 6:12 syzbot [this message] 2022-09-19 6:12 ` [syzbot] WARNING in __virt_to_phys syzbot 2022-09-19 7:05 ` Ryusuke Konishi 2022-09-19 7:05 ` Ryusuke Konishi
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=0000000000002bcef705e90199cd@google.com \ --to=syzbot+443228fd71f385302265@syzkaller.appspotmail.com \ --cc=konishi.ryusuke@gmail.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-nilfs@vger.kernel.org \ --cc=syzkaller-bugs@googlegroups.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.