Re: general protection fault in pagemap_pmd_range
From: Eric Biggers
Date: Mon Nov 18 2019 - 23:06:33 EST
[trimmed down ridiculous Cc list]
On Tue, Nov 05, 2019 at 03:52:08PM -0800, syzbot wrote:
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit: 51309b9d Add linux-next specific files for 20191105
> git tree: linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=11ad1658e00000
> kernel config: https://syzkaller.appspot.com/x/.config?x=a9b1a641c1f1fc52
> dashboard link: https://syzkaller.appspot.com/bug?extid=a0fc447639c6ffa66b59
> compiler: gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=164e5f92e00000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15c65bcce00000
>
> The bug was bisected to:
>
> commit 181be542ef3c9ca495500143d4c23f4d58beb5ab
> Author: Steven Price <steven.price@xxxxxxx>
> Date: Mon Nov 4 22:57:54 2019 +0000
>
> mm: pagewalk: allow walking without vma
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=11341968e00000
> final crash: https://syzkaller.appspot.com/x/report.txt?x=13341968e00000
> console output: https://syzkaller.appspot.com/x/log.txt?x=15341968e00000
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+a0fc447639c6ffa66b59@xxxxxxxxxxxxxxxxxxxxxxxxx
> Fixes: 181be542ef3c ("mm: pagewalk: allow walking without vma")
>
> kasan: CONFIG_KASAN_INLINE enabled
> kasan: GPF could be caused by NULL-ptr deref or user memory access
> general protection fault: 0000 [#1] PREEMPT SMP KASAN
> CPU: 0 PID: 8839 Comm: syz-executor009 Not tainted 5.4.0-rc6-next-20191105
> #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> RIP: 0010:pmd_trans_huge_lock include/linux/huge_mm.h:219 [inline]
> RIP: 0010:pagemap_pmd_range+0x83/0x1e40 fs/proc/task_mmu.c:1373
>From some quick tests, this seems to have been fixed by
mm-pagewalk-allow-walking-without-vma-v15
(http://lkml.kernel.org/r/20191101140942.51554-13-steven.price@xxxxxxx).
And it's consistent with syzbot last seeing this crash on next-20191105.
As this fix will be folded in, let's invalidate this syzbot bug report:
#syz invalid