From: syzbot <syzbot+8336c747d79a4c3a0944@syzkaller.appspotmail.com>
To: catalin.marinas@arm.com, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
will@kernel.org
Subject: [syzbot] [arm?] BUG: unable to handle kernel paging request in task_h_load
Date: Tue, 28 May 2024 05:47:22 -0700 [thread overview]
Message-ID: <000000000000fa65d80619830888@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 6d69b6c12fce Merge tag 'nfs-for-6.10-1' of git://git.linux..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=164ce7f0980000
kernel config: https://syzkaller.appspot.com/x/.config?x=21de3d423116c304
dashboard link: https://syzkaller.appspot.com/bug?extid=8336c747d79a4c3a0944
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=119fbe58980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13a8443c980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-6d69b6c1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9fa4d7c3665d/vmlinux-6d69b6c1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/131ac291917c/Image-6d69b6c1.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8336c747d79a4c3a0944@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address 007000000621a118
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[007000000621a118] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3189 Comm: syz-executor371 Not tainted 6.9.0-syzkaller-12124-g6d69b6c12fce #0
Hardware name: linux,dummy-virt (DT)
pstate: 204000c9 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfs_rq_of kernel/sched/sched.h:1468 [inline]
pc : update_cfs_rq_h_load kernel/sched/fair.c:9441 [inline]
pc : task_h_load+0x40/0xb8 kernel/sched/fair.c:9466
lr : detach_tasks kernel/sched/fair.c:9181 [inline]
lr : sched_balance_rq+0x80c/0xc94 kernel/sched/fair.c:11375
sp : ffff80008000bd50
x29: ffff80008000bd50 x28: f8f0000004c62538 x27: ffff8000825e3308
x26: 0000000000000001 x25: fff000007f8d6de0 x24: ffff80008000bf14
x23: fff000007f8d6340 x22: fff000007f8d6340 x21: fff000007f8d6d40
x20: ffff80008000be78 x19: f8f0000004c62480 x18: ffffffffffffffff
x17: fff07ffffd331000 x16: ffff800080008000 x15: 0000000000000001
x14: 000000000000000a x13: 0000000000000000 x12: 0000000000000011
x11: 0000000000000001 x10: 0000000000000001 x9 : 0000000000000da8
x8 : fff000007f8d6440 x7 : f4f000000621a200 x6 : 0000000000000001
x5 : 00000000ffffbd09 x4 : ffff80008000be78 x3 : f5f000000602ff40
x2 : f87000000621a080 x1 : 00000000ffffa6e9 x0 : f8f0000004c62480
Call trace:
update_cfs_rq_h_load kernel/sched/fair.c:9440 [inline]
task_h_load+0x40/0xb8 kernel/sched/fair.c:9466
sched_balance_domains+0x270/0x3ac kernel/sched/fair.c:11798
sched_balance_softirq+0x50/0x74 kernel/sched/fair.c:12503
handle_softirqs+0x10c/0x240 kernel/softirq.c:554
__do_softirq+0x14/0x20 kernel/softirq.c:588
____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:81
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
do_softirq_own_stack+0x1c/0x28 arch/arm64/kernel/irq.c:86
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0xbc/0xd8 kernel/softirq.c:649
__el1_irq arch/arm64/kernel/entry-common.c:537 [inline]
el1_interrupt+0x38/0x64 arch/arm64/kernel/entry-common.c:551
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:556
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:594
__pte_offset_map+0x2c/0x100 mm/pgtable-generic.c:292
pte_offset_map_nolock+0x38/0xb0 mm/pgtable-generic.c:314
handle_pte_fault mm/memory.c:5366 [inline]
__handle_mm_fault+0x2e8/0xc20 mm/memory.c:5523
handle_mm_fault+0x68/0x27c mm/memory.c:5688
do_page_fault+0xf8/0x480 arch/arm64/mm/fault.c:578
do_translation_fault+0xac/0xbc arch/arm64/mm/fault.c:690
do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:826
el0_ia+0xa4/0x118 arch/arm64/kernel/entry-common.c:598
el0t_64_sync_handler+0xd0/0x12c arch/arm64/kernel/entry-common.c:736
el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
Code: b5000082 1400001c f9404842 b4000382 (f9404c41)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: b5000082 cbnz x2, 0x10
4: 1400001c b 0x74
8: f9404842 ldr x2, [x2, #144]
c: b4000382 cbz x2, 0x7c
* 10: f9404c41 ldr x1, [x2, #152] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: syzbot <syzbot+8336c747d79a4c3a0944@syzkaller.appspotmail.com>
To: catalin.marinas@arm.com, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
will@kernel.org
Subject: [syzbot] [arm?] BUG: unable to handle kernel paging request in task_h_load
Date: Tue, 28 May 2024 05:47:22 -0700 [thread overview]
Message-ID: <000000000000fa65d80619830888@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 6d69b6c12fce Merge tag 'nfs-for-6.10-1' of git://git.linux..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=164ce7f0980000
kernel config: https://syzkaller.appspot.com/x/.config?x=21de3d423116c304
dashboard link: https://syzkaller.appspot.com/bug?extid=8336c747d79a4c3a0944
compiler: aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=119fbe58980000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13a8443c980000
Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/384ffdcca292/non_bootable_disk-6d69b6c1.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/9fa4d7c3665d/vmlinux-6d69b6c1.xz
kernel image: https://storage.googleapis.com/syzbot-assets/131ac291917c/Image-6d69b6c1.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8336c747d79a4c3a0944@syzkaller.appspotmail.com
Unable to handle kernel paging request at virtual address 007000000621a118
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[007000000621a118] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 3189 Comm: syz-executor371 Not tainted 6.9.0-syzkaller-12124-g6d69b6c12fce #0
Hardware name: linux,dummy-virt (DT)
pstate: 204000c9 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : cfs_rq_of kernel/sched/sched.h:1468 [inline]
pc : update_cfs_rq_h_load kernel/sched/fair.c:9441 [inline]
pc : task_h_load+0x40/0xb8 kernel/sched/fair.c:9466
lr : detach_tasks kernel/sched/fair.c:9181 [inline]
lr : sched_balance_rq+0x80c/0xc94 kernel/sched/fair.c:11375
sp : ffff80008000bd50
x29: ffff80008000bd50 x28: f8f0000004c62538 x27: ffff8000825e3308
x26: 0000000000000001 x25: fff000007f8d6de0 x24: ffff80008000bf14
x23: fff000007f8d6340 x22: fff000007f8d6340 x21: fff000007f8d6d40
x20: ffff80008000be78 x19: f8f0000004c62480 x18: ffffffffffffffff
x17: fff07ffffd331000 x16: ffff800080008000 x15: 0000000000000001
x14: 000000000000000a x13: 0000000000000000 x12: 0000000000000011
x11: 0000000000000001 x10: 0000000000000001 x9 : 0000000000000da8
x8 : fff000007f8d6440 x7 : f4f000000621a200 x6 : 0000000000000001
x5 : 00000000ffffbd09 x4 : ffff80008000be78 x3 : f5f000000602ff40
x2 : f87000000621a080 x1 : 00000000ffffa6e9 x0 : f8f0000004c62480
Call trace:
update_cfs_rq_h_load kernel/sched/fair.c:9440 [inline]
task_h_load+0x40/0xb8 kernel/sched/fair.c:9466
sched_balance_domains+0x270/0x3ac kernel/sched/fair.c:11798
sched_balance_softirq+0x50/0x74 kernel/sched/fair.c:12503
handle_softirqs+0x10c/0x240 kernel/softirq.c:554
__do_softirq+0x14/0x20 kernel/softirq.c:588
____do_softirq+0x10/0x1c arch/arm64/kernel/irq.c:81
call_on_irq_stack+0x24/0x4c arch/arm64/kernel/entry.S:889
do_softirq_own_stack+0x1c/0x28 arch/arm64/kernel/irq.c:86
invoke_softirq kernel/softirq.c:435 [inline]
__irq_exit_rcu kernel/softirq.c:637 [inline]
irq_exit_rcu+0xbc/0xd8 kernel/softirq.c:649
__el1_irq arch/arm64/kernel/entry-common.c:537 [inline]
el1_interrupt+0x38/0x64 arch/arm64/kernel/entry-common.c:551
el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:556
el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:594
__pte_offset_map+0x2c/0x100 mm/pgtable-generic.c:292
pte_offset_map_nolock+0x38/0xb0 mm/pgtable-generic.c:314
handle_pte_fault mm/memory.c:5366 [inline]
__handle_mm_fault+0x2e8/0xc20 mm/memory.c:5523
handle_mm_fault+0x68/0x27c mm/memory.c:5688
do_page_fault+0xf8/0x480 arch/arm64/mm/fault.c:578
do_translation_fault+0xac/0xbc arch/arm64/mm/fault.c:690
do_mem_abort+0x44/0x94 arch/arm64/mm/fault.c:826
el0_ia+0xa4/0x118 arch/arm64/kernel/entry-common.c:598
el0t_64_sync_handler+0xd0/0x12c arch/arm64/kernel/entry-common.c:736
el0t_64_sync+0x19c/0x1a0 arch/arm64/kernel/entry.S:598
Code: b5000082 1400001c f9404842 b4000382 (f9404c41)
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
0: b5000082 cbnz x2, 0x10
4: 1400001c b 0x74
8: f9404842 ldr x2, [x2, #144]
c: b4000382 cbz x2, 0x7c
* 10: f9404c41 ldr x1, [x2, #152] <-- trapping instruction
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
next reply other threads:[~2024-05-28 12:47 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-28 12:47 syzbot [this message]
2024-05-28 12:47 ` [syzbot] [arm?] BUG: unable to handle kernel paging request in task_h_load syzbot
2024-06-04 11:01 ` Will Deacon
2024-06-04 11:01 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000fa65d80619830888@google.com \
--to=syzbot+8336c747d79a4c3a0944@syzkaller.appspotmail.com \
--cc=catalin.marinas@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.