syzbot


general protection fault in syscall_return_slowpath
Status: fixed on 2020/09/16 22:51
Reported-by: syzbot+cd66e43794b178bb5cd6@syzkaller.appspotmail.com
Fix commit: 033724d6 fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
First crash: 326d, last: 235d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in sysfs_warn_dup (log)
Repro: syz .config

Fix bisection: fixed by (bisect log) :
commit 033724d6864245a11f8e04c066002e6ad22b3fd0
Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed Jul 15 01:51:02 2020 +0000

  fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.

duplicates (22):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: null-ptr-deref Read in uncore_pmu_event_add C done 1 268d 264d 0/17 closed as dup on 2020/08/16 03:50
BUG: unable to handle kernel paging request in do_syscall_64 1 249d 245d 0/17 closed as dup on 2020/08/15 13:35
BUG: stack guard page was hit in __bad_area_nosemaphore 3 181d 197d 0/17 closed as dup on 2020/08/16 13:35
general protection fault in do_syscall_64 C done error 4 271d 301d 0/17 closed as dup on 2020/08/15 11:55
BUG: unable to handle kernel paging request in x86_pmu_event_init C done 1 184d 180d 0/17 closed as dup on 2020/08/16 01:19
BUG: unable to handle kernel NULL pointer dereference in do_syscall_32_irqs_on syz done 3 180d 182d 0/17 closed as dup on 2020/08/15 13:55
general protection fault in __switch_to_asm C inconclusive done 158 126d 228d 0/17 closed as dup on 2020/10/20 07:02
BUG: stack guard page was hit in mark_held_locks 1 199d 199d 0/17 closed as dup on 2020/08/16 13:35
KASAN: null-ptr-deref Read in kvm_arch_check_processor_compat syz done 1 219d 215d 0/17 closed as dup on 2020/06/30 06:11
KASAN: null-ptr-deref Read in kvm_vfio_set_attr syz done 1 307d 303d 0/17 closed as dup on 2020/08/16 03:56
BUG: unable to handle kernel NULL pointer dereference in do_syscall_64 (2) C done 9 219d 324d 0/17 closed as dup on 2020/08/15 13:48
BUG: unable to handle kernel paging request in syscall_return_slowpath C done 2 182d 265d 0/17 closed as dup on 2020/08/15 13:44
BUG: unable to handle kernel NULL pointer dereference in __syscall_return_slowpath C 55 181d 208d 0/17 closed as dup on 2020/06/29 16:42
BUG: unable to handle kernel NULL pointer dereference in syscall_trace_enter 1 201d 197d 0/17 closed as dup on 2020/08/15 13:51
KASAN: out-of-bounds Write in nested_sync_vmcs12_to_shadow syz done error 1 282d 278d 0/17 closed as dup on 2020/08/16 03:59
general protection fault in pvclock_gtod_notify C 69 130d 211d 0/17 closed as dup on 2020/06/30 06:12
BUG: unable to handle kernel paging request in __syscall_return_slowpath syz done 1 181d 177d 0/17 closed as dup on 2020/08/15 13:40
KASAN: out-of-bounds Read in kvm_arch_hardware_setup C 1 214d 210d 0/17 closed as dup on 2020/06/30 06:12
BUG: sleeping function called from invalid context in do_page_fault C done error 7 258d 325d 0/17 closed as dup on 2020/08/16 04:02
KASAN: user-memory-access Read in kvmclock_cpufreq_notifier C done error 1 288d 314d 0/17 closed as dup on 2020/08/16 04:05
BUG: stack guard page was hit in fixup_exception 1 197d 197d 0/17 closed as dup on 2020/08/16 13:34
BUG: sleeping function called from invalid context in do_user_addr_fault syz inconclusive done 10 137d 217d 0/17 closed as dup on 2020/09/02 22:06
Patch testing requests:
Created Duration User Patch Repo Result
2020/07/10 07:27 14m dvyukov@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 report log
2020/07/04 06:40 0m dvyukov@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/07/03 11:23 0m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/03/08 18:35 3m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/03/08 17:21 3m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error

Sample crash report:

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Maintainers
ci-upstream-kasan-gce-smack-root 2020/03/04 07:43 upstream 63623fd4 c88c7b75 .config log report syz bp@alien8.de, hpa@zytor.com, linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org