syzbot


general protection fault in syscall_return_slowpath
Status: fixed on 2020/09/16 22:51
Reported-by: syzbot+cd66e43794b178bb5cd6@syzkaller.appspotmail.com
Fix commit: 033724d68642 fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
First crash: 591d, last: 501d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in sysfs_warn_dup (log)
Repro: syz .config

Fix bisection: fixed by (bisect log) :
commit 033724d6864245a11f8e04c066002e6ad22b3fd0
Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed Jul 15 01:51:02 2020 +0000

  fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.

duplicates (22):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: null-ptr-deref Read in uncore_pmu_event_add C done 1 534d 530d 0/22 closed as dup on 2020/08/16 03:50
BUG: unable to handle kernel paging request in do_syscall_64 1 514d 510d 0/22 closed as dup on 2020/08/15 13:35
BUG: stack guard page was hit in __bad_area_nosemaphore 3 447d 462d 0/22 closed as dup on 2020/08/16 13:35
general protection fault in do_syscall_64 C done error 4 537d 567d 0/22 closed as dup on 2020/08/15 11:55
BUG: unable to handle kernel paging request in x86_pmu_event_init C done 1 450d 446d 0/22 closed as dup on 2020/08/16 01:19
BUG: unable to handle kernel NULL pointer dereference in do_syscall_32_irqs_on syz done 3 446d 447d 0/22 closed as dup on 2020/08/15 13:55
general protection fault in __switch_to_asm C inconclusive done 158 392d 493d 0/22 closed as dup on 2020/10/20 07:02
BUG: stack guard page was hit in mark_held_locks 1 465d 464d 0/22 closed as dup on 2020/08/16 13:35
KASAN: null-ptr-deref Read in kvm_arch_check_processor_compat syz done 1 484d 480d 0/22 closed as dup on 2020/06/30 06:11
KASAN: null-ptr-deref Read in kvm_vfio_set_attr syz done 1 572d 568d 0/22 closed as dup on 2020/08/16 03:56
BUG: unable to handle kernel NULL pointer dereference in do_syscall_64 (2) C done 9 485d 590d 0/22 closed as dup on 2020/08/15 13:48
BUG: unable to handle kernel paging request in syscall_return_slowpath C done 2 448d 530d 0/22 closed as dup on 2020/08/15 13:44
BUG: unable to handle kernel NULL pointer dereference in __syscall_return_slowpath C 55 447d 474d 0/22 closed as dup on 2020/06/29 16:42
BUG: unable to handle kernel NULL pointer dereference in syscall_trace_enter 1 466d 462d 0/22 closed as dup on 2020/08/15 13:51
KASAN: out-of-bounds Write in nested_sync_vmcs12_to_shadow syz done error 1 548d 544d 0/22 closed as dup on 2020/08/16 03:59
general protection fault in pvclock_gtod_notify C 69 395d 477d 0/22 closed as dup on 2020/06/30 06:12
BUG: unable to handle kernel paging request in __syscall_return_slowpath syz done 1 447d 443d 0/22 closed as dup on 2020/08/15 13:40
KASAN: out-of-bounds Read in kvm_arch_hardware_setup C 1 480d 476d 0/22 closed as dup on 2020/06/30 06:12
BUG: sleeping function called from invalid context in do_page_fault C done error 7 523d 591d 0/22 closed as dup on 2020/08/16 04:02
KASAN: user-memory-access Read in kvmclock_cpufreq_notifier C done error 1 553d 579d 0/22 closed as dup on 2020/08/16 04:05
BUG: stack guard page was hit in fixup_exception 1 463d 462d 0/22 closed as dup on 2020/08/16 13:34
BUG: sleeping function called from invalid context in do_user_addr_fault syz inconclusive done 10 403d 482d 0/22 closed as dup on 2020/09/02 22:06
Patch testing requests:
Created Duration User Patch Repo Result
2020/07/10 07:27 14m dvyukov@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 report log
2020/07/04 06:40 0m dvyukov@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/07/03 11:23 0m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/03/08 18:35 3m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/03/08 17:21 3m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error

Sample crash report:

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2020/03/04 07:43 upstream 63623fd44972 c88c7b75 .config log report syz