syzbot


general protection fault in syscall_return_slowpath
Status: fixed on 2020/09/16 22:51
Reported-by: syzbot+cd66e43794b178bb5cd6@syzkaller.appspotmail.com
Fix commit: 033724d68642 fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
First crash: 511d, last: 420d

Cause bisection: the issue happens on the oldest tested release (bisect log)
Crash: WARNING in sysfs_warn_dup (log)
Repro: syz .config

Fix bisection: fixed by (bisect log) :
commit 033724d6864245a11f8e04c066002e6ad22b3fd0
Author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Wed Jul 15 01:51:02 2020 +0000

  fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.

duplicates (22):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: null-ptr-deref Read in uncore_pmu_event_add C done 1 453d 449d 0/22 closed as dup on 2020/08/16 03:50
BUG: unable to handle kernel paging request in do_syscall_64 1 433d 429d 0/22 closed as dup on 2020/08/15 13:35
BUG: stack guard page was hit in __bad_area_nosemaphore 3 366d 382d 0/22 closed as dup on 2020/08/16 13:35
general protection fault in do_syscall_64 C done error 4 456d 486d 0/22 closed as dup on 2020/08/15 11:55
BUG: unable to handle kernel paging request in x86_pmu_event_init C done 1 369d 365d 0/22 closed as dup on 2020/08/16 01:19
BUG: unable to handle kernel NULL pointer dereference in do_syscall_32_irqs_on syz done 3 365d 367d 0/22 closed as dup on 2020/08/15 13:55
general protection fault in __switch_to_asm C inconclusive done 158 311d 413d 0/22 closed as dup on 2020/10/20 07:02
BUG: stack guard page was hit in mark_held_locks 1 384d 384d 0/22 closed as dup on 2020/08/16 13:35
KASAN: null-ptr-deref Read in kvm_arch_check_processor_compat syz done 1 404d 400d 0/22 closed as dup on 2020/06/30 06:11
KASAN: null-ptr-deref Read in kvm_vfio_set_attr syz done 1 492d 488d 0/22 closed as dup on 2020/08/16 03:56
BUG: unable to handle kernel NULL pointer dereference in do_syscall_64 (2) C done 9 404d 509d 0/22 closed as dup on 2020/08/15 13:48
BUG: unable to handle kernel paging request in syscall_return_slowpath C done 2 367d 450d 0/22 closed as dup on 2020/08/15 13:44
BUG: unable to handle kernel NULL pointer dereference in __syscall_return_slowpath C 55 366d 393d 0/22 closed as dup on 2020/06/29 16:42
BUG: unable to handle kernel NULL pointer dereference in syscall_trace_enter 1 386d 382d 0/22 closed as dup on 2020/08/15 13:51
KASAN: out-of-bounds Write in nested_sync_vmcs12_to_shadow syz done error 1 467d 463d 0/22 closed as dup on 2020/08/16 03:59
general protection fault in pvclock_gtod_notify C 69 315d 396d 0/22 closed as dup on 2020/06/30 06:12
BUG: unable to handle kernel paging request in __syscall_return_slowpath syz done 1 366d 362d 0/22 closed as dup on 2020/08/15 13:40
KASAN: out-of-bounds Read in kvm_arch_hardware_setup C 1 399d 395d 0/22 closed as dup on 2020/06/30 06:12
BUG: sleeping function called from invalid context in do_page_fault C done error 7 443d 510d 0/22 closed as dup on 2020/08/16 04:02
KASAN: user-memory-access Read in kvmclock_cpufreq_notifier C done error 1 472d 498d 0/22 closed as dup on 2020/08/16 04:05
BUG: stack guard page was hit in fixup_exception 1 382d 382d 0/22 closed as dup on 2020/08/16 13:34
BUG: sleeping function called from invalid context in do_user_addr_fault syz inconclusive done 10 322d 402d 0/22 closed as dup on 2020/09/02 22:06
Patch testing requests:
Created Duration User Patch Repo Result
2020/07/10 07:27 14m dvyukov@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 report log
2020/07/04 06:40 0m dvyukov@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/07/03 11:23 0m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/03/08 18:35 3m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error
2020/03/08 17:21 3m jannh@google.com patch https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git 63623fd44972d1ed2bfb6e0fb631dfcf547fd1e7 error

Sample crash report:

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2020/03/04 07:43 upstream 63623fd44972 c88c7b75 .config log report syz