syzbot

 sign-in | mailing list | source | docs
🐞 Open [712] 🐞 Fixed [297] 🐞 Invalid [838] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG at arch/x86/mm/physaddr.c:LINE!

Status: fixed on 2019/12/16 09:09
Reported-by: syzbot+adf31b087e84fec2543f@syzkaller.appspotmail.com
Fix commit: 4736bb277744 ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL
First crash: 1756d, last: 1756d
Fix bisection: fixed by (bisect log) :
commit 4736bb27774449cf759ee81663b4126a297ba9d4
Author: Xin Long <lucien.xin@gmail.com>
Date: Mon Jun 17 13:34:13 2019 +0000

  ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL

  
Similar bugs (9)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) media C done 522 1770d 1980d 12/26 fixed on 2019/06/14 18:22
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (6) raid 90 863d 1359d 0/26 auto-closed as invalid on 2022/04/07 07:37
linux-4.19 kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) C done 82 1428d 1569d 1/1 fixed on 2020/06/20 23:56
linux-4.14 kernel BUG at arch/x86/mm/physaddr.c:LINE! C inconclusive 23 1119d 1576d 0/1 upstream: reported C repro on 2019/12/26 02:01
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (5) serial C done 241 1376d 1449d 15/26 fixed on 2020/07/17 17:58
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (3) kernel 4 1762d 1761d 0/26 auto-closed as invalid on 2019/10/25 08:46
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! overlayfs C 10 1985d 2017d 11/26 fixed on 2018/11/12 21:25
linux-4.19 kernel BUG at arch/x86/mm/physaddr.c:LINE! (3) 76 599d 1374d 0/1 auto-obsoleted due to no activity on 2022/12/26 22:17
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (4) audit C 18 1483d 1518d 15/26 fixed on 2020/04/15 17:19

Sample crash report:
Enabling of bearer <udp:syz2> rejected, already enabled
Enabling of bearer <udp:syz2> rejected, already enabled
Started in network mode
Own node identity 7f000001, cluster identity 4711
------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:27!
New replicast peer: 172.20.20.22
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 19 Comm: kworker/1:0 Not tainted 4.19.56 #28
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Enabled bearer <udp:syz2>, priority 2
Workqueue: events cache_reap
RIP: 0010:__phys_addr+0xb3/0x120 arch/x86/mm/physaddr.c:27
Code: 08 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 c6 16 3a 00 48 85 db 75 0f e8 1c 15 3a 00 4c 89 e0 5b 41 5c 41 5d 5d c3 e8 0d 15 3a 00 <0f> 0b e8 06 15 3a 00 48 c7 c0 10 50 67 88 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff8880aa2b7bd8 EFLAGS: 00010093
Started in network mode
RAX: ffff8880aa2a8500 RBX: 0000000000000000 RCX: ffffffff81310142
RDX: 0000000000000000 RSI: ffffffff813101a3 RDI: 0000000000000006
RBP: ffff8880aa2b7bf0 R08: ffff8880aa2a8500 R09: ffffed1014293ce1
R10: ffffed1014293ce0 R11: ffff8880a149e703 R12: 0000778000000000
R13: 0000000080000000 R14: ffff8880a149e700 R15: ffff8880a149e700
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
Own node identity 7f000001, cluster identity 4711
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000070e158 CR3: 000000009eec3000 CR4: 00000000001406e0
Call Trace:
 virt_to_head_page include/linux/mm.h:658 [inline]
 free_block+0xa8/0x250 mm/slab.c:3420
 drain_array_locked+0x36/0x90 mm/slab.c:2213
New replicast peer: 172.20.20.22
 drain_array+0x8c/0xb0 mm/slab.c:4027
 cache_reap+0xf4/0x280 mm/slab.c:4068
 process_one_work+0x989/0x1750 kernel/workqueue.c:2153
Enabled bearer <udp:syz2>, priority 2
Enabling of bearer <udp:syz2> rejected, already enabled
 worker_thread+0x98/0xe40 kernel/workqueue.c:2296
 kthread+0x354/0x420 kernel/kthread.c:246
Enabling of bearer <udp:syz2> rejected, already enabled
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
Modules linked in:
---[ end trace a5e277d1d5a6e4d2 ]---
Enabling of bearer <udp:syz2> rejected, already enabled
RIP: 0010:__phys_addr+0xb3/0x120 arch/x86/mm/physaddr.c:27
Code: 08 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 c6 16 3a 00 48 85 db 75 0f e8 1c 15 3a 00 4c 89 e0 5b 41 5c 41 5d 5d c3 e8 0d 15 3a 00 <0f> 0b e8 06 15 3a 00 48 c7 c0 10 50 67 88 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff8880aa2b7bd8 EFLAGS: 00010093
RAX: ffff8880aa2a8500 RBX: 0000000000000000 RCX: ffffffff81310142
RDX: 0000000000000000 RSI: ffffffff813101a3 RDI: 0000000000000006
RBP: ffff8880aa2b7bf0 R08: ffff8880aa2a8500 R09: ffffed1014293ce1
R10: ffffed1014293ce0 R11: ffff8880a149e703 R12: 0000778000000000
R13: 0000000080000000 R14: ffff8880a149e700 R15: ffff8880a149e700
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000070e158 CR3: 000000009eec3000 CR4: 00000000001406e0

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/06/29 04:49 linux-4.19.y aec3002d07fd 7509bf36 .config console log report syz ci2-linux-4-19
* Struck through repros no longer work on HEAD.