syzbot


kernel BUG at arch/x86/mm/physaddr.c:LINE! (5)

Status: fixed on 2020/07/17 17:58
Reported-by: syzbot+0bfda3ade1ee9288a1be@syzkaller.appspotmail.com
Fix commit: 57d38f26d81e vt: fix unicode console freeing with a common interface
First crash: 790d, last: 713d

Cause bisection: introduced by (bisect log) :
commit 9a98e7a80f95378c9ee0c644705e3b5aa54745f1
Author: Nicolas Pitre <nico@fluxnic.net>
Date: Sun Mar 29 02:25:11 2020 +0000

  vt: don't use kmalloc() for the unicode screen buffer

Crash: kernel BUG at arch/x86/mm/physaddr.c:LINE! (log)
Repro: C syz .config
similar bugs (9):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) C done 522 1108d 1318d 13/22 fixed on 2019/06/14 18:22
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (6) 90 200d 697d 0/22 auto-closed as invalid on 2022/04/07 07:37
linux-4.19 kernel BUG at arch/x86/mm/physaddr.c:LINE! (2) C done 82 766d 906d 1/1 fixed on 2020/06/20 23:56
linux-4.19 kernel BUG at arch/x86/mm/physaddr.c:LINE! syz done 1 1093d 1093d 1/1 fixed on 2019/12/16 09:09
linux-4.14 kernel BUG at arch/x86/mm/physaddr.c:LINE! C inconclusive 23 457d 914d 0/1 upstream: reported C repro on 2019/12/26 02:01
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (3) 4 1099d 1099d 0/22 auto-closed as invalid on 2019/10/25 08:46
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! C 10 1323d 1355d 12/22 fixed on 2018/11/12 21:25
linux-4.19 kernel BUG at arch/x86/mm/physaddr.c:LINE! (3) 75 38d 712d 0/1 upstream: reported on 2020/07/14 16:42
upstream kernel BUG at arch/x86/mm/physaddr.c:LINE! (4) C 18 821d 856d 17/22 fixed on 2020/04/15 17:19

Sample crash report:
------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:28!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 7046 Comm: syz-executor133 Not tainted 5.7.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:28
Code: 9e 55 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 e0 99 3f 00 48 85 db 75 0d e8 46 98 3f 00 4c 89 e0 5b 5d 41 5c c3 e8 39 98 3f 00 <0f> 0b e8 32 98 3f 00 48 c7 c0 10 10 88 89 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003e1fb18 EFLAGS: 00010093
RAX: ffff8880a368a580 RBX: 0000000000000001 RCX: ffffffff81339650
RDX: 0000000000000000 RSI: ffffffff81339667 RDI: 0000000000000007
RBP: ffffc90083e21000 R08: ffff8880a368a580 R09: ffffed1015ce7104
R10: ffff8880ae73881b R11: ffffed1015ce7103 R12: 0000408003e21000
R13: ffffffff83bd40d0 R14: 00000000000000b1 R15: ffff8880aa1bf000
FS:  0000000002010880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200004c0 CR3: 000000009dacd000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 virt_to_head_page include/linux/mm.h:833 [inline]
 virt_to_cache mm/slab.h:474 [inline]
 kfree+0x77/0x2b0 mm/slab.c:3749
 vc_do_resize+0x1081/0x1340 drivers/tty/vt/vt.c:1233
 vt_resize+0xa3/0xe0 drivers/tty/vt/vt.c:1350
 tiocswinsz drivers/tty/tty_io.c:2277 [inline]
 tty_ioctl+0x750/0x1440 drivers/tty/tty_io.c:2576
 vfs_ioctl fs/ioctl.c:47 [inline]
 ksys_ioctl+0x11a/0x180 fs/ioctl.c:763
 __do_sys_ioctl fs/ioctl.c:772 [inline]
 __se_sys_ioctl fs/ioctl.c:770 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:770
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x4403a9
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b 14 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff9272b2d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fff9272b2e0 RCX: 00000000004403a9
RDX: 0000000020000000 RSI: 0000000000005414 RDI: 0000000000000005
RBP: 00000000006cb018 R08: 000000000000000d R09: 65732f636f72702f
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401c90
R13: 0000000000401d20 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 9746569a81961cf1 ]---
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:28
Code: 9e 55 09 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 e0 99 3f 00 48 85 db 75 0d e8 46 98 3f 00 4c 89 e0 5b 5d 41 5c c3 e8 39 98 3f 00 <0f> 0b e8 32 98 3f 00 48 c7 c0 10 10 88 89 48 ba 00 00 00 00 00 fc
RSP: 0018:ffffc90003e1fb18 EFLAGS: 00010093
RAX: ffff8880a368a580 RBX: 0000000000000001 RCX: ffffffff81339650
RDX: 0000000000000000 RSI: ffffffff81339667 RDI: 0000000000000007
RBP: ffffc90083e21000 R08: ffff8880a368a580 R09: ffffed1015ce7104
R10: ffff8880ae73881b R11: ffffed1015ce7103 R12: 0000408003e21000
R13: ffffffff83bd40d0 R14: 00000000000000b1 R15: ffff8880aa1bf000
FS:  0000000002010880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200004c0 CR3: 000000009dacd000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (241):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2020/05/02 14:47 upstream 690e2aba7beb 58da4c35 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/04/27 11:21 upstream 6a8b55ed4056 0ce7569e .config log report syz C
ci-upstream-kasan-gce-386 2020/05/02 15:21 upstream 690e2aba7beb 58da4c35 .config log report syz
ci-upstream-kasan-gce-root 2020/07/12 13:53 upstream 0aea6d5c5be3 115e1930 .config log report
ci-upstream-kasan-gce 2020/07/10 08:48 upstream 42f82040ee66 edf162e8 .config log report
ci-upstream-kasan-gce-smack-root 2020/07/08 22:47 upstream 0bddd227f3dc bc238812 .config log report
ci-upstream-kasan-gce-root 2020/07/08 21:46 upstream 0bddd227f3dc bc238812 .config log report
ci-upstream-kasan-gce 2020/07/08 12:27 upstream 7cc2a8ea1048 51095195 .config log report
ci-upstream-kasan-gce 2020/07/08 02:26 upstream 7cc2a8ea1048 51095195 .config log report
ci-upstream-kasan-gce 2020/07/07 21:22 upstream 7cc2a8ea1048 51095195 .config log report
ci-upstream-kasan-gce-root 2020/07/07 16:28 upstream 7cc2a8ea1048 51095195 .config log report
ci-upstream-kasan-gce-selinux-root 2020/07/06 16:56 upstream 7cc2a8ea1048 51095195 .config log report
ci-upstream-kasan-gce 2020/07/06 01:52 upstream 7cc2a8ea1048 51095195 .config log report
ci-upstream-kasan-gce 2020/07/02 21:10 upstream cd77006e01b3 bed10395 .config log report
ci-upstream-kasan-gce 2020/06/01 23:55 upstream 9bf9511e3d9f a0331e89 .config log report
ci-upstream-kasan-gce 2020/05/28 16:50 upstream b0c3ba31be3e 0d951763 .config log report
ci-upstream-kasan-gce 2020/05/26 04:02 upstream 9cb1fd0efd19 8ca3b7d2 .config log report
ci-upstream-kasan-gce 2020/05/25 00:50 upstream caffb99b6929 bd28eb9d .config log report
ci-upstream-kasan-gce 2020/05/24 16:00 upstream caffb99b6929 bd28eb9d .config log report
ci-upstream-kasan-gce-selinux-root 2020/05/23 21:17 upstream 444565650a5f 9682898d .config log report
ci-upstream-kasan-gce-smack-root 2020/05/18 18:49 upstream 45088963ca9c 684d3606 .config log report
ci-upstream-kasan-gce 2020/05/17 22:45 upstream 5a9ffb954a39 37bccd4e .config log report
ci-upstream-kasan-gce 2020/05/15 12:53 upstream 1ae7efb38854 d7f9fffa .config log report
ci-upstream-kasan-gce-smack-root 2020/05/08 05:05 upstream 6e7f2eacf098 6c70a1c2 .config log report
ci-upstream-kasan-gce 2020/05/08 00:32 upstream 6e7f2eacf098 6c70a1c2 .config log report
ci-upstream-kasan-gce-root 2020/05/07 20:48 upstream a811c1fa0a02 98cbd87b .config log report
ci-upstream-kasan-gce-root 2020/05/07 19:44 upstream a811c1fa0a02 98cbd87b .config log report
ci-upstream-kasan-gce-root 2020/05/07 15:31 upstream a811c1fa0a02 98cbd87b .config log report
ci-upstream-kasan-gce 2020/05/07 08:31 upstream a811c1fa0a02 4618eb2d .config log report
ci-upstream-kasan-gce 2020/05/07 07:14 upstream a811c1fa0a02 4618eb2d .config log report
ci-upstream-kasan-gce 2020/05/06 13:52 upstream dc56c5acd850 4618eb2d .config log report
ci-upstream-kasan-gce-selinux-root 2020/05/06 12:44 upstream dc56c5acd850 4618eb2d .config log report
ci-upstream-kasan-gce 2020/05/06 11:26 upstream dc56c5acd850 35b8eb30 .config log report
ci-upstream-kasan-gce-smack-root 2020/05/06 07:04 upstream dc56c5acd850 35b8eb30 .config log report
ci-upstream-kasan-gce-root 2020/05/06 04:27 upstream dc56c5acd850 35b8eb30 .config log report
ci-upstream-kasan-gce-root 2020/05/06 03:21 upstream dc56c5acd850 35b8eb30 .config log report
ci-upstream-kasan-gce-smack-root 2020/04/27 08:31 upstream 6a8b55ed4056 0ce7569e .config log report
ci-upstream-kasan-gce-386 2020/05/25 08:36 upstream 9cb1fd0efd19 11284182 .config log report
ci-upstream-kasan-gce-386 2020/05/24 18:22 upstream caffb99b6929 bd28eb9d .config log report
ci-upstream-kasan-gce-386 2020/05/11 11:16 upstream 2ef96a5bb12b f8f57555 .config log report
ci-upstream-kasan-gce-386 2020/05/08 14:21 upstream 79dede78c057 2b98fdbc .config log report
ci-qemu-upstream-386 2020/05/08 10:31 upstream 79dede78c057 fe4122c3 .config log report
ci-upstream-kasan-gce-386 2020/05/08 01:42 upstream 6e7f2eacf098 6c70a1c2 .config log report
ci-qemu-upstream-386 2020/05/07 23:24 upstream 6e7f2eacf098 6c70a1c2 .config log report
ci-upstream-kasan-gce-386 2020/05/07 12:14 upstream a811c1fa0a02 98cbd87b .config log report
ci-upstream-kasan-gce-386 2020/05/07 10:57 upstream a811c1fa0a02 98cbd87b .config log report
ci-upstream-kasan-gce-386 2020/05/07 09:32 upstream a811c1fa0a02 4618eb2d .config log report
ci-upstream-kasan-gce-386 2020/05/06 19:20 upstream 3c40cdb0e93e 4618eb2d .config log report
ci-upstream-kasan-gce-386 2020/05/06 15:06 upstream dc56c5acd850 4618eb2d .config log report
ci-upstream-kasan-gce-386 2020/05/06 02:07 upstream dc56c5acd850 35b8eb30 .config log report
ci-upstream-linux-next-kasan-gce-root 2020/07/13 06:48 linux-next d31958b30ea3 9ebcc5b1 .config log report