kernel BUG at arch/x86/mm/physaddr.c:LINE! (3)

kernel BUG at arch/x86/mm/physaddr.c:LINE! (3)
Status: upstream: reported on 2020/07/14 16:42
Reported-by: syzbot+d229bfbdb33b5139e86f@syzkaller.appspotmail.com
First crash: 69d, last: 11d

similar bugs (9):
Kernel	Title	Repro	Bisected	Count	Last	Reported	Patched	Status
upstream	kernel BUG at arch/x86/mm/physaddr.c:LINE! (2)	C	cause	522	465d	674d	13/17	fixed on 2019/06/14 18:22
upstream	kernel BUG at arch/x86/mm/physaddr.c:LINE! (6)			46	1d02h	53d	0/17	upstream: reported on 2020/07/29 21:34
linux-4.19	kernel BUG at arch/x86/mm/physaddr.c:LINE! (2)	C	fix	82	123d	263d	1/1	fixed on 2020/06/20 23:56
linux-4.19	kernel BUG at arch/x86/mm/physaddr.c:LINE!	syz	fix	1	450d	450d	1/1	fixed on 2019/12/16 09:09
linux-4.14	kernel BUG at arch/x86/mm/physaddr.c:LINE!	C	fix	19	32d	270d	0/1	upstream: reported C repro on 2019/12/26 02:01
upstream	kernel BUG at arch/x86/mm/physaddr.c:LINE! (5)	C	cause	241	70d	143d	17/17	fixed on 2020/07/17 17:58
upstream	kernel BUG at arch/x86/mm/physaddr.c:LINE! (3)			4	456d	456d	0/17	auto-closed as invalid on 2019/10/25 08:46
upstream	kernel BUG at arch/x86/mm/physaddr.c:LINE!	C		10	680d	712d	12/17	fixed on 2018/11/12 21:25
upstream	kernel BUG at arch/x86/mm/physaddr.c:LINE! (4)	C		18	178d	212d	17/17	fixed on 2020/04/15 17:19

Sample crash report:

------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:27!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 6489 Comm: syz-executor.2 Not tainted 4.19.144-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Code: a9 7d 08 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 c0 c6 38 00 48 85 db 75 0d e8 26 c5 38 00 4c 89 e0 5b 5d 41 5c c3 e8 19 c5 38 00 <0f> 0b e8 12 c5 38 00 48 c7 c0 10 50 c7 88 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff888084a67a68 EFLAGS: 00010293
RAX: ffff888094e2c480 RBX: 0000007707777777 RCX: ffffffff8130ec58
RDX: 0000000000000000 RSI: ffffffff8130ecb7 RDI: 0000000000000006
RBP: 0000007787777777 R08: 0000000000000000 R09: 0000007787777777
R10: 0000000000000006 R11: 0000000000000000 R12: 000077f707777777
R13: ffff888084a67ac0 R14: 0000000000000000 R15: 0000000000000282
FS:  00000000030fa940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0264746db8 CR3: 0000000090788000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 virt_to_head_page include/linux/mm.h:665 [inline]
 qlink_to_cache mm/kasan/quarantine.c:127 [inline]
 qlist_free_all+0xbb/0x140 mm/kasan/quarantine.c:163
 quarantine_reduce+0x1a9/0x230 mm/kasan/quarantine.c:259
 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:538
ptrace attach of "/root/syz-executor.5"[8487] was attempted by "/root/syz-executor.5"[8488]
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x110/0x370 mm/slab.c:3557
 getname_flags+0xce/0x590 fs/namei.c:140
 getname fs/namei.c:211 [inline]
 user_path_mountpoint_at+0x23/0x40 fs/namei.c:2748
 ksys_umount+0x156/0x1070 fs/namespace.c:1645
 __do_sys_umount fs/namespace.c:1671 [inline]
 __se_sys_umount fs/namespace.c:1669 [inline]
 __x64_sys_umount+0x50/0x70 fs/namespace.c:1669
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45ffe7
Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00
------------[ cut here ]------------
RSP: 002b:00007ffd1ccd1408 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
kernel BUG at arch/x86/mm/physaddr.c:27!
RAX: ffffffffffffffda RBX: 0000000000207e6c RCX: 000000000045ffe7
RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffd1ccd2540
RBP: 000000000000105b R08: 0000000000000000 R09: 00000000030fa940
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1ccd2540
R13: 00007ffd1ccd2530 R14: 0000000000000000 R15: 00007ffd1ccd2540
Modules linked in:
invalid opcode: 0000 [#2] PREEMPT SMP KASAN
---[ end trace f163dddcff9629ac ]---
CPU: 0 PID: 8500 Comm: syz-executor.0 Tainted: G      D           4.19.144-syzkaller #0
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__phys_addr+0xa7/0x110 arch/x86/mm/physaddr.c:27
Code: a9 7d 08 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 c0 c6 38 00 48 85 db 75 0d e8 26 c5 38 00 4c 89 e0 5b 5d 41 5c c3 e8 19 c5 38 00 <0f> 0b e8 12 c5 38 00 48 c7 c0 10 50 c7 88 48 ba 00 00 00 00 00 fc
RSP: 0018:ffff88821b17f830 EFLAGS: 00010293
RAX: ffff88804d318040 RBX: 0000077000000000 RCX: ffffffff8130ec58
RDX: 0000000000000000 RSI: ffffffff8130ecb7 RDI: 0000000000000006
RBP: 0000077080000000 R08: 0000000000000000 R09: 0000077080000000
Code: a9 7d 08 4c 89 e3 31 ff 48 d3 eb 48 89 de e8 c0 c6 38 00 48 85 db 75 0d e8 26 c5 38 00 4c 89 e0 5b 5d 41 5c c3 e8 19 c5 38 00 <0f> 0b e8 12 c5 38 00 48 c7 c0 10 50 c7 88 48 ba 00 00 00 00 00 fc
R10: 0000000000000006 R11: 000000000000000a R12: 00007ef000000000
R13: ffff88821b17f888 R14: 0000000000000000 R15: 0000000000000282
FS:  0000000001ce1940(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4e34dbc008 CR3: 0000000218f03000 CR4: 00000000001406f0
RSP: 0018:ffff888084a67a68 EFLAGS: 00010293
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 virt_to_head_page include/linux/mm.h:665 [inline]
 qlink_to_cache mm/kasan/quarantine.c:127 [inline]
 qlist_free_all+0xbb/0x140 mm/kasan/quarantine.c:163
 quarantine_reduce+0x1a9/0x230 mm/kasan/quarantine.c:259
 kasan_kmalloc+0xa2/0x160 mm/kasan/kasan.c:538
RAX: ffff888094e2c480 RBX: 0000007707777777 RCX: ffffffff8130ec58
RDX: 0000000000000000 RSI: ffffffff8130ecb7 RDI: 0000000000000006
RBP: 0000007787777777 R08: 0000000000000000 R09: 0000007787777777
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc mm/slab.c:3397 [inline]
 kmem_cache_alloc+0x110/0x370 mm/slab.c:3557
R10: 0000000000000006 R11: 0000000000000000 R12: 000077f707777777
 ext4_alloc_inode+0x1a/0x630 fs/ext4/super.c:1081
 alloc_inode+0x5d/0x180 fs/inode.c:211
 new_inode_pseudo fs/inode.c:911 [inline]
 new_inode+0x1d/0xf0 fs/inode.c:940
 __ext4_new_inode+0x400/0x5a20 fs/ext4/ialloc.c:832
 ext4_symlink+0x3f5/0xc00 fs/ext4/namei.c:3146
 vfs_symlink+0x453/0x6c0 fs/namei.c:4129
 do_symlinkat+0x258/0x2c0 fs/namei.c:4156
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45d2e7
R13: ffff888084a67ac0 R14: 0000000000000000 R15: 0000000000000282
Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 1d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
FS:  00000000030fa940(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
RSP: 002b:00007ffec8c18808 EFLAGS: 00000202 ORIG_RAX: 0000000000000058
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045d2e7
CR2: 00007f4e34df4020 CR3: 0000000090788000 CR4: 00000000001406e0
RDX: 00007ffec8c188a3 RSI: 00000000004c30cd RDI: 00007ffec8c18890
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000013
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffec8c18840 R14: 0000000000000000 R15: 00007ffec8c18850
Modules linked in:
---[ end trace f163dddcff9629ad ]---

Crashes (17):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Maintainers
ci2-linux-4-19	2020/09/10 12:42	linux-4.19.y	67957f12	ac7ca78e	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/09/09 18:15	linux-4.19.y	67957f12	ac7ca78e	.config	log	report	coreteam@netfilter.org, davem@davemloft.net, fw@strlen.de, kadlec@blackhole.kfki.hu, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, pablo@netfilter.org, yoshfuji@linux-ipv6.org
ci2-linux-4-19	2020/09/09 11:22	linux-4.19.y	c37da90e	0ea7a887	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/09/09 10:33	linux-4.19.y	c37da90e	0ea7a887	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/09/08 20:41	linux-4.19.y	c37da90e	abf9ba4f	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/09/08 09:28	linux-4.19.y	c37da90e	abf9ba4f	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/09/07 20:00	linux-4.19.y	c37da90e	abf9ba4f	.config	log	report	eparis@parisplace.org, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, paul@paul-moore.com, sds@tycho.nsa.gov, selinux@vger.kernel.org, trix@redhat.com
ci2-linux-4-19	2020/09/06 11:01	linux-4.19.y	c37da90e	abf9ba4f	.config	log	report	davem@davemloft.net, edumazet@google.com, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-linux-4-19	2020/09/04 00:02	linux-4.19.y	c37da90e	abf9ba4f	.config	log	report	bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, linux-kernel@vger.kernel.org, luto@kernel.org, mingo@redhat.com, peterz@infradead.org, tglx@linutronix.de, x86@kernel.org
ci2-linux-4-19	2020/09/02 07:27	linux-4.19.y	f6d5cb9e	abf9ba4f	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/09/01 01:05	linux-4.19.y	f6d5cb9e	d5a3ae1f	.config	log	report	davem@davemloft.net, kuznet@ms2.inr.ac.ru, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, yoshfuji@linux-ipv6.org
ci2-linux-4-19	2020/08/23 22:43	linux-4.19.y	d18b78ab	cef5ae68	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/08/04 22:35	linux-4.19.y	13af6c74	02034dac	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/08/04 22:03	linux-4.19.y	13af6c74	02034dac	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/08/04 07:26	linux-4.19.y	13af6c74	96dd3623	.config	log	report	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
ci2-linux-4-19	2020/07/21 02:32	linux-4.19.y	17a87580	d88894e6	.config	log	report	coreteam@netfilter.org, davem@davemloft.net, fw@strlen.de, kadlec@blackhole.kfki.hu, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, netfilter-devel@vger.kernel.org, pablo@netfilter.org
ci2-linux-4-19	2020/07/14 16:42	linux-4.19.y	dce0f886	6f458026	.config	log	report	akpm@linux-foundation.org, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, mhocko@suse.com, paulmck@linux.ibm.com, peterz@infradead.org, shakeelb@google.com