bisecting fixing commit since 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit 2f166cdcf8a92fcf85524f2b5526cb28e16f0a60 with gcc (GCC) 8.1.0
kernel signature: c680180ef479167ad2196eae33805f1c61551652287952610764ffb213ea70c0
run #0: crashed: general protection fault in do_exit
run #1: crashed: BUG: unable to handle kernel paging request in futex_wait_queue_me
run #2: crashed: BUG: Bad page map
run #3: crashed: unexpected kernel reboot
run #4: crashed: general protection fault in timerqueue_del
run #5: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
run #6: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
run #7: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
run #8: crashed: BUG: unable to handle kernel paging request in corrupted
run #9: OK
testing current HEAD 2b79150141611d3c6e1b55d4e70f49602482f0b8
testing commit 2b79150141611d3c6e1b55d4e70f49602482f0b8 with gcc (GCC) 8.1.0
kernel signature: 6107f443e6aa9ed5beb9fa3a3bdc53722bc620921657d843e4199f131ef646ad
run #0: crashed: kernel BUG at mm/memory.c:LINE!
run #1: crashed: WARNING in debug_mutex_wake_waiter
run #2: crashed: WARNING: kernel stack regs has bad 'bp' value
run #3: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
run #4: crashed: WARNING in vmacache_find
run #5: crashed: unexpected kernel reboot
run #6: crashed: INFO: trying to register non-static key in call_usermodehelper_exec_async
run #7: crashed: WARNING in corrupted
run #8: crashed: general protection fault in __schedule
run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
revisions tested: 2, total time: 36m26.604658497s (build: 17m6.243761538s, test: 18m41.238710101s)
the crash still happens on HEAD
commit msg: Linux 4.14.203
crash: kernel BUG at arch/x86/mm/physaddr.c:LINE!
Bluetooth: hci2 command 0x040f tx timeout
Bluetooth: hci2 command 0x0419 tx timeout
------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:27!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 3655 Comm: systemd-udevd Not tainted 4.14.203-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809ef88400 task.stack: ffff88809ef90000
RIP: 0010:__phys_addr+0x6b/0xc0 arch/x86/mm/physaddr.c:27
RSP: 0018:ffff88809ef97b90 EFLAGS: 00010287
RAX: 0007e78000007700 RBX: 0007700080007700 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff88809ef88c88 RDI: 0007700000007700
RBP: ffff88809ef97ba0 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0007700000007700 R15: ffffffff87f15e00
FS:  00007f3b4574b8c0(0000) GS:ffff8880ba900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559aadfa4b80 CR3: 000000009e6b3000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 qlink_to_cache+0x9/0x40 include/linux/mm.h:612
 qlist_free_all+0x103/0x120 mm/kasan/quarantine.c:163
 quarantine_reduce+0x141/0x170 mm/kasan/quarantine.c:259
 kasan_kmalloc+0x9b/0xc0 mm/kasan/kasan.c:536
 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489
 slab_post_alloc_hook mm/slab.h:442 [inline]
 slab_alloc mm/slab.c:3390 [inline]
 kmem_cache_alloc+0x11b/0x3e0 mm/slab.c:3550
 getname_flags+0xb8/0x510 fs/namei.c:138
 user_path_at_empty+0x1e/0x40 fs/namei.c:2631
 user_path_at include/linux/namei.h:57 [inline]
 vfs_statx+0xb6/0x130 fs/stat.c:185
 vfs_lstat include/linux/fs.h:3070 [inline]
 SYSC_newlstat fs/stat.c:350 [inline]
 SyS_newlstat+0x7d/0xc0 fs/stat.c:344
 do_syscall_64+0x1c7/0x5b0 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f3b445be335
RSP: 002b:00007ffc489b2b68 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
RAX: ffffffffffffffda RBX: 0000559aadf3c130 RCX: 00007f3b445be335
RDX: 00007ffc489b2ba0 RSI: 00007ffc489b2ba0 RDI: 0000559aadf3b130
RBP: 00007ffc489b2c60 R08: 00007f3b4487d178 R09: 0000000000001010
R10: 00007f3b4487cb58 R11: 0000000000000246 R12: 0000559aadf3b130
R13: 0000559aadf3b13c R14: 0000559aadf37df5 R15: 0000559aadf37dfc
Code: 0f b6 14 11 48 89 f9 83 e1 07 38 ca 7f 04 84 d2 75 1b 0f b6 0d c0 26 89 07 48 89 c2 48 d3 ea 48 85 d2 75 07 48 83 c4 08 5b 5d c3 <0f> 0b 48 89 45 f0 e8 ea 89 5a 00 48 8b 45 f0 eb d6 48 c7 c7 10 
RIP: __phys_addr+0x6b/0xc0 arch/x86/mm/physaddr.c:27 RSP: ffff88809ef97b90
---[ end trace aaa5933d38af7e0f ]---