bisecting fixing commit since c37da90efff5f183bea6ae4c2af33571f61fe317
building syzkaller on abf9ba4fc75d9b29af15625d44dcfc1360fad3b7
testing commit c37da90efff5f183bea6ae4c2af33571f61fe317 with gcc (GCC) 8.1.0
kernel signature: f551f3b9a96935f79cf5bf38b41ce914ed8a0d7c1f9b52f216c6c2ef4f6afa95
run #0: crashed: general protection fault in wait_consider_task
run #1: crashed: general protection fault in wait_consider_task
run #2: crashed: BUG: spinlock bad magic in try_to_wake_up
run #3: crashed: general protection fault in __insert_vmap_area
run #4: crashed: general protection fault in do_exit
run #5: crashed: unexpected kernel reboot
run #6: crashed: unexpected kernel reboot
run #7: crashed: WARNING in debug_mutex_wake_waiter
run #8: crashed: WARNING in __put_task_struct
run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
testing current HEAD b09c34517e1ac4018e3bb75ed5c8610a8a1f486b
testing commit b09c34517e1ac4018e3bb75ed5c8610a8a1f486b with gcc (GCC) 8.1.0
kernel signature: c0ed55cb393c3c2712ebd9f014126f9c0a94d7f73255234daad346eb310b7b9f
run #0: crashed: BUG: unable to handle kernel NULL pointer dereference in __hrtimer_run_queues
run #1: crashed: general protection fault in unlink_anon_vmas
run #2: crashed: general protection fault in wait_consider_task
run #3: crashed: BUG: unable to handle kernel NULL pointer dereference in corrupted
run #4: crashed: KASAN: wild-memory-access Write in ldt_dup_context
run #5: crashed: general protection fault in anon_vma_interval_tree_insert
run #6: crashed: general protection fault in __radix_tree_lookup
run #7: crashed: BUG: unable to handle kernel paging request in bit_cursor
run #8: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
run #9: crashed: kernel BUG at arch/x86/mm/physaddr.c:LINE!
revisions tested: 2, total time: 26m43.600263692s (build: 18m46.940637005s, test: 7m6.932305762s)
the crash still happens on HEAD
commit msg: Linux 4.19.149
crash: kernel BUG at arch/x86/mm/physaddr.c:LINE!
------------[ cut here ]------------
kernel BUG at arch/x86/mm/physaddr.c:27!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 3711 Comm: systemd-udevd Not tainted 4.19.149-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:__phys_addr+0x6b/0xc0 arch/x86/mm/physaddr.c:27
Code: b6 14 11 48 89 f9 83 e1 07 38 ca 7f 04 84 d2 75 1b 0f b6 0d c0 52 f7 07 48 89 c2 48 d3 ea 48 85 d2 75 07 48 83 c4 08 5b 5d c3 <0f> 0b 48 89 45 f0 e8 da c4 65 00 48 8b 45 f0 eb d6 48 c7 c7 10 50
RSP: 0018:ffff88808f81f9a0 EFLAGS: 00010287
RAX: 0000ee8000000000 RBX: 0000770080000000 RCX: 1ffff11011f029c5
RDX: 0000000000000000 RSI: ffff88808f814e30 RDI: 0000770000000000
RBP: ffff88808f81f9b0 R08: ffff88808f814e28 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000770000000000 R15: ffffffff885205c0
FS:  00007fd350f1d8c0(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005563baadab60 CR3: 000000008fa9b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 qlink_to_cache+0x9/0x40 include/linux/mm.h:665
 qlist_free_all+0x103/0x120 mm/kasan/quarantine.c:163
 quarantine_reduce+0x163/0x1a0 mm/kasan/quarantine.c:259
 kasan_kmalloc+0x9b/0xc0 mm/kasan/kasan.c:538
 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490
 slab_post_alloc_hook mm/slab.h:445 [inline]
 slab_alloc_node mm/slab.c:3340 [inline]
 kmem_cache_alloc_node_trace+0x140/0x3e0 mm/slab.c:3666
 __do_kmalloc_node mm/slab.c:3688 [inline]
 __kmalloc_node+0x3c/0x70 mm/slab.c:3696
 kmalloc_node include/linux/slab.h:557 [inline]
 kvmalloc_node+0x68/0x70 mm/util.c:423
 kvmalloc include/linux/mm.h:577 [inline]
 seq_buf_alloc fs/seq_file.c:32 [inline]
 seq_read+0x7ed/0xfd0 fs/seq_file.c:204
 kernfs_fop_read+0xcc/0x4f0 fs/kernfs/file.c:252
 __vfs_read+0xe3/0x880 fs/read_write.c:416
 vfs_read+0xf9/0x2f0 fs/read_write.c:452
 ksys_read+0x103/0x260 fs/read_write.c:579
 __do_sys_read fs/read_write.c:589 [inline]
 __se_sys_read fs/read_write.c:587 [inline]
 __x64_sys_read+0x6e/0xb0 fs/read_write.c:587
 do_syscall_64+0xd0/0x4e0 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7fd34fd90910
Code: b6 fe ff ff 48 8d 3d 0f be 08 00 48 83 ec 08 e8 06 db 01 00 66 0f 1f 44 00 00 83 3d f9 2d 2c 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 de 9b 01 00 48 89 04 24
RSP: 002b:00007fff4b80cfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00005563baad79c0 RCX: 00007fd34fd90910
RDX: 0000000000001000 RSI: 00005563baad6990 RDI: 000000000000000e
RBP: 00007fd35004b440 R08: 00007fd35004f1f8 R09: 0000000000001010
R10: 00005563baad79c0 R11: 0000000000000246 R12: 0000000000001000
R13: 0000000000000d68 R14: 00005563baad6990 R15: 00007fd35004a900
Modules linked in:
---[ end trace 1255812e52d8ad2c ]---
RIP: 0010:__phys_addr+0x6b/0xc0 arch/x86/mm/physaddr.c:27
Code: b6 14 11 48 89 f9 83 e1 07 38 ca 7f 04 84 d2 75 1b 0f b6 0d c0 52 f7 07 48 89 c2 48 d3 ea 48 85 d2 75 07 48 83 c4 08 5b 5d c3 <0f> 0b 48 89 45 f0 e8 da c4 65 00 48 8b 45 f0 eb d6 48 c7 c7 10 50
RSP: 0018:ffff88808f81f9a0 EFLAGS: 00010287
RAX: 0000ee8000000000 RBX: 0000770080000000 RCX: 1ffff11011f029c5
RDX: 0000000000000000 RSI: ffff88808f814e30 RDI: 0000770000000000
RBP: ffff88808f81f9b0 R08: ffff88808f814e28 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000770000000000 R15: ffffffff885205c0
FS:  00007fd350f1d8c0(0000) GS:ffff8880aeb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005563baadab60 CR3: 000000008fa9b000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400