Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1450687ybz; Fri, 1 May 2020 23:51:11 -0700 (PDT) X-Google-Smtp-Source: APiQypKX3PHoZVGPt9n+wxD/G4+csspbBooyWH/rwSa5YLvOYhuvWPmURvazgn2qAwrX8Nx5Z7WW X-Received: by 2002:a17:906:2418:: with SMTP id z24mr6401410eja.42.1588402271264; Fri, 01 May 2020 23:51:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588402271; cv=none; d=google.com; s=arc-20160816; b=n4Doyb4AS3AjvLcoWMyqndSWF2gM/dzsPKvzRB11vxk6+sk2fUEgkWYXJ4VOzT2mqT BpUqa7PpYVnE57xLrd7I8VrJ9Jnbdf9Pq1tBI5rNcZkcOT4Xt3Q/IBQo8dw381dAnkAy 1Juhu565DHdcP9/mh6uv7q//mtD296KA6M27H+NLUydmzZhVG520YcZBnDiMrox7pV3k jn5ambds3FB5Jck7Kgm68eWeKXdSzwn7obWp70Z59Etj+AoDGU/MOJH8yVUHz20ZMKDf KPDtbUfCq199QYj3FN9enRyRwqartmu+VlqjqYPuif+js+nizIOe1zQMsayMqWhOAD2V YkVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:from:references:to:subject; bh=xLwgfkOhNHs4zoXGz2I3v1YcwYAwENJlkDZWAOJT5Rg=; b=WmUqbL1/xKEihSrGgr21aCpztW/BJOv+sCaZ14h7sf/k/0BZRF4fmVBSRnN7zSQFUj afhTlyaFWpbpuU0VPS0JvSRnJVDP3iifMagEgw0hpUUE9tVpeKCjRahPGrX5xPbc4VKP yMRPzHP/oZvp5FqL48K68Qqqcfw7hs3o78pZt6c9nQop1hHKDAKS9FChYQ6JtbNYWeLb 8Sy6wNpXrphabJFqJPXjFBZFqtEgYdd4OqVFbiZJp1LHlni+s9HxS+jccOWD5/ka5dRe jJIdAVAJsHvjKroIecUsKNb4O1qYNNaidIhPBN1R4yqlCmIuCGrk/Olm7h0/DAdH4JXP O2Jg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l9si3096870ejc.237.2020.05.01.23.50.48; Fri, 01 May 2020 23:51:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726790AbgEBGtR (ORCPT + 99 others); Sat, 2 May 2020 02:49:17 -0400 Received: from mx2.suse.de ([195.135.220.15]:39024 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726473AbgEBGtQ (ORCPT ); Sat, 2 May 2020 02:49:16 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id B0B25AB7D; Sat, 2 May 2020 06:49:14 +0000 (UTC) Subject: Re: kernel BUG at arch/x86/mm/physaddr.c:LINE! (5) To: syzbot , daniel.vetter@ffwll.ch, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, nico@fluxnic.net, sam@ravnborg.org, syzkaller-bugs@googlegroups.com References: <000000000000479d8d05a49221b1@google.com> From: Jiri Slaby Autocrypt: addr=jslaby@suse.com; prefer-encrypt=mutual; keydata= mQINBE6S54YBEACzzjLwDUbU5elY4GTg/NdotjA0jyyJtYI86wdKraekbNE0bC4zV+ryvH4j rrcDwGs6tFVrAHvdHeIdI07s1iIx5R/ndcHwt4fvI8CL5PzPmn5J+h0WERR5rFprRh6axhOk rSD5CwQl19fm4AJCS6A9GJtOoiLpWn2/IbogPc71jQVrupZYYx51rAaHZ0D2KYK/uhfc6neJ i0WqPlbtIlIrpvWxckucNu6ZwXjFY0f3qIRg3Vqh5QxPkojGsq9tXVFVLEkSVz6FoqCHrUTx wr+aw6qqQVgvT/McQtsI0S66uIkQjzPUrgAEtWUv76rM4ekqL9stHyvTGw0Fjsualwb0Gwdx ReTZzMgheAyoy/umIOKrSEpWouVoBt5FFSZUyjuDdlPPYyPav+hpI6ggmCTld3u2hyiHji2H cDpcLM2LMhlHBipu80s9anNeZhCANDhbC5E+NZmuwgzHBcan8WC7xsPXPaiZSIm7TKaVoOcL 9tE5aN3jQmIlrT7ZUX52Ff/hSdx/JKDP3YMNtt4B0cH6ejIjtqTd+Ge8sSttsnNM0CQUkXps w98jwz+Lxw/bKMr3NSnnFpUZaxwji3BC9vYyxKMAwNelBCHEgS/OAa3EJoTfuYOK6wT6nadm YqYjwYbZE5V/SwzMbpWu7Jwlvuwyfo5mh7w5iMfnZE+vHFwp/wARAQABtBxKaXJpIFNsYWJ5 IDxqc2xhYnlAc3VzZS5jb20+iQI4BBMBAgAiBQJOkujrAhsDBgsJCAcDAgYVCAIJCgsEFgID AQIeAQIXgAAKCRC9JbEEBrRwSc1VD/9CxnyCYkBrzTfbi/F3/tTstr3cYOuQlpmufoEjCIXx PNnBVzP7XWPaHIUpp5tcweG6HNmHgnaJScMHHyG83nNAoCEPihyZC2ANQjgyOcnzDOnW2Gzf 8v34FDQqj8CgHulD5noYBrzYRAss6K42yUxUGHOFI1Ky1602OCBRtyJrMihio0gNuC1lE4YZ juGZEU6MYO1jKn8QwGNpNKz/oBs7YboU7bxNTgKrxX61cSJuknhB+7rHOQJSXdY02Tt31R8G diot+1lO/SoB47Y0Bex7WGTXe13gZvSyJkhZa5llWI/2d/s1aq5pgrpMDpTisIpmxFx2OEkb jM95kLOs/J8bzostEoEJGDL4u8XxoLnOEjWyT82eKkAe4j7IGQlA9QQR2hCMsBdvZ/EoqTcd SqZSOto9eLQkjZLz0BmeYIL8SPkgnVAJ/FEK44NrHUGzjzdkE7a0jNvHt8ztw6S+gACVpysi QYo2OH8hZGaajtJ8mrgN2Lxg7CpQ0F6t/N1aa/+A2FwdRw5sHBqA4PH8s0Apqu66Q94YFzzu 8OWkSPLgTjtyZcez79EQt02u8xH8dikk7API/PYOY+462qqbahpRGaYdvloaw7tOQJ224pWJ 4xePwtGyj4raAeczOcBQbKKW6hSH9iz7E5XUdpJqO3iZ9psILk5XoyO53wwhsLgGcrkCDQRO kueGARAAz5wNYsv5a9z1wuEDY5dn+Aya7s1tgqN+2HVTI64F3l6Yg753hF8UzTZcVMi3gzHC ECvKGwpBBwDiJA2V2RvJ6+Jis8paMtONFdPlwPaWlbOv4nHuZfsidXkk7PVCr4/6clZggGNQ qEjTe7Hz2nnwJiKXbhmnKfYXlxftT6KdjyUkgHAs8Gdz1nQCf8NWdQ4P7TAhxhWdkAoOIhc4 OQapODd+FnBtuL4oCG0c8UzZ8bDZVNR/rYgfNX54FKdqbM84FzVewlgpGjcUc14u5Lx/jBR7 ttZv07ro88Ur9GR6o1fpqSQUF/1V+tnWtMQoDIna6p/UQjWiVicQ2Tj7TQgFr4Fq8ZDxRb10 Zbeds+t+45XlRS9uexJDCPrulJ2sFCqKWvk3/kf3PtUINDR2G4k228NKVN/aJQUGqCTeyaWf fU9RiJU+sw/RXiNrSL2q079MHTWtN9PJdNG2rPneo7l0axiKWIk7lpSaHyzBWmi2Arj/nuHf Maxpc708aCecB2p4pUhNoVMtjUhKD4+1vgqiWKI6OsEyZBRIlW2RRcysIwJ648MYejvf1dzv mVweUa4zfIQH/+G0qPKmtst4t/XLjE/JN54XnOD/TO1Fk0pmJyASbHJQ0EcecEodDHPWP6bM fQeNlm1eMa7YosnXwbTurR+nPZk+TYPndbDf1U0j8n0AEQEAAYkCHwQYAQIACQUCTpLnhgIb DAAKCRC9JbEEBrRwSTe1EACA74MWlvIhrhGWd+lxbXsB+elmL1VHn7Ovj3qfaMf/WV3BE79L 5A1IDyp0AGoxv1YjgE1qgA2ByDQBLjb0yrS1ppYqQCOSQYBPuYPVDk+IuvTpj/4rN2v3R5RW d6ozZNRBBsr4qHsnCYZWtEY2pCsOT6BE28qcbAU15ORMq0nQ/yNh3s/WBlv0XCP1gvGOGf+x UiE2YQEsGgjs8v719sguok8eADBbfmumerh/8RhPKRuTWxrXdNq/pu0n7hA6Btx7NYjBnnD8 lV8Qlb0lencEUBXNFDmdWussMAlnxjmKhZyb30m1IgjFfG30UloZzUGCyLkr/53JMovAswmC IHNtXHwb58Ikn1i2U049aFso+WtDz4BjnYBqCL1Y2F7pd8l2HmDqm2I4gubffSaRHiBbqcSB lXIjJOrd6Q66u5+1Yv32qk/nOL542syYtFDH2J5wM2AWvfjZH1tMOVvVMu5Fv7+0n3x/9shY ivRypCapDfcWBGGsbX5eaXpRfInaMTGaU7wmWO44Z5diHpmQgTLOrN9/MEtdkK6OVhAMVenI w1UnZnA+ZfaZYShi5oFTQk3vAz7/NaA5/bNHCES4PcDZw7Y/GiIh/JQR8H1JKZ99or9LjFeg HrC8YQ1nzkeDfsLtYM11oC3peHa5AiXLmCuSC9ammQ3LhkfET6N42xTu2A== Message-ID: <0c39d350-846a-eeda-f202-e36a53d495b2@suse.com> Date: Sat, 2 May 2020 08:49:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0 MIME-Version: 1.0 In-Reply-To: <000000000000479d8d05a49221b1@google.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01. 05. 20, 10:40, syzbot wrote: > Hello, > > syzbot found the following crash on: > > HEAD commit: 6a8b55ed Linux 5.7-rc3 > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=1447420fe00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=1ac152749c11ca54 > dashboard link: https://syzkaller.appspot.com/bug?extid=0bfda3ade1ee9288a1be > compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12db1b80100000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15efcb80100000 > > The bug was bisected to: > > commit 9a98e7a80f95378c9ee0c644705e3b5aa54745f1 > Author: Nicolas Pitre > Date: Sun Mar 29 02:25:11 2020 +0000 > > vt: don't use kmalloc() for the unicode screen buffer > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=16bb967fe00000 > final crash: https://syzkaller.appspot.com/x/report.txt?x=15bb967fe00000 > console output: https://syzkaller.appspot.com/x/log.txt?x=11bb967fe00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+0bfda3ade1ee9288a1be@syzkaller.appspotmail.com > Fixes: 9a98e7a80f95 ("vt: don't use kmalloc() for the unicode screen buffer") > > ------------[ cut here ]------------ > kernel BUG at arch/x86/mm/physaddr.c:28! > invalid opcode: 0000 [#1] PREEMPT SMP KASAN > CPU: 1 PID: 7061 Comm: syz-executor995 Not tainted 5.7.0-rc3-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 > RIP: 0010:__phys_addr+0x10e/0x120 arch/x86/mm/physaddr.c:28 > Code: 6b 89 80 e1 07 38 c1 0f 8c 75 ff ff ff 48 c7 c7 85 a3 6b 89 e8 f3 a8 7d 00 e9 64 ff ff ff e8 b9 c5 3f 00 0f 0b e8 b2 c5 3f 00 <0f> 0b e8 ab c5 3f 00 0f 0b 66 0f 1f 84 00 00 00 00 00 53 48 89 fb > RSP: 0018:ffffc900016579f8 EFLAGS: 00010093 > RAX: ffffffff81339bbe RBX: 0000000000000001 RCX: ffff88808dd5a340 > RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 > RBP: 00000000ffffffea R08: ffffffff81339b2c R09: ffffed1015d27074 > R10: ffffed1015d27074 R11: 0000000000000000 R12: ffffc900016c9000 > R13: dffffc0000000000 R14: 00004080016c9000 R15: ffffffff83fad568 > FS: 0000000001f5d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000000000043e7d0 CR3: 0000000099a6c000 CR4: 00000000001406e0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > virt_to_head_page include/linux/mm.h:833 [inline] > virt_to_cache mm/slab.h:474 [inline] > kfree+0x60/0x220 mm/slab.c:3749 > vc_do_resize+0x738/0x1ce0 drivers/tty/vt/vt.c:1233 Of course, s/kfree/vfree/ there. NIcolas, could you fix this? thanks, -- js suse labs