Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752817AbdDMQHn (ORCPT ); Thu, 13 Apr 2017 12:07:43 -0400 Received: from mail-io0-f182.google.com ([209.85.223.182]:36132 "EHLO mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751296AbdDMQHl (ORCPT ); Thu, 13 Apr 2017 12:07:41 -0400 MIME-Version: 1.0 In-Reply-To: References: <20170326110432.GA9241@kroah.com> From: Linus Torvalds Date: Thu, 13 Apr 2017 09:07:40 -0700 X-Google-Sender-Auth: hOf3gIPi-_Vbc9QwOmMyXH85csM Message-ID: Subject: Re: [GIT PULL] TTY/Serial driver fixes for 4.11-rc4 To: Vegard Nossum Cc: Greg KH , Dmitry Vyukov , Jiri Slaby , Andrew Morton , LKML , linux-serial Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 777 Lines: 21 On Thu, Apr 13, 2017 at 3:50 AM, Vegard Nossum wrote: > > I've bisected a syzkaller crash down to this commit > (5362544bebe85071188dd9e479b5a5040841c895). The crash is: > > [ 25.137552] BUG: unable to handle kernel paging request at 0000000000002280 > [ 25.137579] IP: mutex_lock_interruptible+0xb/0x30 It would seem to be the if (mutex_lock_interruptible(&ldata->atomic_read_lock)) call in n_tty_read(), the offset is about right for a NULL 'ldata' pointer (it's a big structure, it has a couple of character buffers of size N_TTY_BUF_SIZE). I don't see the obvious fix, so I suspect at this point we should just revert, as that commit seems to introduce worse problems that it is supposed to fix. Greg? Linus