Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S938596AbdLSDje (ORCPT ); Mon, 18 Dec 2017 22:39:34 -0500 Received: from scorn.kernelslacker.org ([45.56.101.199]:45098 "EHLO scorn.kernelslacker.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932888AbdLSDj1 (ORCPT ); Mon, 18 Dec 2017 22:39:27 -0500 Date: Mon, 18 Dec 2017 22:39:26 -0500 From: Dave Jones To: Linus Torvalds Cc: Al Viro , Linux Kernel Subject: Re: proc_flush_task oops Message-ID: <20171219033926.GA26981@codemonkey.org.uk> Mail-Followup-To: Dave Jones , Linus Torvalds , Al Viro , Linux Kernel References: <20171218214438.GA32728@codemonkey.org.uk> <20171218221541.GP21978@ZenIV.linux.org.uk> <20171218231013.GA9481@codemonkey.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.2 (2017-12-15) X-Spam-Note: SpamAssassin invocation failed Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 802 Lines: 20 On Mon, Dec 18, 2017 at 03:50:52PM -0800, Linus Torvalds wrote: > But I don't see what would have changed in this area recently. > > Do you end up saving the seeds that cause crashes? Is this > reproducible? (Other than seeing it twoce, of course) Only clue so far, is every time I'm able to trigger it, the last thing the child process that triggers it did, was an execveat. Telling it to just fuzz execveat doesn't instantly trigger it, so it must be a combination of some other syscall. I'll leave a script running overnight to see if I can binary search the other syscalls in combination with it. One other thing: I said this was rc4, but it was actually rc4 + all the x86 stuff from today. There's enough creepy stuff in that pile, that I'll try with just plain rc4 tomorrow too. Dave