Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp3493044imm; Sun, 13 May 2018 12:39:21 -0700 (PDT) X-Google-Smtp-Source: AB8JxZplE0l0yYpe70USwKUeg8bVsun4YuPHOKWAkQZwf4XTMYgpNZRrSx7a99bPZouOSpw6sqx6 X-Received: by 2002:a62:850f:: with SMTP id u15-v6mr7424697pfd.160.1526240361600; Sun, 13 May 2018 12:39:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526240361; cv=none; d=google.com; s=arc-20160816; b=Eq3PZ72RU5avCq7VRtrwJ3MziNgtSFIafBnqK5UXxqu7pUfeGOl+NRmQS2gl45lZ0h afErWZUNOrMxPwNWD/Au0nt7gtKVZiLugKUm3lLWlsql0YNtWstRk5Xrayel+Sr4Fua3 A7xFRKMrY+0EjlaI81jSS5rvZ4gDReLzNmnBqGqgq69RSsnkBsL0d8NfNcCpFdpapdEh KJoyAN7LF5fuF2IguQCxHEku8RBwl++38wfhZWRWq8cckTVEWVGg6YvX2CUCJb8LdVy3 sBk6MfsWIcAqUB02axx9XEQYsGNnJcx6ZFSKhe0fs90J+ZmFx67+Wleq22EmZBvwnw3M yeFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=ND7CDGaob0B/ML5J7f5z502TIAXQ3Zwk0vv+6x/D7nY=; b=tenroEbHZzXEu1+rwdb9uGgqJVxg154yCMsa4EY3bJ05yRTaFftUhJUf0TPd2LeGmY lHQ9nwdYxfxoT7wlYsfS2iOFtweZ3UfDb0ZnbU1OVK0bCK8GjmmX85QB/6BmLgoj2/QO FDgRGMnnSczNQ4jD1jShaK4y4AuokD0RUy7WohTK2+uvZ/iGpy0CoGI8LpEEyZjZCRel 8l7Z5/Bh9zokCQSF6PO+ZPmV4ydE+Tl8bcWd0tlZSWqE7yHo19XjO4AHaEH11yctQjVy ZFJOaPYOUtyGjLkKIIRwe/MunDZBTRhDgTOiTbYUIGKcKAcTxeuVq83cJ0it/AboeJ/4 yuWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fdxGiOsY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e39-v6si4309057plg.168.2018.05.13.12.39.06; Sun, 13 May 2018 12:39:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fdxGiOsY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751991AbeEMTix (ORCPT + 99 others); Sun, 13 May 2018 15:38:53 -0400 Received: from mail-pg0-f44.google.com ([74.125.83.44]:45072 "EHLO mail-pg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751961AbeEMTiv (ORCPT ); Sun, 13 May 2018 15:38:51 -0400 Received: by mail-pg0-f44.google.com with SMTP id w3-v6so4541543pgv.12; Sun, 13 May 2018 12:38:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ND7CDGaob0B/ML5J7f5z502TIAXQ3Zwk0vv+6x/D7nY=; b=fdxGiOsY8RD7M/mUzT7VMZJn7bdIkr9ZUfQn+3RDxsjtV9hF7BMyZUEaVOMhAGCDem sX1f9/pCJ3DgjLc9p+z3jFFha5Nl+0INCC3YNmc625SHVugLJZL1w/SIx03v2nBHIpOi ONIxshgGwUl1CHpL3lZ4AJc1SPnLoYOFk+rhfC1vIMu/G95Hg7M/3xY64RhzhcsW8ahZ HcKC4gHiDqAY4VgMAbEcbkgGzpFdgyDWVw8CLVxizXMHbTnHn5jZ81TU19NHd1vx8PJP 9wAVYD5ARm78NqamkhS9xvOPiCeHTzikBTj/wiYtulYIGSKFKgFv6mg72vrPd5pcODYV 4Tcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ND7CDGaob0B/ML5J7f5z502TIAXQ3Zwk0vv+6x/D7nY=; b=Eba+Ep1Bd7UwVcPSCR8ZhGVTQqnV9duUJv1BVxRvVwirkGVgHQSRRGkWUsPNVTWEaF Fft9BRLZ17IY6CUnkj7ABlIouHXphPkFgSAfZv5OiqMOUTkow42Imfc1mB7rO8vcQNz1 B+kmdaOjPW3Q5PC51v0AHXwKkqdWhu5ROHsZq2VscMxgiIR4wpYpGR0ZNItBliURICLv yvnnF9miBEwvRcUWYxaoQ6z/cpzm3lwKl1uf33036IpbCpgIE0ABaO3SVjvQkmr54oMM 9zcwpATS8y/C+slpcKK5KyXDE+KB2mC4qcG+ErnlnyO5icrkY62LqmOvSAQhg4VM4Df8 e1JA== X-Gm-Message-State: ALKqPwcrfrERLtUze5PEq+hrumda9kxvGmaSgNuhjW3/0LMJTe9IJdlM AWZa2JeJZRzCeyMq1RA+3XY= X-Received: by 2002:a63:7d43:: with SMTP id m3-v6mr6196642pgn.117.1526240330118; Sun, 13 May 2018 12:38:50 -0700 (PDT) Received: from sol.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id z127-v6sm10152344pgb.31.2018.05.13.12.38.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 13 May 2018 12:38:49 -0700 (PDT) Date: Sun, 13 May 2018 12:40:56 -0700 From: Eric Biggers To: syzbot Cc: dledford@redhat.com, jgg@ziepe.ca, johannes.berg@intel.com, leonro@mellanox.com, linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org, monis@mellanox.com, muneendra.kumar@broadcom.com, pabeni@redhat.com, parav@mellanox.com, roland@purestorage.com, swise@opengridcomputing.com, syzkaller-bugs@googlegroups.com, yuval.shaia@oracle.com Subject: Re: general protection fault in rdma_addr_size Message-ID: <20180513194056.GB677@sol.localdomain> References: <001a1140e0de40f8e2056819e283@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <001a1140e0de40f8e2056819e283@google.com> User-Agent: Mutt/1.9.5 (2018-04-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 23, 2018 at 01:01:02PM -0700, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > 8f5fd927c3a7576d57248a2d7a0861c3f2795973 (Fri Mar 16 20:37:42 2018 +0000) > Merge tag 'for-4.16-rc5-tag' of > git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux > syzbot dashboard link: > https://syzkaller.appspot.com/bug?extid=2a2c48fc189ed5125b9c > > So far this crash happened 2 times on upstream. > C reproducer is attached. > syzkaller reproducer is attached. > Raw console output is attached. > .config is attached. > compiler: gcc (GCC) 7.1.1 20170620 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+2a2c48fc189ed5125b9c@syzkaller.appspotmail.com > It will help syzbot understand when the bug is fixed. See footer for > details. > If you forward the report, please keep this part and the footer. > > audit: type=1400 audit(1521277737.761:7): avc: denied { map } for > pid=4234 comm="syzkaller098821" path="/root/syzkaller098821515" dev="sda1" > ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 > kasan: CONFIG_KASAN_INLINE enabled > kasan: GPF could be caused by NULL-ptr deref or user memory access > general protection fault: 0000 [#1] SMP KASAN > Dumping ftrace buffer: > (ftrace buffer empty) > Modules linked in: > CPU: 0 PID: 4236 Comm: syzkaller098821 Not tainted 4.16.0-rc5+ #357 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:rdma_addr_size+0x1e/0x70 drivers/infiniband/core/addr.c:197 > RSP: 0018:ffff8801b9cc7870 EFLAGS: 00010202 > RAX: dffffc0000000000 RBX: 0000000000000020 RCX: ffffffff841374bd > RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000020 > RBP: ffff8801b9cc7878 R08: ffffed0037398f3a R09: ffff8801b9cc78c0 > R10: 0000000000000022 R11: ffffed0037398f39 R12: ffff8801b9cc78c0 > R13: ffff8801b260a1f0 R14: ffff8801b9cc7a00 R15: 0000000000000020 > FS: 00007fd9212b2700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007fd9212b1e78 CR3: 00000001b7af4006 CR4: 00000000001606f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > ucma_query_addr.isra.7+0xce/0x4f0 drivers/infiniband/core/ucma.c:871 > ucma_query+0x1bb/0x230 drivers/infiniband/core/ucma.c:991 > ucma_write+0x2d6/0x3d0 drivers/infiniband/core/ucma.c:1633 > __vfs_write+0xef/0x970 fs/read_write.c:480 > vfs_write+0x189/0x510 fs/read_write.c:544 > SYSC_write fs/read_write.c:589 [inline] > SyS_write+0xef/0x220 fs/read_write.c:581 > do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 > entry_SYSCALL_64_after_hwframe+0x42/0xb7 > RIP: 0033:0x445959 > RSP: 002b:00007fd9212b1da8 EFLAGS: 00000297 ORIG_RAX: 0000000000000001 > RAX: ffffffffffffffda RBX: 00000000006dac5c RCX: 0000000000445959 > RDX: 0000000000000018 RSI: 00000000200022c0 RDI: 0000000000000003 > RBP: 00000000006dac58 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000297 R12: 006d635f616d6472 > R13: 2f646e6162696e69 R14: 666e692f7665642f R15: 0000000000000008 > Code: 29 e4 95 fd e9 f8 fe ff ff 90 90 90 90 55 48 89 e5 53 48 89 fb e8 e3 > a2 5d fd 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14 02 48 > 89 d8 83 e0 07 83 c0 01 38 d0 7c 04 84 d2 75 2f > RIP: rdma_addr_size+0x1e/0x70 drivers/infiniband/core/addr.c:197 RSP: > ffff8801b9cc7870 > ---[ end trace 6c753cc522bb59ed ]--- > Kernel panic - not syncing: Fatal exception > Dumping ftrace buffer: > (ftrace buffer empty) > Kernel Offset: disabled > Rebooting in 86400 seconds.. > > > --- > This bug is generated by a dumb bot. It may contain errors. > See https://goo.gl/tpsmEJ for details. > Direct all questions to syzkaller@googlegroups.com. > > syzbot will keep track of this bug report. > If you forgot to add the Reported-by tag, once the fix for this bug is > merged > into any tree, please reply to this email with: > #syz fix: exact-commit-title This seems to have been fixed by commit e8980d67d6017: #syz fix: RDMA/ucma: Ensure that CM_ID exists prior to access it - Eric