Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp2295452imc; Tue, 12 Mar 2019 10:48:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqxKekx4vcbWlvCQfKB6xCvqCf4q39x8cmrpY/Cehg82VuOgDJ7RHY4tQFPLGv0KXgqrKWpr X-Received: by 2002:a63:f84d:: with SMTP id v13mr36505275pgj.384.1552412895986; Tue, 12 Mar 2019 10:48:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552412895; cv=none; d=google.com; s=arc-20160816; b=QOLqe7aw/Lvw5GB1EHcL10tUHNZYyF9N+xczH6qpxiWNda+QY/MYmhe6nRDY5TmhYL OZ9GyEJCXENRj3LSIJiuI0rifZPplWDlQ23nAyfk6cr2V05nQn+PnH0sh2NJFvvekDRY 5CpKLpcv/J6myjie0NKH9BM6pJpHhu6cv8SAqMfkbS3lYx2dyvAWEqYS3L88lM4e67b3 s+tb2expSQQjzCvDCKerpxwwcHlzyJ8HQi4DyWfgsAHebL11haOqIZE0nTSBVN9XaGpF FGWvqKMLo1gw8eVkLbpZJlltDEjIjeNIr35SkPZXNvELJyynkY8kHtGA+4kE9gICT2br f4gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=WS/zoe9Fq2qDK9lRGH6W30+/oPnf/aVCcbDJGZCBBdU=; b=bmZ5x/kGXhblbVycCwVVwKcraMqYXBuO1QlIYGZsJcqdSoiAvLFp3onTiJihh/Wmrm Vbl2FncbIciok30/cIDjMgKr4fn2O+gg8A+3/pTRoIA7LDPsi9OSc8C4T+fNJQ0tbkVJ XrzfjjbdFPPGbXuURtOKNcHqkmKt3UanxY1c0TuB2zJQq9Ti7smmRcSAcLRxbRkaoawb JIfETOn31ZkIszgZoiRo3QXaDkmFWLxIyrzoSZtNrKtwpiwg2GvPPC3nJcmCIMBfDbJO PD7tF+uiKnffbwLVznaNRkG8y/9LoCEgwWSsSVQXCpeoZLqUtax96qsIWLKRyOW49pNc 1Bww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XXfF694R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i6si7785466pgq.423.2019.03.12.10.48.00; Tue, 12 Mar 2019 10:48:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XXfF694R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728890AbfCLRrK (ORCPT + 99 others); Tue, 12 Mar 2019 13:47:10 -0400 Received: from mail-io1-f66.google.com ([209.85.166.66]:37512 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728792AbfCLRrJ (ORCPT ); Tue, 12 Mar 2019 13:47:09 -0400 Received: by mail-io1-f66.google.com with SMTP id x7so2888724ioh.4 for ; Tue, 12 Mar 2019 10:47:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WS/zoe9Fq2qDK9lRGH6W30+/oPnf/aVCcbDJGZCBBdU=; b=XXfF694RgGbcN683Zkyd3LiWrPi6C7L7emapJR2qyNEO4NAsgHJsu0w9613q72tCcO K6OESGGQr0YVti0KgrkZD5Pyqb4Zbkeg6CC681Y8YQdvR2RrVeoTuQRuZ7Gc/O8G2zl2 mu4Ya8HnO/t958ewUUicnfSqwtCk1zRSwK2dVqbvjGnxGSUW8KaeEuqau7vClbLYssK+ 2vSE8nTPU6tahuBgwUSoOaIl9emJ5Y5Ll581P/1Uy11SX9fN6ltQtkmHiSuth8EQdT/r twcAuHg2un5X2WeL+GDmi173hUR9EGDLWB/ahONdje3HuTFXRn6CDOJ8RpkjQzt8ac7u L2WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WS/zoe9Fq2qDK9lRGH6W30+/oPnf/aVCcbDJGZCBBdU=; b=aa5C3OTTM1wnZaudMYgTEZzdD8eDqqla6vWiPz7e8090W6JQPLwfq+h9XnNg5R1o7t O6GPfO521F/K3hnSshC7hoprG12Qo5oa7yjtNNcreVyAkgC6TlHRXEz0GBhWMrU3/NeT PjdO9n8ANc1yMmfXN7sgakpUuRCaZMH9H1M/OLeUneCnT5gVlBnbv7RHUlK3ikysHro7 kNYTVhnJIbvdoITb1xXq3Mqs65skg3KMjGlXdeszZlbQlHMnm23v9Dyhm3csHsF7k25Q CJ9Q3C60RgwFu79NymosmXBzgVW1QfBKl81mJaNB1i/iNFAjgIGjsmmbpsKT1kjnYEp+ b6eA== X-Gm-Message-State: APjAAAWy3X/uv7pIrfBiFbXQGMX16JSRoPOOkKjIm3YFeFJdW5PF3CHM dQp8nWAng4PBd/Jq6UWVsJAiv+wpgTxI4ALZIurXVg== X-Received: by 2002:a6b:3709:: with SMTP id e9mr11117866ioa.282.1552412827423; Tue, 12 Mar 2019 10:47:07 -0700 (PDT) MIME-Version: 1.0 References: <000000000000032b7f0583d16e0e@google.com> In-Reply-To: From: Dmitry Vyukov Date: Tue, 12 Mar 2019 18:46:56 +0100 Message-ID: Subject: Re: general protection fault in skb_put To: James Smart Cc: James Smart , syzbot , Jens Axboe , Christoph Hellwig , Johan Hedberg , keith.busch@intel.com, linux-bluetooth , LKML , linux-nvme@lists.infradead.org, Marcel Holtmann , Sagi Grimberg , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 11, 2019 at 7:10 PM James Smart wrote: > > On 3/11/2019 9:40 AM, Dmitry Vyukov wrote: > > On Mon, Mar 11, 2019 at 5:20 PM 'James Smart' via syzkaller-bugs > > wrote: > >> > >> On 3/11/2019 6:20 AM, syzbot wrote: > >>> syzbot has bisected this bug to: > >>> > >>> commit 97faec531460c949d7120672b8c77e2f41f8d6d7 > >>> Author: James Smart > >>> Date: Thu Sep 13 23:17:38 2018 +0000 > >>> > >>> nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device > >>> > >>> bisection log: > >>> https://syzkaller.appspot.com/x/bisect.txt?x=121f55db200000 > >>> start commit: 97faec53 nvme_fc: add 'nvme_discovery' sysfs attribute > >>> to .. > >>> git tree: linux-next > >>> final crash: https://syzkaller.appspot.com/x/report.txt?x=111f55db200000 > >>> console output: https://syzkaller.appspot.com/x/log.txt?x=161f55db200000 > >>> kernel config: https://syzkaller.appspot.com/x/.config?x=59aefae07c771af6 > >>> dashboard link: > >>> https://syzkaller.appspot.com/bug?extid=65788f9af9d54844389e > >>> userspace arch: amd64 > >>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=178e0798c00000 > >>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11b4f0b0c00000 > >>> > >>> Reported-by: syzbot+65788f9af9d54844389e@syzkaller.appspotmail.com > >>> Fixes: 97faec53 ("nvme_fc: add 'nvme_discovery' sysfs attribute to fc > >>> transport device") > >> > >> can someone contact me as to what this thing is doing and how to > >> interpret all the logs. nvme_fc isn't remotely in any of the logs and > >> doesn't use skb's unless the underlying udev_uevents are using them. > > > > Hi James, > > > > What exactly is unclear/needs interpretation? syzbot did what is > > commonly known as kernel/git bisection process. This is a new feature > > so there can be some rough edges. Hopefully we can improve the > > representation together. > > > > Thanks > > > Everything is unclear. You're telling me that an error occurred and that > you reduced it to the git submit where the error starts appearing. > > Usually there would be something in the base crash, which I'm looking at > in https://syzkaller.appspot.com/x/report.txt?x=111f55db200000 which > would point back at something in the patch or related to it. There are > no relationships. I can't quite figure out what the base test actually > did that generated the failure to see if there's any possible relationship. > > Everything in the base crash stacktrace points to an issue in the > bluetooth uart driver doing all the logging - not the patch called out. Everything up to this point is perfectly correct. So lots of things seem to be clear to you ;) The base test case is provided in under the "syz/C repro" links in the original report and in the bisection results report. > So this looks like a failure of your infrastructure. I agree that the result seems to be unrelated to the original crash. What is the root cause is a good question. You can see the exact history of how bisection progressed any why it ended up at the commit it ended up over the "bisection log" link. Kernel is unfortunately (or fortunately) is not a single-threaded deterministic user-space parser library without global state where everything can be bisected precisely. There is a very long tail of other problems as well. E.g. the same reproducer triggering multiple bugs at once, of different bugs at different commit ranges. At the same time lots of people asked for bisection of bugs. So this is where we are. I've started collecting all cases with incorrect bisection results, so that we can draw broader conclusions later and bucket common root causes: https://github.com/google/syzkaller/issues/1051 Added this case too.