Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp2295452imc;
        Tue, 12 Mar 2019 10:48:16 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxKekx4vcbWlvCQfKB6xCvqCf4q39x8cmrpY/Cehg82VuOgDJ7RHY4tQFPLGv0KXgqrKWpr
X-Received: by 2002:a63:f84d:: with SMTP id v13mr36505275pgj.384.1552412895986;
        Tue, 12 Mar 2019 10:48:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1552412895; cv=none;
        d=google.com; s=arc-20160816;
        b=QOLqe7aw/Lvw5GB1EHcL10tUHNZYyF9N+xczH6qpxiWNda+QY/MYmhe6nRDY5TmhYL
         OZ9GyEJCXENRj3LSIJiuI0rifZPplWDlQ23nAyfk6cr2V05nQn+PnH0sh2NJFvvekDRY
         5CpKLpcv/J6myjie0NKH9BM6pJpHhu6cv8SAqMfkbS3lYx2dyvAWEqYS3L88lM4e67b3
         s+tb2expSQQjzCvDCKerpxwwcHlzyJ8HQi4DyWfgsAHebL11haOqIZE0nTSBVN9XaGpF
         FGWvqKMLo1gw8eVkLbpZJlltDEjIjeNIr35SkPZXNvELJyynkY8kHtGA+4kE9gICT2br
         f4gw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=WS/zoe9Fq2qDK9lRGH6W30+/oPnf/aVCcbDJGZCBBdU=;
        b=bmZ5x/kGXhblbVycCwVVwKcraMqYXBuO1QlIYGZsJcqdSoiAvLFp3onTiJihh/Wmrm
         Vbl2FncbIciok30/cIDjMgKr4fn2O+gg8A+3/pTRoIA7LDPsi9OSc8C4T+fNJQ0tbkVJ
         XrzfjjbdFPPGbXuURtOKNcHqkmKt3UanxY1c0TuB2zJQq9Ti7smmRcSAcLRxbRkaoawb
         JIfETOn31ZkIszgZoiRo3QXaDkmFWLxIyrzoSZtNrKtwpiwg2GvPPC3nJcmCIMBfDbJO
         PD7tF+uiKnffbwLVznaNRkG8y/9LoCEgwWSsSVQXCpeoZLqUtax96qsIWLKRyOW49pNc
         1Bww==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=XXfF694R;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i6si7785466pgq.423.2019.03.12.10.48.00;
        Tue, 12 Mar 2019 10:48:15 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=XXfF694R;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728890AbfCLRrK (ORCPT <rfc822;michael.k.kehoe@gmail.com>
        + 99 others); Tue, 12 Mar 2019 13:47:10 -0400
Received: from mail-io1-f66.google.com ([209.85.166.66]:37512 "EHLO
        mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728792AbfCLRrJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Mar 2019 13:47:09 -0400
Received: by mail-io1-f66.google.com with SMTP id x7so2888724ioh.4
        for <linux-kernel@vger.kernel.org>; Tue, 12 Mar 2019 10:47:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=WS/zoe9Fq2qDK9lRGH6W30+/oPnf/aVCcbDJGZCBBdU=;
        b=XXfF694RgGbcN683Zkyd3LiWrPi6C7L7emapJR2qyNEO4NAsgHJsu0w9613q72tCcO
         K6OESGGQr0YVti0KgrkZD5Pyqb4Zbkeg6CC681Y8YQdvR2RrVeoTuQRuZ7Gc/O8G2zl2
         mu4Ya8HnO/t958ewUUicnfSqwtCk1zRSwK2dVqbvjGnxGSUW8KaeEuqau7vClbLYssK+
         2vSE8nTPU6tahuBgwUSoOaIl9emJ5Y5Ll581P/1Uy11SX9fN6ltQtkmHiSuth8EQdT/r
         twcAuHg2un5X2WeL+GDmi173hUR9EGDLWB/ahONdje3HuTFXRn6CDOJ8RpkjQzt8ac7u
         L2WQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=WS/zoe9Fq2qDK9lRGH6W30+/oPnf/aVCcbDJGZCBBdU=;
        b=aa5C3OTTM1wnZaudMYgTEZzdD8eDqqla6vWiPz7e8090W6JQPLwfq+h9XnNg5R1o7t
         O6GPfO521F/K3hnSshC7hoprG12Qo5oa7yjtNNcreVyAkgC6TlHRXEz0GBhWMrU3/NeT
         PjdO9n8ANc1yMmfXN7sgakpUuRCaZMH9H1M/OLeUneCnT5gVlBnbv7RHUlK3ikysHro7
         kNYTVhnJIbvdoITb1xXq3Mqs65skg3KMjGlXdeszZlbQlHMnm23v9Dyhm3csHsF7k25Q
         CJ9Q3C60RgwFu79NymosmXBzgVW1QfBKl81mJaNB1i/iNFAjgIGjsmmbpsKT1kjnYEp+
         b6eA==
X-Gm-Message-State: APjAAAWy3X/uv7pIrfBiFbXQGMX16JSRoPOOkKjIm3YFeFJdW5PF3CHM
        dQp8nWAng4PBd/Jq6UWVsJAiv+wpgTxI4ALZIurXVg==
X-Received: by 2002:a6b:3709:: with SMTP id e9mr11117866ioa.282.1552412827423;
 Tue, 12 Mar 2019 10:47:07 -0700 (PDT)
MIME-Version: 1.0
References: <000000000000032b7f0583d16e0e@google.com> <b17bcabf-5f2c-083a-91a9-6d99f5111a3f@broadcom.com>
 <CACT4Y+aT_oeWK5UWy9N76noDEfPTC8q2d8vd+KugE2UXgxpJcQ@mail.gmail.com> <a68b264c-d573-87ef-13fb-883c6b0a710c@gmail.com>
In-Reply-To: <a68b264c-d573-87ef-13fb-883c6b0a710c@gmail.com>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Tue, 12 Mar 2019 18:46:56 +0100
Message-ID: <CACT4Y+aYo14D+o=mUmefw2PzPc3QpF7F4cQq9jK6tXmz5zxg6g@mail.gmail.com>
Subject: Re: general protection fault in skb_put
To:     James Smart <jsmart2021@gmail.com>
Cc:     James Smart <james.smart@broadcom.com>,
        syzbot <syzbot+65788f9af9d54844389e@syzkaller.appspotmail.com>,
        Jens Axboe <axboe@fb.com>, Christoph Hellwig <hch@lst.de>,
        Johan Hedberg <johan.hedberg@gmail.com>, keith.busch@intel.com,
        linux-bluetooth <linux-bluetooth@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        linux-nvme@lists.infradead.org,
        Marcel Holtmann <marcel@holtmann.org>,
        Sagi Grimberg <sagi@grimberg.me>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Mar 11, 2019 at 7:10 PM James Smart <jsmart2021@gmail.com> wrote:
>
> On 3/11/2019 9:40 AM, Dmitry Vyukov wrote:
> > On Mon, Mar 11, 2019 at 5:20 PM 'James Smart' via syzkaller-bugs
> > <syzkaller-bugs@googlegroups.com> wrote:
> >>
> >> On 3/11/2019 6:20 AM, syzbot wrote:
> >>> syzbot has bisected this bug to:
> >>>
> >>> commit 97faec531460c949d7120672b8c77e2f41f8d6d7
> >>> Author: James Smart <jsmart2021@gmail.com>
> >>> Date:   Thu Sep 13 23:17:38 2018 +0000
> >>>
> >>>      nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device
> >>>
> >>> bisection log:
> >>> https://syzkaller.appspot.com/x/bisect.txt?x=121f55db200000
> >>> start commit:   97faec53 nvme_fc: add 'nvme_discovery' sysfs attribute
> >>> to ..
> >>> git tree:       linux-next
> >>> final crash: https://syzkaller.appspot.com/x/report.txt?x=111f55db200000
> >>> console output: https://syzkaller.appspot.com/x/log.txt?x=161f55db200000
> >>> kernel config: https://syzkaller.appspot.com/x/.config?x=59aefae07c771af6
> >>> dashboard link:
> >>> https://syzkaller.appspot.com/bug?extid=65788f9af9d54844389e
> >>> userspace arch: amd64
> >>> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=178e0798c00000
> >>> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11b4f0b0c00000
> >>>
> >>> Reported-by: syzbot+65788f9af9d54844389e@syzkaller.appspotmail.com
> >>> Fixes: 97faec53 ("nvme_fc: add 'nvme_discovery' sysfs attribute to fc
> >>> transport device")
> >>
> >> can someone contact me as to what this thing is doing and how to
> >> interpret all the logs.  nvme_fc isn't remotely in any of the logs and
> >> doesn't use skb's unless the underlying udev_uevents are using them.
> >
> > Hi James,
> >
> > What exactly is unclear/needs interpretation? syzbot did what is
> > commonly known as kernel/git bisection process. This is a new feature
> > so there can be some rough edges. Hopefully we can improve the
> > representation together.
> >
> > Thanks
> >
> Everything is unclear. You're telling me that an error occurred and that
> you reduced it to the git submit where the error starts appearing.
>
> Usually there would be something in the base crash, which I'm looking at
> in https://syzkaller.appspot.com/x/report.txt?x=111f55db200000 which
> would point back at something in the patch or related to it. There are
> no relationships.  I can't quite figure out what the base test actually
> did that generated the failure to see if there's any possible relationship.
>
> Everything in the base crash stacktrace points to an issue in the
> bluetooth uart driver doing all the logging - not the patch called out.

Everything up to this point is perfectly correct. So lots of things
seem to be clear to you ;)
The base test case is provided in under the "syz/C repro" links in the
original report and in the bisection results report.

> So this looks like a failure of your infrastructure.

I agree that the result seems to be unrelated to the original crash.
What is the root cause is a good question. You can see the exact
history of how bisection progressed any why it ended up at the commit
it ended up over the "bisection log" link.
Kernel is unfortunately (or fortunately) is not a single-threaded
deterministic user-space parser library without global state where
everything can be bisected precisely. There is a very long tail of
other problems as well. E.g. the same reproducer triggering multiple
bugs at once, of different bugs at different commit ranges. At the
same time lots of people asked for bisection of bugs. So this is where
we are.
I've started collecting all cases with incorrect bisection results, so
that we can draw broader conclusions later and bucket common root
causes:
https://github.com/google/syzkaller/issues/1051
Added this case too.