Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3891061yba; Tue, 9 Apr 2019 06:58:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqxkBYL0zstspTHB6WWL+ESry0hhzm5eHAZ1NlWV2rh9pw7msmtNoqVtTXdyq0SIFg1MydRT X-Received: by 2002:a63:1c6:: with SMTP id 189mr35458126pgb.22.1554818338697; Tue, 09 Apr 2019 06:58:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554818338; cv=none; d=google.com; s=arc-20160816; b=ObxSJmIlY+MVlLjGC7HT0FqVnwBNfRYQgtqcueLGAuph6oK18tan1z6KhmQ0mgSljV mvBtRg19Ao+NKdBRMoa7YG7z3aKA7ofcb8dBpcGMJr2nLOz+2y59ZsLuVzdA6OZZT3oJ qV2qmqkGZ1afM8A61Io0YfjVSNmdEfZxyHO3Nt2j+iI15Ux63fsCiUAdEg3c2qMmCwHF mZw70yxatuxqw2wkdQND065/W25f02knuUjhWwtEdBERYcm5PYqKKzjjjSCZPQSPeyg+ Kj/nreH44PuDxxQ4RHPHHf4Bm4elEdg4efBn0So5+j1rt1zFg4Euw5HyjMQoA+/4E061 lANA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=GnNblYSNAiB2DbIDnr9J/eQ0EiGpohJWQg05spCDaJ0=; b=0ZTq6BV9nSNvO9MqqwP6il1RycOQnckVLd6tDJNstMS6a1mMGb3IipyJFewbdb565g Ky537AvwNZlDslmIJEhZyU/5xQ4F+8cH7BcjU2V5VhLjfNuj8zhyEDd0DeisIoWqrH7q uZZwfpABSeiRTsBYPO0d8ljlNtznTC3mu7WIGoeJ+01t/U1t+7hLV5n08res+EJQ8B4E 51cSGEmS+f7DQn+zdWNUdDFnopZFgUlbLpmbtWS6xGRm+mCKMhRfE5jTSIHM5B3W/8OL 8NsP9KWQB34Kc6voYxuqPPKp1PfYV/xKahUhNoptuc0eeZXCetEM3k/HGVx7LTuu2WEJ mY9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=p9cdcCHk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g11si18422718plt.35.2019.04.09.06.58.42; Tue, 09 Apr 2019 06:58:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=p9cdcCHk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726479AbfDIN6A (ORCPT + 99 others); Tue, 9 Apr 2019 09:58:00 -0400 Received: from mail-it1-f196.google.com ([209.85.166.196]:39577 "EHLO mail-it1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726437AbfDIN57 (ORCPT ); Tue, 9 Apr 2019 09:57:59 -0400 Received: by mail-it1-f196.google.com with SMTP id 139so4999019ita.4 for ; Tue, 09 Apr 2019 06:57:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=GnNblYSNAiB2DbIDnr9J/eQ0EiGpohJWQg05spCDaJ0=; b=p9cdcCHkQIDkseLfuGd2PpCDSeDsojmICQfEj4H59fgcBz6LSVwcAJ4NkOjKIx7ssV TiAS7/qCGmGfloxkG01wCauUqpNdjurM1U7AlCFd9M7wehQA2Yd5FmBUQmwjOY8OhaeA RJZNRcwcVgImrPaPIguqHFKgw/zf/eQyXAeMjkX6Bd6CQbDv8G+0ylixLQYVWUyuprei FXm/W4T3IhBQXgkN57IRaOkaVDJxPSaWTIBKqw+xgOZA5KSM+YPIVnxAWUDbsY2Pk58U ZAVoPW73Ej/ztqT6I69qV+Z/PebKHWUDK1oPDs6ei/GPNw5owrhDrbDZ+A+wBaW/GCc6 6MUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GnNblYSNAiB2DbIDnr9J/eQ0EiGpohJWQg05spCDaJ0=; b=QRoVB2jEmiQfAC/EtjJnh+9deAWV/gYxkvOWzIqv0UMUausY7NY+1M7UETiHhnF9BC ipgk+RzpxyiWgt9zt7uMwATjR7cg8RAiEWPNOheS3wExn3VRICEPJUTqhcA00I312dF6 48ME9cRkBUvgbDAyt1SZ/De3O0MLGYxQbC4+BNcw4wzi75YbFdyLRtqiY3SSqFXk2z94 pfj5DIcBx8bsLacTe/nWc+IeZjqMB8XIiLetkD++tTbMySXoDjORk6KfVQtcnlYqHHit rOCFDMuAZEwUfY0WysPW0pIu63/25h1ASTpe909SSu+gkcgb1c9u+o+6Y5lPct/fiYro eAyA== X-Gm-Message-State: APjAAAWXj9GZbu4J7JQjfeFcmaJSmvwD3GQ6Z1F9GtYyJGP5JgIfxOkR VBA09533JpE1abUoy39oN87qiLRAK3Jaj8a0GHyATQ== X-Received: by 2002:a02:7654:: with SMTP id z81mr25646819jab.79.1554818278018; Tue, 09 Apr 2019 06:57:58 -0700 (PDT) MIME-Version: 1.0 References: <000000000000396c09057a17b6fd@google.com> <0000000000008a1687057acbb692@google.com> In-Reply-To: <0000000000008a1687057acbb692@google.com> From: Dmitry Vyukov Date: Tue, 9 Apr 2019 15:57:45 +0200 Message-ID: Subject: Re: general protection fault in rdma_listen (2) To: syzbot , markb@mellanox.com Cc: danielj@mellanox.com, Doug Ledford , Jason Gunthorpe , Leon Romanovsky , LKML , linux-rdma@vger.kernel.org, parav@mellanox.com, swise@opengridcomputing.com, syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 16, 2018 at 6:44 PM syzbot wrote: > > syzbot has found a reproducer for the following crash on: > > HEAD commit: da5322e65940 Merge tag 'selinux-pr-20181115' of git://git... > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=13a06f7b400000 > kernel config: https://syzkaller.appspot.com/x/.config?x=d86f24333880b605 > dashboard link: https://syzkaller.appspot.com/bug?extid=6b46b135602a3f3ac99e > compiler: gcc (GCC) 8.0.1 20180413 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10fa8a47400000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+6b46b135602a3f3ac99e@syzkaller.appspotmail.com > > IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready > IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready > 8021q: adding VLAN 0 to HW filter on device team0 > kasan: CONFIG_KASAN_INLINE enabled > kasan: GPF could be caused by NULL-ptr deref or user memory access > general protection fault: 0000 [#1] PREEMPT SMP KASAN > CPU: 1 PID: 6328 Comm: syz-executor0 Not tainted 4.20.0-rc2+ #337 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > RIP: 0010:cma_bind_listen drivers/infiniband/core/cma.c:3355 [inline] > RIP: 0010:rdma_listen+0x357/0x990 drivers/infiniband/core/cma.c:3469 > Code: 4c 8b ab c8 01 00 00 31 f6 48 c7 c7 60 3b db 89 e8 9e eb 25 02 48 b8 > 00 00 00 00 00 fc ff df 49 8d 7d 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f > 85 64 05 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b > RSP: 0018:ffff8881b266f970 EFLAGS: 00010202 > RAX: dffffc0000000000 RBX: ffff8881ba9a6d80 RCX: 0000000000000000 > RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000008 > RBP: ffff8881b266fa10 R08: fffffbfff13b6775 R09: fffffbfff13b6774 > R10: ffff8881b266f960 R11: ffffffff89db3ba3 R12: 1ffff110364cdf31 > R13: 0000000000000000 R14: 0000000000000003 R15: ffff8881d908fa80 > FS: 00007f22f9e27700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00000000004cef08 CR3: 00000001ba4b4000 CR4: 00000000001406e0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > ucma_listen+0x1a4/0x260 drivers/infiniband/core/ucma.c:1100 > ucma_write+0x365/0x460 drivers/infiniband/core/ucma.c:1689 > __vfs_write+0x119/0x9f0 fs/read_write.c:485 > vfs_write+0x1fc/0x560 fs/read_write.c:549 > ksys_write+0x101/0x260 fs/read_write.c:598 > __do_sys_write fs/read_write.c:610 [inline] > __se_sys_write fs/read_write.c:607 [inline] > __x64_sys_write+0x73/0xb0 fs/read_write.c:607 > do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 > entry_SYSCALL_64_after_hwframe+0x49/0xbe > RIP: 0033:0x457569 > Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 > 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff > ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 > RSP: 002b:00007f22f9e26c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 > RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 > RDX: 0000000000000010 RSI: 00000000200000c0 RDI: 0000000000000005 > RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 00007f22f9e276d4 > R13: 00000000004c571f R14: 00000000004d9360 R15: 00000000ffffffff > Modules linked in: > ---[ end trace ad276a0bcb316fb3 ]--- > RIP: 0010:cma_bind_listen drivers/infiniband/core/cma.c:3355 [inline] > RIP: 0010:rdma_listen+0x357/0x990 drivers/infiniband/core/cma.c:3469 > Code: 4c 8b ab c8 01 00 00 31 f6 48 c7 c7 60 3b db 89 e8 9e eb 25 02 48 b8 > 00 00 00 00 00 fc ff df 49 8d 7d 08 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f > 85 64 05 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b > RSP: 0018:ffff8881b266f970 EFLAGS: 00010202 > RAX: dffffc0000000000 RBX: ffff8881ba9a6d80 RCX: 0000000000000000 > RDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000008 > RBP: ffff8881b266fa10 R08: fffffbfff13b6775 R09: fffffbfff13b6774 > R10: ffff8881b266f960 R11: ffffffff89db3ba3 R12: 1ffff110364cdf31 > R13: 0000000000000000 R14: 0000000000000003 R15: ffff8881d908fa80 > FS: 00007f22f9e27700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: ffffffffff600400 CR3: 00000001ba4b4000 CR4: 00000000001406e0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Hi Mark, You tested some fixed for this bug. The latest tested patch did not trigger crash. Bug syzbot never seen any fixes for this bug. If you submitted the patch, please mark this bug as fixed. Thanks