Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3796709pxk; Tue, 29 Sep 2020 06:34:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyF2wChLpnivTaH2umBMeG6mFiRIyWUcsjrLinLdQgMyYSukkijveCc829b43qkFOVfsjlU X-Received: by 2002:aa7:db02:: with SMTP id t2mr3199892eds.95.1601386478506; Tue, 29 Sep 2020 06:34:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601386478; cv=none; d=google.com; s=arc-20160816; b=JKIh73Hl25vCygoLvHVUACGI7b/vNKcVA7KdCVS0N6cEGC/9JDWXrzxMlhMQ+7zejf iM57lfrJA5AwZRuiyiLFLzMsdJ4E3mng5Ocy1HSraLLuNKw62f8iIvq+fIeTyh7GLhH3 DgJ/ZQwp4c4DjI1hiZZFT8VyxMCgs8BKGRAf69IW0bSRV/2ZPxv5tu9E9d4kGyaF/an2 onJGuHNq6hD90Aukcn48foP+T6SSxdTX8uavlUt4h6xd7CigdWJTqLoIv/lfRBha2SH4 +PcDIHZ9aH8f1KlXn2Yp2jU5ejyJGD+SwqUjLWZEtX8ZBe1T+uF3HYGE4nA3eP/KdhLG BCiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=oQxzCBvncWwKEr1jaMROUiPcwtGNmTTNLCla3c+790M=; b=nZX4/xrtLr6OSUiH2M1O2DNqV8JdTDeSBlMLGS9lmcmT3dKRLI5yDnQgivfByn1ZCf eW+M4HKt4G+mWCDEPtYXlCL8wJDEZN3S0UVXG/ZY2LdnVAzXQpCr8oBNXBE9l5llj5r6 GWxWQD9jqw+U3cTLY4mBf6Fbx3cKHKCR4hNMk1mX6AW7l2GoOtVeiOpRREyH4DovoUKM 5N2mPsVBZTZIEEbZYV4eu+SefVeUgmTK9EotiSemssTt8iMzEXDpo18zzRwgXm+LSQpE ZjoedYB8GFgk0/EcN7OhOPGcG1E1N7g/tzBipUazT32iPewmR/4mT6YebcKjoBjqIXvE FsfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=NvwRZopy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g15si2541487ejd.257.2020.09.29.06.34.14; Tue, 29 Sep 2020 06:34:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=NvwRZopy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729663AbgI2NaL (ORCPT + 99 others); Tue, 29 Sep 2020 09:30:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728695AbgI2NaL (ORCPT ); Tue, 29 Sep 2020 09:30:11 -0400 Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com [IPv6:2607:f8b0:4864:20::843]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 03C51C061755 for ; Tue, 29 Sep 2020 06:30:11 -0700 (PDT) Received: by mail-qt1-x843.google.com with SMTP id k25so3493889qtu.4 for ; Tue, 29 Sep 2020 06:30:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oQxzCBvncWwKEr1jaMROUiPcwtGNmTTNLCla3c+790M=; b=NvwRZopyBlKls40E7kZsnYwKZAhkWrrRZMJy/6GUk2JWOfE60HMcBTffGv0/OYPqFW Uf8slR2/IQw6IwEMK1i7nxHsMOogmwOByPcDcoP2GBUhti1qA0IPt3EAG3MZxxZUasnm ZEbVOBQh/+1UToDPCMsB9LPoIZrDpvZpOZA5sxucB5dcRU/eZpmPzzuAIEbK2rkzdt5j lW1nH/zyUoC3VB5cEmOVVijv2c3RUrP5PdultzLrM6KjhPf9rJXymiWvafxNnix0HEcQ tEvgC28UcTCvSaSuBhe/zJIrNGrO72A21x5sxoFps10HUPbMKd3zN9hwcZgOTBVNz7N2 43uw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oQxzCBvncWwKEr1jaMROUiPcwtGNmTTNLCla3c+790M=; b=BhNvwreYt2Rle+O3Ct6x1i65BDjyrMtzFv0E6BZ+X/zeD+7f3sulnpsdsjciXLSm3a VhVyIyJoajm5YCSJRBY4qmSoKC9LSLtlHNrm9wYhRWBGG7m2vAiaUBiV1YJq4iIw4o/K sNEIAvHf3eRHUylSFws/SPeO9MO1HvxqPLRi76MeUQI6O/s+EHzyitr7BZSZdXZFfZOy XIbcbO9vYY6Bn5GGP/Ss/m4/ZJv7PrsLhd6ELKVAOG9s3jqL+40sAlKvlJtMH9k7SsI9 DjEHRvs/VS38Rssf5Qp9hTKiGZWkoEiVoNQv0t2x2fMOHDMj7d9jwfPN8JtAc3mDz9j1 bQGQ== X-Gm-Message-State: AOAM532NL5b+V8rmIMHBblLHRLyBsCQJy/vY0Y4y5muV1jkzPNtGiJ+L F84SlYegugZO/y0JfiSQUDK7vP0d92gqBS5MvnkuCQ== X-Received: by 2002:aed:26a7:: with SMTP id q36mr3232229qtd.57.1601386209826; Tue, 29 Sep 2020 06:30:09 -0700 (PDT) MIME-Version: 1.0 References: <00000000000052569205afa67426@google.com> <20200927145737.GA4746@zn.tnic> <20200928083819.GD1685@zn.tnic> <20200928085401.GE1685@zn.tnic> <20200928202353.GI1685@zn.tnic> <20200929083336.GA21110@zn.tnic> In-Reply-To: <20200929083336.GA21110@zn.tnic> From: Dmitry Vyukov Date: Tue, 29 Sep 2020 15:29:58 +0200 Message-ID: Subject: Re: general protection fault in perf_misc_flags To: Borislav Petkov Cc: Alexander Potapenko , Marco Elver , syzbot , Arnaldo Carvalho de Melo , Alexander Shishkin , "H. Peter Anvin" , Jiri Olsa , LKML , Mark Rutland , Ingo Molnar , Namhyung Kim , Peter Zijlstra , syzkaller-bugs , Thomas Gleixner , "the arch/x86 maintainers" , clang-built-linux , syzkaller Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 29, 2020 at 10:33 AM Borislav Petkov wrote: > > On Mon, Sep 28, 2020 at 10:23:53PM +0200, Borislav Petkov wrote: > > 2020/09/28 22:21:01 VMs 3, executed 179, corpus cover 11792, corpus signal 10881, max signal 19337, crashes 0, repro 0 > > Ok, so far triggered two things: > > WARNING in f2fs_is_valid_blkaddr 1 2020/09/29 10:27 reproducing > WARNING in reiserfs_put_super 1 2020/09/28 22:42 > > you've probably seen them already. > > Anyway, next question. Let's say I trigger the corruption: is there a > way to stop the guest VM which has triggered it so that I'm able to > examine it with gdb? > > What about kdump? Can I dump the guest memory either with kdump or > through the qemu monitor (I believe there's a command to dump memory) so > that it can be poked at? > > Because as it is, we don't have a reproducer and as I see it, the fuzzing simply > gets restarted: > > 2020/09/29 10:27:03 vm-3: crash: WARNING in f2fs_is_valid_blkaddr > ... > 2020/09/29 10:27:05 loop: phase=1 shutdown=false instances=1/4 [3] repro: pending=0 reproducing=1 queued=1 > 2020/09/29 10:27:05 loop: starting instance 3 > > so it would be good to be able to say, when a vm encounters a crash, it > should be stopped immediately so that the guest can be examined through > qemu's gdb interface, i.e., > > -gdb tcp:: > > or so? Currently there is no such feature. I think some people did it because something similar was mentioned on the mailing IIRC, but I don't know how they did it, probably with some local code changes.