Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp638641pxb; Wed, 27 Jan 2021 17:39:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJwIC3fZYzFAhciocDafLhsUOK1rgWbHU1AeSq1TRDxpqvBmeeKIl8j1gAB52XFLPSj5gRpN X-Received: by 2002:a17:906:e98:: with SMTP id p24mr3844899ejf.67.1611797958606; Wed, 27 Jan 2021 17:39:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611797958; cv=none; d=google.com; s=arc-20160816; b=yiooyQvkhr6dNdnjZF4YY01VWnUPsBFI3O7lEzn3dV0VGna5K0FW4JK78dSsTBy/1W Az51oc6vB+rfbYiaRhnmOoAtbG7Q+v+sgqD3XJI+A6Djic5P+gbtC2J3f0t/dWyEwavD 8rPiI6aL35XKgAll0vCL2qWQBdhVcsfOWLXeXnpfWqRrrxks73jzWC722r9kTV9NYYMq PzQKl9eEVWmLWr8GNbZhyyj7gG/QQJwN+xeGc4VAbWYnzYPISii+SsFdFQve4D5d7bx5 WM3nOnhT6HAVngwPqgBUeiEuDu9ZarliA5rL+8ClobILFdKP+ZqHMF0auyIu9143c/oA y08w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=mdl713s/21KiGyh/DTXFNyf+tvozyDwj9ae9RDlS6aw=; b=qaO636CU+porvH2Y4O9fiLXNCJNCYGdA4ckdNQvJUDz68L7XeZoPGZ2HSXy+UFZT+w T8ijvXFTBJK6EmVUKyg3yTIxrQe/NAwBy4mjayDao8DEKTaQIqUEtY9PSGBTH5F3c4td WBf7i3rqpAhGQI9VJEk67ZXQqoPxpHsi/kyi3C3B6UEp74y+pfErpDlQwzDSn8flXEF3 4d0OuO2NhBzamBHxlmKpPxkLGO6wJDEhxDyfMzBCFdo6hmzgNNp+wMcEI+YQ1FCdVrkx /uLa3CtkcrP1QVwKnaV/QTztTnXpEJfKfJKPeDphIjCu4hUiA+wZr3FPFlZKqXK1v8Dl gg9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XzAKeNrq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e9si1945155edv.222.2021.01.27.17.38.53; Wed, 27 Jan 2021 17:39:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XzAKeNrq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231602AbhA0S5t (ORCPT + 99 others); Wed, 27 Jan 2021 13:57:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231132AbhA0S5s (ORCPT ); Wed, 27 Jan 2021 13:57:48 -0500 Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0D3AC061573 for ; Wed, 27 Jan 2021 10:57:07 -0800 (PST) Received: by mail-qt1-x82f.google.com with SMTP id e15so2198792qte.9 for ; Wed, 27 Jan 2021 10:57:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mdl713s/21KiGyh/DTXFNyf+tvozyDwj9ae9RDlS6aw=; b=XzAKeNrqFOuaPBSSM/RreTfJuczOhVS0Z2FAKftgmwEsY7l6P6DLJSRNSKyBRQivDd UnugyZFEtIST2Llgtsh0M0YpXdh0A5yR9AST2/W3BQgJW9zsM9/5usouZLO48tTN3nkP d6mcEoGxOwXCKYWOwzPPFoOSZNujHIrdYrpiufb1DDwc17R4ksutz+Ne45PWf6p8QO0c yX4XCOBl9xM6KLna7NW8e69OaAUD2q11AxVtgEt10/BlHGbZLdsFIapasgCSX3hZ1/i/ Ym4dtZyXSheOWjFR3HtvVEL4YxRYX15Kmh0nwtA5N5Mf/9AbGys0sTzm4qFzD5P0U1Jg qVTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mdl713s/21KiGyh/DTXFNyf+tvozyDwj9ae9RDlS6aw=; b=fQ0drfNAox27eTyVBeytni1AT5twehcbcyi/MYnsv1kq+92ZJfzk6L+RntAs952Ec6 BTZHeLT5goMLB+7R9nyu3TVzVnJyR4JMVT0Oikv7MCHq2PEl/9un0YmpILQ0lF5zS0mW tErxDUoskVjSlWU2sUXJjRXRltVh4s5+w8hrtyTCtMNRxpeNRiPjLyWfcUtPw1rvOIC7 Mjg3sa3rTTZ3YZHBotIKN2Oj/Qtv+EOgwdqKuelpsBuXtocIlFadB7CIL2L3OaMGPrjD pMVMyehbM2qJDq3TYdQ1m4Je4twgD5Do25qUTUVp+6Qyo8bPLP1wSQSR2QVdQRzGOn6o zCKA== X-Gm-Message-State: AOAM533wEzJcmFanjMkAkjRBmOUcdviudv4FVawbFkYLcFjO16nBfrDO IpjkKsZa+AQnyA4hxYSBCLl6zK5Q9iQ7X4LgBTH+tA== X-Received: by 2002:ac8:66c9:: with SMTP id m9mr422359qtp.43.1611773826679; Wed, 27 Jan 2021 10:57:06 -0800 (PST) MIME-Version: 1.0 References: <0000000000009bbb7905b9e4a624@google.com> <20210127171453.GC358@willie-the-truck> In-Reply-To: From: Dmitry Vyukov Date: Wed, 27 Jan 2021 19:56:55 +0100 Message-ID: Subject: Re: WARNING in __do_kernel_fault To: Andrey Konovalov Cc: Will Deacon , syzbot , Dave Martin , Catalin Marinas , Linux ARM , LKML , Mark Rutland , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 27, 2021 at 7:46 PM 'Andrey Konovalov' via syzkaller-bugs wrote: > > On Wed, Jan 27, 2021 at 6:24 PM Dmitry Vyukov wrote: > > > > On Wed, Jan 27, 2021 at 6:15 PM Will Deacon wrote: > > > > > > On Wed, Jan 27, 2021 at 06:00:30PM +0100, Dmitry Vyukov wrote: > > > > On Wed, Jan 27, 2021 at 5:56 PM syzbot > > > > wrote: > > > > > > > > > > Hello, > > > > > > > > > > syzbot found the following issue on: > > > > > > > > > > HEAD commit: 2ab38c17 mailmap: remove the "repo-abbrev" comment > > > > > git tree: upstream > > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=15a25264d00000 > > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=ad43be24faf1194c > > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=45b6fce29ff97069e2c5 > > > > > userspace arch: arm64 > > > > > > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > > > Reported-by: syzbot+45b6fce29ff97069e2c5@syzkaller.appspotmail.com > > > > > > > > This happens on arm64 instance with mte enabled. > > > > There is a GPF in reiserfs_xattr_init on x86_64 reported: > > > > https://syzkaller.appspot.com/bug?id=8abaedbdeb32c861dc5340544284167dd0e46cde > > > > so I would assume it's just a plain NULL deref. Is this WARNING not > > > > indicative of a kernel bug? Or there is something special about this > > > > particular NULL deref? > > > > > > Congratulations, you're the first person to trigger this warning! > > > > > > This fires if we take an unexpected data abort in the kernel but when we > > > get into the fault handler the page-table looks ok (according to the CPU via > > > an 'AT' instruction). Are you using QEMU system emulation? Perhaps its > > > handling of AT isn't quite right. > > > > Hi Will, > > > > Yes, it's qemu-system-aarch64 5.2 with -machine virt,mte=on -cpu max. > > Do you see any way forward for this issue? Can somehow prove/disprove > > it's qemu at fault? > > I've reproduced this crash (by taking [1] and changing > sys_memfd_create to 279), but it manifests as a normal null-ptr-deref > for me. I'm using the latest QEMU master. Which QEMU does syzbot use > exactly? qemu-system-aarch64 5.2 from this container: https://github.com/google/syzkaller/blob/master/tools/docker/syzbot/Dockerfile you can get a prebuilt version with: docker pull gcr.io/syzkaller/syzbot > [1] https://syzkaller.appspot.com/text?tag=ReproC&x=14d3621cd00000 > > -- > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAAeHK%2ByWe_GRDi8j7aPZAauTrfdjgYpYoj9F_KrsG3vtHDwTsw%40mail.gmail.com.