Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp1141375pxf; Fri, 12 Mar 2021 03:01:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJwGd0+lW9ewngwjcCyGOyuxXh+kuT2DjGyZdWCzzIxwRDWsae7ce3RZ4JMdMM5nPXLUYFWW X-Received: by 2002:a17:906:381a:: with SMTP id v26mr7732382ejc.346.1615546870145; Fri, 12 Mar 2021 03:01:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615546870; cv=none; d=google.com; s=arc-20160816; b=mEUzpnKoX4qxEUIi+ACQ9FT2CW8a1Ho86EK6Ugl8/tKg1LCeBwMuIwOHbe8zz2Drpz pYb1uM/l2lMogg0Kw/Tsr4NBmDCBFiOt+7KF48IHAGMbCku1SlJCqM72lMNxJ4QIcT1M tjowEcsNs29nGXwef0l+zM0GvMJ4jNzFWcixI5ZxqPAClG4vyiY7RkQ8ECJVasuG7btI BzppKZHdMvQ9lE5MW1NwbuUrj2UdHF0hRJFDQbLv3qtZ9XshD5FDIX8wwC/zRA99kyew HBV4dBWRex/h2eesYfai4bhLe7GabuJdmztos1+TKFLsH3mpRnfLM3NlVuUTjHKOVByt F7HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=znud1Nr9yE8IpPd+dyG1z1NwZbu5Vx3wnftSO/9UZHs=; b=LY+xmnwK5kXiVJKu9zLN1rZp+JpZZ46r/gGRoLf76T70Sx+1PcbO8A0evau6/qtWb0 yoYEcqHseKI3YX69HydnXjlcaAgeu0NGdAU9KFG4tT41wn1mtW00+MDsxEgRTIQtONF9 87cMqLVLzAZp+m8C2ql25R3puQWFm2kh94ljV7FmudOHfrkmKPuF0D53W34GnuZfJjGe zjd9wkWnaRbA85qTU+Y4hq/zDqOrD9AeLfQfOZ+20oRYArbK3/TiwHgzmd4NCZsjBBFB rJ+aErU6syV8QYHQhD6jBe6PCDxhp8q9jJfTYMXqK0vRxrJXGlhGiQUBB0OuLoC8MD4F twKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PQerAUBW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i25si3721801ejf.656.2021.03.12.03.00.47; Fri, 12 Mar 2021 03:01:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=PQerAUBW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233894AbhCLK5A (ORCPT + 99 others); Fri, 12 Mar 2021 05:57:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234010AbhCLK4y (ORCPT ); Fri, 12 Mar 2021 05:56:54 -0500 Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com [IPv6:2607:f8b0:4864:20::833]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 819A1C061574 for ; Fri, 12 Mar 2021 02:56:53 -0800 (PST) Received: by mail-qt1-x833.google.com with SMTP id c6so3386628qtc.1 for ; Fri, 12 Mar 2021 02:56:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=znud1Nr9yE8IpPd+dyG1z1NwZbu5Vx3wnftSO/9UZHs=; b=PQerAUBWlANgDRrqhYafbiOLT/jF2Ixyru8fv3NOALe4M9MGDv2J3mIvJLZg0NJm1p +q7dUdkOGtzE5kN/MvZIfJ4ORZFMHPsM2ZeNwiw8CoGxAAOWiKyfRmApzK4v9hEfXs3o dL2VCoxGuAY/JHhZ41hBOzR5O8MD1uEcwVNXrylge+WxCi9m+Qdf2acDtRt4dhxn4sV/ ptgOGPVxLDjsLORb27IomD1lAUHF90EIyaIyJjXU1eMCDeolTTdpIJbsPkujfgorUS7N NohNLh3Mj3iDM86dkUeELZPuTOIHNpIF9DybcE336dJMERAQRfYodtWNQSIYKYNOH8gX 26vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=znud1Nr9yE8IpPd+dyG1z1NwZbu5Vx3wnftSO/9UZHs=; b=Me/pUiVyrtg+VNut0oZb/AE9e6/bkg06YU84QUvEdBsI0cXWs/WVtkNUvjHEqudVQp oigvDEHq4l2uhFTNVmpMRQWIEs2qhZ4sjoATKcvZ9/JiO+zsWhR38TkRfIq7BBJdskiC EpjvzadZZD2d9rbG32E4/AsuNHKuDK/xF1TXkKWwAnuike4EjHZJHtN2rEm+81tgqC0B vn3+nt4A3SsXtsvy8mVyX3bi07jSoffTE0t5cYRYrzniyolvpauveKnaMrkRrMKlpKBm Dni9jpfoDu81VIfpJKth11CFDX/IUi1PT4mEYOv96RSVnFCaMFJPQKWMBgr+i09F7cQA aovg== X-Gm-Message-State: AOAM530yYghR2E+smb0rkxGZaYG6ZEwNrF2DLr/zaEeznTDmEkS3grhz 6W+VSunEDwbUa2bZF6hKGBckbz3oLr6MhbYnmrXOWg== X-Received: by 2002:ac8:4558:: with SMTP id z24mr189382qtn.66.1615546612521; Fri, 12 Mar 2021 02:56:52 -0800 (PST) MIME-Version: 1.0 References: <0000000000009bbb7905b9e4a624@google.com> <20210127171453.GC358@willie-the-truck> <20210127173446.GE358@willie-the-truck> In-Reply-To: <20210127173446.GE358@willie-the-truck> From: Dmitry Vyukov Date: Fri, 12 Mar 2021 11:56:40 +0100 Message-ID: Subject: Re: WARNING in __do_kernel_fault To: Will Deacon Cc: syzbot , Dave Martin , Catalin Marinas , Linux ARM , LKML , Mark Rutland , syzkaller-bugs , Andrey Konovalov Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 27, 2021 at 6:34 PM Will Deacon wrote: > > On Wed, Jan 27, 2021 at 06:24:22PM +0100, Dmitry Vyukov wrote: > > On Wed, Jan 27, 2021 at 6:15 PM Will Deacon wrote: > > > > > > On Wed, Jan 27, 2021 at 06:00:30PM +0100, Dmitry Vyukov wrote: > > > > On Wed, Jan 27, 2021 at 5:56 PM syzbot > > > > wrote: > > > > > > > > > > Hello, > > > > > > > > > > syzbot found the following issue on: > > > > > > > > > > HEAD commit: 2ab38c17 mailmap: remove the "repo-abbrev" comment > > > > > git tree: upstream > > > > > console output: https://syzkaller.appspot.com/x/log.txt?x=15a25264d00000 > > > > > kernel config: https://syzkaller.appspot.com/x/.config?x=ad43be24faf1194c > > > > > dashboard link: https://syzkaller.appspot.com/bug?extid=45b6fce29ff97069e2c5 > > > > > userspace arch: arm64 > > > > > > > > > > Unfortunately, I don't have any reproducer for this issue yet. > > > > > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > > > Reported-by: syzbot+45b6fce29ff97069e2c5@syzkaller.appspotmail.com > > > > > > > > This happens on arm64 instance with mte enabled. > > > > There is a GPF in reiserfs_xattr_init on x86_64 reported: > > > > https://syzkaller.appspot.com/bug?id=8abaedbdeb32c861dc5340544284167dd0e46cde > > > > so I would assume it's just a plain NULL deref. Is this WARNING not > > > > indicative of a kernel bug? Or there is something special about this > > > > particular NULL deref? > > > > > > Congratulations, you're the first person to trigger this warning! > > > > > > This fires if we take an unexpected data abort in the kernel but when we > > > get into the fault handler the page-table looks ok (according to the CPU via > > > an 'AT' instruction). Are you using QEMU system emulation? Perhaps its > > > handling of AT isn't quite right. > > > > Yes, it's qemu-system-aarch64 5.2 with -machine virt,mte=on -cpu max. > > Do you see any way forward for this issue? Can somehow prove/disprove > > it's qemu at fault? > > The instance just started running, but it seems to be the most common > > crash so far and it seems to happen on _all_ gpf's. > > You can see all arm64 crashes so far here: > > https://syzkaller.appspot.com/upstream?manager=ci-qemu2-arm64-mte > > They all happen in reiserfs_security_init, but locally I got a bunch > > of different stacks, e.g.: > > Your best bet is to hack is_spurious_el1_translation_fault() to dump addr, > es and par, then we can help decipher the logs here. It could also easily be > a bug in that code, since it hasn't been run before (well, other than > contrived testing when I wrote it). Should dumping of addr/es/par be included into mainline kernel code if this WARNING is not decipherable without this info? Also, Andrey localized this to mte=on,virtualization=on combination, does this point towards qemu bug?