On Sun, Nov 5, 2017 at 3:34 PM, Jon Maloy <jon.ma...@ericsson.com> wrote: > The problem was already known, but the solution is non-trivial, and needs > some more review and testing before I can submit it. > > ///Jon Maloy
Hi Jon, Thank you very much for actually bothering to reply with the dup command. But commands must be in email body, i.e.: #syz dup: general protection fault in __lock_acquire (2) I've updated the email template to clarify that it's meant to be email body to avoid confusion in future: https://github.com/google/syzkaller/commit/9547ae3a85db67e4d3abe9ee7782a41b782a7906 Please reply to the "general protection fault in __lock_acquire (2)" report with the fix command once there is a fixing commit for this. This will allow syzbot to understand when the commit reaches all of its trees and report similarly looking bugs in future. Thanks >> -----Original Message----- >> From: syzbot >> [mailto:bot+0cea668556ca5b811dc9725d82edbd87fea4defb@syzkaller.appsp >> otmail.com] >> Sent: Sunday, November 05, 2017 09:42 >> To: da...@davemloft.net; Jon Maloy <jon.ma...@ericsson.com>; linux- >> ker...@vger.kernel.org; netdev@vger.kernel.org; syzkaller- >> b...@googlegroups.com; tipc-discuss...@lists.sourceforge.net; Ying Xue >> <ying....@windriver.com> >> Subject: general protection fault in perf_trace_lock_acquire >> >> Hello, >> >> syzkaller hit the following crash on >> 5a3517e009e979f21977d362212b7729c5165d92 >> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master >> compiler: gcc (GCC) 7.1.1 20170620 >> .config is attached >> Raw console output is attached. >> >> >> >> >> R10: 0000000020ed7fe4 R11: 0000000000000212 R12: 00000000004b7550 >> R13: 00007f1a861ffb58 R14: 00000000004b7560 R15: 0000000000000000 >> Subscriber rejected, no memory >> kasan: CONFIG_KASAN_INLINE enabled >> kasan: GPF could be caused by NULL-ptr deref or user memory access >> general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: >> (ftrace buffer empty) >> Modules linked in: >> CPU: 1 PID: 518 Comm: syz-executor4 Not tainted 4.14.0-rc7-next-20171103+ >> #38 >> Hardware name: Google Google Compute Engine/Google Compute Engine, >> BIOS Google 01/01/2011 >> task: ffff8801c558a180 task.stack: ffff8801d9650000 >> RIP: 0010:perf_trace_lock_acquire+0xc0/0x980 >> include/trace/events/lock.h:13 >> RSP: 0018:ffff8801d9657668 EFLAGS: 00010002 >> RAX: 0000000000000007 RBX: 1ffff1003b2caed7 RCX: 0000000000000000 >> RDX: dffffc0000000000 RSI: 0000000000000020 RDI: ffffffff85f24de0 >> RBP: ffff8801d9657840 R08: 0000000000000000 R09: 0000000000000020 >> R10: dffffc0000000000 R11: ffffffff8154c3e0 R12: ffff8801d9657818 >> R13: 0000000000000000 R14: ffffffff85f24de0 R15: 0000000000000001 >> FS: 00007f1a86200700(0000) GS:ffff8801db300000(0000) >> knlGS:0000000000000000 >> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> CR2: 00000000004d4a84 CR3: 00000001ce90c000 CR4: 00000000001406e0 >> DR0: 0000000020000000 DR1: 0000000000000000 DR2: 0000000000000000 >> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call >> Trace: >> trace_lock_acquire include/trace/events/lock.h:13 [inline] >> lock_acquire+0x394/0x580 kernel/locking/lockdep.c:4003 >> __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] >> _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:174 >> spin_lock_bh include/linux/spinlock.h:320 [inline] >> tipc_subscrb_subscrp_delete+0x8f/0x480 net/tipc/subscr.c:201 >> tipc_subscrb_delete net/tipc/subscr.c:238 [inline] >> tipc_subscrb_release_cb+0x17/0x30 net/tipc/subscr.c:316 >> tipc_close_conn+0x171/0x270 net/tipc/server.c:204 >> tipc_topsrv_kern_subscr+0x724/0x810 net/tipc/server.c:514 >> tipc_group_create+0x702/0x9c0 net/tipc/group.c:184 >> tipc_sk_join net/tipc/socket.c:2747 [inline] >> tipc_setsockopt+0x249/0xc10 net/tipc/socket.c:2861 >> SYSC_setsockopt net/socket.c:1851 [inline] >> SyS_setsockopt+0x189/0x360 net/socket.c:1830 >> entry_SYSCALL_64_fastpath+0x1f/0xbe >> RIP: 0033:0x452869 >> RSP: 002b:00007f1a861ffbe8 EFLAGS: 00000212 ORIG_RAX: 0000000000000036 >> RAX: ffffffffffffffda RBX: 00000000007580d8 RCX: 0000000000452869 >> RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000014 >> RBP: 0000000000000086 R08: 000000000000001c R09: 0000000000000000 >> R10: 0000000020ed7fe4 R11: 0000000000000212 R12: 00000000004b7550 >> R13: 00007f1a861ffb58 R14: 00000000004b7560 R15: 0000000000000000 >> Code: c7 40 1c 00 f2 f2 f2 c7 40 20 f2 f2 f2 f2 c7 40 24 00 f2 f2 f2 c7 40 >> 28 f3 f3 f3 f3 48 8d 46 18 48 89 85 70 fe ff ff 48 c1 e8 03 <80> 3c 10 00 0f >> 85 da >> 04 00 00 49 8b 79 18 48 85 ff 0f 84 62 04 >> RIP: perf_trace_lock_acquire+0xc0/0x980 include/trace/events/lock.h:13 >> RSP: >> ffff8801d9657668 >> ---[ end trace 2fd434e3de3d34c0 ]--- >> >> >> --- >> This bug is generated by a dumb bot. It may contain errors. >> See https://goo.gl/tpsmEJ for details. >> Direct all questions to syzkal...@googlegroups.com. >> Please credit me with: Reported-by: syzbot <syzkal...@googlegroups.com> >> >> syzbot will keep track of this bug report. >> Once a fix for this bug is committed, please reply to this email with: >> #syz fix: exact-commit-title >> To mark this as a duplicate of another syzbot report, please reply with: >> #syz dup: exact-subject-of-another-report If it's a one-off invalid bug >> report, >> please reply with: >> #syz invalid >> Note: if the crash happens again, it will cause creation of a new bug report. >> Note: all commands must start from beginning of the line. > > -- > You received this message because you are subscribed to the Google Groups > "syzkaller-bugs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to syzkaller-bugs+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/syzkaller-bugs/AM4PR07MB1714FB33E9D7CA86551E193D9A530%40AM4PR07MB1714.eurprd07.prod.outlook.com. > For more options, visit https://groups.google.com/d/optout.
