From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752275AbdJTPPS (ORCPT ); Fri, 20 Oct 2017 11:15:18 -0400 Received: from mail-it0-f68.google.com ([209.85.214.68]:56032 "EHLO mail-it0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751694AbdJTPPR (ORCPT ); Fri, 20 Oct 2017 11:15:17 -0400 X-Google-Smtp-Source: ABhQp+TgE2GsTX5jHFknrKxaBWFGNUjsU48CWtm1dH8rzlnbqvCqYTktIA/ljQN/dc+6zpu+QD2QxHDJJZAno6V+9Fc= MIME-Version: 1.0 In-Reply-To: <960D71EC-C1E9-4898-ACBE-543FC09483FF@gmail.com> References: <20171020111408.edj24tztxdptte5r@lakrids.cambridge.arm.com> <960D71EC-C1E9-4898-ACBE-543FC09483FF@gmail.com> From: Dmitry Vyukov Date: Fri, 20 Oct 2017 17:14:55 +0200 Message-ID: Subject: Re: v4.14-rc3/arm64 DABT exception in atomic_inc() / __skb_clone() To: Wei Wei Cc: Mark Rutland , linux-arm-kernel@lists.infradead.org, LKML , netdev , Eric Dumazet , David Miller , Willem de Bruijn , syzkaller Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v9KFFPaW015997 On Fri, Oct 20, 2017 at 4:40 PM, Wei Wei wrote: > Sadly, the syzkaller characterized it as a non-reproducible bug and there were empty > repro files. But if manually executing in VM like this “./syz-execprog -executor= > ./syz-executor -repeat=0 -procs=16 -cover=0 crash-log”, it crashed when executing exactly > program 1056 using log0 provided. > > I failed to generate the C reproducer with syz-repro as it said “no target compiler” > in the final step. I would appreciate if you could give some hints. syzkaller tries to use aarch64-linux-gnu-gcc when cross-compiling to arm64: https://github.com/google/syzkaller/blob/master/sys/targets/targets.go#L62 Try to install g++-aarch64-linux-gnu. Or how should it be done on your system? > Thanks, > Wei >> On 20 Oct 2017, at 7:14 AM, Mark Rutland wrote: >> >> On Thu, Oct 19, 2017 at 10:16:08PM -0400, Wei Wei wrote: >>> Hi all, >> >> Hi, >> >>> I have fuzzed v4.14-rc3 using syzkaller and found a bug similar to that one [1]. >>> But the call trace isn’t the same. The atomic_inc() might handle a corrupted >>> skb_buff. >>> >>> The logs and config have been uploaded to my github repo [2]. >>> >>> [1] https://lkml.org/lkml/2017/10/2/216 >>> [2] https://github.com/dotweiba/skb_clone_atomic_inc_bug >> >> These do look very similar to what I was hitting; all appear to be >> misaligned atomics in the same path. >> >> I see that you have some empty repro files in [2]. If you have any >> reproducers, would you mind sharing them? >> >> If any of those are smaller or more reliable than the one I was able to >> generate [3], it might make it more obvious what's going on, and/or make >> it simpler to come up with a plain C reproducer. >> >> Thanks, >> Mark. >> >> [3] https://www.kernel.org/pub/linux/kernel/people/mark/bugs/20171002-skb_clone-misaligned-atomic/syzkaller.repro > > -- > You received this message because you are subscribed to the Google Groups "syzkaller" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. From mboxrd@z Thu Jan 1 00:00:00 1970 From: dvyukov@google.com (Dmitry Vyukov) Date: Fri, 20 Oct 2017 17:14:55 +0200 Subject: v4.14-rc3/arm64 DABT exception in atomic_inc() / __skb_clone() In-Reply-To: <960D71EC-C1E9-4898-ACBE-543FC09483FF@gmail.com> References: <20171020111408.edj24tztxdptte5r@lakrids.cambridge.arm.com> <960D71EC-C1E9-4898-ACBE-543FC09483FF@gmail.com> Message-ID: To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Fri, Oct 20, 2017 at 4:40 PM, Wei Wei wrote: > Sadly, the syzkaller characterized it as a non-reproducible bug and there were empty > repro files. But if manually executing in VM like this ?./syz-execprog -executor= > ./syz-executor -repeat=0 -procs=16 -cover=0 crash-log?, it crashed when executing exactly > program 1056 using log0 provided. > > I failed to generate the C reproducer with syz-repro as it said ?no target compiler? > in the final step. I would appreciate if you could give some hints. syzkaller tries to use aarch64-linux-gnu-gcc when cross-compiling to arm64: https://github.com/google/syzkaller/blob/master/sys/targets/targets.go#L62 Try to install g++-aarch64-linux-gnu. Or how should it be done on your system? > Thanks, > Wei >> On 20 Oct 2017, at 7:14 AM, Mark Rutland wrote: >> >> On Thu, Oct 19, 2017 at 10:16:08PM -0400, Wei Wei wrote: >>> Hi all, >> >> Hi, >> >>> I have fuzzed v4.14-rc3 using syzkaller and found a bug similar to that one [1]. >>> But the call trace isn?t the same. The atomic_inc() might handle a corrupted >>> skb_buff. >>> >>> The logs and config have been uploaded to my github repo [2]. >>> >>> [1] https://lkml.org/lkml/2017/10/2/216 >>> [2] https://github.com/dotweiba/skb_clone_atomic_inc_bug >> >> These do look very similar to what I was hitting; all appear to be >> misaligned atomics in the same path. >> >> I see that you have some empty repro files in [2]. If you have any >> reproducers, would you mind sharing them? >> >> If any of those are smaller or more reliable than the one I was able to >> generate [3], it might make it more obvious what's going on, and/or make >> it simpler to come up with a plain C reproducer. >> >> Thanks, >> Mark. >> >> [3] https://www.kernel.org/pub/linux/kernel/people/mark/bugs/20171002-skb_clone-misaligned-atomic/syzkaller.repro > > -- > You received this message because you are subscribed to the Google Groups "syzkaller" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe at googlegroups.com. > For more options, visit https://groups.google.com/d/optout.