From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E575C433E0 for ; Thu, 11 Mar 2021 17:59:30 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9E53D64F94 for ; Thu, 11 Mar 2021 17:59:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9E53D64F94 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=KaRAfBub6k0o74Y1aJsWWe58aH+oZz7YCqNf/9Z9unI=; b=CrtQfVQdeCinpgp+X+pAxhgWP iu9bKpUNIGcx52PhhVkwu2vg9EmPPuENPPhSwCcCW18mmOahrScEpRYca4BZmh2bXxATb3hG8JJVQ Pm1ULzlWVM4kT+rAXBiwgjg9Zf8HK2u9gM35huXGAKqwVqHGZge2Gv4BjIxZ07yOZTuJUer0fkHh2 +pow8mQMyItsG52vWneiIMsqm4vU3DoJvY5oix5rHqmXYIOJuVHK9H26EHudzd6XIEiooHBgbX50s +0AU6fGLAAqVwMVI6+8SYq3VHW6rPrj9nT+q73SkFabedRMBW6bwEwESV7aw0JKTezeWYxt6nJ1gG KcZPFyd2g==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lKPZV-009mVb-W2; Thu, 11 Mar 2021 17:58:06 +0000 Received: from mail-qk1-x734.google.com ([2607:f8b0:4864:20::734]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lKPZR-009mUn-DI for linux-arm-kernel@lists.infradead.org; Thu, 11 Mar 2021 17:58:03 +0000 Received: by mail-qk1-x734.google.com with SMTP id f124so21531447qkj.5 for ; Thu, 11 Mar 2021 09:58:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=4WywUmoHmcIslZBfIAYNGcMCWLJTSJyqm2ax+ex3lZg=; b=hLfud36U62xFdRMVP0xJQ22zs0F3ZYICohff39RVC8U6/j3fdwTdV3rhrcta+nXsXg kTMA9KT93A4jRk9lqUweLLk6xHAKUjdTFbHFKK+zBOL0zZHQYzvdmeITdlKrgfx99mXg l2iPVHChfNZ8uJCygKlUwzz/RrHf20Dqkp/HDpmFaYY8UcQKensg9L1KoNz29je0O4cg 6rLjfOV9+zuVOlm8Otyjf+vrSE0RIBR63PrLmPZtHTYjzzT3XnyrVQX8B7HUj4rGIal6 07YUdh1GnA+yNXtwQQN/epEUYSRhxJYVlEgifAaCrlwxunn6q68UTP2qqnxzozD5Rzvc 1AvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=4WywUmoHmcIslZBfIAYNGcMCWLJTSJyqm2ax+ex3lZg=; b=aNhSsx9z7T4UYraFhV8NRqvxcCrrZDJJ3yvmidL1Gay/WvQTfvaxYORdEZ07sz9KQO blKSdjW/h6D5ZaWU/m/u2xZ1EGRG1HpYzfXgVtmaOFzXDuCZRxrtoaLPIAdWeBbQFh2u pY1QmNrT1TFR+JY1BpFAv/xF2KpRqdtKGINfggJ7nydYbraKJJKKB/YuCKK5VQfH76Pz SvVHnUrgC8/apQhyRydFbDLIPmfH1viHA0kXiaGfnzhX+mfaT6te42xwNJHuI7N/BfwV Vce7aWnJEdykoO9lYBUn/jVjKpbxOgJwmcpztwH5Lkw4w1vMnZWr6NnLAQ0qI1nJaAiJ YPGg== X-Gm-Message-State: AOAM5317pKNifwBMlJZN7/xq1T5GZV/szRTPNPdzkWctgY6UnYhDFvSs ggiwZDriwY4OnXzvHwTuTgvj1P/7pIWEN73ppTO7TA== X-Google-Smtp-Source: ABdhPJyD9GlghfhdZvjqLVxg9NP8v10ew6ZlbJtUFHlhDFYE1EejGkagEXTncqa00e89PsD9eSJiQospzRBBB0kNlwQ= X-Received: by 2002:a37:46cf:: with SMTP id t198mr8826556qka.265.1615485480009; Thu, 11 Mar 2021 09:58:00 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Dmitry Vyukov Date: Thu, 11 Mar 2021 18:57:48 +0100 Message-ID: Subject: Re: arm64 syzbot instances To: Arnd Bergmann Cc: Mark Rutland , Marc Zyngier , Will Deacon , Ard Biesheuvel , Linux ARM , syzkaller , LKML X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210311_175801_521702_1E5697FD X-CRM114-Status: GOOD ( 23.58 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Mar 11, 2021 at 2:30 PM Arnd Bergmann wrote: > > > > The instances found few arm64-specific issues that we have not > > observed on other instances: > > I've had a brief look at these: > > > https://syzkaller.appspot.com/bug?id=1d22a2cc3521d5cf6b41bd6b825793c2015f861f > > This one doesn't seem arm64 specific at all. While the KASAN report has shown > up on arm64, the link to > https://syzkaller.appspot.com/bug?id=aa8808729c0a3540e6a29f0d45394665caf79dca > seems to be for x86 machines running into the same problem. > > Looking deeper into the log, I see that fw_load_sysfs_fallback() finds > an existing > list entry on the global "pending_fw_head" list, which seems to have been freed > earlier (the allocation listed here is not for a firmware load, so presumably it > was recycled in the meantime). The log shows that this is the second time that > loading the regulatory database failed in that run, so my guess is that it was > the first failed load that left the freed firmware private data on the > list, but I > don't see how that happened. > > > https://syzkaller.appspot.com/bug?id=bb2c16b0e13b4de4bbf22cf6a4b9b16fb0c20eea > > This one rings a bell: opening a 8250 uart on a well-known port must fail > when no I/O ports are registered in the system, or when the PCI I/O ports > are mapped to an invalid area. > > It seems to be attempting a register access at I/O port '1' (virtual > address 0xfffffbfffe800001 is one byte into the well-known PCI_IOBASE), > which is an unusual place for a UART, traditional PCs had it at 0x3F8. > > This could be either a result of qemu claiming to support a PIO based UART > at the first available address, or the table of UARTS being uninitialized > .bss memory. > > Definitely an arm64 specific bug. I can reproduce this with just: #include #include #include #include #include int main(void) { int fd = syscall(__NR_openat, 0xffffffffffffff9cul, "/dev/ttyS3", 0ul, 0ul); char ch = 0; syscall(__NR_ioctl, fd, 0x5412, &ch); // TIOCSTI return 0; } It does not even do any tty setup... does it point to a qemu bug? _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel