From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D62DC433DB for ; Thu, 11 Mar 2021 13:32:05 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A65BB64ED1 for ; Thu, 11 Mar 2021 13:32:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A65BB64ED1 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arndb.de Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=9HivCB54DH/HJk+fp6gKFm+D7jiD9+kv0bIyOcsgnVA=; b=T39jXUTJcYkZC39bmS9UftcIY nonU34Sw7+gQnXT4g2VOu64/aP9GXJpT4JoxtT3V5oOOtzw/M5LOfKQ/J+FHIyDe68qYYiaw95mPb YfAACUj1IlReJlpCAcSz2htvvWpO2TQvCm5m4oNxwt31pKT6NOSAzLUuU/4BaLKadNZYR48ScXBfX HU6zb9JiFi6KRpBkSVh2JD1wlikPSBXg7kI5L6o2y5ODsh6PdfwsuZItVTTqXUGHGf6g7SjVZurwK kK5aXxbeTGWxMWsiVFbtvzSW6pm5j+jNjShMLAIpOQhORjUazkhUkwf1c9uuxBDyJCkMgEMFQwXIi Et8Lm0DRQ==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lKLOV-009Do4-BJ; Thu, 11 Mar 2021 13:30:27 +0000 Received: from mout.kundenserver.de ([212.227.126.131]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lKLOR-009DnH-6n for linux-arm-kernel@lists.infradead.org; Thu, 11 Mar 2021 13:30:25 +0000 Received: from mail-ot1-f45.google.com ([209.85.210.45]) by mrelayeu.kundenserver.de (mreue009 [213.165.67.97]) with ESMTPSA (Nemesis) id 1MRCFw-1l8Igq165E-00NB2b for ; Thu, 11 Mar 2021 14:30:20 +0100 Received: by mail-ot1-f45.google.com with SMTP id r24so1428286otp.12 for ; Thu, 11 Mar 2021 05:30:19 -0800 (PST) X-Gm-Message-State: AOAM5303H1gwmPH2C5qAiVCqJs+qqmdwBtpSPYG8rhWW6GO+MFIvnIRH gwreSlRJCv3/AlGMXBSQCPhB76ZbOKehJ3CHvrI= X-Google-Smtp-Source: ABdhPJymJfvkqhsENJytHtyhy6y8b5actQdcwjySPRN08LMSa8kvGEpzyFf8CrwqONTlnOL2eXvcvSlTLpRKBcQsagg= X-Received: by 2002:a05:6830:14c1:: with SMTP id t1mr6862240otq.305.1615469418444; Thu, 11 Mar 2021 05:30:18 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Arnd Bergmann Date: Thu, 11 Mar 2021 14:30:01 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: arm64 syzbot instances To: Dmitry Vyukov Cc: Mark Rutland , Marc Zyngier , Will Deacon , Ard Biesheuvel , Linux ARM , syzkaller , LKML X-Provags-ID: V03:K1:8CKWBQcuPqpXZ0Kgyk6nw+xi1Lr76BQV15YTe49VKeZqynx28TP AArO5E+Jwy8JkrWsrUfegmKJfhA4B1QCM+ygkBqx4Mrl/Vysa34xUoGYwhrXMC0P5peCGa7 qb0ptSNMorZ/2D+O328d9J+aPDeSBbbIgCZyX+NhvYiKyv7niaPhrOeCczMcWcB3Nw4VzQJ rYImz+eRjSrznA4htL3rg== X-UI-Out-Filterresults: notjunk:1;V03:K0:aXcR7Qq/aLI=:HFwJxvmGw+VIP5F6DfxJ+6 w+uFhz2vCwYujmLKLJfDc24GvDdCi/86+EXDyQlbANjT3zt52OuOh5QITxoUDNV81ONeyZxrn uSLK7ykaAQe4w11sXWk/cJxjR7UgwldBgWGvcgADHv8M4qBDl0We49n+X6/R30YCT3WtZjoKv XGQEB0LYW3z/xj6/LdPflEE5mjaSymXaBjnes59f756LzQmpcvJHsznWhz9y3y2GEbmBTrwCW zGvGeuE9VLfEyFx9J6klMVWeqdcANweWsd6jNBV3gBoFXYZZDq31SUgBvTT0G1uTxqMiFIqyF NHCsxkWDZKp54RbnH9I1Lc+6FS+zT8G0ZVxLWiei7hNt5KsSglFPk/pwli0cymBUKMKKvB6E2 sdmYZWqff6/f79eqEay/5eWn0QbAPlFjUf+DfZ+EwdQOyod0JFlWH4bonocbRyV7H5kLKzOoD 7gme3TFLqmcOpP966xYVLV+BMgveP+XAm2fPTh8tqjG340XmNGScWSUCd9UC9Rfl5HGWRj9VI TfUPKnqA17CJz9N/yhFe4dYOSQyM+dwiaP6m2pqKUfCBPE/ysT1TJjLch9CdhdrTg== X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210311_133023_390160_9601FFE1 X-CRM114-Status: GOOD ( 21.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Mar 11, 2021 at 12:38 PM Dmitry Vyukov wrote: > > The instances found few arm64-specific issues that we have not > observed on other instances: I've had a brief look at these: > https://syzkaller.appspot.com/bug?id=1d22a2cc3521d5cf6b41bd6b825793c2015f861f This one doesn't seem arm64 specific at all. While the KASAN report has shown up on arm64, the link to https://syzkaller.appspot.com/bug?id=aa8808729c0a3540e6a29f0d45394665caf79dca seems to be for x86 machines running into the same problem. Looking deeper into the log, I see that fw_load_sysfs_fallback() finds an existing list entry on the global "pending_fw_head" list, which seems to have been freed earlier (the allocation listed here is not for a firmware load, so presumably it was recycled in the meantime). The log shows that this is the second time that loading the regulatory database failed in that run, so my guess is that it was the first failed load that left the freed firmware private data on the list, but I don't see how that happened. > https://syzkaller.appspot.com/bug?id=bb2c16b0e13b4de4bbf22cf6a4b9b16fb0c20eea This one rings a bell: opening a 8250 uart on a well-known port must fail when no I/O ports are registered in the system, or when the PCI I/O ports are mapped to an invalid area. It seems to be attempting a register access at I/O port '1' (virtual address 0xfffffbfffe800001 is one byte into the well-known PCI_IOBASE), which is an unusual place for a UART, traditional PCs had it at 0x3F8. This could be either a result of qemu claiming to support a PIO based UART at the first available address, or the table of UARTS being uninitialized .bss memory. Definitely an arm64 specific bug. > https://syzkaller.appspot.com/bug?id=b75386f45318ec181b7f49260d619fac9877d456 A freed entry on the timer list caused a bug when adding another entry. The allocation from alloc_fdtable does not seem to be the one at fault, as the fdtable does not contain a timer. Several of the linked kasan reports point to ext4_fill_super() as the code that allocated and freed the timer list entry, so it's possible that this is the same timer that later fails to be inserted if we ever get to kfree(sbi) without killing the timer first. I don't see how that could happen, but the code was recently rewritten in c92dc856848f ("ext4: defer saving error info from atomic context") > https://syzkaller.appspot.com/bug?id=5a1bc29bca656159f95c7c8bb30e3776ca860332 I see that reiserfs_xattr_jcreate_nblocks() is dereferencing a NULL inode pointer -- inode->i_sb has offset 0x30. However, that doesn't make any sense with the call chain, as the pointer was newly allocated and checked for NULL. Arnd _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel