From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752955AbdKFMhG (ORCPT <rfc822;w@1wt.eu>);
        Mon, 6 Nov 2017 07:37:06 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:47452 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752369AbdKFMhF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 6 Nov 2017 07:37:05 -0500
Date: Mon, 6 Nov 2017 13:37:17 +0100
From: Greg KH <gregkh@linuxfoundation.org>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Eric Biggers <ebiggers3@gmail.com>,
        syzbot 
        <bot+57840b4d2cc5c46981d5b9e07c9b7b06d5bcf064@syzkaller.appspotmail.com>,
        Jiri Slaby <jslaby@suse.com>, LKML <linux-kernel@vger.kernel.org>,
        syzkaller-bugs@googlegroups.com
Subject: Re: kernel panic: n_tty: init_tty
Message-ID: <20171106123717.GA15251@kroah.com>
References: <94eb2c0630b4161a5e055d38a2e3@google.com>
 <20171105103434.GC1487@kroah.com>
 <20171105220439.GA11631@zzz.localdomain>
 <CACT4Y+ad-sBpXU0ToZ1Fa_e8GfcY2_wBA0Ao=sGx8H1OBxLawQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACT4Y+ad-sBpXU0ToZ1Fa_e8GfcY2_wBA0Ao=sGx8H1OBxLawQ@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Nov 06, 2017 at 01:14:00PM +0100, Dmitry Vyukov wrote:
> On Sun, Nov 5, 2017 at 11:04 PM, Eric Biggers <ebiggers3@gmail.com> wrote:
> > On Sun, Nov 05, 2017 at 11:34:34AM +0100, Greg KH wrote:
> >> On Sun, Nov 05, 2017 at 01:05:02AM -0800, syzbot wrote:
> >> > Hello,
> >> >
> >> > syzkaller hit the following crash on
> >> > b5ac3beb5a9f0ef0ea64cd85faf94c0dc4de0e42
> >> > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> >> > compiler: gcc (GCC) 7.1.1 20170620
> >> > .config is attached
> >> > Raw console output is attached.
> >>
> >> And again, this would be nicer to provide something that I could
> >> reproduce this with...
> >>
> >> thanks,
> >>
> >> greg k-h
> >>
> >
> > I just saw the same crash running syzkaller.  It was preceded by a fault
> > injection in tty_ldisc_get() here:
> >
> >         ld = kmalloc(sizeof(struct tty_ldisc), GFP_KERNEL);
> >         if (ld == NULL) {
> >                 put_ldops(ldops);
> >                 return ERR_PTR(-ENOMEM);
> >         }
> >
> > So then it panics at:
> >
> >         if (IS_ERR(ld))
> >                 panic("n_tty: init_tty");
> >
> > It seems that syzkaller needs to do a better job reproducing and reporting bugs
> > that are only reproducible with fault injection.
> 
> Filed https://github.com/google/syzkaller/issues/410 for this.
> We try to reproduce bugs with failure injection, but somehow we failed
> this time.

Ah a big note somewhere saying "We are injecting faults in the system"
might be nice so we can know to ignore them for stuff like startup logic
such as this :)

thanks,

greg k-h