Re: [syzbot] [net?] general protection fault in put_page (4)

[Matthieu Baerts <matttbe@kernel.org>]

Hi Aleksandr,

Thank you for your reply!

On 19/12/2024 10:59, Aleksandr Nogikh wrote:
> Hi Matthieu,
> 
> On Wed, Dec 18, 2024 at 7:06 PM 'Matthieu Baerts' via syzkaller-bugs
> <syzkaller-bugs@googlegroups.com> wrote:
>>
>> Hi Eric,
>>
>> On 17/12/2024 18:06, Eric Dumazet wrote:
>>> On Tue, Dec 17, 2024 at 6:03 PM syzbot
>>> <syzbot+38a095a81f30d82884c1@syzkaller.appspotmail.com> wrote:
>>>>
>>>> Hello,
>>>>
>>>> syzbot found the following issue on:
>>>>
>>>> HEAD commit:    78d4f34e2115 Linux 6.13-rc3
>>>> git tree:       upstream
>>>> console+strace: https://syzkaller.appspot.com/x/log.txt?x=16445730580000
>>>> kernel config:  https://syzkaller.appspot.com/x/.config?x=6c532525a32eb57d
>>>> dashboard link: https://syzkaller.appspot.com/bug?extid=38a095a81f30d82884c1
>>>> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
>>>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=169b0b44580000
>>>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13f502df980000
>>>>
>>>> Downloadable assets:
>>>> disk image: https://storage.googleapis.com/syzbot-assets/7129ee07f8aa/disk-78d4f34e.raw.xz
>>>> vmlinux: https://storage.googleapis.com/syzbot-assets/c23c0af59a16/vmlinux-78d4f34e.xz
>>>> kernel image: https://storage.googleapis.com/syzbot-assets/031aecf04ea7/bzImage-78d4f34e.xz
>>>>
>>>> The issue was bisected to:
>>>>
>>>> commit b83fbca1b4c9c45628aa55d582c14825b0e71c2b
>>>> Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
>>>> Date:   Mon Sep 2 10:45:53 2024 +0000
>>>>
>>>>     mptcp: pm: reduce entries iterations on connect
>>>>
>>>> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=163682df980000
>>>> final oops:     https://syzkaller.appspot.com/x/report.txt?x=153682df980000
>>>> console output: https://syzkaller.appspot.com/x/log.txt?x=113682df980000
>>
>> (...)
>>
>>> I spent some time on this bug before releasing it, because I have
>>> other syzbot reports probably
>>> caused by the same issue, hinting at shinfo->nr_frags corruption.
>>>
>>> I will hold these reports to avoid flooding the mailing list.
>>
>> Thank you for having released this bug report!
>>
>> The bisected commit looks unrelated. I don't know if we can tell syzbot
>> to "skip this commit and try harder".
> 
> As of now, it's not yet supported. I've added a +1 mention to the
> corresponding syzbot backlog issue:
> https://github.com/google/syzkaller/issues/3491

Thank you for that!

> I've also looked at the bisection log of this particular report and
> the only suspicious part is that syzbot could have been too eager to
> minimize the .config file. A different set of enabled options changed
> the cash title from "general protection fault in put_page" to "BUG:
> unable to handle kernel NULL pointer dereference in skb_release_data",
> but the rest of the bisection log looks reasonable to me.

OK, thank you for having looked! The other title sounds better to
describe this issue.

>> I'm trying to run a 'git bisect' on my side since this morning: the
>> issue seems to be older, between v6.10 and v6.11 if I'm not mistaken.
>> When using the same kernel config, I'm getting quite a few issues on
>> older commits (compilation, other warnings, etc.), plus the compilation
>> is slow on my laptop. I will update you if I can find anything useful.
> 
> If you find the proper guilty commit, it would also really help debug
> the bot's bisection result.

Will do if I can find something!

> In case it may help you during the manual bisection, syzbot
> cherry-picks this set of fix commits while doing the bisection:
> https://github.com/google/syzkaller/blob/master/pkg/vcs/linux_patches.go#L60

I appreciate the hint. It looks like all these commits are old enough to
be included in the range I'm testing for the moment.

I adapted my scripts to detect "other issues" and skip the commit.
Hopefully I can achieve something.

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.