Re: v4.14-rc3/arm64 DABT exception in atomic_inc() / __skb_clone()

[Wei Wei]

Sadly, the syzkaller characterized it as a non-reproducible bug and there were empty
 repro files. But if manually executing in VM like this â./syz-execprog -executor=
./syz-executor -repeat=0 -procs=16 -cover=0 crash-logâ, it crashed when executing exactly 
program 1056 using log0 provided.

I failed to generate the C reproducer with syz-repro as it said âno target compilerâ
in the final step. I would appreciate if you could give some hints.

Thanks,
Wei
> On 20 Oct 2017, at 7:14 AM, Mark Rutland <mark.rutland@xxxxxxx> wrote:
> 
> On Thu, Oct 19, 2017 at 10:16:08PM -0400, Wei Wei wrote:
>> Hi all,
> 
> Hi,
> 
>> I have fuzzed v4.14-rc3 using syzkaller and found a bug similar to that one [1].
>> But the call trace isnât the same. The atomic_inc() might handle a corrupted 
>> skb_buff.
>> 
>> The logs and config have been uploaded to my github repo [2].
>> 
>> [1] https://lkml.org/lkml/2017/10/2/216
>> [2] https://github.com/dotweiba/skb_clone_atomic_inc_bug
> 
> These do look very similar to what I was hitting; all appear to be
> misaligned atomics in the same path.
> 
> I see that you have some empty repro files in [2]. If you have any
> reproducers, would you mind sharing them?
> 
> If any of those are smaller or more reliable than the one I was able to
> generate [3], it might make it more obvious what's going on, and/or make
> it simpler to come up with a plain C reproducer.
> 
> Thanks,
> Mark.
> 
> [3] https://www.kernel.org/pub/linux/kernel/people/mark/bugs/20171002-skb_clone-misaligned-atomic/syzkaller.repro