Re: [syzbot] [net?] general protection fault in put_page (4)

From: Aleksandr Nogikh
Date: Thu Dec 19 2024 - 04:59:50 EST


Hi Matthieu,

On Wed, Dec 18, 2024 at 7:06 PM 'Matthieu Baerts' via syzkaller-bugs
<syzkaller-bugs@xxxxxxxxxxxxxxxx> wrote:
>
> Hi Eric,
>
> On 17/12/2024 18:06, Eric Dumazet wrote:
> > On Tue, Dec 17, 2024 at 6:03 PM syzbot
> > <syzbot+38a095a81f30d82884c1@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >>
> >> Hello,
> >>
> >> syzbot found the following issue on:
> >>
> >> HEAD commit: 78d4f34e2115 Linux 6.13-rc3
> >> git tree: upstream
> >> console+strace: https://syzkaller.appspot.com/x/log.txt?x=16445730580000
> >> kernel config: https://syzkaller.appspot.com/x/.config?x=6c532525a32eb57d
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=38a095a81f30d82884c1
> >> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> >> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=169b0b44580000
> >> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13f502df980000
> >>
> >> Downloadable assets:
> >> disk image: https://storage.googleapis.com/syzbot-assets/7129ee07f8aa/disk-78d4f34e.raw.xz
> >> vmlinux: https://storage.googleapis.com/syzbot-assets/c23c0af59a16/vmlinux-78d4f34e.xz
> >> kernel image: https://storage.googleapis.com/syzbot-assets/031aecf04ea7/bzImage-78d4f34e.xz
> >>
> >> The issue was bisected to:
> >>
> >> commit b83fbca1b4c9c45628aa55d582c14825b0e71c2b
> >> Author: Matthieu Baerts (NGI0) <matttbe@xxxxxxxxxx>
> >> Date: Mon Sep 2 10:45:53 2024 +0000
> >>
> >> mptcp: pm: reduce entries iterations on connect
> >>
> >> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=163682df980000
> >> final oops: https://syzkaller.appspot.com/x/report.txt?x=153682df980000
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=113682df980000
>
> (...)
>
> > I spent some time on this bug before releasing it, because I have
> > other syzbot reports probably
> > caused by the same issue, hinting at shinfo->nr_frags corruption.
> >
> > I will hold these reports to avoid flooding the mailing list.
>
> Thank you for having released this bug report!
>
> The bisected commit looks unrelated. I don't know if we can tell syzbot
> to "skip this commit and try harder".

As of now, it's not yet supported. I've added a +1 mention to the
corresponding syzbot backlog issue:
https://github.com/google/syzkaller/issues/3491

I've also looked at the bisection log of this particular report and
the only suspicious part is that syzbot could have been too eager to
minimize the .config file. A different set of enabled options changed
the cash title from "general protection fault in put_page" to "BUG:
unable to handle kernel NULL pointer dereference in skb_release_data",
but the rest of the bisection log looks reasonable to me.

>
> I'm trying to run a 'git bisect' on my side since this morning: the
> issue seems to be older, between v6.10 and v6.11 if I'm not mistaken.
> When using the same kernel config, I'm getting quite a few issues on
> older commits (compilation, other warnings, etc.), plus the compilation
> is slow on my laptop. I will update you if I can find anything useful.

If you find the proper guilty commit, it would also really help debug
the bot's bisection result.

In case it may help you during the manual bisection, syzbot
cherry-picks this set of fix commits while doing the bisection:
https://github.com/google/syzkaller/blob/master/pkg/vcs/linux_patches.go#L60

--
Aleksandr

>
> Cheers,
> Matt
> --
> Sponsored by the NGI0 Core fund.
>