Looking for guidance to reproduce a bug in drm/vkms reported by syzkaller

Daniel Vetter daniel.vetter at ffwll.ch
Sat Feb 22 10:07:29 UTC 2020 

On Sat, Feb 22, 2020 at 10:03 AM Melissa Wen <melissa.srw at gmail.com> wrote:
>
> Hi,
>
> I am trying to reproduce a syzkaller bug found in the vkms:
> - WARNING in vkms_gem_free_object
> - https://groups.google.com/forum/#!msg/syzkaller-bugs/_oARhriB1SA/PelnW1BqAwAJ
>
> However, I was not very successful in this task. As I don't know how to deal
> with syzkaller and I am not sure if I am following the right steps, it would be
> great if someone can give me some tips and guidance.
>
> First, looking at the bug history at:
> - https://syzkaller.appspot.com/bug?extid=e7ad70d406e74d8fc9d0,
> it seems like the bug still exists. Am I right?
>
> Second, here is a report of what I tried to do:
> Note: For testing, I use a VM (QEMU) with Debian 10 with a kernel compiled at
> - https://cgit.freedesktop.org/drm/drm-misc (branch drm-misc-next)
>
> 1 - Using the usual .config for my VM, I compiled and installed the kernel and,
> as root, ran the C program provided by syzkaller:
> - https://syzkaller.appspot.com/x/repro.c?x=15e27c53600000
> Nothing happened.
>
> 2 - Then, I checked the debug/panic/hacking/drm/i915 debugging/vkms settings on
> the .config reported by syzkaller:
> - https://syzkaller.appspot.com/x/.config?x=7cf4eed5fe42c31a
> and enabled the same things in my .config.
> I compiled and installed the kernel and ran the C program.
> Nothing happened.
>
> 3 - So, I reverted my current branch to the commit that generated the bug
> (as reported: 94e2ec3f7fef86506293a448273b2b4ee21e6195) and used the kernel on
> that state.
> Nothing happened.
>
> 4 - I decided to use the syzkaller .config without modifications and
> adaptations for my VM (although I didn't think it felt right). I compiled,
> installed... some boot problems happened, but the kernel worked. I ran the C
> program and nothing.
>
> So I gave up... for a while :)
>
> Does anyone have any advice for me?

Adding the syzbot people (you can just grab the mail address from the
report, should go to the right place), maybe they have some ideas what
would help in reproducing the bug. I never tried to repro a syzbot bug
before yet, so not really useful experience from my side :-/
-Daniel

> I have already searched for information on the Internet, but I am still stuck.
>
> The last thing that I noted is that syzkaller stopped providing a C program of
> this bug for crashes after the beginning of the year (I also don't know if it
> is something important).
>
> Thanks in advance,
>
> Melissa Wen



-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch

More information about the dri-devel mailing list