Hi Dave, > > TL;DR compile syzkaller, copy syz-execprog, syz-executor, repro.syz into > > the VM and run the command below inside the VM > > ./syz-execprog -executor=./syz-executor -procs=8 -repeat=0 repro.syz > > > > Please let me know if you need more details from us! > > It didn't reproduce for me, either, at least ~10k executed programs in. > How long should it take? > This is surprising to me - it triggers the crash within 4 seconds for me. syz-execprog should not even get to the state of printing the number of executed programs. Could you try compiling an older version of syzkaller, specifically the commit bf285f0cf1f7863e0b0d17980de703fab89476bb? I noticed that the instructions I linked to above mention that a difference in syzkaller version can lead to issues. Not sure if this is relevant, but I am using the bullseye image created with the script provided by syzkaller as described here https://github.com/google/syzkaller/blob/master/docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md#image. > The next step would be to figure out specifically why get_pat_info() > failed. To double check that io_uring is the thing that's involved and > (presumably) why follow_phys() failed. Basically, I think we need to > know what state the page tables and the VMA were in. Sorry, I am very inexperienced in debugging such crashes. Could you expand a little bit on what state of page tables and VMA exactly means? Are there some specific kernel structs I should dump? Best, Marius
