On Thu, Feb 01, 2018 at 04:58:00PM -0800, syzbot wrote: > Hello, > > syzbot hit the following crash on upstream commit > 7109a04eae81c41ed529da9f3c48c3655ccea741 (Thu Feb 1 17:37:30 2018 +0000) > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide > > So far this crash happened 2 times on upstream. > C reproducer is attached.
Umm... How reproducible that is? > syzkaller reproducer is attached. > Raw console output is attached. > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached. Can't reproduce with gcc 5.4.1 (same .config, same C reproducer). It looks like __get_user_pages_locked() returning with *locked zeroed, but ->mmap_sem not dropped. I don't see what could've lead to it and attempts to reproduce had not succeeded so far... How long does it normally take for lockdep splat to trigger?
