| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Nov 2015 14:24:45 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: David Miller <davem@...emloft.net>,
netdev <netdev@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
Jan Kara <jack@...e.cz>
Cc: syzkaller <syzkaller@...glegroups.com>,
Kostya Serebryany <kcc@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
Eric Dumazet <edumazet@...gle.com>,
Sasha Levin <sasha.levin@...cle.com>
Subject: yet another uninterruptable hang in sendfile
Hello,
On commit 8005c49d9aea74d382f474ce11afbbc7d7130bec (Nov 15).
The program is:
// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <syscall.h>
#include <string.h>
#include <stdint.h>
int main()
{
long r0 = syscall(SYS_socket, 0x10ul, 0x2ul, 0x0ul, 0, 0, 0);
long r1 = syscall(SYS_mmap, 0x20000000ul, 0x1000ul, 0x3ul,
0x32ul, 0xfffffffffffffffful, 0x0ul);
long r2 = syscall(SYS_mmap, 0x20001000ul, 0x1000ul, 0x3ul,
0x32ul, 0xfffffffffffffffful, 0x0ul);
*(uint64_t*)0x2000153f = 0x20001f99;
*(uint64_t*)0x20001547 = 0x67;
*(uint64_t*)0x2000154f = 0x20001fa5;
*(uint64_t*)0x20001557 = 0x5b;
*(uint64_t*)0x2000155f = 0x20001000;
*(uint64_t*)0x20001567 = 0x6;
long r9 = syscall(SYS_readv, r0, 0x2000153ful, 0x3ul, 0, 0, 0);
long r10 = syscall(SYS_mmap, 0x20002000ul, 0x1000ul, 0x3ul,
0x32ul, 0xfffffffffffffffful, 0x0ul);
memcpy((void*)0x20002000, "\x65\x74\x68\x31\x00", 5);
long r12 = syscall(SYS_memfd_create, 0x20002000ul, 0x1ul, 0, 0, 0, 0);
long r13 = syscall(SYS_fallocate, r12, 0x0ul, 0x5616e07ul, 0x1ul, 0, 0);
memcpy((void*)0x20000da2,
"\x02\xbe\x98\x59\x88\xb1\x7b\xfd\xe6\x27\x95\xdc\x18\x4e\x04\x87\x28\x1a\xd0\x30\x52\xcd\xa5\xee\x09\x7f\xfa\x7a\x9b\x72\x17\xfa\x2a\xa1\xe1\x60\x09\xbb\xaf\xdd\x0b\x5c\xa8\x18\x81\x4b\x6d\x42\x11\x20\x4a\xd7\x9e\x86\x8b\x63\xd2\x36\xbf\x5f\xb0\x36\x13\x82\x79\xc8\x31\x3b\x3b\x1e",
70);
memcpy((void*)0x200008b7,
"\x0a\x00\x33\xe8\x3d\xe7\x4a\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xbf\xce\xa1\x60",
28);
long r16 = syscall(SYS_sendto, r0, 0x20000da2ul, 0x46ul,
0x8000ul, 0x200008b7ul, 0x1cul);
long r17 = syscall(SYS_sendfile, r0, r12, 0x20000000ul,
0x4785d2c1ul, 0, 0);
return 0;
}
It hangs in unkillable state. It is probably similar issue to the
other reported issues related to sendfile:
https://groups.google.com/forum/#!topic/syzkaller/zfuHHRXL7Zg
https://groups.google.com/forum/#!topic/syzkaller/sjA9DrBQviw
However this one also blankets dmesg with zillions of:
[ 1682.801412] SELinux: unrecognized netlink message: protocol=0
nlmsg_type=0 sclass=netlink_route_socket
[ 1682.803565] SELinux: unrecognized netlink message: protocol=0
nlmsg_type=0 sclass=netlink_route_socket
[ 1682.804991] SELinux: unrecognized netlink message: protocol=0
nlmsg_type=0 sclass=netlink_route_socket
The program should be killable.
Thank you
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists