lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+ZeOE7QNRTW1sN3_Op9c_ALohMG+fD=UUh5-KJN2PjQ3w@mail.gmail.com>
Date:	Mon, 23 Nov 2015 09:30:13 +0100
From:	Dmitry Vyukov <dvyukov@...gle.com>
To:	Hugh Dickins <hughd@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	"linux-mm@...ck.org" <linux-mm@...ck.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Sasha Levin <sasha.levin@...cle.com>
Cc:	syzkaller <syzkaller@...glegroups.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Alexander Potapenko <glider@...gle.com>,
	Eric Dumazet <edumazet@...gle.com>
Subject: Re: WARNING in shmem_evict_inode

On Mon, Nov 9, 2015 at 9:55 AM, Dmitry Vyukov <dvyukov@...gle.com> wrote:
> Hello,
>
> The following program:
>
> // autogenerated by syzkaller (http://github.com/google/syzkaller)
> #include <syscall.h>
> #include <string.h>
> #include <stdint.h>
> #include <pthread.h>
>
> #define SYS_memfd_create 319
>
> long fd;
>
> void *thr(void *p)
> {
>         syscall(SYS_ftruncate, fd, 0x8ul, 0, 0, 0, 0);
>         return 0;
> }
>
> int main()
> {
>         pthread_t th;
>
>         syscall(SYS_mmap, 0x20000000ul, 0x10000ul, 0x3ul, 0x32ul,
> 0xfffffffffffffffful, 0x0ul);
>         memcpy((void*)0x20000f96, "\x23\x65\x6d\x31\x07\x2b\x27\x29\x00", 9);
>         fd = syscall(SYS_memfd_create, 0x20000f96ul, 0x2ul, 0, 0, 0, 0);
>         syscall(SYS_fallocate, fd, 0x0ul, 0x31d89288ul, 0x4ul, 0, 0);
>         syscall(SYS_mmap, 0x20061000ul, 0xc00000ul,
> 0x1a9d91e04768640bul, 0x11ul, fd, 0x0ul);
>         pthread_create(&th, 0, thr, 0);
>         syscall(SYS_fstat, fd, 0x20550fcful, 0, 0, 0, 0);
>         pthread_join(th, 0);
>         return 0;
> }
>
>
> triggers WARNING in shmem_evict_inode:
>
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 10442 at mm/shmem.c:625 shmem_evict_inode+0x335/0x480()
> Modules linked in:
> CPU: 1 PID: 8944 Comm: executor Not tainted 4.3.0+ #39
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
>  00000000ffffffff ffff88006c6afab8 ffffffff81aad406 0000000000000000
>  ffff88006e39ac80 ffffffff83091660 ffff88006c6afaf8 ffffffff81100829
>  ffffffff814192e5 ffffffff83091660 0000000000000271 ffff88003d075aa8
> Call Trace:
>  [<ffffffff81100a59>] warn_slowpath_null+0x29/0x30 kernel/panic.c:480
>  [<ffffffff814192e5>] shmem_evict_inode+0x335/0x480 mm/shmem.c:625
>  [<ffffffff8151560e>] evict+0x26e/0x580 fs/inode.c:542
>  [<     inline     >] iput_final fs/inode.c:1477
>  [<ffffffff81515f30>] iput+0x4a0/0x790 fs/inode.c:1504
>  [<     inline     >] dentry_iput fs/dcache.c:358
>  [<ffffffff8150667e>] __dentry_kill+0x4fe/0x700 fs/dcache.c:543
>  [<     inline     >] dentry_kill fs/dcache.c:587
>  [<ffffffff8150be7b>] dput+0x6ab/0x7a0 fs/dcache.c:796
>  [<ffffffff814c499b>] __fput+0x3fb/0x6e0 fs/file_table.c:226
>  [<ffffffff814c4d05>] ____fput+0x15/0x20 fs/file_table.c:244
>  [<ffffffff8115ab23>] task_work_run+0x163/0x1f0 kernel/task_work.c:115
>  [<     inline     >] exit_task_work include/linux/task_work.h:21
>  [<ffffffff81105049>] do_exit+0x7f9/0x2b80 kernel/exit.c:748
>  [<ffffffff8110b268>] do_group_exit+0x108/0x320 kernel/exit.c:878
>  [<     inline     >] SYSC_exit_group kernel/exit.c:889
>  [<ffffffff8110b49d>] SyS_exit_group+0x1d/0x20 kernel/exit.c:887
> ---[ end trace 43da88a03e29c2a5 ]---
>
>
> Run the program in a loop, as the WARNING seems to be triggered by a race.
>
> On commit d1e41ff11941784f469f17795a4d9425c2eb4b7a (Nov 5).
> But I was also able to reproduce it on a 3.11-based kernel.


Hello,

This is still happening periodically for me. Is anybody looking at this?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ