| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Nov 2015 09:30:13 +0100
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Hugh Dickins <hughd@...gle.com>,
Andrew Morton <akpm@...ux-foundation.org>,
"linux-mm@...ck.org" <linux-mm@...ck.org>,
LKML <linux-kernel@...r.kernel.org>,
Sasha Levin <sasha.levin@...cle.com>
Cc: syzkaller <syzkaller@...glegroups.com>,
Kostya Serebryany <kcc@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
Eric Dumazet <edumazet@...gle.com>
Subject: Re: WARNING in shmem_evict_inode
On Mon, Nov 9, 2015 at 9:55 AM, Dmitry Vyukov <dvyukov@...gle.com> wrote:
> Hello,
>
> The following program:
>
> // autogenerated by syzkaller (http://github.com/google/syzkaller)
> #include <syscall.h>
> #include <string.h>
> #include <stdint.h>
> #include <pthread.h>
>
> #define SYS_memfd_create 319
>
> long fd;
>
> void *thr(void *p)
> {
> syscall(SYS_ftruncate, fd, 0x8ul, 0, 0, 0, 0);
> return 0;
> }
>
> int main()
> {
> pthread_t th;
>
> syscall(SYS_mmap, 0x20000000ul, 0x10000ul, 0x3ul, 0x32ul,
> 0xfffffffffffffffful, 0x0ul);
> memcpy((void*)0x20000f96, "\x23\x65\x6d\x31\x07\x2b\x27\x29\x00", 9);
> fd = syscall(SYS_memfd_create, 0x20000f96ul, 0x2ul, 0, 0, 0, 0);
> syscall(SYS_fallocate, fd, 0x0ul, 0x31d89288ul, 0x4ul, 0, 0);
> syscall(SYS_mmap, 0x20061000ul, 0xc00000ul,
> 0x1a9d91e04768640bul, 0x11ul, fd, 0x0ul);
> pthread_create(&th, 0, thr, 0);
> syscall(SYS_fstat, fd, 0x20550fcful, 0, 0, 0, 0);
> pthread_join(th, 0);
> return 0;
> }
>
>
> triggers WARNING in shmem_evict_inode:
>
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 10442 at mm/shmem.c:625 shmem_evict_inode+0x335/0x480()
> Modules linked in:
> CPU: 1 PID: 8944 Comm: executor Not tainted 4.3.0+ #39
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> 00000000ffffffff ffff88006c6afab8 ffffffff81aad406 0000000000000000
> ffff88006e39ac80 ffffffff83091660 ffff88006c6afaf8 ffffffff81100829
> ffffffff814192e5 ffffffff83091660 0000000000000271 ffff88003d075aa8
> Call Trace:
> [<ffffffff81100a59>] warn_slowpath_null+0x29/0x30 kernel/panic.c:480
> [<ffffffff814192e5>] shmem_evict_inode+0x335/0x480 mm/shmem.c:625
> [<ffffffff8151560e>] evict+0x26e/0x580 fs/inode.c:542
> [< inline >] iput_final fs/inode.c:1477
> [<ffffffff81515f30>] iput+0x4a0/0x790 fs/inode.c:1504
> [< inline >] dentry_iput fs/dcache.c:358
> [<ffffffff8150667e>] __dentry_kill+0x4fe/0x700 fs/dcache.c:543
> [< inline >] dentry_kill fs/dcache.c:587
> [<ffffffff8150be7b>] dput+0x6ab/0x7a0 fs/dcache.c:796
> [<ffffffff814c499b>] __fput+0x3fb/0x6e0 fs/file_table.c:226
> [<ffffffff814c4d05>] ____fput+0x15/0x20 fs/file_table.c:244
> [<ffffffff8115ab23>] task_work_run+0x163/0x1f0 kernel/task_work.c:115
> [< inline >] exit_task_work include/linux/task_work.h:21
> [<ffffffff81105049>] do_exit+0x7f9/0x2b80 kernel/exit.c:748
> [<ffffffff8110b268>] do_group_exit+0x108/0x320 kernel/exit.c:878
> [< inline >] SYSC_exit_group kernel/exit.c:889
> [<ffffffff8110b49d>] SyS_exit_group+0x1d/0x20 kernel/exit.c:887
> ---[ end trace 43da88a03e29c2a5 ]---
>
>
> Run the program in a loop, as the WARNING seems to be triggered by a race.
>
> On commit d1e41ff11941784f469f17795a4d9425c2eb4b7a (Nov 5).
> But I was also able to reproduce it on a 3.11-based kernel.
Hello,
This is still happening periodically for me. Is anybody looking at this?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists