| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <84930b72-d55d-90a2-e0df-29279545aa25@I-love.SAKURA.ne.jp>
Date: Sun, 8 Apr 2018 21:58:44 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: tiwai@...e.com, viro@...iv.linux.org.uk
Cc: syzbot <syzbot+4f2016cf5185da7759dc@...kaller.appspotmail.com>,
alsa-devel@...a-project.org, dan.carpenter@...cle.com,
linux-kernel@...r.kernel.org, mingo@...nel.org,
o-takashi@...amocchi.jp, perex@...ex.cz,
syzkaller-bugs@...glegroups.com
Subject: Re: INFO: rcu detected stall in io_playback_transfer
I manually simplified the reproducer.
It is quite strange that removing unshare() hides this lockup bug.
Also, explicitly closing by "close()" hides this lockup bug.
Triggering "fput() from do_exit()" from "different namespace"
somehow affects this lockup bug?
----------------------------------------
#define _GNU_SOURCE
#include <fcntl.h>
#include <sched.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <linux/soundcard.h>
int main(int argc, char *argv[])
{
const int fd = open("/dev/dsp1", O_RDWR);
int frag = (0 << 16) | 0;
char buf[48] = { };
unshare(CLONE_NEWNS);
ioctl(fd, SNDCTL_DSP_SETFRAGMENT, &frag);
write(fd, buf, sizeof(buf));
return 0;
}
----------------------------------------
Powered by blists - more mailing lists