lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADvbK_e7LXc7minSmaPw6iZvjWo215wG-pPAS0gr58+-VxUO7Q@mail.gmail.com>
Date:   Sun, 20 May 2018 16:26:03 +0800
From:   Xin Long <lucien.xin@...il.com>
To:     Eric Dumazet <eric.dumazet@...il.com>,
        Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
Cc:     syzbot <syzbot+3dcd59a1f907245f891f@...kaller.appspotmail.com>,
        ast@...nel.org, Daniel Borkmann <daniel@...earbox.net>,
        LKML <linux-kernel@...r.kernel.org>,
        network dev <netdev@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: INFO: rcu detected stall in is_bpf_text_address

On Sat, May 19, 2018 at 11:57 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> SCTP experts, please take a look.
>
> On 05/19/2018 08:55 AM, syzbot wrote:
>> Hello,
>>
>> syzbot found the following crash on:
>>
>> HEAD commit:    73fcb1a370c7 Merge branch 'akpm' (patches from Andrew)
>> git tree:       upstream
>> console output: https://syzkaller.appspot.com/x/log.txt?x=1462ec0f800000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=f3b4e30da84ec1ed
>> dashboard link: https://syzkaller.appspot.com/bug?extid=3dcd59a1f907245f891f
>> compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
>> syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=1079cf8f800000
Thank you.
The Reproducer is more than helpful.

setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0,
&(0x7f0000000140)={0x0, 0x6, 0x7, 0x4}, 0x10)

It set rto_min=6 and rto_max=7, these are too small values.
t3_rtx timer works fine with it. But hb_timer will get stuck there, as
in its timer handler it starts this timer again with this value, then
it goes to the timer handler again...

HB has to repeat this and the hb timer's expire may also have to use
'trans->rto >> 1 ...' stuff. But we can limit the RTO's min value, like
HZ/20, which is 'Try again later.' number used when sock lock is
owned by others in all timer handlers.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ