lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20191205131952.GD29780@localhost.localdomain>
Date:   Thu, 5 Dec 2019 14:19:52 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Daniel Axtens <dja@...ens.net>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        syzbot <syzbot+82e323920b78d54aaed5@...kaller.appspotmail.com>,
        kasan-dev <kasan-dev@...glegroups.com>,
        Andrii Nakryiko <andriin@...com>,
        Alexei Starovoitov <ast@...nel.org>, bpf <bpf@...r.kernel.org>,
        Martin KaFai Lau <kafai@...com>,
        LKML <linux-kernel@...r.kernel.org>,
        netdev <netdev@...r.kernel.org>,
        Song Liu <songliubraving@...com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Yonghong Song <yhs@...com>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>
Subject: Re: BUG: unable to handle kernel paging request in pcpu_alloc

On Fri, Dec 06, 2019 at 12:10:41AM +1100, Daniel Axtens wrote:
> Daniel Borkmann <daniel@...earbox.net> writes:
> > On Thu, Dec 05, 2019 at 03:35:21PM +1100, Daniel Axtens wrote:
> >> >> HEAD commit:    1ab75b2e Add linux-next specific files for 20191203
> >> >> git tree:       linux-next
> >> >> console output: https://syzkaller.appspot.com/x/log.txt?x=10edf2eae00000
> >> >> kernel config:  https://syzkaller.appspot.com/x/.config?x=de1505c727f0ec20
> >> >> dashboard link: https://syzkaller.appspot.com/bug?extid=82e323920b78d54aaed5
> >> >> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> >> >> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=156ef061e00000
> >> >> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=11641edae00000
> >> >>
> >> >> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> >> >> Reported-by: syzbot+82e323920b78d54aaed5@...kaller.appspotmail.com
> >> >
> >> > +Daniel, is it the same as:
> >> > https://syzkaller.appspot.com/bug?id=f6450554481c55c131cc23d581fbd8ea42e63e18
> >> > If so, is it possible to make KASAN detect this consistently with the
> >> > same crash type so that syzbot does not report duplicates?
> >> 
> >> It looks like both of these occur immediately after failure injection. I
> >> think my assumption that I could ignore the chance of failures in the
> >> per-cpu allocation path will have to be revisited. That's annoying.
> >> 
> >> I'll try to spin something today but Andrey feel free to pip me at the
> >> post again :)
> >> 
> >> I'm not 100% confident to call them dups just yet, but I'm about 80%
> >> confident that they are.
> >
> > Ok. Double checked BPF side yesterday night, but looks sane to me and the
> > fault also hints into pcpu_alloc() rather than BPF code. Daniel, from your
> > above reply, I read that you are aware of how the bisected commit would
> > have caused the fault?
> 
> Yes, this one is on me - I did not take into account the brutal
> efficiency of the fault injector when implementing my KASAN support for
> vmalloc areas. I have a fix, I'm just doing final tests now.

Perfect, thanks a lot!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ