lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 8 Jan 2020 10:03:48 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc:     syzbot <syzbot+f2ca20d4aa1408b0385a@...kaller.appspotmail.com>,
        alexander.deucher@....com, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...el.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...hat.com>, nicholas.kazlauskas@....com,
        Rik van Riel <riel@...riel.com>, sunpeng.li@....com,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        "the arch/x86 maintainers" <x86@...nel.org>, zhan.liu@....com
Subject: Re: WARNING in switch_fpu_return

On Wed, Jan 8, 2020 at 9:55 AM Sebastian Andrzej Siewior
<bigeasy@...utronix.de> wrote:
>
> Hi Dmitry,
>
> On 2020-01-08 05:28:31 [+0100], Dmitry Vyukov wrote:
> > > > userspace arch: i386
> > >
> > > So I tried to reproduce this. syz-prog2c made .c out of the above link.
> > > It starts with:
> > > |int main(void)
> > > | {
> > > |   syscall(__NR_mmap, 0x20000000ul, 0x1000000ul, 3ul, 0x32ul, -1, 0);
> >
> > Hi Sebastian,
> >
> > If you want to generate a C repro for 386 arch, you need to add
> > -arch=386 flag to syz-prog2c (then it hopefully should use mmap2).
>
> Ah okay. I've been looking at
>         https://github.com/google/syzkaller/blob/master/docs/syzbot.md#crash-does-not-reproduce
>
> and it says
> |Note: if the report contains userspace arch: i386, then the program
> |needs to be built with -m32 flag.
>
> and with the argument you mentioned it the compiled C code uses mmap2.
> Thanks.
> Now the 32bit testcase reboots, too :)
>
> > But FWIW syzbot wasn't able to reproduce it with a C program,
> > otherwise it would have been provided it. But that may be for various
> > reasons.
>
> Yeah, my memory was also that a C-testcase is provided. But there was this
>         https://syzkaller.appspot.com/x/repro.syz?x=10cc8971e00000
>
> link so I assumed I should use it myself and I missed the update that
> something changed.
> So what should I do with the file above? Feed it to `syz-execprog' or is
> it a rough idea what the test case should have done?

Yes, the syz program can be executed with syz-execprog utility:

https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md

However, since it's a KVM bug, it may be somewhat special. At least
there were some special ones historically. For example, behavior may
also depend on the host OS. So maybe you already reproduced it, it's
just that in syzbot environment it caused the WARNING, but in your
environment it causes the reboot. I have no indication that it's
actually the case. But I just want to warn that reproduction of some
KVM bugs proved to be tricky in the past. I am sure that syzbot was
able to trigger that exact warning on that exact kernel version/config
using that exact program. But it happened in one particular
environment.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ