lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 28 Sep 2020 18:13:42 +0200
From:   Thomas Gleixner <tglx@...utronix.de>
To:     syzbot <syzbot+ca740b95a16399ceb9a5@...kaller.appspotmail.com>,
        davem@...emloft.net, hchunhui@...l.ustc.edu.cn, hdanton@...a.com,
        ja@....bg, jmorris@...ei.org, kuznet@....inr.ac.ru,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com, yoshfuji@...ux-ipv6.org,
        Johannes Berg <johannes.berg@...el.com>
Subject: Re: WARNING in hrtimer_forward

On Sun, Sep 27 2020 at 07:29, syzbot wrote:
> syzbot has bisected this issue to:
>
> commit 0e7bbcc104baaade4f64205e9706b7d43c46db7d
> Author: Julian Anastasov <ja@....bg>
> Date:   Wed Jul 27 06:56:50 2016 +0000
>
>     neigh: allow admin to set NUD_STALE
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1661d187900000
> start commit:   ba5f4cfe bpf: Add comment to document BTF type PTR_TO_BTF_..
> git tree:       bpf-next
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=1561d187900000
> console output: https://syzkaller.appspot.com/x/log.txt?x=1161d187900000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=d44e1360b76d34dc
> dashboard link: https://syzkaller.appspot.com/bug?extid=ca740b95a16399ceb9a5
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1148fe4b900000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12f5218d900000
>
> Reported-by: syzbot+ca740b95a16399ceb9a5@...kaller.appspotmail.com
> Fixes: 0e7bbcc104ba ("neigh: allow admin to set NUD_STALE")

That bisect does not make any sense and reverting the commit on top of
next does not help either.

What happens is:

            fail-16132   [029] ....   933.714866: sys_enter: NR 16 (3, 8b28, 20000000, 0, 0, 0)
          <idle>-0       [001] d.s2   933.715768: hrtimer_cancel: hrtimer=00000000fe9fe1b9
          <idle>-0       [001] ..s1   933.715771: hrtimer_expire_entry: hrtimer=00000000fe9fe1b9 function=mac80211_hwsim_beacon now=933716506319
            fail-16132   [029] d..1   933.715794: hrtimer_start: hrtimer=00000000fe9fe1b9 function=mac80211_hwsim_beacon expires=933818720770 softexpires=933818720770 mode=REL|SOFT
          <idle>-0       [001] ..s1   933.715812: hrtimer_forward: hrtimer=00000000fe9fe1b9

So the timer was armed at some point and then the expiry which does the
forward races with the ioctl which starts the timer. Lack of
serialization or such ...

Thanks,

        tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ