| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 27 Mar 2021 14:50:29 +0800
From: Ming Lei <tom.leiming@...il.com>
To: syzbot <syzbot+8fede7e30c7cee0de139@...kaller.appspotmail.com>
Cc: Jens Axboe <axboe@...nel.dk>,
linux-block <linux-block@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] KASAN: use-after-free Read in disk_part_iter_next (2)
On Sat, Mar 27, 2021 at 1:01 AM syzbot
<syzbot+8fede7e30c7cee0de139@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot has tested the proposed patch but the reproducer is still triggering an issue:
> WARNING in kvm_wait
>
> ------------[ cut here ]------------
> raw_local_irq_restore() called with IRQs enabled
> WARNING: CPU: 1 PID: 10753 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x1d/0x20 kernel/locking/irqflag-debug.c:10
> Modules linked in:
> CPU: 1 PID: 10753 Comm: syz-executor.4 Not tainted 5.12.0-rc3-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:warn_bogus_irq_restore+0x1d/0x20 kernel/locking/irqflag-debug.c:10
> Code: be ff cc cc cc cc cc cc cc cc cc cc cc 80 3d a1 e7 2b 04 00 74 01 c3 48 c7 c7 20 92 6b 89 c6 05 90 e7 2b 04 01 e8 79 cf be ff <0f> 0b c3 48 39 77 10 0f 84 97 00 00 00 66 f7 47 22 f0 ff 74 4b 48
> RSP: 0018:ffffc90008f0f9c0 EFLAGS: 00010286
> RAX: 0000000000000000 RBX: ffff888021f02040 RCX: 0000000000000000
> RDX: ffff888017d4d4c0 RSI: ffffffff815c3875 RDI: fffff520011e1f2a
> RBP: 0000000000000200 R08: 0000000000000000 R09: 0000000000000000
> R10: ffffffff815bc60e R11: 0000000000000000 R12: 0000000000000003
> R13: ffffed10043e0408 R14: 0000000000000001 R15: ffff8880b9f35f40
> FS: 00000000022dd400(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00000000004e4a64 CR3: 0000000016964000 CR4: 0000000000350ee0
> Call Trace:
> kvm_wait arch/x86/kernel/kvm.c:860 [inline]
> kvm_wait+0xc9/0xe0 arch/x86/kernel/kvm.c:837
> pv_wait arch/x86/include/asm/paravirt.h:564 [inline]
> pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline]
> __pv_queued_spin_lock_slowpath+0x8b8/0xb40 kernel/locking/qspinlock.c:508
> pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:554 [inline]
> queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline]
> queued_spin_lock include/asm-generic/qspinlock.h:85 [inline]
> do_raw_spin_lock+0x200/0x2b0 kernel/locking/spinlock_debug.c:113
> spin_lock include/linux/spinlock.h:354 [inline]
> ext4_lock_group fs/ext4/ext4.h:3383 [inline]
> __ext4_new_inode+0x384f/0x5570 fs/ext4/ialloc.c:1188
> ext4_symlink+0x489/0xd50 fs/ext4/namei.c:3347
> vfs_symlink fs/namei.c:4176 [inline]
> vfs_symlink+0x10f/0x270 fs/namei.c:4161
> do_symlinkat+0x27a/0x300 fs/namei.c:4206
> do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
> entry_SYSCALL_64_after_hwframe+0x44/0xae
> RIP: 0033:0x465d67
> Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007ffda32c3708 EFLAGS: 00000202 ORIG_RAX: 0000000000000058
> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000465d67
> RDX: 00007ffda32c37f3 RSI: 00000000004bfab2 RDI: 00007ffda32c37e0
> RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffda32c35a0
> R10: 00007ffda32c3457 R11: 0000000000000202 R12: 0000000000000001
> R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffda32c37e0
This is another & un-related warning with original report, so I think
the patch in above
tree fixes the issue.
--
Ming Lei
Powered by blists - more mailing lists