lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 Jun 2022 12:07:53 -0600
From:   Yu Zhao <yuzhao@...gle.com>
To:     Liam Howlett <liam.howlett@...cle.com>
Cc:     Qian Cai <quic_qiancai@...cinc.com>,
        "maple-tree@...ts.infradead.org" <maple-tree@...ts.infradead.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH v9 28/69] mm/mmap: reorganize munmap to use maple states

On Wed, Jun 15, 2022 at 8:25 AM Liam Howlett <liam.howlett@...cle.com> wrote:
>
> * Yu Zhao <yuzhao@...gle.com> [220611 17:50]:
> > On Sat, Jun 11, 2022 at 2:11 PM Yu Zhao <yuzhao@...gle.com> wrote:
> > >
> > > On Mon, Jun 6, 2022 at 10:40 AM Qian Cai <quic_qiancai@...cinc.com> wrote:
> > > >
> > > > On Mon, Jun 06, 2022 at 04:19:52PM +0000, Liam Howlett wrote:
> > > > > Does your syscall fuzzer create a reproducer?  This looks like arm64
> > > > > and says 5.18.0-next-20220603 again.  Was this bisected to the patch
> > > > > above?
> > > >
> > > > This was triggered by running the fuzzer over the weekend.
> > > >
> > > > $ trinity -C 160
> > > >
> > > > No bisection was done. It was only brought up here because the trace
> > > > pointed to do_mas_munmap() which was introduced here.
> > >
> > > Liam,
> > >
> > > I'm getting a similar crash on arm64 -- the allocator is madvise(),
> > > not mprotect(). Please take a look.
> >
> > Another crash on x86_64, which seems different:
>
> Thanks for this.  I was able to reproduce the other crashes that you and
> Qian reported.  I've sent out a patch set to Andrew to apply to the
> branch which includes the fix for them and an unrelated issue discovered
> when I wrote the testcases to cover what was going on here.

Thanks. I'm restarting the test and will report the results in a few hours.

> > BUG: KASAN: slab-out-of-bounds in mab_mas_cp+0x2d9/0x6c0
> > Write of size 136 at addr ffff88c5a2319c80 by task stress-ng/18461
                                                       ^^^^^^^^^

> As for this crash, I was unable to reproduce and the code I just sent
> out changes this code a lot.  Was this running with "trinity -c madvise"
> or another use case/fuzzer?

This is also stress-ng (same as the one on arm64). The test stopped
before it could try syzkaller (fuzzer).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ