lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CACT4Y+YqSwZyBi7Pj8o=QXCa1YWzFO2J9wFi31FDvKuEMrbA4Q@mail.gmail.com>
Date:   Mon, 19 Sep 2022 06:50:25 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Hillf Danton <hdanton@...a.com>
Cc:     syzbot <syzbot+5e87db90e68fbc4707c6@...kaller.appspotmail.com>,
        linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] BUG: soft lockup in tx

On Sun, 18 Sept 2022 at 13:03, Hillf Danton <hdanton@...a.com> wrote:
>
> On 17 Sep 2022 22:29:32 -0700
> > syzbot found the following issue on:
> >
> > HEAD commit:    a6b443748715 Merge branch 'for-next/core', remote-tracking..
> > git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci
> > console output: https://syzkaller.appspot.com/x/log.txt?x=176b1680880000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=14bf9ec0df433b27
> > dashboard link: https://syzkaller.appspot.com/bug?extid=5e87db90e68fbc4707c6
> > compiler:       Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2
> > userspace arch: arm64
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11b22b10880000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=15fce87f080000
>
> Remove the soft hog in caif uart.
>
> #syz test https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git  a6b443748715
>
> --- a/drivers/net/caif/caif_serial.c
> +++ b/drivers/net/caif/caif_serial.c
> @@ -210,6 +210,7 @@ static int handle_tx(struct ser_device *
>         struct tty_struct *tty;
>         struct sk_buff *skb;
>         int tty_wr, len, room;
> +       unsigned long ts;
>
>         tty = ser->tty;
>         ser->tx_started = true;
> @@ -218,8 +219,11 @@ static int handle_tx(struct ser_device *
>         if (test_and_set_bit(CAIF_SENDING, &ser->state))
>                 return 0;
>
> +       ts = jiffies + 2;
>         /* skb_peek is safe because handle_tx is called after skb_queue_tail */
>         while ((skb = skb_peek(&ser->head)) != NULL) {
> +               if (jiffies > ts)
> +                       break;
>
>                 /* Make sure you don't write too much */
>                 len = skb->len;

Hi Hillf,

I don't know if it's a good fix on its own or not,
but arm64 command line parsing is currently broken and does not allows
us to increase stall timeouts:
https://groups.google.com/g/syzkaller-bugs/c/QoFsDszFLxY/m/mnnUTKuJAAAJ
This may lead to some false stall reports (the timeout is 22s, but we
set it to 300s on syzbot).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ