lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAAehj2nufKB=TdrMkRJ8DmoD=7Gy6hH3=AuyWaHSY42jvT-sBA@mail.gmail.com>
Date:   Thu, 18 May 2023 11:50:21 +0800
From:   yang lan <lanyang0908@...il.com>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     axboe@...nel.dk, sashal@...nel.org, asml.silence@...il.com,
        dylany@...com, linux-kernel@...r.kernel.org,
        io-uring@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [Bug report] kernel panic: System is deadlocked on memory

Hi,

Thank you for your response.

Running this reproducer on 6.4-rc2, it occurs a segment fault when
executing the 93 lines of code in poc_io_uring_enter.c ( int32_t
sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); ).
However, it can be reproduced on the latest LTS kernel 5.10.180 and 5.15.112.
I guess it can be triggered on 6.4-rc2 too, by changing some arguments
or addresses of this reproducer?

Some data is in this email attachment. The poc_io_uring_enter.c is
exactly the C reproducer.

Regards,

Yang

Greg KH <gregkh@...uxfoundation.org> 于2023年5月17日周三 20:19写道:
>
> On Wed, May 17, 2023 at 08:02:38PM +0800, yang lan wrote:
> > Hi,
> >
> > We use our modified Syzkaller to fuzz the Linux kernel and found the
> > following issue:
> >
> > Head Commit: f1b32fda06d2cfb8eea9680b0ba7a8b0d5b81eeb
> > Git Tree: stable
> >
> > Console output: https://pastebin.com/raw/Ssz6eVA6
> > Kernel config: https://pastebin.com/raw/BiggLxRg
> > C reproducer: https://pastebin.com/raw/tM1iyfjr
> > Syz reproducer: https://pastebin.com/raw/CEF1R2jg
> >
> > root@...kaller:~# uname -a
> > Linux syzkaller 5.10.179 #5 SMP PREEMPT Mon May 1 23:59:32 CST 2023
>
> Does this also happen on 6.4-rc2?
>
>
> > x86_64 GNU/Linux
> > root@...kaller:~# gcc poc_io_uring_enter.c -o poc_io_uring_enter
> > root@...kaller:~# ./poc_io_uring_enter
> > ...
> > [  244.945440][ T3106]
> > oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=dhclient,pid=4526,uid=0
> > [  244.946537][ T3106] Out of memory: Killed process 4526 (dhclient)
>
> Is this using fault injection, or a normal operation?
>
> thanks,
>
> greg k-h

Download attachment "kernel_config" of type "application/octet-stream" (225672 bytes)

Download attachment "poc_io_uring_enter.c" of type "application/octet-stream" (13925 bytes)

Download attachment "log_kernel5.10.180" of type "application/octet-stream" (77173 bytes)

Download attachment "log_kernel5.15.112" of type "application/octet-stream" (75812 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ