lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <67dfe3c3-091e-4b8d-a817-3d3594b1f0ef@gmail.com>
Date: Tue, 2 Jul 2024 00:37:37 +0100
From: Pavel Begunkov <asml.silence@...il.com>
To: syzbot <syzbot+f7f9c893345c5c615d34@...kaller.appspotmail.com>,
 axboe@...nel.dk, io-uring@...r.kernel.org, linux-kernel@...r.kernel.org,
 syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [io-uring?] WARNING in io_cqring_event_overflow (2)

On 7/1/24 21:50, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    74564adfd352 Add linux-next specific files for 20240701
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=135c21d1980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=111e4e0e6fbde8f0
> dashboard link: https://syzkaller.appspot.com/bug?extid=f7f9c893345c5c615d34
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> 
> Unfortunately, I don't have any reproducer for this issue yet.
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/04b8d7db78fb/disk-74564adf.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/d996f4370003/vmlinux-74564adf.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/6e7e630054e7/bzImage-74564adf.xz
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+f7f9c893345c5c615d34@...kaller.appspotmail.com
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 5145 at io_uring/io_uring.c:703 io_cqring_event_overflow+0x442/0x660 io_uring/io_uring.c:703

Makes sense, it needs locking around overflowing, will fix it


> Modules linked in:
> CPU: 0 UID: 0 PID: 5145 Comm: kworker/0:4 Not tainted 6.10.0-rc6-next-20240701-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
> Workqueue: events io_fallback_req_func
> RIP: 0010:io_cqring_event_overflow+0x442/0x660 io_uring/io_uring.c:703
> Code: 0f 95 c0 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ed ae ed fc 90 0f 0b 90 e9 c5 fc ff ff e8 df ae ed fc 90 <0f> 0b 90 e9 6e fc ff ff e8 d1 ae ed fc c6 05 f6 ea f3 0a 01 90 48
> RSP: 0018:ffffc900040d7a08 EFLAGS: 00010293
> RAX: ffffffff84a5cf11 RBX: 0000000000000000 RCX: ffff8880299bbc00
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: 0000000000000000 R08: ffffffff84a5cb74 R09: 0000000000000000
> R10: dffffc0000000000 R11: ffffffff84a9f5d0 R12: ffff888021d0a000
> R13: 0000000000000000 R14: ffff888021d0a000 R15: 0000000000000000
> FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f4e669ff800 CR3: 000000002a360000 CR4: 00000000003526f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>   <TASK>
>   __io_post_aux_cqe io_uring/io_uring.c:816 [inline]
>   io_add_aux_cqe+0x27c/0x320 io_uring/io_uring.c:837
>   io_msg_tw_complete+0x9d/0x4d0 io_uring/msg_ring.c:78
>   io_fallback_req_func+0xce/0x1c0 io_uring/io_uring.c:256
>   process_one_work kernel/workqueue.c:3224 [inline]
>   process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3305
>   worker_thread+0x86d/0xd40 kernel/workqueue.c:3383
>   kthread+0x2f0/0x390 kernel/kthread.c:389
>   ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:144
>   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
>   </TASK>
> 
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
> 
> syzbot will keep track of this issue. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> 
> If the report is already addressed, let syzbot know by replying with:
> #syz fix: exact-commit-title
> 
> If you want to overwrite report's subsystems, reply with:
> #syz set subsystems: new-subsystem
> (See the list of subsystem names on the web dashboard)
> 
> If the report is a duplicate of another one, reply with:
> #syz dup: exact-subject-of-another-report
> 
> If you want to undo deduplication, reply with:
> #syz undup

-- 
Pavel Begunkov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ