lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240829170222.3680522-1-nogikh@google.com>
Date: Thu, 29 Aug 2024 19:02:22 +0200
From: Aleksandr Nogikh <nogikh@...gle.com>
To: peterz@...radead.org
Cc: bsegall@...gle.com, dietmar.eggemann@....com, efault@....de, 
	juri.lelli@...hat.com, kprateek.nayak@....com, linux-kernel@...r.kernel.org, 
	mgorman@...e.de, mingo@...hat.com, rostedt@...dmis.org, tglx@...utronix.de, 
	vincent.guittot@...aro.org, vschneid@...hat.com, wuyun.abel@...edance.com, 
	youssefesmat@...omium.org, syzkaller-bugs@...glegroups.com, 
	dvyukov@...gle.com, syzkaller@...glegroups.com
Subject: Re: [PATCH 00/24] Complete EEVDF

This series has caused an explosion of different kernel crashes on our
syzbot instance that fuzzes linux-next. I guess, such kernel behavior
indicates some massive underlying memory corruption (?)

Some of the crash titles we've seen (we didn't release them -- there
were too many, 70+):

KASAN: stack-out-of-bounds Write in insn_decode 
kernel panic: stack is corrupted in vprintk_store
kernel panic: stack is corrupted in _printk
BUG: spinlock recursion in __schedule
WARNING in __put_task_struct
BUG: unable to handle kernel NULL pointer dereference in asm_exc_page_fault
WARNING in rng_dev_read
BUG: scheduling while atomic in prb_final_commit
kernel BUG in dequeue_rt_stack
BUG: scheduling while atomic in rcu_is_watching
BUG: spinlock recursion in copy_process
KASAN: slab-use-after-free Read in sched_core_enqueue
kernel panic: stack is corrupted in refill_stock
kernel panic: stack is corrupted in prb_reserve
WARNING: bad unlock balance in timekeeping_get_ns
KASAN: slab-use-after-free Read in set_next_task_fair

I wonder if the actual problem is already known and possibly there are
even some fix patches?

If not and if it may be of any help, we can try to come up with some
contained instruction to reproduce these issues with syzkaller.

--
Aleksandr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ