lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <dc333b90-d8a4-488f-8c3e-9b2f3ed8b89c@linux.dev>
Date: Sat, 31 Aug 2024 12:02:21 +0800
From: Zhu Yanjun <yanjun.zhu@...ux.dev>
To: syzbot <syzbot+list6d1c113d5d8954339576@...kaller.appspotmail.com>,
 linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org,
 netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] Monthly rdma report (Aug 2024)

在 2024/8/27 16:43, syzbot 写道:
> Hello rdma maintainers/developers,
> 
> This is a 31-day syzbot report for the rdma subsystem.
> All related reports/information can be found at:
> https://syzkaller.appspot.com/upstream/s/rdma
> 
> During the period, 1 new issues were detected and 0 were fixed.
> In total, 5 issues are still open and 60 have been fixed so far.
> 
> Some of the still happening issues:
> 
> Ref Crashes Repro Title
> <1> 33      No    INFO: task hung in disable_device
>                    https://syzkaller.appspot.com/bug?extid=4d0c396361b5dc5d610f
> <2> 24      No    WARNING in rxe_pool_cleanup
>                    https://syzkaller.appspot.com/bug?extid=221e213bf17f17e0d6cd

I devled into this problem. From the call trace,we can go to this function:

void rxe_dealloc(struct ib_device *ib_dev)
{
	struct rxe_dev *rxe = container_of(ib_dev, struct rxe_dev, ib_dev);

	rxe_pool_cleanup(&rxe->uc_pool);
	rxe_pool_cleanup(&rxe->pd_pool);    <---- Here
	rxe_pool_cleanup(&rxe->ah_pool);
...
}

rxe_dealloc -- > rxe_pool_cleanup

It seems that pd_pool is not empty when pd_pool is cleaned up.

But from the call trace, it is difficult to find out why pd_pool not empty.

I am not sure if this problem can be reproduced or not.
If it can be reproduced, we can monitor alloc_pd and dealloc_pd 
functions to check if these 2 functions are matched.
Normally the number of invoked alloc_pd should be equal to the number of 
dealloc_pd.

And alloc_pd and dealloc_pd functions can be called via function 
pointers. So these 2 functions can be called from many places. Thus, it 
is difficult to check these 2 functions in source codes.

If it can be reproduced, we can use kprobe,bpf or add call traces to 
mointor the usages of the 2 functions. Then it is easier to find out why 
pd_pool not empty.

This is based on the fact that we can reproduce this problem.^_^

Zhu Yanjun

> <3> 2       No    possible deadlock in sock_set_reuseaddr
>                    https://syzkaller.appspot.com/bug?extid=af5682e4f50cd6bce838
> 
> ---
> This report is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
> 
> To disable reminders for individual bugs, reply with the following command:
> #syz set <Ref> no-reminders
> 
> To change bug's subsystems, reply with:
> #syz set <Ref> subsystems: new-subsystem
> 
> You may send multiple commands in a single email message.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ