lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <15c0859f-445f-4159-9b38-3af6d9a2a572@intel.com>
Date: Tue, 15 Oct 2024 16:40:48 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Marius Fleischer <fleischermarius@...il.com>, Jens Axboe <axboe@...nel.dk>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>,
 Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
 Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
 Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org,
 syzkaller@...glegroups.com, harrisonmichaelgreen@...il.com,
 Pavel Begunkov <asml.silence@...il.com>, io-uring@...r.kernel.org
Subject: Re: WARNING in get_pat_info

On 10/15/24 15:29, Marius Fleischer wrote:
> Hi Jens,
> Please find the config we used for testing the reproducer on v5.15.167
> - hope that helps.
> 
> Which of the reproducers did you try? Upon more testing, it seems like the
> C reproducer (repro.c) is a little unstable on v5.15.167 but repro.syz works
> fine. Instructions on how to run repro.syz are here:
> https://github.com/google/syzkaller/blob/master/docs/executing_syzkaller_programs.md

FWIW, those instructions don't work if you don't have 'go' in your path
already.  Even when you do, it apparently needs to be a pretty recent
version.

They also say "Unpack it (a tarball) to $HOME/goroot".  I read that as:

	mkdir $HOME/goroot
	cd $HOME/goroot
	tar -zxf $TARBALL

When I think it really means something like:

	cd $HOME
	tar -zxf $TARBALL
	mv go goroot

or something.

I figured it out eventually, but it would be nice to make those
instructions a _bit_ more clear, especially for folks that don't have a
recent go toolchain already sitting around.

Oh, and the go toolchain had a jolly old time beating up on my poor
little 4GB-of-RAM test VM.  I had to double its RAM just to compile this
beast.

> TL;DR compile syzkaller, copy syz-execprog, syz-executor, repro.syz into
> the VM and run the command below inside the VM
> ./syz-execprog -executor=./syz-executor -procs=8 -repeat=0 repro.syz
> 
> Please let me know if you need more details from us!

It didn't reproduce for me, either, at least ~10k executed programs in.
How long should it take?

The next step would be to figure out specifically why get_pat_info()
failed.  To double check that io_uring is the thing that's involved and
(presumably) why follow_phys() failed.  Basically, I think we need to
know what state the page tables and the VMA were in.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ