lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <13da163a-d088-4b4d-8ad1-dbf609b03228@gmail.com>
Date: Mon, 4 Nov 2024 13:13:22 +0000
From: Pavel Begunkov <asml.silence@...il.com>
To: syzbot <syzbot+e333341d3d985e5173b2@...kaller.appspotmail.com>,
 axboe@...nel.dk, io-uring@...r.kernel.org, linux-kernel@...r.kernel.org,
 linux-usb@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [io-uring?] [usb?] WARNING in io_get_cqe_overflow (2)

On 11/4/24 11:31, syzbot wrote:
> syzbot has bisected this issue to:
> 
> commit 3f1a546444738b21a8c312a4b49dc168b65c8706
> Author: Jens Axboe <axboe@...nel.dk>
> Date:   Sat Oct 26 01:27:39 2024 +0000
> 
>      io_uring/rsrc: get rid of per-ring io_rsrc_node list
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=15aaa1f7980000
> start commit:   c88416ba074a Add linux-next specific files for 20241101
> git tree:       linux-next
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=17aaa1f7980000
> console output: https://syzkaller.appspot.com/x/log.txt?x=13aaa1f7980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=704b6be2ac2f205f
> dashboard link: https://syzkaller.appspot.com/bug?extid=e333341d3d985e5173b2
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16ec06a7980000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12c04740580000
> 
> Reported-by: syzbot+e333341d3d985e5173b2@...kaller.appspotmail.com
> Fixes: 3f1a54644473 ("io_uring/rsrc: get rid of per-ring io_rsrc_node list")
> 
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Previously all puts were done by requests, which in case of an exiting
ring were fallback'ed to normal tw. Now, the unregister path posts CQEs,
while the original task is still alive. Should be fine in general because
at this point there could be no requests posting in parallel and all
is synchronised, so it's a false positive, but we need to change the assert
or something else.

-- 
Pavel Begunkov

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ