| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <678b8e9e.050a0220.303755.0021.GAE@google.com> Date: Sat, 18 Jan 2025 03:21:02 -0800 From: syzbot <syzbot+827272712bd6d12c79a4@...kaller.appspotmail.com> To: hdanton@...a.com, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] [net?] KASAN: slab-use-after-free Read in handle_tx (2) Hello, syzbot has tested the proposed patch but the reproducer is still triggering an issue: INFO: rcu detected stall in corrupted rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-....: (10502 ticks this GP) idle=53f4/1/0x4000000000000000 softirq=13718/13719 fqs=4654 rcu: hardirqs softirqs csw/system rcu: number: 0 0 0 rcu: cputime: 104 0 52395 ==> 52510(ms) rcu: (t=10502 jiffies g=11589 q=64997 ncpus=4) CPU: 0 UID: 0 PID: 1415 Comm: aoe_tx0 Not tainted 6.13.0-rc7-syzkaller-g595523945be0-dirty #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194 Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 76 22 4a f6 48 89 df e8 ce a1 4a f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 c5 86 3b f6 65 8b 05 86 30 d7 74 85 c0 74 16 5b RSP: 0018:ffffc90006d4f9e8 EFLAGS: 00000246 RAX: 0000000000000002 RBX: ffffffff9ab12620 RCX: 1ffffffff2dd995e RDX: 0000000000000000 RSI: ffffffff8b6cd9e0 RDI: ffffffff8bd1efe0 RBP: 0000000000000293 R08: 0000000000000001 R09: fffffbfff2dca7be R10: ffffffff96e53df7 R11: 0000000000000002 R12: ffffffff9ab12728 R13: 0000000000000003 R14: 0000000000000001 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff88806a600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00772e000 CR3: 000000000df7e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> </IRQ> <TASK> spin_unlock_irqrestore include/linux/spinlock.h:406 [inline] uart_port_unlock_irqrestore include/linux/serial_core.h:786 [inline] uart_write+0x4c1/0xb30 drivers/tty/serial/serial_core.c:628 handle_tx+0x203/0x630 drivers/net/caif/caif_serial.c:236 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3620 [inline] dev_hard_start_xmit+0x9a/0x7b0 net/core/dev.c:3636 __dev_queue_xmit+0x7f0/0x43e0 net/core/dev.c:4466 dev_queue_xmit include/linux/netdevice.h:3168 [inline] tx+0xcc/0x190 drivers/block/aoe/aoenet.c:62 kthread+0x1e7/0x3c0 drivers/block/aoe/aoecmd.c:1237 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Tested on: commit: 59552394 Merge tag 'devicetree-fixes-for-6.13-2' of gi.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=1567e9df980000 kernel config: https://syzkaller.appspot.com/x/.config?x=d1cb4a1f148c0861 dashboard link: https://syzkaller.appspot.com/bug?extid=827272712bd6d12c79a4 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=111a4164580000
Powered by blists - more mailing lists