| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b828162e-716a-4ccd-95bb-d51e31cea538@bsbernd.com> Date: Sat, 8 Feb 2025 01:02:38 +0100 From: Bernd Schubert <bernd@...ernd.com> To: Joanne Koong <joannelkoong@...il.com> Cc: Vlastimil Babka <vbabka@...e.cz>, Miklos Szeredi <miklos@...redi.hu>, Matthew Wilcox <willy@...radead.org>, Christian Heusel <christian@...sel.eu>, Josef Bacik <josef@...icpanda.com>, Miklos Szeredi <mszeredi@...hat.com>, regressions@...ts.linux.dev, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-mm <linux-mm@...ck.org>, Mantas Mikulėnas <grawity@...il.com> Subject: Re: [REGRESSION][BISECTED] Crash with Bad page state for FUSE/Flatpak related applications since v6.13 On 2/7/25 19:40, Joanne Koong wrote: > On Fri, Feb 7, 2025 at 3:16 AM Bernd Schubert <bernd@...ernd.com> wrote: >> >> >> >> On 2/7/25 11:55, Vlastimil Babka wrote: >>> On 2/7/25 11:43, Miklos Szeredi wrote: >>>> On Fri, 7 Feb 2025 at 11:25, Vlastimil Babka <vbabka@...e.cz> wrote: >>>> >>>>> Could be a use-after free of the page, which sets PG_lru again. The list >>>>> corruptions in __rmqueue_pcplist also suggest some page manipulation after >>>>> free. The -1 refcount suggests somebody was using the page while it was >>>>> freed due to refcount dropping to 0 and then did a put_page()? >>>> >>>> Can you suggest any debug options that could help pinpoint the offender? >>> >>> CONFIG_DEBUG_VM enables a check in put_page_testzero() that would catch the >>> underflow (modulo a tiny race window where it wouldn't). Worth trying. >> >> I typically run all of my tests with these options enabled >> >> https://github.com/bsbernd/tiny-qemu-virtio-kernel-config >> >> >> If Christian or Mantas could tell me what I need to install and run, I >> could probably quickly give it a try. >> > > Copying/pasting from [1], these are the repro steps that's listed: > > 1) Install Bottles: flatpak install flathub com.usebottles.bottles > 2) Open Bottles and create a bottle > 3) In a terminal open the kernel log using dmesg/journalctl in follow mode > 4) Once the bottle has been initialized, open it, select "Run > Executable" and point it at any Windows executable > Note that at that same moment a BUG: Bad page state in process fuse > mainloop error message will appear and the system will become > unresponsive (keyboard and mouse might still work but you'll be unable > to actually do anything, open or close any application, or even reboot > or shutdown; you are able to ping the device and initiate an SSH > connection but all it does is just display the banner) > Thanks Joanne! Hmm, I found "wmplayer" in a c drive, but there doesn't happen much 5241 pts/0 Ss 0:00 -bash 5317 pts/1 S+ 0:00 /home/bernd/.var/app/com.usebottles.bottles/data/bottles/runners/soda-9.0-1/bin/wi 5319 ? Ss 0:01 /home/bernd/.var/app/com.usebottles.bottles/data/bottles/runners/soda-9.0-1/bin/wi 5321 pts/1 S+ 0:01 C:\windows\system32\wineboot.exe --init 5345 ? Ssl 0:01 C:\windows\system32\services.exe 5348 ? Ssl 0:00 C:\windows\system32\winedevice.exe 5359 ? Ssl 0:01 C:\windows\system32\winedevice.exe 5360 ? I 0:00 [kworker/u130:0-rpciod] It runs it, but no system issue. I had also tried "Obfuscate", but didn't manage to feed it a file - it runs in the sandbox and no access to my $HOME. I need to see is if I can find some other files, but very late here and busy with something else. It also runs in x2gokdrive and wine then over another ssh hope to the vm guest, which has a kernel with all these debug options - slow. Bernd
Powered by blists - more mailing lists