lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <001a113f64eedee31b05662594bc@google.com>
Date:   Mon, 26 Feb 2018 15:08:00 -0800
From:   syzbot <syzbot+0bf0519d6e0de15914fe@...kaller.appspotmail.com>
To:     davem@...emloft.net, herbert@...dor.apana.org.au,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        steffen.klassert@...unet.com, syzkaller-bugs@...glegroups.com
Subject: Re: WARNING in xfrm_state_fini (2)

syzbot has found reproducer for the following crash on net-next commit
ba6056a41cb09575a5ffe2fcfa9a0afb1b60eb92 (Mon Feb 26 15:37:24 2018 +0000)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

So far this crash happened 165 times on net-next, upstream.
C reproducer is attached.
syzkaller reproducer is attached.
Raw console output is attached.
compiler: gcc (GCC) 7.1.1 20170620
.config is attached.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0bf0519d6e0de15914fe@...kaller.appspotmail.com
It will help syzbot understand when the bug is fixed.

WARNING: CPU: 1 PID: 21 at net/xfrm/xfrm_state.c:2341  
xfrm_state_fini+0x46a/0x620 net/xfrm/xfrm_state.c:2341
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 4.16.0-rc2+ #242
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
  __dump_stack lib/dump_stack.c:17 [inline]
  dump_stack+0x194/0x24d lib/dump_stack.c:53
  panic+0x1e4/0x41c kernel/panic.c:183
  __warn+0x1dc/0x200 kernel/panic.c:547
  report_bug+0x211/0x2d0 lib/bug.c:184
  fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
  fixup_bug arch/x86/kernel/traps.c:247 [inline]
  do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
  do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
  invalid_op+0x58/0x80 arch/x86/entry/entry_64.S:957
RIP: 0010:xfrm_state_fini+0x46a/0x620 net/xfrm/xfrm_state.c:2341
RSP: 0018:ffff8801d9447150 EFLAGS: 00010293
RAX: ffff8801d9436580 RBX: ffff8801cd526200 RCX: ffffffff84e9ea7a
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff86ec96b8
RBP: ffff8801d94472a8 R08: 1ffff1003b288dbd R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1003b288e2c
R13: ffff8801d9447280 R14: 1ffff1003b288e30 R15: ffff8801cd527600
  xfrm_net_exit+0x25/0x70 net/xfrm/xfrm_policy.c:2978
  ops_exit_list.isra.6+0xae/0x150 net/core/net_namespace.c:146
  cleanup_net+0x5a3/0xbf0 net/core/net_namespace.c:539
  process_one_work+0xbbf/0x1af0 kernel/workqueue.c:2113
  worker_thread+0x223/0x1990 kernel/workqueue.c:2247
  kthread+0x33c/0x400 kernel/kthread.c:238
  ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:407
Dumping ftrace buffer:
    (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..


View attachment "raw.log.txt" of type "text/plain" (1048576 bytes)

View attachment "repro.syz.txt" of type "text/plain" (1524 bytes)

View attachment "repro.c.txt" of type "text/plain" (18502 bytes)

View attachment "config.txt" of type "text/plain" (137464 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ