lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89i+AN-6FrEhbGM_3JCAW9esRhdhka-=aXQYkxTP2+VGJ-w@mail.gmail.com> Date: Wed, 12 Oct 2022 09:42:39 -0700 From: Eric Dumazet <edumazet@...gle.com> To: Jiri Pirko <jiri@...nulli.us> Cc: Dmitry Vyukov <dvyukov@...gle.com>, syzbot <syzbot+60748c96cf5c6df8e581@...kaller.appspotmail.com>, davem@...emloft.net, kuba@...nel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com Subject: Re: [syzbot] kernel panic: kernel stack overflow On Wed, Oct 12, 2022 at 8:08 AM Jiri Pirko <jiri@...nulli.us> wrote: > > Wed, Oct 12, 2022 at 03:54:59PM CEST, dvyukov@...gle.com wrote: > >On Wed, 12 Oct 2022 at 15:11, Jiri Pirko <jiri@...nulli.us> wrote: > >> > >> Wed, Oct 12, 2022 at 09:53:27AM CEST, dvyukov@...gle.com wrote: > >> >On Wed, 12 Oct 2022 at 09:48, syzbot > >> ><syzbot+60748c96cf5c6df8e581@...kaller.appspotmail.com> wrote: > >> >> > >> >> Hello, > >> >> > >> >> syzbot found the following issue on: > >> >> > >> >> HEAD commit: bbed346d5a96 Merge branch 'for-next/core' into for-kernelci > >> >> git tree: git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci > >> >> console output: https://syzkaller.appspot.com/x/log.txt?x=14a03a2a880000 > >> >> kernel config: https://syzkaller.appspot.com/x/.config?x=aae2d21e7dd80684 > >> >> dashboard link: https://syzkaller.appspot.com/bug?extid=60748c96cf5c6df8e581 > >> >> compiler: Debian clang version 13.0.1-++20220126092033+75e33f71c2da-1~exp1~20220126212112.63, GNU ld (GNU Binutils for Debian) 2.35.2 > >> >> userspace arch: arm64 > >> >> > >> >> Unfortunately, I don't have any reproducer for this issue yet. > >> >> > >> >> Downloadable assets: > >> >> disk image: https://storage.googleapis.com/syzbot-assets/11078f50b80b/disk-bbed346d.raw.xz > >> >> vmlinux: https://storage.googleapis.com/syzbot-assets/398e5f1e6c84/vmlinux-bbed346d.xz > >> >> > >> >> IMPORTANT: if you fix the issue, please add the following tag to the commit: > >> >> Reported-by: syzbot+60748c96cf5c6df8e581@...kaller.appspotmail.com > >> > > >> >+Jiri > >> > > >> >It looks like the issue is with the team device. It seems to call > >> >itself infinitely. > >> >team_device_event was mentioned in stack overflow bugs in the past: > >> >https://groups.google.com/g/syzkaller-bugs/search?q=%22team_device_event%22 > >> > >> Hi, do you have dmesg output available by any chance? > > > >Hi Jiri, > > > >syzbot attaches dmesg output to every report under the "console output" link. > > I see. I guess the debug messages are not printed out, I don't see them > there. Would it be possible to turn them on? What debug messages do you need ? There is a nice stack trace [1] with file:number available My guess was that for some reason the team driver does not enforce a max nest level of 8 ? https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=65921376425fc9c8b7ce647e1f7989f7cdf5dd70 [1] CPU: 1 PID: 16874 Comm: syz-executor.3 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 Call trace: dump_backtrace+0x1c4/0x1f0 arch/arm64/kernel/stacktrace.c:156 show_stack+0x2c/0x54 arch/arm64/kernel/stacktrace.c:163 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x104/0x16c lib/dump_stack.c:106 dump_stack+0x1c/0x58 lib/dump_stack.c:113 panic+0x218/0x50c kernel/panic.c:274 nmi_panic+0xbc/0xf0 kernel/panic.c:169 panic_bad_stack+0x134/0x154 arch/arm64/kernel/traps.c:906 handle_bad_stack+0x34/0x48 arch/arm64/kernel/entry-common.c:848 __bad_stack+0x78/0x7c arch/arm64/kernel/entry.S:549 mark_lock+0x4/0x1b4 kernel/locking/lockdep.c:4593 lock_acquire+0x100/0x1f8 kernel/locking/lockdep.c:5666 do_write_seqcount_begin_nested include/linux/seqlock.h:516 [inline] do_write_seqcount_begin include/linux/seqlock.h:541 [inline] psi_group_change+0x128/0x3d0 kernel/sched/psi.c:705 psi_task_switch+0x9c/0x310 kernel/sched/psi.c:851 psi_sched_switch kernel/sched/stats.h:194 [inline] __schedule+0x554/0x5a0 kernel/sched/core.c:6489 preempt_schedule_irq+0x64/0x110 kernel/sched/core.c:6806 arm64_preempt_schedule_irq arch/arm64/kernel/entry-common.c:265 [inline] __el1_irq arch/arm64/kernel/entry-common.c:473 [inline] el1_interrupt+0x4c/0x68 arch/arm64/kernel/entry-common.c:485 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:490 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577 arch_local_irq_restore+0x8/0x10 arch/arm64/include/asm/irqflags.h:122 lock_is_held include/linux/lockdep.h:283 [inline] __might_resched+0x7c/0x218 kernel/sched/core.c:9854 __might_sleep+0x48/0x78 kernel/sched/core.c:9821 might_alloc include/linux/sched/mm.h:274 [inline] slab_pre_alloc_hook mm/slab.h:700 [inline] slab_alloc_node mm/slub.c:3162 [inline] kmem_cache_alloc_node+0x80/0x370 mm/slub.c:3298 __alloc_skb+0xf8/0x378 net/core/skbuff.c:422 alloc_skb include/linux/skbuff.h:1257 [inline] nlmsg_new include/net/netlink.h:953 [inline] genlmsg_new include/net/genetlink.h:410 [inline] ethnl_default_notify+0x16c/0x320 net/ethtool/netlink.c:640 ...
Powered by blists - more mailing lists