lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 2 Feb 2023 15:10:10 -0800
From:   John Hubbard <jhubbard@...dia.com>
To:     David Howells <dhowells@...hat.com>,
        David Hildenbrand <david@...hat.com>
CC:     syzbot <syzbot+a440341a59e3b7142895@...kaller.appspotmail.com>,
        <davem@...emloft.net>, <edumazet@...gle.com>, <hch@....de>,
        <johannes@...solutions.net>, <kuba@...nel.org>,
        <linux-kernel@...r.kernel.org>, <linux-wireless@...r.kernel.org>,
        <netdev@...r.kernel.org>, <pabeni@...hat.com>,
        <syzkaller-bugs@...glegroups.com>
Subject: Re: [syzbot] general protection fault in skb_dequeue (3)

On 2/2/23 00:52, David Howells wrote:
> Hi John, David,
> 
> Could you have a look at this?

Sure. So far, I have reproduced a crash using your simplified test
program (it required three simulaneous running copies), and will look
deeper now.

In case it illuminates anything, the crash looked like this (below), and
was obtained *without* setting KASAN. Also a minor point: this is from a
git branch of the last commit in the series (commit fd20d0c1852e "block:
convert bio_map_user_iov to use iov_iter_extract_pages"), rather than
from top of linux-next.

Kernel panic - not syncing: corrupted stack end detected inside scheduler
CPU: 2 PID: 27177 Comm: syzbot_howells Not tainted 6.2.0-rc5-hubbard-github+ #3
Hardware name: ASUS X299-A/PRIME X299-A, BIOS 1503 08/03/2018
Call Trace:
  <TASK>
  dump_stack_lvl+0x4c/0x63
  panic+0x113/0x2c4
  ? folio_wait_bit_common+0xf6/0x360
  __schedule+0xd1b/0xd20
  schedule+0x5d/0xe0
  io_schedule+0x42/0x70
  folio_wait_bit_common+0x123/0x360
  ? __pfx_wake_page_function+0x10/0x10
  folio_wait_writeback+0x24/0x100
  __filemap_fdatawait_range+0x7a/0x120
  ? filemap_fdatawrite_wbc+0x69/0x80
  ? __filemap_fdatawrite_range+0x58/0x80
  filemap_write_and_wait_range+0x84/0xb0
  __iomap_dio_rw+0x183/0x830
  ? __lock_acquire+0x3b4/0x2620
  iomap_dio_rw+0xe/0x40
  ext4_file_read_iter+0x141/0x1c0
  generic_file_splice_read+0x90/0x160
  splice_direct_to_actor+0xb1/0x210
  ? __pfx_direct_splice_actor+0x10/0x10
  do_splice_direct+0x8c/0xd0
  do_sendfile+0x352/0x600
  do_syscall_64+0x37/0x90
  entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f322d5116be
Code: c3 0f 1f 00 4c 89 d2 4c 89 c6 e9 fd fd ff ff 0f 1f 44 00 00 31 c0 c3 0f 1f 44 00 00 f3 0f 1e fa 49 89 ca b8 28 00 00 00 0f 05 <48> 3d 01 f0 ff ff8
RSP: 002b:00007ffd8c914538 EFLAGS: 00000202 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007ffd8c914678 RCX: 00007f322d5116be
RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
RBP: 0000000000000003 R08: 0000000000000001 R09: 00007f322d7f6740
R10: 000000000001dd00 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffd8c914690 R14: 0000558a11e29d78 R15: 00007f322d843020
  </TASK>

thanks,
-- 
John Hubbard
NVIDIA

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ