lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <680fe81d-6d33-ef0a-95d2-0bb79430019d@I-love.SAKURA.ne.jp>
Date: Sun, 21 May 2023 14:04:03 +0900
From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To: Martin KaFai Lau <martin.lau@...ux.dev>,
        syzbot <syzbot+222aa26d0a5dbc2e84fe@...kaller.appspotmail.com>,
        syzkaller-bugs@...glegroups.com
Cc: amir73il@...il.com, bpf@...r.kernel.org, daniel@...earbox.net,
        davem@...emloft.net, edumazet@...gle.com, hdanton@...a.com,
        jack@...e.cz, kuba@...nel.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
        pabeni@...hat.com, peterz@...radead.org, torvalds@...ux-foundation.org,
        willemdebruijn.kernel@...il.com
Subject: Re: [syzbot] [fs?] INFO: task hung in synchronize_rcu (4)

On 2023/05/21 11:26, Martin KaFai Lau wrote:
> On 5/20/23 3:13 PM, syzbot wrote:
>> syzbot has found a reproducer for the following issue on:
>>
>> HEAD commit:    dcbe4ea1985d Merge branch '1GbE' of git://git.kernel.org/p..
>> git tree:       net-next
>> console output: https://syzkaller.appspot.com/x/log.txt?x=123ebd91280000
>> kernel config:  https://syzkaller.appspot.com/x/.config?x=f20b05fe035db814
>> dashboard link: https://syzkaller.appspot.com/bug?extid=222aa26d0a5dbc2e84fe
>> compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1495596a280000
>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1529326a280000
>>
>> Downloadable assets:
>> disk image: https://storage.googleapis.com/syzbot-assets/41b9dda0e686/disk-dcbe4ea1.raw.xz
>> vmlinux: https://storage.googleapis.com/syzbot-assets/64d9bece8f89/vmlinux-dcbe4ea1.xz
>> kernel image: https://storage.googleapis.com/syzbot-assets/42429896dca0/bzImage-dcbe4ea1.xz
>>
>> The issue was bisected to:
>>
>> commit 3b5d4ddf8fe1f60082513f94bae586ac80188a03
>> Author: Martin KaFai Lau <kafai@...com>
>> Date:   Wed Mar 9 09:04:50 2022 +0000
>>
>>      bpf: net: Remove TC_AT_INGRESS_OFFSET and SKB_MONO_DELIVERY_TIME_OFFSET macro
> 
> I am afraid this bisect is incorrect. The commit removed a redundant macro and is a no-op change.
> 
> 

But the reproducer is heavily calling bpf() syscall.

void execute_call(int call)
{
  switch (call) {
  case 0:
    NONFAILING(*(uint32_t*)0x200027c0 = 3);
    NONFAILING(*(uint32_t*)0x200027c4 = 4);
    NONFAILING(*(uint32_t*)0x200027c8 = 4);
    NONFAILING(*(uint32_t*)0x200027cc = 0x10001);
    NONFAILING(*(uint32_t*)0x200027d0 = 0);
    NONFAILING(*(uint32_t*)0x200027d4 = -1);
    NONFAILING(*(uint32_t*)0x200027d8 = 0);
    NONFAILING(memset((void*)0x200027dc, 0, 16));
    NONFAILING(*(uint32_t*)0x200027ec = 0);
    NONFAILING(*(uint32_t*)0x200027f0 = -1);
    NONFAILING(*(uint32_t*)0x200027f4 = 0);
    NONFAILING(*(uint32_t*)0x200027f8 = 0);
    NONFAILING(*(uint32_t*)0x200027fc = 0);
    NONFAILING(*(uint64_t*)0x20002800 = 0);
    syscall(__NR_bpf, 0ul, 0x200027c0ul, 0x48ul);
    break;
  }
}

Something caused infinite loop or too heavy stress to survive?
The first report was 7d31677bb7b1.
Rechecking or running the reproducer on commits shown by
"git log 7d31677bb7b1 net/bpf" might help.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ