lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANp29Y7c_TKiLRGpdZ_PjE-o1k4BfGiRqh-2=2+Sk1R3iL2e4w@mail.gmail.com>
Date: Thu, 19 Dec 2024 10:59:25 +0100
From: Aleksandr Nogikh <nogikh@...gle.com>
To: Matthieu Baerts <matttbe@...nel.org>
Cc: Eric Dumazet <edumazet@...gle.com>, davem@...emloft.net, dsahern@...nel.org, 
	horms@...nel.org, kuba@...nel.org, linux-kernel@...r.kernel.org, 
	martineau@...nel.org, netdev@...r.kernel.org, pabeni@...hat.com, 
	syzbot <syzbot+38a095a81f30d82884c1@...kaller.appspotmail.com>, 
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] general protection fault in put_page (4)

Hi Matthieu,

On Wed, Dec 18, 2024 at 7:06 PM 'Matthieu Baerts' via syzkaller-bugs
<syzkaller-bugs@...glegroups.com> wrote:
>
> Hi Eric,
>
> On 17/12/2024 18:06, Eric Dumazet wrote:
> > On Tue, Dec 17, 2024 at 6:03 PM syzbot
> > <syzbot+38a095a81f30d82884c1@...kaller.appspotmail.com> wrote:
> >>
> >> Hello,
> >>
> >> syzbot found the following issue on:
> >>
> >> HEAD commit:    78d4f34e2115 Linux 6.13-rc3
> >> git tree:       upstream
> >> console+strace: https://syzkaller.appspot.com/x/log.txt?x=16445730580000
> >> kernel config:  https://syzkaller.appspot.com/x/.config?x=6c532525a32eb57d
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=38a095a81f30d82884c1
> >> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> >> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=169b0b44580000
> >> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=13f502df980000
> >>
> >> Downloadable assets:
> >> disk image: https://storage.googleapis.com/syzbot-assets/7129ee07f8aa/disk-78d4f34e.raw.xz
> >> vmlinux: https://storage.googleapis.com/syzbot-assets/c23c0af59a16/vmlinux-78d4f34e.xz
> >> kernel image: https://storage.googleapis.com/syzbot-assets/031aecf04ea7/bzImage-78d4f34e.xz
> >>
> >> The issue was bisected to:
> >>
> >> commit b83fbca1b4c9c45628aa55d582c14825b0e71c2b
> >> Author: Matthieu Baerts (NGI0) <matttbe@...nel.org>
> >> Date:   Mon Sep 2 10:45:53 2024 +0000
> >>
> >>     mptcp: pm: reduce entries iterations on connect
> >>
> >> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=163682df980000
> >> final oops:     https://syzkaller.appspot.com/x/report.txt?x=153682df980000
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=113682df980000
>
> (...)
>
> > I spent some time on this bug before releasing it, because I have
> > other syzbot reports probably
> > caused by the same issue, hinting at shinfo->nr_frags corruption.
> >
> > I will hold these reports to avoid flooding the mailing list.
>
> Thank you for having released this bug report!
>
> The bisected commit looks unrelated. I don't know if we can tell syzbot
> to "skip this commit and try harder".

As of now, it's not yet supported. I've added a +1 mention to the
corresponding syzbot backlog issue:
https://github.com/google/syzkaller/issues/3491

I've also looked at the bisection log of this particular report and
the only suspicious part is that syzbot could have been too eager to
minimize the .config file. A different set of enabled options changed
the cash title from "general protection fault in put_page" to "BUG:
unable to handle kernel NULL pointer dereference in skb_release_data",
but the rest of the bisection log looks reasonable to me.

>
> I'm trying to run a 'git bisect' on my side since this morning: the
> issue seems to be older, between v6.10 and v6.11 if I'm not mistaken.
> When using the same kernel config, I'm getting quite a few issues on
> older commits (compilation, other warnings, etc.), plus the compilation
> is slow on my laptop. I will update you if I can find anything useful.

If you find the proper guilty commit, it would also really help debug
the bot's bisection result.

In case it may help you during the manual bisection, syzbot
cherry-picks this set of fix commits while doing the bisection:
https://github.com/google/syzkaller/blob/master/pkg/vcs/linux_patches.go#L60

-- 
Aleksandr

>
> Cheers,
> Matt
> --
> Sponsored by the NGI0 Core fund.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ