From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B25E2C433F5 for ; Sun, 24 Oct 2021 05:25:35 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id D548760D43 for ; Sun, 24 Oct 2021 05:25:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org D548760D43 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=sina.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 069966B006C; Sun, 24 Oct 2021 01:25:34 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 018AD6B0071; Sun, 24 Oct 2021 01:25:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E2323940007; Sun, 24 Oct 2021 01:25:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0043.hostedemail.com [216.40.44.43]) by kanga.kvack.org (Postfix) with ESMTP id D3F7B6B006C for ; Sun, 24 Oct 2021 01:25:33 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 8989431E6D for ; Sun, 24 Oct 2021 05:25:33 +0000 (UTC) X-FDA: 78730193346.02.91B5058 Received: from r3-22.sinamail.sina.com.cn (r3-22.sinamail.sina.com.cn [202.108.3.22]) by imf22.hostedemail.com (Postfix) with SMTP id 298151900 for ; Sun, 24 Oct 2021 05:25:28 +0000 (UTC) Received: from unknown (HELO localhost.localdomain)([123.123.28.185]) by sina.com (172.16.97.32) with ESMTP id 6174EE420000289D; Sun, 24 Oct 2021 13:25:24 +0800 (CST) X-Sender: hdanton@sina.com X-Auth-ID: hdanton@sina.com X-SMAIL-MID: 838878628868 From: Hillf Danton To: Dmitry Vyukov Cc: syzbot , LKML , linux-mm@kvack.org, syzkaller-bugs Subject: Re: general protection fault in mm_update_next_owner Date: Sun, 24 Oct 2021 13:25:14 +0800 Message-Id: <20211024052514.1236-1-hdanton@sina.com> In-Reply-To: References: <000000000000c0d84e058ad677aa@google.com> <87ftoh6si4.fsf@xmission.com> MIME-Version: 1.0 X-Stat-Signature: h115jzth1k7154rhowx9h85u6pzww1cn X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 298151900 Authentication-Results: imf22.hostedemail.com; dkim=none; dmarc=none; spf=pass (imf22.hostedemail.com: domain of hdanton@sina.com designates 202.108.3.22 as permitted sender) smtp.mailfrom=hdanton@sina.com X-HE-Tag: 1635053128-13137 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, 11 Jun 2019 09:00:09 +0200 Dmitry Vyukov wrote: >On Mon, Jun 10, 2019 at 11:27 PM Eric W. Biederman wrote: >> >> syzbot writes: >> >> > syzbot has bisected this bug to: >> > >> > commit e9db4ef6bf4ca9894bb324c76e01b8f1a16b2650 >> > Author: John Fastabend >> > Date: Sat Jun 30 13:17:47 2018 +0000 >> > >> > bpf: sockhash fix omitted bucket lock in sock_close >> > >> > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=3D15e97= 8e1a00000 >> > start commit: 38e406f6 Merge git://git.kernel.org/pub/scm/linux/ke= rnel/g.. >> > git tree: net >> > final crash: https://syzkaller.appspot.com/x/report.txt?x=3D17e97= 8e1a00000 >> > console output: https://syzkaller.appspot.com/x/log.txt?x=3D13e978e1= a00000 >> > kernel config: https://syzkaller.appspot.com/x/.config?x=3D60564cb5= 2ab29d5b >> > dashboard link: https://syzkaller.appspot.com/bug?extid=3Df625baafb9= a1c4bfc3f6 >> > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=3D1193d8= 1ea00000 >> > >> > Reported-by: syzbot+f625baafb9a1c4bfc3f6@syzkaller.appspotmail.com >> > Fixes: e9db4ef6bf4c ("bpf: sockhash fix omitted bucket lock in sock_= close") >> > >> > For information about bisection process see: https://goo.gl/tpsmEJ#b= isection >> >> How is mm_update_next_owner connected to bpf? > > >There seems to be a nasty bug in bpf that causes assorted crashes >throughout the kernel for some time. I've seen a bunch of reproducers >that do something with bpf and then cause a random crash. The more >unpleasant ones are the bugs without reproducers, because for these we >don't have a way to link them back to the bpf bug but they are still >hanging there without good explanation, e.g. maybe a part of one-off >crashes in moderation: >https://syzkaller.appspot.com/upstream#moderation2 > >Such bugs are nice to fix asap to not produce more and more random >crash reports. > >Hillf, did you understand the mechanics of this bug and memory >corruption? A good question is why this was unnoticed by KASAN. If we >could make it catch it at the point of occurrence, then it would be a >single bug report clearly attributed to bpf rather then dozens of >assorted crashes. Sorry for reading this message at lore today and late reply because it did not land in my inbox in Jun 2019. A couple of days ago, I saw an offline linux-4.18 page fault Oops report that could trigger the check for X86_PF_USER and X86_PF_INSTR added in 03c81ea33316 ("x86/fault: Improve kernel-executing-user-memory handling= ")=20 and given the reported CPU is Intel Atom, any light on how to reproduce it is highly appreciated. Hillf