From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FD5DC3F2CE for ; Fri, 28 Feb 2020 00:14:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 05467246A6 for ; Fri, 28 Feb 2020 00:14:31 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore-com.20150623.gappssmtp.com header.i=@paul-moore-com.20150623.gappssmtp.com header.b="Cetq1zeY" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730163AbgB1AOa (ORCPT ); Thu, 27 Feb 2020 19:14:30 -0500 Received: from mail-ed1-f68.google.com ([209.85.208.68]:43555 "EHLO mail-ed1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729876AbgB1AO3 (ORCPT ); Thu, 27 Feb 2020 19:14:29 -0500 Received: by mail-ed1-f68.google.com with SMTP id dc19so1199950edb.10 for ; Thu, 27 Feb 2020 16:14:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1ib8VWwHjJvggYN18BEOwzhOZqnlM4YEYxegYLVlKSo=; b=Cetq1zeYMvA3/xQUwFFjv1v7a1bjQAjSwdUaiPi9JjojBXivvTLHJkO6+ll4GT8Ghc m4/MgSddbFsriGMMZ+avMc7K0HlBlyJU+uKEFXcLh6wkVNKc+wbLmWlfpl8+R5NF3I8M takyOyT3ZosZd4ERE+TMDmzCgp5XOHnLqRZPkuRa6Pmf4jg/17k5EkKPa53ec1Z9UWcI w3lbneT1IyeYjJRqrnUip3m4xn7zIumvSMkIoi6SMw1LXOXXpvjBxB3gemdqq80RmB7L jSvf/J/cTa1+8ehW41M0doB+D6RKJNZjebMAQCJqk5m8s9qW+Db1BQyqzuC/mMBPky46 MgDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1ib8VWwHjJvggYN18BEOwzhOZqnlM4YEYxegYLVlKSo=; b=oGW+r7RFUwmUVUYqji1cy3WVTwkj8rNGlHh7LdxYXHvRE5Joy0bSalE14W6A7P9Y3p iblAaJFq7KiC9ygJCGWZ4D2woRs+JgDoGnSfUzslZ9qwrq6EsIi7LGn7g5/KznNoH8mM R2JVKZu3kTVep0X3Po0CB/EoKG3JnIu2U2q1Fzli8Z2pHU8+rjhhCnBVvaa1wYFE6Hii Q0NI106xocSUFaFCfAoN39YTZV9Kvk4pkhnQo6yWRn0U6K4v6ik/zK1u+QzE6eSoCHEp 1bxb2iGvPlBcstB5aTTHjI/J/SBJHHpwkS9cVJHTFb9QakHHhvGwQ/pdVzG3NbPt4/by faLg== X-Gm-Message-State: APjAAAXUX2d4NSjjcxwDavCVHenCIixYvFdZSUMVVX0ga7L6k+ukwcB7 Iv32SAJIyLclmU+a01EJ3ldByUl8Kzcyi+7iT0r2 X-Google-Smtp-Source: APXvYqzIh7t+mGR5KHWmesjgjSlqpj0MLXTGXcf7rY8aVOBQpqG6xj9+VllvTVXsLbvgWVt9QS8HOh37KIMIXqFAaUs= X-Received: by 2002:a50:a7a5:: with SMTP id i34mr1145928edc.128.1582848866078; Thu, 27 Feb 2020 16:14:26 -0800 (PST) MIME-Version: 1.0 References: <0000000000003cbb40059f4e0346@google.com> <17916d0509978e14d9a5e9eb52d760fa57460542.camel@redhat.com> In-Reply-To: From: Paul Moore Date: Thu, 27 Feb 2020 19:14:15 -0500 Message-ID: Subject: Re: kernel panic: audit: backlog limit exceeded To: Dmitry Vyukov Cc: Tetsuo Handa , Eric Paris , syzbot , a@unstable.cc, b.a.t.m.a.n@lists.open-mesh.org, Dan Carpenter , David Miller , fzago@cray.com, Greg Kroah-Hartman , john.hammond@intel.com, linux-audit@redhat.com, LKML , mareklindner@neomailbox.ch, netdev , sw@simonwunderlich.de, syzkaller-bugs , syzkaller Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 27, 2020 at 10:40 AM Dmitry Vyukov wrote: > On Mon, Feb 24, 2020 at 11:47 PM Paul Moore wrote: > > On Mon, Feb 24, 2020 at 5:43 PM Eric Paris wrote: > > > https://syzkaller.appspot.com/x/repro.syz?x=151b1109e00000 (the > > > reproducer listed) looks like it is literally fuzzing the AUDIT_SET. > > > Which seems like this is working as designed if it is setting the > > > failure mode to 2. > > > > So it is, good catch :) I saw the panic and instinctively chalked > > that up to a mistaken config, not expecting that it was what was being > > tested. > > Yes, this audit failure mode is quite unpleasant for fuzzing. And > since this is not a top-level syscall argument value, it's effectively > impossible to filter out in the fuzzer. Maybe another use case for the > "fuzer lockdown" feature +Tetsuo proposed. > With the current state of the things, I think we only have an option > to disable fuzzing of audit. Which is pity because it has found 5 or > so real bugs in audit too. > But this happened anyway because audit is only reachable from init pid > namespace and syzkaller always unshares pid namespace for sandboxing > reasons, that was removed accidentally and that's how it managed to > find the bugs. But the unshare is restored now: > https://github.com/google/syzkaller/commit/5e0e1d1450d7c3497338082fc28912fdd7f93a3c > > As a side effect all other real bugs in audit will be auto-obsoleted > in future if not fixed because they will stop happening. On the plus side, I did submit fixes for the other real audit bugs that syzbot found recently and Linus pulled them into the tree today so at least we have that small victory. We could consider adding a fuzz-friendly build time config which would disable the panic failsafe, but it probably isn't worth it at the moment considering the syzbot's pid namespace limitations. -- paul moore www.paul-moore.com