On Thu, Apr 19, 2018 at 2:55 PM, Willem de Bruijn
wrote:
> On Thu, Apr 19, 2018 at 2:32 AM, DaeRyong Jeong wrote:
>> Hello.
>> We have analyzed the cause of the crash in v4.16-rc3, WARNING in
>> refcount_dec,
>> which is found by RaceFuzzer (a modified version of Syz
On Thu, Apr 19, 2018 at 2:32 AM, DaeRyong Jeong wrote:
> Hello.
> We have analyzed the cause of the crash in v4.16-rc3, WARNING in refcount_dec,
> which is found by RaceFuzzer (a modified version of Syzkaller).
>
> Since struct packet_sock's member variables, running, has_vne
Hello.
We have analyzed the cause of the crash in v4.16-rc3, WARNING in refcount_dec,
which is found by RaceFuzzer (a modified version of Syzkaller).
Since struct packet_sock's member variables, running, has_vnet_hdr, origdev
and auxdata are declared as bitfields, accessing these variable
No. Only the first crash (WARNING in refcount_dec) is reproduced by
the attached reproducer.
The second crash (kernel bug at af_packet.c:3107) is reproduced by
another reproducer.
We reported it here.
http://lkml.iu.edu/hypermail/linux/kernel/1803.3/05324.html
On Sun, Apr 1, 2018 at 4:38 PM
e8
>> 43 b3 c0 fd <0f> 0b e8 3c b3 c0 fd 48 8b bd 20 ff ff ff e8 60 1e e7 fd
>> 4c 89
>> [ 357.792260] RIP: packet_do_bind+0x88d/0x950 RSP: 8800b2787b08
>> [ 357.793698] ---[ end trace 0c5a2539f0247369 ]---
>> [ 357.794696] Kernel panic - not syncing: Fatal
c b3 c0 fd 48 8b bd 20 ff ff ff e8 60 1e e7 fd
> 4c 89
> [ 357.792260] RIP: packet_do_bind+0x88d/0x950 RSP: 8800b2787b08
> [ 357.793698] ---[ end trace 0c5a2539f0247369 ]---
> [ 357.794696] Kernel panic - not syncing: Fatal exception
> [ 357.795918] Kernel Offset: disabled
&
trace 0c5a2539f0247369 ]---
[ 357.794696] Kernel panic - not syncing: Fatal exception
[ 357.795918] Kernel Offset: disabled
[ 357.796614] Rebooting in 86400 seconds..
On Wed, Mar 28, 2018 at 1:19 AM, Byoungyoung Lee wrote:
> We report the crash: WARNING in refcount_dec
>
> This crash ha
We report the crash: WARNING in refcount_dec
This crash has been found in v4.16-rc3 using RaceFuzzer (a modified
version of Syzkaller), which we describe more at the end of this
report. Our analysis shows that the race occurs when invoking two
syscalls concurrently, (setsockopt$packet_int) and
8 matches
Mail list logo