From: Trond Myklebust <trondmy@hammer.space>
To: "bfields@fieldses.org" <bfields@fieldses.org>,
"syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com"
<syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com>
Cc: "syzkaller-bugs@googlegroups.com"
<syzkaller-bugs@googlegroups.com>,
"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"jlayton@kernel.org" <jlayton@kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: general protection fault in encode_rpcb_string
Date: Tue, 17 Apr 2018 21:54:36 +0000 [thread overview]
Message-ID: <1524002074.63751.5.camel@hammer.space> (raw)
In-Reply-To: <20180417213308.GC18217@fieldses.org>
T24gVHVlLCAyMDE4LTA0LTE3IGF0IDE3OjMzIC0wNDAwLCBKLiBCcnVjZSBGaWVsZHMgd3JvdGU6
DQo+IE9uIE1vbiwgQXByIDE2LCAyMDE4IGF0IDA5OjAyOjAxUE0gLTA3MDAsIHN5emJvdCB3cm90
ZToNCj4gPiBzeXpib3QgaGl0IHRoZSBmb2xsb3dpbmcgY3Jhc2ggb24gYnBmLW5leHQgY29tbWl0
DQo+ID4gNWQxMzY1OTQwYTY4ZGQ1N2IwMzFiNmUzYzA3ZDdkNDUxY2Q2OWRhZiAoVGh1IEFwciAx
MiAxODowOTowNSAyMDE4DQo+ID4gKzAwMDApDQo+ID4gTWVyZ2UgZ2l0Oi8vZ2l0Lmtlcm5lbC5v
cmcvcHViL3NjbS9saW51eC9rZXJuZWwvZ2l0L2RhdmVtL25ldA0KPiA+IHN5emJvdCBkYXNoYm9h
cmQgbGluazoNCj4gPiBodHRwczovL3N5emthbGxlci5hcHBzcG90LmNvbS9idWc/ZXh0aWQ9NGI5
ODI4MWYyNDAxYWI4NDlmNGINCj4gPiANCj4gPiBTbyBmYXIgdGhpcyBjcmFzaCBoYXBwZW5lZCAy
IHRpbWVzIG9uIGJwZi1uZXh0Lg0KPiA+IEMgcmVwcm9kdWNlcjogaHR0cHM6Ly9zeXprYWxsZXIu
YXBwc3BvdC5jb20veC9yZXByby5jP2lkPTY0MzM4MzU2MzMNCj4gPiA4Njg4MDANCj4gPiBzeXpr
YWxsZXIgcmVwcm9kdWNlcjoNCj4gPiBodHRwczovL3N5emthbGxlci5hcHBzcG90LmNvbS94L3Jl
cHJvLnN5ej9pZD02NDA3MzExNzk0ODk2ODk2DQo+ID4gUmF3IGNvbnNvbGUgb3V0cHV0Og0KPiA+
IGh0dHBzOi8vc3l6a2FsbGVyLmFwcHNwb3QuY29tL3gvbG9nLnR4dD9pZD01ODYxNTExMTc2MTI2
NDY0DQo+IA0KPiBCYXNlZCBvbiB0aGF0LCBsb29rcyBsaWtlIGl0J3MgYXR0ZW1wdGluZyBhbiBu
ZnMgbW91bnQgd2hpbGUgY2F1c2luZw0KPiBrbWFsbG9jIGZhaWx1cmVzPw0KPiANCj4gUHJvYmFi
bHkgb25lIG9mIHJwY2ItPnJfbmV0aWQsIHJfYWRkciwgb3Igcl9vd25lciB3YXMgYmFkIGluDQo+
IHJwY2JfZW5jX2dldGFkZHIuDQo+IA0KPiBIbSwgYW5kIHByZXZpb3VzIGxvZyBtYWtlcyBpdCBs
b29rIGxpa2UgaXQgd2FzIGFuDQo+IHJwY19zb2NrYWRkcjJ1YWRkcigpDQo+IGluIHJwY2JfZ2V0
cG9ydF9hc3luYygpIHRoYXQgd2FzIG1hZGUgdG8gZmFpbC4gIERvIHdlIG5lZWQgdG8gY2hlY2sN
Cj4gZm9yDQo+IGZhaWx1cmUgb2Y6DQo+IA0KPiAJbWFwLT5yX2FkZHIgPSBycGNfc29ja2FkZHIy
dWFkZHIoc2FwLCBHRlBfQVRPTUlDKTsNCj4gDQo+ID8NCg0KWWVzLCBhbmQgd2UgY2FuIHByb2Jh
Ymx5IGNvbnZlcnQgaXQsIGFuZCB0aGUgb3RoZXIgR0ZQX0FUT01JQw0KYWxsb2NhdGlvbnMgaW4g
dGhlIHJwY2JpbmQgY2xpZW50IHRvIHVzZSBHRlBfTk9GUyBpbiBvcmRlciB0byBpbXByb3ZlDQpy
ZWxpYWJpbGl0eS4NCg0KQ2hlZXJzDQogIFRyb25kDQotLSANClRyb25kIE15a2xlYnVzdA0KTGlu
dXggTkZTIGNsaWVudCBtYWludGFpbmVyLCBIYW1tZXJzcGFjZQ0KdHJvbmQubXlrbGVidXN0QGhh
bW1lci5zcGFjZQ0K
WARNING: multiple messages have this Message-ID (diff)
From: Trond Myklebust <trondmy@hammer.space>
To: "bfields@fieldses.org" <bfields@fieldses.org>,
"syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com"
<syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com>
Cc: "syzkaller-bugs@googlegroups.com"
<syzkaller-bugs@googlegroups.com>,
"anna.schumaker@netapp.com" <anna.schumaker@netapp.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"jlayton@kernel.org" <jlayton@kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: general protection fault in encode_rpcb_string
Date: Tue, 17 Apr 2018 21:54:36 +0000 [thread overview]
Message-ID: <1524002074.63751.5.camel@hammer.space> (raw)
In-Reply-To: <20180417213308.GC18217@fieldses.org>
On Tue, 2018-04-17 at 17:33 -0400, J. Bruce Fields wrote:
> On Mon, Apr 16, 2018 at 09:02:01PM -0700, syzbot wrote:
> > syzbot hit the following crash on bpf-next commit
> > 5d1365940a68dd57b031b6e3c07d7d451cd69daf (Thu Apr 12 18:09:05 2018
> > +0000)
> > Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
> > syzbot dashboard link:
> > https://syzkaller.appspot.com/bug?extid=4b98281f2401ab849f4b
> >
> > So far this crash happened 2 times on bpf-next.
> > C reproducer: https://syzkaller.appspot.com/x/repro.c?id=6433835633
> > 868800
> > syzkaller reproducer:
> > https://syzkaller.appspot.com/x/repro.syz?id=6407311794896896
> > Raw console output:
> > https://syzkaller.appspot.com/x/log.txt?id=5861511176126464
>
> Based on that, looks like it's attempting an nfs mount while causing
> kmalloc failures?
>
> Probably one of rpcb->r_netid, r_addr, or r_owner was bad in
> rpcb_enc_getaddr.
>
> Hm, and previous log makes it look like it was an
> rpc_sockaddr2uaddr()
> in rpcb_getport_async() that was made to fail. Do we need to check
> for
> failure of:
>
> map->r_addr = rpc_sockaddr2uaddr(sap, GFP_ATOMIC);
>
> ?
Yes, and we can probably convert it, and the other GFP_ATOMIC
allocations in the rpcbind client to use GFP_NOFS in order to improve
reliability.
Cheers
Trond
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammer.space
next prev parent reply other threads:[~2018-04-17 21:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-17 4:02 general protection fault in encode_rpcb_string syzbot
2018-04-17 21:33 ` J. Bruce Fields
2018-04-17 21:54 ` Trond Myklebust [this message]
2018-04-17 21:54 ` Trond Myklebust
2018-05-08 16:09 ` [PATCH 1/2] sunrpc: handle ENOMEM in rpcb_getport_async bfields
2018-05-08 16:11 ` general protection fault in encode_rpcb_string bfields
2018-05-08 16:15 ` bfields
2018-05-08 16:34 ` Chuck Lever
2018-05-08 16:34 ` Chuck Lever
2018-05-08 17:44 ` Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1524002074.63751.5.camel@hammer.space \
--to=trondmy@hammer.space \
--cc=anna.schumaker@netapp.com \
--cc=bfields@fieldses.org \
--cc=davem@davemloft.net \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.