Re: [Bug report] kernel panic: System is deadlocked on memory

[yang lan]

Hi,

Thank you for your response.

Running this reproducer on 6.4-rc2, it occurs a segment fault when
executing the 93 lines of code in poc_io_uring_enter.c ( int32_t
sq_ring_entries = *(uint32_t*)(ring_ptr + SQ_RING_ENTRIES_OFFSET); ).
However, it can be reproduced on the latest LTS kernel 5.10.180 and 5.15.112.
I guess it can be triggered on 6.4-rc2 too, by changing some arguments
or addresses of this reproducer?

Some data is in this email attachment. The poc_io_uring_enter.c is
exactly the C reproducer.

Regards,

Yang

Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> 于2023年5月17日周三 20:19写道：
>
> On Wed, May 17, 2023 at 08:02:38PM +0800, yang lan wrote:
> > Hi,
> >
> > We use our modified Syzkaller to fuzz the Linux kernel and found the
> > following issue:
> >
> > Head Commit: f1b32fda06d2cfb8eea9680b0ba7a8b0d5b81eeb
> > Git Tree: stable
> >
> > Console output: https://pastebin.com/raw/Ssz6eVA6
> > Kernel config: https://pastebin.com/raw/BiggLxRg
> > C reproducer: https://pastebin.com/raw/tM1iyfjr
> > Syz reproducer: https://pastebin.com/raw/CEF1R2jg
> >
> > root@syzkaller:~# uname -a
> > Linux syzkaller 5.10.179 #5 SMP PREEMPT Mon May 1 23:59:32 CST 2023
>
> Does this also happen on 6.4-rc2?
>
>
> > x86_64 GNU/Linux
> > root@syzkaller:~# gcc poc_io_uring_enter.c -o poc_io_uring_enter
> > root@syzkaller:~# ./poc_io_uring_enter
> > ...
> > [  244.945440][ T3106]
> > oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=dhclient,pid=4526,uid=0
> > [  244.946537][ T3106] Out of memory: Killed process 4526 (dhclient)
>
> Is this using fault injection, or a normal operation?
>
> thanks,
>
> greg k-h

Attachment: kernel_config
Description: Binary data

Attachment: poc_io_uring_enter.c
Description: Binary data

Attachment: log_kernel5.10.180
Description: Binary data

Attachment: log_kernel5.15.112
Description: Binary data