On Fri, Jun 30, 2023 at 1:11 PM Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > > On 2023/06/30 19:18, Ard Biesheuvel wrote: > > On Fri, 30 Jun 2023 at 12:11, Alexander Potapenko <glider@xxxxxxxxxx> wrote: > >> > >> On Fri, Jun 30, 2023 at 12:02 PM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > >>> > >>> On Fri, 30 Jun 2023 at 11:53, Tetsuo Handa > >>> <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > >>>> > >>>> On 2023/06/30 18:36, Ard Biesheuvel wrote: > >>>>> Why are you sending this now? > >>>> > >>>> Just because this is currently top crasher and I can reproduce locally. > >>>> > >>>>> Do you have a reproducer for this issue? > >>>> > >>>> Yes. https://syzkaller.appspot.com/text?tag=ReproC&x=12931621900000 works. > >>>> > >>> > >>> Could you please share your kernel config and the resulting kernel log > >>> when running the reproducer? I'll try to reproduce locally as well, > >>> and see if I can figure out what is going on in the crypto layer > >> > >> The config together with the repro is available at > >> https://syzkaller.appspot.com/bug?extid=828dfc12440b4f6f305d, see the > >> latest row of the "Crashes" table that contains a C repro. > > Kernel is commit e6bc8833d80f of https://github.com/google/kmsan/commits/master . > Config is available in the dashboard page, but a smaller one is available at > https://I-love.SAKURA.ne.jp/tmp/config-6.4.0-rc7-kmsan . > > I'm using a debug printk() patch shown below. > Please note that your patch is not correct, unless I am missing something. sk_page_frag() will use a per-thread frag allocator (current->task_frag), which might be fed with pages allocated from other sockets (standard TCP ones), without __GFP_ZERO. If we must (and I am not saying we should) take this route, we also need to force "sk->sk_use_task_frag = false" for TLS sockets.
