Hello, On Sat 21-11-15 14:24:45, Dmitry Vyukov wrote: > On commit 8005c49d9aea74d382f474ce11afbbc7d7130bec (Nov 15). > > The program is: > > // autogenerated by syzkaller (http://github.com/google/syzkaller) > #include <syscall.h> > #include <string.h> > #include <stdint.h> > > int main() > { > long r0 = syscall(SYS_socket, 0x10ul, 0x2ul, 0x0ul, 0, 0, 0); > long r1 = syscall(SYS_mmap, 0x20000000ul, 0x1000ul, 0x3ul, > 0x32ul, 0xfffffffffffffffful, 0x0ul); > long r2 = syscall(SYS_mmap, 0x20001000ul, 0x1000ul, 0x3ul, > 0x32ul, 0xfffffffffffffffful, 0x0ul); > *(uint64_t*)0x2000153f = 0x20001f99; > *(uint64_t*)0x20001547 = 0x67; > *(uint64_t*)0x2000154f = 0x20001fa5; > *(uint64_t*)0x20001557 = 0x5b; > *(uint64_t*)0x2000155f = 0x20001000; > *(uint64_t*)0x20001567 = 0x6; > long r9 = syscall(SYS_readv, r0, 0x2000153ful, 0x3ul, 0, 0, 0); > long r10 = syscall(SYS_mmap, 0x20002000ul, 0x1000ul, 0x3ul, > 0x32ul, 0xfffffffffffffffful, 0x0ul); > memcpy((void*)0x20002000, "\x65\x74\x68\x31\x00", 5); > long r12 = syscall(SYS_memfd_create, 0x20002000ul, 0x1ul, 0, 0, 0, 0); > long r13 = syscall(SYS_fallocate, r12, 0x0ul, 0x5616e07ul, 0x1ul, 0, 0); > memcpy((void*)0x20000da2, > "\x02\xbe\x98\x59\x88\xb1\x7b\xfd\xe6\x27\x95\xdc\x18\x4e\x04\x87\x28\x1a\xd0\x30\x52\xcd\xa5\xee\x09\x7f\xfa\x7a\x9b\x72\x17\xfa\x2a\xa1\xe1\x60\x09\xbb\xaf\xdd\x0b\x5c\xa8\x18\x81\x4b\x6d\x42\x11\x20\x4a\xd7\x9e\x86\x8b\x63\xd2\x36\xbf\x5f\xb0\x36\x13\x82\x79\xc8\x31\x3b\x3b\x1e", > 70); > memcpy((void*)0x200008b7, > "\x0a\x00\x33\xe8\x3d\xe7\x4a\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xbf\xce\xa1\x60", > 28); > long r16 = syscall(SYS_sendto, r0, 0x20000da2ul, 0x46ul, > 0x8000ul, 0x200008b7ul, 0x1cul); > long r17 = syscall(SYS_sendfile, r0, r12, 0x20000000ul, > 0x4785d2c1ul, 0, 0); > return 0; > } > > > It hangs in unkillable state. It is probably similar issue to the > other reported issues related to sendfile: > https://groups.google.com/forum/#!topic/syzkaller/zfuHHRXL7Zg > https://groups.google.com/forum/#!topic/syzkaller/sjA9DrBQviw For me this hangs interruptibly in readv(2), when I remove that call, it finishes under a second so I cannot easily test the problem gets fixed by my patch as well (although AFAIU what the test does it should). Can you please test the patch in your setup? I'll send it shortly. > However this one also blankets dmesg with zillions of: > > [ 1682.801412] SELinux: unrecognized netlink message: protocol=0 > nlmsg_type=0 sclass=netlink_route_socket > [ 1682.803565] SELinux: unrecognized netlink message: protocol=0 > nlmsg_type=0 sclass=netlink_route_socket > [ 1682.804991] SELinux: unrecognized netlink message: protocol=0 > nlmsg_type=0 sclass=netlink_route_socket > > The program should be killable. I don't have SELinux configured so that may be what's making a difference. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
