Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Oct 2016 10:07:08 -0400 (EDT)
From: CAI Qian <>
Subject: CVE request: kernel - local DoS due to a page lock order bug in the
 XFS seek hole/data implementation

Running the trinity syscall fuzzer inside a docker container as an non-privileged user below,

$ trinity -g vfs --arch 64 --disable-fds=sockets --disable-fds=perf --disable-fds=epoll
--disable-fds=eventfd --disable-fds=pseudo --disable-fds=timerfd --disable-fds=memfd

always trigger a deadlock/hang at the fdatasync() syscall within 30 minutes with traces
(including sysrq-w info as well) like this,

This can be reproduced on any kernel post v4.4-rc1 as long as including this commit.

xfs: optimise away log forces on timestamp updates for fdatasync

Reverted the above commit against the latest mainline allows the trinity to run more than
10 hours without any deadlock/hang.

This had also been reported to the XFS maintainer and diagnosed as a page lock order bug
in the XFS seek hole/data implementation and presumably is still working on a fix better
than to revert the above commit.

   CAI Qian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.