lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Thu, 22 Jun 2017 12:17:41 +0200
From:   Andrey Konovalov <andreyknvl@...gle.com>
To:     "David S. Miller" <davem@...emloft.net>,
        Alexey Kuznetsov <kuznet@....inr.ac.ru>,
        James Morris <jmorris@...ei.org>,
        Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
        Patrick McHardy <kaber@...sh.net>,
        netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Cong Wang <xiyou.wangcong@...il.com>,
        David Ahern <dsa@...ulusnetworks.com>,
        Eric Dumazet <edumazet@...gle.com>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: net/ipv6: warning in __alloc_pages_slowpath/ipip6_tunnel_get_prl

Hi,

I've got the following error report while fuzzing the kernel with syzkaller.

On commit 9705596d08ac87c18aee32cc97f2783b7d14624e (4.12-rc6+).

A reproducer and .config are attached.

------------[ cut here ]------------
WARNING: CPU: 1 PID: 4313 at mm/page_alloc.c:3700
__alloc_pages_slowpath+0x18fd/0x2360
Modules linked in:
CPU: 1 PID: 4313 Comm: a.out Not tainted 4.12.0-rc6+ #11
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88006a8c1600 task.stack: ffff8800640b8000
RIP: 0010:should_compact_retry mm/page_alloc.c:3385
RIP: 0010:__alloc_pages_slowpath+0x18fd/0x2360 mm/page_alloc.c:3866
RSP: 0018:ffff8800640bec48 EFLAGS: 00010246
RAX: 0000000100010fde RBX: 00000000014000c0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000014 RDI: 000000000140c0c0
RBP: ffff8800640bf180 R08: 0000000000000000 R09: fffffffffff00f88
R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff1000c817e38
R13: ffff8800640bf220 R14: ffff8800640bf340 R15: ffff8800640bf2e0
FS:  00007facb1334700(0000) GS:ffff88006cb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020781000 CR3: 0000000065757000 CR4: 00000000000006e0
Call Trace:
 __alloc_pages_nodemask+0x914/0xc80 mm/page_alloc.c:4039
 alloc_pages_current+0x1cc/0x6b0 mm/mempolicy.c:2065
 alloc_pages ./include/linux/gfp.h:478
 kmalloc_order+0x24/0x70 mm/slab_common.c:1114
 kmalloc_order_trace+0x24/0x160 mm/slab_common.c:1125
 kmalloc_large ./include/linux/slab.h:424
 __kmalloc+0x215/0x2d0 mm/slub.c:3734
 kmalloc_array ./include/linux/slab.h:611
 kcalloc ./include/linux/slab.h:622
 ipip6_tunnel_get_prl net/ipv6/sit.c:308
 ipip6_tunnel_ioctl+0xed1/0x2070 net/ipv6/sit.c:1263
 dev_ifsioc+0x544/0x9f0 net/core/dev_ioctl.c:338
 dev_ioctl+0xc41/0x1160 net/core/dev_ioctl.c:555
 sock_ioctl+0x16e/0x440 net/socket.c:944
 vfs_ioctl fs/ioctl.c:45
 do_vfs_ioctl+0x1c4/0x1660 fs/ioctl.c:685
 SYSC_ioctl fs/ioctl.c:700
 SyS_ioctl+0x94/0xc0 fs/ioctl.c:691
 entry_SYSCALL_64_fastpath+0x1f/0xbe arch/x86/entry/entry_64.S:203
RIP: 0033:0x7facb0a46b79
RSP: 002b:00007ffeb5763068 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffeb5763170 RCX: 00007facb0a46b79
RDX: 0000000020781000 RSI: 00000000000089f4 RDI: 0000000000000004
RBP: 00000000004004e0 R08: 0003000000000019 R09: 0000000000000000
R10: 00e315ffffff0300 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffeb5763170 R14: 0000000000000000 R15: 0000000000000000
Code: ff ff 39 d8 0f 8f b4 01 00 00 8b 85 d8 fa ff ff c7 85 98 fb ff
ff 01 00 00 00 41 bd 01 00 00 00 89 85 a0 fb ff ff e9 2d fc ff ff <0f>
ff e9 ca e8 ff ff 0f ff 89 d8 c7 85 ec fa ff ff 00 00 00 00
---[ end trace edcb5387b3d4d646 ]---

View attachment "ipip6_tunnel_get_prl-warn-poc.c" of type "text/x-csrc" (1708 bytes)

Download attachment ".config" of type "application/octet-stream" (129458 bytes)

Powered by blists - more mailing lists