| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jun 2018 09:32:39 +0200
From: Dmitry Vyukov <dvyukov@...gle.com>
To: air icy <icytxw@...il.com>
Cc: David Miller <davem@...emloft.net>,
Alexey Kuznetsov <kuznet@....inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>,
netdev <netdev@...r.kernel.org>,
syzkaller <syzkaller@...glegroups.com>
Subject: Re: BUG: KASAN: stack-out-of-bounds in ipv6_addr_equal include/net/ipv6.h
On Fri, Jun 15, 2018 at 8:33 AM, air icy <icytxw@...il.com> wrote:
>
> Hi,
> I found a kernel bug with enchanced syzkaller in the newest linux kernel v4.17.
> The output is as follows:
>
> ==================================================================
> BUG: KASAN: stack-out-of-bounds in ipv6_addr_equal include/net/ipv6.h:508 [inline]
> BUG: KASAN: stack-out-of-bounds in __xfrm6_state_addr_check include/net/xfrm.h:1358 [inline]
> BUG: KASAN: stack-out-of-bounds in xfrm_state_addr_check include/net/xfrm.h:1375 [inline]
> BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x2693/0x2740 net/xfrm/xfrm_state.c:959
> Read of size 4 at addr ffff880065d77b70 by task syz-executor1/10036
This may be related to "KMSAN: uninit-value in xfrm_state_find":
https://groups.google.com/d/msg/syzkaller-bugs/myqLUHNGRRc/Zb3SlyJZBwAJ
> CPU: 0 PID: 10036 Comm: syz-executor1 Not tainted 4.17.0 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
> Call Trace:
>
> The buggy address belongs to the page:
> page:ffffea0001975dc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
> flags: 0x100000000000000()
> raw: 0100000000000000 0000000000000000 ffffea0001975dc8 0000000000000000
> raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
> page dumped because: kasan: bad access detected
>
> Memory state around the buggy address:
> ffff880065d77a00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4 f2
> ffff880065d77a80: f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00
> >ffff880065d77b00: f4 f4 f4 f2 f2 f2 f2 00 00 00 00 00 00 00 f4 f2
> ^
> ffff880065d77b80: f2 f2 f2 00 00 00 00 00 00 00 00 00 f4 f4 f4 f3
> ffff880065d77c00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00
> ==================================================================
> Kernel panic - not syncing: panic_on_warn set ...
>
> CPU: 0 PID: 10036 Comm: syz-executor1 Tainted: G B 4.17.0 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
> Call Trace:
> Dumping ftrace buffer:
> (ftrace buffer empty)
> Kernel Offset: disabled
> Rebooting in 86400 seconds..
>
> bugzilla url: https://bugzilla.kernel.org/show_bug.cgi?id=200065
> config file is attached in this email
>
> thanks
> Xuwen Tu
>
> log2
>
> report2
>
> .config
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@...glegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Powered by blists - more mailing lists