lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 06 Jul 2018 03:02:02 -0700
From:   syzbot <syzbot+0ce137753c78f7b6acc1@...kaller.appspotmail.com>
To:     ast@...nel.org, daniel@...earbox.net, dvyukov@...gle.com,
        john.fastabend@...il.com, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: general protection fault in bpf_tcp_close

syzbot has found a reproducer for the following crash on:

HEAD commit:    6fcf9b1d4d6c r8169: fix runtime suspend
git tree:       bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1600b10c400000
kernel config:  https://syzkaller.appspot.com/x/.config?x=d264f2b04177ca7c
dashboard link: https://syzkaller.appspot.com/bug?extid=0ce137753c78f7b6acc1
compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=15ba0a1c400000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=100c8170400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+0ce137753c78f7b6acc1@...kaller.appspotmail.com

IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
8021q: adding VLAN 0 to HW filter on device team0
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
CPU: 1 PID: 4705 Comm: syz-executor133 Not tainted 4.18.0-rc3+ #47
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
RIP: 0010:bpf_tcp_close+0x215/0x1050 kernel/bpf/sockmap.c:327
Code:
------------[ cut here ]------------
Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected  
to SLAB object 'TCPv6' (offset 704, size 64)!
WARNING: CPU: 1 PID: 4705 at mm/usercopy.c:81 usercopy_warn+0xf5/0x120  
mm/usercopy.c:76
Kernel panic - not syncing: panic_on_warn set ...

Dumping ftrace buffer:
    (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ