lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1499940950.5335.24.camel@abdul.in.ibm.com>
Date:   Thu, 13 Jul 2017 15:45:50 +0530
From:   Abdul Haleem <abdhalee@...ux.vnet.ibm.com>
To:     linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>
Cc:     linux-kernel <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        sachinp <sachinp@...ux.vnet.ibm.com>,
        viro <viro@...iv.linux.org.uk>,
        chandan <chandan@...ux.vnet.ibm.com>
Subject: [BUG][cramfs] Kernel Oops while fuzz testing cramfs on mainline
 kernel

Hi,

fsfuzzer triggers kernel Oops on powerpc machine

Machine : Power 8 bare-metal
Kernel :  4.12.0-rc1
gcc : 4.8.5
Test: fsfuzzer (https://github.com/stevegrubb/fsfuzzer) 

Issue is rare to hit, only reproduced once out of 5 retries.

traces:
-------
cramfs: Error -3 while decompressing! 
cramfs: d00000001225c304(3554)->c000000af36f0000(65536)
cramfs: bad compressed blocksize 4294302712
cramfs: bad compressed blocksize 4294302712
cramfs: bad compressed blocksize 4294301340
cramfs: bad compressed blocksize 4294301340
cramfs: bad compressed blocksize 4294243528
cramfs: bad compressed blocksize 4294243528
Unable to handle kernel paging request for data at address
0xd000080000000000
Faulting instruction address: 0xc0000000005ff918
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=2048 
NUMA 
PowerNV
Dumping ftrace buffer: 
   (ftrace buffer empty)
Modules linked in: rcutorture bridge cramfs iptable_mangle torture
ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat
nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT
nf_reject_ipv4 xt_tcpudp tun stp llc kvm_hv kvm iptable_filter
vmx_crypto ipmi_powernv ipmi_devintf powernv_rng ipmi_msghandler
powernv_op_panel leds_powernv led_class rng_core binfmt_misc nfsd
ip_tables x_tables autofs4 [last unloaded: rcutorture]CPU: 59 PID: 25870
Comm: fstest Not tainted 4.12.0-rc1-autotest #1
task: c000000f1b29e100 task.stack: c000000e3fb3c000
NIP: c0000000005ff918 LR: c0000000002d3e90 CTR: c0000000005ff810
REGS: c000000e3fb3fa20 TRAP: 0300   Not tainted  (4.12.0-rc1-autotest)
MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE>
  CR: 22002882  XER: 00000000
CFAR: c0000000005ff8a4 DAR: d000080000000000 DSISR: 40000000 SOFTE: 1
GPR00: c0000000002d3e90 c000000e3fb3fca0 c000000001050300 d000080000000000  
GPR04: 00007fffcd50e180 0000000000000020 c000000e3fb3fe00 0000000000000000 
GPR08: 0000000000000000 c0000000010eaa70 c000000000a30960 c0000000009c0f80 
GPR12: 0000000000000000 c00000000fd54480 0000000010002160 00000000100020d0 
GPR16: 00000000100020d8 00000000100020f8 0000000010002108 0000000010002110 
GPR20: 0000000010002120 0000000010002128 c000000e3fb3fe00 00007fffcd50e180 
GPR24: c0000000010e0580 0000000000000000 0000000000010000 000000000000001f 
GPR28: c000000e3fb3fe00 0000000000000000 00007fffcd50e180 0000000000000000 
NIP [c0000000005ff918] read_port+0x108/0x1e0
LR [c0000000002d3e90] __vfs_read+0x40/0x1b0
Call Trace:
[c000000e3fb3fca0] [00000000100020d8] 0x100020d8 (unreliable)
[c000000e3fb3fd10] [c0000000002d3e90] __vfs_read+0x40/0x1b0
[c000000e3fb3fda0] [c0000000002d57bc] vfs_read+0xac/0x190
[c000000e3fb3fde0] [c0000000002d74c0] SyS_read+0x60/0x110
[c000000e3fb3fe30] [c00000000000b7e0] system_call+0x38/0xfc
Instruction dump:
3bbd0001 419a00b4 e9380070 7fe3fb78 2fa90000 7d2c4b78 409effb0 3d22000a
3929a770 e8690000 7c7f1a14 7c0004ac <8b830000> 0c1c0000 4c00012c
7b9c0620 
---[ end trace 0c40bce9f31b7670 ]---

which maps to:
c0000000005ff918 <read_port+0x108> 00 00 83 8b  lbz     r28,0(r3)  

test logs:
----------
Fuzzing /var/tmp/avocado_fd9HwK/1-fsfuzzer.py_Fsfuzzer.test/src/fsfuzzer-master/fs/cramfs.135.img (679936 bytes can change)...
Testing /var/tmp/avocado_fd9HwK/1-fsfuzzer.py_Fsfuzzer.test/src/fsfuzzer-master/fs/cramfs.135.img...
+++ New Tests...
./run_test: line 155: 25870 Segmentation fault      ./fstest $DIR
 New tests failed aborting

Message from syslogd@ltc at Jul 13 11:16:09 ...
 kernel:Dumping ftrace buffer:

Message from syslogd@ltc at Jul 13 11:16:09 ...
 kernel:   (ftrace buffer empty)


-- 
Regard's

Abdul Haleem
IBM Linux Technology Centre



View attachment "Tul-NV-config" of type "text/plain" (86717 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ