lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 20 Oct 2017 10:40:38 -0400
From:   Wei Wei <dotweiba@...il.com>
To:     Mark Rutland <mark.rutland@....com>
Cc:     linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org, edumazet@...gle.com, davem@...emloft.net,
        willemb@...gle.com, syzkaller@...glegroups.com
Subject: Re: v4.14-rc3/arm64 DABT exception in atomic_inc() / __skb_clone()

Sadly, the syzkaller characterized it as a non-reproducible bug and there were empty
 repro files. But if manually executing in VM like this “./syz-execprog -executor=
./syz-executor -repeat=0 -procs=16 -cover=0 crash-log”, it crashed when executing exactly 
program 1056 using log0 provided.

I failed to generate the C reproducer with syz-repro as it said “no target compiler”
in the final step. I would appreciate if you could give some hints.

Thanks,
Wei
> On 20 Oct 2017, at 7:14 AM, Mark Rutland <mark.rutland@....com> wrote:
> 
> On Thu, Oct 19, 2017 at 10:16:08PM -0400, Wei Wei wrote:
>> Hi all,
> 
> Hi,
> 
>> I have fuzzed v4.14-rc3 using syzkaller and found a bug similar to that one [1].
>> But the call trace isn’t the same. The atomic_inc() might handle a corrupted 
>> skb_buff.
>> 
>> The logs and config have been uploaded to my github repo [2].
>> 
>> [1] https://lkml.org/lkml/2017/10/2/216
>> [2] https://github.com/dotweiba/skb_clone_atomic_inc_bug
> 
> These do look very similar to what I was hitting; all appear to be
> misaligned atomics in the same path.
> 
> I see that you have some empty repro files in [2]. If you have any
> reproducers, would you mind sharing them?
> 
> If any of those are smaller or more reliable than the one I was able to
> generate [3], it might make it more obvious what's going on, and/or make
> it simpler to come up with a plain C reproducer.
> 
> Thanks,
> Mark.
> 
> [3] https://www.kernel.org/pub/linux/kernel/people/mark/bugs/20171002-skb_clone-misaligned-atomic/syzkaller.repro

Powered by blists - more mailing lists