lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Oct 2017 10:40:38 -0400 From: Wei Wei <dotweiba@...il.com> To: Mark Rutland <mark.rutland@....com> Cc: linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, edumazet@...gle.com, davem@...emloft.net, willemb@...gle.com, syzkaller@...glegroups.com Subject: Re: v4.14-rc3/arm64 DABT exception in atomic_inc() / __skb_clone() Sadly, the syzkaller characterized it as a non-reproducible bug and there were empty repro files. But if manually executing in VM like this “./syz-execprog -executor= ./syz-executor -repeat=0 -procs=16 -cover=0 crash-log”, it crashed when executing exactly program 1056 using log0 provided. I failed to generate the C reproducer with syz-repro as it said “no target compiler” in the final step. I would appreciate if you could give some hints. Thanks, Wei > On 20 Oct 2017, at 7:14 AM, Mark Rutland <mark.rutland@....com> wrote: > > On Thu, Oct 19, 2017 at 10:16:08PM -0400, Wei Wei wrote: >> Hi all, > > Hi, > >> I have fuzzed v4.14-rc3 using syzkaller and found a bug similar to that one [1]. >> But the call trace isn’t the same. The atomic_inc() might handle a corrupted >> skb_buff. >> >> The logs and config have been uploaded to my github repo [2]. >> >> [1] https://lkml.org/lkml/2017/10/2/216 >> [2] https://github.com/dotweiba/skb_clone_atomic_inc_bug > > These do look very similar to what I was hitting; all appear to be > misaligned atomics in the same path. > > I see that you have some empty repro files in [2]. If you have any > reproducers, would you mind sharing them? > > If any of those are smaller or more reliable than the one I was able to > generate [3], it might make it more obvious what's going on, and/or make > it simpler to come up with a plain C reproducer. > > Thanks, > Mark. > > [3] https://www.kernel.org/pub/linux/kernel/people/mark/bugs/20171002-skb_clone-misaligned-atomic/syzkaller.repro
Powered by blists - more mailing lists