| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Feb 2018 15:47:13 -0800
From: Eric Biggers <ebiggers3@...il.com>
To: syzbot <syzbot+b8845cd4aa5a5e2c6cdc@...kaller.appspotmail.com>
Cc: akpm@...ux-foundation.org, arnd@...db.de, dave.jiang@...el.com,
gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
linux-usb@...r.kernel.org, mingo@...nel.org,
ross.zwisler@...ux.intel.com, syzkaller-bugs@...glegroups.com,
tglx@...utronix.de, zaitcev@...hat.com
Subject: Re: BUG: Bad page state (3)
On Sun, Dec 31, 2017 at 11:03:01PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 30a7acd573899fd8b8ac39236eff6468b195ac7d
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reproducer is attached
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
>
>
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+b8845cd4aa5a5e2c6cdc@...kaller.appspotmail.com
> It will help syzbot understand when the bug is fixed. See footer for
> details.
> If you forward the report, please keep this part and the footer.
>
> BUG: Bad page state in process syzkaller246299 pfn:1c0c5f
> page:000000004c4544aa count:1 mapcount:1 mapping: (null) index:0x0
> flags: 0x2fffc0000000004(referenced)
> raw: 02fffc0000000004 0000000000000000 0000000000000000 0000000100000000
> raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
> page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
> Modules linked in:
> CPU: 1 PID: 3493 Comm: syzkaller246299 Not tainted 4.15.0-rc6+ #245
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
> __dump_stack lib/dump_stack.c:17 [inline]
> dump_stack+0x194/0x257 lib/dump_stack.c:53
> bad_page+0x230/0x2b0 mm/page_alloc.c:577
> free_pages_check_bad+0x1f0/0x2e0 mm/page_alloc.c:955
> free_pages_check mm/page_alloc.c:964 [inline]
> free_pages_prepare mm/page_alloc.c:1054 [inline]
> free_pcp_prepare mm/page_alloc.c:1079 [inline]
> free_unref_page_prepare mm/page_alloc.c:2622 [inline]
> free_unref_page+0x594/0x9e0 mm/page_alloc.c:2672
> __free_pages+0x107/0x150 mm/page_alloc.c:4297
> free_pages+0x51/0x90 mm/page_alloc.c:4309
> mon_free_buff drivers/usb/mon/mon_bin.c:1331 [inline]
> mon_bin_ioctl+0x653/0xd40 drivers/usb/mon/mon_bin.c:1039
> vfs_ioctl fs/ioctl.c:46 [inline]
> do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
> SYSC_ioctl fs/ioctl.c:701 [inline]
> SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
> entry_SYSCALL_64_fastpath+0x23/0x9a
Crash is no longer occurring, seems to have been fixed by commit 46eb14a6e1585:
#syz fix: USB: fix usbmon BUG trigger
- Eric
Powered by blists - more mailing lists