| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00000000000074e86d05746e77cc@google.com>
Date: Mon, 27 Aug 2018 10:58:02 -0700
From: syzbot <syzbot+903cdd6bce9a6eb832a4@...kaller.appspotmail.com>
To: ak@...ux.intel.com, dvyukov@...gle.com, ebiggers@...gle.com,
hpa@...or.com, jgross@...e.com, keescook@...omium.org,
linux-kernel@...r.kernel.org, luto@...nel.org,
megha.dey@...ux.intel.com, mingo@...hat.com,
syzkaller-bugs@...glegroups.com, tglx@...utronix.de, x86@...nel.org
Subject: Re: WARNING: kernel stack frame pointer has bad value (2)
syzbot has found a reproducer for the following crash on:
HEAD commit: 2ad0d5269970 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14f7f36a400000
kernel config: https://syzkaller.appspot.com/x/.config?x=79e695838ce7a210
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13c5a07a400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb832a4@...kaller.appspotmail.com
0000000077534c7d: ffff8801d3be2188 (0xffff8801d3be2188)
00000000d99670e0: ffff8801cf5dbdf0 (0xffff8801cf5dbdf0)
0000000092c01301: ffff8801cf5dbd10 (0xffff8801cf5dbd10)
0000000039ac4013: ffffffff86c00d4a (do_softirq_own_stack+0x2a/0x40)
00000000f205f6c7: ffff8801cf5dbd10 (0xffff8801cf5dbd10)
WARNING: kernel stack frame pointer at 0000000092c01301 in
syz-executor0:4993 has bad value 0000000097e4bf07
==================================================================
BUG: KASAN: stack-out-of-bounds in schedule_debug kernel/sched/core.c:3283
[inline]
BUG: KASAN: stack-out-of-bounds in __schedule+0x1a18/0x1ec0
kernel/sched/core.c:3393
Read of size 8 at addr ffff8801cf630000 by task syz-executor0/4993
CPU: 1 PID: 4993 Comm: syz-executor0 Not tainted 4.18.0+ #190
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
The buggy address belongs to the page:
page:ffffea00073d8c00 count:1 mapcount:-512 mapping:0000000000000000
index:0x0
flags: 0x2fffc0000000000()
raw: 02fffc0000000000 dead000000000100 dead000000000200 0000000000000000
raw: 0000000000000000 0000000000000000 00000001fffffdff ffff8801aee52b80
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff8801aee52b80
Memory state around the buggy address:
ffff8801cf62ff00: f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00
ffff8801cf62ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffff8801cf630000: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2
^
ffff8801cf630080: f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
ffff8801cf630100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
==================================================================
Powered by blists - more mailing lists