lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Aug 2018 10:58:02 -0700
From:   syzbot <syzbot+903cdd6bce9a6eb832a4@...kaller.appspotmail.com>
To:     ak@...ux.intel.com, dvyukov@...gle.com, ebiggers@...gle.com,
        hpa@...or.com, jgross@...e.com, keescook@...omium.org,
        linux-kernel@...r.kernel.org, luto@...nel.org,
        megha.dey@...ux.intel.com, mingo@...hat.com,
        syzkaller-bugs@...glegroups.com, tglx@...utronix.de, x86@...nel.org
Subject: Re: WARNING: kernel stack frame pointer has bad value (2)

syzbot has found a reproducer for the following crash on:

HEAD commit:    2ad0d5269970 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree:       net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=14f7f36a400000
kernel config:  https://syzkaller.appspot.com/x/.config?x=79e695838ce7a210
dashboard link: https://syzkaller.appspot.com/bug?extid=903cdd6bce9a6eb832a4
compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13c5a07a400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+903cdd6bce9a6eb832a4@...kaller.appspotmail.com

0000000077534c7d: ffff8801d3be2188 (0xffff8801d3be2188)
00000000d99670e0: ffff8801cf5dbdf0 (0xffff8801cf5dbdf0)
0000000092c01301: ffff8801cf5dbd10 (0xffff8801cf5dbd10)
0000000039ac4013: ffffffff86c00d4a (do_softirq_own_stack+0x2a/0x40)
00000000f205f6c7: ffff8801cf5dbd10 (0xffff8801cf5dbd10)
WARNING: kernel stack frame pointer at 0000000092c01301 in  
syz-executor0:4993 has bad value 0000000097e4bf07
==================================================================
BUG: KASAN: stack-out-of-bounds in schedule_debug kernel/sched/core.c:3283  
[inline]
BUG: KASAN: stack-out-of-bounds in __schedule+0x1a18/0x1ec0  
kernel/sched/core.c:3393
Read of size 8 at addr ffff8801cf630000 by task syz-executor0/4993

CPU: 1 PID: 4993 Comm: syz-executor0 Not tainted 4.18.0+ #190
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:

The buggy address belongs to the page:
page:ffffea00073d8c00 count:1 mapcount:-512 mapping:0000000000000000  
index:0x0
flags: 0x2fffc0000000000()
raw: 02fffc0000000000 dead000000000100 dead000000000200 0000000000000000
raw: 0000000000000000 0000000000000000 00000001fffffdff ffff8801aee52b80
page dumped because: kasan: bad access detected
page->mem_cgroup:ffff8801aee52b80

Memory state around the buggy address:
  ffff8801cf62ff00: f2 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00
  ffff8801cf62ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> ffff8801cf630000: f1 f1 f1 f1 00 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2
                    ^
  ffff8801cf630080: f2 f2 f2 f2 00 f2 f2 f2 00 00 00 00 00 00 00 00
  ffff8801cf630100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
==================================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ