lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 10 Jan 2019 21:35:10 +0000
From:   Esme <esploit@...tonmail.ch>
To:     Qian Cai <cai@....pw>
Cc:     James Bottomley <jejb@...ux.ibm.com>,
        "dgilbert@...erlog.com" <dgilbert@...erlog.com>,
        "martin.petersen@...cle.com" <martin.petersen@...cle.com>,
        "linux-scsi@...r.kernel.org" <linux-scsi@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-mm@...ck.org" <linux-mm@...ck.org>
Subject: Re: PROBLEM: syzkaller found / pool corruption-overwrite / page in user-area or NULL

The repro.report is from a different test system, I pulled the attached config from proc (attached);

Excerpted relevant PAGE options

# CONFIG_PAGE_TABLE_ISOLATION is not set
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
# CONFIG_PAGE_OWNER is not set
CONFIG_PAGE_EXTENSION=y
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_PAGE_POISONING=y
CONFIG_PAGE_POISONING_NO_SANITY=y
# CONFIG_PAGE_POISONING_ZERO is not set
# CONFIG_DEBUG_PAGE_REF is not set
CONFIG_FAIL_PAGE_ALLOC=y

root@...kaller:~# uname -a
Linux syzkaller 5.0.0-rc1+ #5 SMP Tue Jan 8 20:39:33 EST 2019 x86_64 GNU/Linux

--
Esme

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, January 10, 2019 4:03 PM, Qian Cai <cai@....pw> wrote:

> On Thu, 2019-01-10 at 20:47 +0000, Esme wrote:
>
> > Sure thing;
> > cmdline;
> > qemu-system-x86_64 -kernel linux//arch/x86/boot/bzImage -append console=ttyS0
> > root=/dev/sda debug earlyprintk=serial slub_debug=QUZ -hda stretch.img -net
> > user,hostfwd=tcp::10021-:22 -net nic -enable-kvm -nographic -m 2G -smp 2
> > -pidfile
> > CONFIG_PAGE*; (full file attached);
> >
> > CONFIG_DEBUG_PAGEALLOC is not set
> >
> > ==================================
> >
> > CONFIG_PAGE_POISONING=y
> > CONFIG_PAGE_POISONING_NO_SANITY=y
> >
> > CONFIG_PAGE_POISONING_ZERO is not set
> >
> > ======================================
> >
> > CONFIG_DEBUG_PAGE_REF is not set
> >
> > =================================
> >
> > CONFIG_FAIL_PAGE_ALLOC=y
>
> Confused.
>
> https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1896410.html
>
> It said 5.0.0-rc1+
>
> https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1896410/repro.repor
> t
>
> It said 4.20.0+, and it also have,
>
> "general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI"
>
> which indicated CONFIG_DEBUG_PAGEALLOC=y but your .config said NO.
>
> However, it looks like a mess that KASAN does not play well with all those
> SLUB_DEBUG, CONFIG_DEBUG_PAGEALLOC etc, because it essentially step into each
> others' toes by redzoning, poisoning in allocate and free pages.



Download attachment "proc.config" of type "application/octet-stream" (160213 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ