lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CACT4Y+ZMfkB5kHnF5erCHtuEENLVdWGJtEME2-nx0_1+2ywe0A@mail.gmail.com>
Date:   Tue, 26 Mar 2019 09:43:59 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     syzbot <syzbot+9d8b6fa6ee7636f350c1@...kaller.appspotmail.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Arnd Bergmann <arnd@...db.de>,
        Davidlohr Bueso <dave@...olabs.net>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>, linux@...inikbrodowski.net,
        manfred <manfred@...orfullife.com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: general protection fault in freeary

On Sun, Mar 24, 2019 at 7:51 PM syzbot
<syzbot+9d8b6fa6ee7636f350c1@...kaller.appspotmail.com> wrote:
>
> syzbot has bisected this bug to:
>
> commit 86f690e8bfd124c38940e7ad58875ef383003348
> Author: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Date:   Thu Mar 29 12:15:13 2018 +0000
>
>      Merge tag 'stm-intel_th-for-greg-20180329' of
> git://git.kernel.org/pub/scm/linux/kernel/git/ash/stm into char-misc-next
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=17d653a3200000
> start commit:   74c4a24d Add linux-next specific files for 20181207
> git tree:       linux-next
> final crash:    https://syzkaller.appspot.com/x/report.txt?x=143653a3200000
> console output: https://syzkaller.appspot.com/x/log.txt?x=103653a3200000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=6e9413388bf37bed
> dashboard link: https://syzkaller.appspot.com/bug?extid=9d8b6fa6ee7636f350c1
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16e19da3400000
>
> Reported-by: syzbot+9d8b6fa6ee7636f350c1@...kaller.appspotmail.com
> Fixes: 86f690e8bfd1 ("Merge tag 'stm-intel_th-for-greg-20180329' of
> git://git.kernel.org/pub/scm/linux/kernel/git/ash/stm into char-misc-next")
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

Looking at the crash patterns in the bisection log it seems that this
is a stack overflow/corruption in wb_workfn. There are other reports
that suggest that simply causing OOM randomly corrupts kernel memory.
The semget is only an easy way to cause OOMs.
But since we now sandbox tests processes with sem sysctl and friends,
I think we can close this report.

#syz invalid

Though the kernel memory corruption on OOMs is still there.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ