lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 6 Jun 2019 16:41:51 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     syzbot <syzbot+9a901acbc447313bfe3e@...kaller.appspotmail.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>, Qian Cai <cai@....pw>,
        Chris von Recklinghausen <crecklin@...hat.com>,
        Kees Cook <keescook@...omium.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: KASAN: slab-out-of-bounds Read in corrupted (2)

On Thu, Jun 6, 2019 at 3:52 PM syzbot
<syzbot+9a901acbc447313bfe3e@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:    156c0591 Merge tag 'linux-kselftest-5.2-rc4' of git://git...
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=13512d51a00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=60564cb52ab29d5b
> dashboard link: https://syzkaller.appspot.com/bug?extid=9a901acbc447313bfe3e
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11a4b01ea00000

Looks +bpf related from the repro.

> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+9a901acbc447313bfe3e@...kaller.appspotmail.com
>
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in vsnprintf+0x1727/0x19a0
> lib/vsprintf.c:2503
> Read of size 8 at addr ffff8880a91c7d00 by task syz-executor.0/9821
>
> CPU: 0 PID: 9821 Comm: syz-executor.0 Not tainted 5.2.0-rc3+ #13
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
>
> Allocated by task 1024:
> (stack is not available)
>
> Freed by task 2310999008:
> ------------[ cut here ]------------
> Bad or missing usercopy whitelist? Kernel memory overwrite attempt detected
> to SLAB object 'skbuff_head_cache' (offset 24, size 1)!
> WARNING: CPU: 0 PID: 9821 at mm/usercopy.c:78 usercopy_warn+0xeb/0x110
> mm/usercopy.c:78
> Kernel panic - not syncing: panic_on_warn set ...
> Shutting down cpus with NMI
> Kernel Offset: disabled
>
>
> ---
> This bug is generated by a bot. It may contain errors.
> See https://goo.gl/tpsmEJ for more information about syzbot.
> syzbot engineers can be reached at syzkaller@...glegroups.com.
>
> syzbot will keep track of this bug report. See:
> https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> syzbot can test patches for this bug, for details see:
> https://goo.gl/tpsmEJ#testing-patches
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/0000000000004945f1058aa80556%40google.com.
> For more options, visit https://groups.google.com/d/optout.

Powered by blists - more mailing lists