lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000e9f3e705a684ef9a@google.com>
Date:   Mon, 25 May 2020 20:46:14 -0700
From:   syzbot <syzbot+cff8c4c75acd8c6fb842@...kaller.appspotmail.com>
To:     jmorris@...ei.org, linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        penguin-kernel@...ove.SAKURA.ne.jp, serge@...lyn.com,
        syzkaller-bugs@...glegroups.com, takedakn@...data.co.jp
Subject: general protection fault in tomoyo_check_acl

Hello,

syzbot found the following crash on:

HEAD commit:    d2f8825a Merge tag 'for_linus' of git://git.kernel.org/pub..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=13c55922100000
kernel config:  https://syzkaller.appspot.com/x/.config?x=b3368ce0cc5f5ace
dashboard link: https://syzkaller.appspot.com/bug?extid=cff8c4c75acd8c6fb842
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)

Unfortunately, I don't have any reproducer for this crash yet.

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+cff8c4c75acd8c6fb842@...kaller.appspotmail.com

general protection fault, probably for non-canonical address 0xe000026660000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: probably user-memory-access in range [0x0000333300000018-0x000033330000001f]
CPU: 0 PID: 12489 Comm: systemd-rfkill Not tainted 5.7.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tomoyo_check_acl+0xa9/0x3e0 security/tomoyo/domain.c:173
Code: 00 0f 85 2d 03 00 00 49 8b 1c 24 49 39 dc 0f 84 bd 01 00 00 e8 28 65 14 fe 48 8d 7b 18 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08 84 c0 0f 85 a7 02 00 00 44 0f b6 73 18 31
RSP: 0018:ffffc90016987bc8 EFLAGS: 00010246
RAX: 0000066660000003 RBX: 0000333300000000 RCX: ffffffff835ed028
RDX: 0000000000000000 RSI: ffffffff835ecff8 RDI: 0000333300000018
RBP: dffffc0000000000 R08: ffff8880a1cce1c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a72db990
R13: ffffc90016987c80 R14: 0000000000000033 R15: 0000000000000002
FS:  00007f9e4b6ba8c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9e4b399e30 CR3: 000000004df8d000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 tomoyo_path_number_perm+0x314/0x4d0 security/tomoyo/file.c:733
 security_file_ioctl+0x6c/0xb0 security/security.c:1460
 ksys_ioctl+0x50/0x180 fs/ioctl.c:765
 __do_sys_ioctl fs/ioctl.c:780 [inline]
 __se_sys_ioctl fs/ioctl.c:778 [inline]
 __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:778
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295
 entry_SYSCALL_64_after_hwframe+0x49/0xb3
RIP: 0033:0x7f9e4adab80a
Code: ff e9 62 fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 53 49 89 f0 48 63 ff be 01 54 00 00 b8 10 00 00 00 48 83 ec 30 48 89 e2 0f 05 <48> 3d 00 f0 ff ff 77 6e 85 c0 89 c3 75 5c 8b 04 24 8b 54 24 0c 4c
RSP: 002b:00007fffcc16ea20 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00007f9e4adab80a
RDX: 00007fffcc16ea20 RSI: 0000000000005401 RDI: 0000000000000002
RBP: 0000000000000007 R08: 00007fffcc16ea60 R09: 0000000000000000
R10: 0000000000020d50 R11: 0000000000000202 R12: 000056153471ef90
R13: 00007fffcc16ec30 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 1f05c0d7f6671379 ]---
RIP: 0010:tomoyo_check_acl+0xa9/0x3e0 security/tomoyo/domain.c:173
Code: 00 0f 85 2d 03 00 00 49 8b 1c 24 49 39 dc 0f 84 bd 01 00 00 e8 28 65 14 fe 48 8d 7b 18 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <0f> b6 04 28 38 d0 7f 08 84 c0 0f 85 a7 02 00 00 44 0f b6 73 18 31
RSP: 0018:ffffc90016987bc8 EFLAGS: 00010246
RAX: 0000066660000003 RBX: 0000333300000000 RCX: ffffffff835ed028
RDX: 0000000000000000 RSI: ffffffff835ecff8 RDI: 0000333300000018
RBP: dffffc0000000000 R08: ffff8880a1cce1c0 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a72db990
R13: ffffc90016987c80 R14: 0000000000000033 R15: 0000000000000002
FS:  00007f9e4b6ba8c0(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055f7b8031310 CR3: 000000004df8d000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ