lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000a4b3c205b0c24743@google.com>
Date:   Sat, 03 Oct 2020 04:09:15 -0700
From:   syzbot <syzbot+2667188e965125ab6e7a@...kaller.appspotmail.com>
To:     0x7f454c46@...il.com, bp@...en8.de, chang.seok.bae@...el.com,
        hpa@...or.com, linux-kernel@...r.kernel.org, luto@...nel.org,
        mingo@...hat.com, sashal@...nel.org,
        syzkaller-bugs@...glegroups.com, tglx@...utronix.de, x86@...nel.org
Subject: KASAN: out-of-bounds Read in __switch_to (2)

Hello,

syzbot found the following issue on:

HEAD commit:    fb0155a0 Merge tag 'nfs-for-5.9-3' of git://git.linux-nfs...
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=15147bc3900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=41b736b7ce1b3ea4
dashboard link: https://syzkaller.appspot.com/bug?extid=2667188e965125ab6e7a
compiler:       gcc (GCC) 10.1.0-syz 20200507
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11743a37900000

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+2667188e965125ab6e7a@...kaller.appspotmail.com

==================================================================
BUG: KASAN: out-of-bounds in arch_end_context_switch arch/x86/include/asm/paravirt.h:625 [inline]
BUG: KASAN: out-of-bounds in __switch_to+0xddc/0xfe0 arch/x86/kernel/process_64.c:566
Read of size 8 at addr ffffffff89fc6bd8 by task swapper/1/0

CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:

The buggy address belongs to the variable:
 pv_ops+0x118/0x2c0

Memory state around the buggy address:
 ffffffff89fc6a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89fc6b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff89fc6b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                       ^
 ffffffff89fc6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff89fc6c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 0 Comm: swapper/1 Tainted: G    B             5.9.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ