lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANX2M5Y+98u3R9zATF_VQnxCGzmg59O1sNnTc1sH-wgWFJbLrQ@mail.gmail.com>
Date:   Fri, 22 Jul 2022 17:51:58 -0700
From:   Dipanjan Das <mail.dipanjan.das@...il.com>
To:     almaz.alexandrovich@...agon-software.com, nathan@...nel.org,
        ndesaulniers@...gle.com, trix@...hat.com, ntfs3@...ts.linux.dev,
        linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Cc:     syzkaller@...glegroups.com, fleischermarius@...glemail.com,
        its.priyanka.bose@...il.com
Subject: KASAN: slab-out-of-bounds Read in ntfs_get_ea

Hi,

We would like to report the following bug which has been found by our
modified version of syzkaller.

======================================================
description: KASAN: slab-out-of-bounds Read in ntfs_get_ea
affected file: fs/ntfs3/xattr.c
kernel version: 5.19-rc6
kernel commit: 32346491ddf24599decca06190ebca03ff9de7f8
git tree: upstream
kernel config: https://syzkaller.appspot.com/text?tag=KernelConfig&x=cd73026ceaed1402
crash reproducer: attached
======================================================
Crash log:
======================================================
[  738.753019][T21243] BUG: KASAN: slab-out-of-bounds in ntfs_get_ea+0x5c3/0x610
[  738.753838][T21243] Read of size 1 at addr ffff88802c60867d by task
syz-executor.2/21243
[  738.754732][T21243]
[  738.755004][T21243] CPU: 0 PID: 21243 Comm: syz-executor.2 Not
tainted 5.19.0-rc6-g2eae0556bb9d #1
[  738.755983][T21243] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[  738.757063][T21243] Call Trace:
[  738.757440][T21243]  <TASK>
[  738.757773][T21243]  dump_stack_lvl+0xcd/0x134
[  738.758311][T21243]  print_report.cold+0xe5/0x659
[  738.758856][T21243]  ? ntfs_get_ea+0x5c3/0x610
[  738.759377][T21243]  kasan_report+0x8a/0x1b0
[  738.759879][T21243]  ? ntfs_get_ea+0x5c3/0x610
[  738.760398][T21243]  ntfs_get_ea+0x5c3/0x610
[  738.760907][T21243]  ? ntfs_setxattr+0xb60/0xb60
[  738.761012][T16045] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.761435][T21243]  ? up_read+0x1a8/0x750
[  738.762539][T16045] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.762989][T21243]  ntfs_get_wsl_perm+0x94/0x360
[  738.764007][T16045] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.764519][T21243]  ? ni_enum_attr_ex+0x281/0x400
[  738.765606][T16045] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.766129][T21243]  ? ntfs_save_wsl_perm+0x3b0/0x3b0
[  738.767148][T16045] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.767692][T21243]  ? ni_fname_type.part.0+0x1e0/0x1e0
[  738.768769][T16045] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.769341][T21243]  ? __sanitizer_cov_trace_switch+0x50/0x90
[  738.771071][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  738.771682][T21243]  ? indx_init+0x398/0x5d0
[  738.772180][T21243]  ? write_comp_data+0x1c/0x70
[  738.772714][T21243]  ntfs_iget5+0xe4a/0x3230
[  738.773224][T21243]  ? ntfs_write_end+0x840/0x840
[  738.773766][T21243]  ? indx_find_buffer+0x630/0x630
[  738.774327][T21243]  ? __kasan_kmalloc+0xb5/0xe0
[  738.774861][T21243]  dir_search_u+0x36a/0x3f0
[  738.775369][T21243]  ? ntfs_nls_to_utf16+0x800/0x800
[  738.775945][T21243]  ntfs_lookup+0x174/0x1e0
[  738.776445][T21243]  __lookup_slow+0x255/0x490
[  738.776968][T21243]  ? page_get_link+0x7c0/0x7c0
[  738.777504][T21243]  ? kasan_check_range+0x108/0x1f0
[  738.778076][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  738.778690][T21243]  walk_component+0x40f/0x6a0
[  738.779215][T21243]  ? handle_dots.part.0+0x1590/0x1590
[  738.779812][T21243]  ? walk_component+0x6a0/0x6a0
[  738.780358][T21243]  path_lookupat.isra.0+0x190/0x580
[  738.780944][T21243]  filename_lookup+0x1ca/0x410
[  738.781480][T21243]  ? may_linkat+0x480/0x480
[  738.781990][T21243]  ? do_raw_spin_lock+0x120/0x2d0
[  738.782551][T21243]  ? kasan_check_range+0x57/0x1f0
[  738.783112][T21243]  ? __lock_acquire+0x1829/0x5840
[  738.783673][T21243]  ? ___slab_alloc+0xb62/0x1140
[  738.784216][T21243]  vfs_statx+0x144/0x360
[  738.784697][T21243]  ? vfs_getattr+0x60/0x60
[  738.785205][T21243]  ? rcu_read_lock_bh_held+0xb0/0xb0
[  738.785791][T21243]  ? lock_release+0xa1/0x6d0
[  738.786306][T21243]  ? find_held_lock+0x2d/0x110
[  738.786842][T21243]  do_statx+0xd9/0x160
[  738.787304][T21243]  ? __ia32_sys_readlink+0xb0/0xb0
[  738.787877][T21243]  ? __check_object_size+0x187/0x700
[  738.788463][T21243]  ? kasan_check_range+0x57/0x1f0
[  738.789028][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  738.789642][T21243]  ? __phys_addr_symbol+0x2c/0x70
[  738.790161][T16045] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.790191][T21243]  ? write_comp_data+0x1c/0x70
[  738.791286][T16045] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.791788][T21243]  ? __check_object_size+0x2de/0x700
[  738.793408][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  738.794017][T21243]  ? strncpy_from_user+0x287/0x3c0
[  738.794588][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  738.795198][T21243]  ? getname_flags+0x275/0x5b0
[  738.795734][T21243]  __x64_sys_statx+0x157/0x1b0
[  738.796271][T21243]  do_syscall_64+0x35/0xb0
[  738.796773][T21243]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[  738.797433][T21243] RIP: 0033:0x7f35e1a8d4ed
[  738.797937][T21243] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3
0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8
[  738.800014][T21243] RSP: 002b:00007f35e2b8bbe8 EFLAGS: 00000246
ORIG_RAX: 000000000000014c
[  738.800931][T21243] RAX: ffffffffffffffda RBX: 00007f35e1babf60
RCX: 00007f35e1a8d4ed
[  738.801751][T16045] batman_adv: batadv0: Interface activated: batadv_slave_0
[  738.801778][T21243] RDX: 0000000000000100 RSI: 0000000020003cc0
RDI: 0000000000000005
[  738.803406][T21243] RBP: 00007f35e1af92e1 R08: 0000000000000000
R09: 0000000000000000
[  738.804260][T21243] R10: 0000000000000008 R11: 0000000000000246
R12: 0000000000000000
[  738.805119][T21243] R13: 00007ffec4434f4f R14: 00007f35e1babf60
R15: 00007f35e2b8bd80
[  738.805979][T21243]  </TASK>
[  738.806323][T21243]
[  738.806589][T21243] Allocated by task 21243:
[  738.807080][T21243]  kasan_save_stack+0x1e/0x40
[  738.807606][T21243]  __kasan_kmalloc+0xb5/0xe0
[  738.808118][T21243]  __kmalloc+0x1c9/0x4c0
[  738.808591][T21243]  ntfs_read_ea+0x3dd/0x850
[  738.809104][T21243]  ntfs_get_ea+0x196/0x610
[  738.809601][T21243]  ntfs_get_wsl_perm+0x94/0x360
[  738.810142][T21243]  ntfs_iget5+0xe4a/0x3230
[  738.810637][T21243]  dir_search_u+0x36a/0x3f0
[  738.811142][T21243]  ntfs_lookup+0x174/0x1e0
[  738.811639][T21243]  __lookup_slow+0x255/0x490
[  738.812152][T21243]  walk_component+0x40f/0x6a0
[  738.812675][T21243]  path_lookupat.isra.0+0x190/0x580
[  738.813256][T21243]  filename_lookup+0x1ca/0x410
[  738.813787][T21243]  vfs_statx+0x144/0x360
[  738.814264][T21243]  do_statx+0xd9/0x160
[  738.814727][T21243]  __x64_sys_statx+0x157/0x1b0
[  738.815267][T21243]  do_syscall_64+0x35/0xb0
[  738.815764][T21243]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[  738.816411][T21243]
[  738.816678][T21243] The buggy address belongs to the object at
ffff88802c608640
[  738.816678][T21243]  which belongs to the cache kmalloc-64 of size 64
[  738.818144][T21243] The buggy address is located 61 bytes inside of
[  738.818144][T21243]  64-byte region [ffff88802c608640, ffff88802c608680)
[  738.819526][T21243]
[  738.819792][T21243] The buggy address belongs to the physical page:
[  738.820484][T21243] page:ffffea0000b18200 refcount:1 mapcount:0
mapping:0000000000000000 index:0xffff88802c608740 pfn:0x2c608
[  738.821725][T21243] flags:
0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  738.822549][T21243] raw: 00fff00000000200 ffffea0000b230c8
ffff8880118406c8 ffff8880118427c0
[  738.823479][T21243] raw: ffff88802c608740 0000000000100007
00000001ffffffff 0000000000000000
[  738.824397][T21243] page dumped because: kasan: bad access detected
[  738.825098][T21243] page_owner tracks the page as allocated
[  738.825711][T21243] page last allocated via order 0, migratetype
Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), 5
[  738.827628][T21243]  prep_new_page+0x297/0x330
[  738.828146][T21243]  get_page_from_freelist+0x2142/0x3c80
[  738.828756][T21243]  __alloc_pages+0x321/0x710
[  738.829276][T21243]  alloc_pages+0x119/0x250
[  738.829770][T21243]  new_slab+0x2a9/0x3f0
[  738.830238][T21243]  ___slab_alloc+0xd5a/0x1140
[  738.830757][T21243]  __slab_alloc.isra.0+0x4d/0xa0
[  738.831305][T21243]  __kmalloc+0x3a9/0x4c0
[  738.831776][T21243]  tomoyo_encode2.part.0+0xec/0x3b0
[  738.832353][T21243]  tomoyo_encode+0x28/0x50
[  738.832850][T21243]  tomoyo_realpath_from_path+0x186/0x620
[  738.833478][T21243]  tomoyo_check_open_permission+0x26d/0x370
[  738.834127][T21243]  tomoyo_file_open+0x9d/0xc0
[  738.834652][T21243]  security_file_open+0x52/0x640
[  738.835202][T21243]  do_dentry_open+0x349/0x11f0
[  738.835737][T21243]  path_openat+0x1c51/0x2890
[  738.836251][T21243] page last free stack trace:
[  738.836329][T16045] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  738.836750][T21243]  free_pcp_prepare+0x51f/0xd00
[  738.838403][T21243]  free_unref_page+0x19/0x5b0
[  738.838926][T21243]  __vunmap+0x6ff/0xaa0
[  738.839011][T16045] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.839379][T21243]  free_work+0x58/0x70
[  738.840866][T21243]  process_one_work+0x9cc/0x1650
[  738.841425][T21243]  worker_thread+0x623/0x1070
[  738.841949][T21243]  kthread+0x2e9/0x3a0
[  738.842406][T21243]  ret_from_fork+0x1f/0x30
[  738.842904][T21243]
[  738.843171][T21243] Memory state around the buggy address:
[  738.843266][T16045] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  738.843770][T21243]  ffff88802c608500: fc fc fc fc fc fc fc fc 00
00 00 00 00 00 00 fc
[  738.845740][T21243]  ffff88802c608580: fc fc fc fc fc fc fc fc fc
fc fc fc fc fc fc fc
[  738.846016][T16045] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.846594][T21243] >ffff88802c608600: fc fc fc fc fc fc fc fc 00
00 00 00 00 00 00 04
[  738.848486][T21243]
                ^
[  738.849345][T21243]  ffff88802c608680: fc fc fc fc fc fc fc fc fc
fc fc fc fc fc fc fc
[  738.849858][T16045] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  738.850197][T21243]  ffff88802c608700: fc fc fc fc fc fc fc fc fc
fc fc fc fc fc fc fc
[  738.850209][T21243]
==================================================================
[  738.854633][T16045] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.859751][T16045] batman_adv: batadv0: Interface activated: batadv_slave_1
[  738.871317][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link
becomes ready
[  738.872745][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link
becomes ready
[  738.874105][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  738.875428][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  738.878109][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  738.890651][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0:
link becomes ready
[  738.897425][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv:
link becomes ready
[  738.904411][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link
becomes ready
[  738.915482][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link
becomes ready
[  738.922074][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0:
link becomes ready
[  738.927750][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv:
link becomes ready
[  738.934806][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1:
link becomes ready
[  738.941303][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv:
link becomes ready
[  738.949095][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  738.966600][T15885] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  738.984589][T16054] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.985739][T16054] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.986776][T16054] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.987880][T16054] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.988922][T16054] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.993632][T16054] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.994980][T16054] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  738.996172][T16054] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  738.997294][T16054] batman_adv: The newly added mac address
(aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  739.001902][T16054] batman_adv: It is strongly recommended to keep
mac addresses unique to avoid problems!
[  739.013680][T16054] batman_adv: batadv0: Interface activated: batadv_slave_0
[  739.016943][T21243] Kernel panic - not syncing: panic_on_warn set ...
[  739.017680][T21243] CPU: 0 PID: 21243 Comm: syz-executor.2 Not
tainted 5.19.0-rc6-g2eae0556bb9d #1
[  739.017964][T16053] device veth1_vlan entered promiscuous mode
[  739.019286][T21243] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[  739.020340][T21243] Call Trace:
[  739.020708][T21243]  <TASK>
[  739.021043][T21243]  dump_stack_lvl+0xcd/0x134
[  739.021561][T21243]  panic+0x2d7/0x636
[  739.022002][T21243]  ? panic_print_sys_info.part.0+0x10b/0x10b
[  739.022658][T21243]  ? preempt_schedule_thunk+0x16/0x18
[  739.023252][T21243]  ? preempt_schedule_common+0x5e/0xc0
[  739.023856][T21243]  ? ntfs_get_ea+0x5c3/0x610
[  739.024370][T21243]  ? preempt_schedule_thunk+0x16/0x18
[  739.024970][T21243]  ? ntfs_get_ea+0x5c3/0x610
[  739.025485][T21243]  end_report.part.0+0x3f/0x7c
[  739.026015][T21243]  kasan_report.cold+0x8/0x12
[  739.026537][T21243]  ? ntfs_get_ea+0x5c3/0x610
[  739.027053][T21243]  ntfs_get_ea+0x5c3/0x610
[  739.027552][T21243]  ? ntfs_setxattr+0xb60/0xb60
[  739.028086][T21243]  ? up_read+0x1a8/0x750
[  739.028561][T21243]  ntfs_get_wsl_perm+0x94/0x360
[  739.029108][T21243]  ? ni_enum_attr_ex+0x281/0x400
[  739.029659][T21243]  ? ntfs_save_wsl_perm+0x3b0/0x3b0
[  739.030234][T21243]  ? ni_fname_type.part.0+0x1e0/0x1e0
[  739.030827][T21243]  ? __sanitizer_cov_trace_switch+0x50/0x90
[  739.031473][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  739.032079][T21243]  ? indx_init+0x398/0x5d0
[  739.032574][T21243]  ? write_comp_data+0x1c/0x70
[  739.033108][T21243]  ntfs_iget5+0xe4a/0x3230
[  739.033608][T21243]  ? ntfs_write_end+0x840/0x840
[  739.034146][T21243]  ? indx_find_buffer+0x630/0x630
[  739.034703][T21243]  ? __kasan_kmalloc+0xb5/0xe0
[  739.035235][T21243]  dir_search_u+0x36a/0x3f0
[  739.035741][T21243]  ? ntfs_nls_to_utf16+0x800/0x800
[  739.036312][T21243]  ntfs_lookup+0x174/0x1e0
[  739.036809][T21243]  __lookup_slow+0x255/0x490
[  739.037331][T21243]  ? page_get_link+0x7c0/0x7c0
[  739.037864][T21243]  ? kasan_check_range+0x108/0x1f0
[  739.038432][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  739.039042][T21243]  walk_component+0x40f/0x6a0
[  739.039565][T21243]  ? handle_dots.part.0+0x1590/0x1590
[  739.040158][T21243]  ? walk_component+0x6a0/0x6a0
[  739.040699][T21243]  path_lookupat.isra.0+0x190/0x580
[  739.041281][T21243]  filename_lookup+0x1ca/0x410
[  739.041814][T21243]  ? may_linkat+0x480/0x480
[  739.042318][T21243]  ? do_raw_spin_lock+0x120/0x2d0
[  739.042876][T21243]  ? kasan_check_range+0x57/0x1f0
[  739.043433][T21243]  ? __lock_acquire+0x1829/0x5840
[  739.043990][T21243]  ? ___slab_alloc+0xb62/0x1140
[  739.044529][T21243]  vfs_statx+0x144/0x360
[  739.045012][T21243]  ? vfs_getattr+0x60/0x60
[  739.045509][T21243]  ? rcu_read_lock_bh_held+0xb0/0xb0
[  739.046090][T21243]  ? lock_release+0xa1/0x6d0
[  739.046601][T21243]  ? find_held_lock+0x2d/0x110
[  739.047132][T21243]  do_statx+0xd9/0x160
[  739.047592][T21243]  ? __ia32_sys_readlink+0xb0/0xb0
[  739.048160][T21243]  ? __check_object_size+0x187/0x700
[  739.048743][T21243]  ? kasan_check_range+0x57/0x1f0
[  739.049304][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  739.049910][T21243]  ? __phys_addr_symbol+0x2c/0x70
[  739.050465][T21243]  ? write_comp_data+0x1c/0x70
[  739.050991][T21243]  ? __check_object_size+0x2de/0x700
[  739.051572][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  739.052178][T21243]  ? strncpy_from_user+0x287/0x3c0
[  739.052745][T21243]  ? __sanitizer_cov_trace_pc+0x1a/0x40
[  739.053360][T21243]  ? getname_flags+0x275/0x5b0
[  739.053892][T21243]  __x64_sys_statx+0x157/0x1b0
[  739.054425][T21243]  do_syscall_64+0x35/0xb0
[  739.054921][T21243]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
[  739.055569][T21243] RIP: 0033:0x7f35e1a8d4ed
[  739.056108][T21243] Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3
0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8
[  739.058163][T21243] RSP: 002b:00007f35e2b8bbe8 EFLAGS: 00000246
ORIG_RAX: 000000000000014c
[  739.059064][T21243] RAX: ffffffffffffffda RBX: 00007f35e1babf60
RCX: 00007f35e1a8d4ed
[  739.059916][T21243] RDX: 0000000000000100 RSI: 0000000020003cc0
RDI: 0000000000000005
[  739.060761][T21243] RBP: 00007f35e1af92e1 R08: 0000000000000000
R09: 0000000000000000
[  739.061614][T21243] R10: 0000000000000008 R11: 0000000000000246
R12: 0000000000000000
[  739.062461][T21243] R13: 00007ffec4434f4f R14: 00007f35e1babf60
R15: 00007f35e2b8bd80
[  739.063315][T21243]  </TASK>

-- 
Thanks and Regards,

Dipanjan

View attachment "repro.c" of type "text/x-csrc" (51905 bytes)

Download attachment "repro.syz" of type "application/octet-stream" (18008 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ