lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <uekqafv4wx5axijnnfybnxixui3ruzy3mkxirflv7tb3ovrtbk@ounqurycykuv>
Date: Mon, 22 Apr 2024 10:13:17 -0400
From: "Liam R. Howlett" <Liam.Howlett@...cle.com>
To: Marius Fleischer <fleischermarius@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>, maple-tree@...ts.infradead.org,
        linux-kernel@...r.kernel.org, syzkaller@...glegroups.com,
        harrisonmichaelgreen@...il.com
Subject: Re: general protection fault in mas_empty_area_rev

* Marius Fleischer <fleischermarius@...il.com> [240420 16:08]:
> Hi,
> 
> 
> We would like to report the following bug which has been found by our
> modified version of syzkaller.
> 
> ======================================================
> 
> description: general protection fault in mas_empty_area_rev
> 
> affected file: lib/maple_tree.c
> 
> kernel version: 6.9-rc4
> 
> kernel commit: 0bbac3facb5d6cc0171c45c9873a2dc96bea9680
> 
> git tree: upstream
> 
> kernel config: attached
> 
> crash reproducer: attached
> 
> ======================================================


Thank you for reporting this issue.  I'm currently looking at what went
wrong.

It does not occur with my configuration against the reported kernel
version.  I'll attempt to recreate it with your kernel config next -
with whatever modifications I need to get it to boot in my test
environment.

> 
> Crash log:
> 
> general protection fault, probably for non-canonical address
> 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI
> 
> KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
> 
> CPU: 0 PID: 79545 Comm: syz-executor.0 Not tainted 6.9.0-rc4-dirty #3

This indicates that you built with your own patches.  Could you test an
unmodified 6.9.0-rc4 with your setup?

Thanks,
Liam

> 
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1
> 04/01/2014
> 
> RIP: 0010:ma_dead_node lib/maple_tree.c:560 [inline]
> 
> RIP: 0010:mas_data_end lib/maple_tree.c:1450 [inline]
> 
> RIP: 0010:mas_empty_area_rev+0x15ad/0x2320 lib/maple_tree.c:5114
> 
..

> Call Trace:
> 
>  <TASK>
> 
>  unmapped_area_topdown mm/mmap.c:1643 [inline]
> 
>  vm_unmapped_area+0x2db/0xb30 mm/mmap.c:1682
> 
>  arch_get_unmapped_area_topdown+0x384/0x750 arch/x86/kernel/sys_x86_64.c:212
> 
>  thp_get_unmapped_area mm/huge_memory.c:864 [inline]
> 
>  thp_get_unmapped_area+0x361/0x430 mm/huge_memory.c:854
> 
>  get_unmapped_area+0x1db/0x3e0 mm/mmap.c:1845
> 
>  do_mmap+0x282/0xef0 mm/mmap.c:1261
> 
>  vm_mmap_pgoff+0x1a7/0x3b0 mm/util.c:573
..

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ