lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAOQ4uxhS47k3q+QBSnFfWHUCarSR+MW8ms15jDpuCyWdX1RC4g@mail.gmail.com>
Date: Thu, 6 Feb 2025 16:53:04 +0100
From: Amir Goldstein <amir73il@...il.com>
To: syzbot <syzbot+62dfea789a2cedac1298@...kaller.appspotmail.com>, 
	Christian Brauner <brauner@...nel.org>
Cc: linux-kernel@...r.kernel.org, linux-unionfs@...r.kernel.org, 
	miklos@...redi.hu, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [overlayfs?] general protection fault in clone_private_mount

On Thu, Feb 6, 2025 at 2:32 PM syzbot
<syzbot+62dfea789a2cedac1298@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    808eb958781e Add linux-next specific files for 20250206
> git tree:       linux-next
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=126e33df980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=88b25e5d30d576e4
> dashboard link: https://syzkaller.appspot.com/bug?extid=62dfea789a2cedac1298
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=16346df8580000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=117e80e4580000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/493ef93f2e5f/disk-808eb958.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/b41757cd41c9/vmlinux-808eb958.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/24f456104aad/bzImage-808eb958.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+62dfea789a2cedac1298@...kaller.appspotmail.com
>
> Oops: general protection fault, probably for non-canonical address 0xdffffc0000000009: 0000 [#1] PREEMPT SMP KASAN PTI
> KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
> CPU: 0 UID: 0 PID: 5834 Comm: syz-executor772 Not tainted 6.14.0-rc1-next-20250206-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
> RIP: 0010:is_anon_ns fs/mount.h:159 [inline]
> RIP: 0010:clone_private_mount+0x184/0x3e0 fs/namespace.c:2425

Christian,

This obviously points to line:

      /* Make sure this isn't something purely kernel internal. */
     if (!is_anon_ns(old_mnt->mnt_ns))

in commit:
ae63304102ecd fs: allow detached mounts in clone_private_mount()

Where old_mnt->mnt_ns can be NULL.

Thanks,
Amir.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ