lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200315144919.y6r5sarg5m4s6wpw@treble>
Date:   Sun, 15 Mar 2020 09:49:19 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     syzbot <syzbot+2a3c14db0e17fe4c7409@...kaller.appspotmail.com>
Cc:     bp@...en8.de, hpa@...or.com, linux-kernel@...r.kernel.org,
        mingo@...hat.com, netdev@...r.kernel.org, peterz@...radead.org,
        shile.zhang@...ux.alibaba.com, syzkaller-bugs@...glegroups.com,
        tglx@...utronix.de, x86@...nel.org
Subject: Re: BUG: stack guard page was hit in deref_stack_reg

On Sat, Mar 14, 2020 at 03:28:11AM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following crash on:
> 
> HEAD commit:    34a568a2 net: sgi: ioc3-eth: Remove phy workaround
> git tree:       net-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=103e69fde00000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=598678fc6e800071
> dashboard link: https://syzkaller.appspot.com/bug?extid=2a3c14db0e17fe4c7409
> compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
> 
> Unfortunately, I don't have any reproducer for this crash yet.
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+2a3c14db0e17fe4c7409@...kaller.appspotmail.com

This is a stack overflow caused by a recursive loop in the networking
code.  This chain repeats until it runs out of stack:

>  bond_compute_features.isra.0+0x521/0xa40 drivers/net/bonding/bond_main.c:1188
>  bond_slave_netdev_event drivers/net/bonding/bond_main.c:3237 [inline]
>  bond_netdev_event+0x6ee/0x930 drivers/net/bonding/bond_main.c:3277
>  notifier_call_chain+0xc0/0x230 kernel/notifier.c:83
>  call_netdevice_notifiers_info net/core/dev.c:1948 [inline]
>  call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:1933
>  call_netdevice_notifiers_extack net/core/dev.c:1960 [inline]
>  call_netdevice_notifiers net/core/dev.c:1974 [inline]
>  netdev_features_change net/core/dev.c:1364 [inline]
>  netdev_update_features net/core/dev.c:9082 [inline]
>  netdev_update_features+0xc4/0xd0 net/core/dev.c:9079
>  netdev_sync_lower_features net/core/dev.c:8891 [inline]
>  __netdev_update_features+0x821/0x12f0 net/core/dev.c:9026
>  netdev_change_features+0x61/0xb0 net/core/dev.c:9098
>  bond_compute_features.isra.0+0x521/0xa40 drivers/net/bonding/bond_main.c:1188

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ