lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAG48ez1_kkR6-tSkmzBu0Z-Jex0MoKQ5OJSQaK3mcHc-aT+G+w@mail.gmail.com>
Date: Wed, 22 Nov 2023 22:46:55 +0100
From: Jann Horn <jannh@...gle.com>
To: syzbot <syzbot+40d43509a099ea756317@...kaller.appspotmail.com>
Cc: borisp@...dia.com, davem@...emloft.net, edumazet@...gle.com, 
	john.fastabend@...il.com, kuba@...nel.org, linux-kernel@...r.kernel.org, 
	netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] general protection fault in tls_merge_open_record

On Mon, Oct 30, 2023 at 6:52 AM syzbot
<syzbot+40d43509a099ea756317@...kaller.appspotmail.com> wrote:
>
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:    66f1e1ea3548 Add linux-next specific files for 20231027
> git tree:       linux-next
> console output: https://syzkaller.appspot.com/x/log.txt?x=11b621fd680000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=2911330219149de4
> dashboard link: https://syzkaller.appspot.com/bug?extid=40d43509a099ea756317
> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1552332d680000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/e0bf12f215f2/disk-66f1e1ea.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/5e854ca6e2c3/vmlinux-66f1e1ea.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/25e8c098714e/bzImage-66f1e1ea.xz
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+40d43509a099ea756317@...kaller.appspotmail.com
>
> general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
> CPU: 1 PID: 12569 Comm: syz-executor.0 Not tainted 6.6.0-rc7-next-20231027-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
> RIP: 0010:_compound_head include/linux/page-flags.h:247 [inline]
> RIP: 0010:put_page include/linux/mm.h:1544 [inline]
> RIP: 0010:tls_merge_open_record+0x4b9/0x7f0 net/tls/tls_sw.c:669

I've posted an analysis and suggested fix for the issue at
<https://lore.kernel.org/lkml/20231122214447.675768-1-jannh@google.com/>.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ