From: Stephen Hemminger <stephen@networkplumber.org>
To: netdev@vger.kernel.org
Subject: Fw: [Bug 200033] New: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h
Date: Tue, 12 Jun 2018 10:38:40 -0700 [thread overview]
Message-ID: <20180612103840.3293dfb0@xeon-e3> (raw)
Begin forwarded message:
Date: Tue, 12 Jun 2018 01:44:36 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 200033] New: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h
https://bugzilla.kernel.org/show_bug.cgi?id=200033
Bug ID: 200033
Summary: stack-out-of-bounds in __xfrm_dst_hash
net/xfrm/xfrm_hash.h
Product: Networking
Version: 2.5
Kernel Version: v4.17
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Other
Assignee: stephen@networkplumber.org
Reporter: icytxw@gmail.com
Regression: No
Created attachment 276483
--> https://bugzilla.kernel.org/attachment.cgi?id=276483&action=edit
Found this bug with modified syzkaller
==================================================================
BUG: KASAN: stack-out-of-bounds in __xfrm_dst_hash net/xfrm/xfrm_hash.h:96
[inline]
BUG: KASAN: stack-out-of-bounds in xfrm_dst_hash net/xfrm/xfrm_state.c:61
[inline]
BUG: KASAN: stack-out-of-bounds in xfrm_state_find+0x24ab/0x26e0
net/xfrm/xfrm_state.c:953
Read of size 4 at addr ffff880054b17b70 by task syz-executor0/13697
CPU: 0 PID: 13697 Comm: syz-executor0 Not tainted 4.17.0 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1
04/01/2014
Call Trace:
The buggy address belongs to the page:
page:ffffea000152c5c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
flags: 0x100000000000000()
raw: 0100000000000000 0000000000000000 ffffea000152c5c8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff880054b17a00: 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 f2
ffff880054b17a80: f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 00 00 00
>ffff880054b17b00: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 f2
^
ffff880054b17b80: f2 f2 f2 00 00 00 00 00 00 00 00 00 f2 f2 f2 f3
ffff880054b17c00: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 13697 Comm: syz-executor0 Tainted: G B 4.17.0 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1
04/01/2014
Call Trace:
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
--
You are receiving this mail because:
You are the assignee for the bug.
reply other threads:[~2018-06-12 17:38 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180612103840.3293dfb0@xeon-e3 \
--to=stephen@networkplumber.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).