Re: v4.18-rc4: slab-out-of-bounds in ___bpf_prog_run

From: Daniel Borkmann
Date: Mon Jul 09 2018 - 09:34:54 EST

Next message: Ville Syrjala: "[PATCH] x86/apm: Don't access __preempt_count with zeroed fs"
Previous message: Marek Szyprowski: "Re: [PATCH] regulator: core: Don't link consumers on the same device"
In reply to: Mark Rutland: "v4.18-rc4: slab-out-of-bounds in ___bpf_prog_run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 07/09/2018 02:35 PM, Mark Rutland wrote:
> Hi,
>
> While fuzzing v4.18-rc4 with Syzkaller, I hit a KASAN slab-out-of-bounds
> warning at ___bpf_prog_run+0x1f20 (splat at the end of this mail), which
> faddr2line tells me is kernel/bpf/core.c:1303.
>
> I can reliably trigger this with the below C program, which I minimized from
> Syzkaller's auto-generated C reproducer.

Thanks Mark! Looking into it.

Next message: Ville Syrjala: "[PATCH] x86/apm: Don't access __preempt_count with zeroed fs"
Previous message: Marek Szyprowski: "Re: [PATCH] regulator: core: Don't link consumers on the same device"
In reply to: Mark Rutland: "v4.18-rc4: slab-out-of-bounds in ___bpf_prog_run"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]