Re: general protection fault in tomoyo_check_acl

From: Tetsuo Handa
Date: Tue May 26 2020 - 08:58:57 EST

Next message: Serge Semin: "[PATCH v3 0/6] bus/memory: Add Baikal-T1 SoC APB/AXI/L2 drivers"
Previous message: Mark Rutland: "Re: [PATCH RFCv2 9/9] arm64: Support async page fault"
In reply to: syzbot: "general protection fault in tomoyo_check_acl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2020/05/26 12:46, syzbot wrote:
> general protection fault, probably for non-canonical address 0xe000026660000003: 0000 [#1] PREEMPT SMP KASAN
> KASAN: probably user-memory-access in range [0x0000333300000018-0x000033330000001f]
> CPU: 0 PID: 12489 Comm: systemd-rfkill Not tainted 5.7.0-rc6-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:tomoyo_check_acl+0xa9/0x3e0 security/tomoyo/domain.c:173

struct tomoyo_acl_info *ptr == 0x0000333300000000 is strange; such pointer
can't be linked into standard doubly linked list using list_add_tail_rcu().
Thus, this report would to be an victim of memory corruption.

Next message: Serge Semin: "[PATCH v3 0/6] bus/memory: Add Baikal-T1 SoC APB/AXI/L2 drivers"
Previous message: Mark Rutland: "Re: [PATCH RFCv2 9/9] arm64: Support async page fault"
In reply to: syzbot: "general protection fault in tomoyo_check_acl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]