Re: kernel panic: stack is corrupted in mpol_to_str

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Two reproducers have only offset difference.

1c1
< // https://syzkaller.appspot.com/bug?id=95622e9b1d82dd9e1368d04b2d11f9daa102b685
---
> // https://syzkaller.appspot.com/bug?id=b642faac21312365cd30cc83ec73b2a05f73bf8a
134,142c134,142
<   memcpy((void*)0x20000000, "tmpfs\000", 6);
<   memcpy((void*)0x20002140, "./file0\000", 8);
<   memcpy((void*)0x200000c0, "mpol", 4);
<   *(uint8_t*)0x200000c4 = 0x3d;
<   memcpy((void*)0x200000c5, "prefer", 6);
<   *(uint8_t*)0x200000cb = 0x3a;
<   *(uint8_t*)0x200000cc = 0x2c;
<   *(uint8_t*)0x200000cd = 0;
<   syz_mount_image(0x20000000, 0x20002140, 0, 0, 0, 0, 0x200000c0);
---
>   memcpy((void*)0x200000c0, "tmpfs\000", 6);
>   memcpy((void*)0x20000000, "./file0\000", 8);
>   memcpy((void*)0x20000100, "mpol", 4);
>   *(uint8_t*)0x20000104 = 0x3d;
>   memcpy((void*)0x20000105, "prefer", 6);
>   *(uint8_t*)0x2000010b = 0x3a;
>   *(uint8_t*)0x2000010c = 0x2c;
>   *(uint8_t*)0x2000010d = 0;
>   syz_mount_image(0x200000c0, 0x20000000, 0, 0, 0, 0, 0x20000100);

#syz dup: KASAN: stack-out-of-bounds Write in mpol_to_str
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux