v4.14-rc3/arm64 DABT exception in atomic_inc() / __skb_clone()
Mark Rutland
mark.rutland at arm.com
Fri Oct 20 04:14:08 PDT 2017
On Thu, Oct 19, 2017 at 10:16:08PM -0400, Wei Wei wrote:
> Hi all,
Hi,
> I have fuzzed v4.14-rc3 using syzkaller and found a bug similar to that one [1].
> But the call trace isn’t the same. The atomic_inc() might handle a corrupted
> skb_buff.
>
> The logs and config have been uploaded to my github repo [2].
>
> [1] https://lkml.org/lkml/2017/10/2/216
> [2] https://github.com/dotweiba/skb_clone_atomic_inc_bug
These do look very similar to what I was hitting; all appear to be
misaligned atomics in the same path.
I see that you have some empty repro files in [2]. If you have any
reproducers, would you mind sharing them?
If any of those are smaller or more reliable than the one I was able to
generate [3], it might make it more obvious what's going on, and/or make
it simpler to come up with a plain C reproducer.
Thanks,
Mark.
[3] https://www.kernel.org/pub/linux/kernel/people/mark/bugs/20171002-skb_clone-misaligned-atomic/syzkaller.repro
More information about the linux-arm-kernel
mailing list