Re: KASAN: alloca-out-of-bounds Read in unwind_next_frame

From: Dmitry Vyukov
Date: Fri Apr 13 2018 - 07:16:31 EST

Next message: Patrick Bellasi: "Re: [PATCH 1/7] sched/core: uclamp: add CPU clamp groups accounting"
Previous message: Peter Zijlstra: "Re: [PATCH 1/7] sched/core: uclamp: add CPU clamp groups accounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 6, 2018 at 6:53 PM, Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
> On Fri, Apr 06, 2018 at 05:40:01PM +0200, Dmitry Vyukov wrote:
>> > So at first glance it seemed like a race condition. However, the
>> > unwinder was only trying to dereference the frame pointer (RBP:
>> > ffff8801b05e67f8), which should have never been poisoned in the first
>> > place.
>> >
>> > So it looks like a bug in the KASAN alloca poisoning.
>>
>> Hi Josh,
>>
>> You seen my previous message, right? Or was it lost somehow?
>>
>> https://groups.google.com/d/msg/syzkaller-bugs/IcKqxHzhmQc/KAL6o7tOCAAJ
>
> Oops, you're right, I missed it. Seems like we came to the same
> conclusion anyway :-)

The gcc bug is now fixed

#syz invalid

Next message: Patrick Bellasi: "Re: [PATCH 1/7] sched/core: uclamp: add CPU clamp groups accounting"
Previous message: Peter Zijlstra: "Re: [PATCH 1/7] sched/core: uclamp: add CPU clamp groups accounting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]