oss-sec mailing list archives
Re: BUG_ON crash in linux 4.7-rc6/master skbuff.c
From: cve-assign () mitre org
Date: Tue, 5 Jul 2016 18:39:38 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
this program will crash the linux kernel 4.7-rc6 and current master in a voluntary panic() call triggered at a BUG_ON in net/core/skbuff.c:3051 kernel BUG at net/core/skbuff.c:3051! in a qemu environment with kASAN enabled in a syzkaller-kind setup
[ 59.831394] kernel BUG at net/core/skbuff.c:3051! [ 59.831802] invalid opcode: 0000 [#1] SMP KASAN
[ 59.844495] [<ffffffff82c54dba>] udpv6_queue_rcv_skb+0x4fa/0x15b0 [ 59.845048] [<ffffffff82c56b36>] __udp6_lib_rcv+0xcc6/0x1d20 [ 59.845540] [<ffffffff82c57bb1>] udpv6_rcv+0x21/0x30 [ 59.845975] [<ffffffff82bf5971>] ip6_input_finish+0x3a1/0x1170 [ 59.846510] [<ffffffff82bf7faa>] ip6_input+0xda/0x1f0 [ 59.846950] [<ffffffff82bf7ed0>] ? ipv6_rcv+0x1790/0x1790 [ 59.847418] [<ffffffff8296ce36>] ? __netif_receive_skb+0x36/0x170
[ 59.883546] Kernel panic - not syncing: Fatal exception in interrupt
reproducer --- derp2.c r[0] = syscall(SYS_mmap, ... r[1] = syscall(SYS_socket, ... r[3] = syscall(SYS_bind, ... r[6] = syscall(SYS_sendto, ... r[13] = syscall(SYS_setsockopt, ... r[14] = syscall(SYS_dup, ... r[21] = syscall(SYS_write, ...
Use CVE-2016-6162. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXfDVGAAoJEHb/MwWLVhi2AqUQAJzw7O7PX85JseeWkL6p9e8u RHZtWmwh3TBgkdXuCh/GtayjL+pRdGjWs4Xz6S/vXf4iOMIxMc5BHXaaUSn1Yjpk SBxfhNQPCVaAMnGD4FizEpJW2IY/79RqS7VB5GVTROuqrDySEg7p+9mT/XSZ3QyU GKydUzilXBvq2AG3E+PVvCwXT7Nefd1tVNOWrvz1dFmOZ8lveJx2EQes8EvE2VzN NEMKSuTl8Ey734VynwDkCUojHLjS40c0ny0ZhXtH1UURk3xb+WM9jLtTbmBLzmJC sVH/rBORjvoptyR397KxuPYlXVXIjf8qRnVeZyV/y/gZhI6e8Hvxq1Df0wuZ9lzq k41ldbLCEYnPKBVZbT+y+LobbF6Xp57/uCmBDSm11HDTle5EvSOWXVHd/4cw5t/c b2IiNHTMkN9aeZVVT2yG8F9bEKBTzyIv5LbEaHhwNXgNuCfX2Ey5iZo2PBxVMBRJ TeMlQK7AoBVidiWVMsB4jvZMJMCMWXFXROG2istI87WbLEzRzmKhqWjAEEbXVSzh 3lZHb0+06iH7e44mzsErURLkJlbOWSzNRo+Xl7nLCig+0wAqDYphC14bkZtNY1+z rb+cune9A/mQe5qSLBckzB+W83dc7JQu/sHjFZhn1AgT5MI1nq6s36Ud+xdfQgvf 5ytAy5KDBdLxn2HCukEh =c6Oy -----END PGP SIGNATURE-----
Current thread:
- BUG_ON crash in linux 4.7-rc6/master skbuff.c Marco Grassi (Jul 05)
- Re: BUG_ON crash in linux 4.7-rc6/master skbuff.c cve-assign (Jul 05)