general protection fault in tomoyo_check_acl

Tetsuo Handa penguin-kernel at i-love.sakura.ne.jp
Tue May 26 12:58:29 UTC 2020


On 2020/05/26 12:46, syzbot wrote:
> general protection fault, probably for non-canonical address 0xe000026660000003: 0000 [#1] PREEMPT SMP KASAN
> KASAN: probably user-memory-access in range [0x0000333300000018-0x000033330000001f]
> CPU: 0 PID: 12489 Comm: systemd-rfkill Not tainted 5.7.0-rc6-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:tomoyo_check_acl+0xa9/0x3e0 security/tomoyo/domain.c:173

struct tomoyo_acl_info *ptr == 0x0000333300000000 is strange; such pointer
can't be linked into standard doubly linked list using list_add_tail_rcu().
Thus, this report would to be an victim of memory corruption.



More information about the Linux-security-module-archive mailing list