From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=jh3O=5A=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: **
X-Spam-Status: No, score=2.2 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 09F3CC10DCE
	for <linux-mm@archiver.kernel.org>; Sun, 15 Mar 2020 19:57:32 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 9CC2F20578
	for <linux-mm@archiver.kernel.org>; Sun, 15 Mar 2020 19:57:31 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Kly3xjdt"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9CC2F20578
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 00AD86B0003; Sun, 15 Mar 2020 15:57:31 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id EFFE66B0006; Sun, 15 Mar 2020 15:57:30 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id DEBC66B0007; Sun, 15 Mar 2020 15:57:30 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0001.hostedemail.com [216.40.44.1])
	by kanga.kvack.org (Postfix) with ESMTP id C416F6B0003
	for <linux-mm@kvack.org>; Sun, 15 Mar 2020 15:57:30 -0400 (EDT)
Received: from smtpin05.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay03.hostedemail.com (Postfix) with ESMTP id 8A3DD8248047
	for <linux-mm@kvack.org>; Sun, 15 Mar 2020 19:57:30 +0000 (UTC)
X-FDA: 76598656260.05.soap44_246c09fbd1106
X-HE-Tag: soap44_246c09fbd1106
X-Filterd-Recvd-Size: 7934
Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46])
	by imf23.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Sun, 15 Mar 2020 19:57:30 +0000 (UTC)
Received: by mail-lf1-f46.google.com with SMTP id f3so1936152lfc.1
        for <linux-mm@kvack.org>; Sun, 15 Mar 2020 12:57:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=A6cY+1ROOnmq/U8+iX0K0Q9Bc9S6Yx+9H1du+/820lI=;
        b=Kly3xjdt6yyKA97A44hHxwgsaMw8L0Ek71vHbF1CWkD6tG+HoPxRxPEkN+2HEP55eV
         97CVU5j9h5c0W7JStUR7NtQJIlC16ZE8zkoxLMBG8/xZD/DRUsa8bvHGJ1bCe8G3enXE
         SST+6JCBw5EE8oRa5hnpxKfoXZpe03X6b/V9kPCSGzgjlk0d9GxTSoEW5xPwgSu0MgyR
         PS6WQDZE6Uq2p9UisgLg7/9Cx1M09p70A/uIVbDcLquZfjyx1N868zlTdd31MUDfxSLB
         vnFensoRvS7xeov49khnB4B5LVqwigqe19EyF2C5YdNfoRLTuXIFljON0nGHlJubryaj
         dzHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=A6cY+1ROOnmq/U8+iX0K0Q9Bc9S6Yx+9H1du+/820lI=;
        b=s20N/xMojrpFW3F219emcqGUk6cxHrihgX00kLC0KCoffyEFM1s9H2hYjmRRux4d8O
         Eq8LryLN5ZoHcC5yF85S4ijrF20BLwKat+pOj5FlKi2TtKny6aW6iK0r723Pyf099XRe
         UhK3crGh7aGTvvrJ51pdc6cc8w7h8tW6Xg8J5oJuFnB8VnWwBfYf5jjKmZe6BZc2HpG+
         gvONHD7r8+zqQDOyfQDnn8ItKzTcx0FhE/x4B3nddwdKLVpvYFI44WCS2Fi2Sr0AbZK1
         n/vcZVA+KbTclLsLxPzpJsG1RfFYtOyK72j8cAatmc9vl5UIRj/Ba7qj78Ik9NFU6xsO
         1Ppw==
X-Gm-Message-State: ANhLgQ2FSwLdYHuWlmeXR3viuT7QLa+F+u4kCTQUXg0vVC2sbYOuG/7I
	iYBEQC6ienlRBZjETQVOdlLKFu3Dl+MlvAyeaeY=
X-Google-Smtp-Source: ADFU+vugvEEyXsl/Hg9YXb/RAxjpJC38YmlURf3yLWz5Tv1dzZR68RJGe20jiQTLsYer9sCV0WQCldsLAaPBbQvHisQ=
X-Received: by 2002:ac2:5519:: with SMTP id j25mr15211938lfk.85.1584302248536;
 Sun, 15 Mar 2020 12:57:28 -0700 (PDT)
MIME-Version: 1.0
From: Entropy Moe <3ntr0py1337@gmail.com>
Date: Sun, 15 Mar 2020 23:57:17 +0400
Message-ID: <CALzBtjLSqFhSNAf4YusxuE1piUTzOSLFGFD4RrhPLQAmgpyL5g@mail.gmail.com>
Subject: KASAN: stack-out-of-bounds Write in mpol_to_str
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org, 
	akpm@linux-foundation.org
Content-Type: multipart/mixed; boundary="000000000000bdc9a005a0ea1cbd"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

--000000000000bdc9a005a0ea1cbd
Content-Type: multipart/alternative; boundary="000000000000bdc99d05a0ea1cbb"

--000000000000bdc99d05a0ea1cbb
Content-Type: text/plain; charset="UTF-8"

Hello team,
how are you ?
I wanted to report a bug on mempolicy.c. I found the bug on the latest
version of the kernel.

which is stack out of bound vulnerability.

I am attaching  report.

If you need the POC crash code, I can provide.

--000000000000bdc99d05a0ea1cbb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello team, <br></div><div>how are you ? <br></div><d=
iv>I wanted to report a bug on mempolicy.c. I found the bug on the latest v=
ersion of the kernel. <br></div><div><br></div><div>which is stack out of b=
ound vulnerability. <br></div><div><br></div><div>I am attaching=C2=A0 repo=
rt.=C2=A0</div><div><br></div><div>If you need the POC crash code, I can pr=
ovide. <br></div></div>

--000000000000bdc99d05a0ea1cbb--
--000000000000bdc9a005a0ea1cbd
Content-Type: text/plain; charset="US-ASCII"; name="mpol_to_str.txt"
Content-Disposition: attachment; filename="mpol_to_str.txt"
Content-Transfer-Encoding: base64
Content-ID: <f_k7tgkjgv0>
X-Attachment-Id: f_k7tgkjgv0

PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09CkJVRzogS0FTQU46IHN0YWNrLW91dC1vZi1ib3VuZHMgaW4gc2V0X2JpdCBpbmNs
dWRlL2FzbS1nZW5lcmljL2JpdG9wcy9pbnN0cnVtZW50ZWQtYXRvbWljLmg6MjggW2lubGluZV0K
QlVHOiBLQVNBTjogc3RhY2stb3V0LW9mLWJvdW5kcyBpbiBfX25vZGVfc2V0IGluY2x1ZGUvbGlu
dXgvbm9kZW1hc2suaDoxMzAgW2lubGluZV0KQlVHOiBLQVNBTjogc3RhY2stb3V0LW9mLWJvdW5k
cyBpbiBtcG9sX3RvX3N0cisweDJiOS8weDM4MCBtbS9tZW1wb2xpY3kuYzoyOTYyCldyaXRlIG9m
IHNpemUgOCBhdCBhZGRyIGZmZmY4ODgwNjcxNWZiNTggYnkgdGFzayBzeXN0ZW1kLzEKCkNQVTog
MSBQSUQ6IDEgQ29tbTogc3lzdGVtZCBOb3QgdGFpbnRlZCA1LjYuMC1yYzMgIzEKSGFyZHdhcmUg
bmFtZTogUUVNVSBTdGFuZGFyZCBQQyAoaTQ0MEZYICsgUElJWCwgMTk5NiksIEJJT1MgVWJ1bnR1
LTEuOC4yLTF1YnVudHUxIDA0LzAxLzIwMTQKQ2FsbCBUcmFjZToKIF9fZHVtcF9zdGFjayBsaWIv
ZHVtcF9zdGFjay5jOjc3IFtpbmxpbmVdCiBkdW1wX3N0YWNrKzB4YzYvMHgxMWUgbGliL2R1bXBf
c3RhY2suYzoxMTgKIHByaW50X2FkZHJlc3NfZGVzY3JpcHRpb24uY29uc3Rwcm9wLjUrMHgxNi8w
eDMxMCBtbS9rYXNhbi9yZXBvcnQuYzozNzQKIF9fa2FzYW5fcmVwb3J0KzB4MTU4LzB4MWMwIG1t
L2thc2FuL3JlcG9ydC5jOjUwNgoga2FzYW5fcmVwb3J0KzB4ZS8weDIwIG1tL2thc2FuL2NvbW1v
bi5jOjY0MQogY2hlY2tfbWVtb3J5X3JlZ2lvbl9pbmxpbmUgbW0va2FzYW4vZ2VuZXJpYy5jOjE4
NSBbaW5saW5lXQogY2hlY2tfbWVtb3J5X3JlZ2lvbisweDE1ZC8weDFiMCBtbS9rYXNhbi9nZW5l
cmljLmM6MTkyCiBzZXRfYml0IGluY2x1ZGUvYXNtLWdlbmVyaWMvYml0b3BzL2luc3RydW1lbnRl
ZC1hdG9taWMuaDoyOCBbaW5saW5lXQogX19ub2RlX3NldCBpbmNsdWRlL2xpbnV4L25vZGVtYXNr
Lmg6MTMwIFtpbmxpbmVdCiBtcG9sX3RvX3N0cisweDJiOS8weDM4MCBtbS9tZW1wb2xpY3kuYzoy
OTYyCiBzaG1lbV9zaG93X21wb2wgbW0vc2htZW0uYzoxNDA2IFtpbmxpbmVdCiBzaG1lbV9zaG93
X29wdGlvbnMrMHgzN2MvMHg1NDAgbW0vc2htZW0uYzozNjExCiBzaG93X21vdW50aW5mbysweDVi
NC8weDg3MCBmcy9wcm9jX25hbWVzcGFjZS5jOjE4Nwogc2VxX3JlYWQrMHg5ZmIvMHgxMDMwIGZz
L3NlcV9maWxlLmM6MjY4CiBfX3Zmc19yZWFkKzB4N2EvMHgxMDAgZnMvcmVhZF93cml0ZS5jOjQy
NQogdmZzX3JlYWQrMHgxNWUvMHgzNzAgZnMvcmVhZF93cml0ZS5jOjQ2MQoga3N5c19yZWFkKzB4
MTdiLzB4MjEwIGZzL3JlYWRfd3JpdGUuYzo1ODcKIGRvX3N5c2NhbGxfNjQrMHg5Yi8weDUyMCBh
cmNoL3g4Ni9lbnRyeS9jb21tb24uYzoyOTQKIGVudHJ5X1NZU0NBTExfNjRfYWZ0ZXJfaHdmcmFt
ZSsweDQ5LzB4YmUKUklQOiAwMDMzOjB4N2Y2N2E1ODlhOTEwCkNvZGU6IGI2IGZlIGZmIGZmIDQ4
IDhkIDNkIDBmIGJlIDA4IDAwIDQ4IDgzIGVjIDA4IGU4IDA2IGRiIDAxIDAwIDY2IDBmIDFmIDQ0
IDAwIDAwIDgzIDNkIGY5IDJkIDJjIDAwIDAwIDc1IDEwIGI4IDAwIDAwIDAwIDAwIDBmIDA1IDw0
OD4gM2QgMDEgZjAgZmYgZmYgNzMgMzEgYzMgNDggODMgZWMgMDggZTggZGUgOWIgMDEgMDAgNDgg
ODkgMDQgMjQKUlNQOiAwMDJiOjAwMDA3ZmZlZmJmODk4ODggRUZMQUdTOiAwMDAwMDI0NiBPUklH
X1JBWDogMDAwMDAwMDAwMDAwMDAwMApSQVg6IGZmZmZmZmZmZmZmZmZmZGEgUkJYOiAwMDAwNTVi
NGEzYmE5YzAwIFJDWDogMDAwMDdmNjdhNTg5YTkxMApSRFg6IDAwMDAwMDAwMDAwMDA0MDAgUlNJ
OiAwMDAwNTViNGEzYmJhMjAwIFJESTogMDAwMDAwMDAwMDAwMDAxMwpSQlA6IDAwMDAwMDAwMDAw
MDBkNjggUjA4OiAwMDAwN2Y2N2E3MmNmNTAwIFIwOTogMDAwMDAwMDAwMDAwMDBlMApSMTA6IDAw
MDA1NWI0YTNiYmE1ZTMgUjExOiAwMDAwMDAwMDAwMDAwMjQ2IFIxMjogMDAwMDdmNjdhNWI1NTQ0
MApSMTM6IDAwMDA3ZjY3YTViNTQ5MDAgUjE0OiAwMDAwMDAwMDAwMDAwMDFkIFIxNTogMDAwMDAw
MDAwMDAwMDAwMAoKVGhlIGJ1Z2d5IGFkZHJlc3MgYmVsb25ncyB0byB0aGUgcGFnZToKcGFnZTpm
ZmZmZWEwMDAxOWM1N2MwIHJlZmNvdW50OjAgbWFwY291bnQ6MCBtYXBwaW5nOjAwMDAwMDAwMDAw
MDAwMDAgaW5kZXg6MHgwCmZsYWdzOiAweDEwMDAwMDAwMDAwMDAwMCgpCnJhdzogMDEwMDAwMDAw
MDAwMDAwMCBmZmZmZWEwMDAxOWM1N2M4IGZmZmZlYTAwMDE5YzU3YzggMDAwMDAwMDAwMDAwMDAw
MApyYXc6IDAwMDAwMDAwMDAwMDAwMDAgMDAwMDAwMDAwMDAwMDAwMCAwMDAwMDAwMGZmZmZmZmZm
IDAwMDAwMDAwMDAwMDAwMDAKcGFnZSBkdW1wZWQgYmVjYXVzZToga2FzYW46IGJhZCBhY2Nlc3Mg
ZGV0ZWN0ZWQKCmFkZHIgZmZmZjg4ODA2NzE1ZmI1OCBpcyBsb2NhdGVkIGluIHN0YWNrIG9mIHRh
c2sgc3lzdGVtZC8xIGF0IG9mZnNldCA0MCBpbiBmcmFtZToKIG1wb2xfdG9fc3RyKzB4MC8weDM4
MCBtbS9tZW1wb2xpY3kuYzoyOTI2Cgp0aGlzIGZyYW1lIGhhcyAxIG9iamVjdDoKIFszMiwgNDAp
ICdub2RlcycKCk1lbW9yeSBzdGF0ZSBhcm91bmQgdGhlIGJ1Z2d5IGFkZHJlc3M6CiBmZmZmODg4
MDY3MTVmYTAwOiAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAwMCAw
MAogZmZmZjg4ODA2NzE1ZmE4MDogMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgMDAg
MDAgMDAgMDAgMDAKPmZmZmY4ODgwNjcxNWZiMDA6IDAwIDAwIDAwIDAwIDAwIDAwIGYxIGYxIGYx
IGYxIDAwIGYyIGYyIGYyIDAwIDAwCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICBeCiBmZmZmODg4MDY3MTVmYjgwOiAwMCAwMCAwMCAwMCAwMCAwMCAw
MCAwMCAwMCBmMSBmMSBmMSBmMSAwMCAwMCAwMAogZmZmZjg4ODA2NzE1ZmMwMDogMDAgMDAgMDAg
MDAgMDAgZjMgZjMgZjMgZjMgMDAgMDAgMDAgMDAgMDAgMDAgMDAKPT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Cg==
--000000000000bdc9a005a0ea1cbd--