BUG: unable to handle kernel paging request in xfrm_hash_rebuild
8 views
Skip to first unread message
syzbot
Apr 13, 2019, 8:00:40 PM4/13/19
to syzkaller-a...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 024f962d Revert "binder: add missing binder_unlock()"
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=173584e3800000
kernel config: https://syzkaller.appspot.com/x/.config?x=9abc1725c387656
dashboard link: https://syzkaller.appspot.com/bug?extid=7713b4cdb89b723d4557
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13280bc3800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1041b893800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7713b4...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read, 111 bits of
entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 117 bits of
entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 123 bits of
entropy available)
IPVS: Creating netns size=2552 id=1
BUG: unable to handle kernel paging request at ffffed00c86eb8d0
IP: [<ffffffff832a520b>] xfrm_hash_rebuild+0x47b/0xa80
net/xfrm/xfrm_policy.c:633
PGD 21ff6a067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 1771 Comm: kworker/0:2 Not tainted 4.4.119-g024f962 #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events xfrm_hash_rebuild
task: ffff8800b73fe000 task.stack: ffff8800b6800000
RIP: 0010:[<ffffffff832a520b>] [<ffffffff832a520b>]
xfrm_hash_rebuild+0x47b/0xa80 net/xfrm/xfrm_policy.c:633
RSP: 0018:ffff8800b6807bb8 EFLAGS: 00010a02
RAX: 1ffff100c86eb8d0 RBX: dffffc0000000000 RCX: ffffffff832a31e2
RDX: 0000000000000000 RSI: ffff8800bb2d8000 RDI: ffff8800bb2d9680
RBP: ffff8800b6807c40 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 1ffff10016d00f3e R12: ffff8800bba44c80
R13: ffff88064375c680 R14: ffff8800bb2d96b8 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed00c86eb8d0 CR3: 00000000bb136000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff8117fd37 ffff8800bb2d9758 ffffed001765b2c9 ffff8800bb2d964c
ffff8800bb2d99f8 ffff8800bb2d9618 ffff8800bb2d9780 80ff8801db21eb40
ffff8800bb2d95f8 ffff8800bb2d8000 0000000000000200 ffff8800bb2d96b8
Call Trace:
[<ffffffff8117fd37>] process_one_work+0x7d7/0x16e0 kernel/workqueue.c:2064
[<ffffffff81180d19>] worker_thread+0xd9/0xfc0 kernel/workqueue.c:2196
[<ffffffff81190788>] kthread+0x268/0x300 kernel/kthread.c:211
[<ffffffff83773a45>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:506
Code: 7c 08 84 d2 0f 85 ca 05 00 00 48 8b 7d c0 49 8d b4 24 f4 00 00 00 41
0f b7 94 24 74 02 00 00 e8 ec de ff ff 49 89 c5 48 c1 e8 03 <80> 3c 18 00
0f 85 e2 05 00 00 49 8b 55 00 49 8d 44 24 08 48 89
RIP [<ffffffff832a520b>] xfrm_hash_rebuild+0x47b/0xa80
net/xfrm/xfrm_policy.c:633
RSP <ffff8800b6807bb8>
CR2: ffffed00c86eb8d0
---[ end trace 53b80935cac87515 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: 024f962d Revert "binder: add missing binder_unlock()"
git tree: android-4.4
console output: https://syzkaller.appspot.com/x/log.txt?x=173584e3800000
kernel config: https://syzkaller.appspot.com/x/.config?x=9abc1725c387656
dashboard link: https://syzkaller.appspot.com/bug?extid=7713b4cdb89b723d4557
compiler: gcc (GCC) 7.1.1 20170620
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13280bc3800000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1041b893800000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+7713b4...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read, 111 bits of
entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 117 bits of
entropy available)
random: sshd: uninitialized urandom read (32 bytes read, 123 bits of
entropy available)
IPVS: Creating netns size=2552 id=1
BUG: unable to handle kernel paging request at ffffed00c86eb8d0
IP: [<ffffffff832a520b>] xfrm_hash_rebuild+0x47b/0xa80
net/xfrm/xfrm_policy.c:633
PGD 21ff6a067 PUD 0
Oops: 0000 [#1] PREEMPT SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 1771 Comm: kworker/0:2 Not tainted 4.4.119-g024f962 #26
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: events xfrm_hash_rebuild
task: ffff8800b73fe000 task.stack: ffff8800b6800000
RIP: 0010:[<ffffffff832a520b>] [<ffffffff832a520b>]
xfrm_hash_rebuild+0x47b/0xa80 net/xfrm/xfrm_policy.c:633
RSP: 0018:ffff8800b6807bb8 EFLAGS: 00010a02
RAX: 1ffff100c86eb8d0 RBX: dffffc0000000000 RCX: ffffffff832a31e2
RDX: 0000000000000000 RSI: ffff8800bb2d8000 RDI: ffff8800bb2d9680
RBP: ffff8800b6807c40 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000001 R11: 1ffff10016d00f3e R12: ffff8800bba44c80
R13: ffff88064375c680 R14: ffff8800bb2d96b8 R15: 0000000000000002
FS: 0000000000000000(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed00c86eb8d0 CR3: 00000000bb136000 CR4: 0000000000160670
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
ffffffff8117fd37 ffff8800bb2d9758 ffffed001765b2c9 ffff8800bb2d964c
ffff8800bb2d99f8 ffff8800bb2d9618 ffff8800bb2d9780 80ff8801db21eb40
ffff8800bb2d95f8 ffff8800bb2d8000 0000000000000200 ffff8800bb2d96b8
Call Trace:
[<ffffffff8117fd37>] process_one_work+0x7d7/0x16e0 kernel/workqueue.c:2064
[<ffffffff81180d19>] worker_thread+0xd9/0xfc0 kernel/workqueue.c:2196
[<ffffffff81190788>] kthread+0x268/0x300 kernel/kthread.c:211
[<ffffffff83773a45>] ret_from_fork+0x55/0x80 arch/x86/entry/entry_64.S:506
Code: 7c 08 84 d2 0f 85 ca 05 00 00 48 8b 7d c0 49 8d b4 24 f4 00 00 00 41
0f b7 94 24 74 02 00 00 e8 ec de ff ff 49 89 c5 48 c1 e8 03 <80> 3c 18 00
0f 85 e2 05 00 00 49 8b 55 00 49 8d 44 24 08 48 89
RIP [<ffffffff832a520b>] xfrm_hash_rebuild+0x47b/0xa80
net/xfrm/xfrm_policy.c:633
RSP <ffff8800b6807bb8>
CR2: ffffed00c86eb8d0
---[ end trace 53b80935cac87515 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
Reply all
Reply to author
Forward
0 new messages