KASAN: wild-memory-access Read in do_ebt_set_ctl
28 views
Skip to first unread message
syzbot
Aug 11, 2020, 1:30:25 PM8/11/20
to bri...@lists.linux-foundation.org, core...@netfilter.org, da...@davemloft.net, f...@strlen.de, kad...@netfilter.org, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, netfilt...@vger.kernel.org, nik...@cumulusnetworks.com, pa...@netfilter.org, ro...@cumulusnetworks.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 86cfccb6 Merge tag 'dlm-5.9' of git://git.kernel.org/pub/s..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1419de8a900000
kernel config: https://syzkaller.appspot.com/x/.config?x=bcf489e08c9b8c5e
dashboard link: https://syzkaller.appspot.com/bug?extid=64d60892aaa4d4c34812
compiler: gcc (GCC) 10.1.0-syz 20200507
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+64d608...@syzkaller.appspotmail.com
BUG: KASAN: wild-memory-access in memcpy include/linux/string.h:406 [inline]
BUG: KASAN: wild-memory-access in copy_from_sockptr_offset include/linux/sockptr.h:71 [inline]
BUG: KASAN: wild-memory-access in copy_from_sockptr include/linux/sockptr.h:77 [inline]
BUG: KASAN: wild-memory-access in compat_update_counters net/bridge/netfilter/ebtables.c:2222 [inline]
BUG: KASAN: wild-memory-access in do_ebt_set_ctl+0x2c0/0x53b net/bridge/netfilter/ebtables.c:2389
Read of size 80 at addr 00000000ffffffff by task syz-executor.3/9621
CPU: 1 PID: 9621 Comm: syz-executor.3 Not tainted 5.8.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
__kasan_report mm/kasan/report.c:517 [inline]
kasan_report.cold+0x5/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
memcpy+0x20/0x60 mm/kasan/common.c:105
memcpy include/linux/string.h:406 [inline]
copy_from_sockptr_offset include/linux/sockptr.h:71 [inline]
copy_from_sockptr include/linux/sockptr.h:77 [inline]
compat_update_counters net/bridge/netfilter/ebtables.c:2222 [inline]
do_ebt_set_ctl+0x2c0/0x53b net/bridge/netfilter/ebtables.c:2389
nf_setsockopt+0x6f/0xc0 net/netfilter/nf_sockopt.c:101
ip_setsockopt+0x54d/0x3c10 net/ipv4/ip_sockglue.c:1436
raw_setsockopt+0x205/0x250 net/ipv4/raw.c:856
__sys_setsockopt+0x2ad/0x6d0 net/socket.c:2138
__do_sys_setsockopt net/socket.c:2149 [inline]
__se_sys_setsockopt net/socket.c:2146 [inline]
__ia32_sys_setsockopt+0xb9/0x150 net/socket.c:2146
do_syscall_32_irqs_on arch/x86/entry/common.c:84 [inline]
__do_fast_syscall_32+0x57/0x80 arch/x86/entry/common.c:126
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:149
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf7f19569
Code: c4 01 10 03 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f55130bc EFLAGS: 00000296 ORIG_RAX: 000000000000016e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000081 RSI: 00000000ffffffff RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 86cfccb6 Merge tag 'dlm-5.9' of git://git.kernel.org/pub/s..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1419de8a900000
kernel config: https://syzkaller.appspot.com/x/.config?x=bcf489e08c9b8c5e
dashboard link: https://syzkaller.appspot.com/bug?extid=64d60892aaa4d4c34812
compiler: gcc (GCC) 10.1.0-syz 20200507
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+64d608...@syzkaller.appspotmail.com
BUG: KASAN: wild-memory-access in memcpy include/linux/string.h:406 [inline]
BUG: KASAN: wild-memory-access in copy_from_sockptr_offset include/linux/sockptr.h:71 [inline]
BUG: KASAN: wild-memory-access in copy_from_sockptr include/linux/sockptr.h:77 [inline]
BUG: KASAN: wild-memory-access in compat_update_counters net/bridge/netfilter/ebtables.c:2222 [inline]
BUG: KASAN: wild-memory-access in do_ebt_set_ctl+0x2c0/0x53b net/bridge/netfilter/ebtables.c:2389
Read of size 80 at addr 00000000ffffffff by task syz-executor.3/9621
CPU: 1 PID: 9621 Comm: syz-executor.3 Not tainted 5.8.0-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x18f/0x20d lib/dump_stack.c:118
__kasan_report mm/kasan/report.c:517 [inline]
kasan_report.cold+0x5/0x37 mm/kasan/report.c:530
check_memory_region_inline mm/kasan/generic.c:186 [inline]
check_memory_region+0x13d/0x180 mm/kasan/generic.c:192
memcpy+0x20/0x60 mm/kasan/common.c:105
memcpy include/linux/string.h:406 [inline]
copy_from_sockptr_offset include/linux/sockptr.h:71 [inline]
copy_from_sockptr include/linux/sockptr.h:77 [inline]
compat_update_counters net/bridge/netfilter/ebtables.c:2222 [inline]
do_ebt_set_ctl+0x2c0/0x53b net/bridge/netfilter/ebtables.c:2389
nf_setsockopt+0x6f/0xc0 net/netfilter/nf_sockopt.c:101
ip_setsockopt+0x54d/0x3c10 net/ipv4/ip_sockglue.c:1436
raw_setsockopt+0x205/0x250 net/ipv4/raw.c:856
__sys_setsockopt+0x2ad/0x6d0 net/socket.c:2138
__do_sys_setsockopt net/socket.c:2149 [inline]
__se_sys_setsockopt net/socket.c:2146 [inline]
__ia32_sys_setsockopt+0xb9/0x150 net/socket.c:2146
do_syscall_32_irqs_on arch/x86/entry/common.c:84 [inline]
__do_fast_syscall_32+0x57/0x80 arch/x86/entry/common.c:126
do_fast_syscall_32+0x2f/0x70 arch/x86/entry/common.c:149
entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
RIP: 0023:0xf7f19569
Code: c4 01 10 03 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f55130bc EFLAGS: 00000296 ORIG_RAX: 000000000000016e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000081 RSI: 00000000ffffffff RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
Big Budsupply
Aug 12, 2020, 7:40:49 AM8/12/20
to syzbot, bri...@lists.linux-foundation.org, core...@netfilter.org, da...@davemloft.net, f...@strlen.de, kad...@netfilter.org, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, netfilt...@vger.kernel.org, nik...@cumulusnetworks.com, pa...@netfilter.org, ro...@cumulusnetworks.com, syzkall...@googlegroups.com
Hello guys hope you are doing good! we are Bigbudsupply we grow and sell the best medical marijuana product, we are looking for long time customers, you can Email us /Bigbud...@gmail.com
Text/+14432672189
Looking forward to working with you guys
--
You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bug...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/00000000000023195505ac9d6d26%40google.com.
syzbot
Dec 5, 2020, 12:26:07 PM12/5/20
to syzkall...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages