[syzbot] WARNING: kmalloc bug in hash_netport_create
1 view
Skip to first unread message
syzbot
Sep 3, 2021, 8:01:30 PM9/3/21
to core...@netfilter.org, da...@davemloft.net, f...@strlen.de, kad...@netfilter.org, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, netfilt...@vger.kernel.org, pa...@netfilter.org, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a9c9a6f741cd Merge tag 'scsi-misc' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12a90fb1300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1ac29107aeb2a552
dashboard link: https://syzkaller.appspot.com/bug?extid=3f5904753c2388727c6c
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14581b33300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13579a69300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3f5904...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8430 at mm/util.c:597 kvmalloc_node+0x111/0x120 mm/util.c:597
Modules linked in:
CPU: 1 PID: 8430 Comm: syz-executor891 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kvmalloc_node+0x111/0x120 mm/util.c:597
Code: 01 00 00 00 4c 89 e7 e8 ed 11 0d 00 49 89 c5 e9 69 ff ff ff e8 90 55 d1 ff 41 89 ed 41 81 cd 00 20 01 00 eb 95 e8 7f 55 d1 ff <0f> 0b e9 4c ff ff ff 0f 1f 84 00 00 00 00 00 55 48 89 fd 53 e8 66
RSP: 0018:ffffc900010a7078 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffc900010a7190 RCX: 0000000000000000
RDX: ffff88801d93e300 RSI: ffffffff81a3f651 RDI: 0000000000000003
RBP: 0000000000400dc0 R08: 000000007fffffff R09: 000000000000001f
R10: ffffffff81a3f60e R11: 000000000000001f R12: 0000000400000018
R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88803040e000
FS: 0000000002161300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 000000003ea95000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
hash_netport_create+0x3dd/0x1220 net/netfilter/ipset/ip_set_hash_gen.h:1524
ip_set_create+0x782/0x15a0 net/netfilter/ipset/ip_set_core.c:1100
nfnetlink_rcv_msg+0xbc9/0x13f0 net/netfilter/nfnetlink.c:296
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
nfnetlink_rcv+0x1ac/0x420 net/netfilter/nfnetlink.c:654
netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
sock_no_sendpage+0xf3/0x130 net/core/sock.c:2980
kernel_sendpage.part.0+0x1a0/0x340 net/socket.c:3504
kernel_sendpage net/socket.c:3501 [inline]
sock_sendpage+0xe5/0x140 net/socket.c:1003
pipe_to_sendpage+0x2ad/0x380 fs/splice.c:364
splice_from_pipe_feed fs/splice.c:418 [inline]
__splice_from_pipe+0x43e/0x8a0 fs/splice.c:562
splice_from_pipe fs/splice.c:597 [inline]
generic_splice_sendpage+0xd4/0x140 fs/splice.c:746
do_splice_from fs/splice.c:767 [inline]
do_splice+0xb7e/0x1960 fs/splice.c:1079
__do_splice+0x134/0x250 fs/splice.c:1144
__do_sys_splice fs/splice.c:1350 [inline]
__se_sys_splice fs/splice.c:1332 [inline]
__x64_sys_splice+0x198/0x250 fs/splice.c:1332
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43efb9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd3f03c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043efb9
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000402fa0 R08: 0000000100000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403030
R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: a9c9a6f741cd Merge tag 'scsi-misc' of git://git.kernel.org..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12a90fb1300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1ac29107aeb2a552
dashboard link: https://syzkaller.appspot.com/bug?extid=3f5904753c2388727c6c
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14581b33300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13579a69300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+3f5904...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8430 at mm/util.c:597 kvmalloc_node+0x111/0x120 mm/util.c:597
Modules linked in:
CPU: 1 PID: 8430 Comm: syz-executor891 Not tainted 5.14.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kvmalloc_node+0x111/0x120 mm/util.c:597
Code: 01 00 00 00 4c 89 e7 e8 ed 11 0d 00 49 89 c5 e9 69 ff ff ff e8 90 55 d1 ff 41 89 ed 41 81 cd 00 20 01 00 eb 95 e8 7f 55 d1 ff <0f> 0b e9 4c ff ff ff 0f 1f 84 00 00 00 00 00 55 48 89 fd 53 e8 66
RSP: 0018:ffffc900010a7078 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffffc900010a7190 RCX: 0000000000000000
RDX: ffff88801d93e300 RSI: ffffffff81a3f651 RDI: 0000000000000003
RBP: 0000000000400dc0 R08: 000000007fffffff R09: 000000000000001f
R10: ffffffff81a3f60e R11: 000000000000001f R12: 0000000400000018
R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88803040e000
FS: 0000000002161300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 000000003ea95000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
hash_netport_create+0x3dd/0x1220 net/netfilter/ipset/ip_set_hash_gen.h:1524
ip_set_create+0x782/0x15a0 net/netfilter/ipset/ip_set_core.c:1100
nfnetlink_rcv_msg+0xbc9/0x13f0 net/netfilter/nfnetlink.c:296
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
nfnetlink_rcv+0x1ac/0x420 net/netfilter/nfnetlink.c:654
netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929
sock_sendmsg_nosec net/socket.c:704 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:724
sock_no_sendpage+0xf3/0x130 net/core/sock.c:2980
kernel_sendpage.part.0+0x1a0/0x340 net/socket.c:3504
kernel_sendpage net/socket.c:3501 [inline]
sock_sendpage+0xe5/0x140 net/socket.c:1003
pipe_to_sendpage+0x2ad/0x380 fs/splice.c:364
splice_from_pipe_feed fs/splice.c:418 [inline]
__splice_from_pipe+0x43e/0x8a0 fs/splice.c:562
splice_from_pipe fs/splice.c:597 [inline]
generic_splice_sendpage+0xd4/0x140 fs/splice.c:746
do_splice_from fs/splice.c:767 [inline]
do_splice+0xb7e/0x1960 fs/splice.c:1079
__do_splice+0x134/0x250 fs/splice.c:1144
__do_sys_splice fs/splice.c:1350 [inline]
__se_sys_splice fs/splice.c:1332 [inline]
__x64_sys_splice+0x198/0x250 fs/splice.c:1332
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43efb9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffd3f03c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043efb9
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 0000000000402fa0 R08: 0000000100000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403030
R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Eric Dumazet
Sep 3, 2021, 8:07:26 PM9/3/21
to syzbot, core...@netfilter.org, da...@davemloft.net, f...@strlen.de, kad...@netfilter.org, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, netfilt...@vger.kernel.org, pa...@netfilter.org, syzkall...@googlegroups.com
commit 7661809d493b426e979f39ab512e3adf41fbcc69
Author: Linus Torvalds <torv...@linux-foundation.org>
Date: Wed Jul 14 09:45:49 2021 -0700
mm: don't allow oversized kvmalloc() calls
'kvmalloc()' is a convenience function for people who want to do a
kmalloc() but fall back on vmalloc() if there aren't enough physically
contiguous pages, or if the allocation is larger than what kmalloc()
supports.
However, let's make sure it doesn't get _too_ easy to do crazy things
with it. In particular, don't allow big allocations that could be due
to integer overflow or underflow. So make sure the allocation size fits
in an 'int', to protect against trivial integer conversion issues.
Acked-by: Willy Tarreau <w...@1wt.eu>
Cc: Kees Cook <kees...@chromium.org>
Signed-off-by: Linus Torvalds <torv...@linux-foundation.org>
syzbot
Sep 4, 2021, 4:23:12 AM9/4/21
to ak...@linux-foundation.org, core...@netfilter.org, da...@davemloft.net, eric.d...@gmail.com, f...@strlen.de, kad...@netfilter.org, ku...@kernel.org, linux-...@vger.kernel.org, linu...@kvack.org, net...@vger.kernel.org, netfilt...@vger.kernel.org, pa...@netfilter.org, syzkall...@googlegroups.com, torv...@linux-foundation.org, w...@1wt.eu
syzbot has bisected this issue to:
commit 7661809d493b426e979f39ab512e3adf41fbcc69
Author: Linus Torvalds <torv...@linux-foundation.org>
Date: Wed Jul 14 16:45:49 2021 +0000
mm: don't allow oversized kvmalloc() calls
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=113125f5300000
start commit: a9c9a6f741cd Merge tag 'scsi-misc' of git://git.kernel.org..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=133125f5300000
console output: https://syzkaller.appspot.com/x/log.txt?x=153125f5300000
Fixes: 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 7661809d493b426e979f39ab512e3adf41fbcc69
Author: Linus Torvalds <torv...@linux-foundation.org>
mm: don't allow oversized kvmalloc() calls
start commit: a9c9a6f741cd Merge tag 'scsi-misc' of git://git.kernel.org..
git tree: upstream
final oops: https://syzkaller.appspot.com/x/report.txt?x=133125f5300000
console output: https://syzkaller.appspot.com/x/log.txt?x=153125f5300000
kernel config: https://syzkaller.appspot.com/x/.config?x=1ac29107aeb2a552
dashboard link: https://syzkaller.appspot.com/bug?extid=3f5904753c2388727c6c
dashboard link: https://syzkaller.appspot.com/bug?extid=3f5904753c2388727c6c
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14581b33300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13579a69300000
Reported-by: syzbot+3f5904...@syzkaller.appspotmail.com
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13579a69300000
Fixes: 7661809d493b ("mm: don't allow oversized kvmalloc() calls")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Dmitry Vyukov
Sep 15, 2021, 1:14:00 AM9/15/21
to syzbot, syzkall...@googlegroups.com, linux-...@vger.kernel.org
On Sat, 4 Sept 2021 at 10:23, syzbot
#syz dup: WARNING: kmalloc bug in hash_net_create
Reply all
Reply to author
Forward
0 new messages