linux-4.14.y test error: UBSAN: undefined-behaviour in handle_null_ptr_deref
7 views
Skip to first unread message
syzbot
Sep 16, 2020, 9:43:19 PM9/16/20
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: cbfa1702 Linux 4.14.198
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12c1f473900000
kernel config: https://syzkaller.appspot.com/x/.config?x=5796875e455c9838
dashboard link: https://syzkaller.appspot.com/bug?extid=66d122c50345437470f1
compiler: gcc (GCC) 10.1.0-syz 20200507
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+66d122...@syzkaller.appspotmail.com
audit: type=1400 audit(1600306977.230:9): avc: denied { execmem } for pid=6373 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
IPVS: ftp: loaded support on port[0] = 21
================================================================================
UBSAN: Undefined behaviour in ./include/crypto/hash.h:686:9
member access within null pointer of type 'struct crypto_shash'
CPU: 1 PID: 3034 Comm: kworker/u4:5 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x21b/0x32e lib/dump_stack.c:58
ubsan_epilogue+0xe/0x3a lib/ubsan.c:166
handle_null_ptr_deref+0x78/0x80 lib/ubsan.c:279
ubsan_type_mismatch_common lib/ubsan.c:321 [inline]
__ubsan_handle_type_mismatch_v1+0x81/0xb0 lib/ubsan.c:353
crypto_shash_tfm include/crypto/hash.h:686 [inline]
crypto_free_shash include/crypto/hash.h:695 [inline]
sctp_destruct_sock+0x70/0x80 net/sctp/socket.c:4504
__sk_destruct+0x93/0x8e0 net/core/sock.c:1557
sk_destruct net/core/sock.c:1597 [inline]
__sk_free+0xf4/0x370 net/core/sock.c:1605
sk_free+0x30/0x50 net/core/sock.c:1616
sock_put include/net/sock.h:1662 [inline]
sctp_close+0x667/0x940 net/sctp/socket.c:1604
inet_release+0xfe/0x230 net/ipv4/af_inet.c:425
inet6_release+0x51/0x80 net/ipv6/af_inet6.c:450
__sock_release+0x236/0x330 net/socket.c:602
inet_ctl_sock_destroy include/net/inet_common.h:52 [inline]
sctp_ctrlsock_exit+0x67/0x90 net/sctp/protocol.c:1366
ops_exit_list+0x9a/0x190 net/core/net_namespace.c:142
cleanup_net+0x4a3/0xd30 net/core/net_namespace.c:484
process_one_work+0x7ac/0x1890 kernel/workqueue.c:2116
worker_thread+0x6c1/0x1330 kernel/workqueue.c:2250
kthread+0x35e/0x530 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
================================================================================
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
audit: type=1400 audit(1600306978.522:10): avc: denied { create } for pid=6357 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: cbfa1702 Linux 4.14.198
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12c1f473900000
kernel config: https://syzkaller.appspot.com/x/.config?x=5796875e455c9838
dashboard link: https://syzkaller.appspot.com/bug?extid=66d122c50345437470f1
compiler: gcc (GCC) 10.1.0-syz 20200507
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+66d122...@syzkaller.appspotmail.com
audit: type=1400 audit(1600306977.230:9): avc: denied { execmem } for pid=6373 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
IPVS: ftp: loaded support on port[0] = 21
================================================================================
UBSAN: Undefined behaviour in ./include/crypto/hash.h:686:9
member access within null pointer of type 'struct crypto_shash'
CPU: 1 PID: 3034 Comm: kworker/u4:5 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: netns cleanup_net
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0x21b/0x32e lib/dump_stack.c:58
ubsan_epilogue+0xe/0x3a lib/ubsan.c:166
handle_null_ptr_deref+0x78/0x80 lib/ubsan.c:279
ubsan_type_mismatch_common lib/ubsan.c:321 [inline]
__ubsan_handle_type_mismatch_v1+0x81/0xb0 lib/ubsan.c:353
crypto_shash_tfm include/crypto/hash.h:686 [inline]
crypto_free_shash include/crypto/hash.h:695 [inline]
sctp_destruct_sock+0x70/0x80 net/sctp/socket.c:4504
__sk_destruct+0x93/0x8e0 net/core/sock.c:1557
sk_destruct net/core/sock.c:1597 [inline]
__sk_free+0xf4/0x370 net/core/sock.c:1605
sk_free+0x30/0x50 net/core/sock.c:1616
sock_put include/net/sock.h:1662 [inline]
sctp_close+0x667/0x940 net/sctp/socket.c:1604
inet_release+0xfe/0x230 net/ipv4/af_inet.c:425
inet6_release+0x51/0x80 net/ipv6/af_inet6.c:450
__sock_release+0x236/0x330 net/socket.c:602
inet_ctl_sock_destroy include/net/inet_common.h:52 [inline]
sctp_ctrlsock_exit+0x67/0x90 net/sctp/protocol.c:1366
ops_exit_list+0x9a/0x190 net/core/net_namespace.c:142
cleanup_net+0x4a3/0xd30 net/core/net_namespace.c:484
process_one_work+0x7ac/0x1890 kernel/workqueue.c:2116
worker_thread+0x6c1/0x1330 kernel/workqueue.c:2250
kthread+0x35e/0x530 kernel/kthread.c:232
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
================================================================================
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
can: request_module (can-proto-0) failed.
audit: type=1400 audit(1600306978.522:10): avc: denied { create } for pid=6357 comm="syz-fuzzer" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dccp_socket permissive=1
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Dec 30, 2020, 3:32:15 AM12/30/20
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages