[v5.15] BUG: unable to handle kernel paging request in bpf_probe_read_kernel_str
6 views
Skip to first unread message
syzbot
Feb 3, 2024, 4:14:25 AMFeb 3
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6139f2a02fe0 Linux 5.15.148
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=146bd5d3e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c170eb20d8be8542
dashboard link: https://syzkaller.appspot.com/bug?extid=f8545d7b442f201cd285
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e1d4b0180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=110c8eafe80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2ac68f24aed3/disk-6139f2a0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e8982a3768c5/vmlinux-6139f2a0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/eb272dd019ce/bzImage-6139f2a0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f8545d...@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0001) - permissions violation
PGD c691067 P4D c691067 PUD c693067 PMD c6b6067 PTE 800000000c609165
Oops: 0001 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 20 Comm: ksoftirqd/1 Not tainted 5.15.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:strncpy_from_kernel_nofault+0x89/0x1c0 mm/maccess.c:92
Code: 00 48 89 d0 48 c1 e8 03 48 89 44 24 10 0f b6 04 28 84 c0 48 89 14 24 0f 85 d5 00 00 00 ff 02 45 31 f6 49 89 df 48 8b 54 24 08 <42> 8a 1c 33 4a 8d 3c 32 48 89 f8 48 c1 e8 03 49 89 ec 0f b6 04 28
RSP: 0018:ffffc90000da7868 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffff600000 RCX: ffff8880129f8000
RDX: ffffc90000da78e0 RSI: ffffffffff600000 RDI: ffffffffff600000
RBP: dffffc0000000000 R08: ffffffff8139a089 R09: fffffbfff1f7a019
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000001c6b8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bpf_probe_read_kernel_str_common kernel/trace/bpf_trace.c:255 [inline]
____bpf_probe_read_kernel_str kernel/trace/bpf_trace.c:264 [inline]
bpf_probe_read_kernel_str+0x26/0x70 kernel/trace/bpf_trace.c:261
bpf_prog_ef3a4661c9d1378e+0x42/0x574
bpf_dispatcher_nop_func include/linux/bpf.h:776 [inline]
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run include/linux/filter.h:632 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1883 [inline]
bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1920
__bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:118
trace_kfree include/trace/events/kmem.h:118 [inline]
kfree+0x22f/0x270 mm/slub.c:4549
security_task_free+0x96/0xc0 security/security.c:1673
__put_task_struct+0xf4/0x2b0 kernel/fork.c:756
rcu_do_batch kernel/rcu/tree.c:2523 [inline]
rcu_core+0xa15/0x1650 kernel/rcu/tree.c:2763
__do_softirq+0x3b3/0x93a kernel/softirq.c:558
run_ksoftirqd+0xc1/0x120 kernel/softirq.c:921
smpboot_thread_fn+0x51b/0x9d0 kernel/smpboot.c:164
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
Modules linked in:
CR2: ffffffffff600000
---[ end trace de1f92c8db5ef23f ]---
RIP: 0010:strncpy_from_kernel_nofault+0x89/0x1c0 mm/maccess.c:92
Code: 00 48 89 d0 48 c1 e8 03 48 89 44 24 10 0f b6 04 28 84 c0 48 89 14 24 0f 85 d5 00 00 00 ff 02 45 31 f6 49 89 df 48 8b 54 24 08 <42> 8a 1c 33 4a 8d 3c 32 48 89 f8 48 c1 e8 03 49 89 ec 0f b6 04 28
RSP: 0018:ffffc90000da7868 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffff600000 RCX: ffff8880129f8000
RDX: ffffc90000da78e0 RSI: ffffffffff600000 RDI: ffffffffff600000
RBP: dffffc0000000000 R08: ffffffff8139a089 R09: fffffbfff1f7a019
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000001c6b8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 48 89 add %cl,-0x77(%rax)
3: d0 48 c1 rorb -0x3f(%rax)
6: e8 03 48 89 44 call 0x4489480e
b: 24 10 and $0x10,%al
d: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax
11: 84 c0 test %al,%al
13: 48 89 14 24 mov %rdx,(%rsp)
17: 0f 85 d5 00 00 00 jne 0xf2
1d: ff 02 incl (%rdx)
1f: 45 31 f6 xor %r14d,%r14d
22: 49 89 df mov %rbx,%r15
25: 48 8b 54 24 08 mov 0x8(%rsp),%rdx
* 2a: 42 8a 1c 33 mov (%rbx,%r14,1),%bl <-- trapping instruction
2e: 4a 8d 3c 32 lea (%rdx,%r14,1),%rdi
32: 48 89 f8 mov %rdi,%rax
35: 48 c1 e8 03 shr $0x3,%rax
39: 49 89 ec mov %rbp,%r12
3c: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 6139f2a02fe0 Linux 5.15.148
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=146bd5d3e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=c170eb20d8be8542
dashboard link: https://syzkaller.appspot.com/bug?extid=f8545d7b442f201cd285
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e1d4b0180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=110c8eafe80000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/2ac68f24aed3/disk-6139f2a0.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/e8982a3768c5/vmlinux-6139f2a0.xz
kernel image: https://storage.googleapis.com/syzbot-assets/eb272dd019ce/bzImage-6139f2a0.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f8545d...@syzkaller.appspotmail.com
BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0001) - permissions violation
PGD c691067 P4D c691067 PUD c693067 PMD c6b6067 PTE 800000000c609165
Oops: 0001 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 20 Comm: ksoftirqd/1 Not tainted 5.15.148-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:strncpy_from_kernel_nofault+0x89/0x1c0 mm/maccess.c:92
Code: 00 48 89 d0 48 c1 e8 03 48 89 44 24 10 0f b6 04 28 84 c0 48 89 14 24 0f 85 d5 00 00 00 ff 02 45 31 f6 49 89 df 48 8b 54 24 08 <42> 8a 1c 33 4a 8d 3c 32 48 89 f8 48 c1 e8 03 49 89 ec 0f b6 04 28
RSP: 0018:ffffc90000da7868 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffff600000 RCX: ffff8880129f8000
RDX: ffffc90000da78e0 RSI: ffffffffff600000 RDI: ffffffffff600000
RBP: dffffc0000000000 R08: ffffffff8139a089 R09: fffffbfff1f7a019
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000001c6b8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bpf_probe_read_kernel_str_common kernel/trace/bpf_trace.c:255 [inline]
____bpf_probe_read_kernel_str kernel/trace/bpf_trace.c:264 [inline]
bpf_probe_read_kernel_str+0x26/0x70 kernel/trace/bpf_trace.c:261
bpf_prog_ef3a4661c9d1378e+0x42/0x574
bpf_dispatcher_nop_func include/linux/bpf.h:776 [inline]
__bpf_prog_run include/linux/filter.h:625 [inline]
bpf_prog_run include/linux/filter.h:632 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:1883 [inline]
bpf_trace_run2+0x19e/0x340 kernel/trace/bpf_trace.c:1920
__bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:118
trace_kfree include/trace/events/kmem.h:118 [inline]
kfree+0x22f/0x270 mm/slub.c:4549
security_task_free+0x96/0xc0 security/security.c:1673
__put_task_struct+0xf4/0x2b0 kernel/fork.c:756
rcu_do_batch kernel/rcu/tree.c:2523 [inline]
rcu_core+0xa15/0x1650 kernel/rcu/tree.c:2763
__do_softirq+0x3b3/0x93a kernel/softirq.c:558
run_ksoftirqd+0xc1/0x120 kernel/softirq.c:921
smpboot_thread_fn+0x51b/0x9d0 kernel/smpboot.c:164
kthread+0x3f6/0x4f0 kernel/kthread.c:319
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
</TASK>
Modules linked in:
CR2: ffffffffff600000
---[ end trace de1f92c8db5ef23f ]---
RIP: 0010:strncpy_from_kernel_nofault+0x89/0x1c0 mm/maccess.c:92
Code: 00 48 89 d0 48 c1 e8 03 48 89 44 24 10 0f b6 04 28 84 c0 48 89 14 24 0f 85 d5 00 00 00 ff 02 45 31 f6 49 89 df 48 8b 54 24 08 <42> 8a 1c 33 4a 8d 3c 32 48 89 f8 48 c1 e8 03 49 89 ec 0f b6 04 28
RSP: 0018:ffffc90000da7868 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffff600000 RCX: ffff8880129f8000
RDX: ffffc90000da78e0 RSI: ffffffffff600000 RDI: ffffffffff600000
RBP: dffffc0000000000 R08: ffffffff8139a089 R09: fffffbfff1f7a019
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000001c6b8000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 00 48 89 add %cl,-0x77(%rax)
3: d0 48 c1 rorb -0x3f(%rax)
6: e8 03 48 89 44 call 0x4489480e
b: 24 10 and $0x10,%al
d: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax
11: 84 c0 test %al,%al
13: 48 89 14 24 mov %rdx,(%rsp)
17: 0f 85 d5 00 00 00 jne 0xf2
1d: ff 02 incl (%rdx)
1f: 45 31 f6 xor %r14d,%r14d
22: 49 89 df mov %rbx,%r15
25: 48 8b 54 24 08 mov 0x8(%rsp),%rdx
* 2a: 42 8a 1c 33 mov (%rbx,%r14,1),%bl <-- trapping instruction
2e: 4a 8d 3c 32 lea (%rdx,%r14,1),%rdi
32: 48 89 f8 mov %rdi,%rax
35: 48 c1 e8 03 shr $0x3,%rax
39: 49 89 ec mov %rbp,%r12
3c: 0f b6 04 28 movzbl (%rax,%rbp,1),%eax
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Feb 6, 2024, 8:00:40 PMFeb 6
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: f1bb70486c9c Linux 6.1.77
syzbot found the following issue on:
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=10f537c4180000
kernel config: https://syzkaller.appspot.com/x/.config?x=39447811cb133e7e
dashboard link: https://syzkaller.appspot.com/bug?extid=a6a617741b9816d3f7c2
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=141f2760180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c8476c180000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/b4e70e158586/disk-f1bb7048.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/6fd889f445ac/vmlinux-f1bb7048.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3c8bf6d15492/bzImage-f1bb7048.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
BUG: unable to handle page fault for address: ffffffffff600000
#PF: supervisor read access in kernel mode
PGD ce91067 P4D ce91067 PUD ce93067 PMD ceb6067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.1.77-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:strncpy_from_kernel_nofault+0x89/0x1c0 mm/maccess.c:91
Code: 00 48 89 d0 48 c1 e8 03 48 89 44 24 10 0f b6 04 28 84 c0 48 89 14 24 0f 85 d5 00 00 00 ff 02 45 31 f6 49 89 df 48 8b 54 24 08 <42> 8a 1c 33 4a 8d 3c 32 48 89 f8 48 c1 e8 03 49 89 ec 0f b6 04 28
RSP: 0018:ffffc90000147868 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffff600000 RCX: ffff88813fef3b80
RDX: ffffc900001478e0 RSI: ffffffffff600000 RDI: ffffffffff600000
RBP: dffffc0000000000 R08: ffffffff813ddda9 R09: fffffbfff2092245
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000000ce8e000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
bpf_probe_read_kernel_str_common kernel/trace/bpf_trace.c:265 [inline]
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
____bpf_probe_read_kernel_str kernel/trace/bpf_trace.c:274 [inline]
bpf_probe_read_kernel_str+0x26/0x70 kernel/trace/bpf_trace.c:271
bpf_prog_ef3a4661c9d1378e+0x42/0x44
bpf_dispatcher_nop_func include/linux/bpf.h:989 [inline]
__bpf_prog_run include/linux/filter.h:600 [inline]
bpf_prog_run include/linux/filter.h:607 [inline]
__bpf_trace_run kernel/trace/bpf_trace.c:2275 [inline]
bpf_trace_run2+0x1fd/0x410 kernel/trace/bpf_trace.c:2314
__bpf_trace_kfree+0x6e/0x90 include/trace/events/kmem.h:94
trace_kfree include/trace/events/kmem.h:94 [inline]
kfree+0xf6/0x190 mm/slab_common.c:994
security_task_free+0x96/0xc0 security/security.c:1704
__put_task_struct+0xf4/0x280 kernel/fork.c:846
rcu_do_batch kernel/rcu/tree.c:2296 [inline]
rcu_core+0xad4/0x17e0 kernel/rcu/tree.c:2556
__do_softirq+0x2e9/0xa4c kernel/softirq.c:571
run_ksoftirqd+0xc1/0x120 kernel/softirq.c:934
smpboot_thread_fn+0x52c/0xa30 kernel/smpboot.c:164
kthread+0x28d/0x320 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
</TASK>
Modules linked in:
CR2: ffffffffff600000
---[ end trace 0000000000000000 ]---
Modules linked in:
CR2: ffffffffff600000
RIP: 0010:strncpy_from_kernel_nofault+0x89/0x1c0 mm/maccess.c:91
Code: 00 48 89 d0 48 c1 e8 03 48 89 44 24 10 0f b6 04 28 84 c0 48 89 14 24 0f 85 d5 00 00 00 ff 02 45 31 f6 49 89 df 48 8b 54 24 08 <42> 8a 1c 33 4a 8d 3c 32 48 89 f8 48 c1 e8 03 49 89 ec 0f b6 04 28
RSP: 0018:ffffc90000147868 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffffffff600000 RCX: ffff88813fef3b80
RDX: ffffc900001478e0 RSI: ffffffffff600000 RDI: ffffffffff600000
RBP: dffffc0000000000 R08: ffffffff813ddda9 R09: fffffbfff2092245
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffffffff600000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
R13: 0000000000000005 R14: 0000000000000000 R15: ffffffffff600000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffff600000 CR3: 000000000ce8e000 CR4: 00000000003506f0
syzbot
Apr 8, 2024, 3:55:05 AMApr 8
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit e8a67fe34b76a49320b33032228a794f40b0316b
Author: Hou Tao <hou...@huawei.com>
Date: Fri Feb 2 10:39:34 2024 +0000
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=179c83a9180000
start commit: 6139f2a02fe0 Linux 5.15.148
git tree: linux-5.15.y
#syz fix: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit e8a67fe34b76a49320b33032228a794f40b0316b
Author: Hou Tao <hou...@huawei.com>
Date: Fri Feb 2 10:39:34 2024 +0000
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=179c83a9180000
start commit: 6139f2a02fe0 Linux 5.15.148
git tree: linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=c170eb20d8be8542
dashboard link: https://syzkaller.appspot.com/bug?extid=f8545d7b442f201cd285
dashboard link: https://syzkaller.appspot.com/bug?extid=f8545d7b442f201cd285
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13e1d4b0180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=110c8eafe80000
If the result looks correct, please mark the issue as fixed by replying with:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=110c8eafe80000
#syz fix: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
Apr 8, 2024, 8:28:05 AMApr 8
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit f175de546a3eb77614d94d4c02550181c0a8493e
Author: Hou Tao <hou...@huawei.com>
Date: Fri Feb 2 10:39:34 2024 +0000
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=170bd5e3180000
Date: Fri Feb 2 10:39:34 2024 +0000
x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
start commit: f1bb70486c9c Linux 6.1.77
git tree: linux-6.1.y
kernel config: https://syzkaller.appspot.com/x/.config?x=39447811cb133e7e
dashboard link: https://syzkaller.appspot.com/bug?extid=a6a617741b9816d3f7c2
dashboard link: https://syzkaller.appspot.com/bug?extid=a6a617741b9816d3f7c2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=141f2760180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c8476c180000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13c8476c180000
Reply all
Reply to author
Forward
0 new messages