BUG: unable to handle kernel paging request in dummy_set_vf_mac
9 views
Skip to first unread message
syzbot
Jul 30, 2019, 3:33:06 PM7/30/19
to syzkaller...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: ff33472c Linux 4.14.134
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15eae008600000
kernel config: https://syzkaller.appspot.com/x/.config?x=7918dc8aa910a9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=2e39499100150402de63
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172010e4600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16a3f40c600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2e3949...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1564512735.703:36): avc: denied { map } for
pid=6914 comm="syz-executor489" path="/root/syz-executor489930808"
dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
BUG: unable to handle kernel paging request at fffffffca6900000
IP: memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54
PGD 766d067 P4D 766d067 PUD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 6914 Comm: syz-executor489 Not tainted 4.14.134 #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88807ced4080 task.stack: ffff8880a96a0000
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54
RSP: 0018:ffff8880a96a7278 EFLAGS: 00010246
RAX: fffffffca6900000 RBX: ffffffffdc460000 RCX: 0000000000000006
RDX: 0000000000000006 RSI: ffff8880909c9a70 RDI: fffffffca6900000
RBP: ffff8880a96a7298 R08: 1fffffff94d20000 R09: fffffbff94d20001
R10: fffffbff94d20000 R11: fffffffca6900005 R12: 0000000000000006
R13: fffffffca6900000 R14: ffff8880909c9a70 R15: ffff8880909c9a68
FS: 000000000171d880(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffca6900000 CR3: 000000007d011000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
memcpy include/linux/string.h:347 [inline]
dummy_set_vf_mac+0xdf/0x120 drivers/net/dummy.c:179
do_setvfinfo net/core/rtnetlink.c:1772 [inline]
do_setlink+0x1098/0x2d50 net/core/rtnetlink.c:2135
rtnl_setlink+0x225/0x320 net/core/rtnetlink.c:2303
rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x45d/0x780 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440239
RSP: 002b:00007ffce5a7d748 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239
RDX: 0000000000000000 RSI: 000000002000a000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0
R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000
Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07
f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f
1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38
RIP: memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54 RSP: ffff8880a96a7278
CR2: fffffffca6900000
---[ end trace 034e1b80a99f64ad ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following crash on:
HEAD commit: ff33472c Linux 4.14.134
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15eae008600000
kernel config: https://syzkaller.appspot.com/x/.config?x=7918dc8aa910a9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=2e39499100150402de63
compiler: gcc (GCC) 9.0.0 20181231 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172010e4600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16a3f40c600000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+2e3949...@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
audit: type=1400 audit(1564512735.703:36): avc: denied { map } for
pid=6914 comm="syz-executor489" path="/root/syz-executor489930808"
dev="sda1" ino=16483 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
BUG: unable to handle kernel paging request at fffffffca6900000
IP: memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54
PGD 766d067 P4D 766d067 PUD 0
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 6914 Comm: syz-executor489 Not tainted 4.14.134 #30
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
task: ffff88807ced4080 task.stack: ffff8880a96a0000
RIP: 0010:memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54
RSP: 0018:ffff8880a96a7278 EFLAGS: 00010246
RAX: fffffffca6900000 RBX: ffffffffdc460000 RCX: 0000000000000006
RDX: 0000000000000006 RSI: ffff8880909c9a70 RDI: fffffffca6900000
RBP: ffff8880a96a7298 R08: 1fffffff94d20000 R09: fffffbff94d20001
R10: fffffbff94d20000 R11: fffffffca6900005 R12: 0000000000000006
R13: fffffffca6900000 R14: ffff8880909c9a70 R15: ffff8880909c9a68
FS: 000000000171d880(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffca6900000 CR3: 000000007d011000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
memcpy include/linux/string.h:347 [inline]
dummy_set_vf_mac+0xdf/0x120 drivers/net/dummy.c:179
do_setvfinfo net/core/rtnetlink.c:1772 [inline]
do_setlink+0x1098/0x2d50 net/core/rtnetlink.c:2135
rtnl_setlink+0x225/0x320 net/core/rtnetlink.c:2303
rtnetlink_rcv_msg+0x3eb/0xb70 net/core/rtnetlink.c:4285
netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
rtnetlink_rcv+0x1d/0x30 net/core/rtnetlink.c:4297
netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
netlink_unicast+0x45d/0x780 net/netlink/af_netlink.c:1312
netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xce/0x110 net/socket.c:656
___sys_sendmsg+0x70a/0x840 net/socket.c:2062
__sys_sendmsg+0xb9/0x140 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x2d/0x50 net/socket.c:2103
do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x440239
RSP: 002b:00007ffce5a7d748 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440239
RDX: 0000000000000000 RSI: 000000002000a000 RDI: 0000000000000003
RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401ac0
R13: 0000000000401b50 R14: 0000000000000000 R15: 0000000000000000
Code: 90 90 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07
f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f
1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38
RIP: memcpy_erms+0x6/0x10 arch/x86/lib/memcpy_64.S:54 RSP: ffff8880a96a7278
CR2: fffffffca6900000
---[ end trace 034e1b80a99f64ad ]---
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot
Dec 12, 2019, 4:13:01 AM12/12/19
to syzkaller...@googlegroups.com
syzbot suspects this bug was fixed by commit:
commit 9ed49fc95f37a457d940324c033c20d85cefb930
Author: Dan Carpenter <dan.ca...@oracle.com>
Date: Wed Nov 20 12:34:38 2019 +0000
net: rtnetlink: prevent underflows in do_setvfinfo()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1386c77ee00000
start commit: ff33472c Linux 4.14.134
git tree: linux-4.14.y
#syz fix: net: rtnetlink: prevent underflows in do_setvfinfo()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 9ed49fc95f37a457d940324c033c20d85cefb930
Author: Dan Carpenter <dan.ca...@oracle.com>
Date: Wed Nov 20 12:34:38 2019 +0000
net: rtnetlink: prevent underflows in do_setvfinfo()
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1386c77ee00000
start commit: ff33472c Linux 4.14.134
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=7918dc8aa910a9fb
dashboard link: https://syzkaller.appspot.com/bug?extid=2e39499100150402de63
dashboard link: https://syzkaller.appspot.com/bug?extid=2e39499100150402de63
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172010e4600000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16a3f40c600000
If the result looks correct, please mark the bug fixed by replying with:
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=16a3f40c600000
#syz fix: net: rtnetlink: prevent underflows in do_setvfinfo()
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages