getsockopt(IPT_SO_GET_INFO) error when run syzkaller with setuid mode
147 views
Skip to first unread message
Hangbin Liu
Aug 7, 2018, 3:07:40 AM8/7/18
to Dmitry Vyukov, syzkaller
Hi Dmitry,
Recently when I run syzkaller test with sandbox mode "setuid". I got error
machine check: program execution failed: executor 0: failed: iptable filter/2:
getsockopt(IPT_SO_GET_INFO) (errno 1)
every time(both on RHEL7 and upstream kernel). But namespace mode works well.
Would you like to help check this issue?
Here is an example:
# cat syzkaller-test.cfg
{
"http": "0.0.0.0:56741",
"rpc": "127.0.0.1:0",
"sshkey" : "/root/.ssh/id_rsa",
"procs" : 8,
"workdir": "/syzkaller/virtual/syz-manager-logs",
"enable_syscalls" : [
"ioctl$sock_SIOCGIFINDEX", "socket$inet", "socketpair$inet", "accept$inet", "accept4$inet", "bind$inet", "connect$inet", "sendto$inet", "recvfrom$inet", "getsockname$inet", "getpeername$inet", "getsockopt$inet_int", "setsockopt$inet_int", "getsockopt$inet_buf", "setsockopt$inet_buf", "getsockopt$inet_opts", "setsockopt$inet_opts", "getsockopt$inet_IP_IPSEC_POLICY", "setsockopt$inet_IP_IPSEC_POLICY", "getsockopt$inet_IP_XFRM_POLICY", "setsockopt$inet_IP_XFRM_POLICY", "getsockopt$inet_mreq", "setsockopt$inet_mreq", "getsockopt$inet_mreqn", "setsockopt$inet_mreqn", "getsockopt$inet_mreqsrc", "setsockopt$inet_mreqsrc", "setsockopt$inet_msfilter", "setsockopt$inet_MCAST_JOIN_GROUP", "setsockopt$inet_MCAST_LEAVE_GROUP", "setsockopt$inet_group_source_req", "setsockopt$inet_MCAST_MSFILTER", "getsockopt$inet_pktinfo", "setsockopt$inet_pktinfo", "getsockopt$inet_mtu", "setsockopt$inet_mtu", "ioctl$sock_inet_SIOCADDRT", "ioctl$sock_inet_SIOCDELRT", "ioctl$sock_inet_SIOCRTMSG", "ioctl$sock_inet_SIOCDARP", "ioctl$sock_inet_SIOCGARP", "ioctl$sock_inet_SIOCSARP", "ioctl$sock_inet_SIOCGIFADDR", "ioctl$sock_inet_SIOCSIFADDR", "ioctl$sock_inet_SIOCGIFBRDADDR", "ioctl$sock_inet_SIOCSIFBRDADDR", "ioctl$sock_inet_SIOCGIFNETMASK", "ioctl$sock_inet_SIOCSIFNETMASK", "ioctl$sock_inet_SIOCGIFDSTADDR", "ioctl$sock_inet_SIOCSIFDSTADDR", "ioctl$sock_inet_SIOCGIFPFLAGS", "ioctl$sock_inet_SIOCSIFPFLAGS", "ioctl$sock_inet_SIOCSIFFLAGS"
],
"target": "linux/amd64",
"kernel_obj": "/syzkaller/virtual/vmlinuz-3.10.0-xxx.el7.test.x86_64",
"syzkaller": "/syzkaller/virtual/gopath/src/github.com/google/syzkaller/",
"sandbox": "setuid",
"cover": false,
"reproduce": false,
"image": "/home/stand_el7.x86_64.qcow2",
"type": "qemu",
"vm": {
"count": 8, "cpu": 2, "mem": 2048
}
}
# syz-manager -config syzkaller-test.cfg
2018/08/07 00:13:37 loading corpus...
2018/08/07 00:13:38 serving http on http://0.0.0.0:56741
2018/08/07 00:13:38 serving rpc on tcp://127.0.0.1:33292
2018/08/07 00:13:38 booting test machines...
2018/08/07 00:13:38 wait for the connection from test machine...
2018/08/07 00:14:10 machine check: program execution failed: executor 0: failed: iptable filter/2: getsockopt(IPT_SO_GET_INFO) (errno 1)
loop failed (errno 0)
Thanks
Hangbin
Recently when I run syzkaller test with sandbox mode "setuid". I got error
machine check: program execution failed: executor 0: failed: iptable filter/2:
getsockopt(IPT_SO_GET_INFO) (errno 1)
every time(both on RHEL7 and upstream kernel). But namespace mode works well.
Would you like to help check this issue?
Here is an example:
# cat syzkaller-test.cfg
{
"http": "0.0.0.0:56741",
"rpc": "127.0.0.1:0",
"sshkey" : "/root/.ssh/id_rsa",
"procs" : 8,
"workdir": "/syzkaller/virtual/syz-manager-logs",
"enable_syscalls" : [
"ioctl$sock_SIOCGIFINDEX", "socket$inet", "socketpair$inet", "accept$inet", "accept4$inet", "bind$inet", "connect$inet", "sendto$inet", "recvfrom$inet", "getsockname$inet", "getpeername$inet", "getsockopt$inet_int", "setsockopt$inet_int", "getsockopt$inet_buf", "setsockopt$inet_buf", "getsockopt$inet_opts", "setsockopt$inet_opts", "getsockopt$inet_IP_IPSEC_POLICY", "setsockopt$inet_IP_IPSEC_POLICY", "getsockopt$inet_IP_XFRM_POLICY", "setsockopt$inet_IP_XFRM_POLICY", "getsockopt$inet_mreq", "setsockopt$inet_mreq", "getsockopt$inet_mreqn", "setsockopt$inet_mreqn", "getsockopt$inet_mreqsrc", "setsockopt$inet_mreqsrc", "setsockopt$inet_msfilter", "setsockopt$inet_MCAST_JOIN_GROUP", "setsockopt$inet_MCAST_LEAVE_GROUP", "setsockopt$inet_group_source_req", "setsockopt$inet_MCAST_MSFILTER", "getsockopt$inet_pktinfo", "setsockopt$inet_pktinfo", "getsockopt$inet_mtu", "setsockopt$inet_mtu", "ioctl$sock_inet_SIOCADDRT", "ioctl$sock_inet_SIOCDELRT", "ioctl$sock_inet_SIOCRTMSG", "ioctl$sock_inet_SIOCDARP", "ioctl$sock_inet_SIOCGARP", "ioctl$sock_inet_SIOCSARP", "ioctl$sock_inet_SIOCGIFADDR", "ioctl$sock_inet_SIOCSIFADDR", "ioctl$sock_inet_SIOCGIFBRDADDR", "ioctl$sock_inet_SIOCSIFBRDADDR", "ioctl$sock_inet_SIOCGIFNETMASK", "ioctl$sock_inet_SIOCSIFNETMASK", "ioctl$sock_inet_SIOCGIFDSTADDR", "ioctl$sock_inet_SIOCSIFDSTADDR", "ioctl$sock_inet_SIOCGIFPFLAGS", "ioctl$sock_inet_SIOCSIFPFLAGS", "ioctl$sock_inet_SIOCSIFFLAGS"
],
"target": "linux/amd64",
"kernel_obj": "/syzkaller/virtual/vmlinuz-3.10.0-xxx.el7.test.x86_64",
"syzkaller": "/syzkaller/virtual/gopath/src/github.com/google/syzkaller/",
"sandbox": "setuid",
"cover": false,
"reproduce": false,
"image": "/home/stand_el7.x86_64.qcow2",
"type": "qemu",
"vm": {
"count": 8, "cpu": 2, "mem": 2048
}
}
# syz-manager -config syzkaller-test.cfg
2018/08/07 00:13:37 loading corpus...
2018/08/07 00:13:38 serving http on http://0.0.0.0:56741
2018/08/07 00:13:38 serving rpc on tcp://127.0.0.1:33292
2018/08/07 00:13:38 booting test machines...
2018/08/07 00:13:38 wait for the connection from test machine...
2018/08/07 00:14:10 machine check: program execution failed: executor 0: failed: iptable filter/2: getsockopt(IPT_SO_GET_INFO) (errno 1)
loop failed (errno 0)
Thanks
Hangbin
bai3...@gmail.com
Aug 7, 2018, 3:10:40 AM8/7/18
to syzkaller
You can add --debug option to syz-manager to observe a more specific debug info
在 2018年8月7日星期二 UTC+8下午3:07:40,Hangbin Liu写道:
在 2018年8月7日星期二 UTC+8下午3:07:40,Hangbin Liu写道:
Hangbin Liu
Aug 7, 2018, 3:33:37 AM8/7/18
to syzkaller
On Tuesday, 7 August 2018 15:10:40 UTC+8, bai3...@gmail.com wrote:
You can add --debug option to syz-manager to observe a more specific debug info
Here is the debug log
2018/08/07 03:19:00 testing simple program...
spawned loop pid 8003
mount(fusectl) failed: 2
mount(cgroup2) failed: 2
write(cgroup.subtree_control) failed: 2
mount(cgroup cpu) failed: 16
write(/syzcgroup/cpu/cgroup.clone_children) failed: 2
mount(cgroup net) failed: 16
iptable checkpoint filter/2: checkpoint entries=4 hooks=e size=632
iptable checkpoint nat/2: checkpoint entries=5 hooks=1b size=784
iptable checkpoint mangle/2: checkpoint entries=6 hooks=1f size=936
iptable checkpoint raw/2: checkpoint entries=3 hooks=9 size=480
iptable checkpoint security/2: checkpoint entries=4 hooks=e size=632
iptable filter/2: getsockopt(IPT_SO_GET_INFO) (errno 1)
loop failed (errno 0)
There is no default iptable rules on my VM.
Thanks
Hangbin
Dmitry Vyukov
Aug 8, 2018, 5:43:55 AM8/8/18
to Hangbin Liu, syzkaller
This commit should fix the problem:
https://github.com/google/syzkaller/commit/ddeb9f8d8828ea4f297656445164e17a9f4c2591
Hangbin Liu
Aug 8, 2018, 11:01:25 PM8/8/18
to Dmitry Vyukov, syzkaller
On Wed, Aug 08, 2018 at 11:43:33AM +0200, Dmitry Vyukov wrote:
> Hi Hangbin,
>
> This commit should fix the problem:
>
> https://github.com/google/syzkaller/commit/ddeb9f8d8828ea4f297656445164e17a9f4c2591
Thanks Dmitry. I rerun the test with latest syzkaller and the issue is
> Hi Hangbin,
>
> This commit should fix the problem:
>
> https://github.com/google/syzkaller/commit/ddeb9f8d8828ea4f297656445164e17a9f4c2591
fixed now.
BTW, do you have any plan to release a stable version? Then I can clone the
code by tag names.
Cheers
Hangbin
Dmitry Vyukov
Aug 9, 2018, 5:26:07 AM8/9/18
to Hangbin Liu, syzkaller
maintain a stable version). Second, I would much rather invest in
making head stable with better testing, because even if it's stable
its still outdated and worse than head. On syzbot we already do
continuous release. Having stable just as an excuse for having
everything else in bad shape does not look like a good way forward to
me.
Since recently we do have tests that can catch such type of things:
https://github.com/google/syzkaller/tree/master/sys/linux/test
And this particular bug was caught by the tests.
Reply all
Reply to author
Forward
0 new messages