general protection fault in ethnl_parse_header

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+258a9089477493cea67b@syzkaller.appspotmail.com>
To: andrew@lunn.ch, dan.carpenter@oracle.com, davem@davemloft.net,
	f.fainelli@gmail.com, kuba@kernel.org,
	linux-kernel@vger.kernel.org, mkubecek@suse.cz,
	netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: general protection fault in ethnl_parse_header
Date: Thu, 19 Mar 2020 06:37:12 -0700	[thread overview]
Message-ID: <00000000000027204705a1354443@google.com> (raw)

Hello,

syzbot found the following crash on:

HEAD commit:    2de9780f net: core: dev.c: fix a documentation warning
git tree:       net
console output: https://syzkaller.appspot.com/x/log.txt?x=131b4023e00000
kernel config:  https://syzkaller.appspot.com/x/.config?x=c2e311dba9a02ba9
dashboard link: https://syzkaller.appspot.com/bug?extid=258a9089477493cea67b
compiler:       gcc (GCC) 9.0.0 20181231 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15a3a7c3e00000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1661ab55e00000

The bug was bisected to:

commit 2363d73a2f3e92787f336721c40918ba2eb0c74c
Author: Michal Kubecek <mkubecek@suse.cz>
Date:   Sun Mar 15 17:17:53 2020 +0000

    ethtool: reject unrecognized request flags

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=1778561de00000
final crash:    https://syzkaller.appspot.com/x/report.txt?x=14f8561de00000
console output: https://syzkaller.appspot.com/x/log.txt?x=10f8561de00000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+258a9089477493cea67b@syzkaller.appspotmail.com
Fixes: 2363d73a2f3e ("ethtool: reject unrecognized request flags")

general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 PID: 9619 Comm: syz-executor891 Not tainted 5.6.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ethnl_parse_header+0x522/0x840 include/linux/string.h:381
Code: ea 03 80 3c 02 00 0f 85 1d 03 00 00 4d 89 7d 08 e8 d3 70 2d fb 49 8d 7d 10 48 ba 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 <0f> b6 0c 10 49 8d 45 13 48 89 c6 48 c1 ee 03 0f b6 14 16 48 89 fe
RSP: 0018:ffffc90001f8f4d8 EFLAGS: 00010202
RAX: 0000000000000002 RBX: ffff8880a2593048 RCX: ffffffff8644a170
RDX: dffffc0000000000 RSI: ffffffff8644a4ed RDI: 0000000000000010
RBP: ffff8880a4436980 R08: ffff88809e586500 R09: ffffc90001f8f510
R10: fffff520003f1ea5 R11: ffffc90001f8f52f R12: 1ffff920003f1e9e
R13: 0000000000000000 R14: ffffffff8a343040 R15: ffff8880a259304c
FS:  000000000251d880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000043eaf0 CR3: 00000000a23d2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ethnl_default_parse+0x1c1/0x300 net/ethtool/netlink.c:264
 ethnl_default_start+0x1ed/0x4d0 net/ethtool/netlink.c:492
 __netlink_dump_start+0x58a/0x910 net/netlink/af_netlink.c:2343
 genl_family_rcv_msg_dumpit net/netlink/genetlink.c:630 [inline]
 genl_family_rcv_msg net/netlink/genetlink.c:715 [inline]
 genl_rcv_msg+0xa32/0xdf0 net/netlink/genetlink.c:735
 netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2469
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:746
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6b9/0x7d0 net/socket.c:2343
 ___sys_sendmsg+0x100/0x170 net/socket.c:2397
 __sys_sendmsg+0xec/0x1b0 net/socket.c:2430
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x444319
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc9883dca8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000444319
RDX: 0000000000000000 RSI: 0000000020006440 RDI: 0000000000000003
RBP: 00000000006ce018 R08: 0000000000000008 R09: 00000000004002e0
R10: 000000000000000c R11: 0000000000000246 R12: 0000000000401fc0
R13: 0000000000402050 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace e7c6f01e7d795112 ]---
RIP: 0010:ethnl_parse_header+0x522/0x840 include/linux/string.h:381
Code: ea 03 80 3c 02 00 0f 85 1d 03 00 00 4d 89 7d 08 e8 d3 70 2d fb 49 8d 7d 10 48 ba 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 <0f> b6 0c 10 49 8d 45 13 48 89 c6 48 c1 ee 03 0f b6 14 16 48 89 fe
RSP: 0018:ffffc90001f8f4d8 EFLAGS: 00010202
RAX: 0000000000000002 RBX: ffff8880a2593048 RCX: ffffffff8644a170
RDX: dffffc0000000000 RSI: ffffffff8644a4ed RDI: 0000000000000010
RBP: ffff8880a4436980 R08: ffff88809e586500 R09: ffffc90001f8f510
R10: fffff520003f1ea5 R11: ffffc90001f8f52f R12: 1ffff920003f1e9e
R13: 0000000000000000 R14: ffffffff8a343040 R15: ffff8880a259304c
FS:  000000000251d880(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000043eaf0 CR3: 00000000a23d2000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

                 reply	other threads:[~2020-03-19 13:37 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=00000000000027204705a1354443@google.com \
    --to=syzbot+258a9089477493cea67b@syzkaller.appspotmail.com \
    --cc=andrew@lunn.ch \
    --cc=dan.carpenter@oracle.com \
    --cc=davem@davemloft.net \
    --cc=f.fainelli@gmail.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mkubecek@suse.cz \
    --cc=netdev@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.