From: syzbot <syzbot+95ce4b142579611ef0a9@syzkaller.appspotmail.com>
To: jmorris@namei.org, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
penguin-kernel@I-love.SAKURA.ne.jp, serge@hallyn.com,
syzkaller-bugs@googlegroups.com, takedakn@nttdata.co.jp
Subject: general protection fault in tomoyo_socket_sendmsg_permission
Date: Thu, 12 Nov 2020 23:21:26 -0800 [thread overview]
Message-ID: <000000000000647eff05b3f7e0d4@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 9dbc1c03 Merge tag 'xfs-5.10-fixes-3' of git://git.kernel...
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10453034500000
kernel config: https://syzkaller.appspot.com/x/.config?x=1735b7978b1c3721
dashboard link: https://syzkaller.appspot.com/bug?extid=95ce4b142579611ef0a9
compiler: gcc (GCC) 10.1.0-syz 20200507
userspace arch: i386
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+95ce4b142579611ef0a9@syzkaller.appspotmail.com
general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 PID: 23364 Comm: vhci_tx Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:tomoyo_socket_sendmsg_permission+0x80/0x340 security/tomoyo/network.c:762
Code: c7 40 0c f3 f3 f3 f3 65 48 8b 04 25 28 00 00 00 48 89 84 24 a0 00 00 00 31 c0 e8 0b 70 f1 fd 48 8d 7d 18 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 7d 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c
RSP: 0018:ffffc90016f77ad0 EFLAGS: 00010206
RAX: 0000000000000003 RBX: 1ffff92002deef5b RCX: ffffffff83b3789e
RDX: ffff8880186c8000 RSI: ffffffff837e9945 RDI: 0000000000000018
RBP: 0000000000000000 R08: 0000000000000030 R09: ffffc90016f77d97
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc90016f77ce8 R14: ffffc90016f77ce8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562623b70868 CR3: 000000002af19000 CR4: 00000000001526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
security_socket_sendmsg+0x50/0xb0 security/security.c:2140
sock_sendmsg+0x3f/0x120 net/socket.c:668
vhci_send_cmd_submit+0x897/0xf90 drivers/usb/usbip/vhci_tx.c:139
vhci_tx_loop+0xfc/0x370 drivers/usb/usbip/vhci_tx.c:241
kthread+0x3af/0x4a0 kernel/kthread.c:292
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Modules linked in:
---[ end trace 535369ec3e6ef304 ]---
RIP: 0010:tomoyo_socket_sendmsg_permission+0x80/0x340 security/tomoyo/network.c:762
Code: c7 40 0c f3 f3 f3 f3 65 48 8b 04 25 28 00 00 00 48 89 84 24 a0 00 00 00 31 c0 e8 0b 70 f1 fd 48 8d 7d 18 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 7d 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c
RSP: 0018:ffffc90016f77ad0 EFLAGS: 00010206
RAX: 0000000000000003 RBX: 1ffff92002deef5b RCX: ffffffff83b3789e
RDX: ffff8880186c8000 RSI: ffffffff837e9945 RDI: 0000000000000018
RBP: 0000000000000000 R08: 0000000000000030 R09: ffffc90016f77d97
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffffc90016f77ce8 R14: ffffc90016f77ce8 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0c3a930740 CR3: 000000002af19000 CR4: 00000000001526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next reply other threads:[~2020-11-13 7:21 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-13 7:21 syzbot [this message]
2020-11-13 10:49 ` general protection fault in tomoyo_socket_sendmsg_permission Tetsuo Handa
[not found] ` <20201113120055.11748-1-hdanton@sina.com>
2020-11-13 17:14 ` Shuah Khan
2021-01-28 6:09 ` Tetsuo Handa
[not found] ` <2b70d360-a293-4acb-ea6c-2badda5e8b8b@linuxfoundation.org>
2021-01-29 5:48 ` Tetsuo Handa
[not found] ` <6b8da36f-a994-7604-77f4-52e29434605f@linuxfoundation.org>
2021-01-29 17:08 ` Tetsuo Handa
2021-01-29 21:18 ` Shuah Khan
2021-01-30 2:25 ` Tetsuo Handa
2021-02-10 18:17 ` Shuah Khan
2021-02-10 19:07 ` Tetsuo Handa
2021-02-10 19:29 ` Shuah Khan
2021-02-11 1:14 ` Tetsuo Handa
2021-02-12 1:34 ` Shuah Khan
2021-02-12 2:22 ` Tetsuo Handa
2021-02-12 4:58 ` Tetsuo Handa
2021-02-12 20:02 ` Shuah Khan
2021-02-13 10:02 ` Tetsuo Handa
2021-02-13 10:10 ` Greg Kroah-Hartman
2021-02-13 10:10 ` Greg Kroah-Hartman
2021-02-19 0:33 ` [PATCH] usb: usbip: serialize attach/detach operations Tetsuo Handa
2021-02-19 9:47 ` [PATCH (repost)] " Tetsuo Handa
2021-02-19 15:08 ` [PATCH v2] " Tetsuo Handa
2021-02-19 15:53 ` Greg Kroah-Hartman
2021-02-19 16:00 ` Shuah Khan
2021-02-20 1:10 ` Tetsuo Handa
2021-02-20 6:58 ` Greg Kroah-Hartman
2021-02-20 9:51 ` Tetsuo Handa
2021-02-22 15:34 ` Shuah Khan
2021-02-23 1:51 ` Tetsuo Handa
2021-02-23 1:59 ` [PATCH v3] " Tetsuo Handa
2021-02-26 0:00 ` Shuah Khan
2021-02-26 0:10 ` Tetsuo Handa
2021-02-26 15:04 ` Shuah Khan
2021-03-04 15:24 ` [PATCH v4 00/12] " Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 01/12] usb: usbip: introduce usbip_event_mutex for serialization Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 02/12] usb: usbip: vhci: serialize attach_store()/detach_store() against event_handler() Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 03/12] usb: usbip: vudc: serialize usbip_sockfd_store() " Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 04/12] usb: usbip: stub: " Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 05/12] usb: usbip: don't reset tcp_socket at vhci_device_reset() Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 06/12] usb: usbip: fix error handling of kthread_get_run() Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 07/12] usb: usbip: preallocate kernel threads for consistent attach operation Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 08/12] usb: usbip: check that stream socket is used Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 09/12] usb: usbip: vhci: add automatic recovery to attach_store() Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 10/12] usb: usbip: vudc: add automatic recovery to usbip_sockfd_store() Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 11/12] usb: usbip: stub: " Tetsuo Handa
2021-03-04 15:24 ` [PATCH v4 12/12] usb: usbip: remove unused kthread_get_run() Tetsuo Handa
2021-03-04 15:52 ` [PATCH v4 00/12] usb: usbip: serialize attach/detach operations Shuah Khan
2021-03-05 10:06 ` Tetsuo Handa
2021-03-05 14:44 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000647eff05b3f7e0d4@google.com \
--to=syzbot+95ce4b142579611ef0a9@syzkaller.appspotmail.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=serge@hallyn.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=takedakn@nttdata.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.