From: Zubin Mithra <zsm@chromium.org>
To: stable@vger.kernel.org
Cc: groeck@chromium.org, gregkh@linuxfoundation.org,
phil.turnbull@oracle.com, pablo@netfilter.org,
kadlec@blackhole.kfki.hu, fw@strlen.de, davem@davemloft.net
Subject: 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters")
Date: Tue, 12 Mar 2019 13:04:15 -0700 [thread overview]
Message-ID: <20190312200413.GA128459@google.com> (raw)
Hello,
Syzkaller has triggered a GPF when fuzzing a 4.4 kernel with the following stacktrace.
Call Trace:
[<ffffffff823936f9>] nfnetlink_rcv_msg+0xa59/0xbc0 net/netfilter/nfnetlink.c:215
[<ffffffff82382be9>] netlink_rcv_skb+0x149/0x380 net/netlink/af_netlink.c:2296
[<ffffffff82391b6c>] nfnetlink_rcv+0x2ac/0x1190 net/netfilter/nfnetlink.c:479
[<ffffffff8238178e>] netlink_unicast_kernel net/netlink/af_netlink.c:1223 [inline]
[<ffffffff8238178e>] netlink_unicast+0x51e/0x760 net/netlink/af_netlink.c:1249
[<ffffffff82382295>] netlink_sendmsg+0x8c5/0xc20 net/netlink/af_netlink.c:1803
[<ffffffff821f45ff>] sock_sendmsg_nosec net/socket.c:625 [inline]
[<ffffffff821f45ff>] sock_sendmsg+0xcf/0x110 net/socket.c:635
[<ffffffff821f4862>] sock_write_iter+0x222/0x3a0 net/socket.c:834
[<ffffffff8150b3fe>] new_sync_write fs/read_write.c:478 [inline]
[<ffffffff8150b3fe>] __vfs_write+0x32e/0x440 fs/read_write.c:491
[<ffffffff8150cf2c>] vfs_write+0x16c/0x4a0 fs/read_write.c:538
[<ffffffff8150f599>] SYSC_write fs/read_write.c:585 [inline]
[<ffffffff8150f599>] SyS_write+0xd9/0x1b0 fs/read_write.c:577
[<ffffffff82a0b3b2>] entry_SYSCALL_64_fastpath+0x12/0x72
Code: c0 49 89 c4 0f 84 64 04 00 00 e8 ea b7 f6 fe 49 8b 95 68 ff ff ff 48 b8 00 00 00 00 00 fc ff df 48 8d 7a 04 48 89 f9 48 c1 e9 03 <0f> b6 0c 01 48 89 f8 83 e0 07 83 c0 03 38 c8 7c 17 84 c9 74 13
RIP [<ffffffff823956f2>] nla_get_be32 include/net/netlink.h:1003 [inline]
RIP [<ffffffff823956f2>] nfacct_filter_alloc net/netfilter/nfnetlink_acct.c:250 [inline]
RIP [<ffffffff823956f2>] nfnl_acct_get+0x1f2/0x6d0 net/netfilter/nfnetlink_acct.c:274
RSP <ffff8801d7def6a8>
---[ end trace a8de975a65b4d2ea ]---
Could the following patch be applied to v4.4.y? The patch is present in v4.9.y.
* 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters")
Tests run:
* Chrome OS tryjobs
* Syzkaller reproducer
Thanks,
- Zubin
next reply other threads:[~2019-03-12 20:04 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-12 20:04 Zubin Mithra [this message]
2019-03-12 21:00 ` 017b1b6d28c4 ("netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters") Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190312200413.GA128459@google.com \
--to=zsm@chromium.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=gregkh@linuxfoundation.org \
--cc=groeck@chromium.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=pablo@netfilter.org \
--cc=phil.turnbull@oracle.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox