* eda3fc50daa9 ("netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter")
@ 2019-08-06 16:32 Zubin Mithra
2019-08-06 21:55 ` Sasha Levin
0 siblings, 1 reply; 2+ messages in thread
From: Zubin Mithra @ 2019-08-06 16:32 UTC (permalink / raw)
To: stable; +Cc: gregkh, groeck, phil.turnbull, pablo, davem
Hello,
Syzkaller has triggered a GPF when fuzzing a 4.4 kernel with the following stacktrace.
Call Trace:
[<ffffffff823d9bfe>] nla_get_be64 include/net/netlink.h:1130 [inline]
[<ffffffff823d9bfe>] nfnl_acct_new+0x3ae/0x720 net/netfilter/nfnetlink_acct.c:111
[<ffffffff823d81c7>] nfnetlink_rcv_msg+0xa27/0xc30 net/netfilter/nfnetlink.c:215
[<ffffffff823c7ebf>] netlink_rcv_skb+0xdf/0x2f0 net/netlink/af_netlink.c:2361
[<ffffffff823d6e89>] nfnetlink_rcv+0x939/0x1000 net/netfilter/nfnetlink.c:479
[<ffffffff823c6974>] netlink_unicast_kernel net/netlink/af_netlink.c:1277 [inline]
[<ffffffff823c6974>] netlink_unicast+0x474/0x7c0 net/netlink/af_netlink.c:1303
[<ffffffff823c7461>] netlink_sendmsg+0x7a1/0xc50 net/netlink/af_netlink.c:1859
[<ffffffff82239fe5>] sock_sendmsg_nosec net/socket.c:627 [inline]
[<ffffffff82239fe5>] sock_sendmsg+0xd5/0x110 net/socket.c:637
[<ffffffff8223da67>] ___sys_sendmsg+0x767/0x890 net/socket.c:1964
[<ffffffff822405db>] __sys_sendmsg+0xbb/0x150 net/socket.c:1998
[<ffffffff822406a2>] SYSC_sendmsg net/socket.c:2009 [inline]
[<ffffffff822406a2>] SyS_sendmsg+0x32/0x50 net/socket.c:2005
[<ffffffff82a44e67>] entry_SYSCALL_64_fastpath+0x1e/0xa0
RIP [<ffffffff81d4931c>] nla_memcpy+0x2c/0xa0 lib/nlattr.c:279
Could the following patch be applied in order to v4.4.y? It is present in v4.9.y.
* eda3fc50daa9 ("netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter")
Tests run:
* Syzkaller reproducer
* Chrome OS tryjobs
Thanks,
- Zubin
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: eda3fc50daa9 ("netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter")
2019-08-06 16:32 eda3fc50daa9 ("netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter") Zubin Mithra
@ 2019-08-06 21:55 ` Sasha Levin
0 siblings, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2019-08-06 21:55 UTC (permalink / raw)
To: Zubin Mithra; +Cc: stable, gregkh, groeck, phil.turnbull, pablo, davem
On Tue, Aug 06, 2019 at 09:32:55AM -0700, Zubin Mithra wrote:
>Hello,
>
>Syzkaller has triggered a GPF when fuzzing a 4.4 kernel with the following stacktrace.
>
>Call Trace:
> [<ffffffff823d9bfe>] nla_get_be64 include/net/netlink.h:1130 [inline]
> [<ffffffff823d9bfe>] nfnl_acct_new+0x3ae/0x720 net/netfilter/nfnetlink_acct.c:111
> [<ffffffff823d81c7>] nfnetlink_rcv_msg+0xa27/0xc30 net/netfilter/nfnetlink.c:215
> [<ffffffff823c7ebf>] netlink_rcv_skb+0xdf/0x2f0 net/netlink/af_netlink.c:2361
> [<ffffffff823d6e89>] nfnetlink_rcv+0x939/0x1000 net/netfilter/nfnetlink.c:479
> [<ffffffff823c6974>] netlink_unicast_kernel net/netlink/af_netlink.c:1277 [inline]
> [<ffffffff823c6974>] netlink_unicast+0x474/0x7c0 net/netlink/af_netlink.c:1303
> [<ffffffff823c7461>] netlink_sendmsg+0x7a1/0xc50 net/netlink/af_netlink.c:1859
> [<ffffffff82239fe5>] sock_sendmsg_nosec net/socket.c:627 [inline]
> [<ffffffff82239fe5>] sock_sendmsg+0xd5/0x110 net/socket.c:637
> [<ffffffff8223da67>] ___sys_sendmsg+0x767/0x890 net/socket.c:1964
> [<ffffffff822405db>] __sys_sendmsg+0xbb/0x150 net/socket.c:1998
> [<ffffffff822406a2>] SYSC_sendmsg net/socket.c:2009 [inline]
> [<ffffffff822406a2>] SyS_sendmsg+0x32/0x50 net/socket.c:2005
> [<ffffffff82a44e67>] entry_SYSCALL_64_fastpath+0x1e/0xa0
>RIP [<ffffffff81d4931c>] nla_memcpy+0x2c/0xa0 lib/nlattr.c:279
>
>Could the following patch be applied in order to v4.4.y? It is present in v4.9.y.
>* eda3fc50daa9 ("netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter")
>
>Tests run:
>* Syzkaller reproducer
>* Chrome OS tryjobs
Queued up for 4.4, thanks.
--
Thanks,
Sasha
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-06 21:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-08-06 16:32 eda3fc50daa9 ("netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter") Zubin Mithra
2019-08-06 21:55 ` Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).