Re: [syzbot] general protection fault in nft_set_elem_expr

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Re: [syzbot] general protection fault in nft_set_elem_expr_alloc
       [not found] ` <20210602170317.GA18869@salvia>
@ 2021-09-08 20:58   ` Salvatore Bonaccorso
  2021-09-09  6:20     ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Salvatore Bonaccorso @ 2021-09-08 20:58 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: syzbot, coreteam, davem, fw, kadlec, kuba, linux-kernel, netdev,
	netfilter-devel, syzkaller-bugs, stable, elbrus

Hi Pablo,

On Wed, Jun 02, 2021 at 07:03:17PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Jun 02, 2021 at 09:37:26AM -0700, syzbot wrote:
> > Hello,
> > 
> > syzbot found the following issue on:
> > 
> > HEAD commit:    6850ec97 Merge branch 'mptcp-fixes-for-5-13'
> > git tree:       net
> > console output: https://syzkaller.appspot.com/x/log.txt?x=1355504dd00000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=770708ea7cfd4916
> > dashboard link: https://syzkaller.appspot.com/bug?extid=ce96ca2b1d0b37c6422d
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1502d517d00000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12bbbe13d00000
> > 
> > The issue was bisected to:
> > 
> > commit 05abe4456fa376040f6cc3cc6830d2e328723478
> > Author: Pablo Neira Ayuso <pablo@netfilter.org>
> > Date:   Wed May 20 13:44:37 2020 +0000
> > 
> >     netfilter: nf_tables: allow to register flowtable with no devices
> > 
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10fa1387d00000
> > final oops:     https://syzkaller.appspot.com/x/report.txt?x=12fa1387d00000
> > console output: https://syzkaller.appspot.com/x/log.txt?x=14fa1387d00000
> > 
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+ce96ca2b1d0b37c6422d@syzkaller.appspotmail.com
> > Fixes: 05abe4456fa3 ("netfilter: nf_tables: allow to register flowtable with no devices")
> > 
> > general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
> > KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
> > CPU: 1 PID: 8438 Comm: syz-executor343 Not tainted 5.13.0-rc3-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > RIP: 0010:nft_set_elem_expr_alloc+0x17e/0x280 net/netfilter/nf_tables_api.c:5321
> > Code: 48 c1 ea 03 80 3c 02 00 0f 85 09 01 00 00 49 8b 9d c0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d9 00 00 00 48 8b 5b 70 48 85 db 74 21 e8 9a bd
> 
> It's a real bug. Bisect is not correct though.
> 
> I'll post a patch to fix it. Thanks.

So if I see it correctly the fix landed in ad9f151e560b ("netfilter:
nf_tables: initialize set before expression setup") in 5.13-rc7 and
landed as well in 5.12.13. The issue is though still present in the
5.10.y series.

Would it be possible to backport the fix as well to 5.10.y? It is
needed there as well.

Regards,
Salvatore

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [syzbot] general protection fault in nft_set_elem_expr_alloc
  2021-09-08 20:58   ` [syzbot] general protection fault in nft_set_elem_expr_alloc Salvatore Bonaccorso
@ 2021-09-09  6:20     ` Greg KH
  2021-09-09 14:05       ` Florian Westphal
  0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2021-09-09  6:20 UTC (permalink / raw)
  To: Salvatore Bonaccorso
  Cc: Pablo Neira Ayuso, syzbot, coreteam, davem, fw, kadlec, kuba,
	linux-kernel, netdev, netfilter-devel, syzkaller-bugs, stable,
	elbrus

On Wed, Sep 08, 2021 at 10:58:11PM +0200, Salvatore Bonaccorso wrote:
> Hi Pablo,
> 
> On Wed, Jun 02, 2021 at 07:03:17PM +0200, Pablo Neira Ayuso wrote:
> > On Wed, Jun 02, 2021 at 09:37:26AM -0700, syzbot wrote:
> > > Hello,
> > > 
> > > syzbot found the following issue on:
> > > 
> > > HEAD commit:    6850ec97 Merge branch 'mptcp-fixes-for-5-13'
> > > git tree:       net
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=1355504dd00000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=770708ea7cfd4916
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=ce96ca2b1d0b37c6422d
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=1502d517d00000
> > > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=12bbbe13d00000
> > > 
> > > The issue was bisected to:
> > > 
> > > commit 05abe4456fa376040f6cc3cc6830d2e328723478
> > > Author: Pablo Neira Ayuso <pablo@netfilter.org>
> > > Date:   Wed May 20 13:44:37 2020 +0000
> > > 
> > >     netfilter: nf_tables: allow to register flowtable with no devices
> > > 
> > > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=10fa1387d00000
> > > final oops:     https://syzkaller.appspot.com/x/report.txt?x=12fa1387d00000
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=14fa1387d00000
> > > 
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+ce96ca2b1d0b37c6422d@syzkaller.appspotmail.com
> > > Fixes: 05abe4456fa3 ("netfilter: nf_tables: allow to register flowtable with no devices")
> > > 
> > > general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
> > > KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
> > > CPU: 1 PID: 8438 Comm: syz-executor343 Not tainted 5.13.0-rc3-syzkaller #0
> > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> > > RIP: 0010:nft_set_elem_expr_alloc+0x17e/0x280 net/netfilter/nf_tables_api.c:5321
> > > Code: 48 c1 ea 03 80 3c 02 00 0f 85 09 01 00 00 49 8b 9d c0 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 70 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d9 00 00 00 48 8b 5b 70 48 85 db 74 21 e8 9a bd
> > 
> > It's a real bug. Bisect is not correct though.
> > 
> > I'll post a patch to fix it. Thanks.
> 
> So if I see it correctly the fix landed in ad9f151e560b ("netfilter:
> nf_tables: initialize set before expression setup") in 5.13-rc7 and
> landed as well in 5.12.13. The issue is though still present in the
> 5.10.y series.
> 
> Would it be possible to backport the fix as well to 5.10.y? It is
> needed there as well.

I would need a working backport, as it does not apply cleanly to 5.10.y
:(

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [syzbot] general protection fault in nft_set_elem_expr_alloc
  2021-09-09  6:20     ` Greg KH
@ 2021-09-09 14:05       ` Florian Westphal
  0 siblings, 0 replies; 3+ messages in thread
From: Florian Westphal @ 2021-09-09 14:05 UTC (permalink / raw)
  To: Greg KH
  Cc: Salvatore Bonaccorso, Pablo Neira Ayuso, syzbot, coreteam, davem,
	fw, kadlec, kuba, linux-kernel, netdev, netfilter-devel,
	syzkaller-bugs, stable, elbrus

Greg KH <gregkh@linuxfoundation.org> wrote:
> On Wed, Sep 08, 2021 at 10:58:11PM +0200, Salvatore Bonaccorso wrote:
> > So if I see it correctly the fix landed in ad9f151e560b ("netfilter:
> > nf_tables: initialize set before expression setup") in 5.13-rc7 and
> > landed as well in 5.12.13. The issue is though still present in the
> > 5.10.y series.
> > 
> > Would it be possible to backport the fix as well to 5.10.y? It is
> > needed there as well.
> 
> I would need a working backport, as it does not apply cleanly to 5.10.y
> :(

Done, sent to stable@.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-09-09 14:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <000000000000ef07b205c3cb1234@google.com>
     [not found] ` <20210602170317.GA18869@salvia>
2021-09-08 20:58   ` [syzbot] general protection fault in nft_set_elem_expr_alloc Salvatore Bonaccorso
2021-09-09  6:20     ` Greg KH
2021-09-09 14:05       ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).