| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 Dec 2017 01:58:01 -0800
From: syzbot
<bot+de71e64059ed307c8b3b3cbe7bb2f17fc13597be@...kaller.appspotmail.com>
To: davem@...emloft.net, kuznet@....inr.ac.ru,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
syzkaller-bugs@...glegroups.com, yoshfuji@...ux-ipv6.org
Subject: invalid opcode in vlan_ioctl_hook
Hello,
syzkaller hit the following crash on
6084b576dca2e898f5c101baef151f7bfdbb606d
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
Unfortunately, I don't have any reproducer for this bug yet.
SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256
sclass=netlink_route_socket pig=17868 comm=syz-executor2
invalid opcode: 0000 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 4.15.0-rc3-next-20171214+ #67
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Workqueue: krdsd rds_connect_worker
RIP: 0010:vlan_ioctl_hook+0x0/0x8
RSP: 0018:ffffc90000d17b48 EFLAGS: 00010a47
RAX: ffff880216a4a580 RBX: ffffffff83ff4be8 RCX: ffffffff8210ac01
RDX: 0000000000000000 RSI: ffff8801fb9e9a30 RDI: ffffffff83ff4be8
RBP: ffffc90000d17b90 R08: 0000000000000001 R09: 0000000000000002
R10: ffffc90000d17ad8 R11: 0000000000000002 R12: 0000000000000000
R13: ffff8801fb9e9a30 R14: ffff8801fb942988 R15: ffff8801fb942900
FS: 0000000000000000(0000) GS:ffff88021fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b9bc21000 CR3: 000000000301e001 CR4: 00000000001626f0
Call Trace:
__fib_lookup+0x55/0x80 net/ipv4/fib_rules.c:93
fib_lookup include/net/ip_fib.h:314 [inline]
ip_route_output_key_hash_rcu+0x80f/0xe70 net/ipv4/route.c:2406
ip_route_output_key_hash+0xba/0x180 net/ipv4/route.c:2299
__ip_route_output_key include/net/route.h:125 [inline]
ip_route_connect include/net/route.h:300 [inline]
tcp_v4_connect+0x4d2/0x660 net/ipv4/tcp_ipv4.c:175
__inet_stream_connect+0x285/0x3c0 net/ipv4/af_inet.c:619
inet_stream_connect+0x3b/0x60 net/ipv4/af_inet.c:683
rds_tcp_conn_path_connect+0x147/0x1b0 net/rds/tcp_connect.c:135
rds_connect_worker+0x7a/0xe0 net/rds/threads.c:165
process_one_work+0x288/0x7a0 kernel/workqueue.c:2112
worker_thread+0x43/0x4d0 kernel/workqueue.c:2246
kthread+0x149/0x170 kernel/kthread.c:238
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:524
Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <f0> 88 3b 82
ff ff ff ff c0 e1 2d 82 ff ff ff ff 00 00 00 00 00
RIP: vlan_ioctl_hook+0x0/0x8 RSP: ffffc90000d17b48
---[ end trace cb1f0ac1cf3d37f8 ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
---
This bug is generated by a dumb bot. It may contain errors.
See https://goo.gl/tpsmEJ for details.
Direct all questions to syzkaller@...glegroups.com.
Please credit me with: Reported-by: syzbot <syzkaller@...glegroups.com>
syzbot will keep track of this bug report.
Once a fix for this bug is merged into any tree, reply to this email with:
#syz fix: exact-commit-title
To mark this as a duplicate of another syzbot report, please reply with:
#syz dup: exact-subject-of-another-report
If it's a one-off invalid bug report, please reply with:
#syz invalid
Note: if the crash happens again, it will cause creation of a new bug
report.
Note: all commands must start from beginning of the line in the email body.
View attachment "config.txt" of type "text/plain" (126475 bytes)
Download attachment "raw.log" of type "application/octet-stream" (1048576 bytes)
Powered by blists - more mailing lists