| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <67a23381.050a0220.d7c5a.00bb.GAE@google.com> Date: Tue, 04 Feb 2025 07:34:25 -0800 From: syzbot <syzbot+095590432e94610ef0e5@...kaller.appspotmail.com> To: andrew+netdev@...n.ch, davem@...emloft.net, edumazet@...gle.com, kent.overstreet@...ux.dev, kuba@...nel.org, linux-bcachefs@...r.kernel.org, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, pabeni@...hat.com, syzkaller-bugs@...glegroups.com Subject: [syzbot] [net?] [bcachefs?] general protection fault in __alloc_skb Hello, syzbot found the following issue on: HEAD commit: 69e858e0b8b2 Merge tag 'uml-for-linus-6.14-rc1' of git://g.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=16f4dddf980000 kernel config: https://syzkaller.appspot.com/x/.config?x=d033b14aeef39158 dashboard link: https://syzkaller.appspot.com/bug?extid=095590432e94610ef0e5 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17974518580000 Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/7feb34a89c2a/non_bootable_disk-69e858e0.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/a53b888c1f3f/vmlinux-69e858e0.xz kernel image: https://storage.googleapis.com/syzbot-assets/6b5e17edafc0/bzImage-69e858e0.xz mounted in repro: https://storage.googleapis.com/syzbot-assets/f903aea5a6cc/mount_0.gz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+095590432e94610ef0e5@...kaller.appspotmail.com Oops: general protection fault, probably for non-canonical address 0x76a030f00000485: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 1077 Comm: kworker/u4:10 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: events_unbound nsim_dev_trap_report_work RIP: 0010:get_freepointer mm/slub.c:504 [inline] RIP: 0010:get_freepointer_safe mm/slub.c:532 [inline] RIP: 0010:__slab_alloc_node mm/slub.c:3993 [inline] RIP: 0010:slab_alloc_node mm/slub.c:4152 [inline] RIP: 0010:kmem_cache_alloc_node_noprof+0xec/0x380 mm/slub.c:4216 Code: 0f 84 8a 01 00 00 41 83 f8 ff 74 1a 48 8b 03 48 83 f8 ff 0f 84 8f 02 00 00 48 c1 e8 3a 41 39 c0 0f 85 6a 01 00 00 41 8b 46 28 <4a> 8b 1c 28 49 8d 4c 24 08 49 8b 36 4c 89 e8 4c 89 e2 65 48 0f c7 RSP: 0018:ffffc900026ef908 EFLAGS: 00010246 RAX: 0000000000000078 RBX: ffffea0000f49540 RCX: 0000000000046a30 RDX: 0000000000000000 RSI: 00000000000000f0 RDI: ffffffff8ea52d00 RBP: 00000000ffffffff R08: 00000000ffffffff R09: fffff520004ddf38 R10: dffffc0000000000 R11: fffff520004ddf38 R12: 00000000000d7b48 R13: 076a030f0000040d R14: ffff88801b7a18c0 R15: 0000000000000820 FS: 0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4588978ab8 CR3: 0000000059eac000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __alloc_skb+0x1c3/0x440 net/core/skbuff.c:668 alloc_skb include/linux/skbuff.h:1331 [inline] nsim_dev_trap_skb_build drivers/net/netdevsim/dev.c:748 [inline] nsim_dev_trap_report drivers/net/netdevsim/dev.c:805 [inline] nsim_dev_trap_report_work+0x261/0xb50 drivers/net/netdevsim/dev.c:851 process_one_work kernel/workqueue.c:3236 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317 worker_thread+0x870/0xd30 kernel/workqueue.c:3398 kthread+0x7a9/0x920 kernel/kthread.c:464 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---------------- Code disassembly (best guess): 0: 0f 84 8a 01 00 00 je 0x190 6: 41 83 f8 ff cmp $0xffffffff,%r8d a: 74 1a je 0x26 c: 48 8b 03 mov (%rbx),%rax f: 48 83 f8 ff cmp $0xffffffffffffffff,%rax 13: 0f 84 8f 02 00 00 je 0x2a8 19: 48 c1 e8 3a shr $0x3a,%rax 1d: 41 39 c0 cmp %eax,%r8d 20: 0f 85 6a 01 00 00 jne 0x190 26: 41 8b 46 28 mov 0x28(%r14),%eax * 2a: 4a 8b 1c 28 mov (%rax,%r13,1),%rbx <-- trapping instruction 2e: 49 8d 4c 24 08 lea 0x8(%r12),%rcx 33: 49 8b 36 mov (%r14),%rsi 36: 4c 89 e8 mov %r13,%rax 39: 4c 89 e2 mov %r12,%rdx 3c: 65 gs 3d: 48 rex.W 3e: 0f .byte 0xf 3f: c7 .byte 0xc7 --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@...glegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
Powered by blists - more mailing lists