syzbot


WARNING in __proc_create

Status: fixed on 2018/03/23 18:14
Subsystems: netfilter
[Documentation on labels]
Reported-by: syzbot+0502b00edac2a0680b61@syzkaller.appspotmail.com
Fix commit: b1d0a5d0cba4 netfilter: x_tables: add and use xt_check_proc_name
First crash: 2363d, last: 2329d
Discussions (8)
Title Replies (including bot) Last reply
[PATCH 3.16 000/305] 3.16.63-rc1 review 313 (313) 2019/06/07 15:34
[PATCH 4.4 00/72] 4.4.127-stable review 83 (83) 2018/05/17 08:56
[PATCH 4.9 000/102] 4.9.93-stable review 111 (111) 2018/04/12 16:56
[PATCH 3.18 00/93] 3.18.103-stable review 102 (102) 2018/04/09 08:13
[PATCH 4.15 00/72] 4.15.16-stable review 78 (78) 2018/04/07 06:10
[PATCH 4.14 00/67] 4.14.33-stable review 71 (71) 2018/04/06 22:10
[PATCH 0/5] Netfilter fixes for net 7 (7) 2018/03/12 16:50
WARNING in __proc_create 9 (10) 2018/03/09 23:42
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in __proc_create (2) afs C done 4 1639d 1639d 15/27 fixed on 2020/02/18 14:31

Sample crash report:
audit: type=1400 audit(1518225858.093:7): avc:  denied  { map } for  pid=4158 comm="syzkaller390983" path="/root/syzkaller390983884" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
------------[ cut here ]------------
name len 0
WARNING: CPU: 1 PID: 4158 at fs/proc/generic.c:354 __proc_create+0x6ac/0x890 fs/proc/generic.c:354
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 4158 Comm: syzkaller390983 Not tainted 4.15.0+ #306
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 panic+0x1e4/0x41c kernel/panic.c:183
 __warn+0x1dc/0x200 kernel/panic.c:547
 report_bug+0x211/0x2d0 lib/bug.c:184
 fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
 fixup_bug arch/x86/kernel/traps.c:247 [inline]
 do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x22/0x40 arch/x86/entry/entry_64.S:988
RIP: 0010:__proc_create+0x6ac/0x890 fs/proc/generic.c:354
RSP: 0018:ffff8801b75972d0 EFLAGS: 00010282
RAX: dffffc0000000008 RBX: 1ffff10036eb2e5f RCX: ffffffff815a5c5e
RDX: 0000000000000000 RSI: 1ffff10036eb2e0a RDI: 1ffff10036eb2ddf
RBP: ffff8801b7597440 R08: 1ffff10036eb2da1 R09: 0000000000000000
R10: ffff8801b7597188 R11: 0000000000000000 R12: ffff8801b217d630
R13: ffff8801b7597418 R14: 0000000000000000 R15: ffff8801b75973d8
 proc_create_data+0x76/0x180 fs/proc/generic.c:488
 htable_create net/netfilter/xt_hashlimit.c:333 [inline]
 hashlimit_mt_check_common.isra.9+0xaee/0x1420 net/netfilter/xt_hashlimit.c:900
 hashlimit_mt_check_v1+0x48d/0x640 net/netfilter/xt_hashlimit.c:926
 xt_check_match+0x231/0x7d0 net/netfilter/x_tables.c:470
 check_match net/ipv6/netfilter/ip6_tables.c:492 [inline]
 find_check_match net/ipv6/netfilter/ip6_tables.c:509 [inline]
 find_check_entry.isra.7+0x42d/0xcf0 net/ipv6/netfilter/ip6_tables.c:560
 translate_table+0xf52/0x1690 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1160 [inline]
 do_ip6t_set_ctl+0x370/0x5f0 net/ipv6/netfilter/ip6_tables.c:1686
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
 ipv6_setsockopt+0x10b/0x130 net/ipv6/ipv6_sockglue.c:927
 rawv6_setsockopt+0x4a/0xf0 net/ipv6/raw.c:1060
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
 SYSC_setsockopt net/socket.c:1849 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1828
 do_syscall_64+0x282/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x26/0x9b
RIP: 0033:0x441319
RSP: 002b:00007ffd97f06dc8 EFLAGS: 00000203 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 0000000000441319
RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 00000000000005c8 R09: 0000000000000000
R10: 0000000020ee3a38 R11: 0000000000000203 R12: 0000000000402c40
R13: 0000000000402cd0 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (12):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/02/10 01:26 upstream f9f1e414128e 2b6b214c .config console log report syz C ci-upstream-kasan-gce
2018/01/27 19:09 upstream c4e0ca7fa241 08146b1a .config console log report syz C ci-upstream-kasan-gce
2018/02/10 00:51 net-next-old 617aebe6a97e 2b6b214c .config console log report syz C ci-upstream-net-kasan-gce
2018/01/28 03:08 net-next-old 6bb46bc57c8e 08146b1a .config console log report syz C ci-upstream-net-kasan-gce
2018/02/12 12:29 upstream 7928b2cbe55b 88bc17df .config console log report ci-upstream-kasan-gce
2018/02/02 16:10 upstream 4bf772b14675 826b35d6 .config console log report ci-upstream-kasan-gce
2018/03/03 05:09 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/02/26 08:43 net-next-old f74290fdb363 9fe8aa42 .config console log report ci-upstream-net-kasan-gce
2018/02/21 03:15 net-next-old 5eeba397392a 04cbdbd1 .config console log report ci-upstream-net-kasan-gce
2018/02/05 21:03 net-next-old 617aebe6a97e a1bc9d40 .config console log report ci-upstream-net-kasan-gce
2018/02/05 10:08 net-next-old 617aebe6a97e a1bc9d40 .config console log report ci-upstream-net-kasan-gce
2018/02/04 23:00 net-next-old 617aebe6a97e a1bc9d40 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.