syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: unable to handle kernel paging request in ebt_among_mt_check (2)

Status: fixed on 2018/03/23 18:14
Subsystems: bridge netfilter
[Documentation on labels]
Reported-by: syzbot+bdabab6f1983a03fc009@syzkaller.appspotmail.com
Fix commit: c8d70a700a5b netfilter: bridge: ebt_among: add more missing match size checks
First crash: 2243d, last: 2226d
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 3.16 000/410] 3.16.57-rc1 review 426 (426) 2018/11/12 17:42
[PATCH 3.2 000/153] 3.2.102-rc1 review 155 (155) 2018/05/30 22:14
[PATCH 4.4 00/72] 4.4.127-stable review 83 (83) 2018/05/17 08:56
[PATCH 4.9 000/102] 4.9.93-stable review 111 (111) 2018/04/12 16:56
[PATCH 3.18 00/93] 3.18.103-stable review 102 (102) 2018/04/09 08:13
[PATCH 4.15 00/72] 4.15.16-stable review 78 (78) 2018/04/07 06:10
[PATCH 4.14 00/67] 4.14.33-stable review 71 (71) 2018/04/06 22:10
[PATCH 0/5] Netfilter fixes for net 7 (7) 2018/03/12 16:50
BUG: unable to handle kernel paging request in ebt_among_mt_check (2) 0 (1) 2018/03/07 19:59
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in ebt_among_mt_check bridge netfilter C 823 2243d 2259d 4/26 fixed on 2018/03/06 13:29

Sample crash report:
audit: type=1400 audit(1520528703.206:7): avc:  denied  { map } for  pid=4219 comm="syzkaller072406" path="/root/syzkaller072406011" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
IPVS: ftp: loaded support on port[0] = 21
BUG: unable to handle kernel paging request at ffffc900017df5c5
IP: poolsize_invalid net/bridge/netfilter/ebt_among.c:177 [inline]
IP: ebt_among_mt_check+0x1f8/0x390 net/bridge/netfilter/ebt_among.c:193
PGD 1dad2f067 P4D 1dad2f067 PUD 1dad30067 PMD 1cf4e3067 PTE 0
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 4220 Comm: syzkaller072406 Not tainted 4.16.0-rc4+ #346
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:poolsize_invalid net/bridge/netfilter/ebt_among.c:177 [inline]
RIP: 0010:ebt_among_mt_check+0x1f8/0x390 net/bridge/netfilter/ebt_among.c:193
RSP: 0018:ffff8801cbfa7198 EFLAGS: 00010246
RAX: 0000000000000008 RBX: ffffc900017d71c0 RCX: ffffffff851bb706
RDX: 0000000000000000 RSI: 00000000000008f8 RDI: ffffc900017df5c5
RBP: ffff8801cbfa71d0 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff88613380 R11: 0000000000000000 R12: ffffc900017df1c1
R13: ffffffff851bb540 R14: 00000000000008f8 R15: ffffffff87701080
FS:  00000000007da880(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900017df5c5 CR3: 00000001b3790004 CR4: 00000000001606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 xt_check_match+0x235/0x9c0 net/netfilter/x_tables.c:469
 ebt_check_match net/bridge/netfilter/ebtables.c:374 [inline]
 ebt_check_entry+0xbc3/0x1e00 net/bridge/netfilter/ebtables.c:704
 translate_table+0xcf5/0x2290 net/bridge/netfilter/ebtables.c:945
 do_replace_finish+0x79a/0x2620 net/bridge/netfilter/ebtables.c:1002
 do_replace+0x333/0x4b0 net/bridge/netfilter/ebtables.c:1141
 do_ebt_set_ctl+0xd4/0x110 net/bridge/netfilter/ebtables.c:1518
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259
 udp_setsockopt+0x45/0x80 net/ipv4/udp.c:2406
 ipv6_setsockopt+0xa0/0x130 net/ipv6/ipv6_sockglue.c:917
 dccp_setsockopt+0x85/0xd0 net/dccp/proto.c:576
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
 SYSC_setsockopt net/socket.c:1849 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1828
 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x442499
RSP: 002b:00007ffe1db7ed08 EFLAGS: 00000213 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000442499
RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00000000006cd018 R08: 0000000000000c10 R09: 0000000000000000
R10: 0000000020000140 R11: 0000000000000213 R12: 0000000000403920
R13: 00000000004039b0 R14: 0000000000000000 R15: 0000000000000000
Code: 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 69 01 00 00 <45> 8b ac 24 04 04 00 00 41 81 fd a9 aa aa 0a 77 8f e8 c2 4e 55 
RIP: poolsize_invalid net/bridge/netfilter/ebt_among.c:177 [inline] RSP: ffff8801cbfa7198
RIP: ebt_among_mt_check+0x1f8/0x390 net/bridge/netfilter/ebt_among.c:193 RSP: ffff8801cbfa7198
CR2: ffffc900017df5c5
---[ end trace 41c76f0aeaefd3e1 ]---

Crashes (946):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/03/08 17:08 upstream 1b88accf6a65 acd0caa5 .config console log report syz C ci-upstream-kasan-gce
2018/03/08 17:10 net-next-old 67ae686b3e14 acd0caa5 .config console log report syz C ci-upstream-net-kasan-gce
2018/03/06 13:53 net-next-old 0f3e9c97eb5a aef0b792 .config console log report syz C ci-upstream-net-kasan-gce
2018/03/22 16:20 upstream 3215b9d57a2c 2e9d9054 .config console log report ci-upstream-kasan-gce
2018/03/21 23:55 upstream 3215b9d57a2c 95c88d7a .config console log report ci-upstream-kasan-gce
2018/03/17 17:20 upstream 8f5fd927c3a7 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/15 15:02 upstream 0aa3fdb8b3a6 08dacaa0 .config console log report ci-upstream-kasan-gce
2018/03/07 02:15 upstream ce380619fab9 c8a18476 .config console log report ci-upstream-kasan-gce-386
2018/03/23 17:51 net-next-old 6686c459e144 2e9d9054 .config console log report ci-upstream-net-kasan-gce
2018/03/23 14:19 net-next-old 6686c459e144 2e9d9054 .config console log report ci-upstream-net-kasan-gce
2018/03/23 06:04 net-next-old 6686c459e144 2e9d9054 .config console log report ci-upstream-net-kasan-gce
2018/03/22 22:09 net-next-old aa65f6365405 2e9d9054 .config console log report ci-upstream-net-kasan-gce
2018/03/22 20:54 net-next-old aa65f6365405 2e9d9054 .config console log report ci-upstream-net-kasan-gce
2018/03/22 17:25 net-next-old aa65f6365405 2e9d9054 .config console log report ci-upstream-net-kasan-gce
2018/03/22 12:00 net-next-old 454bfe97837a 95c88d7a .config console log report ci-upstream-net-kasan-gce
2018/03/21 21:54 net-next-old 454bfe97837a f63eeee9 .config console log report ci-upstream-net-kasan-gce
2018/03/21 13:46 net-next-old 0466080c751e f63eeee9 .config console log report ci-upstream-net-kasan-gce
2018/03/21 12:27 net-next-old 0466080c751e f63eeee9 .config console log report ci-upstream-net-kasan-gce
2018/03/21 09:19 net-next-old 0466080c751e 113a43ff .config console log report ci-upstream-net-kasan-gce
2018/03/21 06:34 net-next-old 0466080c751e 113a43ff .config console log report ci-upstream-net-kasan-gce
2018/03/21 01:02 net-next-old 0466080c751e 113a43ff .config console log report ci-upstream-net-kasan-gce
2018/03/20 20:11 net-next-old c846d8da5640 72c33b66 .config console log report ci-upstream-net-kasan-gce
2018/03/20 18:15 net-next-old c846d8da5640 72c33b66 .config console log report ci-upstream-net-kasan-gce
2018/03/20 15:28 net-next-old c846d8da5640 72c33b66 .config console log report ci-upstream-net-kasan-gce
2018/03/20 04:36 net-next-old c314c7ba4038 7e7d7ed2 .config console log report ci-upstream-net-kasan-gce
2018/03/20 02:52 net-next-old c314c7ba4038 7e7d7ed2 .config console log report ci-upstream-net-kasan-gce
2018/03/19 21:04 net-next-old c314c7ba4038 7e7d7ed2 .config console log report ci-upstream-net-kasan-gce
2018/03/19 06:25 net-next-old e3c72f3d37e4 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/19 03:36 net-next-old e3c72f3d37e4 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/19 02:32 net-next-old e3c72f3d37e4 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/18 23:14 net-next-old 76f38f1f3cf8 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/18 22:13 net-next-old 76f38f1f3cf8 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/18 09:31 net-next-old d7cb44496a9b 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/18 06:31 net-next-old d7cb44496a9b 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/17 22:47 net-next-old d7cb44496a9b 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/17 20:54 net-next-old 53794570049d 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/17 15:16 net-next-old 53794570049d 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/17 03:24 net-next-old 53794570049d 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/16 21:22 net-next-old 0aee4c259849 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/16 11:56 net-next-old 0aee4c259849 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/16 10:08 net-next-old 0aee4c259849 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/15 18:53 net-next-old 80d9f3a0fdb8 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/15 12:51 net-next-old c292566a7779 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/15 08:50 net-next-old c292566a7779 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/15 06:51 net-next-old c292566a7779 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/15 04:48 net-next-old c292566a7779 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/15 02:07 net-next-old c292566a7779 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/14 22:20 net-next-old a870a02cc963 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/14 15:25 net-next-old a870a02cc963 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/14 13:22 net-next-old a870a02cc963 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/14 07:34 net-next-old be9fc0971a5c 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/14 05:43 net-next-old be9fc0971a5c 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/14 03:14 net-next-old be9fc0971a5c 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/14 01:36 net-next-old be9fc0971a5c 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/13 22:28 net-next-old 9ba32046fc2d 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/13 18:37 net-next-old 9ba32046fc2d 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/13 16:00 net-next-old 9ba32046fc2d 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/13 11:11 net-next-old 9ba32046fc2d 08dacaa0 .config console log report ci-upstream-net-kasan-gce
2018/03/06 13:38 net-next-old 0f3e9c97eb5a aef0b792 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.