syzbot

 sign-in | mailing list | source | docs
🐞 Open [974] Subsystems 🐞 Fixed [5207] 🐞 Invalid [12456] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in compat_copy_entries

Status: fixed on 2018/03/06 13:29
Subsystems: bridge netfilter
[Documentation on labels]
Reported-by: syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com
Fix commit: b71812168571 netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
First crash: 2249d, last: 2232d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 3.16 000/410] 3.16.57-rc1 review 426 (426) 2018/11/12 17:42
[PATCH 3.2 000/153] 3.2.102-rc1 review 155 (155) 2018/05/30 22:14
[PATCH 4.4 00/63] 4.4.122-stable review 79 (79) 2018/04/06 07:51
[PATCH 4.9 00/86] 4.9.88-stable review 97 (97) 2018/03/22 17:47
[PATCH 3.18 00/25] 3.18.100-stable review 30 (30) 2018/03/18 10:14
[PATCH 4.15 000/146] 4.15.10-stable review 160 (160) 2018/03/15 10:19
[PATCH 4.14 000/140] 4.14.27-stable review 150 (150) 2018/03/14 18:26
[PATCH 00/14] Netfilter/IPVS fixes for net 16 (16) 2018/03/03 01:32
[PATCH nf] netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets 2 (2) 2018/02/25 19:08
WARNING in compat_copy_entries 0 (1) 2018/02/18 22:59
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in compat_copy_entries (2) syz done 19416 1799d 2232d 12/26 fixed on 2019/05/27 12:48

Sample crash report:
audit: type=1400 audit(1518894929.943:7): avc:  denied  { map } for  pid=4162 comm="syzkaller739777" path="/root/syzkaller739777723" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
WARNING: CPU: 1 PID: 4162 at net/bridge/netfilter/ebtables.c:2056 ebt_size_mwt net/bridge/netfilter/ebtables.c:2056 [inline]
WARNING: CPU: 1 PID: 4162 at net/bridge/netfilter/ebtables.c:2056 size_entry_mwt net/bridge/netfilter/ebtables.c:2122 [inline]
WARNING: CPU: 1 PID: 4162 at net/bridge/netfilter/ebtables.c:2056 compat_copy_entries+0xcfa/0x1050 net/bridge/netfilter/ebtables.c:2160
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 4162 Comm: syzkaller739777 Not tainted 4.16.0-rc1+ #227
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x194/0x257 lib/dump_stack.c:53
 panic+0x1e4/0x41c kernel/panic.c:183
 __warn+0x1dc/0x200 kernel/panic.c:547
 report_bug+0x211/0x2d0 lib/bug.c:184
 fixup_bug.part.11+0x37/0x80 arch/x86/kernel/traps.c:178
 fixup_bug arch/x86/kernel/traps.c:247 [inline]
 do_error_trap+0x2d7/0x3e0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:315
 invalid_op+0x58/0x80 arch/x86/entry/entry_64.S:957
RIP: 0010:ebt_size_mwt net/bridge/netfilter/ebtables.c:2056 [inline]
RIP: 0010:size_entry_mwt net/bridge/netfilter/ebtables.c:2122 [inline]
RIP: 0010:compat_copy_entries+0xcfa/0x1050 net/bridge/netfilter/ebtables.c:2160
RSP: 0018:ffff8801b4e2f7e8 EFLAGS: 00010293
RAX: ffff8801b1860140 RBX: 0000000000000000 RCX: ffffffff84f075ea
RDX: 0000000000000000 RSI: ffffc9000180d2bc RDI: 0000000000000000
RBP: ffff8801b4e2f968 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff8818b280 R11: 00000000fffffe78 R12: 0000000000000008
R13: dffffc0000000000 R14: ffff8801b4e2f9c8 R15: ffffc9000180d2c4
 compat_do_replace+0x398/0x7c0 net/bridge/netfilter/ebtables.c:2249
 compat_do_ebt_set_ctl+0x22a/0x2d0 net/bridge/netfilter/ebtables.c:2330
 compat_nf_sockopt net/netfilter/nf_sockopt.c:144 [inline]
 compat_nf_setsockopt+0x88/0x130 net/netfilter/nf_sockopt.c:156
 compat_ip_setsockopt+0x8b/0xd0 net/ipv4/ip_sockglue.c:1285
 inet_csk_compat_setsockopt+0x95/0x120 net/ipv4/inet_connection_sock.c:1041
 compat_tcp_setsockopt+0x3d/0x70 net/ipv4/tcp.c:2916
 compat_sock_common_setsockopt+0xb2/0x140 net/core/sock.c:2986
 C_SYSC_setsockopt net/compat.c:403 [inline]
 compat_SyS_setsockopt+0x17c/0x410 net/compat.c:386
 do_syscall_32_irqs_on arch/x86/entry/common.c:330 [inline]
 do_fast_syscall_32+0x3ec/0xf9f arch/x86/entry/common.c:392
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f85c79
RSP: 002b:00000000ffe17c0c EFLAGS: 00000286 ORIG_RAX: 000000000000016e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
RDX: 0000000000000080 RSI: 0000000020159fb0 RDI: 0000000000000418
RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (434):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/02/17 19:17 upstream ee78ad7848a7 833f78c7 .config console log report syz C ci-upstream-kasan-gce-386
2018/03/06 03:42 upstream 094b58e1040a aef0b792 .config console log report syz ci-upstream-kasan-gce-386
2018/03/06 12:48 upstream 094b58e1040a aef0b792 .config console log report ci-upstream-kasan-gce-386
2018/03/06 09:20 upstream 094b58e1040a aef0b792 .config console log report ci-upstream-kasan-gce-386
2018/03/06 07:14 upstream 094b58e1040a aef0b792 .config console log report ci-upstream-kasan-gce-386
2018/03/06 05:05 upstream 094b58e1040a aef0b792 .config console log report ci-upstream-kasan-gce-386
2018/03/06 03:12 upstream 094b58e1040a aef0b792 .config console log report ci-upstream-kasan-gce-386
2018/03/05 10:45 upstream 661e50bc8532 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/05 07:28 upstream e64b9562ba28 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/05 03:50 upstream e64b9562ba28 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/04 20:57 upstream 58bdf601c2de 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/04 14:16 upstream 58bdf601c2de 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/04 03:08 upstream 5fbdefcf685d 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/04 01:28 upstream 5fbdefcf685d 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 23:46 upstream 5fbdefcf685d 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 22:37 upstream 5fbdefcf685d 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 18:42 upstream 5fbdefcf685d 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 16:45 upstream 5fbdefcf685d 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 14:33 upstream 5fbdefcf685d 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 12:46 upstream 0573fed92b67 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 10:30 upstream 0573fed92b67 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 07:12 upstream 0573fed92b67 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/03 02:08 upstream 0573fed92b67 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/02 17:28 upstream 5d60e057d127 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/02 14:28 upstream 5d60e057d127 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/02 11:09 upstream 8da5db7ddae1 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/02 09:39 upstream 8da5db7ddae1 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/02 06:43 upstream 8da5db7ddae1 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/02 04:55 upstream 8da5db7ddae1 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/02 02:02 upstream 8da5db7ddae1 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/01 22:36 upstream 8da5db7ddae1 2c6f473e .config console log report ci-upstream-kasan-gce-386
2018/03/01 16:58 upstream 97ace515f014 c4089507 .config console log report ci-upstream-kasan-gce-386
2018/03/01 09:09 upstream c02be2334e75 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/03/01 07:17 upstream c02be2334e75 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/03/01 05:33 upstream c02be2334e75 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/03/01 03:46 upstream c02be2334e75 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/03/01 00:04 upstream c02be2334e75 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 19:43 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 16:55 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 14:39 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 12:47 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 09:18 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 07:45 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 06:32 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 04:40 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/28 01:15 upstream f3afe530d644 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/27 23:42 upstream 6f70eb2b00eb 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/27 21:29 upstream 6f70eb2b00eb 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/27 20:22 upstream 6f70eb2b00eb 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/27 15:36 upstream 6f70eb2b00eb 05b5a32c .config console log report ci-upstream-kasan-gce-386
2018/02/27 07:24 upstream 4a3928c6f8a5 b370d4a7 .config console log report ci-upstream-kasan-gce-386
2018/02/17 18:58 upstream ee78ad7848a7 833f78c7 .config console log report ci-upstream-kasan-gce-386
* Struck through repros no longer work on HEAD.