syzbot

 sign-in | mailing list | source | docs
🐞 Open [985] Subsystems 🐞 Fixed [5238] 🐞 Invalid [12509] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

BUG: unable to handle kernel paging request in ebt_among_mt_check

Status: fixed on 2018/03/06 13:29
Subsystems: bridge netfilter
[Documentation on labels]
Reported-by: syzbot+fe0b19af568972814355@syzkaller.appspotmail.com
Fix commit: c4585a2823ed netfilter: bridge: ebt_among: add missing match size checks
First crash: 2259d, last: 2242d
Discussions (10)
Title Replies (including bot) Last reply
[PATCH 3.16 000/410] 3.16.57-rc1 review 426 (426) 2018/11/12 17:42
[PATCH 3.2 000/153] 3.2.102-rc1 review 155 (155) 2018/05/30 22:14
[PATCH 4.4 00/63] 4.4.122-stable review 79 (79) 2018/04/06 07:51
[PATCH 4.9 00/86] 4.9.88-stable review 97 (97) 2018/03/22 17:47
[PATCH 3.18 00/25] 3.18.100-stable review 30 (30) 2018/03/18 10:14
[PATCH 4.15 000/146] 4.15.10-stable review 160 (160) 2018/03/15 10:19
[PATCH 4.14 000/140] 4.14.27-stable review 150 (150) 2018/03/14 18:26
[PATCH 00/14] Netfilter/IPVS fixes for net 16 (16) 2018/03/03 01:32
[PATCH nf] netfilter: bridge: ebt_among: add missing match size checks 2 (2) 2018/02/25 19:04
BUG: unable to handle kernel paging request in ebt_among_mt_check 0 (1) 2018/02/18 22:59
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in ebt_among_mt_check (2) bridge netfilter C 946 2225d 2241d 4/26 fixed on 2018/03/23 18:14

Sample crash report:
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
BUG: unable to handle kernel paging request at ffffc900051b152d
IP: ebt_among_mt_check+0x170/0x350 net/bridge/netfilter/ebt_among.c:187
PGD 1db12d067 P4D 1db12d067 PUD 1db12e067 PMD 1afbd9067 PTE 0
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4169 Comm: syzkaller333583 Not tainted 4.16.0-rc1+ #317
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:ebt_among_mt_check+0x170/0x350 net/bridge/netfilter/ebt_among.c:187
RSP: 0018:ffff8801aa17f210 EFLAGS: 00010246
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
RAX: 0000000000000008 RBX: ffffc900051a9128 RCX: ffffffff84f1661e
RDX: 0000000000000000 RSI: 0000000000000870 RDI: ffffc900051b152d
RBP: ffff8801aa17f240 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff8818b280 R11: 0000000000000000 R12: ffffc900051b1129
R13: ffff8801aa17f548 R14: ffffc900051a9131 R15: 0000000030000414
FS:  0000000001f53880(0000) GS:ffff8801db500000(0000) knlGS:0000000000000000
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc900051b152d CR3: 00000001b0ae6005 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 xt_check_match+0x231/0x7d0 net/netfilter/x_tables.c:470
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 ebt_check_match net/bridge/netfilter/ebtables.c:374 [inline]
 ebt_check_entry+0xbc3/0x1e00 net/bridge/netfilter/ebtables.c:704
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 translate_table+0xcf5/0x2290 net/bridge/netfilter/ebtables.c:945
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 do_replace_finish+0x79a/0x2620 net/bridge/netfilter/ebtables.c:1002
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 do_replace+0x333/0x4b0 net/bridge/netfilter/ebtables.c:1141
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 do_ebt_set_ctl+0xd4/0x110 net/bridge/netfilter/ebtables.c:1518
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 nf_sockopt net/netfilter/nf_sockopt.c:106 [inline]
 nf_setsockopt+0x67/0xc0 net/netfilter/nf_sockopt.c:115
 ip_setsockopt+0x97/0xa0 net/ipv4/ip_sockglue.c:1259
 tcp_setsockopt+0x82/0xd0 net/ipv4/tcp.c:2905
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 sock_common_setsockopt+0x95/0xd0 net/core/sock.c:2975
 SYSC_setsockopt net/socket.c:1849 [inline]
 SyS_setsockopt+0x189/0x360 net/socket.c:1828
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4428e9
RSP: 002b:00007ffe026672a8 EFLAGS: 00000202
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
 ORIG_RAX: 0000000000000036
RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00000000004428e9
RDX: 0000000000000080 RSI: 0000000000000000 RDI: 00000000000000a2
RBP: 3d87cc3a2cd03288 R08: 0000000000000d80 R09: 0000000000000000
R10: 0000000020fb1000 R11: 0000000000000202 R12: 3533333b0d3b0363
R13: c1c49cda7162b997 R14: 46950622b9f4f985 R15: 0000000000000000
Code: 
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
00 48 b8 00 00 00 00 00 fc ff df 
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
0f 85 c9 01 00 00 <41> 8b 84 24 04 04 00 00 8d 04 40 45 8d 
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
bc 87 08 04 00 00 4d 63 
RIP: ebt_among_mt_check+0x170/0x350 net/bridge/netfilter/ebt_among.c:187 RSP: ffff8801aa17f210
CR2: ffffc900051b152d
ebt_among: wrong size: 2160 against expected 805308444, rounded to 805308448
---[ end trace 1beeef0d998a7019 ]---

Crashes (823):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/02/17 19:59 upstream ee78ad7848a7 833f78c7 .config console log report syz C ci-upstream-kasan-gce
2018/02/17 19:59 net-next-old 1ec010e70593 833f78c7 .config console log report syz C ci-upstream-net-kasan-gce
2018/03/02 07:27 upstream 8da5db7ddae1 2c6f473e .config console log report ci-upstream-kasan-gce
2018/02/26 18:44 upstream 4a3928c6f8a5 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 08:29 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 06:32 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 05:53 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 05:19 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 04:25 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/26 00:08 upstream 3664ce2d9309 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 23:58 upstream 3664ce2d9309 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 22:41 upstream 3664ce2d9309 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 22:10 upstream 3664ce2d9309 9fe8aa42 .config console log report ci-upstream-kasan-gce
2018/02/25 12:13 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 10:17 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 08:21 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 07:16 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 06:57 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 06:17 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 06:14 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 05:40 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 04:59 upstream 3664ce2d9309 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/25 00:55 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 23:26 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 18:03 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 17:37 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 16:52 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 15:09 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 14:42 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 14:19 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 14:18 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/24 14:12 upstream 9cb9c07d6b0c 5c1e0207 .config console log report ci-upstream-kasan-gce
2018/02/26 03:14 upstream c89be5242607 9fe8aa42 .config console log report ci-upstream-kasan-gce-386
2018/03/06 12:46 net-next-old ef3f6c256f0b aef0b792 .config console log report ci-upstream-net-kasan-gce
2018/03/06 03:34 net-next-old ef3f6c256f0b aef0b792 .config console log report ci-upstream-net-kasan-gce
2018/03/06 02:25 net-next-old ef3f6c256f0b aef0b792 .config console log report ci-upstream-net-kasan-gce
2018/03/05 19:50 net-next-old ca435f88c102 bbd5104f .config console log report ci-upstream-net-kasan-gce
2018/03/04 19:47 net-next-old efab163bbc19 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 15:04 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 11:31 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 09:54 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 06:28 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/04 04:06 net-next-old e4e31cf07d0c 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 13:25 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 09:20 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 06:57 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/03 01:37 net-next-old 3c34cb9defb0 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 16:04 net-next-old 23e19fd4fb07 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 14:17 net-next-old 23e19fd4fb07 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/02 05:29 net-next-old f1c02cfb7b30 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/01 22:16 net-next-old f1c02cfb7b30 2c6f473e .config console log report ci-upstream-net-kasan-gce
2018/03/01 17:30 net-next-old a25724b05af0 c4089507 .config console log report ci-upstream-net-kasan-gce
2018/03/01 09:58 net-next-old a25724b05af0 c4089507 .config console log report ci-upstream-net-kasan-gce
2018/03/01 02:22 net-next-old fb66cb077560 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/28 18:28 net-next-old fb66cb077560 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/28 10:33 net-next-old 3f5a68300a40 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/27 20:13 net-next-old 3808b51911fe 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/27 16:22 net-next-old 3808b51911fe 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/27 12:40 net-next-old 3808b51911fe 05b5a32c .config console log report ci-upstream-net-kasan-gce
2018/02/27 10:24 net-next-old 3808b51911fe 6d41d29e .config console log report ci-upstream-net-kasan-gce
2018/02/26 23:42 net-next-old ba6056a41cb0 b370d4a7 .config console log report ci-upstream-net-kasan-gce
2018/02/26 22:28 net-next-old ba6056a41cb0 b370d4a7 .config console log report ci-upstream-net-kasan-gce
2018/02/26 15:46 net-next-old f74290fdb363 9fe8aa42 .config console log report ci-upstream-net-kasan-gce
* Struck through repros no longer work on HEAD.