syzbot

 sign-in | mailing list | source | docs
🐞 Open [982] Subsystems 🐞 Fixed [5208] 🐞 Invalid [12468] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

divide error in nbd_ioctl

Status: fixed on 2018/09/26 21:51
Subsystems: nbd
[Documentation on labels]
Reported-by: syzbot+25dbecbec1e62c6b0dd4@syzkaller.appspotmail.com
Fix commit: bc811f05d77f nbd: don't allow invalid blocksize settings
First crash: 2057d, last: 2045d
Discussions (4)
Title Replies (including bot) Last reply
[PATCH 3.16 000/328] 3.16.62-rc1 review 338 (338) 2018/12/16 22:01
[PATCH 4.14 000/126] 4.14.71-stable review 137 (137) 2018/11/29 15:07
[PATCH 4.18 000/158] 4.18.9-stable review 163 (163) 2018/09/18 17:33
divide error in nbd_ioctl 3 (4) 2018/09/04 17:55

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
divide error: 0000 [#1] SMP KASAN
CPU: 1 PID: 4665 Comm: syz-executor637 Not tainted 4.19.0-rc1+ #217
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:div_s64_rem include/linux/math64.h:41 [inline]
RIP: 0010:div_s64 include/linux/math64.h:139 [inline]
RIP: 0010:__nbd_ioctl drivers/block/nbd.c:1242 [inline]
RIP: 0010:nbd_ioctl+0x53c/0xcf0 drivers/block/nbd.c:1303
Code: ea 03 80 3c 02 00 0f 85 1c 07 00 00 48 8b b5 c0 fe ff ff 48 63 8d b8 fe ff ff 48 8b 86 c8 00 00 00 48 8d be c0 00 00 00 48 99 <48> f7 f9 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c
RSP: 0018:ffff8801b8d77828 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8801d9feaa40 RDI: ffff8801d9feab00
RBP: ffff8801b8d779a0 R08: ffff8801be820540 R09: ffffed003a6434bd
R10: ffff8801b8d77818 R11: ffff8801d321a5ef R12: ffff8801d321a500
R13: 00000000ffffffe7 R14: ffff8801d321a5e0 R15: ffff8801da806040
FS:  0000000000965880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000043e560 CR3: 00000001d8396000 CR4: 00000000001406e0
Call Trace:
 __blkdev_driver_ioctl block/ioctl.c:303 [inline]
 blkdev_ioctl+0x9cd/0x2030 block/ioctl.c:601
 block_ioctl+0xee/0x130 fs/block_dev.c:1883
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:501 [inline]
 do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685
 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702
 __do_sys_ioctl fs/ioctl.c:709 [inline]
 __se_sys_ioctl fs/ioctl.c:707 [inline]
 __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x443d29
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b d8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffda2752558 EFLAGS: 00000213 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00000000004002e0 RCX: 0000000000443d29
RDX: 0000000000000000 RSI: 000000000000ab01 RDI: 0000000000000003
RBP: 00000000006ce018 R08: 0000000000000000 R09: 00000000004002e0
R10: 000000000000000f R11: 0000000000000213 R12: 0000000000401a30
R13: 0000000000401ac0 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
Dumping ftrace buffer:
   (ftrace buffer empty)
---[ end trace 8558bfb901e639af ]---
RIP: 0010:div_s64_rem include/linux/math64.h:41 [inline]
RIP: 0010:div_s64 include/linux/math64.h:139 [inline]
RIP: 0010:__nbd_ioctl drivers/block/nbd.c:1242 [inline]
RIP: 0010:nbd_ioctl+0x53c/0xcf0 drivers/block/nbd.c:1303
Code: ea 03 80 3c 02 00 0f 85 1c 07 00 00 48 8b b5 c0 fe ff ff 48 63 8d b8 fe ff ff 48 8b 86 c8 00 00 00 48 8d be c0 00 00 00 48 99 <48> f7 f9 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c
RSP: 0018:ffff8801b8d77828 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8801d9feaa40 RDI: ffff8801d9feab00
RBP: ffff8801b8d779a0 R08: ffff8801be820540 R09: ffffed003a6434bd
R10: ffff8801b8d77818 R11: ffff8801d321a5ef R12: ffff8801d321a500
R13: 00000000ffffffe7 R14: ffff8801d321a5e0 R15: ffff8801da806040
FS:  0000000000965880(0000) GS:ffff8801db100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000043e560 CR3: 00000001d8396000 CR4: 00000000001406e0

Crashes (50):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/08/31 20:39 upstream 420f51f4ab6b a4718693 .config console log report syz C ci-upstream-kasan-gce-root
2018/08/31 08:03 upstream 217c3e019675 a4718693 .config console log report syz C ci-upstream-kasan-gce-root
2018/08/31 22:59 linux-next a880148cb2af a4718693 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2018/08/31 14:10 linux-next a880148cb2af a4718693 .config console log report syz C ci-upstream-linux-next-kasan-gce-root
2018/09/06 14:14 upstream b36fdc6853a3 0bb7a7eb .config console log report ci-upstream-kasan-gce-root
2018/09/06 03:03 upstream b36fdc6853a3 873745f2 .config console log report ci-upstream-kasan-gce-selinux-root
2018/09/05 14:38 upstream 28619527b8a7 196410e4 .config console log report ci-upstream-kasan-gce-root
2018/09/05 00:02 upstream 28619527b8a7 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/04 23:38 upstream 28619527b8a7 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/03 17:32 upstream 60c1f89241d4 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/03 10:59 upstream 60c1f89241d4 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/03 10:05 upstream 60c1f89241d4 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/03 03:16 upstream 899ba79553cf a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/02 20:10 upstream 899ba79553cf a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/01 23:26 upstream 360bd62dc494 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/01 12:18 upstream 420f51f4ab6b a4718693 .config console log report ci-upstream-kasan-gce-root
2018/08/31 17:26 upstream 217c3e019675 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/08/31 11:01 upstream 217c3e019675 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/08/31 10:17 upstream 217c3e019675 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/08/31 06:41 upstream 217c3e019675 a4718693 .config console log report ci-upstream-kasan-gce-root
2018/09/11 21:04 linux-next f2b6e66e9885 4ae17b1f .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/11 17:42 linux-next f2b6e66e9885 4ae17b1f .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/11 10:46 linux-next f2b6e66e9885 8c88323f .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/11 07:23 linux-next f2b6e66e9885 8c88323f .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/10 23:21 linux-next f2b6e66e9885 f167cb6b .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/09 17:57 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/09 16:19 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/09 14:52 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/09 06:28 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/09 01:46 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/09 00:22 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/08 22:21 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/08 03:05 linux-next f2b6e66e9885 6b5120a4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/07 19:04 linux-next f2b6e66e9885 69cfeb80 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/07 17:31 linux-next f2b6e66e9885 69cfeb80 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/07 05:48 linux-next f2b6e66e9885 e30d3b52 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/07 01:13 linux-next f2b6e66e9885 e30d3b52 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/06 17:08 linux-next f2b6e66e9885 0bb7a7eb .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/06 16:46 linux-next f2b6e66e9885 0bb7a7eb .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/05 20:51 linux-next f2b6e66e9885 196410e4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/05 12:41 linux-next f2b6e66e9885 196410e4 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/05 09:05 linux-next f2b6e66e9885 a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/04 23:39 linux-next f2b6e66e9885 a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/04 03:38 linux-next dceb9092b16b a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/03 17:11 linux-next dceb9092b16b a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/03 07:43 linux-next dceb9092b16b a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/09/01 08:38 linux-next a880148cb2af a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/31 17:25 linux-next a880148cb2af a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
2018/08/31 10:59 linux-next a880148cb2af a4718693 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.