From: syzbot <syzbot+21016130b0580a9de3b5@syzkaller.appspotmail.com>
To: dvyukov@google.com, jmorris@namei.org,
john.johansen@canonical.com, linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, serge@hallyn.com,
syzkaller-bugs@googlegroups.com, tyhicks@canonical.com
Subject: Re: WARNING in apparmor_secid_to_secctx
Date: Wed, 29 Aug 2018 20:43:03 -0700 [thread overview]
Message-ID: <0000000000004a164f05749edfba@google.com> (raw)
In-Reply-To: <000000000000c178e305749daba4@google.com>
syzbot has found a reproducer for the following crash on:
HEAD commit: 817e60a7a2bb Merge branch 'nfp-add-NFP5000-support'
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=16662cb6400000
kernel config: https://syzkaller.appspot.com/x/.config?x=531a917630d2a492
dashboard link: https://syzkaller.appspot.com/bug?extid=21016130b0580a9de3b5
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f20a96400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10efd7bc400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+21016130b0580a9de3b5@syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
------------[ cut here ]------------
AppArmor WARN apparmor_secid_to_secctx: ((!secdata)):
WARNING: CPU: 0 PID: 4682 at security/apparmor/secid.c:82
apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 4682 Comm: syz-executor028 Not tainted 4.19.0-rc1+ #193
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:993
RIP: 0010:apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82
Code: c7 c7 40 66 58 87 e8 6a 6d 0f fe 0f 0b e9 6c fe ff ff e8 3e aa 44 fe
48 c7 c6 80 67 58 87 48 c7 c7 a0 65 58 87 e8 4b 6d 0f fe <0f> 0b e9 3f fe
ff ff 48 89 df e8 fc a7 83 fe e9 ed fe ff ff bb f4
RSP: 0018:ffff8801ba5a6d10 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff8801ba5a6ed0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8163ac01 RDI: 0000000000000001
RBP: ffff8801ba5a6d30 R08: ffff8801d9ba2580 R09: ffffed003b603eca
R10: ffffed003b603eca R11: ffff8801db01f657 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801ba5a6ed0
security_secid_to_secctx+0x63/0xc0 security/security.c:1314
ctnetlink_secctx_size net/netfilter/nf_conntrack_netlink.c:621 [inline]
ctnetlink_nlmsg_size net/netfilter/nf_conntrack_netlink.c:659 [inline]
ctnetlink_conntrack_event+0x303/0x1470
net/netfilter/nf_conntrack_netlink.c:706
nf_conntrack_eventmask_report+0x55f/0x930
net/netfilter/nf_conntrack_ecache.c:151
nf_conntrack_event_report include/net/netfilter/nf_conntrack_ecache.h:112
[inline]
nf_ct_delete+0x33c/0x5d0 net/netfilter/nf_conntrack_core.c:601
nf_ct_iterate_cleanup+0x48c/0x5e0 net/netfilter/nf_conntrack_core.c:1892
nf_ct_iterate_cleanup_net+0x23c/0x2d0
net/netfilter/nf_conntrack_core.c:1974
ctnetlink_flush_conntrack net/netfilter/nf_conntrack_netlink.c:1226
[inline]
ctnetlink_del_conntrack+0x66c/0x850
net/netfilter/nf_conntrack_netlink.c:1258
nfnetlink_rcv_msg+0xd88/0x1070 net/netfilter/nfnetlink.c:228
netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
nfnetlink_rcv+0x1c0/0x4d0 net/netfilter/nfnetlink.c:560
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343
netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
__sys_sendmsg+0x11d/0x290 net/socket.c:2152
__do_sys_sendmsg net/socket.c:2161 [inline]
__se_sys_sendmsg net/socket.c:2159 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441189
Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc388e2108 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441189
RDX: 0000000000000000 RSI: 0000000020d65000 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000217 R12: 00000000004020d0
R13: 0000000000402160 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
WARNING: multiple messages have this Message-ID (diff)
From: syzbot+21016130b0580a9de3b5@syzkaller.appspotmail.com (syzbot)
To: linux-security-module@vger.kernel.org
Subject: WARNING in apparmor_secid_to_secctx
Date: Wed, 29 Aug 2018 20:43:03 -0700 [thread overview]
Message-ID: <0000000000004a164f05749edfba@google.com> (raw)
In-Reply-To: <000000000000c178e305749daba4@google.com>
syzbot has found a reproducer for the following crash on:
HEAD commit: 817e60a7a2bb Merge branch 'nfp-add-NFP5000-support'
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=16662cb6400000
kernel config: https://syzkaller.appspot.com/x/.config?x=531a917630d2a492
dashboard link: https://syzkaller.appspot.com/bug?extid=21016130b0580a9de3b5
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14f20a96400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10efd7bc400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+21016130b0580a9de3b5 at syzkaller.appspotmail.com
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
------------[ cut here ]------------
AppArmor WARN apparmor_secid_to_secctx: ((!secdata)):
WARNING: CPU: 0 PID: 4682 at security/apparmor/secid.c:82
apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82
Kernel panic - not syncing: panic_on_warn set ...
CPU: 0 PID: 4682 Comm: syz-executor028 Not tainted 4.19.0-rc1+ #193
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
panic+0x238/0x4e7 kernel/panic.c:184
__warn.cold.8+0x163/0x1ba kernel/panic.c:536
report_bug+0x252/0x2d0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:178 [inline]
do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:993
RIP: 0010:apparmor_secid_to_secctx+0x2b5/0x2f0 security/apparmor/secid.c:82
Code: c7 c7 40 66 58 87 e8 6a 6d 0f fe 0f 0b e9 6c fe ff ff e8 3e aa 44 fe
48 c7 c6 80 67 58 87 48 c7 c7 a0 65 58 87 e8 4b 6d 0f fe <0f> 0b e9 3f fe
ff ff 48 89 df e8 fc a7 83 fe e9 ed fe ff ff bb f4
RSP: 0018:ffff8801ba5a6d10 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff8801ba5a6ed0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8163ac01 RDI: 0000000000000001
RBP: ffff8801ba5a6d30 R08: ffff8801d9ba2580 R09: ffffed003b603eca
R10: ffffed003b603eca R11: ffff8801db01f657 R12: 0000000000000001
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801ba5a6ed0
security_secid_to_secctx+0x63/0xc0 security/security.c:1314
ctnetlink_secctx_size net/netfilter/nf_conntrack_netlink.c:621 [inline]
ctnetlink_nlmsg_size net/netfilter/nf_conntrack_netlink.c:659 [inline]
ctnetlink_conntrack_event+0x303/0x1470
net/netfilter/nf_conntrack_netlink.c:706
nf_conntrack_eventmask_report+0x55f/0x930
net/netfilter/nf_conntrack_ecache.c:151
nf_conntrack_event_report include/net/netfilter/nf_conntrack_ecache.h:112
[inline]
nf_ct_delete+0x33c/0x5d0 net/netfilter/nf_conntrack_core.c:601
nf_ct_iterate_cleanup+0x48c/0x5e0 net/netfilter/nf_conntrack_core.c:1892
nf_ct_iterate_cleanup_net+0x23c/0x2d0
net/netfilter/nf_conntrack_core.c:1974
ctnetlink_flush_conntrack net/netfilter/nf_conntrack_netlink.c:1226
[inline]
ctnetlink_del_conntrack+0x66c/0x850
net/netfilter/nf_conntrack_netlink.c:1258
nfnetlink_rcv_msg+0xd88/0x1070 net/netfilter/nfnetlink.c:228
netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
nfnetlink_rcv+0x1c0/0x4d0 net/netfilter/nfnetlink.c:560
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x5a0/0x760 net/netlink/af_netlink.c:1343
netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
__sys_sendmsg+0x11d/0x290 net/socket.c:2152
__do_sys_sendmsg net/socket.c:2161 [inline]
__se_sys_sendmsg net/socket.c:2159 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x441189
Code: e8 cc ab 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 bb 0a fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc388e2108 EFLAGS: 00000217 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441189
RDX: 0000000000000000 RSI: 0000000020d65000 RDI: 0000000000000004
RBP: 0000000000000000 R08: 00000000004002c8 R09: 00000000004002c8
R10: 00000000004002c8 R11: 0000000000000217 R12: 00000000004020d0
R13: 0000000000402160 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..
next prev parent reply other threads:[~2018-08-30 3:43 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-30 2:17 WARNING in apparmor_secid_to_secctx syzbot
2018-08-30 2:17 ` syzbot
2018-08-30 2:21 ` Dmitry Vyukov
2018-08-30 2:21 ` Dmitry Vyukov
2018-08-31 16:03 ` Stephen Smalley
2018-08-31 16:03 ` Stephen Smalley
2018-08-31 16:07 ` Paul Moore
2018-08-31 16:07 ` Paul Moore
2018-08-31 16:16 ` Stephen Smalley
2018-08-31 16:16 ` Stephen Smalley
2018-08-31 16:17 ` Stephen Smalley
2018-08-31 16:17 ` Stephen Smalley
2018-08-31 22:38 ` Dmitry Vyukov
2018-08-31 22:38 ` Dmitry Vyukov
2018-09-04 12:57 ` Stephen Smalley
2018-09-04 12:57 ` Stephen Smalley
2018-09-04 13:16 ` Russell Coker
2018-09-04 13:16 ` Russell Coker
2018-09-04 14:53 ` Dmitry Vyukov
2018-09-04 14:53 ` Dmitry Vyukov
2018-09-05 17:13 ` Kees Cook
2018-09-05 17:13 ` Kees Cook
2018-09-04 15:02 ` Dmitry Vyukov
2018-09-04 15:02 ` Dmitry Vyukov
2018-09-04 15:28 ` Stephen Smalley
2018-09-04 15:28 ` Stephen Smalley
2018-09-04 15:38 ` Dmitry Vyukov
2018-09-04 15:38 ` Dmitry Vyukov
2018-09-04 17:02 ` Stephen Smalley
2018-09-04 17:02 ` Stephen Smalley
2018-09-05 1:21 ` Paul Moore
2018-09-05 1:21 ` Paul Moore
2018-09-05 11:08 ` Dmitry Vyukov
2018-09-05 11:08 ` Dmitry Vyukov
2018-09-05 17:37 ` Casey Schaufler
2018-09-05 17:37 ` Casey Schaufler
2018-09-06 10:59 ` Dmitry Vyukov
2018-09-06 10:59 ` Dmitry Vyukov
2018-09-06 11:19 ` Dmitry Vyukov
2018-09-06 11:19 ` Dmitry Vyukov
2018-09-06 19:35 ` Dmitry Vyukov
2018-09-06 19:35 ` Dmitry Vyukov
2019-01-29 11:32 ` Tetsuo Handa
2019-01-30 14:45 ` Dmitry Vyukov
2019-01-30 16:30 ` Micah Morton
2019-01-31 0:22 ` Tetsuo Handa
2019-02-01 10:09 ` Dmitry Vyukov
2019-02-01 10:11 ` Dmitry Vyukov
2019-02-01 10:43 ` Tetsuo Handa
2019-02-01 10:50 ` Dmitry Vyukov
2019-02-01 13:09 ` [PATCH] LSM: Allow syzbot to ignore security= parameter Tetsuo Handa
2019-02-04 8:07 ` Dmitry Vyukov
2019-02-06 10:23 ` Tetsuo Handa
2019-02-06 17:03 ` Casey Schaufler
2019-02-07 2:30 ` Tetsuo Handa
2019-02-07 16:24 ` Casey Schaufler
2019-02-08 10:52 ` Tetsuo Handa
2019-02-08 16:23 ` Casey Schaufler
2019-02-09 0:28 ` Tetsuo Handa
2019-02-09 1:40 ` Tetsuo Handa
2019-02-08 21:49 ` Kees Cook
2019-02-08 21:33 ` Kees Cook
2018-08-30 3:43 ` syzbot [this message]
2018-08-30 3:43 ` WARNING in apparmor_secid_to_secctx syzbot
2018-09-01 9:18 ` John Johansen
2018-09-01 9:18 ` John Johansen
2018-09-02 4:33 ` Dmitry Vyukov
2018-09-02 4:33 ` Dmitry Vyukov
2018-09-02 4:52 ` John Johansen
2018-09-02 4:52 ` John Johansen
2018-09-02 5:03 ` Dmitry Vyukov
2018-09-02 5:03 ` Dmitry Vyukov
2018-09-02 5:03 ` syzbot
2018-09-02 5:03 ` syzbot
2018-09-02 5:05 ` Dmitry Vyukov
2018-09-02 5:05 ` Dmitry Vyukov
2018-09-02 5:46 ` syzbot
2018-09-02 5:46 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0000000000004a164f05749edfba@google.com \
--to=syzbot+21016130b0580a9de3b5@syzkaller.appspotmail.com \
--cc=dvyukov@google.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tyhicks@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.