On Tue, Aug 06, 2019 at 09:32:55AM -0700, Zubin Mithra wrote:
Hello,
Syzkaller has triggered a GPF when fuzzing a 4.4 kernel with the following stacktrace.
Call Trace:
[<ffffffff823d9bfe>] nla_get_be64 include/net/netlink.h:1130 [inline]
[<ffffffff823d9bfe>] nfnl_acct_new+0x3ae/0x720 net/netfilter/nfnetlink_acct.c:111
[<ffffffff823d81c7>] nfnetlink_rcv_msg+0xa27/0xc30 net/netfilter/nfnetlink.c:215
[<ffffffff823c7ebf>] netlink_rcv_skb+0xdf/0x2f0 net/netlink/af_netlink.c:2361
[<ffffffff823d6e89>] nfnetlink_rcv+0x939/0x1000 net/netfilter/nfnetlink.c:479
[<ffffffff823c6974>] netlink_unicast_kernel net/netlink/af_netlink.c:1277 [inline]
[<ffffffff823c6974>] netlink_unicast+0x474/0x7c0 net/netlink/af_netlink.c:1303
[<ffffffff823c7461>] netlink_sendmsg+0x7a1/0xc50 net/netlink/af_netlink.c:1859
[<ffffffff82239fe5>] sock_sendmsg_nosec net/socket.c:627 [inline]
[<ffffffff82239fe5>] sock_sendmsg+0xd5/0x110 net/socket.c:637
[<ffffffff8223da67>] ___sys_sendmsg+0x767/0x890 net/socket.c:1964
[<ffffffff822405db>] __sys_sendmsg+0xbb/0x150 net/socket.c:1998
[<ffffffff822406a2>] SYSC_sendmsg net/socket.c:2009 [inline]
[<ffffffff822406a2>] SyS_sendmsg+0x32/0x50 net/socket.c:2005
[<ffffffff82a44e67>] entry_SYSCALL_64_fastpath+0x1e/0xa0
RIP [<ffffffff81d4931c>] nla_memcpy+0x2c/0xa0 lib/nlattr.c:279
Could the following patch be applied in order to v4.4.y? It is present in v4.9.y.
* eda3fc50daa9 ("netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter")
Tests run:
* Syzkaller reproducer
* Chrome OS tryjobs
Queued up for 4.4, thanks.
--
Thanks,
Sasha
