【OLK-6.6】syzkaller: BUG: unable to handle kernel paging request in crypto_sha3_update

【标题描述】能够简要描述问题：说明什么场景下，做了什么操作，出现什么问题（尽量使用正向表达方式）

一、缺陷信息
syzkaller: BUG: unable to handle kernel paging request in crypto_sha3_update
内核信息：
OLK-6.6
缺陷归属组件：

缺陷归属的版本：

缺陷简述：

【环境信息】
硬件信息
X86服务器

【问题复现步骤】，请描述具体的操作步骤
【实际结果】，请描述出问题的结果和影响
【其他相关附件信息】
比如系统message日志/组件日志、dump信息、图片等
BUG: unable to handle page fault for address: ffff8881115a13c0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7c401067 P4D 7c401067 PUD 101bd8063 PMD 106bc6063 PTE 800ffffeeea5e060
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 PID: 2331 Comm: syz-executor.1 Not tainted 6.6.0+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:get_unaligned_le64 include/asm-generic/unaligned.h:37 [inline]
RIP: 0010:crypto_sha3_update+0x24a/0x3b0 crypto/sha3_generic.c:197
Code: 0f b6 34 1e 0f 95 c1 40 84 cf 0f 85 f0 00 00 00 83 e2 07 40 38 d6 0f 9e c1 40 84 f6 0f 95 c2 84 d1 0f 85 d9 00 00 00 4c 89 f2 <48> 8b 00 48 c1 ea 03 80 3c 1a 00 0f 85 e1 00 00 00 49 31 06 41 83
RSP: 0018:ffff888107cb7778 EFLAGS: 00010246
RAX: ffff8881115a13c0 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff888020a3d300 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 000000000000000d R08: ffff888117d9aeb0 R09: 0000000000000000
R10: 000000000000000d R11: ffffffff9d80012a R12: ffff8881115a13c0
R13: 0000000000000000 R14: ffff888020a3d300 R15: 0000000000000000
FS: 00007f16c8d756c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881115a13c0 CR3: 000000010c0ce003 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:

crypto_shash_update crypto/shash.c:134 [inline]
shash_ahash_update crypto/shash.c:306 [inline]
shash_async_update+0xeb/0x230 crypto/shash.c:314
crypto_ahash_update include/crypto/hash.h:618 [inline]
hash_sendmsg+0x3e1/0x1040 crypto/algif_hash.c:149
sock_sendmsg_nosec net/socket.c:734 [inline]
__sock_sendmsg net/socket.c:749 [inline]
__sock_sendmsg+0x1fd/0x250 net/socket.c:744
____sys_sendmsg+0x26f/0xa00 net/socket.c:2564
___sys_sendmsg+0x122/0x1c0 net/socket.c:2618
__sys_sendmmsg+0x19d/0x430 net/socket.c:2704
__do_sys_sendmmsg net/socket.c:2733 [inline]
__se_sys_sendmmsg net/socket.c:2730 [inline]
__x64_sys_sendmmsg+0xa1/0x110 net/socket.c:2730
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x4455ad
Code: 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f16c8d750d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000005cbf80 RCX: 00000000004455ad
RDX: 0000000000000001 RSI: 0000000020005c80 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000048044 R11: 0000000000000246 R12: 00000000005cbf8c
R13: 000000000000000b R14: 00000000005cbf80 R15: 00007f16c8d55000

Modules linked in:
CR2: ffff8881115a13c0
---[ end trace 0000000000000000 ]---
RIP: 0010:get_unaligned_le64 include/asm-generic/unaligned.h:37 [inline]
RIP: 0010:crypto_sha3_update+0x24a/0x3b0 crypto/sha3_generic.c:197
Code: 0f b6 34 1e 0f 95 c1 40 84 cf 0f 85 f0 00 00 00 83 e2 07 40 38 d6 0f 9e c1 40 84 f6 0f 95 c2 84 d1 0f 85 d9 00 00 00 4c 89 f2 <48> 8b 00 48 c1 ea 03 80 3c 1a 00 0f 85 e1 00 00 00 49 31 06 41 83
RSP: 0018:ffff888107cb7778 EFLAGS: 00010246
RAX: ffff8881115a13c0 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff888020a3d300 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 000000000000000d R08: ffff888117d9aeb0 R09: 0000000000000000
R10: 000000000000000d R11: ffffffff9d80012a R12: ffff8881115a13c0
R13: 0000000000000000 R14: ffff888020a3d300 R15: 0000000000000000
FS: 00007f16c8d756c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881115a13c0 CR3: 000000010c0ce003 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554

Code disassembly (best guess):
0: 0f b6 34 1e movzbl (%rsi,%rbx,1),%esi
4: 0f 95 c1 setne %cl
7: 40 84 cf test %cl,%dil
a: 0f 85 f0 00 00 00 jne 0x100
10: 83 e2 07 and $0x7,%edx
13: 40 38 d6 cmp %dl,%sil
16: 0f 9e c1 setle %cl
19: 40 84 f6 test %sil,%sil
1c: 0f 95 c2 setne %dl
1f: 84 d1 test %dl,%cl
21: 0f 85 d9 00 00 00 jne 0x100
27: 4c 89 f2 mov %r14,%rdx

2a: 48 8b 00 mov (%rax),%rax <-- trapping instruction
2d: 48 c1 ea 03 shr $0x3,%rdx
31: 80 3c 1a 00 cmpb $0x0,(%rdx,%rbx,1)
35: 0f 85 e1 00 00 00 jne 0x11c
3b: 49 31 06 xor %rax,(%r14)
3e: 41 rex.B
3f: 83 .byte 0x83
缺陷详情参考链接：

缺陷分析指导链接：
https：xxx

Hi james-felton, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

已定位问题修复补丁为mm/secretmem: fix GUP-fast succeeding on secretmem folios，最近LTS已合入，新版本无该问题

GVP openEuler / kernel

内容风险标识

评论 (2)

GVPopenEuler / kernel

内容风险标识