【标题描述】能够简要描述问题:说明什么场景下,做了什么操作,出现什么问题(尽量使用正向表达方式)
一、缺陷信息
syzkaller: BUG: unable to handle kernel paging request in crypto_sha3_update
内核信息:
OLK-6.6
缺陷归属组件:
缺陷归属的版本:
缺陷简述:
【环境信息】
硬件信息
X86服务器
【问题复现步骤】,请描述具体的操作步骤
【实际结果】,请描述出问题的结果和影响
【其他相关附件信息】
比如系统message日志/组件日志、dump信息、图片等
BUG: unable to handle page fault for address: ffff8881115a13c0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7c401067 P4D 7c401067 PUD 101bd8063 PMD 106bc6063 PTE 800ffffeeea5e060
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 PID: 2331 Comm: syz-executor.1 Not tainted 6.6.0+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:get_unaligned_le64 include/asm-generic/unaligned.h:37 [inline]
RIP: 0010:crypto_sha3_update+0x24a/0x3b0 crypto/sha3_generic.c:197
Code: 0f b6 34 1e 0f 95 c1 40 84 cf 0f 85 f0 00 00 00 83 e2 07 40 38 d6 0f 9e c1 40 84 f6 0f 95 c2 84 d1 0f 85 d9 00 00 00 4c 89 f2 <48> 8b 00 48 c1 ea 03 80 3c 1a 00 0f 85 e1 00 00 00 49 31 06 41 83
RSP: 0018:ffff888107cb7778 EFLAGS: 00010246
RAX: ffff8881115a13c0 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff888020a3d300 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 000000000000000d R08: ffff888117d9aeb0 R09: 0000000000000000
R10: 000000000000000d R11: ffffffff9d80012a R12: ffff8881115a13c0
R13: 0000000000000000 R14: ffff888020a3d300 R15: 0000000000000000
FS: 00007f16c8d756c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881115a13c0 CR3: 000000010c0ce003 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
crypto_shash_update crypto/shash.c:134 [inline]
shash_ahash_update crypto/shash.c:306 [inline]
shash_async_update+0xeb/0x230 crypto/shash.c:314
crypto_ahash_update include/crypto/hash.h:618 [inline]
hash_sendmsg+0x3e1/0x1040 crypto/algif_hash.c:149
sock_sendmsg_nosec net/socket.c:734 [inline]
__sock_sendmsg net/socket.c:749 [inline]
__sock_sendmsg+0x1fd/0x250 net/socket.c:744
____sys_sendmsg+0x26f/0xa00 net/socket.c:2564
___sys_sendmsg+0x122/0x1c0 net/socket.c:2618
__sys_sendmmsg+0x19d/0x430 net/socket.c:2704
__do_sys_sendmmsg net/socket.c:2733 [inline]
__se_sys_sendmmsg net/socket.c:2730 [inline]
__x64_sys_sendmmsg+0xa1/0x110 net/socket.c:2730
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x4455ad
Code: 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f16c8d750d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000005cbf80 RCX: 00000000004455ad
RDX: 0000000000000001 RSI: 0000000020005c80 RDI: 0000000000000005
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000048044 R11: 0000000000000246 R12: 00000000005cbf8c
R13: 000000000000000b R14: 00000000005cbf80 R15: 00007f16c8d55000
Modules linked in:
CR2: ffff8881115a13c0
---[ end trace 0000000000000000 ]---
RIP: 0010:get_unaligned_le64 include/asm-generic/unaligned.h:37 [inline]
RIP: 0010:crypto_sha3_update+0x24a/0x3b0 crypto/sha3_generic.c:197
Code: 0f b6 34 1e 0f 95 c1 40 84 cf 0f 85 f0 00 00 00 83 e2 07 40 38 d6 0f 9e c1 40 84 f6 0f 95 c2 84 d1 0f 85 d9 00 00 00 4c 89 f2 <48> 8b 00 48 c1 ea 03 80 3c 1a 00 0f 85 e1 00 00 00 49 31 06 41 83
RSP: 0018:ffff888107cb7778 EFLAGS: 00010246
RAX: ffff8881115a13c0 RBX: dffffc0000000000 RCX: 0000000000000001
RDX: ffff888020a3d300 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 000000000000000d R08: ffff888117d9aeb0 R09: 0000000000000000
R10: 000000000000000d R11: ffffffff9d80012a R12: ffff8881115a13c0
R13: 0000000000000000 R14: ffff888020a3d300 R15: 0000000000000000
FS: 00007f16c8d756c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881115a13c0 CR3: 000000010c0ce003 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Code disassembly (best guess):
0: 0f b6 34 1e movzbl (%rsi,%rbx,1),%esi
4: 0f 95 c1 setne %cl
7: 40 84 cf test %cl,%dil
a: 0f 85 f0 00 00 00 jne 0x100
10: 83 e2 07 and $0x7,%edx
13: 40 38 d6 cmp %dl,%sil
16: 0f 9e c1 setle %cl
19: 40 84 f6 test %sil,%sil
1c: 0f 95 c2 setne %dl
1f: 84 d1 test %dl,%cl
21: 0f 85 d9 00 00 00 jne 0x100
27: 4c 89 f2 mov %r14,%rdx
- 2a: 48 8b 00 mov (%rax),%rax <-- trapping instruction
2d: 48 c1 ea 03 shr $0x3,%rdx
31: 80 3c 1a 00 cmpb $0x0,(%rdx,%rbx,1)
35: 0f 85 e1 00 00 00 jne 0x11c
3b: 49 31 06 xor %rax,(%r14)
3e: 41 rex.B
3f: 83 .byte 0x83
缺陷详情参考链接:
缺陷分析指导链接:
https:xxx