【OLK-6.6】syzkaller: BUG: unable to handle kernel paging request in crypto_blake2b_update_generic

【标题描述】能够简要描述问题：说明什么场景下，做了什么操作，出现什么问题（尽量使用正向表达方式）

一、缺陷信息
syzkaller: BUG: unable to handle kernel paging request in crypto_blake2b_update_generic
内核信息：
OLK-6.6
缺陷归属组件：

缺陷归属的版本：

缺陷简述：

【环境信息】
x86服务器

【问题复现步骤】，请描述具体的操作步骤
【实际结果】，请描述出问题的结果和影响
【其他相关附件信息】
比如系统message日志/组件日志、dump信息、图片等

BUG: unable to handle page fault for address: ffff888106eae040
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4c201067 P4D 4c201067 PUD 101be7063 PMD 112e19063 PTE 800ffffef9151060
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 PID: 7681 Comm: syz-executor.2 Not tainted 6.6.0+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:memcpy_orig+0x115/0x140 arch/x86/lib/memcpy_64.S:160
Code: 0f 1f 44 00 00 83 fa 04 72 1b 8b 0e 44 8b 44 16 fc 89 0f 44 89 44 17 fc c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 83 ea 01 72 19 <0f> b6 0e 74 12 4c 0f b6 46 01 4c 0f b6 0c 16 44 88 47 01 44 88 0c
RSP: 0018:ffff888114317858 EFLAGS: 00010246
RAX: ffff8880291b8b60 RBX: ffff8880291b8ae8 RCX: ffffffff836865ce
RDX: 0000000000000000 RSI: ffff888106eae040 RDI: ffff8880291b8b60
RBP: 0000000000000001 R08: ffff888117f5d090 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000014 R12: 0000000000000000
R13: 0000000000000080 R14: 0000000000000001 R15: 000000000000007f
FS: 00007f2368ee26c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888106eae040 CR3: 000000010f5b0005 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:

__blake2b_update include/crypto/internal/blake2b.h:47 [inline]
crypto_blake2b_update include/crypto/internal/blake2b.h:102 [inline]
crypto_blake2b_update_generic+0x223/0x5f0 crypto/blake2b_generic.c:128
crypto_shash_update crypto/shash.c:134 [inline]
shash_ahash_finup+0x1ce/0x3b0 crypto/shash.c:335
shash_ahash_digest+0x1fd/0x360 crypto/shash.c:371
crypto_ahash_op crypto/ahash.c:297 [inline]
crypto_ahash_op crypto/ahash.c:286 [inline]
crypto_ahash_digest+0x13a/0x240 crypto/ahash.c:345
hash_sendmsg+0x9ba/0x1040 crypto/algif_hash.c:137
sock_sendmsg_nosec net/socket.c:734 [inline]
__sock_sendmsg net/socket.c:749 [inline]
__sock_sendmsg+0x1fd/0x250 net/socket.c:744
____sys_sendmsg+0x69a/0xa00 net/socket.c:2564
___sys_sendmsg+0x122/0x1c0 net/socket.c:2618
__sys_sendmsg+0xee/0x1b0 net/socket.c:2647
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x4455ad
Code: 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2368ee20d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000005cbf80 RCX: 00000000004455ad
RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000005cbf8c
R13: 000000000000000b R14: 00000000005cbf80 R15: 00007f2368ec2000

Modules linked in:
CR2: ffff888106eae040
---[ end trace 0000000000000000 ]---
RIP: 0010:memcpy_orig+0x115/0x140 arch/x86/lib/memcpy_64.S:160
Code: 0f 1f 44 00 00 83 fa 04 72 1b 8b 0e 44 8b 44 16 fc 89 0f 44 89 44 17 fc c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 83 ea 01 72 19 <0f> b6 0e 74 12 4c 0f b6 46 01 4c 0f b6 0c 16 44 88 47 01 44 88 0c
RSP: 0018:ffff888114317858 EFLAGS: 00010246
RAX: ffff8880291b8b60 RBX: ffff8880291b8ae8 RCX: ffffffff836865ce
RDX: 0000000000000000 RSI: ffff888106eae040 RDI: ffff8880291b8b60
RBP: 0000000000000001 R08: ffff888117f5d090 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000014 R12: 0000000000000000
R13: 0000000000000080 R14: 0000000000000001 R15: 000000000000007f
FS: 00007f2368ee26c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888106eae040 CR3: 000000010f5b0005 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554

Code disassembly (best guess):
0: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
5: 83 fa 04 cmp $0x4,%edx
8: 72 1b jb 0x25
a: 8b 0e mov (%rsi),%ecx
c: 44 8b 44 16 fc mov -0x4(%rsi,%rdx,1),%r8d
11: 89 0f mov %ecx,(%rdi)
13: 44 89 44 17 fc mov %r8d,-0x4(%rdi,%rdx,1)
18: c3 ret
19: cc int3
1a: cc int3
1b: cc int3
1c: cc int3
1d: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
24: 00
25: 83 ea 01 sub $0x1,%edx
28: 72 19 jb 0x43

2a: 0f b6 0e movzbl (%rsi),%ecx <-- trapping instruction
2d: 74 12 je 0x41
2f: 4c 0f b6 46 01 movzbq 0x1(%rsi),%r8
34: 4c 0f b6 0c 16 movzbq (%rsi,%rdx,1),%r9
39: 44 88 47 01 mov %r8b,0x1(%rdi)
3d: 44 rex.R
3e: 88 .byte 0x88
3f: 0c .byte 0xc
缺陷详情参考链接：

缺陷分析指导链接：
https：xxx

Hi james-felton, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

已定位问题修复补丁为mm/secretmem: fix GUP-fast succeeding on secretmem folios，最近LTS已合入，新版本无该问题

GVP openEuler / kernel

内容风险标识

评论 (2)

GVPopenEuler / kernel

内容风险标识