【标题描述】能够简要描述问题:说明什么场景下,做了什么操作,出现什么问题(尽量使用正向表达方式)
一、缺陷信息
syzkaller: BUG: unable to handle kernel paging request in crypto_blake2b_update_generic
内核信息:
OLK-6.6
缺陷归属组件:
缺陷归属的版本:
缺陷简述:
【环境信息】
x86服务器
【问题复现步骤】,请描述具体的操作步骤
【实际结果】,请描述出问题的结果和影响
【其他相关附件信息】
比如系统message日志/组件日志、dump信息、图片等
BUG: unable to handle page fault for address: ffff888106eae040
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4c201067 P4D 4c201067 PUD 101be7063 PMD 112e19063 PTE 800ffffef9151060
Oops: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 PID: 7681 Comm: syz-executor.2 Not tainted 6.6.0+ #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:memcpy_orig+0x115/0x140 arch/x86/lib/memcpy_64.S:160
Code: 0f 1f 44 00 00 83 fa 04 72 1b 8b 0e 44 8b 44 16 fc 89 0f 44 89 44 17 fc c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 83 ea 01 72 19 <0f> b6 0e 74 12 4c 0f b6 46 01 4c 0f b6 0c 16 44 88 47 01 44 88 0c
RSP: 0018:ffff888114317858 EFLAGS: 00010246
RAX: ffff8880291b8b60 RBX: ffff8880291b8ae8 RCX: ffffffff836865ce
RDX: 0000000000000000 RSI: ffff888106eae040 RDI: ffff8880291b8b60
RBP: 0000000000000001 R08: ffff888117f5d090 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000014 R12: 0000000000000000
R13: 0000000000000080 R14: 0000000000000001 R15: 000000000000007f
FS: 00007f2368ee26c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888106eae040 CR3: 000000010f5b0005 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
__blake2b_update include/crypto/internal/blake2b.h:47 [inline]
crypto_blake2b_update include/crypto/internal/blake2b.h:102 [inline]
crypto_blake2b_update_generic+0x223/0x5f0 crypto/blake2b_generic.c:128
crypto_shash_update crypto/shash.c:134 [inline]
shash_ahash_finup+0x1ce/0x3b0 crypto/shash.c:335
shash_ahash_digest+0x1fd/0x360 crypto/shash.c:371
crypto_ahash_op crypto/ahash.c:297 [inline]
crypto_ahash_op crypto/ahash.c:286 [inline]
crypto_ahash_digest+0x13a/0x240 crypto/ahash.c:345
hash_sendmsg+0x9ba/0x1040 crypto/algif_hash.c:137
sock_sendmsg_nosec net/socket.c:734 [inline]
__sock_sendmsg net/socket.c:749 [inline]
__sock_sendmsg+0x1fd/0x250 net/socket.c:744
____sys_sendmsg+0x69a/0xa00 net/socket.c:2564
___sys_sendmsg+0x122/0x1c0 net/socket.c:2618
__sys_sendmsg+0xee/0x1b0 net/socket.c:2647
do_syscall_x64 arch/x86/entry/common.c:51 [inline]
do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:81
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
RIP: 0033:0x4455ad
Code: 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f2368ee20d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000005cbf80 RCX: 00000000004455ad
RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000005cbf8c
R13: 000000000000000b R14: 00000000005cbf80 R15: 00007f2368ec2000
Modules linked in:
CR2: ffff888106eae040
---[ end trace 0000000000000000 ]---
RIP: 0010:memcpy_orig+0x115/0x140 arch/x86/lib/memcpy_64.S:160
Code: 0f 1f 44 00 00 83 fa 04 72 1b 8b 0e 44 8b 44 16 fc 89 0f 44 89 44 17 fc c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 83 ea 01 72 19 <0f> b6 0e 74 12 4c 0f b6 46 01 4c 0f b6 0c 16 44 88 47 01 44 88 0c
RSP: 0018:ffff888114317858 EFLAGS: 00010246
RAX: ffff8880291b8b60 RBX: ffff8880291b8ae8 RCX: ffffffff836865ce
RDX: 0000000000000000 RSI: ffff888106eae040 RDI: ffff8880291b8b60
RBP: 0000000000000001 R08: ffff888117f5d090 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000014 R12: 0000000000000000
R13: 0000000000000080 R14: 0000000000000001 R15: 000000000000007f
FS: 00007f2368ee26c0(0000) GS:ffff888118880000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff888106eae040 CR3: 000000010f5b0005 CR4: 0000000000770ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Code disassembly (best guess):
0: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
5: 83 fa 04 cmp $0x4,%edx
8: 72 1b jb 0x25
a: 8b 0e mov (%rsi),%ecx
c: 44 8b 44 16 fc mov -0x4(%rsi,%rdx,1),%r8d
11: 89 0f mov %ecx,(%rdi)
13: 44 89 44 17 fc mov %r8d,-0x4(%rdi,%rdx,1)
18: c3 ret
19: cc int3
1a: cc int3
1b: cc int3
1c: cc int3
1d: 0f 1f 84 00 00 00 00 nopl 0x0(%rax,%rax,1)
24: 00
25: 83 ea 01 sub $0x1,%edx
28: 72 19 jb 0x43
- 2a: 0f b6 0e movzbl (%rsi),%ecx <-- trapping instruction
2d: 74 12 je 0x41
2f: 4c 0f b6 46 01 movzbq 0x1(%rsi),%r8
34: 4c 0f b6 0c 16 movzbq (%rsi,%rdx,1),%r9
39: 44 88 47 01 mov %r8b,0x1(%rdi)
3d: 44 rex.R
3e: 88 .byte 0x88
3f: 0c .byte 0xc
缺陷详情参考链接:
缺陷分析指导链接:
https:xxx