[syzbot] UBSAN: shift-out-of-bounds in xfrm_set_default
19 views
Skip to first unread message
syzbot
Jul 27, 2021, 8:47:22 AM7/27/21
to da...@davemloft.net, her...@gondor.apana.org.au, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 90d856e71443 Add linux-next specific files for 20210723
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=133fd00a300000
kernel config: https://syzkaller.appspot.com/x/.config?x=298516715f6ad5cd
dashboard link: https://syzkaller.appspot.com/bug?extid=9cd5837a045bbee5b810
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1263bba6300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1066b4d4300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9cd583...@syzkaller.appspotmail.com
netlink: 228 bytes leftover after parsing attributes in process `syz-executor669'.
================================================================================
UBSAN: shift-out-of-bounds in net/xfrm/xfrm_user.c:1969:18
shift exponent 255 is too large for 32-bit type 'int'
CPU: 0 PID: 8437 Comm: syz-executor669 Not tainted 5.14.0-rc2-next-20210723-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327
xfrm_set_default.cold+0x21/0x102 net/xfrm/xfrm_user.c:1969
xfrm_user_rcv_msg+0x430/0xa20 net/xfrm/xfrm_user.c:2864
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2886
netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929
sock_sendmsg_nosec net/socket.c:703 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:723
____sys_sendmsg+0x6e8/0x810 net/socket.c:2392
___sys_sendmsg+0xf3/0x170 net/socket.c:2446
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2475
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43f0d9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc71f859f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0d9
RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003
RBP: 00000000004030c0 R08: 0000000000000000 R09: 0000000000400488
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403150
R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488
================================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 90d856e71443 Add linux-next specific files for 20210723
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=133fd00a300000
kernel config: https://syzkaller.appspot.com/x/.config?x=298516715f6ad5cd
dashboard link: https://syzkaller.appspot.com/bug?extid=9cd5837a045bbee5b810
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1263bba6300000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1066b4d4300000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+9cd583...@syzkaller.appspotmail.com
netlink: 228 bytes leftover after parsing attributes in process `syz-executor669'.
================================================================================
UBSAN: shift-out-of-bounds in net/xfrm/xfrm_user.c:1969:18
shift exponent 255 is too large for 32-bit type 'int'
CPU: 0 PID: 8437 Comm: syz-executor669 Not tainted 5.14.0-rc2-next-20210723-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
ubsan_epilogue+0xb/0x5a lib/ubsan.c:148
__ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327
xfrm_set_default.cold+0x21/0x102 net/xfrm/xfrm_user.c:1969
xfrm_user_rcv_msg+0x430/0xa20 net/xfrm/xfrm_user.c:2864
netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504
xfrm_netlink_rcv+0x6b/0x90 net/xfrm/xfrm_user.c:2886
netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340
netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929
sock_sendmsg_nosec net/socket.c:703 [inline]
sock_sendmsg+0xcf/0x120 net/socket.c:723
____sys_sendmsg+0x6e8/0x810 net/socket.c:2392
___sys_sendmsg+0xf3/0x170 net/socket.c:2446
__sys_sendmsg+0xe5/0x1b0 net/socket.c:2475
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x43f0d9
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc71f859f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f0d9
RDX: 0000000000000000 RSI: 0000000020000740 RDI: 0000000000000003
RBP: 00000000004030c0 R08: 0000000000000000 R09: 0000000000400488
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000403150
R13: 0000000000000000 R14: 00000000004ad018 R15: 0000000000400488
================================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Pavel Skripkin
Jul 27, 2021, 10:43:22 AM7/27/21
to syzbot, da...@davemloft.net, her...@gondor.apana.org.au, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com
On Tue, 27 Jul 2021 05:47:21 -0700
syzbot <syzbot+9cd583...@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 90d856e71443 Add linux-next specific files for
> 20210723 git tree: linux-next
> console output:
> https://syzkaller.appspot.com/x/log.txt?x=133fd00a300000 kernel
> config: https://syzkaller.appspot.com/x/.config?x=298516715f6ad5cd
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=9cd5837a045bbee5b810
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU
> Binutils for Debian) 2.35.1 syz repro:
> https://syzkaller.appspot.com/x/repro.syz?x=1263bba6300000 C
> reproducer: https://syzkaller.appspot.com/x/repro.c?x=1066b4d4300000
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit: Reported-by:
> syzbot+9cd583...@syzkaller.appspotmail.com
>
> netlink: 228 bytes leftover after parsing attributes in process
> `syz-executor669'.
> ================================================================================
The first thing that comes in mind is to check up->dirmask value
syzbot <syzbot+9cd583...@syzkaller.appspotmail.com> wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 90d856e71443 Add linux-next specific files for
> 20210723 git tree: linux-next
> console output:
> https://syzkaller.appspot.com/x/log.txt?x=133fd00a300000 kernel
> config: https://syzkaller.appspot.com/x/.config?x=298516715f6ad5cd
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=9cd5837a045bbee5b810
> compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU
> Binutils for Debian) 2.35.1 syz repro:
> https://syzkaller.appspot.com/x/repro.syz?x=1263bba6300000 C
> reproducer: https://syzkaller.appspot.com/x/repro.c?x=1066b4d4300000
>
> IMPORTANT: if you fix the issue, please add the following tag to the
> commit: Reported-by:
> syzbot+9cd583...@syzkaller.appspotmail.com
>
> netlink: 228 bytes leftover after parsing attributes in process
> `syz-executor669'.
> ================================================================================
#syz test
git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
With regards,
Pavel Skripkin
kernel test robot
Jul 27, 2021, 1:25:59 PM7/27/21
to Pavel Skripkin, syzbot, clang-bu...@googlegroups.com, kbuil...@lists.01.org, da...@davemloft.net, her...@gondor.apana.org.au, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com
Hi Pavel,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on ipsec-next/master]
[also build test ERROR on next-20210726]
[cannot apply to ipsec/master net-next/master net/master sparc-next/master v5.14-rc3]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: s390-randconfig-r034-20210727 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project c658b472f3e61e1818e1909bf02f3d65470018a5)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install s390 cross compiling tool for clang build
# apt-get install binutils-s390x-linux-gnu
# https://github.com/0day-ci/linux/commit/0d1cb044926e3d81c86b5add2eeaf38c7aec7f90
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
git checkout 0d1cb044926e3d81c86b5add2eeaf38c7aec7f90
# save the attached .config to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=s390 SHELL=/bin/bash net/xfrm/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
All errors (new ones prefixed by >>):
In file included from net/xfrm/xfrm_user.c:22:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:36:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from net/xfrm/xfrm_user.c:22:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:34:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from net/xfrm/xfrm_user.c:22:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
>> net/xfrm/xfrm_user.c:1975:54: error: expected ';' after expression
dirmask = (1 << up->dirmask) & XFRM_POL_DEFAULT_MASK
^
;
12 warnings and 1 error generated.
vim +1975 net/xfrm/xfrm_user.c
1963
1964 static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh,
1965 struct nlattr **attrs)
1966 {
1967 struct net *net = sock_net(skb->sk);
1968 struct xfrm_userpolicy_default *up = nlmsg_data(nlh);
1969 u8 dirmask;
1970 u8 old_default = net->xfrm.policy_default;
1971
1972 if (up->dirmask >= sizeof(up->action) * 8)
1973 return -EINVAL;
1974
> 1975 dirmask = (1 << up->dirmask) & XFRM_POL_DEFAULT_MASK
1976
1977 net->xfrm.policy_default = (old_default & (0xff ^ dirmask))
1978 | (up->action << up->dirmask);
1979
1980 rt_genid_bump_all(net);
1981
1982 return 0;
1983 }
1984
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuil...@lists.01.org
Thank you for the patch! Yet something to improve:
[auto build test ERROR on ipsec-next/master]
[also build test ERROR on next-20210726]
[cannot apply to ipsec/master net-next/master net/master sparc-next/master v5.14-rc3]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: s390-randconfig-r034-20210727 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project c658b472f3e61e1818e1909bf02f3d65470018a5)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install s390 cross compiling tool for clang build
# apt-get install binutils-s390x-linux-gnu
# https://github.com/0day-ci/linux/commit/0d1cb044926e3d81c86b5add2eeaf38c7aec7f90
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
git checkout 0d1cb044926e3d81c86b5add2eeaf38c7aec7f90
# save the attached .config to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=s390 SHELL=/bin/bash net/xfrm/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
All errors (new ones prefixed by >>):
In file included from net/xfrm/xfrm_user.c:22:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:36:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from net/xfrm/xfrm_user.c:22:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:34:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from net/xfrm/xfrm_user.c:22:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
>> net/xfrm/xfrm_user.c:1975:54: error: expected ';' after expression
dirmask = (1 << up->dirmask) & XFRM_POL_DEFAULT_MASK
^
;
12 warnings and 1 error generated.
vim +1975 net/xfrm/xfrm_user.c
1963
1964 static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh,
1965 struct nlattr **attrs)
1966 {
1967 struct net *net = sock_net(skb->sk);
1968 struct xfrm_userpolicy_default *up = nlmsg_data(nlh);
1969 u8 dirmask;
1970 u8 old_default = net->xfrm.policy_default;
1971
1972 if (up->dirmask >= sizeof(up->action) * 8)
1973 return -EINVAL;
1974
> 1975 dirmask = (1 << up->dirmask) & XFRM_POL_DEFAULT_MASK
1976
1977 net->xfrm.policy_default = (old_default & (0xff ^ dirmask))
1978 | (up->action << up->dirmask);
1979
1980 rt_genid_bump_all(net);
1981
1982 return 0;
1983 }
1984
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuil...@lists.01.org
Pavel Skripkin
Jul 27, 2021, 1:31:00 PM7/27/21
to kernel test robot, syzbot, clang-bu...@googlegroups.com, kbuil...@lists.01.org, da...@davemloft.net, her...@gondor.apana.org.au, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com
kernel test robot
Jul 27, 2021, 1:47:03 PM7/27/21
to Pavel Skripkin, syzbot, kbuil...@lists.01.org, da...@davemloft.net, her...@gondor.apana.org.au, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, steffen....@secunet.com, syzkall...@googlegroups.com
Hi Pavel,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on ipsec-next/master]
[also build test ERROR on next-20210726]
[cannot apply to ipsec/master net-next/master net/master v5.14-rc3]
Thank you for the patch! Yet something to improve:
[auto build test ERROR on ipsec-next/master]
[also build test ERROR on next-20210726]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
config: sh-allmodconfig (attached as .config)
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
base: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master
compiler: sh4-linux-gcc (GCC) 10.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/0d1cb044926e3d81c86b5add2eeaf38c7aec7f90
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
git checkout 0d1cb044926e3d81c86b5add2eeaf38c7aec7f90
# save the attached .config to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-10.3.0 make.cross O=build_dir ARCH=sh SHELL=/bin/bash net/xfrm/
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Pavel-Skripkin/net-xfrm-fix-shift-out-of-bounce/20210727-224549
git checkout 0d1cb044926e3d81c86b5add2eeaf38c7aec7f90
# save the attached .config to linux build tree
mkdir build_dir
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
net/xfrm/xfrm_user.c: In function 'xfrm_set_default':
>> net/xfrm/xfrm_user.c:1977:2: error: expected ';' before 'net'
1977 | net->xfrm.policy_default = (old_default & (0xff ^ dirmask))
| ^~~
net/xfrm/xfrm_user.c:1970:5: warning: unused variable 'old_default' [-Wunused-variable]
1970 | u8 old_default = net->xfrm.policy_default;
| ^~~~~~~~~~~
>> net/xfrm/xfrm_user.c:1969:5: warning: variable 'dirmask' set but not used [-Wunused-but-set-variable]
1969 | u8 dirmask;
| ^~~~~~~
Kconfig warnings: (for reference only)
WARNING: unmet direct dependencies detected for SND_ATMEL_SOC_PDC
Depends on SOUND && !UML && SND && SND_SOC && SND_ATMEL_SOC && HAS_DMA
Selected by
- SND_ATMEL_SOC_SSC && SOUND && !UML && SND && SND_SOC && SND_ATMEL_SOC
- SND_ATMEL_SOC_SSC_PDC && SOUND && !UML && SND && SND_SOC && SND_ATMEL_SOC && ATMEL_SSC
vim +1977 net/xfrm/xfrm_user.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 1963
2d151d39073aff Steffen Klassert 2021-07-18 1964 static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh,
2d151d39073aff Steffen Klassert 2021-07-18 1965 struct nlattr **attrs)
2d151d39073aff Steffen Klassert 2021-07-18 1966 {
2d151d39073aff Steffen Klassert 2021-07-18 1967 struct net *net = sock_net(skb->sk);
2d151d39073aff Steffen Klassert 2021-07-18 1968 struct xfrm_userpolicy_default *up = nlmsg_data(nlh);
0d1cb044926e3d Pavel Skripkin 2021-07-27 @1969 u8 dirmask;
2d151d39073aff Steffen Klassert 2021-07-18 1970 u8 old_default = net->xfrm.policy_default;
2d151d39073aff Steffen Klassert 2021-07-18 1971
0d1cb044926e3d Pavel Skripkin 2021-07-27 1972 if (up->dirmask >= sizeof(up->action) * 8)
0d1cb044926e3d Pavel Skripkin 2021-07-27 1973 return -EINVAL;
0d1cb044926e3d Pavel Skripkin 2021-07-27 1974
0d1cb044926e3d Pavel Skripkin 2021-07-27 1975 dirmask = (1 << up->dirmask) & XFRM_POL_DEFAULT_MASK
0d1cb044926e3d Pavel Skripkin 2021-07-27 1976
2d151d39073aff Steffen Klassert 2021-07-18 @1977 net->xfrm.policy_default = (old_default & (0xff ^ dirmask))
2d151d39073aff Steffen Klassert 2021-07-18 1978 | (up->action << up->dirmask);
2d151d39073aff Steffen Klassert 2021-07-18 1979
2d151d39073aff Steffen Klassert 2021-07-18 1980 rt_genid_bump_all(net);
2d151d39073aff Steffen Klassert 2021-07-18 1981
2d151d39073aff Steffen Klassert 2021-07-18 1982 return 0;
2d151d39073aff Steffen Klassert 2021-07-18 1983 }
2d151d39073aff Steffen Klassert 2021-07-18 1984
syzbot
Jul 27, 2021, 7:28:07 PM7/27/21
to da...@davemloft.net, her...@gondor.apana.org.au, ku...@kernel.org, linux-...@vger.kernel.org, net...@vger.kernel.org, paskr...@gmail.com, steffen....@secunet.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
net/xfrm/xfrm_user.c:1977:2: error: expected ';' before 'net'
Tested on:
commit: 42d0b5f5 Add linux-next specific files for 20210727
git tree: linux-next
patch: https://syzkaller.appspot.com/x/patch.diff?x=147b8d0a300000
syzbot tried to test the proposed patch but the build/boot failed:
net/xfrm/xfrm_user.c:1977:2: error: expected ';' before 'net'
commit: 42d0b5f5 Add linux-next specific files for 20210727
git tree: linux-next
patch: https://syzkaller.appspot.com/x/patch.diff?x=147b8d0a300000
syzbot
Jul 27, 2021, 8:13:11 PM7/27/21
to clang-bu...@googlegroups.com, da...@davemloft.net, her...@gondor.apana.org.au, kbuil...@lists.01.org, ku...@kernel.org, linux-...@vger.kernel.org, l...@intel.com, net...@vger.kernel.org, paskr...@gmail.com, steffen....@secunet.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+9cd583...@syzkaller.appspotmail.com
Tested on:
commit: 42d0b5f5 Add linux-next specific files for 20210727
git tree: linux-next
kernel config: https://syzkaller.appspot.com/x/.config?x=e5bd567a6f50f462
dashboard link: https://syzkaller.appspot.com/bug?extid=9cd5837a045bbee5b810
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+9cd583...@syzkaller.appspotmail.com
Tested on:
commit: 42d0b5f5 Add linux-next specific files for 20210727
git tree: linux-next
dashboard link: https://syzkaller.appspot.com/bug?extid=9cd5837a045bbee5b810
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
patch: https://syzkaller.appspot.com/x/patch.diff?x=1204e0dc300000
Note: testing is done by a robot and is best-effort only.
Reply all
Reply to author
Forward
0 new messages