general protection fault in nl802154_add_llsec_key
8 views
Skip to first unread message
syzbot
Feb 14, 2021, 6:52:16 PM2/14/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2c8a3fce Linux 4.14.218
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13484ed2d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=80e596b8b0902d96
dashboard link: https://syzkaller.appspot.com/bug?extid=a51923a6d3b7ce852c63
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a51923...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 9403 Comm: syz-executor.1 Not tainted 4.14.218-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809d876000 task.stack: ffff88809d100000
RIP: 0010:nla_len syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:706 [inline]
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565
RSP: 0018:ffff88809d107610 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff88823a0ec280 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff86d96b02 RDI: ffff88823a0ec3a8
RBP: 1ffff11013a20ec4 R08: 0000000000000001 R09: ffff88809d107990
R10: ffff88809d1076af R11: ffff88809d876000 R12: ffff8882382af400
R13: ffff8880aba44f90 R14: ffffffff886f1c40 R15: ffff88809d437540
FS: 00007f2a388b6700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff2a6821070 CR3: 00000000b2c76000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
genl_family_rcv_msg+0x572/0xb20 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:600
genl_rcv_msg+0xaf/0x140 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:636
netlink_unicast_kernel syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1878
sock_sendmsg_nosec syzkaller/managers/linux-4-14/kernel/net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 syzkaller/managers/linux-4-14/kernel/net/socket.c:656
___sys_sendmsg+0x6c8/0x800 syzkaller/managers/linux-4-14/kernel/net/socket.c:2062
__sys_sendmsg+0xa3/0x120 syzkaller/managers/linux-4-14/kernel/net/socket.c:2096
SYSC_sendmsg syzkaller/managers/linux-4-14/kernel/net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 syzkaller/managers/linux-4-14/kernel/net/socket.c:2103
do_syscall_64+0x1d5/0x640 syzkaller/managers/linux-4-14/kernel/arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465d99
RSP: 002b:00007f2a388b6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465d99
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000006
RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fffc80858bf R14: 00007f2a388b6300 R15: 0000000000022000
Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 16 03 00 00 48 8b 93 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <0f> b6 0c 01 48 89 d0 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85
RIP: nla_len syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:706 [inline] RSP: ffff88809d107610
RIP: nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline] RSP: ffff88809d107610
RIP: nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565 RSP: ffff88809d107610
---[ end trace be0f7d02b2b525a2 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 2c8a3fce Linux 4.14.218
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=13484ed2d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=80e596b8b0902d96
dashboard link: https://syzkaller.appspot.com/bug?extid=a51923a6d3b7ce852c63
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a51923...@syzkaller.appspotmail.com
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
device veth0_macvtap entered promiscuous mode
IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 9403 Comm: syz-executor.1 Not tainted 4.14.218-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88809d876000 task.stack: ffff88809d100000
RIP: 0010:nla_len syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:706 [inline]
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565
RSP: 0018:ffff88809d107610 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff88823a0ec280 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff86d96b02 RDI: ffff88823a0ec3a8
RBP: 1ffff11013a20ec4 R08: 0000000000000001 R09: ffff88809d107990
R10: ffff88809d1076af R11: ffff88809d876000 R12: ffff8882382af400
R13: ffff8880aba44f90 R14: ffffffff886f1c40 R15: ffff88809d437540
FS: 00007f2a388b6700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff2a6821070 CR3: 00000000b2c76000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
genl_family_rcv_msg+0x572/0xb20 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:600
genl_rcv_msg+0xaf/0x140 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:636
netlink_unicast_kernel syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1878
sock_sendmsg_nosec syzkaller/managers/linux-4-14/kernel/net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 syzkaller/managers/linux-4-14/kernel/net/socket.c:656
___sys_sendmsg+0x6c8/0x800 syzkaller/managers/linux-4-14/kernel/net/socket.c:2062
__sys_sendmsg+0xa3/0x120 syzkaller/managers/linux-4-14/kernel/net/socket.c:2096
SYSC_sendmsg syzkaller/managers/linux-4-14/kernel/net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 syzkaller/managers/linux-4-14/kernel/net/socket.c:2103
do_syscall_64+0x1d5/0x640 syzkaller/managers/linux-4-14/kernel/arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465d99
RSP: 002b:00007f2a388b6188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465d99
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000006
RBP: 00000000004bcf27 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fffc80858bf R14: 00007f2a388b6300 R15: 0000000000022000
Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 16 03 00 00 48 8b 93 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <0f> b6 0c 01 48 89 d0 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85
RIP: nla_len syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:706 [inline] RSP: ffff88809d107610
RIP: nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline] RSP: ffff88809d107610
RIP: nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565 RSP: ffff88809d107610
---[ end trace be0f7d02b2b525a2 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 14, 2021, 7:12:19 PM2/14/21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 2c8a3fce Linux 4.14.218
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=14e49914d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10046498d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a51923...@syzkaller.appspotmail.com
RAX: dffffc0000000000 RBX: ffff88823a05ba80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8880a091f850 RDI: ffff88823a05bba8
RBP: 1ffff11014123ec4 R08: 0000000000000001 R09: ffff8880a091f990
R10: ffff8880a091f6af R11: ffff888097934440 R12: ffff88823829b2c0
R13: ffff8880abb10e90 R14: ffffffff886f1c40 R15: ffff88809656c300
FS: 0000000001570300(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
RSP: 002b:00007ffdee038f68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043f8a9
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000004
RBP: 0000000000403310 R08: 00000000004004a0 R09: 00000000004004a0
R10: 0000000000000003 R11: 0000000000000246 R12: 00000000004033a0
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
RIP: nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline] RSP: ffff8880a091f610
RIP: nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565 RSP: ffff8880a091f610
---[ end trace ba47e7790e7d8570 ]---
HEAD commit: 2c8a3fce Linux 4.14.218
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=80e596b8b0902d96
dashboard link: https://syzkaller.appspot.com/bug?extid=a51923a6d3b7ce852c63
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11acb488d00000
dashboard link: https://syzkaller.appspot.com/bug?extid=a51923a6d3b7ce852c63
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10046498d00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+a51923...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 7963 Comm: syz-executor309 Not tainted 4.14.218-syzkaller #0
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888097934440 task.stack: ffff8880a0918000
RIP: 0010:nla_len syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:706 [inline]
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565
RSP: 0018:ffff8880a091f610 EFLAGS: 00010246
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565
RAX: dffffc0000000000 RBX: ffff88823a05ba80 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff8880a091f850 RDI: ffff88823a05bba8
RBP: 1ffff11014123ec4 R08: 0000000000000001 R09: ffff8880a091f990
R10: ffff8880a091f6af R11: ffff888097934440 R12: ffff88823829b2c0
R13: ffff8880abb10e90 R14: ffffffff886f1c40 R15: ffff88809656c300
FS: 0000000001570300(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000200006c8 CR3: 000000009df73000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
genl_family_rcv_msg+0x572/0xb20 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:600
genl_rcv_msg+0xaf/0x140 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:636
netlink_unicast_kernel syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1878
sock_sendmsg_nosec syzkaller/managers/linux-4-14/kernel/net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 syzkaller/managers/linux-4-14/kernel/net/socket.c:656
___sys_sendmsg+0x6c8/0x800 syzkaller/managers/linux-4-14/kernel/net/socket.c:2062
__sys_sendmsg+0xa3/0x120 syzkaller/managers/linux-4-14/kernel/net/socket.c:2096
SYSC_sendmsg syzkaller/managers/linux-4-14/kernel/net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 syzkaller/managers/linux-4-14/kernel/net/socket.c:2103
do_syscall_64+0x1d5/0x640 syzkaller/managers/linux-4-14/kernel/arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x43f8a9
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
genl_family_rcv_msg+0x572/0xb20 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:600
genl_rcv_msg+0xaf/0x140 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 syzkaller/managers/linux-4-14/kernel/net/netlink/genetlink.c:636
netlink_unicast_kernel syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 syzkaller/managers/linux-4-14/kernel/net/netlink/af_netlink.c:1878
sock_sendmsg_nosec syzkaller/managers/linux-4-14/kernel/net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 syzkaller/managers/linux-4-14/kernel/net/socket.c:656
___sys_sendmsg+0x6c8/0x800 syzkaller/managers/linux-4-14/kernel/net/socket.c:2062
__sys_sendmsg+0xa3/0x120 syzkaller/managers/linux-4-14/kernel/net/socket.c:2096
SYSC_sendmsg syzkaller/managers/linux-4-14/kernel/net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 syzkaller/managers/linux-4-14/kernel/net/socket.c:2103
do_syscall_64+0x1d5/0x640 syzkaller/managers/linux-4-14/kernel/arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RSP: 002b:00007ffdee038f68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043f8a9
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000004
RBP: 0000000000403310 R08: 00000000004004a0 R09: 00000000004004a0
R10: 0000000000000003 R11: 0000000000000246 R12: 00000000004033a0
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
Code: 00 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 16 03 00 00 48 8b 93 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <0f> b6 0c 01 48 89 d0 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85
RIP: nla_len syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:706 [inline] RSP: ffff8880a091f610
RIP: nla_parse_nested syzkaller/managers/linux-4-14/kernel/./include/net/netlink.h:765 [inline] RSP: ffff8880a091f610
RIP: nl802154_add_llsec_key+0x1e7/0x510 syzkaller/managers/linux-4-14/kernel/net/ieee802154/nl802154.c:1565 RSP: ffff8880a091f610
---[ end trace ba47e7790e7d8570 ]---
syzbot
Feb 17, 2021, 1:56:21 PM2/17/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 811218ec Linux 4.19.172
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a0a3d2d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c1cb1d27398c8808
dashboard link: https://syzkaller.appspot.com/bug?extid=130a4ba8c18d04c3a0a3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151a3c22d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1644660cd00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+130a4b...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8100 Comm: syz-executor179 Not tainted 4.19.172-syzkaller #0
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-19/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1fa/0x580 syzkaller/managers/linux-4-19/kernel/net/ieee802154/nl802154.c:1565
Code: 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3f 03 00 00 48 8b 93 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <0f> b6 0c 01 48 89 d0 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85 cf
RSP: 0018:ffff8880952ef558 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff88823a4b3ac0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff87c52955 RDI: ffff88823a4b3be8
RBP: 1ffff11012a5dead R08: 0000000000000001 R09: ffff8880952ef920
R10: 0000000000000005 R11: 0000000000000001 R12: ffff8880ab5e2e40
R13: ffff8880ab519050 R14: ffff88823a4b3ac0 R15: ffffffff89cf57c0
FS: 0000000001b67300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
genl_rcv_msg+0xbf/0x160 syzkaller/managers/linux-4-19/kernel/net/netlink/genetlink.c:627
netlink_rcv_skb+0x160/0x440 syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:2455
genl_rcv+0x24/0x40 syzkaller/managers/linux-4-19/kernel/net/netlink/genetlink.c:638
netlink_unicast_kernel syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d5/0x690 syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6bb/0xc40 syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:1909
sock_sendmsg_nosec syzkaller/managers/linux-4-19/kernel/net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 syzkaller/managers/linux-4-19/kernel/net/socket.c:632
___sys_sendmsg+0x7bb/0x8e0 syzkaller/managers/linux-4-19/kernel/net/socket.c:2115
__sys_sendmsg syzkaller/managers/linux-4-19/kernel/net/socket.c:2153 [inline]
__do_sys_sendmsg syzkaller/managers/linux-4-19/kernel/net/socket.c:2162 [inline]
__se_sys_sendmsg syzkaller/managers/linux-4-19/kernel/net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x132/0x220 syzkaller/managers/linux-4-19/kernel/net/socket.c:2160
do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43f8a9
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdb3e023b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
---[ end trace d2b6f74ec7ed76be ]---
RIP: 0010:nla_len syzkaller/managers/linux-4-19/kernel/./include/net/netlink.h:706 [inline]
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-19/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1fa/0x580 syzkaller/managers/linux-4-19/kernel/net/ieee802154/nl802154.c:1565
Code: 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3f 03 00 00 48 8b 93 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <0f> b6 0c 01 48 89 d0 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85 cf
RSP: 0018:ffff8880952ef558 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff88823a4b3ac0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff87c52955 RDI: ffff88823a4b3be8
RBP: 1ffff11012a5dead R08: 0000000000000001 R09: ffff8880952ef920
R10: 0000000000000005 R11: 0000000000000001 R12: ffff8880ab5e2e40
R13: ffff8880ab519050 R14: ffff88823a4b3ac0 R15: ffffffff89cf57c0
FS: 0000000001b67300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: 811218ec Linux 4.19.172
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=11a0a3d2d00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c1cb1d27398c8808
dashboard link: https://syzkaller.appspot.com/bug?extid=130a4ba8c18d04c3a0a3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151a3c22d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1644660cd00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nla_len syzkaller/managers/linux-4-19/kernel/./include/net/netlink.h:706 [inline]
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-19/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1fa/0x580 syzkaller/managers/linux-4-19/kernel/net/ieee802154/nl802154.c:1565
Code: 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3f 03 00 00 48 8b 93 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <0f> b6 0c 01 48 89 d0 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85 cf
RSP: 0018:ffff8880952ef558 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff88823a4b3ac0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff87c52955 RDI: ffff88823a4b3be8
RBP: 1ffff11012a5dead R08: 0000000000000001 R09: ffff8880952ef920
R10: 0000000000000005 R11: 0000000000000001 R12: ffff8880ab5e2e40
R13: ffff8880ab519050 R14: ffff88823a4b3ac0 R15: ffffffff89cf57c0
FS: 0000000001b67300(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f8ae9176020 CR3: 000000009e0cb000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
genl_family_rcv_msg+0x642/0xc40 syzkaller/managers/linux-4-19/kernel/net/netlink/genetlink.c:602
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
genl_rcv_msg+0xbf/0x160 syzkaller/managers/linux-4-19/kernel/net/netlink/genetlink.c:627
netlink_rcv_skb+0x160/0x440 syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:2455
genl_rcv+0x24/0x40 syzkaller/managers/linux-4-19/kernel/net/netlink/genetlink.c:638
netlink_unicast_kernel syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d5/0x690 syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6bb/0xc40 syzkaller/managers/linux-4-19/kernel/net/netlink/af_netlink.c:1909
sock_sendmsg_nosec syzkaller/managers/linux-4-19/kernel/net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 syzkaller/managers/linux-4-19/kernel/net/socket.c:632
___sys_sendmsg+0x7bb/0x8e0 syzkaller/managers/linux-4-19/kernel/net/socket.c:2115
__sys_sendmsg syzkaller/managers/linux-4-19/kernel/net/socket.c:2153 [inline]
__do_sys_sendmsg syzkaller/managers/linux-4-19/kernel/net/socket.c:2162 [inline]
__se_sys_sendmsg syzkaller/managers/linux-4-19/kernel/net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x132/0x220 syzkaller/managers/linux-4-19/kernel/net/socket.c:2160
do_syscall_64+0xf9/0x620 syzkaller/managers/linux-4-19/kernel/arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43f8a9
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdb3e023b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043f8a9
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000004
RBP: 0000000000403310 R08: 00000000004004a0 R09: 00000000004004a0
R10: 0000000000000003 R11: 0000000000000246 R12: 00000000004033a0
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
Modules linked in:
RDX: 0000000000000000 RSI: 0000000020000a00 RDI: 0000000000000004
RBP: 0000000000403310 R08: 00000000004004a0 R09: 00000000004004a0
R10: 0000000000000003 R11: 0000000000000246 R12: 00000000004033a0
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
---[ end trace d2b6f74ec7ed76be ]---
RIP: 0010:nla_len syzkaller/managers/linux-4-19/kernel/./include/net/netlink.h:706 [inline]
RIP: 0010:nla_parse_nested syzkaller/managers/linux-4-19/kernel/./include/net/netlink.h:765 [inline]
RIP: 0010:nl802154_add_llsec_key+0x1fa/0x580 syzkaller/managers/linux-4-19/kernel/net/ieee802154/nl802154.c:1565
Code: 00 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3f 03 00 00 48 8b 93 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 d1 48 c1 e9 03 <0f> b6 0c 01 48 89 d0 83 e0 07 83 c0 01 38 c8 7c 08 84 c9 0f 85 cf
RSP: 0018:ffff8880952ef558 EFLAGS: 00010246
RAX: dffffc0000000000 RBX: ffff88823a4b3ac0 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff87c52955 RDI: ffff88823a4b3be8
RBP: 1ffff11012a5dead R08: 0000000000000001 R09: ffff8880952ef920
R10: 0000000000000005 R11: 0000000000000001 R12: ffff8880ab5e2e40
R13: ffff8880ab519050 R14: ffff88823a4b3ac0 R15: ffffffff89cf57c0
FS: 0000000001b67300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc584039058 CR3: 000000009e0cb000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
https://goo.gl/tpsmEJ#testing-patches
syzbot
May 14, 2021, 10:04:07 AM5/14/21
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit bdd1d2784ad3e51698047f832f935a2389f3b4a6
Author: Alexander Aring <aahr...@redhat.com>
Date: Sun Feb 21 17:43:20 2021 +0000
net: ieee802154: fix nl802154 add llsec key
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=145a3ad1d00000
start commit: 811218ec Linux 4.19.172
git tree: linux-4.19.y
#syz fix: net: ieee802154: fix nl802154 add llsec key
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit bdd1d2784ad3e51698047f832f935a2389f3b4a6
Author: Alexander Aring <aahr...@redhat.com>
Date: Sun Feb 21 17:43:20 2021 +0000
net: ieee802154: fix nl802154 add llsec key
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=145a3ad1d00000
start commit: 811218ec Linux 4.19.172
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=c1cb1d27398c8808
dashboard link: https://syzkaller.appspot.com/bug?extid=130a4ba8c18d04c3a0a3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151a3c22d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1644660cd00000
If the result looks correct, please mark the issue as fixed by replying with:
dashboard link: https://syzkaller.appspot.com/bug?extid=130a4ba8c18d04c3a0a3
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151a3c22d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1644660cd00000
#syz fix: net: ieee802154: fix nl802154 add llsec key
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
syzbot
May 16, 2021, 8:54:07 AM5/16/21
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 3a94a5b2e0baffc421052771413e9ce37fb6ac51
Author: Alexander Aring <aahr...@redhat.com>
Date: Sun Feb 21 17:43:20 2021 +0000
net: ieee802154: fix nl802154 add llsec key
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=176e54fdd00000
Date: Sun Feb 21 17:43:20 2021 +0000
net: ieee802154: fix nl802154 add llsec key
start commit: 2c8a3fce Linux 4.14.218
git tree: linux-4.14.y
kernel config: https://syzkaller.appspot.com/x/.config?x=80e596b8b0902d96
dashboard link: https://syzkaller.appspot.com/bug?extid=a51923a6d3b7ce852c63
dashboard link: https://syzkaller.appspot.com/bug?extid=a51923a6d3b7ce852c63
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11acb488d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10046498d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10046498d00000
Reply all
Reply to author
Forward
0 new messages