general protection fault in ieee802154_llsec_parse_dev_addr
10 views
Skip to first unread message
syzbot
Feb 22, 2021, 3:38:23 PM2/22/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 29c52025 Linux 4.14.221
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17602cccd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=83f668f81cfc5600
dashboard link: https://syzkaller.appspot.com/bug?extid=de3bec08d1f8971aada1
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+de3bec...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 3192 Comm: syz-executor.5 Not tainted 4.14.221-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888093da20c0 task.stack: ffff888069538000
RIP: 0010:nla_get_le64 include/net/netlink.h:1162 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326
RSP: 0018:ffff88806953f538 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900063dd000
RDX: 0000000000000000 RSI: ffffffff86d94b52 RDI: 0000000000000004
RBP: ffff88806953f730 R08: 0000000000000001 R09: ffff88806953f568
R10: ffff88806953f597 R11: ffff888093da20c0 R12: 1ffff1100d2a7ea7
R13: 0000000000000000 R14: ffff88809f0cc844 R15: ffff88809f0cc854
FS: 00007f2b84cc0700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000050e370 CR3: 0000000064425000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_llsec_parse_key_id+0x2f4/0x3a0 net/ieee802154/nl802154.c:1362
nl802154_add_llsec_devkey+0x1da/0x380 net/ieee802154/nl802154.c:1921
genl_family_rcv_msg+0x572/0xb20 net/netlink/genetlink.c:600
genl_rcv_msg+0xaf/0x140 net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 net/netlink/genetlink.c:636
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465ef9
RSP: 002b:00007f2b84cc0188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465ef9
RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000005
RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fff57847ccf R14: 00007f2b84cc0300 R15: 0000000000022000
Code: 00 0f 84 a3 00 00 00 80 fb 03 75 63 e8 ae d4 7b fa 48 8b 5c 24 50 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 19 01 00 00 48 8d 7d 08 48 8b 5b 04 48 b8 00
RIP: nla_get_le64 include/net/netlink.h:1162 [inline] RSP: ffff88806953f538
RIP: ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326 RSP: ffff88806953f538
---[ end trace c85d5a19066f118f ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 29c52025 Linux 4.14.221
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=17602cccd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=83f668f81cfc5600
dashboard link: https://syzkaller.appspot.com/bug?extid=de3bec08d1f8971aada1
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+de3bec...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 3192 Comm: syz-executor.5 Not tainted 4.14.221-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff888093da20c0 task.stack: ffff888069538000
RIP: 0010:nla_get_le64 include/net/netlink.h:1162 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326
RSP: 0018:ffff88806953f538 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc900063dd000
RDX: 0000000000000000 RSI: ffffffff86d94b52 RDI: 0000000000000004
RBP: ffff88806953f730 R08: 0000000000000001 R09: ffff88806953f568
R10: ffff88806953f597 R11: ffff888093da20c0 R12: 1ffff1100d2a7ea7
R13: 0000000000000000 R14: ffff88809f0cc844 R15: ffff88809f0cc854
FS: 00007f2b84cc0700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000050e370 CR3: 0000000064425000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_llsec_parse_key_id+0x2f4/0x3a0 net/ieee802154/nl802154.c:1362
nl802154_add_llsec_devkey+0x1da/0x380 net/ieee802154/nl802154.c:1921
genl_family_rcv_msg+0x572/0xb20 net/netlink/genetlink.c:600
genl_rcv_msg+0xaf/0x140 net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 net/netlink/genetlink.c:636
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x465ef9
RSP: 002b:00007f2b84cc0188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465ef9
RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000005
RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fff57847ccf R14: 00007f2b84cc0300 R15: 0000000000022000
Code: 00 0f 84 a3 00 00 00 80 fb 03 75 63 e8 ae d4 7b fa 48 8b 5c 24 50 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 19 01 00 00 48 8d 7d 08 48 8b 5b 04 48 b8 00
RIP: nla_get_le64 include/net/netlink.h:1162 [inline] RSP: ffff88806953f538
RIP: ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326 RSP: ffff88806953f538
---[ end trace c85d5a19066f118f ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 28, 2021, 4:13:16 AM2/28/21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 2d19be46 Linux 4.19.177
syzbot found the following issue on:
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=15fc996cd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=6a1a8f0ba6627eb7
dashboard link: https://syzkaller.appspot.com/bug?extid=7f1b4f2030ff6be8870e
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nla_get_le64 include/net/netlink.h:1162 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x260/0x370 net/ieee802154/nl802154.c:1326
Code: 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ea 38 9d f9 48 8b 5c 24 50 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ee 00 00 00 48 8d 7d 08 48 8b 5b 04 48 b8 00 00
RSP: 0018:ffff8880a491f450 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005c21000
RDX: 0000000000000000 RSI: ffffffff87c52636 RDI: 0000000000000004
RBP: ffff8880a491f650 R08: 0000000000000001 R09: 0000000000000003
R10: 0000000000000001 R11: 0000000000000000 R12: 1ffff11014923e8a
R13: 0000000000000000 R14: ffff8880a2d30a78 R15: ffff8880a2d30a98
FS: 00007f048a03b700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004e1c24 CR3: 00000000709c6000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_llsec_parse_key_id+0x340/0x410 net/ieee802154/nl802154.c:1362
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
nl802154_set_llsec_params+0x1db/0x470 net/ieee802154/nl802154.c:1417
genl_family_rcv_msg+0x642/0xc40 net/netlink/genetlink.c:602
genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455
genl_rcv+0x24/0x40 net/netlink/genetlink.c:638
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6bb/0xc40 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115
__sys_sendmsg net/socket.c:2153 [inline]
__do_sys_sendmsg net/socket.c:2162 [inline]
__se_sys_sendmsg net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x132/0x220 net/socket.c:2160
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x465ef9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f048a03b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000056bf60 RCX: 0000000000465ef9
RDX: 0000000000004010 RSI: 0000000020000540 RDI: 0000000000000004
RBP: 00000000004bcd1c R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
R13: 00007fff6741c87f R14: 00007f048a03b300 R15: 0000000000022000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf60
Modules linked in:
---[ end trace 95649e1e1c61dfa3 ]---
RIP: 0010:nla_get_le64 include/net/netlink.h:1162 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x260/0x370 net/ieee802154/nl802154.c:1326
Code: 5b 5d 41 5c 41 5d 41 5e 41 5f c3 e8 ea 38 9d f9 48 8b 5c 24 50 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 ee 00 00 00 48 8d 7d 08 48 8b 5b 04 48 b8 00 00
RSP: 0018:ffff8880a491f450 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc90005c21000
RDX: 0000000000000000 RSI: ffffffff87c52636 RDI: 0000000000000004
RBP: ffff8880a491f650 R08: 0000000000000001 R09: 0000000000000003
R10: 0000000000000001 R11: 0000000000000000 R12: 1ffff11014923e8a
R13: 0000000000000000 R14: ffff8880a2d30a78 R15: ffff8880a2d30a98
FS: 00007f048a03b700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
tmpfs: Bad value 'interleave=relative:,7' for mount option 'mpol'
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056112d2315c0 CR3: 00000000709c6000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
syzbot
Mar 6, 2021, 11:31:25 PM3/6/21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: dfb57161 Linux 4.19.178
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=157cc25cd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c227024aa159411f
dashboard link: https://syzkaller.appspot.com/bug?extid=7f1b4f2030ff6be8870e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12399cfad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1105a95cd00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7f1b4f...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x2b0/0x370 net/ieee802154/nl802154.c:1323
Code: 00 0f 85 d5 00 00 00 48 89 5d 08 e9 5c ff ff ff e8 f5 0a 9d f9 49 8d 7e 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 04 84 d2 75 7d 48
RSP: 0018:ffff8880a25f7450 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff87c554fe
RDX: 0000000000000000 RSI: ffffffff87c555bb RDI: 0000000000000004
RBP: ffff8880a25f7650 R08: 0000000000000001 R09: 0000000000000003
R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff110144bee8a
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880aab25a78
FS: 0000000000c3d300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff83da7978 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fc09
RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000003
RBP: 0000000000403670 R08: 0000000000000004 R09: 00000000004004a0
R10: 000000000000000c R11: 0000000000000246 R12: 0000000000403700
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
Modules linked in:
---[ end trace 78da248b15a893f0 ]---
RIP: 0010:nla_get_le16 include/net/netlink.h:1118 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x2b0/0x370 net/ieee802154/nl802154.c:1323
Code: 00 0f 85 d5 00 00 00 48 89 5d 08 e9 5c ff ff ff e8 f5 0a 9d f9 49 8d 7e 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 04 84 d2 75 7d 48
RSP: 0018:ffff8880a25f7450 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff87c554fe
RDX: 0000000000000000 RSI: ffffffff87c555bb RDI: 0000000000000004
RBP: ffff8880a25f7650 R08: 0000000000000001 R09: 0000000000000003
R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff110144bee8a
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880aab25a78
FS: 0000000000c3d300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
HEAD commit: dfb57161 Linux 4.19.178
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=157cc25cd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=c227024aa159411f
dashboard link: https://syzkaller.appspot.com/bug?extid=7f1b4f2030ff6be8870e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=12399cfad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1105a95cd00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+7f1b4f...@syzkaller.appspotmail.com
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8065 Comm: syz-executor171 Not tainted 4.19.178-syzkaller #0
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:nla_get_le16 include/net/netlink.h:1118 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x2b0/0x370 net/ieee802154/nl802154.c:1323
Code: 00 0f 85 d5 00 00 00 48 89 5d 08 e9 5c ff ff ff e8 f5 0a 9d f9 49 8d 7e 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 04 84 d2 75 7d 48
RSP: 0018:ffff8880a25f7450 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff87c554fe
RDX: 0000000000000000 RSI: ffffffff87c555bb RDI: 0000000000000004
RBP: ffff8880a25f7650 R08: 0000000000000001 R09: 0000000000000003
R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff110144bee8a
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880aab25a78
FS: 0000000000c3d300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f60718256c0 CR3: 00000000aa872000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_llsec_parse_key_id+0x340/0x410 net/ieee802154/nl802154.c:1362
nl802154_set_llsec_params+0x1db/0x470 net/ieee802154/nl802154.c:1417
genl_family_rcv_msg+0x642/0xc40 net/netlink/genetlink.c:602
genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455
genl_rcv+0x24/0x40 net/netlink/genetlink.c:638
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6bb/0xc40 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115
__sys_sendmsg net/socket.c:2153 [inline]
__do_sys_sendmsg net/socket.c:2162 [inline]
__se_sys_sendmsg net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x132/0x220 net/socket.c:2160
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43fc09
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_llsec_parse_key_id+0x340/0x410 net/ieee802154/nl802154.c:1362
nl802154_set_llsec_params+0x1db/0x470 net/ieee802154/nl802154.c:1417
genl_family_rcv_msg+0x642/0xc40 net/netlink/genetlink.c:602
genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627
netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455
genl_rcv+0x24/0x40 net/netlink/genetlink.c:638
netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344
netlink_sendmsg+0x6bb/0xc40 net/netlink/af_netlink.c:1909
sock_sendmsg_nosec net/socket.c:622 [inline]
sock_sendmsg+0xc3/0x120 net/socket.c:632
___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115
__sys_sendmsg net/socket.c:2153 [inline]
__do_sys_sendmsg net/socket.c:2162 [inline]
__se_sys_sendmsg net/socket.c:2160 [inline]
__x64_sys_sendmsg+0x132/0x220 net/socket.c:2160
do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff83da7978 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fc09
RDX: 0000000000000040 RSI: 0000000020000680 RDI: 0000000000000003
RBP: 0000000000403670 R08: 0000000000000004 R09: 00000000004004a0
R10: 000000000000000c R11: 0000000000000246 R12: 0000000000403700
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
Modules linked in:
---[ end trace 78da248b15a893f0 ]---
RIP: 0010:nla_get_le16 include/net/netlink.h:1118 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x2b0/0x370 net/ieee802154/nl802154.c:1323
Code: 00 0f 85 d5 00 00 00 48 89 5d 08 e9 5c ff ff ff e8 f5 0a 9d f9 49 8d 7e 04 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 04 84 d2 75 7d 48
RSP: 0018:ffff8880a25f7450 EFLAGS: 00010247
RAX: dffffc0000000000 RBX: 0000000000000002 RCX: ffffffff87c554fe
RDX: 0000000000000000 RSI: ffffffff87c555bb RDI: 0000000000000004
RBP: ffff8880a25f7650 R08: 0000000000000001 R09: 0000000000000003
R10: 0000000000000001 R11: 0000000000000001 R12: 1ffff110144bee8a
R13: 0000000000000000 R14: 0000000000000000 R15: ffff8880aab25a78
FS: 0000000000c3d300(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f60718256c0 CR3: 00000000aa872000 CR4: 00000000001406e0
syzbot
Mar 8, 2021, 9:00:14 PM3/8/21
to syzkaller...@googlegroups.com
syzbot has found a reproducer for the following issue on:
HEAD commit: 1d177c08 Linux 4.14.224
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1217f6ecd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d474f9d9298a6d6a
dashboard link: https://syzkaller.appspot.com/bug?extid=de3bec08d1f8971aada1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1245d22ad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1437e09ed00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+de3bec...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 7984 Comm: syz-executor431 Not tainted 4.14.224-syzkaller #0
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: ffff88809cd9f708 R08: 0000000000000001 R09: ffff88809cd9f578
R10: ffff88809cd9f5a7 R11: ffff8880b30a80c0 R12: 1ffff110139b3ea9
R13: 0000000000000000 R14: ffff8880b4a7f728 R15: ffff8880b4a7f740
FS: 0000000001a34300(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
RSP: 002b:00007fff5b4245e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fe09
RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003
RBP: 0000000000403870 R08: 0000000000000001 R09: 00000000004004a0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000403900
RIP: nla_get_le64 include/net/netlink.h:1162 [inline] RSP: ffff88809cd9f548
RIP: ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326 RSP: ffff88809cd9f548
---[ end trace c8c4de336e3166a0 ]---
HEAD commit: 1d177c08 Linux 4.14.224
git tree: linux-4.14.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1217f6ecd00000
kernel config: https://syzkaller.appspot.com/x/.config?x=d474f9d9298a6d6a
dashboard link: https://syzkaller.appspot.com/bug?extid=de3bec08d1f8971aada1
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1245d22ad00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1437e09ed00000
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+de3bec...@syzkaller.appspotmail.com
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff8880b30a80c0 task.stack: ffff88809cd98000
RIP: 0010:nla_get_le64 include/net/netlink.h:1162 [inline]
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326
RSP: 0018:ffff88809cd9f548 EFLAGS: 00010247
RIP: 0010:ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
RBP: ffff88809cd9f708 R08: 0000000000000001 R09: ffff88809cd9f578
R10: ffff88809cd9f5a7 R11: ffff8880b30a80c0 R12: 1ffff110139b3ea9
R13: 0000000000000000 R14: ffff8880b4a7f728 R15: ffff8880b4a7f740
FS: 0000000001a34300(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000100 CR3: 00000000af4be000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_llsec_parse_key_id+0x2f4/0x3a0 net/ieee802154/nl802154.c:1362
nl802154_set_llsec_params+0x1bb/0x420 net/ieee802154/nl802154.c:1417
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
ieee802154_llsec_parse_key_id+0x2f4/0x3a0 net/ieee802154/nl802154.c:1362
genl_family_rcv_msg+0x572/0xb20 net/netlink/genetlink.c:600
genl_rcv_msg+0xaf/0x140 net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 net/netlink/genetlink.c:636
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x43fe09
genl_rcv_msg+0xaf/0x140 net/netlink/genetlink.c:625
netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433
genl_rcv+0x24/0x40 net/netlink/genetlink.c:636
netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878
sock_sendmsg_nosec net/socket.c:646 [inline]
sock_sendmsg+0xb5/0x100 net/socket.c:656
___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
__sys_sendmsg+0xa3/0x120 net/socket.c:2096
SYSC_sendmsg net/socket.c:2107 [inline]
SyS_sendmsg+0x27/0x40 net/socket.c:2103
do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
entry_SYSCALL_64_after_hwframe+0x46/0xbb
RSP: 002b:00007fff5b4245e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fe09
RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003
RBP: 0000000000403870 R08: 0000000000000001 R09: 00000000004004a0
R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000403900
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
Code: 00 0f 84 a3 00 00 00 80 fb 03 75 63 e8 5e 93 7b fa 48 8b 5c 24 50 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 19 01 00 00 48 8d 7d 08 48 8b 5b 04 48 b8 00
RIP: nla_get_le64 include/net/netlink.h:1162 [inline] RSP: ffff88809cd9f548
RIP: ieee802154_llsec_parse_dev_addr+0x1dc/0x320 net/ieee802154/nl802154.c:1326 RSP: ffff88809cd9f548
---[ end trace c8c4de336e3166a0 ]---
syzbot
Jul 27, 2021, 2:29:11 AM7/27/21
to syzkaller...@googlegroups.com
syzbot suspects this issue was fixed by commit:
commit 00b16396ad26fbb725d13c305f1d6e372e44f9f5
Author: Nirenjan Krishnan <nire...@gmail.com>
Date: Mon Mar 29 16:10:02 2021 +0000
HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=103c31b2300000
start commit: 830a059cbba6 Linux 4.19.186
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=7415cc95f9edb7b9
dashboard link: https://syzkaller.appspot.com/bug?extid=7f1b4f2030ff6be8870e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17fed196d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17227381d00000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
commit 00b16396ad26fbb725d13c305f1d6e372e44f9f5
Author: Nirenjan Krishnan <nire...@gmail.com>
Date: Mon Mar 29 16:10:02 2021 +0000
HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=103c31b2300000
start commit: 830a059cbba6 Linux 4.19.186
git tree: linux-4.19.y
kernel config: https://syzkaller.appspot.com/x/.config?x=7415cc95f9edb7b9
dashboard link: https://syzkaller.appspot.com/bug?extid=7f1b4f2030ff6be8870e
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17fed196d00000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17227381d00000
If the result looks correct, please mark the issue as fixed by replying with:
#syz fix: HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Reply all
Reply to author
Forward
0 new messages