Re: [syzbot] WARNING in ieee802154_del_seclevel
On Thu, Apr 1, 2021 at 3:30 PM Alan Stern wrote: > > On Wed, Mar 31, 2021 at 02:03:08PM -0700, syzbot wrote: > > syzbot has bisected this issue to: > > > > commit 416dacb819f59180e4d86a5550052033ebb6d72c > > Author: Alan Stern > > Date: Wed Aug 21 17:27:12 2019 + > > > > HID: hidraw: Fix invalid read in hidraw_ioctl > > > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd0 > > start commit: 6e5a03bc ethernet/netronome/nfp: Fix a use after free in n.. > > git tree: net > > final oops: https://syzkaller.appspot.com/x/report.txt?x=117430fcd0 > > console output: https://syzkaller.appspot.com/x/log.txt?x=167430fcd0 > > kernel config: https://syzkaller.appspot.com/x/.config?x=daeff30c2474a60f > > dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bfe45ed0 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1188e31ad0 > > > > Reported-by: syzbot+fbf4fc11a819824e0...@syzkaller.appspotmail.com > > Fixes: 416dacb819f5 ("HID: hidraw: Fix invalid read in hidraw_ioctl") > > > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection > > It seems likely that the bisection ran off the rails here. This commit > could not have caused a problem, although it may have revealed a > pre-existing problem that previously was hidden. Hi Alan, Yes, bisection log shows it was derailed by: KASAN: use-after-free Read in batadv_iv_ogm_queue_add and: BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low! https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd0 > By the way, what happened to the annotated stack dumps that syzkaller > used to provide in its bug reports? Nothing has changed in this respect, they are still in bug reports: https://lore.kernel.org/lkml/73afff05bbe9a...@google.com/
Re: [syzbot] WARNING in ieee802154_del_seclevel
On Wed, Mar 31, 2021 at 02:03:08PM -0700, syzbot wrote: > syzbot has bisected this issue to: > > commit 416dacb819f59180e4d86a5550052033ebb6d72c > Author: Alan Stern > Date: Wed Aug 21 17:27:12 2019 + > > HID: hidraw: Fix invalid read in hidraw_ioctl > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd0 > start commit: 6e5a03bc ethernet/netronome/nfp: Fix a use after free in n.. > git tree: net > final oops: https://syzkaller.appspot.com/x/report.txt?x=117430fcd0 > console output: https://syzkaller.appspot.com/x/log.txt?x=167430fcd0 > kernel config: https://syzkaller.appspot.com/x/.config?x=daeff30c2474a60f > dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bfe45ed0 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1188e31ad0 > > Reported-by: syzbot+fbf4fc11a819824e0...@syzkaller.appspotmail.com > Fixes: 416dacb819f5 ("HID: hidraw: Fix invalid read in hidraw_ioctl") > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection It seems likely that the bisection ran off the rails here. This commit could not have caused a problem, although it may have revealed a pre-existing problem that previously was hidden. By the way, what happened to the annotated stack dumps that syzkaller used to provide in its bug reports? Alan Stern
Re: [syzbot] WARNING in ieee802154_del_seclevel
syzbot has bisected this issue to: commit 416dacb819f59180e4d86a5550052033ebb6d72c Author: Alan Stern Date: Wed Aug 21 17:27:12 2019 + HID: hidraw: Fix invalid read in hidraw_ioctl bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=127430fcd0 start commit: 6e5a03bc ethernet/netronome/nfp: Fix a use after free in n.. git tree: net final oops: https://syzkaller.appspot.com/x/report.txt?x=117430fcd0 console output: https://syzkaller.appspot.com/x/log.txt?x=167430fcd0 kernel config: https://syzkaller.appspot.com/x/.config?x=daeff30c2474a60f dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b syz repro: https://syzkaller.appspot.com/x/repro.syz?x=13bfe45ed0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1188e31ad0 Reported-by: syzbot+fbf4fc11a819824e0...@syzkaller.appspotmail.com Fixes: 416dacb819f5 ("HID: hidraw: Fix invalid read in hidraw_ioctl") For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: [syzbot] WARNING in ieee802154_del_seclevel
syzbot has found a reproducer for the following issue on: HEAD commit:37f368d8 lan743x: remove redundant intializations of point.. git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=11ede3bed0 kernel config: https://syzkaller.appspot.com/x/.config?x=7eff0f22b8563a5f dashboard link: https://syzkaller.appspot.com/bug?extid=fbf4fc11a819824e027b syz repro: https://syzkaller.appspot.com/x/repro.syz?x=16d31a11d0 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12ca3611d0 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+fbf4fc11a819824e0...@syzkaller.appspotmail.com [ cut here ] DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 1 PID: 8394 at kernel/locking/mutex.c:931 __mutex_lock_common kernel/locking/mutex.c:931 [inline] WARNING: CPU: 1 PID: 8394 at kernel/locking/mutex.c:931 __mutex_lock+0xc0b/0x1120 kernel/locking/mutex.c:1096 Modules linked in: CPU: 1 PID: 8394 Comm: syz-executor533 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:931 [inline] RIP: 0010:__mutex_lock+0xc0b/0x1120 kernel/locking/mutex.c:1096 Code: 08 84 d2 0f 85 a3 04 00 00 8b 05 18 cb be 04 85 c0 0f 85 12 f5 ff ff 48 c7 c6 20 8b 6b 89 48 c7 c7 e0 88 6b 89 e8 b2 3b bd ff <0f> 0b e9 f8 f4 ff ff 65 48 8b 1c 25 00 f0 01 00 be 08 00 00 00 48 RSP: 0018:c90002a2f3f8 EFLAGS: 00010286 RAX: RBX: RCX: RDX: 888020b554c0 RSI: 815c51f5 RDI: f52000545e71 RBP: 8880195a4c90 R08: R09: R10: 815bdf8e R11: R12: R13: dc00 R14: c90002a2f5a8 R15: 888014580014 FS: 01f49300() GS:8880b9d0() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7ffc43046ba8 CR3: 11a5a000 CR4: 001506e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: ieee802154_del_seclevel+0x3f/0x70 net/mac802154/cfg.c:382 rdev_del_seclevel net/ieee802154/rdev-ops.h:284 [inline] nl802154_del_llsec_seclevel+0x1a7/0x250 net/ieee802154/nl802154.c:2093 genl_family_rcv_msg_doit+0x228/0x320 net/netlink/genetlink.c:739 genl_family_rcv_msg net/netlink/genetlink.c:783 [inline] genl_rcv_msg+0x328/0x580 net/netlink/genetlink.c:800 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502 genl_rcv+0x24/0x40 net/netlink/genetlink.c:811 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x440909 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:7ffc43047c38 EFLAGS: 0246 ORIG_RAX: 002e RAX: ffda RBX: 004004a0 RCX: 00440909 RDX: RSI: 22c0 RDI: 0006 RBP: R08: R09: 7ffc43047dd8 R10: R11: 0246 R12: 00403c10 R13: 431bde82d7b634db R14: 004ae018 R15: 004004a0