lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADvbK_cXfDVFJ-eo-+uqXXPT1Xt7qf4bg0Cu6U5Zg7TCLeqoUw@mail.gmail.com>
Date:   Wed, 19 Oct 2022 22:25:47 -0400
From:   Xin Long <lucien.xin@...il.com>
To:     Jakub Kicinski <kuba@...nel.org>
Cc:     syzbot <syzbot+81c4b4bbba6eea2cfcae@...kaller.appspotmail.com>,
        andrew@...n.ch, bagasdotme@...il.com, davem@...emloft.net,
        edumazet@...gle.com, linux-kernel@...r.kernel.org,
        linux@...pel-privat.de, lkp@...el.com, netdev@...r.kernel.org,
        pabeni@...hat.com, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] general protection fault in pse_prepare_data

On Wed, Oct 19, 2022 at 6:31 PM Jakub Kicinski <kuba@...nel.org> wrote:
>
> On Wed, 19 Oct 2022 04:26:35 -0700 syzbot wrote:
> > HEAD commit:    55be6084c8e0 Merge tag 'timers-core-2022-10-05' of git://g..
> > git tree:       upstream
> > console+strace: https://syzkaller.appspot.com/x/log.txt?x=140d5a2c880000
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=df75278aabf0681a
> > dashboard link: https://syzkaller.appspot.com/bug?extid=81c4b4bbba6eea2cfcae
> > compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=13470244880000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=146e88b4880000
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/9d967e5d91fa/disk-55be6084.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/9a8cffcbc089/vmlinux-55be6084.xz
> >
> > Bisection is inconclusive: the first bad commit could be any of:
> >
> > 331834898f2b Merge branch 'add-generic-pse-support'
> > 66741b4e94ca net: pse-pd: add regulator based PSE driver
> > 2a4187f4406e once: rename _SLOW to _SLEEPABLE
> > f05dfdaf567a dt-bindings: net: pse-dt: add bindings for regulator based PoDL PSE controller
> > 18ff0bcda6d1 ethtool: add interface to interact with Ethernet Power Equipment
> > e52f7c1ddf3e Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
> > 681bf011b9b5 eth: pse: add missing static inlines
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=11fc42b4880000
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+81c4b4bbba6eea2cfcae@...kaller.appspotmail.com
> >
> > general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] PREEMPT SMP KASAN
> > KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047]
> > CPU: 1 PID: 3609 Comm: syz-executor227 Not tainted 6.0.0-syzkaller-09589-g55be6084c8e0 #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022
> > RIP: 0010:pse_prepare_data+0x66/0x1e0 net/ethtool/pse-pd.c:67
>
> Yeah, looking at ethtool internals - info can be NULL :(
It seems that eeprom_prepare_data() doesn't check info before
accessing info->extack either.


>
> For reasons I haven't quite grasped yet myself we use a different
> structure for info on do and dump which makes getting to extack in
> generic code inconvenient.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ