lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20221122062657.GE704954@gauss3.secunet.de>
Date:   Tue, 22 Nov 2022 07:26:57 +0100
From:   Steffen Klassert <steffen.klassert@...unet.com>
To:     Sabrina Dubroca <sd@...asysnail.net>
CC:     syzbot <syzbot+bfb2bee01b9c01fff864@...kaller.appspotmail.com>,
        <davem@...emloft.net>, <edumazet@...gle.com>,
        <herbert@...dor.apana.org.au>, <kuba@...nel.org>,
        <linux-kernel@...r.kernel.org>, <linux-next@...r.kernel.org>,
        <netdev@...r.kernel.org>, <pabeni@...hat.com>,
        <sfr@...b.auug.org.au>, <syzkaller-bugs@...glegroups.com>
Subject: Re: [syzbot] linux-next test error: general protection fault in
 xfrm_policy_lookup_bytype

On Mon, Nov 21, 2022 at 10:41:57PM +0100, Sabrina Dubroca wrote:
> 2022-11-21, 18:15:13 +0100, Steffen Klassert wrote:
> > On Mon, Nov 21, 2022 at 04:07:26PM +0100, Sabrina Dubroca wrote:
> > > 2022-11-21, 05:47:38 -0800, syzbot wrote:
> > > > Hello,
> > > > 
> > > > syzbot found the following issue on:
> > > > 
> > > > HEAD commit:    e4cd8d3ff7f9 Add linux-next specific files for 20221121
> > > > git tree:       linux-next
> > > > console output: https://syzkaller.appspot.com/x/log.txt?x=1472370d880000
> > > > kernel config:  https://syzkaller.appspot.com/x/.config?x=a0ebedc6917bacc1
> > > > dashboard link: https://syzkaller.appspot.com/bug?extid=bfb2bee01b9c01fff864
> > > > compiler:       gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> > > > 
> > > > Downloadable assets:
> > > > disk image: https://storage.googleapis.com/syzbot-assets/b59eb967701d/disk-e4cd8d3f.raw.xz
> > > > vmlinux: https://storage.googleapis.com/syzbot-assets/37a7b43e6e84/vmlinux-e4cd8d3f.xz
> > > > kernel image: https://storage.googleapis.com/syzbot-assets/ebfb0438e6a2/bzImage-e4cd8d3f.xz
> > > > 
> > > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > > Reported-by: syzbot+bfb2bee01b9c01fff864@...kaller.appspotmail.com
> > > > 
> > > > general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN
> > > > KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf]
> > > > CPU: 0 PID: 5295 Comm: kworker/0:3 Not tainted 6.1.0-rc5-next-20221121-syzkaller #0
> > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
> > > > Workqueue: ipv6_addrconf addrconf_dad_work
> > > > RIP: 0010:xfrm_policy_lookup_bytype.cold+0x1c/0x54 net/xfrm/xfrm_policy.c:2139
> > > 
> > > That's the printk at the end of the function, when
> > > xfrm_policy_lookup_bytype returns NULL. It seems to have snuck into
> > > commit c39f95aaf6d1 ("xfrm: Fix oops in __xfrm_state_delete()"), we
> > > can just remove it:
> > > 
> > > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> > > index 3a203c59a11b..e392d8d05e0c 100644
> > > --- a/net/xfrm/xfrm_policy.c
> > > +++ b/net/xfrm/xfrm_policy.c
> > > @@ -2135,9 +2135,6 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
> > >  fail:
> > >  	rcu_read_unlock();
> > >  
> > > -	if (!IS_ERR(ret))
> > > -		printk("xfrm_policy_lookup_bytype: policy if_id %d, wanted if_id  %d\n", ret->if_id, if_id);
> > > -
> > >  	return ret;
> > 
> > Hm, this was not in the original patch. Maybe my tree was not
> > clean when I applied it. Do you want to send a patch, or should
> > I just remove it?
> 
> Go ahead, I guess it's more convenient for you.

I just did a forced push to remove that hunk.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ