| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Mar 2024 07:53:02 -0700
From: syzbot <syzbot+7ea9413ea6749baf5574@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, ryasuoka@...hat.com,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [net?] [nfc?] KMSAN: uninit-value in nci_dev_up
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
][ T1] usbcore: registered new interface driver es2_ap_driver
[ 42.422197][ T1] comedi: version 0.7.76 - http://www.comedi.org
[ 42.430658][ T1] usbcore: registered new interface driver dt9812
[ 42.438267][ T1] usbcore: registered new interface driver ni6501
[ 42.446411][ T1] usbcore: registered new interface driver usbdux
[ 42.453934][ T1] usbcore: registered new interface driver usbduxfast
[ 42.463997][ T1] usbcore: registered new interface driver usbduxsigma
[ 42.473612][ T1] usbcore: registered new interface driver vmk80xx
[ 42.483836][ T1] usbcore: registered new interface driver prism2_usb
[ 42.494704][ T1] usbcore: registered new interface driver r8712u
[ 42.503460][ T1] greybus: registered new driver hid
[ 42.512311][ T1] greybus: registered new driver gbphy
[ 42.519579][ T1] gb_gbphy: registered new driver usb
[ 42.527020][ T1] asus_wmi: ASUS WMI generic driver loaded
[ 42.731296][ T1] usbcore: registered new interface driver snd-usb-audio
[ 42.741620][ T1] usbcore: registered new interface driver snd-ua101
[ 42.749952][ T1] usbcore: registered new interface driver snd-usb-usx2y
[ 42.758661][ T1] usbcore: registered new interface driver snd-usb-us122l
[ 42.767118][ T1] usbcore: registered new interface driver snd-usb-caiaq
[ 42.775321][ T1] usbcore: registered new interface driver snd-usb-6fire
[ 42.783674][ T1] usbcore: registered new interface driver snd-usb-hiface
[ 42.791997][ T1] usbcore: registered new interface driver snd-bcd2000
[ 42.800157][ T1] usbcore: registered new interface driver snd_usb_pod
[ 42.808478][ T1] usbcore: registered new interface driver snd_usb_podhd
[ 42.816850][ T1] usbcore: registered new interface driver snd_usb_toneport
[ 42.825534][ T1] usbcore: registered new interface driver snd_usb_variax
[ 42.833932][ T1] drop_monitor: Initializing network drop monitor service
[ 42.842629][ T1] NET: Registered PF_LLC protocol family
[ 42.848636][ T1] GACT probability on
[ 42.853209][ T1] Mirror/redirect action on
[ 42.858743][ T1] Simple TC action Loaded
[ 42.871438][ T1] netem: version 1.3
[ 42.879018][ T1] u32 classifier
[ 42.882828][ T1] Performance counters on
[ 42.887765][ T1] input device check on
[ 42.892411][ T1] Actions configured
[ 42.920768][ T1] nf_conntrack_irc: failed to register helpers
[ 42.927913][ T1] nf_conntrack_sane: failed to register helpers
[ 43.075226][ T1] nf_conntrack_sip: failed to register helpers
[ 43.093698][ T1] xt_time: kernel timezone is -0000
[ 43.099798][ T1] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[ 43.107126][ T1] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 43.117858][ T1] IPVS: ipvs loaded.
[ 43.122006][ T1] IPVS: [rr] scheduler registered.
[ 43.127305][ T1] IPVS: [wrr] scheduler registered.
[ 43.132903][ T1] IPVS: [lc] scheduler registered.
[ 43.138550][ T1] IPVS: [wlc] scheduler registered.
[ 43.144107][ T1] IPVS: [fo] scheduler registered.
[ 43.149582][ T1] IPVS: [ovf] scheduler registered.
[ 43.155079][ T1] IPVS: [lblc] scheduler registered.
[ 43.160612][ T1] IPVS: [lblcr] scheduler registered.
[ 43.166196][ T1] IPVS: [dh] scheduler registered.
[ 43.171697][ T1] IPVS: [sh] scheduler registered.
[ 43.177019][ T1] IPVS: [mh] scheduler registered.
[ 43.182292][ T1] IPVS: [sed] scheduler registered.
[ 43.188071][ T1] IPVS: [nq] scheduler registered.
[ 43.193517][ T1] IPVS: [twos] scheduler registered.
[ 43.199089][ T1] IPVS: [sip] pe registered.
[ 43.206293][ T1] ipip: IPv4 and MPLS over IPv4 tunneling driver
[ 43.220297][ T1] gre: GRE over IPv4 demultiplexor driver
[ 43.226392][ T1] ip_gre: GRE over IPv4 tunneling driver
[ 43.253883][ T1] IPv4 over IPsec tunneling driver
[ 43.270573][ T1] Initializing XFRM netlink socket
[ 43.278345][ T1] IPsec XFRM device driver
[ 43.284328][ T1] NET: Registered PF_INET6 protocol family
[ 43.337639][ T1] Segment Routing with IPv6
[ 43.342341][ T1] RPL Segment Routing with IPv6
[ 43.349039][ T1] In-situ OAM (IOAM) with IPv6
[ 43.355176][ T1] mip6: Mobile IPv6
[ 43.363111][ T1] =====================================================
[ 43.363352][ T1] BUG: KMSAN: use-after-free in __list_add_valid_or_report+0xeb/0x2c0
[ 43.363499][ T1] __list_add_valid_or_report+0xeb/0x2c0
[ 43.363629][ T1] stack_depot_save_flags+0x554/0x6a0
[ 43.363748][ T1] stack_depot_save+0x12/0x20
[ 43.363852][ T1] ref_tracker_alloc+0x215/0x700
[ 43.363968][ T1] net_rx_queue_update_kobjects+0x1eb/0xa80
[ 43.364082][ T1] netdev_register_kobject+0x30e/0x530
[ 43.364186][ T1] register_netdevice+0x1995/0x2180
[ 43.364280][ T1] register_netdev+0xa5/0xe0
[ 43.364365][ T1] vti6_init_net+0x3f9/0x6a0
[ 43.364486][ T1] ops_init+0x30c/0x880
[ 43.364570][ T1] register_pernet_operations+0x523/0xa00
[ 43.364660][ T1] register_pernet_device+0x4f/0x180
[ 43.364742][ T1] vti6_tunnel_init+0x34/0x450
[ 43.364783][ T1] do_one_initcall+0x219/0x970
[ 43.364964][ T1] do_initcall_level+0x140/0x350
[ 43.364964][ T1] do_initcalls+0xf0/0x1e0
[ 43.364964][ T1] do_basic_setup+0x22/0x30
[ 43.364964][ T1] kernel_init_freeable+0x30b/0x4c0
[ 43.364964][ T1] kernel_init+0x2f/0x7e0
[ 43.364964][ T1] ret_from_fork+0x6d/0x90
[ 43.364964][ T1] ret_from_fork_asm+0x1a/0x30
[ 43.364964][ T1]
[ 43.364964][ T1] Uninit was created at:
[ 43.364964][ T1] free_unref_page_prepare+0xc1/0xad0
[ 43.364964][ T1] free_unref_page+0x59/0x730
[ 43.364964][ T1] destroy_large_folio+0x12a/0x1d0
[ 43.364964][ T1] __folio_put_large+0x101/0x110
[ 43.364964][ T1] __folio_put+0x153/0x160
[ 43.364964][ T1] free_large_kmalloc+0x167/0x210
[ 43.364964][ T1] kfree+0x4e3/0xa40
[ 43.364964][ T1] kmsan_vmap_pages_range_noflush+0x347/0x3d0
[ 43.364964][ T1] __vmalloc_node_range+0x217c/0x28c0
[ 43.364964][ T1] vmalloc_huge+0x92/0xb0
[ 43.364964][ T1] alloc_large_system_hash+0x459/0xa30
[ 43.364964][ T1] dcache_init+0x125/0x220
[ 43.364964][ T1] vfs_caches_init+0x7c/0xd0
[ 43.364964][ T1] start_kernel+0x8d8/0xa60
[ 43.364964][ T1] x86_64_start_reservations+0x2e/0x30
[ 43.364964][ T1] x86_64_start_kernel+0x98/0xa0
[ 43.364964][ T1] secondary_startup_64_no_verify+0x15f/0x16b
[ 43.364964][ T1]
[ 43.364964][ T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-01185-g855684c7d938-dirty #0
[ 43.364964][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 43.364964][ T1] =====================================================
[ 43.364964][ T1] Disabling lock debugging due to kernel taint
[ 43.364964][ T1] Kernel panic - not syncing: kmsan.panic set ...
[ 43.364964][ T1] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G B 6.8.0-syzkaller-01185-g855684c7d938-dirty #0
[ 43.364964][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
[ 43.364964][ T1] Call Trace:
[ 43.364964][ T1] <TASK>
[ 43.364964][ T1] dump_stack_lvl+0x1bf/0x240
[ 43.364964][ T1] dump_stack+0x1e/0x30
[ 43.364964][ T1] panic+0x4e2/0xcc0
[ 43.364964][ T1] ? kmsan_get_metadata+0x121/0x1c0
[ 43.364964][ T1] kmsan_report+0x2d5/0x2e0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? __msan_warning+0x95/0x110
[ 43.364964][ T1] ? __list_add_valid_or_report+0xeb/0x2c0
[ 43.364964][ T1] ? stack_depot_save_flags+0x554/0x6a0
[ 43.364964][ T1] ? stack_depot_save+0x12/0x20
[ 43.364964][ T1] ? ref_tracker_alloc+0x215/0x700
[ 43.364964][ T1] ? net_rx_queue_update_kobjects+0x1eb/0xa80
[ 43.364964][ T1] ? netdev_register_kobject+0x30e/0x530
[ 43.364964][ T1] ? register_netdevice+0x1995/0x2180
[ 43.364964][ T1] ? register_netdev+0xa5/0xe0
[ 43.364964][ T1] ? vti6_init_net+0x3f9/0x6a0
[ 43.364964][ T1] ? ops_init+0x30c/0x880
[ 43.364964][ T1] ? register_pernet_operations+0x523/0xa00
[ 43.364964][ T1] ? register_pernet_device+0x4f/0x180
[ 43.364964][ T1] ? vti6_tunnel_init+0x34/0x450
[ 43.364964][ T1] ? do_one_initcall+0x219/0x970
[ 43.364964][ T1] ? do_initcall_level+0x140/0x350
[ 43.364964][ T1] ? do_initcalls+0xf0/0x1e0
[ 43.364964][ T1] ? do_basic_setup+0x22/0x30
[ 43.364964][ T1] ? kernel_init_freeable+0x30b/0x4c0
[ 43.364964][ T1] ? kernel_init+0x2f/0x7e0
[ 43.364964][ T1] ? ret_from_fork+0x6d/0x90
[ 43.364964][ T1] ? ret_from_fork_asm+0x1a/0x30
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 43.364964][ T1] ? _raw_spin_lock_irqsave+0x35/0xc0
[ 43.364964][ T1] ? filter_irq_stacks+0x60/0x1a0
[ 43.364964][ T1] ? stack_depot_save_flags+0x2c/0x6a0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 43.364964][ T1] __msan_warning+0x95/0x110
[ 43.364964][ T1] __list_add_valid_or_report+0xeb/0x2c0
[ 43.364964][ T1] stack_depot_save_flags+0x554/0x6a0
[ 43.364964][ T1] stack_depot_save+0x12/0x20
[ 43.364964][ T1] ref_tracker_alloc+0x215/0x700
[ 43.364964][ T1] ? dev_uevent_filter+0x53/0x110
[ 43.364964][ T1] ? net_rx_queue_update_kobjects+0x1eb/0xa80
[ 43.364964][ T1] ? netdev_register_kobject+0x30e/0x530
[ 43.364964][ T1] ? register_netdevice+0x1995/0x2180
[ 43.364964][ T1] ? register_netdev+0xa5/0xe0
[ 43.364964][ T1] ? vti6_init_net+0x3f9/0x6a0
[ 43.364964][ T1] ? ops_init+0x30c/0x880
[ 43.364964][ T1] ? register_pernet_operations+0x523/0xa00
[ 43.364964][ T1] ? register_pernet_device+0x4f/0x180
[ 43.364964][ T1] ? vti6_tunnel_init+0x34/0x450
[ 43.364964][ T1] ? do_one_initcall+0x219/0x970
[ 43.364964][ T1] ? do_initcall_level+0x140/0x350
[ 43.364964][ T1] ? do_initcalls+0xf0/0x1e0
[ 43.364964][ T1] ? do_basic_setup+0x22/0x30
[ 43.364964][ T1] ? kernel_init_freeable+0x30b/0x4c0
[ 43.364964][ T1] ? kernel_init+0x2f/0x7e0
[ 43.364964][ T1] ? ret_from_fork+0x6d/0x90
[ 43.364964][ T1] net_rx_queue_update_kobjects+0x1eb/0xa80
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] netdev_register_kobject+0x30e/0x530
[ 43.364964][ T1] register_netdevice+0x1995/0x2180
[ 43.364964][ T1] register_netdev+0xa5/0xe0
[ 43.364964][ T1] vti6_init_net+0x3f9/0x6a0
[ 43.364964][ T1] ? __pfx_vti6_init_net+0x10/0x10
[ 43.364964][ T1] ops_init+0x30c/0x880
[ 43.364964][ T1] register_pernet_operations+0x523/0xa00
[ 43.364964][ T1] register_pernet_device+0x4f/0x180
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] vti6_tunnel_init+0x34/0x450
[ 43.364964][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 43.364964][ T1] do_one_initcall+0x219/0x970
[ 43.364964][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 43.364964][ T1] ? parse_args+0x266/0x1600
[ 43.364964][ T1] ? filter_irq_stacks+0x60/0x1a0
[ 43.364964][ T1] ? stack_depot_save_flags+0x2c/0x6a0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 43.364964][ T1] ? parse_args+0x152c/0x1600
[ 43.364964][ T1] ? kmsan_get_metadata+0x146/0x1c0
[ 43.364964][ T1] ? kmsan_get_shadow_origin_ptr+0x4d/0xa0
[ 43.364964][ T1] ? __pfx_vti6_tunnel_init+0x10/0x10
[ 43.375029][ T1] do_initcall_level+0x140/0x350
[ 43.375029][ T1] do_initcalls+0xf0/0x1e0
[ 43.375216][ T1] ? __pfx_native_smp_prepare_cpus+0x10/0x10
[ 43.375216][ T1] do_basic_setup+0x22/0x30
[ 43.375216][ T1] kernel_init_freeable+0x30b/0x4c0
[ 43.375216][ T1] ? __pfx_kernel_init+0x10/0x10
[ 43.375216][ T1] kernel_init+0x2f/0x7e0
[ 43.375216][ T1] ? __pfx_kernel_init+0x10/0x10
[ 43.375216][ T1] ret_from_fork+0x6d/0x90
[ 43.375216][ T1] ? __pfx_kernel_init+0x10/0x10
[ 43.375216][ T1] ret_from_fork_asm+0x1a/0x30
[ 43.375216][ T1] </TASK>
[ 43.375216][ T1] Kernel Offset: disabled
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.4'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build870398676=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at 1e153dc8b
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:32: run command via tools/syz-env for best compatibility, see:
Makefile:33: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1e153dc8b31e685ca8495576db4f8c077585e39c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240123-140118'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1e153dc8b31e685ca8495576db4f8c077585e39c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240123-140118'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=1e153dc8b31e685ca8495576db4f8c077585e39c -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240123-140118'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress
mkdir -p ./bin/linux_amd64
gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"1e153dc8b31e685ca8495576db4f8c077585e39c\"
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=12af9786180000
Tested on:
commit: 855684c7 Merge tag 'x86_tdx_for_6.9' of git://git.kern..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=6b3a9c97e8057f25
dashboard link: https://syzkaller.appspot.com/bug?extid=7ea9413ea6749baf5574
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=12ba6c69180000
Powered by blists - more mailing lists