lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00000000000047a4cf061f03fb20@google.com>
Date: Tue, 06 Aug 2024 06:43:41 -0700
From: syzbot <syzbot+f52b6db1fe57bfb08d49@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] Re: [syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk

For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com.

***

Subject: Re: [syzbot] [bluetooth?] WARNING in __hci_cmd_sync_sk
Author: djahchankoike@...il.com

#syz test
hci_dev_cmd calls sync functions without holding the
appropriate lock.

Signed-off-by: Diogo Jahchan Koike <djahchankoike@...il.com>
---
 net/bluetooth/hci_core.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index c644b30977bd..34096791364d 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -716,6 +716,8 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
  goto done;
  }

+ hci_req_sync_lock(hdev);
+
  switch (cmd) {
  case HCISETAUTH:
  err = __hci_cmd_sync_status(hdev, HCI_OP_WRITE_AUTH_ENABLE,
@@ -791,6 +793,8 @@ int hci_dev_cmd(unsigned int cmd, void __user *arg)
  break;
  }

+ hci_req_sync_unlock(hdev);
+
 done:
  hci_dev_put(hdev);
  return err;
-- 
2.39.2

On Tue, Aug 6, 2024 at 12:45 AM syzbot <
syzbot+f52b6db1fe57bfb08d49@...kaller.appspotmail.com> wrote:

> Hello,
>
> syzbot tried to test the proposed patch but the build/boot failed:
>
> b 5f5f206220306136
> ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 5f5f206220303237 6433663439666666 66666666660a3032 2e79656b5f5f2062
> ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 382e79656b5f5f20 6220303637643366 3439666666666666 66660a372e79656b
> ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 3063613234663439 6666666666666666 0a302e79656b5f5f 2062203038613234
> ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 5f5f206220303062 3234663439666666 66666666660a312e 79656b5f5f206220
> ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 332e79656b5f5f20 6220303462323466 3439666666666666 66660a322e79656b
> ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 666666660a302e79 656b5f5f20622030 3862323466343966 666666666666660a
> info registers vcpu 2
>
> CPU#2
> RAX=0000000000000000 RBX=ffffc90003347740 RCX=ffffffff813cdd16
> RDX=ffff88802352a440
> RSI=ffffffff813cde49 RDI=0000000000000005 RBP=ffffc90003347ca0
> RSP=ffffc90003347670
> R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001
> R11=0000000000000000
> R12=ffffc90003347748 R13=ffffc90003347750 R14=ffffc90003340000
> R15=ffffc90003348000
> RIP=ffffffff818a7d60 RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 0000000000000000 ffffffff 00c00000
> CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
> DS =0000 0000000000000000 ffffffff 00c00000
> FS =0000 0000000000000000 ffffffff 00c00000
> GS =0000 ffff88806b200000 ffffffff 00c00000
> LDT=0000 0000000000000000 ffffffff 00c00000
> TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
> GDT=     fffffe000008f000 0000007f
> IDT=     fffffe0000000000 00000fff
> CR0=80050033 CR2=00007f7b448feda0 CR3=000000002560c000 CR4=00350ef0
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
> DR3=0000000000000000
> DR6=00000000fffe0ff0 DR7=0000000000000400
> EFER=0000000000000d01
> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0
> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> Opmask00=0000000000000000 Opmask01=0000000000000000
> Opmask02=0000000000000000 Opmask03=0000000000000000
> Opmask04=0000000000000000 Opmask05=0000000000000000
> Opmask06=0000000000000000 Opmask07=0000000000000000
> ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000100040801000 3fff040c01289606
> ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 100000040c012896 0010000108006410
> ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0010000108006410 000e100010808080
> ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0010004080100010 808080040c012896
> ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 2896001000010800 6410000010004080
> ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 6410000e10001080 8080100000040c01
> ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0010808080040c01 2896001000010800
> ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0100100001080064 1000001000408010
> ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 000000c001b047a0
> ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 0000000000000001
> ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000002 000000c00020eba0
> ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 000000c001b047b8
> ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 0000000000000001
> ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000003 000000c00020ebc0
> ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000001 000000c001b047e0
> ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> info registers vcpu 3
>
> CPU#3
> RAX=0000000000000003 RBX=0000000000000000 RCX=1ffffffff1fced3f
> RDX=0000000000000000
> RSI=0000000000000000 RDI=ffff88807ffd77b0 RBP=0000000000000002
> RSP=ffffc90003e27a68
> R8 =0000000000001000 R9 =000000000007efdd R10=ffffffff8fe7391f
> R11=dffffc0000000000
> R12=0000000000000000 R13=0000000000000004 R14=ffff88807ffd7740
> R15=0000000000044d40
> RIP=ffffffff81c84fd0 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 0000000000000000 ffffffff 00c00000
> CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
> SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
> DS =0000 0000000000000000 ffffffff 00c00000
> FS =0000 00007fc2ddb8e280 ffffffff 00c00000
> GS =0000 ffff88806b300000 ffffffff 00c00000
> LDT=0000 0000000000000000 ffffffff 00c00000
> TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
> GDT=     fffffe00000d6000 0000007f
> IDT=     fffffe0000000000 00000fff
> CR0=80050033 CR2=000056367fa7aa10 CR3=0000000022206000 CR4=00350ef0
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000
> DR3=0000000000000000
> DR6=00000000fffe0ff0 DR7=0000000000000400
> EFER=0000000000000d01
> FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
> FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
> FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
> FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
> FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
> Opmask00=00000000fe810000 Opmask01=0000000000410101
> Opmask02=00000000ffffffef Opmask03=0000000000000000
> Opmask04=00000000ffffffff Opmask05=00000000004007ff
> Opmask06=0000000007ffe7ff Opmask07=0000000000000000
> ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffffff ffffff0000000000
> ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
> ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 7373737373737373 7373737373737373
> ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
> ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffffff ffffff0000000000
> ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 ffffffffffffff00 ffffffffffffffff
> ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f 2f2f2f2f2f2f2f2f
> ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 2f646e756f732f00 682e6c6974752f64 65726168732f6372 732f2e2e2f2e2e00
> ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 616c730033706f6f 6c2f6b636f6c622f 6c6175747269762f 736563697665642f
> ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000061 00736576616c732f 33706f6f6c2f6b63 6f6c622f6c617574
> ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 00007fc2dd7f1b00 000056331cd7f560 0000000000000021 0000000000007374
> ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 69305f474f5b647c 6930382432273f39 7b27697a787c7a30 23333a3a38263342
> ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 3a3a263e383a3a26 39383a3a2638383a 3a263b383a3a263a 383a3a26493b3a3a
> ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452
> ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452
> ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
> ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
> ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 4141414141414141 4141414141414141 4141414141414141 4141414141414141
> ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
> ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000
> 2020202020202020 2020202020202020 2020202020202020 2020202020202020
>
>
> syzkaller build log:
> go env (err=<nil>)
> GO111MODULE='auto'
> GOARCH='amd64'
> GOBIN=''
> GOCACHE='/syzkaller/.cache/go-build'
> GOENV='/syzkaller/.config/go/env'
> GOEXE=''
> GOEXPERIMENT=''
> GOFLAGS=''
> GOHOSTARCH='amd64'
> GOHOSTOS='linux'
> GOINSECURE=''
> GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
> GONOPROXY=''
> GONOSUMDB=''
> GOOS='linux'
> GOPATH='/syzkaller/jobs/linux/gopath'
> GOPRIVATE=''
> GOPROXY='https://proxy.golang.org,direct'
> GOROOT='/usr/local/go'
> GOSUMDB='sum.golang.org'
> GOTMPDIR=''
> GOTOOLCHAIN='auto'
> GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
> GOVCS=''
> GOVERSION='go1.21.4'
> GCCGO='gccgo'
> GOAMD64='v1'
> AR='ar'
> CC='gcc'
> CXX='g++'
> CGO_ENABLED='1'
> GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod
> '
> GOWORK=''
> CGO_CFLAGS='-O2 -g'
> CGO_CPPFLAGS=''
> CGO_CXXFLAGS='-O2 -g'
> CGO_FFLAGS='-O2 -g'
> CGO_LDFLAGS='-O2 -g'
> PKG_CONFIG='pkg-config'
> GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0
> -ffile-prefix-map=/tmp/go-build414629084=/tmp/go-build
> -gno-record-gcc-switches'
>
> git status (err=<nil>)
> HEAD detached at 9e136b955
> nothing to commit, working tree clean
>
>
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32:
> https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install
> ./sys/syz-sysgen
> make .descriptions
> tput: No value for $TERM and no -T specified
> tput: No value for $TERM and no -T specified
> Makefile:31: run command via tools/syz-env for best compatibility, see:
> Makefile:32:
> https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
> bin/syz-sysgen
> <https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-envbin/syz-sysgen>
> go fmt ./sys/... >/dev/null
> touch .descriptions
> GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X
> github.com/google/syzkaller/prog.GitRevision=9e136b95503a540d35e7bace3e89b77f13a672b1
> -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240710-085916'"
> "-tags=syz_target syz_os_linux syz_arch_amd64 " -o
> ./bin/linux_amd64/syz-execprog
> github.com/google/syzkaller/tools/syz-execprog
> mkdir -p ./bin/linux_amd64
> g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
>         -m64 -O2 -pthread -Wall -Werror -Wparentheses
> -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow
> -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable
> -Wno-unused-command-line-argument -static-pie -std=c++17 -I.
> -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
>         -DHOSTGOOS_linux=1
> -DGIT_REVISION=\"9e136b95503a540d35e7bace3e89b77f13a672b1\"
> /usr/bin/ld: /tmp/ccGUtGqZ.o: in function `test_cover_filter()':
> executor.cc:(.text+0x133bb): warning: the use of `tempnam' is dangerous,
> better use `mkstemp'
> /usr/bin/ld: /tmp/ccGUtGqZ.o: in function `Connection::Connect(char
> const*, char const*)':
> executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x1a0):
> warning: Using 'gethostbyname' in statically linked applications requires
> at runtime the shared libraries from the glibc version used for linking
>
>
> Error text is too large and was truncated, full error text is at:
> https://syzkaller.appspot.com/x/error.txt?x=128b0bbd980000
>
>
> Tested on:
>
> commit:         b446a2da Merge tag 'linux_kselftest-fixes-6.11-rc3' of..
> git tree:       upstream
> kernel config:  https://syzkaller.appspot.com/x/.config?x=53ca389b28cf423
> dashboard link:
> https://syzkaller.appspot.com/bug?extid=f52b6db1fe57bfb08d49
> compiler:       gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for
> Debian) 2.40
> patch:
> https://syzkaller.appspot.com/x/patch.diff?x=116cbd73980000
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ