lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <21137e85-c791-4ff7-9492-00ace243d488@kernel.org>
Date: Mon, 26 Aug 2024 13:57:52 +0200
From: Matthieu Baerts <matttbe@...nel.org>
To: syzbot <syzbot+455d38ecd5f655fc45cf@...kaller.appspotmail.com>,
 davem@...emloft.net, edumazet@...gle.com, geliang@...nel.org,
 kuba@...nel.org, linux-kernel@...r.kernel.org, martineau@...nel.org,
 mptcp@...ts.linux.dev, netdev@...r.kernel.org, pabeni@...hat.com,
 syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [mptcp?] WARNING in mptcp_pm_nl_set_flags

Hello,

Thank you for having released this bug report!

On 26/08/2024 10:50, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    8af174ea863c net: mana: Fix race of mana_hwc_post_rx_wqe a..
> git tree:       net
> console output: https://syzkaller.appspot.com/x/log.txt?x=1718a993980000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=df2f0ed7e30a639d
> dashboard link: https://syzkaller.appspot.com/bug?extid=455d38ecd5f655fc45cf
> compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10a653d5980000
> 
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/86225fd99eec/disk-8af174ea.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/fc4394f330d4/vmlinux-8af174ea.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/1f30959324a7/bzImage-8af174ea.xz
> 
> The issue was bisected to:
> 
> commit 322ea3778965da72862cca2a0c50253aacf65fe6
> Author: Matthieu Baerts (NGI0) <matttbe@...nel.org>
> Date:   Mon Aug 19 19:45:26 2024 +0000
> 
>     mptcp: pm: only mark 'subflow' endp as available
> 
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=159fb015980000
> final oops:     https://syzkaller.appspot.com/x/report.txt?x=179fb015980000
> console output: https://syzkaller.appspot.com/x/log.txt?x=139fb015980000
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+455d38ecd5f655fc45cf@...kaller.appspotmail.com
> Fixes: 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available")
> 
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1467 [inline]
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1948 [inline]
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 mptcp_nl_set_flags net/mptcp/pm_netlink.c:1971 [inline]
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 mptcp_pm_nl_set_flags+0x926/0xd50 net/mptcp/pm_netlink.c:2032
> Modules linked in:
> CPU: 1 UID: 0 PID: 5507 Comm: syz.3.20 Not tainted 6.11.0-rc4-syzkaller-00138-g8af174ea863c #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
> RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1467 [inline]
> RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1948 [inline]
> RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:1971 [inline]
> RIP: 0010:mptcp_pm_nl_set_flags+0x926/0xd50 net/mptcp/pm_netlink.c:2032

Arf, my bad, I already fixed the issue in our tree. In fact, I had more
than 15 patches to send, so I decided to split the series, and the fix
is not in -net yet. I forgot syzbot was also checking the netlink API,
imitating a user adding, and removing local MPTCP endpoints. I should
have moved the WARN to a later commit, I will try to remember that next
time!

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ