| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <21137e85-c791-4ff7-9492-00ace243d488@kernel.org>
Date: Mon, 26 Aug 2024 13:57:52 +0200
From: Matthieu Baerts <matttbe@...nel.org>
To: syzbot <syzbot+455d38ecd5f655fc45cf@...kaller.appspotmail.com>,
davem@...emloft.net, edumazet@...gle.com, geliang@...nel.org,
kuba@...nel.org, linux-kernel@...r.kernel.org, martineau@...nel.org,
mptcp@...ts.linux.dev, netdev@...r.kernel.org, pabeni@...hat.com,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [mptcp?] WARNING in mptcp_pm_nl_set_flags
Hello,
Thank you for having released this bug report!
On 26/08/2024 10:50, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 8af174ea863c net: mana: Fix race of mana_hwc_post_rx_wqe a..
> git tree: net
> console output: https://syzkaller.appspot.com/x/log.txt?x=1718a993980000
> kernel config: https://syzkaller.appspot.com/x/.config?x=df2f0ed7e30a639d
> dashboard link: https://syzkaller.appspot.com/bug?extid=455d38ecd5f655fc45cf
> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10a653d5980000
>
> Downloadable assets:
> disk image: https://storage.googleapis.com/syzbot-assets/86225fd99eec/disk-8af174ea.raw.xz
> vmlinux: https://storage.googleapis.com/syzbot-assets/fc4394f330d4/vmlinux-8af174ea.xz
> kernel image: https://storage.googleapis.com/syzbot-assets/1f30959324a7/bzImage-8af174ea.xz
>
> The issue was bisected to:
>
> commit 322ea3778965da72862cca2a0c50253aacf65fe6
> Author: Matthieu Baerts (NGI0) <matttbe@...nel.org>
> Date: Mon Aug 19 19:45:26 2024 +0000
>
> mptcp: pm: only mark 'subflow' endp as available
>
> bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=159fb015980000
> final oops: https://syzkaller.appspot.com/x/report.txt?x=179fb015980000
> console output: https://syzkaller.appspot.com/x/log.txt?x=139fb015980000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+455d38ecd5f655fc45cf@...kaller.appspotmail.com
> Fixes: 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available")
>
> ------------[ cut here ]------------
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 __mark_subflow_endp_available net/mptcp/pm_netlink.c:1467 [inline]
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1948 [inline]
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 mptcp_nl_set_flags net/mptcp/pm_netlink.c:1971 [inline]
> WARNING: CPU: 1 PID: 5507 at net/mptcp/pm_netlink.c:1467 mptcp_pm_nl_set_flags+0x926/0xd50 net/mptcp/pm_netlink.c:2032
> Modules linked in:
> CPU: 1 UID: 0 PID: 5507 Comm: syz.3.20 Not tainted 6.11.0-rc4-syzkaller-00138-g8af174ea863c #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
> RIP: 0010:__mark_subflow_endp_available net/mptcp/pm_netlink.c:1467 [inline]
> RIP: 0010:mptcp_pm_nl_fullmesh net/mptcp/pm_netlink.c:1948 [inline]
> RIP: 0010:mptcp_nl_set_flags net/mptcp/pm_netlink.c:1971 [inline]
> RIP: 0010:mptcp_pm_nl_set_flags+0x926/0xd50 net/mptcp/pm_netlink.c:2032
Arf, my bad, I already fixed the issue in our tree. In fact, I had more
than 15 patches to send, so I decided to split the series, and the fix
is not in -net yet. I forgot syzbot was also checking the netlink API,
imitating a user adding, and removing local MPTCP endpoints. I should
have moved the WARN to a later commit, I will try to remember that next
time!
Cheers,
Matt
--
Sponsored by the NGI0 Core fund.
Powered by blists - more mailing lists