syzbot


general protection fault in ieee802154_llsec_parse_key_id

Status: fixed on 2021/05/14 02:49
Reported-by: syzbot+bb9f43da5e70d067d42e@syzkaller.appspotmail.com
Fix commit: 5983b9de012e net: ieee802154: nl-mac: fix check on panid
First crash: 493d, last: 442d

Fix bisection: fixed by (bisect log) :
commit 5983b9de012edaa1149c3114e56c82ec6e9dd957
Author: Alexander Aring <aahringo@redhat.com>
Date: Sun Feb 28 15:18:03 2021 +0000

  net: ieee802154: nl-mac: fix check on panid

similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream general protection fault in ieee802154_llsec_parse_key_id C inconclusive 92 392d 493d 22/22 fixed on 2021/11/10 00:50
linux-4.14 general protection fault in ieee802154_llsec_parse_key_id C done 101 440d 495d 1/1 fixed on 2021/05/17 08:49

Sample crash report:
==================================================================
BUG: KASAN: null-ptr-deref in memcpy include/linux/string.h:377 [inline]
BUG: KASAN: null-ptr-deref in ieee802154_devaddr_from_raw include/net/ieee802154_netdev.h:165 [inline]
BUG: KASAN: null-ptr-deref in nla_get_hwaddr net/ieee802154/nl-mac.c:46 [inline]
BUG: KASAN: null-ptr-deref in ieee802154_llsec_parse_key_id+0x4ec/0x8a0 net/ieee802154/nl-mac.c:574
Read of size 8 at addr 0000000000000004 by task syz-executor252/8141

CPU: 0 PID: 8141 Comm: syz-executor252 Not tainted 4.19.184-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2ef lib/dump_stack.c:118
 kasan_report_error.cold+0x15b/0x1b9 mm/kasan/report.c:352
 kasan_report+0x8f/0xa0 mm/kasan/report.c:412
 memcpy+0x20/0x50 mm/kasan/kasan.c:302
 memcpy include/linux/string.h:377 [inline]
 ieee802154_devaddr_from_raw include/net/ieee802154_netdev.h:165 [inline]
 nla_get_hwaddr net/ieee802154/nl-mac.c:46 [inline]
 ieee802154_llsec_parse_key_id+0x4ec/0x8a0 net/ieee802154/nl-mac.c:574
 llsec_remove_key net/ieee802154/nl-mac.c:904 [inline]
 ieee802154_nl_llsec_change net/ieee802154/nl-mac.c:832 [inline]
 ieee802154_llsec_del_key+0x109/0x240 net/ieee802154/nl-mac.c:912
 genl_family_rcv_msg+0x642/0xc40 net/netlink/genetlink.c:602
 genl_rcv_msg+0xbf/0x160 net/netlink/genetlink.c:627
 netlink_rcv_skb+0x160/0x440 net/netlink/af_netlink.c:2455
 genl_rcv+0x24/0x40 net/netlink/genetlink.c:638
 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]
 netlink_unicast+0x4d5/0x690 net/netlink/af_netlink.c:1344
 netlink_sendmsg+0x6bb/0xc40 net/netlink/af_netlink.c:1909
 sock_sendmsg_nosec net/socket.c:622 [inline]
 sock_sendmsg+0xc3/0x120 net/socket.c:632
 ___sys_sendmsg+0x7bb/0x8e0 net/socket.c:2115
 __sys_sendmsg net/socket.c:2153 [inline]
 __do_sys_sendmsg net/socket.c:2162 [inline]
 __se_sys_sendmsg net/socket.c:2160 [inline]
 __x64_sys_sendmsg+0x132/0x220 net/socket.c:2160
 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x43fab9
Code: 28 c3 e8 5a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffab6e3818 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 000000000043fab9
RDX: 0000000024008144 RSI: 0000000020000200 RDI: 0000000000000004
RBP: 0000000000403520 R08: 0000000000000030 R09: 00000000004004a0
R10: 0000000000000001 R11: 0000000000000246 R12: 00000000004035b0
R13: 0000000000000000 R14: 00000000004ad018 R15: 00000000004004a0
==================================================================

Crashes (64):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-linux-4-19 2021/04/03 05:44 linux-4.19.y 2034d6f0838e 6a81331a .config log report syz C KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/04 00:13 linux-4.19.y 2d19be4653f5 06ed56cd .config log report syz C KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/13 16:56 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/13 11:26 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/12 10:08 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/12 09:59 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/12 06:11 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/12 03:38 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/11 22:00 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/11 13:29 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/10 16:30 linux-4.19.y 830a059cbba6 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/09 20:52 linux-4.19.y b4454811f122 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/09 07:34 linux-4.19.y b4454811f122 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/08 18:10 linux-4.19.y b4454811f122 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/08 02:16 linux-4.19.y b4454811f122 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/06 01:21 linux-4.19.y 2034d6f0838e 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/03 19:52 linux-4.19.y 2034d6f0838e 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/02 10:29 linux-4.19.y 2034d6f0838e 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/01 22:54 linux-4.19.y 2034d6f0838e 6a81331a .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/29 12:21 linux-4.19.y 78fec1611cbf a8529b82 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/29 04:59 linux-4.19.y 78fec1611cbf a8529b82 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/28 13:13 linux-4.19.y 78fec1611cbf a8529b82 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/27 11:48 linux-4.19.y 78fec1611cbf a8529b82 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/27 06:08 linux-4.19.y 78fec1611cbf a8529b82 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/27 05:51 linux-4.19.y 78fec1611cbf a8529b82 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/26 21:03 linux-4.19.y 78fec1611cbf a8529b82 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/25 20:59 linux-4.19.y 78fec1611cbf 6a383ecf .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/25 19:23 linux-4.19.y 78fec1611cbf 6a383ecf .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/23 10:52 linux-4.19.y 125222814e7b 8092f30d .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/21 09:17 linux-4.19.y 125222814e7b 17810eae .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/19 16:10 linux-4.19.y ac3af4beac43 2af9d324 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/18 13:01 linux-4.19.y ac3af4beac43 7216542e .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/18 06:12 linux-4.19.y ac3af4beac43 fdb2bb2c .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/17 04:38 linux-4.19.y 030194a5b292 fdb2bb2c .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/17 00:31 linux-4.19.y 030194a5b292 fdb2bb2c .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/16 08:36 linux-4.19.y 030194a5b292 fdb2bb2c .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/15 04:11 linux-4.19.y 030194a5b292 cc1cff8f .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/12 04:47 linux-4.19.y 030194a5b292 429d8a6b .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/09 21:12 linux-4.19.y 2cae3e25b706 26967e35 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/09 08:24 linux-4.19.y 2cae3e25b706 09fbf400 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/06 19:53 linux-4.19.y dfb571610ba3 e4b4d570 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/06 03:02 linux-4.19.y dfb571610ba3 4a024a9b .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/05 23:03 linux-4.19.y dfb571610ba3 4a024a9b .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/03 21:26 linux-4.19.y 2d19be4653f5 06ed56cd .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/03 03:16 linux-4.19.y 2d19be4653f5 e5b64d68 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/02 19:50 linux-4.19.y 2d19be4653f5 92ead296 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/27 06:25 linux-4.19.y 2d19be4653f5 4c37c133 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/27 03:55 linux-4.19.y 2d19be4653f5 4c37c133 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/26 07:55 linux-4.19.y 2d19be4653f5 76f7fc95 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/25 05:14 linux-4.19.y 2d19be4653f5 fcc6d71b .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/23 18:24 linux-4.19.y 2d19be4653f5 fcc6d71b .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/22 00:36 linux-4.19.y 255b58a2b3af a659b3f1 .config log report info general protection fault in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/13 00:47 linux-4.19.y 830a059cbba6 6a81331a .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/04/02 20:44 linux-4.19.y 2034d6f0838e 6a81331a .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/15 03:04 linux-4.19.y 030194a5b292 cc1cff8f .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/14 10:12 linux-4.19.y 030194a5b292 4a003785 .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/10 04:33 linux-4.19.y 2cae3e25b706 26967e35 .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/08 16:00 linux-4.19.y 2cae3e25b706 09fbf400 .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/03 23:59 linux-4.19.y 2d19be4653f5 06ed56cd .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/03/03 08:39 linux-4.19.y 2d19be4653f5 e5b64d68 .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/28 04:53 linux-4.19.y 2d19be4653f5 4c37c133 .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/23 06:52 linux-4.19.y 255b58a2b3af fcc6d71b .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id
ci2-linux-4-19 2021/02/22 07:00 linux-4.19.y 255b58a2b3af a659b3f1 .config log report info KASAN: null-ptr-deref Read in ieee802154_llsec_parse_key_id