Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0150BC7EE2E for ; Mon, 27 Feb 2023 06:34:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229765AbjB0GeX (ORCPT ); Mon, 27 Feb 2023 01:34:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41240 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229451AbjB0GeV (ORCPT ); Mon, 27 Feb 2023 01:34:21 -0500 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2053.outbound.protection.outlook.com [40.107.223.53]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0940ECC07; Sun, 26 Feb 2023 22:34:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OJ1F4u2goi2wMQAgJn6gPvimqF1a8oVckUV5ocqv8WHT+xf+8AkZK0HjGBg97VMKqy/pTdANuvQwqvYPXHLKhNIf6kBFeljMn5IgcsNyx5NYFdj8N/Hi3x1LO44Q9XG8IU44m8U1q8+kpCbdvPGikKuFGSGTYBoasfLFSFQ0s1odQag9c5U9d6FsIbTUBOccFKYnVsAFGFNobqFniK89iCFLTU5w61oqQnPxH+ySamxW8fiIU3o0sEsqZdKKXy+WMSdZqIacHcEmn0kVVaWQsX5PX6fH/nSlMWQ9vdKX44rSJZCt0RvSMggxszlGqbybky1jti/pfQSuVvQuF3t3IA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=x2jTRgDy6HNGLQ46JG8bhaQwsiZ56rFsTe7Rivz1sd4=; b=OREh8mucmDMX9yNTtbCDPiv10iRxJUe6Y96jkVylE9p1FWmtgotZpm8qRFFehwx5zJEpDBVcmKe0bvxVE55qDoHOWG0F2Arzk56KcUB0FFuU2NKqTh61oxRsBLbWEKX8QTII3ygs2sGjTgUKQTpcWgCfIA4H9DdTg38HvjUqRZ6KUH9VewEFnx3YiIi1l9bPWqyr5I7aeQrxPgNMbpd7LJK7UaHxG9ZTlAO8wWtVGhvpW2JXmcK2r7h/TFguhvRavUkNE6m0GMpMF4eXaf1l4SvKfur5a7x6iuHeF/A0tpbBZv8TbCa22ShbJHJoAg0VxkUGMCe6KIAcCX2ydO9k1A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=knights.ucf.edu; dmarc=pass action=none header.from=knights.ucf.edu; dkim=pass header.d=knights.ucf.edu; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=knightsucfedu39751.onmicrosoft.com; s=selector2-knightsucfedu39751-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x2jTRgDy6HNGLQ46JG8bhaQwsiZ56rFsTe7Rivz1sd4=; b=Dm8XCGLBlmnzT7Cnjmf8UAuyw3aE8rP8qP5R3EfjpzrBYmTE1njRXNAMvTBtHiPAc6rw9BKJJUL+NjPQ73vQzs3W/vGac7Of1DEN8gTVdPi8iL/M1qzT6DKDV5SoJX9a0FzqS9xiD2ehrdc71eTWkNEab9Yx9YtH6cSRs7knKg0= Received: from IA1PR07MB9830.namprd07.prod.outlook.com (2603:10b6:208:44b::14) by SJ0PR07MB8584.namprd07.prod.outlook.com (2603:10b6:a03:371::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6134.25; Mon, 27 Feb 2023 06:34:15 +0000 Received: from IA1PR07MB9830.namprd07.prod.outlook.com ([fe80::d883:f078:37f:dace]) by IA1PR07MB9830.namprd07.prod.outlook.com ([fe80::d883:f078:37f:dace%4]) with mapi id 15.20.6134.029; Mon, 27 Feb 2023 06:34:15 +0000 From: Sanan Hasanov To: "alex.aring@gmail.com" , "stefan@datenfreihafen.org" , "miquel.raynal@bootlin.com" , "davem@davemloft.net" , "edumazet@google.com" , "kuba@kernel.org" , "pabeni@redhat.com" , "linux-wpan@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: "syzkaller@googlegroups.com" , "contact@pgazz.com" Subject: general protection fault in nl802154_trigger_scan Thread-Topic: general protection fault in nl802154_trigger_scan Thread-Index: AQHZSm/2aDWAs9JcO0O7fV0iUpc7eg== Date: Mon, 27 Feb 2023 06:34:15 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=Knights.ucf.edu; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: IA1PR07MB9830:EE_|SJ0PR07MB8584:EE_ x-ms-office365-filtering-correlation-id: 991b44f8-15f5-45cb-87a7-08db188ca5a2 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 3ONCP/SrOWiXuFW4TG2AFNs2baLiRfXpptAfDakyiMD609TbIS1MV5kA+W0kTXFJB7DxjmJmGYDq3WTmzyipqdELYs8CmobOIYJujKiGmHnFQUdNOcHAgS5ignizBO2k4JPlbb2OtHVfyfqW0Xm0OhcgxvUdFaFSIWbL5jvDkHkegtvjEqXdpHQ2ohL1rsk2pMwxBjTt94laGe9sSM8ZUvracaGY2fo83OFR7B7alQ5d6ZD/Ym05Rtdl8YBJZCVzyOSyCPYKm4f2SrzbuTawpiNhlwVK7tq0zbG7CbEHGW2Lbyo+vvvcB9HdYJOIkstOVFOfifZ6LVr/bCBCi0resNkZ9g5os97yNlv03VYzTELgf0Mu/Wp8nvlrlXR5yewL179Z+nyeqp9TUADN6hUeGl2yhO1PLz29lViPuVOauDq+cMt7QspfYeGmdrU9ZTxqQ3M05/yDBM3rf2JF2t1Y6R0QA/3vCCpFMcHBo6E2hx1UO+7T52L4BYmt23x4vSDCrXsV+w5h6wmmJT7J12gpZOqDgo7wBj9VG3iaOKsI//otuZWXg3XZNryTUalLdyTCCrBJYVHifMAEuqDcQoIBOlDIhSFvpyXjJlWizU4bex8sjsPwr7zdVQ7bqyXla+oHAIuUFtVqRbdl5leLFXP7K0Z1VfY8i1jjZrrVCtcV/jnc5KmwdLKeTAB/Y3Uh6YnU/YlC8rAuGWdAjOmyZuAltw+xA7MYZ3Pj2P6GFZ5egM8= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:IA1PR07MB9830.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(39860400002)(376002)(366004)(346002)(136003)(396003)(451199018)(8936002)(5660300002)(7416002)(52536014)(91956017)(71200400001)(44832011)(41300700001)(2906002)(66556008)(76116006)(66446008)(66946007)(64756008)(4326008)(8676002)(66476007)(110136005)(786003)(54906003)(316002)(478600001)(7696005)(45080400002)(966005)(6506007)(26005)(186003)(9686003)(5930299012)(86362001)(75432002)(41320700001)(83380400001)(38070700005)(921005)(33656002)(55016003)(122000001)(38100700002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?DSAMYQdWJrfLY0xbbUKdiPxChfdl1vMlJBJFeRAfg6L1ep59nUHWeUcmQP?= =?iso-8859-1?Q?F6ZybGggND3bFEDGfJaZXvkqUOKwQTHLh9HQVWrE3NbZBxErLVdigm04Cx?= =?iso-8859-1?Q?RASBHKh/O1lfhHchvWNyDoTV/zqUWZe1NQZiQvn5qnibntkzTBKiZgRobb?= =?iso-8859-1?Q?CMzz0D90PSvUW925zOj5CQBL1cB0j0MG82nNLGDZe/8ynaytjarAW0ioKI?= =?iso-8859-1?Q?JuFsrG2znuWUyX+A+cQJgL8CpBbsDff7lC7Wa3R/CFg8FwLHbllx5aRmII?= =?iso-8859-1?Q?ykKu/r1ZjQ8uDVW8qADlE15MfFw9HbCI/GUOJyyOREmz4Z8MOt7K5Mk6bF?= =?iso-8859-1?Q?vXAPBIqYtSBR3oV90BDLOBXOKCOCJwPcgV++QJJNCBF89RAm8JJ/HIF5Gx?= =?iso-8859-1?Q?XZDbwmQ3EHnRI1BgvkgC0YF0oi8+5ZaSVz2l8vYE8LbYGtLP6TzrsmYCSC?= =?iso-8859-1?Q?U82gnKpGSD4h6qxze5S1S2/IXmRwqGcZzOsH6LTt3avGIhzoVuzIMwnmCE?= =?iso-8859-1?Q?SQBmnPJogD2JykX2uidTOKpzgSPDFrfz6FJpddZKidQ0eUSUnRAR114tm8?= =?iso-8859-1?Q?irj49cPq6ig6Fa79c3nLqoxIB5YcHKWNDAffY7UXbi28I3J3oSJ2EtkYy3?= =?iso-8859-1?Q?pj4Uw5gQhKYCqLcUe4RkyHX2KlDx7vaACG5uSJlSt9sHFx3v2J5lejnnvi?= =?iso-8859-1?Q?1xx6luLJ5VuszMl2B6pvSNvz1O3guLUFXhOaK+Bq6olQYuAQeZoIOtBm54?= =?iso-8859-1?Q?XZ+GPx/mIuE1o8m5DNRJDqbs56+8DjDJE6CrAZho4jgplia9ovkoURloRN?= =?iso-8859-1?Q?lirlFhpBPAIS6P9sUFm0/8OoQ9Qp9mjBiAdvJdMKpLZLye6zs6raUcwqNf?= =?iso-8859-1?Q?D44tg0DZsNMe0OZNN12NA4c1Uno3CQWvVGwG6gDiSmI6s8nQzZzyiv2cgA?= =?iso-8859-1?Q?l+lfRfNYI7qxss+jZKj0RFdTdKfYnp5Ony5Xlr0I67qGxBKH5R8gkHy8F2?= =?iso-8859-1?Q?6pTdT9aGfdXjkHB3tGpbPqdgq7NrUrE+Oz24rb4uSaHV6ijXUKCf93UBCB?= =?iso-8859-1?Q?BA/fGp6QuYEWus2whIVm3TH6fxkxVzlWIO2UHhDPxM3/7VBg4d7yJspbZs?= =?iso-8859-1?Q?yQPAi48aBROD2zFupIh8oJTEzrUXFY3VnTFHWka9sF+BbZvrz/xz9asCXm?= =?iso-8859-1?Q?e5b5i+ucYJwE1SU7SIIkW8sY6pbeHt9BotvnyIeQAq4X2vFQJ068UL0ErQ?= =?iso-8859-1?Q?x092Tu1DScsnTmZCU4wFDkpUAxNlMKBHczL062ztYGzrL01p40U8O/nfM5?= =?iso-8859-1?Q?yYXpM1NktFA65UeAHD4FiwGJVokYCRdCx+gZctedRiq3Oi6AsTb6ha7w/J?= =?iso-8859-1?Q?bJkOBIaIHEHmdlnd/X/Sj2uyBwN/BgSdiTCJ605WTqmdKakO8TnstqPLSG?= =?iso-8859-1?Q?9QIMfYhuYDoe8fjJ9NbLUjxrtMjUSzYg4tuvHBX7l/KNOVf2HxkiFQVCnh?= =?iso-8859-1?Q?i3C1t4Tu33o55qGB91JauKJmhU7Zxv398RuJ/cNJQ5wPaw9IWJVK/PeuDo?= =?iso-8859-1?Q?Wd0To/svWfHXm6cuGFGizzQHQAxO8tqGsEdchy83gTyC2LvMyY61Q2TryS?= =?iso-8859-1?Q?oNQL6URKc2aMN94RdBHV5AROoffnXKZZuXgDOg6N0Do4iBbzefieDQdQ?= =?iso-8859-1?Q?=3D=3D?= Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: knights.ucf.edu X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: IA1PR07MB9830.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 991b44f8-15f5-45cb-87a7-08db188ca5a2 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2023 06:34:15.6124 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5b16e182-78b3-412c-9196-68342689eeb7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: IEwvNeGdt9qd5AtVBztcFVxGL5g9DieW1ixoOcaJiBmkWCP4HjgpqS/ACTTwhAyw48wlo77KzDrme6yOkw9aDSjb72sagC+la7m8RcTOUnA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR07MB8584 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Good day, dear maintainers,=0A= =0A= We found a bug using a modified kernel configuration file used by syzbot.= =0A= =0A= We enhanced the coverage of the configuration file using our tool, klocaliz= er.=0A= =0A= Kernel Branch: 6.2.0-next-20230224=0A= Kernel config:=A0https://drive.google.com/file/d/1nlVJD4vp7iMOPapFzdASZQ7JS= iDf6SwY/view?usp=3Dshare_link=0A= C Reproducer:=A0Unfortunately, there is no reproducer yet=0A= =0A= Thank you!=0A= =0A= Best regards,=0A= Sanan Hasanov=0A= =0A= general protection fault, probably for non-canonical address 0xdffffc000000= 0000: 0000 [#1] PREEMPT SMP KASAN=0A= KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]=0A= CPU: 4 PID: 26115 Comm: syz-executor.2 Not tainted 6.2.0-next-20230224 #1= =0A= Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/= 2014=0A= RIP: 0010:nl802154_trigger_scan+0x132/0xc40=0A= Code: 48 c1 ea 03 80 3c 02 00 0f 85 e1 09 00 00 48 8b ad f8 00 00 00 48 b8 = 00 00 00 00 00 fc ff df 48 8d 7d 04 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 8= 9 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 90 07 00 00=0A= RSP: 0018:ffffc9000b087550 EFLAGS: 00010257=0A= RAX: dffffc0000000000 RBX: ffffc9000b0875c0 RCX: ffffc9000df9a000=0A= RDX: 0000000000000000 RSI: ffffffff88a65a91 RDI: 0000000000000004=0A= RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001=0A= R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810f098c10=0A= R13: ffff88810f050000 R14: ffff88810f0500a0 R15: ffffc9000b0875e0=0A= FS: 00007f7b8a7fe700(0000) GS:ffff88811a200000(0000) knlGS:000000000000000= 0=0A= CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033=0A= CR2: 00007ffd3780efdc CR3: 000000004dd9e000 CR4: 0000000000350ee0=0A= Call Trace:=0A= =0A= genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0=0A= genl_rcv_msg+0x4ff/0x7e0=0A= netlink_rcv_skb+0x165/0x440=0A= genl_rcv+0x28/0x40=0A= netlink_unicast+0x547/0x7f0=0A= netlink_sendmsg+0x92f/0xe50=0A= sock_sendmsg+0xde/0x190=0A= ____sys_sendmsg+0x717/0x900=0A= ___sys_sendmsg+0x11d/0x1b0=0A= __sys_sendmsg+0xfe/0x1d0=0A= do_syscall_64+0x39/0x80=0A= entry_SYSCALL_64_after_hwframe+0x63/0xcd=0A= RIP: 0033:0x7f7b8b88edcd=0A= Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 = 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff f= f 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48=0A= RSP: 002b:00007f7b8a7fdbf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e=0A= RAX: ffffffffffffffda RBX: 00007f7b8b9bbf80 RCX: 00007f7b8b88edcd=0A= RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004=0A= RBP: 00007f7b8b8fc59c R08: 0000000000000000 R09: 0000000000000000=0A= R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000=0A= R13: 00007ffd638e65bf R14: 00007ffd638e6760 R15: 00007f7b8a7fdd80=0A= =0A= Modules linked in:=0A= ---[ end trace 0000000000000000 ]---=0A= RIP: 0010:nl802154_trigger_scan+0x132/0xc40=0A= Code: 48 c1 ea 03 80 3c 02 00 0f 85 e1 09 00 00 48 8b ad f8 00 00 00 48 b8 = 00 00 00 00 00 fc ff df 48 8d 7d 04 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 8= 9 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 90 07 00 00=0A= RSP: 0018:ffffc9000b087550 EFLAGS: 00010257=0A= RAX: dffffc0000000000 RBX: ffffc9000b0875c0 RCX: ffffc9000df9a000=0A= RDX: 0000000000000000 RSI: ffffffff88a65a91 RDI: 0000000000000004=0A= RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000001=0A= R10: 0000000000000000 R11: 0000000000000001 R12: ffff88810f098c10=0A= R13: ffff88810f050000 R14: ffff88810f0500a0 R15: ffffc9000b0875e0=0A= FS: 00007f7b8a7fe700(0000) GS:ffff88811a200000(0000) knlGS:000000000000000= 0=0A= CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033=0A= CR2: 00007ffd3780efdc CR3: 000000004dd9e000 CR4: 0000000000350ee0=0A= ----------------=0A= Code disassembly (best guess):=0A= 0: 48 c1 ea 03 shr $0x3,%rdx=0A= 4: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)=0A= 8: 0f 85 e1 09 00 00 jne 0x9ef=0A= e: 48 8b ad f8 00 00 00 mov 0xf8(%rbp),%rbp=0A= 15: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax=0A= 1c: fc ff df=0A= 1f: 48 8d 7d 04 lea 0x4(%rbp),%rdi=0A= 23: 48 89 fa mov %rdi,%rdx=0A= 26: 48 c1 ea 03 shr $0x3,%rdx=0A= * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruct= ion=0A= 2e: 48 89 fa mov %rdi,%rdx=0A= 31: 83 e2 07 and $0x7,%edx=0A= 34: 38 d0 cmp %dl,%al=0A= 36: 7f 08 jg 0x40=0A= 38: 84 c0 test %al,%al=0A= 3a: 0f 85 90 07 00 00 jne 0x7d0=0A=