Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2927298imm;
        Sun, 10 Jun 2018 04:54:10 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKJ1uVIQM+7sXP4X0BTTEVJbKehe/3ahnKAatRkD2ngKBiwfYaDx8fVl/K+IlN0Ez6kV5HCI
X-Received: by 2002:a17:902:6b47:: with SMTP id g7-v6mr14286620plt.251.1528631650330;
        Sun, 10 Jun 2018 04:54:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528631650; cv=none;
        d=google.com; s=arc-20160816;
        b=A/X89TzsRMQWzmz9CyhvrbxAFpZ8goNnkSuIRhNGWzOJn7/8f3pCIA5lVgCN1sRgpF
         TJzQGOytWnoEYuOmPybMl7BUb4ZmF0FsfBpkZEaSSAtqmF4u207NSHhY9pekDL07GifZ
         YOPVf1jlhzlFOkgs/bymIQTyxptCtChrSPUa3yhCRfkC4FzbZ9qOL3kgoSYdsbCW/VIP
         T0ASd8LWwD2qxc8p3r65l0z2CZqoo0eM+Ar6Dd1ghVD8iwcTwD/9H+FFIZg70SYMzqwH
         dvs/w5K7/ePSZ9mFHGNYO1qiaCpuOtAcufsIfmqUefcA+PZRRum+wZCTWQ4sdub0SME4
         hxkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=2hlrKDP0eiPoD9M/bjAFnVtnaw6G0riqYguxq1ehoEE=;
        b=eHA9bC5V2ILaumPe0MZjVZLVnz6xJcprCIA1dCwYoirxUMAEjaxpQVp5QZ5lcxpzx7
         0Om5YOXYDYtNwnLtWziCy9Qb8A2uwEWcLG0unB84eycU1gITSAiGWRv1xl3nd9puD/oq
         oHrTQsKtq/Stf8iw6IT06l/p5LcJDm08d0I0Yos8KeAqEC7P1X7UJmKIiGQ2adJ/K8tS
         QE3Cpw9h7IMaR+9+D++NtilKPWUxjyvjXXm8Zjuj+pfa4u79a4wKXnmbRZO8LwntJK1m
         M/eKOt4uJNayBkmuGrymD2MXsk7Ap/xPWpRPLAiYewevdYfK42ID48ruKi8izW5lBi7u
         aNbA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=pZiNS491;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s1-v6si13978679pgb.486.2018.06.10.04.53.39;
        Sun, 10 Jun 2018 04:54:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=pZiNS491;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753922AbeFJLw6 (ORCPT <rfc822;austinkernel.kim@gmail.com>
        + 99 others); Sun, 10 Jun 2018 07:52:58 -0400
Received: from mail-pg0-f65.google.com ([74.125.83.65]:46007 "EHLO
        mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753891AbeFJLw4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 10 Jun 2018 07:52:56 -0400
Received: by mail-pg0-f65.google.com with SMTP id z1-v6so8422889pgv.12
        for <linux-kernel@vger.kernel.org>; Sun, 10 Jun 2018 04:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=2hlrKDP0eiPoD9M/bjAFnVtnaw6G0riqYguxq1ehoEE=;
        b=pZiNS491Vx9neo+/tv39TCXlrVb7pTuXWsYx0hY/xjcXqRt3rlCEQU++ALFTk469MV
         kXDlDNvu0BepoW0mJDY+IDZ7UlhCspQ25QSciq85XCzqpv+p03Es+/br8UOZ5s/mSW5U
         k9KapbCYu8RsFVj0mdvViQpRF55haUSDQAthCTD6LzazM2Tp5Z1tUj0NCKSwi26xFfqt
         4kEaLEPf3dNnsxs2ETB3hrV3xFQRqPjbW/va4mc7S89wYh/tKGW1Wj9DqKBLDNjriUl6
         EgDWi9WZ5OACm1mhOlk9/1wRjLDrf6j+9ZlxyIkzXafacaoQTbSe/l9T5DgRrBvWg1gS
         KevA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=2hlrKDP0eiPoD9M/bjAFnVtnaw6G0riqYguxq1ehoEE=;
        b=uTa3KM2U6DnheNw7aLRt2vl9ogvVwe0lSr4S+IirKnhe5GDFPh2upzMVg8w3th9H64
         f33tfuIEvJPqlDQxZlPXbdvXSwzTiQXG0/m54fEXMureG+OTNmyH/kZLciNXvYAlQTN4
         1x3daTktGbz4HZEcD8TXNbiSTF6AGLUtgDO+sHtvahROphhGqE/Yhe+joQRAvLCM0yR6
         L0CQjSjiSCttY9XcZrbvq/TEjxyD8QLOtnsRYc1q6QiX6twcDyyZ88bZSssmQwS/g3Jd
         tGFYLgf1zp4h4DyR2+NnvZq9YAaCuYPfiN3rrCEPFFovLOz1ciWCqXdcAzRWrx33PaFi
         hf/g==
X-Gm-Message-State: APt69E11Gnd+nRDSiJRsfDwEZjIkNh2rByw8zvWhCjpwFlb5/qx7tQIF
        K2v8XlWqpF2DkChkH1VxV7yWCERmYAryH4zPfYfMjQ==
X-Received: by 2002:a65:4bcd:: with SMTP id p13-v6mr11404146pgr.114.1528631575874;
 Sun, 10 Jun 2018 04:52:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:90a:d42:0:0:0:0 with HTTP; Sun, 10 Jun 2018 04:52:35
 -0700 (PDT)
In-Reply-To: <CAJ+HfNhnmvTHsE7cgi8pROjprsYvCZuzZDmYmpiUx4jqtHboUw@mail.gmail.com>
References: <00000000000092de58056e3d4b96@google.com> <10d6b170-b820-3077-8737-c9d06e98d0fb@I-love.SAKURA.ne.jp>
 <CAJ+HfNhnmvTHsE7cgi8pROjprsYvCZuzZDmYmpiUx4jqtHboUw@mail.gmail.com>
From:   Dmitry Vyukov <dvyukov@google.com>
Date:   Sun, 10 Jun 2018 13:52:35 +0200
Message-ID: <CACT4Y+bfZK6yucoDrXPPW3Tc40RYq61u0Zcb=CKtdao8E+v1cQ@mail.gmail.com>
Subject: Re: WARNING: kmalloc bug in xdp_umem_create
To:     =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= <bjorn.topel@gmail.com>
Cc:     Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        syzbot+4abadc5d69117b346506@syzkaller.appspotmail.com,
        =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= <bjorn.topel@intel.com>,
        "Karlsson, Magnus" <magnus.karlsson@intel.com>,
        David Miller <davem@davemloft.net>,
        LKML <linux-kernel@vger.kernel.org>,
        Netdev <netdev@vger.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Jun 10, 2018 at 11:31 AM, Bj=C3=B6rn T=C3=B6pel <bjorn.topel@gmail.=
com> wrote:
> Den s=C3=B6n 10 juni 2018 kl 04:53 skrev Tetsuo Handa
> <penguin-kernel@i-love.sakura.ne.jp>:
>>
>> On 2018/06/10 7:47, syzbot wrote:
>> > Hello,
>> >
>> > syzbot found the following crash on:
>> >
>> > HEAD commit:    7d3bf613e99a Merge tag 'libnvdimm-for-4.18' of git://g=
it.k..
>> > git tree:       upstream
>> > console output: https://syzkaller.appspot.com/x/log.txt?x=3D1073f68f80=
0000
>> > kernel config:  https://syzkaller.appspot.com/x/.config?x=3Df04d8d0a2a=
fb789a
>> > dashboard link: https://syzkaller.appspot.com/bug?extid=3D4abadc5d6911=
7b346506
>> > compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
>> > syzkaller repro:https://syzkaller.appspot.com/x/repro.syz?x=3D13c9756f=
800000
>> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=3D16366f9f80=
0000
>> >
>> > IMPORTANT: if you fix the bug, please add the following tag to the com=
mit:
>> > Reported-by: syzbot+4abadc5d69117b346506@syzkaller.appspotmail.com
>> >
>> > random: sshd: uninitialized urandom read (32 bytes read)
>> > random: sshd: uninitialized urandom read (32 bytes read)
>> > random: sshd: uninitialized urandom read (32 bytes read)
>> > random: sshd: uninitialized urandom read (32 bytes read)
>> > random: sshd: uninitialized urandom read (32 bytes read)
>> > WARNING: CPU: 1 PID: 4537 at mm/slab_common.c:996 kmalloc_slab+0x56/0x=
70 mm/slab_common.c:996
>> > Kernel panic - not syncing: panic_on_warn set ...
>>
>> syzbot gave up upon kmalloc(), but actually error handling path has
>> NULL pointer dereference bug.
>>
>
> Thanks Tetsuo! This crash has been fixed by Daniel Borkmann in commit
> c09290c56376 ("bpf, xdp: fix crash in xdp_umem_unaccount_pages").

Let's tell syzbot about this:

#syz fix: bpf, xdp: fix crash in xdp_umem_unaccount_pages