Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp2818409ybd;
        Mon, 24 Jun 2019 13:16:27 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyVlD1xDrMq1dGZRzOe3DLwLqIeLE+coQq7265HVk57LVtKuJ94+zfMNqf8BcSOUDzPjz3Q
X-Received: by 2002:a17:90a:1b48:: with SMTP id q66mr25812226pjq.83.1561407387473;
        Mon, 24 Jun 2019 13:16:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561407387; cv=none;
        d=google.com; s=arc-20160816;
        b=JdlVIXHcnslZsh0B6wKztT5X+0SKyx9XwExocoX2rRQ7CZii1Z6SqnkMnBxwnzu8QF
         /w1RE0mt/BAzJlvWK09cnY21dwdrWOIjZfp0OftfJx5eHevNg9zO/A7NZg8hPtXBhB01
         xFFwW8KxfE9FCmRkHO0ftkvYM5paCAnw7JweGJAHNBqCnEGbXs/ikwH7QB7U8RCdEbEV
         iBsoHnsjAc/bvsi2r4VIjVXj9/FGrLfArBDPTdig90gePWb2mZEp1Z8SOViSNW9J2gv0
         I4ab8Lhp45hlT8dYNkKmucpWiiJclQM92Ff2iRWb/4Jg3jfkqjs++pquTBX82843CSCj
         zhqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:message-id:in-reply-to:date:references:organization
         :subject:cc:to:from:dkim-signature;
        bh=fLGEnw2Njzn9xoqzS5V4EDKFzf98/cQHM5dM1LpBLzA=;
        b=CcisQ0tT/MClOKxjr9ta8Z+251wnj+QBVTwguYTV7f4WiZq0HFxpjz0OKvAKkaS62c
         Mdw8MhQyTBotZBHMvMqiCQGcNczlgVuAfXciEQ7MZMjaxj1atf3r/u/ifmb0IA992ttN
         57veav4DKTq+hT8LeZ8PGWiUz9hkrYeGYxEVeNydTrM4C/St9f7at8YhkFm/PPnCoM5t
         xKPPerTcqwEpKM4XB0fGZV0koailKH9T4kf5u0Q+rSKB8ycpOC6DCASIKscI3wMzaHYi
         9X9MRflSAtxGPM3NUrhHehIBNcSq+PgFOFAA5BkcXr81tN4+rkL8mGtLBZso331XyIDB
         J1+Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@mork.no header.s=b header.b=dKDvQAwp;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mork.no
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d9si11192063pgj.505.2019.06.24.13.16.12;
        Mon, 24 Jun 2019 13:16:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@mork.no header.s=b header.b=dKDvQAwp;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=mork.no
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732015AbfFXQ1H (ORCPT <rfc822;saikripd@gmail.com> + 99 others);
        Mon, 24 Jun 2019 12:27:07 -0400
Received: from canardo.mork.no ([148.122.252.1]:56291 "EHLO canardo.mork.no"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726393AbfFXQ1H (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jun 2019 12:27:07 -0400
Received: from miraculix.mork.no (miraculix.mork.no [IPv6:2001:4641:0:2:7627:374e:db74:e353])
        (authenticated bits=0)
        by canardo.mork.no (8.15.2/8.15.2) with ESMTPSA id x5OGQpI1008347
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
        Mon, 24 Jun 2019 18:26:52 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mork.no; s=b;
        t=1561393612; bh=fLGEnw2Njzn9xoqzS5V4EDKFzf98/cQHM5dM1LpBLzA=;
        h=From:To:Cc:Subject:References:Date:Message-ID:From;
        b=dKDvQAwpJjFXmlAogZehs5GN9Y0cWRugc8cEv6J7slbl2Gp91bIw92D6f8xqQPH1C
         2D1A6sM+SFV7PUESbRMLRQ8XCn1KbzQrGpeCn7dKGZ1MWCkmcPx5tg1DETysp/3GEE
         pWXw8Nq+31CbbTfMV6RbuTVO7HvammQT1NNOkUL0=
Received: from bjorn by miraculix.mork.no with local (Exim 4.89)
        (envelope-from <bjorn@mork.no>)
        id 1hfRnv-0008IY-E4; Mon, 24 Jun 2019 18:26:51 +0200
From:   =?utf-8?Q?Bj=C3=B8rn_Mork?= <bjorn@mork.no>
To:     Hillf Danton <hdanton@sina.com>
Cc:     Kristian Evensen <kristian.evensen@gmail.com>,
        syzbot <syzbot+b68605d7fadd21510de1@syzkaller.appspotmail.com>,
        andreyknvl@google.com, davem@davemloft.net,
        linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
        netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: KASAN: global-out-of-bounds Read in qmi_wwan_probe
Organization: m
References: <0000000000008f19f7058c10a633@google.com>
        <871rzj6sww.fsf@miraculix.mork.no>
Date:   Mon, 24 Jun 2019 18:26:51 +0200
In-Reply-To: <871rzj6sww.fsf@miraculix.mork.no> (Hillf Danton's message of
        "Mon, 24 Jun 2019 23:38:36 +0800")
Message-ID: <87tvcf54qc.fsf@miraculix.mork.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: clamav-milter 0.100.3 at canardo
X-Virus-Status: Clean
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hillf Danton <hdanton@sina.com> writes:

> and wonder if the following works.
>
> -	info =3D (void *)&id->driver_info;
> +	info =3D (void *)id->driver_info;


Doh! Right you are.  Thanks to both you and Andrey for quick and good
help.

We obviously have some bad code patterns here, since this apparently
worked for Kristian by pure luck.


Bj=C3=B8rn