Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp3887480ybg; Sun, 20 Oct 2019 23:55:38 -0700 (PDT) X-Google-Smtp-Source: APXvYqzHzt/JQWvCxCg9AbcDTHMvXu4H1y4LvDR01Ult6A5pa9KV4cDiRktyXjy1JEEzo29NSsDk X-Received: by 2002:a17:906:b798:: with SMTP id dt24mr6683694ejb.210.1571640937915; Sun, 20 Oct 2019 23:55:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571640937; cv=none; d=google.com; s=arc-20160816; b=AYYTQZuD90o0niiYZ0pY9E1UcdVVcxT0warRlpvgsn0QaiYERE1eNjLW+cKzL+CeyW KuXXPByPs+H6V8KSUAntK+prErSMEEHpoRtd7xWwUD5FLi7zVqgWzBpblBsKWv+sFNPU 1+8SmO2jQZ+JawYpOx8ZdwutphfzTTM73lZoX3XyOciIFb5xVNDWLAkJTLy1utlFeiol rlDhaM1hhmonxwryghZ8rIL3mcSU9XTwAh3bWUIO2LFv2s3z4j2h/UqogMqtmKNd1cbq UqFRyIhF1E0Xrv+T5OH/jLrHUHvFuPnDA2UZhW8o82iQolOTnqy8LMMGzZ1+BPt8iF32 gNTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Ew+EeWIbh/tqMeE+5rFDb3TmVPvP26ghW75d5Js6Qtw=; b=F4afT27i7puKMlExKwce1RpMHXWN3FnM6UOeRHX8MOAeK/eQ2XnW0LkU2Wzbae5ctH JURiDtmgC9M45ZCVX4Jt4QBTLSqrz1S38baHPFLt8zbrE54Ed6QsSEzQ/fGBpaPAzVfp MZtdja/knoX2kBNs0TpL+eTSvC+3IeTiXmjZXSum9L7XX6UKxNOc/3r0Oji7YOsEdOav AluR7WbUHpjmDvNuSYu8X8tlUfjFm3yWQvLi9wnBhy7JK9XfLv5rbLcxf7Q1+Nyu3YFj 8j0Dn/qdUDVu7Phw+PoBvtZzTxcJu/0jpOena7XLDhw9NUGPegqtWIs42HrU3WxY8VMC GfWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dFaeHNsc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id gw6si8144666ejb.176.2019.10.20.23.55.14; Sun, 20 Oct 2019 23:55:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dFaeHNsc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727290AbfJUGye (ORCPT + 99 others); Mon, 21 Oct 2019 02:54:34 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:32968 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727049AbfJUGye (ORCPT ); Mon, 21 Oct 2019 02:54:34 -0400 Received: by mail-qk1-f195.google.com with SMTP id 71so7675837qkl.0 for ; Sun, 20 Oct 2019 23:54:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ew+EeWIbh/tqMeE+5rFDb3TmVPvP26ghW75d5Js6Qtw=; b=dFaeHNsclipaWu2ERIrqmeUPM7sosfeU0BP3o+RR59EoFvT67V02FSKj+gA6Ig+HQi neYmaWsW+5c4UwwahGwcd0olDJyoJ7YK6BJGgy7BvesBTzRKGE2/TDt/ukvDG6Q4Djb6 oAh6gbE/8bpu0NmQW/RvisFHFsv1NRbu/v0R390zJjwEa8047C8wpC59yOLz7Ss4ue0g wLjDKJtvKATA/L6o77A7A8y39NLlYlOIdjT+Q6QHZ5tCMmyoqy/p4UO9yeAuP1V1LNIz v6B4G8lEgfD+rNZdi+7o0qX0YlsCDoT5S8VULOG6rTYF8dj2G+f7DMHMmYiPRjsJXa8C 20SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ew+EeWIbh/tqMeE+5rFDb3TmVPvP26ghW75d5Js6Qtw=; b=Uwuej8K7+mZcx8aR1gOBZ6knT8kmzgNxG1WwYqui0Lh1S2QJwmSS9uJDW8tdXU6IbA QDsVleMn1949A/qAP63GP6NYV3+nIweeYYf8qIydomct24BmolhtZwmrHNgx23UBLLa9 JOHG2O9NyZMtxvwRRYvptWtMtcU9kH144E5dvC1kuL5a83hONV98emWWm1A9kjSTH5Xf 6bfX5DwkpJzA/Tp//M3tmWhc9rB48CxqXNB+vGtx10W9QEXGE4iGGrG/aolns8B37g+1 NFuaEb82thmALHmaa1sAFX46cnccGlLDwGp9XmF3jjgiBCQOofQblBrQ49mYYsczccyE mW2g== X-Gm-Message-State: APjAAAUBNNLi2vAQzu6L/AmcSCoOvkJjdF1bjvbUxgwp4FS/RoM9MO38 j3NDbM1rqUj7bPStQUGnBy22etGNSOb24sjSmCYhEg== X-Received: by 2002:a37:4a87:: with SMTP id x129mr20543344qka.43.1571640872789; Sun, 20 Oct 2019 23:54:32 -0700 (PDT) MIME-Version: 1.0 References: <000000000000ccde8d059564d93d@google.com> <2128256.8pjUZaGXEE@bentobox> In-Reply-To: <2128256.8pjUZaGXEE@bentobox> From: Dmitry Vyukov Date: Mon, 21 Oct 2019 08:54:21 +0200 Message-ID: Subject: Re: general protection fault in batadv_iv_ogm_queue_add To: Sven Eckelmann Cc: syzbot , a@unstable.cc, b.a.t.m.a.n@lists.open-mesh.org, David Miller , LKML , mareklindner@neomailbox.ch, netdev , sw@simonwunderlich.de, syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 21, 2019 at 8:33 AM Sven Eckelmann wrote: > > On Monday, 21 October 2019 07:21:06 CEST syzbot wrote: > [...] > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > Reported-by: syzbot+7dd2da51d8ae6f990403@syzkaller.appspotmail.com > > > > kasan: CONFIG_KASAN_INLINE enabled > > kasan: GPF could be caused by NULL-ptr deref or user memory access > > general protection fault: 0000 [#1] PREEMPT SMP KASAN > > CPU: 0 PID: 4256 Comm: kworker/u4:0 Not tainted 5.4.0-rc3+ #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 01/01/2011 > > Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet > > RIP: 0010:batadv_iv_ogm_queue_add+0x49/0x1120 > > net/batman-adv/bat_iv_ogm.c:605 > > Code: 48 89 75 b8 48 89 4d c0 4c 89 45 b0 44 89 4d d0 e8 fc 02 46 fa 48 8d > > 7b 03 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 > > 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 18 0d 00 00 > > RSP: 0018:ffff88805d2cfb80 EFLAGS: 00010246 > > RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888092284000 > > RDX: 0000000000000000 RSI: ffffffff872d1214 RDI: 0000000000000003 > > RBP: ffff88805d2cfc18 R08: ffff888092284000 R09: 0000000000000001 > > R10: ffffed100ba59f77 R11: 0000000000000003 R12: dffffc0000000000 > > R13: ffffed101245080e R14: ffff888092284000 R15: 0000000100051cf6 > > FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 00000000200002c0 CR3: 00000000a421b000 CR4: 00000000001426f0 > > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > > Call Trace: > > batadv_iv_ogm_schedule+0xb0b/0xe50 net/batman-adv/bat_iv_ogm.c:813 > > batadv_iv_send_outstanding_bat_ogm_packet+0x580/0x760 > > net/batman-adv/bat_iv_ogm.c:1675 > > I am guessing that the fix for this is queued up since a while at > https://git.open-mesh.org/linux-merge.git/commit/40e220b4218bb3d278e5e8cc04ccdfd1c7ff8307 > > Kind regards, > Sven Hi Sven, It was fixed based on another syzbot report, let's tell syzbot that this is a dup of that other report than: #syz dup: KASAN: use-after-free Read in batadv_iv_ogm_queue_add