Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp508094pxu;
        Fri, 4 Dec 2020 08:31:21 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyAps7+TbRLk0ssePT2wne0gw9bub8Dxb8b/e2ax8+pQN6tFOw0cGgKWGpNX4WGAsoc2SSU
X-Received: by 2002:a17:906:2a0a:: with SMTP id j10mr7873732eje.307.1607099481643;
        Fri, 04 Dec 2020 08:31:21 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1607099481; cv=none;
        d=google.com; s=arc-20160816;
        b=ooMnwvBEXw17C52umB3rw67zWZnOH7RmYjVFkxZzDi9/dcHyh6xKCPOc5KunFeHGXE
         nwTHBuTdKovSkgDCwZFvIA31Ks5qIV+Pl51yZHyVazOXXGrcDV/A/qswk8+Nzpg9qs+T
         tRstPA4BmH3ZylxvrzFvFMM707ltL6qMvToe7gVK4k0KErFDGta+QpmIOdXgagF642iJ
         K10xPNLEkue6U5T13qcMh9WK7557zyfa1cW3w3kdqtqAPBoGLX5EhwTbZyAaWiS2nca5
         zIH0ghE31G+fk6pEbHOhDTwTss7Qu0Q7GgQTGOlWwbjwJwbPckS98/HrDAn7F5Bu6JID
         D5+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id;
        bh=8xR+AcfcKWnbz0MYltiOx9a0UoHe2qvE3ZmP8R1U9Xs=;
        b=X2cSA1XH0ce8K30CEltBHNkBjtewcFNTqjaLyZtTUZ4jmQQpjYz60rDpr2ywZA0d1X
         LnXbXhFL8NDLflzDb+qdMpm+fxbzXZjK7/RMIt8i2MNy6U+YZEcdNGNiWt+cvvLIX6X/
         c6xvkcKHnetMxaNVx0IjQsTFSu7JLlXeSv1/VJsv7t0n3VH/N2iCJ6kbANroeUQANieq
         X58ae6MzW0iHIVUG6KnSZy1KOLBx1d1iPQ2fIGthK51z/VoMaAm68Zg6uk3fSg+K7JXF
         zlacvNqKaRb+OvrjzDlIyQ07+g3AL3RLYDnuv6da380ZXU9Mg4qiU+GfyG8dqcRqfWOo
         Ir9Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Return-Path: <linux-wireless-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c2si3102517edu.115.2020.12.04.08.30.48;
        Fri, 04 Dec 2020 08:31:21 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730610AbgLDQ2j (ORCPT <rfc822;wsuprabhu@gmail.com> + 99 others);
        Fri, 4 Dec 2020 11:28:39 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55862 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726330AbgLDQ2j (ORCPT
        <rfc822;linux-wireless@vger.kernel.org>);
        Fri, 4 Dec 2020 11:28:39 -0500
Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 145C8C061A4F;
        Fri,  4 Dec 2020 08:27:59 -0800 (PST)
Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
        (Exim 4.94)
        (envelope-from <johannes@sipsolutions.net>)
        id 1klDw1-002Wmj-9K; Fri, 04 Dec 2020 17:27:53 +0100
Message-ID: <16181fc69db48a0ed012788345967c4356169aff.camel@sipsolutions.net>
Subject: Re: [PATCH net] mac80211: mesh: fix mesh_pathtbl_init() error path
From:   Johannes Berg <johannes@sipsolutions.net>
To:     Eric Dumazet <eric.dumazet@gmail.com>,
        "David S . Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>
Cc:     netdev <netdev@vger.kernel.org>,
        Eric Dumazet <edumazet@google.com>,
        syzbot <syzkaller@googlegroups.com>,
        linux-wireless@vger.kernel.org
Date:   Fri, 04 Dec 2020 17:27:52 +0100
In-Reply-To: <cac552ce70a747f078738a7167f0a75bc52fac7c.camel@sipsolutions.net>
References: <20201204162428.2583119-1-eric.dumazet@gmail.com>
         (sfid-20201204_172435_837291_23D69393) <cac552ce70a747f078738a7167f0a75bc52fac7c.camel@sipsolutions.net>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.36.5 (3.36.5-1.fc32) 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-malware-bazaar: not-scanned
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

On Fri, 2020-12-04 at 17:26 +0100, Johannes Berg wrote:
> On Fri, 2020-12-04 at 08:24 -0800, Eric Dumazet wrote:
> > From: Eric Dumazet <edumazet@google.com>
> > 
> > If tbl_mpp can not be allocated, we call mesh_table_free(tbl_path)
> > while tbl_path rhashtable has not yet been initialized, which causes
> > panics.
> 
> Thanks Eric!
> 
> I was going to ask how you ran into this ...
> 
> > Reported-by: syzbot <syzkaller@googlegroups.com>
> 
> Until I saw this - but doesn't syzbot normally want a
> "syzbot+somehashid@..." as the reported-by?
> 
> 
> > --- a/net/mac80211/mesh_pathtbl.c
> > +++ b/net/mac80211/mesh_pathtbl.c
> > @@ -60,6 +60,7 @@ static struct mesh_table *mesh_table_alloc(void)
> >  	atomic_set(&newtbl->entries,  0);
> >  	spin_lock_init(&newtbl->gates_lock);
> >  	spin_lock_init(&newtbl->walk_lock);
> > +	rhashtable_init(&newtbl->rhead, &mesh_rht_params);
> >  
> >  	return newtbl;
> >  }
> > @@ -773,9 +774,6 @@ int mesh_pathtbl_init(struct ieee80211_sub_if_data *sdata)
> >  		goto free_path;
> >  	}
> >  
> > -	rhashtable_init(&tbl_path->rhead, &mesh_rht_params);
> > -	rhashtable_init(&tbl_mpp->rhead, &mesh_rht_params);
> > 
> 
> Hmm. There were two calls, now there's only one? Is that a bug, or am I
> missing something?

Umm, never mind.

johannes