general protection fault in j1939_sk

general protection fault in j1939_sk_sendmsg
Status: upstream: reported syz repro on 2019/11/05 20:02
Reported-by: syzbot+7044ea77452b6f92b4fd@syzkaller.appspotmail.com
First crash: 753d, last: 741d

Cause bisection: introduced by (bisect log) :
commit 9d71dd0c70099914fcd063135da3c580865e924c
Author: The j1939 authors <linux-can@vger.kernel.org>
Date: Mon Oct 8 09:48:36 2018 +0000

can: add support of SAE J1939 protocol

Crash: general protection fault in j1939_sk_sendmsg (log)
Repro: syz .config

Fix bisection: failed (bisect log)

Patch testing requests:
Created	Duration	User	Patch	Repo	Result
2020/09/29 19:09	16m	anant.thazhemadam@gmail.com		upstream	OK

Sample crash report:

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 12294 Comm: syz-executor.4 Not tainted 5.4.0-rc7+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:j1939_sk_send_loop net/can/j1939/socket.c:988 [inline]
RIP: 0010:j1939_sk_sendmsg+0x6d6/0x1450 net/can/j1939/socket.c:1105
Code: e8 cf c6 f3 fa 48 8b 8d 50 ff ff ff b8 f9 06 00 00 48 81 f9 f9 06 00 00 48 0f 46 c1 48 89 85 60 ff ff ff 48 8b 85 20 ff ff ff <80> 38 00 0f 85 fa 0a 00 00 48 8b 85 40 ff ff ff 48 8b 58 48 48 8b
RSP: 0018:ffff888089147a28 EFLAGS: 00010297
RAX: dffffc0000000009 RBX: 00000000000001f3 RCX: 00000000000001f3
RDX: 0000000000000000 RSI: ffffffff867f9121 RDI: 0000000000000007
RBP: ffff888089147b40 R08: ffff8880983d2700 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff888097b76510 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f2d27f75700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2d27f74db8 CR3: 00000000a3e8c000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 sock_sendmsg_nosec net/socket.c:637 [inline]
 sock_sendmsg+0xd7/0x130 net/socket.c:657
 ___sys_sendmsg+0x803/0x920 net/socket.c:2311
 __sys_sendmsg+0x105/0x1d0 net/socket.c:2356
 __do_sys_sendmsg net/socket.c:2365 [inline]
 __se_sys_sendmsg net/socket.c:2363 [inline]
 __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2363
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x45a639
Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f2d27f74c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a639
RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004
RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d27f756d4
R13: 00000000004c8479 R14: 00000000004de910 R15: 00000000ffffffff
Modules linked in:
---[ end trace b0e67420bf9cc565 ]---
RIP: 0010:j1939_sk_send_loop net/can/j1939/socket.c:988 [inline]
RIP: 0010:j1939_sk_sendmsg+0x6d6/0x1450 net/can/j1939/socket.c:1105
Code: e8 cf c6 f3 fa 48 8b 8d 50 ff ff ff b8 f9 06 00 00 48 81 f9 f9 06 00 00 48 0f 46 c1 48 89 85 60 ff ff ff 48 8b 85 20 ff ff ff <80> 38 00 0f 85 fa 0a 00 00 48 8b 85 40 ff ff ff 48 8b 58 48 48 8b
RSP: 0018:ffff888089147a28 EFLAGS: 00010297
RAX: dffffc0000000009 RBX: 00000000000001f3 RCX: 00000000000001f3
RDX: 0000000000000000 RSI: ffffffff867f9121 RDI: 0000000000000007
RBP: ffff888089147b40 R08: ffff8880983d2700 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
R13: ffff888097b76510 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f2d27f75700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000625208 CR3: 00000000a3e8c000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (31):
Manager	Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro
ci-upstream-kasan-gce-selinux-root	2019/11/17 01:34	upstream	6c9594bdd474	d5696d51	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2019/11/13 18:44	upstream	0e3f1ad80fc8	048f2d49	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2019/11/12 11:51	upstream	de620fb99ef2	048f2d49	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2019/11/12 03:27	upstream	31f4f5b495a6	048f2d49	.config	log	report	syz
ci-upstream-kasan-gce-root	2019/11/11 14:41	upstream	9805a68371ce	dc438b91	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2019/11/11 14:37	upstream	9805a68371ce	dc438b91	.config	log	report	syz
ci-upstream-kasan-gce	2019/11/11 12:39	upstream	9805a68371ce	dc438b91	.config	log	report	syz
ci-upstream-kasan-gce-root	2019/11/10 21:13	upstream	00aff6836241	dc438b91	.config	log	report	syz
ci-upstream-kasan-gce-selinux-root	2019/11/10 18:31	upstream	00aff6836241	dc438b91	.config	log	report	syz
ci-upstream-kasan-gce	2019/11/10 15:17	upstream	00aff6836241	dc438b91	.config	log	report	syz
ci-upstream-kasan-gce-smack-root	2019/11/09 13:30	upstream	6737e7634951	dc438b91	.config	log	report	syz
ci-upstream-kasan-gce-root	2019/11/07 10:50	upstream	4dd58158254c	d797d201	.config	log	report	syz
ci-upstream-kasan-gce-root	2019/11/05 20:19	upstream	a99d8080aaf3	0f3ec414	.config	log	report	syz
ci-upstream-kasan-gce-386	2019/11/11 12:56	upstream	9805a68371ce	dc438b91	.config	log	report	syz
ci-upstream-net-this-kasan-gce	2019/11/11 12:46	net	dd3d792def0d	dc438b91	.config	log	report	syz
ci-upstream-net-this-kasan-gce	2019/11/10 19:35	net	dd3d792def0d	dc438b91	.config	log	report	syz
ci-upstream-net-this-kasan-gce	2019/11/10 19:11	net	dd3d792def0d	dc438b91	.config	log	report	syz
ci-upstream-net-this-kasan-gce	2019/11/06 11:10	net	fc564e09237f	bc2c6e45	.config	log	report	syz
ci-upstream-net-this-kasan-gce	2019/11/05 19:49	net	3d1e5039f5f8	0f3ec414	.config	log	report	syz
ci-upstream-net-kasan-gce	2019/11/11 12:47	net-next	7941af9b38fa	dc438b91	.config	log	report	syz
ci-upstream-net-kasan-gce	2019/11/05 22:29	net-next	56c1291ee48b	0f3ec414	.config	log	report	syz
ci-upstream-kasan-gce-root	2019/11/17 03:35	upstream	6c9594bdd474	d5696d51	.config	log	report
ci-upstream-kasan-gce	2019/11/17 03:31	upstream	6c9594bdd474	d5696d51	.config	log	report
ci-upstream-net-this-kasan-gce	2019/11/11 21:24	net	dd3d792def0d	048f2d49	.config	log	report
ci-upstream-net-this-kasan-gce	2019/11/11 11:20	net	dd3d792def0d	dc438b91	.config	log	report
ci-upstream-net-this-kasan-gce	2019/11/10 14:02	net	dd3d792def0d	dc438b91	.config	log	report
ci-upstream-net-this-kasan-gce	2019/11/06 09:19	net	fc564e09237f	bc2c6e45	.config	log	report
ci-upstream-net-kasan-gce	2019/11/15 20:04	net-next	a98cdaf73e32	cdac920b	.config	log	report
ci-upstream-net-kasan-gce	2019/11/10 13:57	net-next	14684b93019a	dc438b91	.config	log	report
ci-upstream-net-kasan-gce	2019/11/05 18:42	net-next	56c1291ee48b	0f3ec414	.config	log	report
ci-upstream-linux-next-kasan-gce-root	2019/11/10 13:59	linux-next	5591cf003452	dc438b91	.config	log	report