syzbot

 sign-in | mailing list | source | docs
🐞 Open [717] 🐞 Fixed [181] 🐞 Invalid [640] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: null-ptr-deref Read in batadv_tvlv_container_ogm_append

Status: auto-closed as invalid on 2020/07/15 22:43
Reported-by: syzbot+766ed22c6f4ad054d4f8@syzkaller.appspotmail.com
First crash: 1581d, last: 1500d

Sample crash report:
bridge0: port 2(bridge_slave_1) entered blocking state
bridge0: port 2(bridge_slave_1) entered forwarding state
IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
batman_adv: batadv0: Removing interface: batadv_slave_0
==================================================================
BUG: KASAN: null-ptr-deref in memcpy include/linux/string.h:347 [inline]
BUG: KASAN: null-ptr-deref in batadv_tvlv_realloc_packet_buff net/batman-adv/tvlv.c:294 [inline]
BUG: KASAN: null-ptr-deref in batadv_tvlv_container_ogm_append+0x173/0x490 net/batman-adv/tvlv.c:329
Read of size 24 at addr           (null) by task kworker/u4:0/5

CPU: 0 PID: 5 Comm: kworker/u4:0 Not tainted 4.14.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x13e/0x194 lib/dump_stack.c:58
 kasan_report_error mm/kasan/report.c:349 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0x127/0x2ae mm/kasan/report.c:393
 memcpy+0x20/0x50 mm/kasan/kasan.c:302
 memcpy include/linux/string.h:347 [inline]
 batadv_tvlv_realloc_packet_buff net/batman-adv/tvlv.c:294 [inline]
 batadv_tvlv_container_ogm_append+0x173/0x490 net/batman-adv/tvlv.c:329
 batadv_iv_ogm_schedule+0xb78/0xdf0 net/batman-adv/bat_iv_ogm.c:945
 batadv_iv_send_outstanding_bat_ogm_packet+0x4ad/0x6a0 net/batman-adv/bat_iv_ogm.c:1809
 process_one_work+0x813/0x1540 kernel/workqueue.c:2114
 worker_thread+0x5d1/0x1070 kernel/workqueue.c:2248
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
==================================================================
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 5 Comm: kworker/u4:0 Tainted: G    B           4.14.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x13e/0x194 lib/dump_stack.c:58
 panic+0x1f9/0x42d kernel/panic.c:183
 kasan_end_report+0x43/0x49 mm/kasan/report.c:176
 kasan_report_error mm/kasan/report.c:356 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0x12f/0x2ae mm/kasan/report.c:393
 memcpy+0x20/0x50 mm/kasan/kasan.c:302
 memcpy include/linux/string.h:347 [inline]
 batadv_tvlv_realloc_packet_buff net/batman-adv/tvlv.c:294 [inline]
 batadv_tvlv_container_ogm_append+0x173/0x490 net/batman-adv/tvlv.c:329
 batadv_iv_ogm_schedule+0xb78/0xdf0 net/batman-adv/bat_iv_ogm.c:945
 batadv_iv_send_outstanding_bat_ogm_packet+0x4ad/0x6a0 net/batman-adv/bat_iv_ogm.c:1809
 process_one_work+0x813/0x1540 kernel/workqueue.c:2114
 worker_thread+0x5d1/0x1070 kernel/workqueue.c:2248
 kthread+0x30d/0x420 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (35):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2020/03/17 22:42 linux-4.14.y 12cd844a39ed 97bc55ce .config console log report ci2-linux-4-14
2020/03/11 23:28 linux-4.14.y 12cd844a39ed d850e9d0 .config console log report ci2-linux-4-14
2020/03/08 23:34 linux-4.14.y 78d697fc93f9 2e9971bb .config console log report ci2-linux-4-14
2020/03/03 04:01 linux-4.14.y 78d697fc93f9 4a4e0509 .config console log report ci2-linux-4-14
2020/03/02 20:44 linux-4.14.y 78d697fc93f9 4a4e0509 .config console log report ci2-linux-4-14
2020/02/29 15:03 linux-4.14.y 78d697fc93f9 c88c7b75 .config console log report ci2-linux-4-14
2020/02/28 09:27 linux-4.14.y 98db2bf27b9e c88c7b75 .config console log report ci2-linux-4-14
2020/02/18 07:57 linux-4.14.y 98db2bf27b9e 1ce142dc .config console log report ci2-linux-4-14
2020/02/17 22:30 linux-4.14.y 98db2bf27b9e 72bfa6f2 .config console log report ci2-linux-4-14
2020/02/16 16:41 linux-4.14.y 98db2bf27b9e cf914200 .config console log report ci2-linux-4-14
2020/02/16 00:24 linux-4.14.y 98db2bf27b9e 5d7b90f1 .config console log report ci2-linux-4-14
2020/02/11 12:34 linux-4.14.y e0f8b8a65a47 084454ae .config console log report ci2-linux-4-14
2020/02/09 23:27 linux-4.14.y e0f8b8a65a47 35f5e45e .config console log report ci2-linux-4-14
2020/02/07 20:26 linux-4.14.y e0f8b8a65a47 06150bf1 .config console log report ci2-linux-4-14
2020/02/06 00:32 linux-4.14.y e0f8b8a65a47 662cf49a .config console log report ci2-linux-4-14
2020/02/05 09:45 linux-4.14.y 9fa690a2a016 93e5e335 .config console log report ci2-linux-4-14
2020/02/04 16:49 linux-4.14.y 9fa690a2a016 93e5e335 .config console log report ci2-linux-4-14
2020/02/02 03:26 linux-4.14.y 9fa690a2a016 2274ad39 .config console log report ci2-linux-4-14
2020/01/31 17:22 linux-4.14.y 9fa690a2a016 5ed23f9a .config console log report ci2-linux-4-14
2020/01/28 18:01 linux-4.14.y 9a95f25269bd c8e81ce4 .config console log report ci2-linux-4-14
2020/01/27 20:06 linux-4.14.y 9a95f25269bd 56cd6c9b .config console log report ci2-linux-4-14
2020/01/27 18:58 linux-4.14.y 9a95f25269bd 56cd6c9b .config console log report ci2-linux-4-14
2020/01/27 10:21 linux-4.14.y 8bac50406cca dd56146d .config console log report ci2-linux-4-14
2020/01/27 09:33 linux-4.14.y 8bac50406cca dd56146d .config console log report ci2-linux-4-14
2020/01/26 06:37 linux-4.14.y 8bac50406cca f4e7270e .config console log report ci2-linux-4-14
2020/01/25 12:24 linux-4.14.y 8bac50406cca 2e95ab33 .config console log report ci2-linux-4-14
2020/01/24 22:34 linux-4.14.y 8bac50406cca 2e95ab33 .config console log report ci2-linux-4-14
2020/01/24 04:29 linux-4.14.y 8bac50406cca 11ebf937 .config console log report ci2-linux-4-14
2020/01/22 13:32 linux-4.14.y c1141b3aab36 8eda0b95 .config console log report ci2-linux-4-14
2020/01/21 13:02 linux-4.14.y c1141b3aab36 8eda0b95 .config console log report ci2-linux-4-14
2020/01/19 19:11 linux-4.14.y c1141b3aab36 0342f8c7 .config console log report ci2-linux-4-14
2020/01/19 16:12 linux-4.14.y c1141b3aab36 0342f8c7 .config console log report ci2-linux-4-14
2020/01/19 12:46 linux-4.14.y c1141b3aab36 bc8bc756 .config console log report ci2-linux-4-14
2020/01/19 02:02 linux-4.14.y c1141b3aab36 bc8bc756 .config console log report ci2-linux-4-14
2019/12/28 05:40 linux-4.14.y e1f7d50ae3a3 be5c2c81 .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.