[syzbot] [fs?] KMSAN: uninit-value in vfs_write
11 views
Skip to first unread message
syzbot
Mar 7, 2023, 4:40:48āÆAM3/7/23
to bc...@kvack.org, gli...@google.com, linu...@kvack.org, linux-...@vger.kernel.org, linux-...@vger.kernel.org, syzkall...@googlegroups.com, vi...@zeniv.linux.org.uk
Hello,
syzbot found the following issue on:
HEAD commit: eda666ff2276 kmsan: silence -Wmissing-prototypes warnings
git tree: https://github.com/google/kmsan.git master
console+strace: https://syzkaller.appspot.com/x/log.txt?x=170c25d9480000
kernel config: https://syzkaller.appspot.com/x/.config?x=f27365aeb365b358
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10825603480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cdabab480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6789c9ec45dd/disk-eda666ff.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cb93f5d6b4fd/vmlinux-eda666ff.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b51c1727def7/bzImage-eda666ff.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c9bfd8...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600
aio_rw_done fs/aio.c:1520 [inline]
aio_write+0x899/0x950 fs/aio.c:1600
io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
__do_sys_io_submit fs/aio.c:2078 [inline]
__se_sys_io_submit+0x293/0x770 fs/aio.c:2048
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook mm/slab.h:766 [inline]
slab_alloc_node mm/slub.c:3452 [inline]
__kmem_cache_alloc_node+0x71f/0xce0 mm/slub.c:3491
__do_kmalloc_node mm/slab_common.c:967 [inline]
__kmalloc+0x11d/0x3b0 mm/slab_common.c:981
kmalloc_array include/linux/slab.h:636 [inline]
bcm_tx_setup+0x80e/0x29d0 net/can/bcm.c:930
bcm_sendmsg+0x3a2/0xce0 net/can/bcm.c:1351
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
sock_write_iter+0x495/0x5e0 net/socket.c:1108
call_write_iter include/linux/fs.h:2189 [inline]
aio_write+0x63a/0x950 fs/aio.c:1600
io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
__do_sys_io_submit fs/aio.c:2078 [inline]
__se_sys_io_submit+0x293/0x770 fs/aio.c:2048
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
CPU: 1 PID: 5034 Comm: syz-executor350 Not tainted 6.2.0-rc6-syzkaller-80422-geda666ff2276 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
syzbot found the following issue on:
HEAD commit: eda666ff2276 kmsan: silence -Wmissing-prototypes warnings
git tree: https://github.com/google/kmsan.git master
console+strace: https://syzkaller.appspot.com/x/log.txt?x=170c25d9480000
kernel config: https://syzkaller.appspot.com/x/.config?x=f27365aeb365b358
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for Debian) 2.35.2
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10825603480000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=17cdabab480000
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/6789c9ec45dd/disk-eda666ff.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/cb93f5d6b4fd/vmlinux-eda666ff.xz
kernel image: https://storage.googleapis.com/syzbot-assets/b51c1727def7/bzImage-eda666ff.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c9bfd8...@syzkaller.appspotmail.com
=====================================================
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600
aio_rw_done fs/aio.c:1520 [inline]
aio_write+0x899/0x950 fs/aio.c:1600
io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
__do_sys_io_submit fs/aio.c:2078 [inline]
__se_sys_io_submit+0x293/0x770 fs/aio.c:2048
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook mm/slab.h:766 [inline]
slab_alloc_node mm/slub.c:3452 [inline]
__kmem_cache_alloc_node+0x71f/0xce0 mm/slub.c:3491
__do_kmalloc_node mm/slab_common.c:967 [inline]
__kmalloc+0x11d/0x3b0 mm/slab_common.c:981
kmalloc_array include/linux/slab.h:636 [inline]
bcm_tx_setup+0x80e/0x29d0 net/can/bcm.c:930
bcm_sendmsg+0x3a2/0xce0 net/can/bcm.c:1351
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg net/socket.c:734 [inline]
sock_write_iter+0x495/0x5e0 net/socket.c:1108
call_write_iter include/linux/fs.h:2189 [inline]
aio_write+0x63a/0x950 fs/aio.c:1600
io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019
__do_sys_io_submit fs/aio.c:2078 [inline]
__se_sys_io_submit+0x293/0x770 fs/aio.c:2048
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
CPU: 1 PID: 5034 Comm: syz-executor350 Not tainted 6.2.0-rc6-syzkaller-80422-geda666ff2276 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
=====================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot can test patches for this issue, for details see:
https://goo.gl/tpsmEJ#testing-patches
Ivan Orlov
Mar 13, 2023, 9:34:30āÆAM3/13/23
to syzbot+c9bfd8...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test: https://github.com/google/kmsan.git master
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1573,6 +1573,7 @@ static int aio_write(struct kiocb *req, const
struct iocb *iocb,
struct iov_iter iter;
struct file *file;
int ret;
+ ssize_t write_iter_res;
ret = aio_prep_rw(req, iocb);
if (ret)
@@ -1601,8 +1602,14 @@ static int aio_write(struct kiocb *req, const
struct iocb *iocb,
__sb_writers_release(file_inode(file)->i_sb,
SB_FREEZE_WRITE);
}
req->ki_flags |= IOCB_WRITE;
- aio_rw_done(req, call_write_iter(file, req, &iter));
+ write_iter_res = call_write_iter(file, req, &iter);
+ if (write_iter_res < 0) {
+ ret = write_iter_res;
+ goto free_iovec;
+ }
+ aio_rw_done(req, write_iter_res);
}
+free_iovec:
kfree(iovec);
return ret;
}
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1573,6 +1573,7 @@ static int aio_write(struct kiocb *req, const
struct iocb *iocb,
struct iov_iter iter;
struct file *file;
int ret;
+ ssize_t write_iter_res;
ret = aio_prep_rw(req, iocb);
if (ret)
@@ -1601,8 +1602,14 @@ static int aio_write(struct kiocb *req, const
struct iocb *iocb,
__sb_writers_release(file_inode(file)->i_sb,
SB_FREEZE_WRITE);
}
req->ki_flags |= IOCB_WRITE;
- aio_rw_done(req, call_write_iter(file, req, &iter));
+ write_iter_res = call_write_iter(file, req, &iter);
+ if (write_iter_res < 0) {
+ ret = write_iter_res;
+ goto free_iovec;
+ }
+ aio_rw_done(req, write_iter_res);
}
+free_iovec:
kfree(iovec);
return ret;
}
Ivan Orlov
Mar 13, 2023, 9:37:00āÆAM3/13/23
to syzbot+c9bfd8...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
fs/aio.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/fs/aio.c b/fs/aio.c
index b0b17bd098bb..d2b74116e91e 100644
--
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/fs/aio.c b/fs/aio.c
index b0b17bd098bb..d2b74116e91e 100644
syzbot
Mar 13, 2023, 11:26:30āÆAM3/13/23
to gli...@google.com, ivan.or...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in aio_write
=====================================================
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1524 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1605
aio_rw_done fs/aio.c:1524 [inline]
aio_write+0x899/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
slab_alloc_node mm/slub.c:3452 [inline]
__kmem_cache_alloc_node+0x514/0x920 mm/slub.c:3491
__do_kmalloc_node mm/slab_common.c:966 [inline]
__kmalloc+0x11d/0x3b0 mm/slab_common.c:980
kmalloc_array include/linux/slab.h:636 [inline]
bcm_tx_setup+0x81a/0x29f0 net/can/bcm.c:930
bcm_sendmsg+0x3aa/0xd00 net/can/bcm.c:1351
sock_sendmsg_nosec net/socket.c:722 [inline]
sock_sendmsg net/socket.c:745 [inline]
sock_write_iter+0x4ac/0x660 net/socket.c:1136
call_write_iter include/linux/fs.h:1851 [inline]
aio_write+0x63a/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
=====================================================
Tested on:
commit: e6189313 kmsan: add test_stackdepot_roundtrip
kernel config: https://syzkaller.appspot.com/x/.config?x=9b5bc18e0593cc8a
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=10cf9c3ac80000
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in aio_write
=====================================================
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1524 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1605
aio_rw_done fs/aio.c:1524 [inline]
aio_write+0x899/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook+0x12d/0xb50 mm/slab.h:774
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_alloc_node mm/slub.c:3452 [inline]
__kmem_cache_alloc_node+0x514/0x920 mm/slub.c:3491
__do_kmalloc_node mm/slab_common.c:966 [inline]
__kmalloc+0x11d/0x3b0 mm/slab_common.c:980
kmalloc_array include/linux/slab.h:636 [inline]
bcm_tx_setup+0x81a/0x29f0 net/can/bcm.c:930
bcm_sendmsg+0x3aa/0xd00 net/can/bcm.c:1351
sock_sendmsg_nosec net/socket.c:722 [inline]
sock_sendmsg net/socket.c:745 [inline]
sock_write_iter+0x4ac/0x660 net/socket.c:1136
call_write_iter include/linux/fs.h:1851 [inline]
aio_write+0x63a/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
CPU: 1 PID: 5574 Comm: syz-executor.0 Not tainted 6.3.0-rc1-syzkaller-00010-ge61893130d87-dirty #0
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
=====================================================
Tested on:
commit: e6189313 kmsan: add test_stackdepot_roundtrip
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=14549072c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b5bc18e0593cc8a
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=10cf9c3ac80000
syzbot
Mar 13, 2023, 11:35:29āÆAM3/13/23
to gli...@google.com, ivan.or...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in aio_write
=====================================================
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1524 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1605
aio_rw_done fs/aio.c:1524 [inline]
aio_write+0x899/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook+0x12d/0xb50 mm/slab.h:774
slab_alloc_node mm/slub.c:3452 [inline]
__kmem_cache_alloc_node+0x514/0x920 mm/slub.c:3491
__do_kmalloc_node mm/slab_common.c:966 [inline]
__kmalloc+0x11d/0x3b0 mm/slab_common.c:980
kmalloc_array include/linux/slab.h:636 [inline]
bcm_tx_setup+0x81a/0x29f0 net/can/bcm.c:930
bcm_sendmsg+0x3aa/0xd00 net/can/bcm.c:1351
sock_sendmsg_nosec net/socket.c:724 [inline]
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
KMSAN: uninit-value in aio_write
=====================================================
BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1524 [inline]
BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1605
aio_rw_done fs/aio.c:1524 [inline]
aio_write+0x899/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Uninit was created at:
slab_post_alloc_hook+0x12d/0xb50 mm/slab.h:774
slab_alloc_node mm/slub.c:3452 [inline]
__kmem_cache_alloc_node+0x514/0x920 mm/slub.c:3491
__do_kmalloc_node mm/slab_common.c:966 [inline]
__kmalloc+0x11d/0x3b0 mm/slab_common.c:980
kmalloc_array include/linux/slab.h:636 [inline]
bcm_tx_setup+0x81a/0x29f0 net/can/bcm.c:930
bcm_sendmsg+0x3aa/0xd00 net/can/bcm.c:1351
sock_sendmsg net/socket.c:747 [inline]
sock_write_iter+0x4ac/0x660 net/socket.c:1138
call_write_iter include/linux/fs.h:1851 [inline]
aio_write+0x63a/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
CPU: 0 PID: 5552 Comm: syz-executor.0 Not tainted 6.3.0-rc2-syzkaller-00010-g34add094f9de-dirty #0
aio_write+0x63a/0x950 fs/aio.c:1605
io_submit_one+0x1e91/0x3be0 fs/aio.c:2024
__do_sys_io_submit fs/aio.c:2083 [inline]
__se_sys_io_submit+0x29d/0x790 fs/aio.c:2053
__x64_sys_io_submit+0x92/0xd0 fs/aio.c:2053
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
=====================================================
Tested on:
commit: 34add094 kmsan: add test_stackdepot_roundtrip
=====================================================
Tested on:
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=11175494c80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b08a0869f911ecc9
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=17a4bd0cc80000
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Ivan Orlov
Mar 14, 2023, 6:14:33āÆAM3/14/23
to syzbot+c9bfd8...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
net/can/bcm.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 27706f6ace34..12897760ec8d 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -941,7 +941,9 @@ static int bcm_tx_setup(struct bcm_msg_head
*msg_head, struct msghdr *msg,
cf = op->frames + op->cfsiz * i;
err = memcpy_from_msg((u8 *)cf, msg, op->cfsiz);
-
+ if (err)
+ goto free_op;
+
if (op->flags & CAN_FD_FRAME) {
if (cf->len > 64)
err = -EINVAL;
@@ -950,12 +952,8 @@ static int bcm_tx_setup(struct bcm_msg_head
*msg_head, struct msghdr *msg,
err = -EINVAL;
}
- if (err < 0) {
- if (op->frames != &op->sframe)
- kfree(op->frames);
- kfree(op);
- return err;
- }
+ if (err < 0)
+ goto free_op;
if (msg_head->flags & TX_CP_CAN_ID) {
/* copy can_id into frame */
@@ -1026,6 +1024,12 @@ static int bcm_tx_setup(struct bcm_msg_head
*msg_head, struct msghdr *msg,
bcm_tx_start_timer(op);
return msg_head->nframes * op->cfsiz + MHSIZ;
+
+free_op:
+ if (op->frames != &op->sframe)
+ kfree(op->frames);
+ kfree(op);
+ return err;
}
/*
--
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/net/can/bcm.c b/net/can/bcm.c
index 27706f6ace34..12897760ec8d 100644
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -941,7 +941,9 @@ static int bcm_tx_setup(struct bcm_msg_head
*msg_head, struct msghdr *msg,
cf = op->frames + op->cfsiz * i;
err = memcpy_from_msg((u8 *)cf, msg, op->cfsiz);
-
+ if (err)
+ goto free_op;
+
if (op->flags & CAN_FD_FRAME) {
if (cf->len > 64)
err = -EINVAL;
@@ -950,12 +952,8 @@ static int bcm_tx_setup(struct bcm_msg_head
*msg_head, struct msghdr *msg,
err = -EINVAL;
}
- if (err < 0) {
- if (op->frames != &op->sframe)
- kfree(op->frames);
- kfree(op);
- return err;
- }
+ if (err < 0)
+ goto free_op;
if (msg_head->flags & TX_CP_CAN_ID) {
/* copy can_id into frame */
@@ -1026,6 +1024,12 @@ static int bcm_tx_setup(struct bcm_msg_head
*msg_head, struct msghdr *msg,
bcm_tx_start_timer(op);
return msg_head->nframes * op->cfsiz + MHSIZ;
+
+free_op:
+ if (op->frames != &op->sframe)
+ kfree(op->frames);
+ kfree(op);
+ return err;
}
/*
--
syzbot
Mar 14, 2023, 6:15:35āÆAM3/14/23
to gli...@google.com, ivan.or...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file net/can/bcm.c
patch: **** unexpected end of file in patch
Tested on:
commit: 34add094 kmsan: add test_stackdepot_roundtrip
git tree: https://github.com/google/kmsan.git master
patch: https://syzkaller.appspot.com/x/patch.diff?x=115512e2c80000
syzbot tried to test the proposed patch but the build/boot failed:
failed to apply patch:
checking file net/can/bcm.c
patch: **** unexpected end of file in patch
Tested on:
commit: 34add094 kmsan: add test_stackdepot_roundtrip
git tree: https://github.com/google/kmsan.git master
Ivan Orlov
Mar 14, 2023, 6:15:37āÆAM3/14/23
to syzbot+c9bfd8...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test: https://github.com/google/kmsan.git master
syzbot
Mar 14, 2023, 6:38:19āÆAM3/14/23
to gli...@google.com, ivan.or...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+c9bfd8...@syzkaller.appspotmail.com
Tested on:
commit: 34add094 kmsan: add test_stackdepot_roundtrip
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=13928d2ac80000
kernel config: https://syzkaller.appspot.com/x/.config?x=b08a0869f911ecc9
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+c9bfd8...@syzkaller.appspotmail.com
Tested on:
commit: 34add094 kmsan: add test_stackdepot_roundtrip
git tree: https://github.com/google/kmsan.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=b08a0869f911ecc9
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=10f6961ac80000
Note: testing is done by a robot and is best-effort only.
syzbot
Mar 14, 2023, 7:33:29āÆAM3/14/23
to ivan.or...@gmail.com, ivan.or...@gmail.com, syzkall...@googlegroups.com
> #syz test:
KMSAN bugs can only be tested on https://github.com/google/kmsan.git tree
because KMSAN tool is not upstreamed yet.
See https://goo.gl/tpsmEJ#kmsan-bugs for details.
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
KMSAN bugs can only be tested on https://github.com/google/kmsan.git tree
because KMSAN tool is not upstreamed yet.
See https://goo.gl/tpsmEJ#kmsan-bugs for details.
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Ivan Orlov
Mar 14, 2023, 7:33:29āÆAM3/14/23
to syzbot+c9bfd8...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test:
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
Ivan Orlov
Mar 14, 2023, 7:36:30āÆAM3/14/23
to syzbot+c9bfd8...@syzkaller.appspotmail.com, syzkall...@googlegroups.com
#syz test: https://github.com/google/kmsan.git master
syzbot
Mar 14, 2023, 8:00:25āÆAM3/14/23
to gli...@google.com, ivan.or...@gmail.com, syzkall...@googlegroups.com
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+c9bfd8...@syzkaller.appspotmail.com
Tested on:
commit: 34add094 kmsan: add test_stackdepot_roundtrip
git tree: https://github.com/google/kmsan.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=15eeae42c80000
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+c9bfd8...@syzkaller.appspotmail.com
Tested on:
commit: 34add094 kmsan: add test_stackdepot_roundtrip
git tree: https://github.com/google/kmsan.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=b08a0869f911ecc9
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=12649876c80000
dashboard link: https://syzkaller.appspot.com/bug?extid=c9bfd85eca611ebf5db1
compiler: Debian clang version 15.0.7, GNU ld (GNU Binutils for Debian) 2.35.2
Reply all
Reply to author
Forward
0 new messages